From 8765b88166f8b53e63d2aba2ee02df156b367446 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 30 Sep 2024 12:26:16 -0600 Subject: [PATCH 01/27] chore: add e2e playwright tests for grafana --- .eslintrc.json | 29 ++++++-- .github/actions/save-logs/action.yaml | 1 + .github/workflows/test.yaml | 2 +- .gitignore | 1 + CONTRIBUTING.md | 98 +++++++++++++++++++----- e2e/playwright/auth.setup.ts | 27 +++++++ e2e/playwright/grafana.test.ts | 35 +++++++++ e2e/playwright/package-lock.json | 103 ++++++++++++++++++++++++++ e2e/playwright/package.json | 9 +++ e2e/playwright/playwright.config.ts | 41 ++++++++++ e2e/playwright/tsconfig.json | 10 +++ e2e/playwright/uds.config.ts | 1 + renovate.json | 5 ++ src/grafana/tasks.yaml | 8 ++ src/keycloak/common/zarf.yaml | 4 + tasks/deploy.yaml | 6 +- tasks/test.yaml | 25 ++++++- tsconfig.json | 12 ++- 18 files changed, 385 insertions(+), 32 deletions(-) create mode 100644 e2e/playwright/auth.setup.ts create mode 100644 e2e/playwright/grafana.test.ts create mode 100644 e2e/playwright/package-lock.json create mode 100644 e2e/playwright/package.json create mode 100644 e2e/playwright/playwright.config.ts create mode 100644 e2e/playwright/tsconfig.json create mode 100644 e2e/playwright/uds.config.ts diff --git a/.eslintrc.json b/.eslintrc.json index dcbc9ca6c..63521754f 100644 --- a/.eslintrc.json +++ b/.eslintrc.json @@ -3,21 +3,38 @@ "browser": false, "es2021": true }, - "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"], + "extends": [ + "eslint:recommended", + "plugin:@typescript-eslint/recommended" + ], "parser": "@typescript-eslint/parser", "parserOptions": { - "project": ["./tsconfig.json"], + "project": [ + "./tsconfig.json" + ], "ecmaVersion": 2022 }, - "plugins": ["@typescript-eslint"], - "ignorePatterns": ["node_modules", "dist", "jest.*.js"], + "plugins": [ + "@typescript-eslint" + ], + "ignorePatterns": [ + "node_modules", + "dist", + "jest.*.js", + "e2e/" + ], "root": true, "rules": { - "@typescript-eslint/no-floating-promises": ["error"] + "@typescript-eslint/no-floating-promises": [ + "error" + ] }, "overrides": [ { - "files": [ "src/pepr/operator/crd/generated/**/*.ts", "src/pepr/operator/crd/generated/*.ts" ], + "files": [ + "src/pepr/operator/crd/generated/**/*.ts", + "src/pepr/operator/crd/generated/*.ts" + ], "rules": { "@typescript-eslint/no-explicit-any": "off" } diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml index 88ed686e8..354cfbf60 100644 --- a/.github/actions/save-logs/action.yaml +++ b/.github/actions/save-logs/action.yaml @@ -44,3 +44,4 @@ runs: /tmp/debug-*.log /tmp/uds-containerd-logs /tmp/k3d-uds-*.log + e2e/playwright/.playwright/reports diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index fca5ce590..ed042a69d 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -63,7 +63,7 @@ jobs: - name: Test UDS Core Install if: ${{ inputs.package == 'all' && inputs.test_type == 'install' }} - run: uds run test-uds-core --set FLAVOR=${{ inputs.flavor }} --no-progress + run: uds run test:uds-core-e2e --set FLAVOR=${{ inputs.flavor }} --no-progress - name: Validate UDS Core Compliance if: ${{ inputs.package == 'all' && inputs.test_type == 'install' }} diff --git a/.gitignore b/.gitignore index ad3474a0f..6f63914d1 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ extract-terraform.sh **/.terraform* cluster-config.yaml **.tfstate +.playwright diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 340dddd87..3ab5f7125 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,8 +1,6 @@ # Welcome to UDS Core -Thank you for your interest in Defense Unicorns UDS Core! - -This document describes the process and requirements for contributing to this UDS Core repo. +Thank you for your interest in contributing to Defense Unicorns UDS Core! This document will guide you through the contribution process. ## Table of Contents @@ -20,35 +18,97 @@ Continuous Delivery is core to our development philosophy. Check out [https://mi Specifically: -* We do trunk-based development (main) with short-lived feature branches that originate from the trunk, get merged into the trunk, and are deleted after the merge -* We don't merge code into main that isn't releasable -* We perform automated testing on all changes before they get merged to main -* Continuous integration (CI) pipeline tests are definitive -* We create immutable release artifacts +- We practice trunk-based development (main) with short-lived feature branches that are merged and deleted after the merge. +- We don't merge code into main that isn't releasable. +- All changes are tested automatically before being merged into main. +- Continuous integration (CI) pipeline tests are the source of truth. +- We produce immutable release artifacts. + +### Pre-Commit Checks -Commits: +We use [codespell](https://github.com/codespell-project/codespell) and [yamllint](https://yamllint.readthedocs.io/en/stable/) for pre-commit checks. Please install these before committing, or your commit may fail. -We use [codespell](https://github.com/codespell-project/codespell) and [yamllint](https://yamllint.readthedocs.io/en/stable/) for our precommit checking. It is recommended to have these installed before attempting to commit to the a branch otherwise your commit will not finalize and you will be shown an error. +To install these tools, run: + +```console +uds run lint-check +``` -To install both of these tools you can run `uds run lint-check` to install them or utilize `pip` to install them manually. +Alternatively, you can install them with `pip`: -```bash +```console pip install yamllint codespell ``` ## Definition of Done -We apply these general principles to all User Stories and activities contributing to the UDS. +We apply these principles to all User Stories and contributions: + +- Automated continuous integration (CI) pipeline tests pass +- CI tests are updated to cover new system changes +- Changes are peer-reviewed +- Acceptance criteria is met +- Documentation is updated to reflect changes + +### Testing + +Each individual component of UDS Core contains lightweight validations in its own `src//tasks.yaml` file. These validations focus on the bare minimum functionality, typically covering pod health and endpoint accessibility. + +We also place end-to-end tests under the `e2e` folder. In particular we use [Playwright](https://playwright.dev/) for browser based testing and have authentication setup to login to applications with a shared SSO session. Playwright provides a [test recorder](https://playwright.dev/docs/codegen#generate-tests-with-the-playwright-inspector) which can be beneficial to get a quickstart on new tests. -* Automated continuous integration (CI) pipeline tests pass -* CI pipeline tests have been updated to meet system changes -* Changes are peer reviewed -* Acceptance criteria is met -* Documentation is updated to reflect what changed +In general our testing focuses on the unique configuration and setup provided by UDS Core, rather than exhaustive functionality testing. We take this approach since each of the opensource applications we package and configure also have extensive end-to-end testing in their upstream repositories. ## Getting Started -TBD +This section will help you get set up and ready to contribute to UDS Core. + +### 1. Prerequisites + +Before starting, ensure that you have the following installed: + +- **Git**: [Install Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) +- **K3d**: [Install K3d](https://k3d.io/#installation) +- **Node.js** (for building and running Pepr): [Install Node.js](https://nodejs.org/en/download/) +- **UDS CLI** (for running tasks and deploying): [Install UDS](https://uds.defenseunicorns.com/cli/quickstart-and-usage/) + +### 2. Clone the Repository and Make a Branch + +Clone the UDS Core repository to your local machine using Git (note that you may want to [fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) this repository): + +```console +git clone https://github.com/DefenseUnicorns/uds-core.git +cd uds-core +``` + +Then make a branch for your changes: + +```console +git checkout -b my-feature-branch +``` + +### 3. Make Changes and Test Locally + +Make the changes to add the new feature, bug fix, or other change necessary. Keep in mind any documentation or testing changes that are relevant while making code changes. + +When you are ready to test locally you can run the same tests as CI using the below UDS commands: + +```console +# Lightweight validations +uds run test-uds-core + +# Full e2e tests (run in CI) +uds run test:uds-core-e2e +``` + +Each of these tasks will create a local k3d cluster, install UDS Core, and run a series of tests against it, the same tests that are run in CI. + +If you want to run a subset of core for faster iterations against a specific package, you can use the `PKG` env variable with the below task (example for metrics-server): + +```console +UDS_PKG=metrics-server uds run test-single-package +``` + +Note you can also specify the `--set FLAVOR=` flag to test using with either the Iron Bank or Unicorn sourced images instead of the upstream ones. ## Submitting a Pull Request diff --git a/e2e/playwright/auth.setup.ts b/e2e/playwright/auth.setup.ts new file mode 100644 index 000000000..b895ecccc --- /dev/null +++ b/e2e/playwright/auth.setup.ts @@ -0,0 +1,27 @@ +import { expect, test as setup } from "@playwright/test"; +import { authFile } from "./playwright.config"; +import { domain } from "./uds.config"; + +const baseURL = `https://sso.${domain}`; + +setup("authenticate", async ({ page, context }) => { + await page.goto(baseURL); + + await page.getByLabel("Username or email").fill("doug"); + await page.getByLabel("Password").fill("unicorn123!@#UN"); + await page.getByRole("button", { name: "Log In" }).click(); + + await page.waitForURL(`${baseURL}/realms/uds/account`); // successful redirect + + // ensure auth cookies were set + const cookies = await context.cookies(); + const keycloakCookie = cookies.find( + (cookie) => cookie.name === "KEYCLOAK_SESSION", + ); + + expect(keycloakCookie).toBeDefined(); + expect(keycloakCookie?.value).not.toBe(""); + expect(keycloakCookie?.domain).toContain("sso."); + + await page.context().storageState({ path: authFile }); +}); diff --git a/e2e/playwright/grafana.test.ts b/e2e/playwright/grafana.test.ts new file mode 100644 index 000000000..9b64f0a55 --- /dev/null +++ b/e2e/playwright/grafana.test.ts @@ -0,0 +1,35 @@ +import { expect, test } from "@playwright/test"; +import { domain } from "./uds.config"; + +test.use({ baseURL: `https://grafana.admin.${domain}` }); + +test("validate datasources", async ({ page }) => { + await test.step("check loki", async () => { + await page.goto(`/connections/datasources`); + await page.click('text=Loki'); + await page.click('text=Save & test'); + await expect(page.locator('[data-testid="data-testid Alert success"]')).toBeVisible(); + }); + + await test.step("check prometheus", async () => { + await page.goto(`/connections/datasources`); + await page.click('text=Prometheus'); + await page.click('text=Save & test'); + await expect(page.locator('[data-testid="data-testid Alert success"]')).toBeVisible(); + }); +}); + +test("validate dashboards", async ({ page }) => { + await test.step("Check Dashboard Existence", async () => { + await page.goto(`/dashboards`); + await page.click('text="Kubernetes / Compute Resources / Namespace (Pods)"'); + await page.getByTestId('data-testid Dashboard template variables Variable Value DropDown value link text authservice').click(); + await page.getByRole('checkbox', { name: 'grafana' }).click(); + await page.goto(`/dashboards`); + await page.getByPlaceholder('Search for dashboards and folders').fill('Loki'); + await page.click('text="Loki Dashboard quick search"'); + await page.getByTestId('data-testid Dashboard template variables Variable Value DropDown value link text authservice').click(); + await page.getByRole('checkbox', { name: 'grafana' }).click(); + await expect(page.getByTestId('data-testid Panel header Logs Panel').getByTestId('data-testid panel content')).toBeVisible(); + }); +}); diff --git a/e2e/playwright/package-lock.json b/e2e/playwright/package-lock.json new file mode 100644 index 000000000..280265eee --- /dev/null +++ b/e2e/playwright/package-lock.json @@ -0,0 +1,103 @@ +{ + "name": "test", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "test", + "license": "Apache-2.0", + "devDependencies": { + "@playwright/test": "^1.47.2", + "@types/node": "^22.7.4", + "typescript": "^5.6.2" + } + }, + "node_modules/@playwright/test": { + "version": "1.47.2", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.47.2.tgz", + "integrity": "sha512-jTXRsoSPONAs8Za9QEQdyjFn+0ZQFjCiIztAIF6bi1HqhBzG9Ma7g1WotyiGqFSBRZjIEqMdT8RUlbk1QVhzCQ==", + "dev": true, + "dependencies": { + "playwright": "1.47.2" + }, + "bin": { + "playwright": "cli.js" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@types/node": { + "version": "22.7.4", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.4.tgz", + "integrity": "sha512-y+NPi1rFzDs1NdQHHToqeiX2TIS79SWEAw9GYhkkx8bD0ChpfqC+n2j5OXOCpzfojBEBt6DnEnnG9MY0zk1XLg==", + "dev": true, + "dependencies": { + "undici-types": "~6.19.2" + } + }, + "node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/playwright": { + "version": "1.47.2", + "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.47.2.tgz", + "integrity": "sha512-nx1cLMmQWqmA3UsnjaaokyoUpdVaaDhJhMoxX2qj3McpjnsqFHs516QAKYhqHAgOP+oCFTEOCOAaD1RgD/RQfA==", + "dev": true, + "dependencies": { + "playwright-core": "1.47.2" + }, + "bin": { + "playwright": "cli.js" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "fsevents": "2.3.2" + } + }, + "node_modules/playwright-core": { + "version": "1.47.2", + "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.47.2.tgz", + "integrity": "sha512-3JvMfF+9LJfe16l7AbSmU555PaTl2tPyQsVInqm3id16pdDfvZ8TTZ/pyzmkbDrZTQefyzU7AIHlZqQnxpqHVQ==", + "dev": true, + "bin": { + "playwright-core": "cli.js" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/typescript": { + "version": "5.6.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.2.tgz", + "integrity": "sha512-NW8ByodCSNCwZeghjN3o+JX5OFH0Ojg6sadjEKY4huZ52TqbJTJnDo5+Tw98lSy63NZvi4n+ez5m2u5d4PkZyw==", + "dev": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/undici-types": { + "version": "6.19.8", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz", + "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==", + "dev": true + } + } +} diff --git a/e2e/playwright/package.json b/e2e/playwright/package.json new file mode 100644 index 000000000..4f603f885 --- /dev/null +++ b/e2e/playwright/package.json @@ -0,0 +1,9 @@ +{ + "name": "test", + "license": "Apache-2.0", + "devDependencies": { + "@playwright/test": "^1.47.2", + "@types/node": "^22.7.4", + "typescript": "^5.6.2" + } +} diff --git a/e2e/playwright/playwright.config.ts b/e2e/playwright/playwright.config.ts new file mode 100644 index 000000000..0b2d849d0 --- /dev/null +++ b/e2e/playwright/playwright.config.ts @@ -0,0 +1,41 @@ +import { defineConfig, devices } from "@playwright/test"; + +export const playwrightDir = ".playwright"; +export const authFile = `${playwrightDir}/auth/user.json`; + +/** + * See https://playwright.dev/docs/test-configuration. + */ +export default defineConfig({ + fullyParallel: true, + forbidOnly: !!process.env.CI, // fail CI if you accidentally leave `test.only` in source + retries: process.env.CI ? 1 : 0, + workers: 1, + reporter: [ + // Reporter to use. See https://playwright.dev/docs/test-reporters + ['html', { outputFolder: `${playwrightDir}/reports`, open: 'never' }], + ['json', { outputFile: `${playwrightDir}/reports/test-results.json`, open: 'never' }], + ['list'] + ], + + outputDir: `${playwrightDir}/output`, + + use: { + trace: 'on-first-retry', // collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer + }, + + projects: [ + { name: 'setup', testMatch: /.*\.setup\.ts/ }, // authentication + + ...[ + 'Desktop Chrome', + ].map((p) => ({ + name: devices[p].defaultBrowserType, + dependencies: ['setup'], + use: { + ...devices[p], + storageState: authFile, + }, + })), + ], +}); diff --git a/e2e/playwright/tsconfig.json b/e2e/playwright/tsconfig.json new file mode 100644 index 000000000..5a8d3341b --- /dev/null +++ b/e2e/playwright/tsconfig.json @@ -0,0 +1,10 @@ +{ + "compilerOptions": { + "target": "es2016", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */ + "module": "commonjs", /* Specify what module code is generated. */ + "esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */ + "forceConsistentCasingInFileNames": true, /* Ensure that casing is correct in imports. */ + "strict": true, /* Enable all strict type-checking options. */ + "skipLibCheck": true /* Skip type checking all .d.ts files. */ + } +} diff --git a/e2e/playwright/uds.config.ts b/e2e/playwright/uds.config.ts new file mode 100644 index 000000000..b53029394 --- /dev/null +++ b/e2e/playwright/uds.config.ts @@ -0,0 +1 @@ +export const domain = process.env.DOMAIN || 'uds.dev'; diff --git a/renovate.json b/renovate.json index f4428a606..048e7e035 100644 --- a/renovate.json +++ b/renovate.json @@ -104,6 +104,11 @@ "groupName": "test-infra", "commitMessageTopic": "test-infra" }, + { + "matchFileNames": ["e2e/**"], + "groupName": "e2e-tests", + "commitMessageTopic": "e2e tests" + }, { "matchFileNames": ["package.json", "package-lock.json", "tasks/create.yaml"], "groupName": "pepr", diff --git a/src/grafana/tasks.yaml b/src/grafana/tasks.yaml index 5547b227f..e6bc7c274 100644 --- a/src/grafana/tasks.yaml +++ b/src/grafana/tasks.yaml @@ -23,3 +23,11 @@ tasks: echo "ERROR: Grafana is redirecting to $(curl -L -isS https://grafana.admin.uds.dev --output /dev/null -w '%{url_effective}')." exit 1 fi + + - name: e2e-test + actions: + - description: E2E Test for Grafana + cmd: | + npm ci + npx playwright test grafana.test.ts + dir: e2e/playwright diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml index 8838c6a40..fb2857482 100644 --- a/src/keycloak/common/zarf.yaml +++ b/src/keycloak/common/zarf.yaml @@ -12,6 +12,10 @@ components: # renovate: datasource=docker depName=quay.io/keycloak/keycloak versioning=semver version: 25.0.6 localPath: ../chart + variables: + - name: INSECURE_ADMIN_PASSWORD + path: insecureAdminPasswordGeneration + description: "Enable an insecure admin password for headless bootstrapping or dev/test scenarios" actions: onDeploy: after: diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml index cf2c0cd34..539f4ac78 100644 --- a/tasks/deploy.yaml +++ b/tasks/deploy.yaml @@ -14,7 +14,7 @@ tasks: - name: k3d-standard-bundle actions: - description: "Deploy the UDS Core Standard Bundle" - cmd: uds deploy bundles/k3d-standard/uds-bundle-k3d-core-demo-${UDS_ARCH}-${VERSION}.tar.zst --confirm --no-progress + cmd: uds deploy bundles/k3d-standard/uds-bundle-k3d-core-demo-${UDS_ARCH}-${VERSION}.tar.zst --set INSECURE_ADMIN_PASSWORD_GENERATION=true --confirm --no-progress - name: k3d-standard-bundle-ha actions: @@ -49,9 +49,9 @@ tasks: setVariables: - name: LATEST_VERSION - description: "Deploy the latest UDS Core package release" - cmd: uds zarf package deploy oci://${TARGET_REPO}/core:${LATEST_VERSION} --confirm --no-progress --components '*' + cmd: uds zarf package deploy oci://${TARGET_REPO}/core:${LATEST_VERSION} --set INSECURE_ADMIN_PASSWORD=true --confirm --no-progress --components '*' - name: standard-package actions: - description: "Deploy the standard UDS Core zarf package" - cmd: uds zarf package deploy build/zarf-package-core-${UDS_ARCH}-${VERSION}.tar.zst --confirm --no-progress --components '*' + cmd: uds zarf package deploy build/zarf-package-core-${UDS_ARCH}-${VERSION}.tar.zst --set INSECURE_ADMIN_PASSWORD=true --confirm --no-progress --components '*' diff --git a/tasks/test.yaml b/tasks/test.yaml index 185408e5a..8d3ac3005 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -3,6 +3,7 @@ includes: - setup: ./setup.yaml - deploy: ./deploy.yaml - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.13.1/tasks/compliance.yaml + - common-setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/refs/tags/v0.13.1/tasks/setup.yaml tasks: - name: single-package @@ -16,7 +17,7 @@ tasks: cmd: uds run -f src/${UDS_PKG}/tasks.yaml validate --no-progress - name: validate-packages - description: "Validated all packages" + description: "Validate all packages" # loop through each src/* package and run the validate.yaml task actions: - cmd: | @@ -25,6 +26,20 @@ tasks: done set +e + - name: e2e-tests + description: "E2E Test all packages" + # Run each e2e test type from the e2e folder + actions: + - description: "Run Playwright E2E tests for all packages" + dir: e2e/playwright + cmd: | + # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker + docker run --rm --ipc=host --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.47.2-noble sh -c " \ + cd app && \ + npm ci && \ + npx playwright test \ + " + - name: uds-core description: "Build and test UDS Core" actions: @@ -33,6 +48,14 @@ tasks: - task: deploy:k3d-standard-bundle - task: validate-packages + - name: uds-core-e2e + description: "Build and test UDS Core e2e" + actions: + - task: uds-core + # Self-reference this task file to avoid https://github.com/defenseunicorns/maru-runner/issues/144 + - cmd: uds run -f tasks/test.yaml common-setup:create-doug-user --set KEYCLOAK_GROUP="/UDS Core/Admin" # Adds the test doug user + - task: e2e-tests + - name: uds-core-ha description: "Build and test UDS Core" actions: diff --git a/tsconfig.json b/tsconfig.json index 70638f3a6..7d3c4fc52 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -5,7 +5,9 @@ "declarationMap": true, "emitDeclarationOnly": true, "esModuleInterop": true, - "lib": ["ES2022"], + "lib": [ + "ES2022" + ], "module": "CommonJS", "moduleResolution": "node", "outDir": "dist", @@ -15,5 +17,11 @@ "target": "ES2022", "useUnknownInCatchVariables": false }, - "include": ["**/*.ts"] + "include": [ + "**/*.ts" + ], + "exclude": [ + "e2e", + "dist" + ] } From b52e7221c12f5e93ce975d74b1e5bb50056e6302 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 30 Sep 2024 12:51:49 -0600 Subject: [PATCH 02/27] chore: add e2e tests to upgrade --- tasks/test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/test.yaml b/tasks/test.yaml index 8d3ac3005..e2c8df194 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -72,6 +72,7 @@ tasks: - task: create:standard-package - task: deploy:standard-package - task: validate-packages + - task: e2e-tests - name: compliance-validate description: "validate against the required compliance" From d6cd73e4c0420a8a8b960963a1ed46fd6db9ca3e Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 30 Sep 2024 13:31:08 -0600 Subject: [PATCH 03/27] fix: override path --- src/keycloak/common/zarf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml index fb2857482..6b9790002 100644 --- a/src/keycloak/common/zarf.yaml +++ b/src/keycloak/common/zarf.yaml @@ -14,7 +14,7 @@ components: localPath: ../chart variables: - name: INSECURE_ADMIN_PASSWORD - path: insecureAdminPasswordGeneration + path: insecureAdminPasswordGeneration.enabled description: "Enable an insecure admin password for headless bootstrapping or dev/test scenarios" actions: onDeploy: From 61321dfca3fba4bfb094d3adaedd291cbe1d8621 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 30 Sep 2024 14:17:11 -0600 Subject: [PATCH 04/27] Update values.schema.json --- src/keycloak/chart/values.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keycloak/chart/values.schema.json b/src/keycloak/chart/values.schema.json index f05bdc3a8..b75dbf97a 100644 --- a/src/keycloak/chart/values.schema.json +++ b/src/keycloak/chart/values.schema.json @@ -154,7 +154,7 @@ "type": "object", "properties": { "enabled": { - "type": "boolean" + "type": ["boolean", "string"] }, "username": { "type": "string" From 67c19d25032915f07d9479b2961cdb7cbb0bf8c7 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 30 Sep 2024 14:41:51 -0600 Subject: [PATCH 05/27] chore: template update for kc --- src/keycloak/chart/templates/secret-admin-password.yaml | 2 +- src/keycloak/chart/templates/statefulset.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/keycloak/chart/templates/secret-admin-password.yaml b/src/keycloak/chart/templates/secret-admin-password.yaml index 59307eb32..a34bdbdfc 100644 --- a/src/keycloak/chart/templates/secret-admin-password.yaml +++ b/src/keycloak/chart/templates/secret-admin-password.yaml @@ -1,4 +1,4 @@ -{{- if .Values.insecureAdminPasswordGeneration.enabled }} +{{- if (eq (.Values.insecureAdminPasswordGeneration.enabled | toString) "true") }} {{- $kcPass := (randAlphaNum 32) | b64enc | quote }} {{- $kcUser := .Values.insecureAdminPasswordGeneration.username | b64enc | quote }} {{- $secretName := (print (include "keycloak.fullname" .) "-admin-password") }} diff --git a/src/keycloak/chart/templates/statefulset.yaml b/src/keycloak/chart/templates/statefulset.yaml index 4e4521381..4826662c2 100644 --- a/src/keycloak/chart/templates/statefulset.yaml +++ b/src/keycloak/chart/templates/statefulset.yaml @@ -165,8 +165,8 @@ spec: - name: JAVA_TOOL_OPTIONS value: "-Dcom.redhat.fips=true" {{- end }} - {{- end }} - {{- if .Values.insecureAdminPasswordGeneration.enabled }} + {{- end }} + {{- if (eq (.Values.insecureAdminPasswordGeneration.enabled | toString) "true") }} - name: KEYCLOAK_ADMIN valueFrom: secretKeyRef: From aa9bcf8c581ebb99745cb3519c7a66fc74f0b9cf Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 30 Sep 2024 16:49:39 -0600 Subject: [PATCH 06/27] fix: upgrade test logic and bundle deploy --- .github/actions/save-logs/action.yaml | 1 - e2e/playwright/playwright.config.ts | 2 +- src/keycloak/chart/templates/secret-admin-password.yaml | 2 +- src/keycloak/chart/templates/statefulset.yaml | 2 +- src/keycloak/chart/values.schema.json | 2 +- src/keycloak/common/zarf.yaml | 4 ---- tasks/deploy.yaml | 6 +++--- tasks/test.yaml | 8 +++++--- 8 files changed, 12 insertions(+), 15 deletions(-) diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml index 354cfbf60..88ed686e8 100644 --- a/.github/actions/save-logs/action.yaml +++ b/.github/actions/save-logs/action.yaml @@ -44,4 +44,3 @@ runs: /tmp/debug-*.log /tmp/uds-containerd-logs /tmp/k3d-uds-*.log - e2e/playwright/.playwright/reports diff --git a/e2e/playwright/playwright.config.ts b/e2e/playwright/playwright.config.ts index 0b2d849d0..489d3f0d5 100644 --- a/e2e/playwright/playwright.config.ts +++ b/e2e/playwright/playwright.config.ts @@ -10,7 +10,7 @@ export default defineConfig({ fullyParallel: true, forbidOnly: !!process.env.CI, // fail CI if you accidentally leave `test.only` in source retries: process.env.CI ? 1 : 0, - workers: 1, + workers: 5, reporter: [ // Reporter to use. See https://playwright.dev/docs/test-reporters ['html', { outputFolder: `${playwrightDir}/reports`, open: 'never' }], diff --git a/src/keycloak/chart/templates/secret-admin-password.yaml b/src/keycloak/chart/templates/secret-admin-password.yaml index a34bdbdfc..59307eb32 100644 --- a/src/keycloak/chart/templates/secret-admin-password.yaml +++ b/src/keycloak/chart/templates/secret-admin-password.yaml @@ -1,4 +1,4 @@ -{{- if (eq (.Values.insecureAdminPasswordGeneration.enabled | toString) "true") }} +{{- if .Values.insecureAdminPasswordGeneration.enabled }} {{- $kcPass := (randAlphaNum 32) | b64enc | quote }} {{- $kcUser := .Values.insecureAdminPasswordGeneration.username | b64enc | quote }} {{- $secretName := (print (include "keycloak.fullname" .) "-admin-password") }} diff --git a/src/keycloak/chart/templates/statefulset.yaml b/src/keycloak/chart/templates/statefulset.yaml index 4826662c2..ae859a6b0 100644 --- a/src/keycloak/chart/templates/statefulset.yaml +++ b/src/keycloak/chart/templates/statefulset.yaml @@ -166,7 +166,7 @@ spec: value: "-Dcom.redhat.fips=true" {{- end }} {{- end }} - {{- if (eq (.Values.insecureAdminPasswordGeneration.enabled | toString) "true") }} + {{- if .Values.insecureAdminPasswordGeneration.enabled }} - name: KEYCLOAK_ADMIN valueFrom: secretKeyRef: diff --git a/src/keycloak/chart/values.schema.json b/src/keycloak/chart/values.schema.json index b75dbf97a..f05bdc3a8 100644 --- a/src/keycloak/chart/values.schema.json +++ b/src/keycloak/chart/values.schema.json @@ -154,7 +154,7 @@ "type": "object", "properties": { "enabled": { - "type": ["boolean", "string"] + "type": "boolean" }, "username": { "type": "string" diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml index 6b9790002..8838c6a40 100644 --- a/src/keycloak/common/zarf.yaml +++ b/src/keycloak/common/zarf.yaml @@ -12,10 +12,6 @@ components: # renovate: datasource=docker depName=quay.io/keycloak/keycloak versioning=semver version: 25.0.6 localPath: ../chart - variables: - - name: INSECURE_ADMIN_PASSWORD - path: insecureAdminPasswordGeneration.enabled - description: "Enable an insecure admin password for headless bootstrapping or dev/test scenarios" actions: onDeploy: after: diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml index 556fce04e..6683d94ac 100644 --- a/tasks/deploy.yaml +++ b/tasks/deploy.yaml @@ -49,9 +49,9 @@ tasks: setVariables: - name: LATEST_VERSION - description: "Deploy the latest UDS Core package release" - cmd: uds zarf package deploy oci://${TARGET_REPO}/core:${LATEST_VERSION} --set INSECURE_ADMIN_PASSWORD=true --confirm --no-progress --components '*' + cmd: uds zarf package deploy oci://${TARGET_REPO}/core:${LATEST_VERSION} --confirm --no-progress --components '*' - name: standard-package actions: - - description: "Deploy the standard UDS Core zarf package" - cmd: uds zarf package deploy build/zarf-package-core-${UDS_ARCH}-${VERSION}.tar.zst --set INSECURE_ADMIN_PASSWORD=true --confirm --no-progress --components '*' + - description: "Deploy the standard UDS Core zarf package, from the standard bundle" + cmd: uds deploy bundles/k3d-standard/uds-bundle-k3d-core-demo-${UDS_ARCH}-${VERSION}.tar.zst --set INSECURE_ADMIN_PASSWORD_GENERATION=true --packages core --confirm --no-progress diff --git a/tasks/test.yaml b/tasks/test.yaml index e2c8df194..5e26879dd 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -30,6 +30,9 @@ tasks: description: "E2E Test all packages" # Run each e2e test type from the e2e folder actions: + - description: "Setup the Doug User for testing" + # Self-reference this task file to avoid https://github.com/defenseunicorns/maru-runner/issues/144 + cmd: uds run -f tasks/test.yaml common-setup:create-doug-user --set KEYCLOAK_GROUP="/UDS Core/Admin" # Adds the test doug user - description: "Run Playwright E2E tests for all packages" dir: e2e/playwright cmd: | @@ -52,8 +55,6 @@ tasks: description: "Build and test UDS Core e2e" actions: - task: uds-core - # Self-reference this task file to avoid https://github.com/defenseunicorns/maru-runner/issues/144 - - cmd: uds run -f tasks/test.yaml common-setup:create-doug-user --set KEYCLOAK_GROUP="/UDS Core/Admin" # Adds the test doug user - task: e2e-tests - name: uds-core-ha @@ -70,7 +71,8 @@ tasks: - task: setup:k3d-test-cluster - task: deploy:latest-package-release - task: create:standard-package - - task: deploy:standard-package + - task: create:k3d-standard-bundle + - task: deploy:standard-package # Deploys the core package from the standard bundle - task: validate-packages - task: e2e-tests From aa6821226872d060f081abdecebbed67e52e1398 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 8 Oct 2024 11:47:54 -0600 Subject: [PATCH 07/27] wip: single layer test, video --- e2e/playwright/grafana.test.ts | 25 ++++++++++++++++++------- e2e/playwright/playwright.config.ts | 11 +++++------ e2e/playwright/uds.config.ts | 1 + renovate.json | 5 +++++ src/grafana/tasks.yaml | 6 ++---- tasks/test.yaml | 2 +- 6 files changed, 32 insertions(+), 18 deletions(-) diff --git a/e2e/playwright/grafana.test.ts b/e2e/playwright/grafana.test.ts index 277731afc..c41e36fca 100644 --- a/e2e/playwright/grafana.test.ts +++ b/e2e/playwright/grafana.test.ts @@ -1,32 +1,43 @@ import { expect, test } from "@playwright/test"; -import { domain } from "./uds.config"; +import { domain, fullCore } from "./uds.config"; test.use({ baseURL: `https://grafana.admin.${domain}` }); test("validate loki datasource", async ({ page }) => { + test.skip(!fullCore, "Loki is only present on full core deploys"); await test.step("check loki", async () => { await page.goto(`/connections/datasources`); - await page.click('text=Loki'); + await page.getByRole('link', { name: 'Loki' }).click(); await page.click('text=Save & test'); - await expect(page.locator('[data-testid="data-testid Alert success"]')).toBeVisible(); + // Allow 20 second timeout for datasource validation + await expect(page.locator('[data-testid="data-testid Alert success"]')).toBeVisible({ timeout: 20000 }); }); }); test("validate prometheus datasource", async ({ page }) => { await test.step("check prometheus", async () => { await page.goto(`/connections/datasources`); - await page.click('text=Prometheus'); + await page.getByRole('link', { name: 'Prometheus' }).click(); await page.click('text=Save & test'); - await expect(page.locator('[data-testid="data-testid Alert success"]')).toBeVisible(); + // Allow 20 second timeout for datasource validation + await expect(page.locator('[data-testid="data-testid Alert success"]')).toBeVisible({ timeout: 20000 }); }); }); -test("validate dashboards", async ({ page }) => { - await test.step("Check Dashboard Existence", async () => { +// This dashboard is added by the upstream kube-prometheus-stack +test("validate namespace dashboard", async ({ page }) => { + await test.step("check dashboard", async () => { await page.goto(`/dashboards`); await page.click('text="Kubernetes / Compute Resources / Namespace (Pods)"'); await page.getByTestId('data-testid Dashboard template variables Variable Value DropDown value link text authservice').click(); await page.getByRole('checkbox', { name: 'grafana' }).click(); + }); +}); + +// This dashboard is deployed "custom" by our uds config chart +test("validate loki dashboard", async ({ page }) => { + test.skip(!fullCore, "Loki is only present on full core deploys"); + await test.step("check dashboard", async () => { await page.goto(`/dashboards`); await page.getByPlaceholder('Search for dashboards and folders').fill('Loki'); await page.click('text="Loki Dashboard quick search"'); diff --git a/e2e/playwright/playwright.config.ts b/e2e/playwright/playwright.config.ts index 489d3f0d5..136031784 100644 --- a/e2e/playwright/playwright.config.ts +++ b/e2e/playwright/playwright.config.ts @@ -9,19 +9,18 @@ export const authFile = `${playwrightDir}/auth/user.json`; export default defineConfig({ fullyParallel: true, forbidOnly: !!process.env.CI, // fail CI if you accidentally leave `test.only` in source - retries: process.env.CI ? 1 : 0, - workers: 5, + retries: 1, + workers: 20, // Support up to 20 parallel workers + timeout: 60000, // 1 minute timeout for tests reporter: [ // Reporter to use. See https://playwright.dev/docs/test-reporters - ['html', { outputFolder: `${playwrightDir}/reports`, open: 'never' }], - ['json', { outputFile: `${playwrightDir}/reports/test-results.json`, open: 'never' }], - ['list'] + ['html', { outputFolder: `${playwrightDir}/reports`, open: 'never' }] ], outputDir: `${playwrightDir}/output`, use: { - trace: 'on-first-retry', // collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer + trace: 'retain-on-failure', // save trace for failed tests. See https://playwright.dev/docs/trace-viewer#opening-the-trace }, projects: [ diff --git a/e2e/playwright/uds.config.ts b/e2e/playwright/uds.config.ts index b53029394..6fcc4f7b5 100644 --- a/e2e/playwright/uds.config.ts +++ b/e2e/playwright/uds.config.ts @@ -1 +1,2 @@ export const domain = process.env.DOMAIN || 'uds.dev'; +export const fullCore = process.env.FULL_CORE === "true"; diff --git a/renovate.json b/renovate.json index 8750c37eb..2dd0d87d2 100644 --- a/renovate.json +++ b/renovate.json @@ -114,6 +114,11 @@ "groupName": "pepr", "commitMessageTopic": "pepr" }, + { + "matchPackageNames": ["defenseunicorns/uds-common"], + "groupName": "uds-common", + "commitMessageTopic": "uds-common" + }, { "matchPackageNames": ["mcr.microsoft.com/playwright"], "groupName": "playwright", diff --git a/src/grafana/tasks.yaml b/src/grafana/tasks.yaml index b42bf5675..c011a32b3 100644 --- a/src/grafana/tasks.yaml +++ b/src/grafana/tasks.yaml @@ -29,14 +29,12 @@ tasks: - description: "Setup the Doug User for testing" # Self-reference this task file to avoid https://github.com/defenseunicorns/maru-runner/issues/144 cmd: uds run -f tasks/test.yaml common-setup:create-doug-user --set KEYCLOAK_GROUP="/UDS Core/Admin" # Adds the test doug user - - description: E2E Test for Grafana + - description: E2E Test for Grafana, optionally set FULL_CORE=true to test integrations with Loki cmd: | # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker - docker run --rm --ipc=host --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.47.2-noble sh -c " \ + docker run --rm --ipc=host -e FULL_CORE="${FULL_CORE}" --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.47.2-noble sh -c " \ cd app && \ npm ci && \ npx playwright test grafana.test.ts \ " - npm ci - npx playwright test grafana.test.ts dir: e2e/playwright diff --git a/tasks/test.yaml b/tasks/test.yaml index e7025e06f..cb5c272de 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -59,7 +59,7 @@ tasks: dir: e2e/playwright cmd: | # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker - docker run --rm --ipc=host --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.47.2-noble sh -c " \ + docker run --rm --ipc=host --net=host -e FULL_CORE="true" --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.47.2-noble sh -c " \ cd app && \ npm ci && \ npx playwright test \ From 22641e5b3c33d531388fa87ad9dafbc4384f4ae9 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 8 Oct 2024 15:51:31 -0600 Subject: [PATCH 08/27] wip: working func layers test --- packages/monitoring/tasks.yaml | 1 + src/keycloak/common/zarf.yaml | 2 ++ src/keycloak/values/common-values.yaml | 2 ++ src/keycloak/zarf.yaml | 3 +++ tasks/deploy.yaml | 2 +- 5 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 src/keycloak/values/common-values.yaml diff --git a/packages/monitoring/tasks.yaml b/packages/monitoring/tasks.yaml index 3de4e5238..ca0c80988 100644 --- a/packages/monitoring/tasks.yaml +++ b/packages/monitoring/tasks.yaml @@ -7,3 +7,4 @@ tasks: actions: - task: prometheus:validate - task: grafana:validate + - task: grafana:e2e-test diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml index 8838c6a40..7c49ce88c 100644 --- a/src/keycloak/common/zarf.yaml +++ b/src/keycloak/common/zarf.yaml @@ -12,6 +12,8 @@ components: # renovate: datasource=docker depName=quay.io/keycloak/keycloak versioning=semver version: 25.0.6 localPath: ../chart + valuesFiles: + - ../values/common-values.yaml actions: onDeploy: after: diff --git a/src/keycloak/values/common-values.yaml b/src/keycloak/values/common-values.yaml new file mode 100644 index 000000000..29e2636fe --- /dev/null +++ b/src/keycloak/values/common-values.yaml @@ -0,0 +1,2 @@ +insecureAdminPasswordGeneration: + enabled: ###ZARF_VAR_INSECURE_ADMIN_PASSWORD_GENERATION### diff --git a/src/keycloak/zarf.yaml b/src/keycloak/zarf.yaml index acf43864b..181c2aff7 100644 --- a/src/keycloak/zarf.yaml +++ b/src/keycloak/zarf.yaml @@ -7,6 +7,9 @@ variables: - name: DOMAIN description: "Cluster domain" default: "uds.dev" + - name: INSECURE_ADMIN_PASSWORD_GENERATION + description: "Generate an insecure admin password for dev/test" + default: "false" components: - name: keycloak diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml index 75e3229da..c3de8ce69 100644 --- a/tasks/deploy.yaml +++ b/tasks/deploy.yaml @@ -43,7 +43,7 @@ tasks: description: The UDS Core layer to deploy actions: - description: "Deploy a single UDS Core Layer (must set UDS_LAYER environment variable)" - cmd: uds zarf package deploy build/zarf-package-core-${{ index .inputs "layer" }}-${UDS_ARCH}-${VERSION}.tar.zst --confirm --no-progress --components '*' + cmd: uds zarf package deploy build/zarf-package-core-${{ index .inputs "layer" }}-${UDS_ARCH}-${VERSION}.tar.zst --set INSECURE_ADMIN_PASSWORD_GENERATION="true" --confirm --no-progress --components '*' - name: latest-package-release actions: From 251fc1bb6b41321f4b0aa1d8fd067c575a88681d Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 10 Oct 2024 16:09:13 -0600 Subject: [PATCH 09/27] chore: password for kc admin --- e2e/playwright/grafana.test.ts | 1 + e2e/playwright/playwright.config.ts | 2 +- src/grafana/tasks.yaml | 6 +++++ src/keycloak/common/zarf.yaml | 2 -- src/keycloak/values/common-values.yaml | 2 -- src/keycloak/zarf.yaml | 3 --- tasks/deploy.yaml | 2 +- tasks/utils.yaml | 34 ++++++++++++++++++++++++++ 8 files changed, 43 insertions(+), 9 deletions(-) delete mode 100644 src/keycloak/values/common-values.yaml diff --git a/e2e/playwright/grafana.test.ts b/e2e/playwright/grafana.test.ts index c41e36fca..67c707572 100644 --- a/e2e/playwright/grafana.test.ts +++ b/e2e/playwright/grafana.test.ts @@ -2,6 +2,7 @@ import { expect, test } from "@playwright/test"; import { domain, fullCore } from "./uds.config"; test.use({ baseURL: `https://grafana.admin.${domain}` }); +test.describe.configure({ mode: 'serial' }); test("validate loki datasource", async ({ page }) => { test.skip(!fullCore, "Loki is only present on full core deploys"); diff --git a/e2e/playwright/playwright.config.ts b/e2e/playwright/playwright.config.ts index 136031784..8f68621e8 100644 --- a/e2e/playwright/playwright.config.ts +++ b/e2e/playwright/playwright.config.ts @@ -11,7 +11,7 @@ export default defineConfig({ forbidOnly: !!process.env.CI, // fail CI if you accidentally leave `test.only` in source retries: 1, workers: 20, // Support up to 20 parallel workers - timeout: 60000, // 1 minute timeout for tests + timeout: 30000, // 30 second timeout for tests reporter: [ // Reporter to use. See https://playwright.dev/docs/test-reporters ['html', { outputFolder: `${playwrightDir}/reports`, open: 'never' }] diff --git a/src/grafana/tasks.yaml b/src/grafana/tasks.yaml index d5ccc0cfa..a0651f96e 100644 --- a/src/grafana/tasks.yaml +++ b/src/grafana/tasks.yaml @@ -1,4 +1,8 @@ # SPDX-License-Identifier: AGPL-3.0-or-later OR Commercial +includes: + - utils: ../../tasks/utils.yaml + + tasks: - name: validate actions: @@ -27,6 +31,8 @@ tasks: - name: e2e-test actions: + - description: "Setup the Keycloak admin user if needed" + task: utils:keycloak-admin-user - description: "Setup the Doug User for testing" # Self-reference this task file to avoid https://github.com/defenseunicorns/maru-runner/issues/144 cmd: uds run -f tasks/test.yaml common-setup:create-doug-user --set KEYCLOAK_GROUP="/UDS Core/Admin" # Adds the test doug user diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml index 9c0e57f83..b41d24fad 100644 --- a/src/keycloak/common/zarf.yaml +++ b/src/keycloak/common/zarf.yaml @@ -13,8 +13,6 @@ components: # renovate: datasource=docker depName=quay.io/keycloak/keycloak versioning=semver version: 25.0.6 localPath: ../chart - valuesFiles: - - ../values/common-values.yaml actions: onDeploy: after: diff --git a/src/keycloak/values/common-values.yaml b/src/keycloak/values/common-values.yaml deleted file mode 100644 index 29e2636fe..000000000 --- a/src/keycloak/values/common-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -insecureAdminPasswordGeneration: - enabled: ###ZARF_VAR_INSECURE_ADMIN_PASSWORD_GENERATION### diff --git a/src/keycloak/zarf.yaml b/src/keycloak/zarf.yaml index baf734fe4..b581bd17e 100644 --- a/src/keycloak/zarf.yaml +++ b/src/keycloak/zarf.yaml @@ -8,9 +8,6 @@ variables: - name: DOMAIN description: "Cluster domain" default: "uds.dev" - - name: INSECURE_ADMIN_PASSWORD_GENERATION - description: "Generate an insecure admin password for dev/test" - default: "false" components: - name: keycloak diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml index c2d7ddb99..b25bdca18 100644 --- a/tasks/deploy.yaml +++ b/tasks/deploy.yaml @@ -45,7 +45,7 @@ tasks: description: The UDS Core layer to deploy actions: - description: "Deploy a single UDS Core Layer (must set UDS_LAYER environment variable)" - cmd: uds zarf package deploy build/zarf-package-core-${{ index .inputs "layer" }}-${UDS_ARCH}-${VERSION}.tar.zst --set INSECURE_ADMIN_PASSWORD_GENERATION="true" --confirm --no-progress --components '*' + cmd: uds zarf package deploy build/zarf-package-core-${{ index .inputs "layer" }}-${UDS_ARCH}-${VERSION}.tar.zst --confirm --no-progress --components '*' - name: latest-package-release actions: diff --git a/tasks/utils.yaml b/tasks/utils.yaml index c5cf75346..fa3460f72 100644 --- a/tasks/utils.yaml +++ b/tasks/utils.yaml @@ -27,3 +27,37 @@ tasks: mute: true setVariables: - name: TARGET_REPO + - name: keycloak-admin-user + actions: + - description: Sets up the Keycloak admin user for dev/testing if not already created + cmd: | + # Check if the secret exists + if ./zarf tools kubectl get secret keycloak-admin-password -n keycloak > /dev/null 2>&1; then + echo "Admin user exists, skipping..." + else + # Start port-forward with zarf + ./zarf tools kubectl port-forward -n keycloak svc/keycloak-http 8080:8080 & + PF_PID=$! + + # Wait a bit to ensure port-forward is ready + sleep 3 + + # Create admin user with curl + PASSWORD=$(openssl rand -base64 12) + STATE_COOKIE=$(curl --silent --output /dev/null --cookie-jar - http://localhost:8080/ | grep "WELCOME_STATE_CHECKER" | awk '{print $7}') + curl --silent --show-error http://localhost:8080/ \ + -H "Cookie: WELCOME_STATE_CHECKER=${STATE_COOKIE}" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + --data-urlencode "username=admin" \ + --data-urlencode "password=${PASSWORD}" \ + --data-urlencode "passwordConfirmation=${PASSWORD}" \ + --data-urlencode "stateChecker=${STATE_COOKIE}" + + # Kill the port-forward + kill $PF_PID + + ./zarf tools kubectl create secret generic keycloak-admin-password \ + --from-literal=username=admin \ + --from-literal=password=${PASSWORD} \ + -n keycloak + fi From 44d6b4c0a33881ed3c8f40641a688e1ca4af3dce Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 10 Oct 2024 16:09:29 -0600 Subject: [PATCH 10/27] chore: password for kc admin --- tasks/utils.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/utils.yaml b/tasks/utils.yaml index fa3460f72..21de5cff1 100644 --- a/tasks/utils.yaml +++ b/tasks/utils.yaml @@ -40,7 +40,7 @@ tasks: PF_PID=$! # Wait a bit to ensure port-forward is ready - sleep 3 + sleep 5 # Create admin user with curl PASSWORD=$(openssl rand -base64 12) From 8a7d006726f54b6d8b516791f4404ad3bea667e3 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 10 Oct 2024 16:28:13 -0600 Subject: [PATCH 11/27] chore: add license --- .github/actions/save-logs/action.yaml | 2 ++ e2e/playwright/auth.setup.ts | 5 +++++ e2e/playwright/grafana.test.ts | 5 +++++ e2e/playwright/playwright.config.ts | 5 +++++ e2e/playwright/uds.config.ts | 5 +++++ 5 files changed, 22 insertions(+) diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml index 9039a8924..9d69c6e16 100644 --- a/.github/actions/save-logs/action.yaml +++ b/.github/actions/save-logs/action.yaml @@ -45,3 +45,5 @@ runs: /tmp/debug-*.log /tmp/uds-containerd-logs /tmp/k3d-uds-*.log + e2e/playwright/.playwright/output + e2e/playwright/.playwright/reports diff --git a/e2e/playwright/auth.setup.ts b/e2e/playwright/auth.setup.ts index b895ecccc..a4f18a21b 100644 --- a/e2e/playwright/auth.setup.ts +++ b/e2e/playwright/auth.setup.ts @@ -1,3 +1,8 @@ +/** + * Copyright 2024 Defense Unicorns + * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + */ + import { expect, test as setup } from "@playwright/test"; import { authFile } from "./playwright.config"; import { domain } from "./uds.config"; diff --git a/e2e/playwright/grafana.test.ts b/e2e/playwright/grafana.test.ts index 67c707572..4b46630b4 100644 --- a/e2e/playwright/grafana.test.ts +++ b/e2e/playwright/grafana.test.ts @@ -1,3 +1,8 @@ +/** + * Copyright 2024 Defense Unicorns + * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + */ + import { expect, test } from "@playwright/test"; import { domain, fullCore } from "./uds.config"; diff --git a/e2e/playwright/playwright.config.ts b/e2e/playwright/playwright.config.ts index 8f68621e8..5a9e172b1 100644 --- a/e2e/playwright/playwright.config.ts +++ b/e2e/playwright/playwright.config.ts @@ -1,3 +1,8 @@ +/** + * Copyright 2024 Defense Unicorns + * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + */ + import { defineConfig, devices } from "@playwright/test"; export const playwrightDir = ".playwright"; diff --git a/e2e/playwright/uds.config.ts b/e2e/playwright/uds.config.ts index 6fcc4f7b5..632b8e69d 100644 --- a/e2e/playwright/uds.config.ts +++ b/e2e/playwright/uds.config.ts @@ -1,2 +1,7 @@ +/** + * Copyright 2024 Defense Unicorns + * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + */ + export const domain = process.env.DOMAIN || 'uds.dev'; export const fullCore = process.env.FULL_CORE === "true"; From e5274a1adc89073a50f92825a79fa6c4b4a60546 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 10 Oct 2024 16:29:51 -0600 Subject: [PATCH 12/27] layer doc fix --- CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3ab5f7125..4ca9d6cb2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -102,10 +102,10 @@ uds run test:uds-core-e2e Each of these tasks will create a local k3d cluster, install UDS Core, and run a series of tests against it, the same tests that are run in CI. -If you want to run a subset of core for faster iterations against a specific package, you can use the `PKG` env variable with the below task (example for metrics-server): +If you want to run a subset of core for faster iterations against a specific package, you can use the `LAYER` variable with the below task (example for metrics-server): ```console -UDS_PKG=metrics-server uds run test-single-package +uds run test-single-layer --set LAYER=metrics-server ``` Note you can also specify the `--set FLAVOR=` flag to test using with either the Iron Bank or Unicorn sourced images instead of the upstream ones. From 7e6b9ba2d9119317350ec1b66d0607a5d04ed6a8 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 10 Oct 2024 16:31:09 -0600 Subject: [PATCH 13/27] remove extra --- e2e/playwright/package.json | 1 - 1 file changed, 1 deletion(-) diff --git a/e2e/playwright/package.json b/e2e/playwright/package.json index 4f603f885..8b4e61e68 100644 --- a/e2e/playwright/package.json +++ b/e2e/playwright/package.json @@ -1,6 +1,5 @@ { "name": "test", - "license": "Apache-2.0", "devDependencies": { "@playwright/test": "^1.47.2", "@types/node": "^22.7.4", From 2f39a15fb347ffb930d2e036914731747f6b16e0 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 10 Oct 2024 19:43:27 -0600 Subject: [PATCH 14/27] relocate playwright artifacts --- .github/actions/save-logs/action.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml index 9d69c6e16..cd135d459 100644 --- a/.github/actions/save-logs/action.yaml +++ b/.github/actions/save-logs/action.yaml @@ -35,6 +35,12 @@ runs: sudo chown $USER /tmp/uds-*.log || echo "" shell: bash + - name: Move Playwright Artifacts + run: | + mkdir -p /tmp/playwright + mv e2e/playwright/.playwright/* /tmp/playwright || true + shell: bash + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: debug-log${{ inputs.suffix }} @@ -45,5 +51,5 @@ runs: /tmp/debug-*.log /tmp/uds-containerd-logs /tmp/k3d-uds-*.log - e2e/playwright/.playwright/output - e2e/playwright/.playwright/reports + /tmp/playwright/output + /tmp/playwright/reports From fb5f673d9a2f2a5cef7b02eefc1890345937be6a Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 10 Oct 2024 19:45:30 -0600 Subject: [PATCH 15/27] chore: increase timeout --- e2e/playwright/grafana.test.ts | 4 ++-- e2e/playwright/playwright.config.ts | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/e2e/playwright/grafana.test.ts b/e2e/playwright/grafana.test.ts index 4b46630b4..302a7d9aa 100644 --- a/e2e/playwright/grafana.test.ts +++ b/e2e/playwright/grafana.test.ts @@ -15,8 +15,8 @@ test("validate loki datasource", async ({ page }) => { await page.goto(`/connections/datasources`); await page.getByRole('link', { name: 'Loki' }).click(); await page.click('text=Save & test'); - // Allow 20 second timeout for datasource validation - await expect(page.locator('[data-testid="data-testid Alert success"]')).toBeVisible({ timeout: 20000 }); + // Allow 40 second timeout for datasource validation + await expect(page.locator('[data-testid="data-testid Alert success"]')).toBeVisible({ timeout: 40000 }); }); }); diff --git a/e2e/playwright/playwright.config.ts b/e2e/playwright/playwright.config.ts index 5a9e172b1..8230356f6 100644 --- a/e2e/playwright/playwright.config.ts +++ b/e2e/playwright/playwright.config.ts @@ -16,7 +16,7 @@ export default defineConfig({ forbidOnly: !!process.env.CI, // fail CI if you accidentally leave `test.only` in source retries: 1, workers: 20, // Support up to 20 parallel workers - timeout: 30000, // 30 second timeout for tests + timeout: 45000, // 45 second timeout for tests reporter: [ // Reporter to use. See https://playwright.dev/docs/test-reporters ['html', { outputFolder: `${playwrightDir}/reports`, open: 'never' }] From bb2e8e0507ef5c99106e59c71a3ebc60a2504261 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Fri, 11 Oct 2024 10:03:07 -0600 Subject: [PATCH 16/27] sudo time --- .github/actions/save-logs/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml index cd135d459..7b46a02ce 100644 --- a/.github/actions/save-logs/action.yaml +++ b/.github/actions/save-logs/action.yaml @@ -37,8 +37,8 @@ runs: - name: Move Playwright Artifacts run: | - mkdir -p /tmp/playwright - mv e2e/playwright/.playwright/* /tmp/playwright || true + sudo mkdir -p /tmp/playwright + sudo mv e2e/playwright/.playwright/* /tmp/playwright || true shell: bash - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 From 3c8d2d95be2aec5e65e9f12a06f23d7811678cd6 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 15 Oct 2024 12:09:10 -0600 Subject: [PATCH 17/27] chore: align upgrade deploys --- .gitignore | 6 +++--- tasks/deploy.yaml | 4 ++-- tasks/test.yaml | 6 ++++-- tasks/utils.yaml | 1 + 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 61f569ee7..5760e6f10 100644 --- a/.gitignore +++ b/.gitignore @@ -6,8 +6,8 @@ build/ zarf-sbom tmp/ env.ts -node_modules/** -dist +**/node_modules/** +dist/** insecure* .env zarf @@ -19,4 +19,4 @@ extract-terraform.sh cluster-config.yaml **.tfstate **.backup -.playwright +**/.playwright/** diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml index 4a4214084..27f13643a 100644 --- a/tasks/deploy.yaml +++ b/tasks/deploy.yaml @@ -61,5 +61,5 @@ tasks: - name: standard-package actions: - - description: "Deploy the standard UDS Core zarf package, from the standard bundle" - cmd: uds deploy bundles/k3d-standard/uds-bundle-k3d-core-demo-${UDS_ARCH}-${VERSION}.tar.zst --set INSECURE_ADMIN_PASSWORD_GENERATION=true --packages core --confirm --no-progress + - description: "Deploy the standard UDS Core zarf package" + cmd: uds zarf package deploy build/zarf-package-core-${UDS_ARCH}-${VERSION}.tar.zst --confirm --no-progress --components '*' diff --git a/tasks/test.yaml b/tasks/test.yaml index 166afb291..a286d18d6 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -5,6 +5,7 @@ includes: - create: ./create.yaml - setup: ./setup.yaml - deploy: ./deploy.yaml + - utils: ./utils.yaml - common-setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/refs/tags/v0.13.1/tasks/setup.yaml - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.0/tasks/compliance.yaml @@ -55,6 +56,8 @@ tasks: description: "E2E Test all packages" # Run each e2e test type from the e2e folder actions: + - description: "Setup the Keycloak admin user if needed" + task: utils:keycloak-admin-user - description: "Setup the Doug User for testing" # Self-reference this task file to avoid https://github.com/defenseunicorns/maru-runner/issues/144 cmd: uds run -f tasks/test.yaml common-setup:create-doug-user --set KEYCLOAK_GROUP="/UDS Core/Admin" # Adds the test doug user @@ -96,8 +99,7 @@ tasks: - task: setup:k3d-test-cluster - task: deploy:latest-package-release - task: create:standard-package - - task: create:k3d-standard-bundle - - task: deploy:standard-package # Deploys the core package from the standard bundle + - task: deploy:standard-package - task: validate-packages - task: e2e-tests diff --git a/tasks/utils.yaml b/tasks/utils.yaml index 9ea1d12d9..8ca6899d1 100644 --- a/tasks/utils.yaml +++ b/tasks/utils.yaml @@ -29,6 +29,7 @@ tasks: mute: true setVariables: - name: TARGET_REPO + - name: keycloak-admin-user actions: - description: Sets up the Keycloak admin user for dev/testing if not already created From c24525dcc99109f078fc2f655309b50a3a6fa796 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 15 Oct 2024 15:58:20 -0600 Subject: [PATCH 18/27] fix: cyclic --- tasks/test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/test.yaml b/tasks/test.yaml index a286d18d6..7b6ffe191 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -5,7 +5,7 @@ includes: - create: ./create.yaml - setup: ./setup.yaml - deploy: ./deploy.yaml - - utils: ./utils.yaml + - util: ./utils.yaml - common-setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/refs/tags/v0.13.1/tasks/setup.yaml - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.1.0/tasks/compliance.yaml @@ -57,7 +57,7 @@ tasks: # Run each e2e test type from the e2e folder actions: - description: "Setup the Keycloak admin user if needed" - task: utils:keycloak-admin-user + task: util:keycloak-admin-user - description: "Setup the Doug User for testing" # Self-reference this task file to avoid https://github.com/defenseunicorns/maru-runner/issues/144 cmd: uds run -f tasks/test.yaml common-setup:create-doug-user --set KEYCLOAK_GROUP="/UDS Core/Admin" # Adds the test doug user From 3aa0f824c77436dc52e58bb90f2e91bc6ef717eb Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 15 Oct 2024 15:58:36 -0600 Subject: [PATCH 19/27] fix: gitignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 5760e6f10..634e930c6 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,7 @@ build/ .DS_Store *.tar.zst -zarf-sbom +zarf-sbom/** tmp/ env.ts **/node_modules/** From 8934ca09d7adcc332f1c37ca30b752342bab04a9 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 15 Oct 2024 16:02:14 -0600 Subject: [PATCH 20/27] chore: folders --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 634e930c6..b6b996531 100644 --- a/.gitignore +++ b/.gitignore @@ -3,10 +3,13 @@ build/ .DS_Store *.tar.zst +zarf-sbom zarf-sbom/** tmp/ env.ts +**/node_modules **/node_modules/** +dist dist/** insecure* .env @@ -20,3 +23,4 @@ cluster-config.yaml **.tfstate **.backup **/.playwright/** +**/.playwright From 2d9c63dcccbff1902482ebfc29897933b00b4e57 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Wed, 16 Oct 2024 16:48:00 -0600 Subject: [PATCH 21/27] add service patch for loki --- pepr.ts | 4 ++++ src/loki/values/values.yaml | 4 ++++ src/pepr/patches/index.ts | 11 +++++++++++ src/pepr/patches/loki.ts | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+) create mode 100644 src/pepr/patches/index.ts create mode 100644 src/pepr/patches/loki.ts diff --git a/pepr.ts b/pepr.ts index b0403818e..18493e612 100644 --- a/pepr.ts +++ b/pepr.ts @@ -14,6 +14,7 @@ import { operator } from "./src/pepr/operator"; import { setupAuthserviceSecret } from "./src/pepr/operator/controllers/keycloak/authservice/config"; import { Policy } from "./src/pepr/operator/crd"; import { registerCRDs } from "./src/pepr/operator/crd/register"; +import { patches } from "./src/pepr/patches"; import { policies, startExemptionWatch } from "./src/pepr/policies"; import { prometheus } from "./src/pepr/prometheus"; @@ -37,6 +38,9 @@ const log = setupLogger(Component.STARTUP); // Prometheus monitoring stack prometheus, + + // Patches for specific components + patches, ]); // Remove legacy policy entries from the pepr store for the 0.5.0 upgrade if ( diff --git a/src/loki/values/values.yaml b/src/loki/values/values.yaml index 243286566..3e20edea3 100644 --- a/src/loki/values/values.yaml +++ b/src/loki/values/values.yaml @@ -166,3 +166,7 @@ write: backend: # Remove default anti-affinity to support single node affinity: null + # Temporary label to trigger mutation for istio service patch + service: + labels: + uds/istio-patch: "true" diff --git a/src/pepr/patches/index.ts b/src/pepr/patches/index.ts new file mode 100644 index 000000000..d7356d9dc --- /dev/null +++ b/src/pepr/patches/index.ts @@ -0,0 +1,11 @@ +/** + * Copyright 2024 Defense Unicorns + * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + */ + +import { Capability } from "pepr"; + +export const patches = new Capability({ + name: "patches", + description: "UDS Core Capability for patching miscellaneous things.", +}); diff --git a/src/pepr/patches/loki.ts b/src/pepr/patches/loki.ts new file mode 100644 index 000000000..15beb9e41 --- /dev/null +++ b/src/pepr/patches/loki.ts @@ -0,0 +1,32 @@ +/** + * Copyright 2024 Defense Unicorns + * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + */ + +import { a } from "pepr"; +import { patches } from "."; + +const { When } = patches; + +/** + * Mutate the Loki backend headless support to handle Istio protocol selection properly + * Temporary until fixed upstream in https://github.com/grafana/loki/pull/14507 + */ +When(a.Service) + .IsCreatedOrUpdated() + .InNamespace("loki") + .WithName("loki-backend-headless") + .Mutate(async svc => { + if (svc.Raw.spec === undefined || svc.Raw.spec.ports === undefined) { + return; + } + + const ports = svc.Raw.spec.ports; + + const grpcPort = ports.find(p => p.name === "grpc"); + + // If found, set appProtocol to "tcp" + if (grpcPort) { + grpcPort.appProtocol = "tcp"; + } + }); From 5a6458c546cf5284aeeda6714ef68057d4a951cb Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 17 Oct 2024 09:52:48 -0600 Subject: [PATCH 22/27] fix weird import things --- src/pepr/logger.ts | 1 + src/pepr/patches/index.ts | 33 ++++++++++++++++++++++++++++++++- src/pepr/patches/loki.ts | 32 -------------------------------- 3 files changed, 33 insertions(+), 33 deletions(-) delete mode 100644 src/pepr/patches/loki.ts diff --git a/src/pepr/logger.ts b/src/pepr/logger.ts index b79ca76a5..fd39a81f4 100644 --- a/src/pepr/logger.ts +++ b/src/pepr/logger.ts @@ -22,6 +22,7 @@ export enum Component { POLICIES = "policies", POLICIES_EXEMPTIONS = "policies.exemptions", PROMETHEUS = "prometheus", + PATCHES = "patches", } export function setupLogger(component: Component) { diff --git a/src/pepr/patches/index.ts b/src/pepr/patches/index.ts index d7356d9dc..78a99c277 100644 --- a/src/pepr/patches/index.ts +++ b/src/pepr/patches/index.ts @@ -3,9 +3,40 @@ * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial */ -import { Capability } from "pepr"; +import { Capability, a } from "pepr"; +import { Component, setupLogger } from "../logger"; export const patches = new Capability({ name: "patches", description: "UDS Core Capability for patching miscellaneous things.", }); + +const { When } = patches; + +// configure subproject logger +const log = setupLogger(Component.PATCHES); + +/** + * Mutate the Loki backend headless support to handle Istio protocol selection properly + * Temporary until fixed upstream in https://github.com/grafana/loki/pull/14507 + */ +When(a.Service) + .IsCreatedOrUpdated() + .InNamespace("loki") + .WithName("loki-backend-headless") + .Mutate(async svc => { + if (svc.Raw.spec === undefined || svc.Raw.spec.ports === undefined) { + return; + } + + log.debug("Patching loki-backend-headless service to add appProtocol"); + + const ports = svc.Raw.spec.ports; + + const grpcPort = ports.find(p => p.name === "grpc"); + + // If found, set appProtocol to "tcp" + if (grpcPort) { + grpcPort.appProtocol = "tcp"; + } + }); diff --git a/src/pepr/patches/loki.ts b/src/pepr/patches/loki.ts deleted file mode 100644 index 15beb9e41..000000000 --- a/src/pepr/patches/loki.ts +++ /dev/null @@ -1,32 +0,0 @@ -/** - * Copyright 2024 Defense Unicorns - * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial - */ - -import { a } from "pepr"; -import { patches } from "."; - -const { When } = patches; - -/** - * Mutate the Loki backend headless support to handle Istio protocol selection properly - * Temporary until fixed upstream in https://github.com/grafana/loki/pull/14507 - */ -When(a.Service) - .IsCreatedOrUpdated() - .InNamespace("loki") - .WithName("loki-backend-headless") - .Mutate(async svc => { - if (svc.Raw.spec === undefined || svc.Raw.spec.ports === undefined) { - return; - } - - const ports = svc.Raw.spec.ports; - - const grpcPort = ports.find(p => p.name === "grpc"); - - // If found, set appProtocol to "tcp" - if (grpcPort) { - grpcPort.appProtocol = "tcp"; - } - }); From dc791fc871e5e0193981736b3fe3694bfe30e8fa Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 17 Oct 2024 11:34:02 -0600 Subject: [PATCH 23/27] chore: update playwright version --- src/grafana/tasks.yaml | 2 +- tasks/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/grafana/tasks.yaml b/src/grafana/tasks.yaml index 9ed8a2b95..a650002c3 100644 --- a/src/grafana/tasks.yaml +++ b/src/grafana/tasks.yaml @@ -40,7 +40,7 @@ tasks: - description: E2E Test for Grafana, optionally set FULL_CORE=true to test integrations with Loki cmd: | # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker - docker run --rm --ipc=host -e FULL_CORE="${FULL_CORE}" --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.47.2-noble sh -c " \ + docker run --rm --ipc=host -e FULL_CORE="${FULL_CORE}" --net=host --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.48.1-noble sh -c " \ cd app && \ npm ci && \ npx playwright test grafana.test.ts \ diff --git a/tasks/test.yaml b/tasks/test.yaml index 7b6ffe191..dd1e77b0f 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -65,7 +65,7 @@ tasks: dir: e2e/playwright cmd: | # renovate: datasource=docker depName=mcr.microsoft.com/playwright versioning=docker - docker run --rm --ipc=host --net=host -e FULL_CORE="true" --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.47.2-noble sh -c " \ + docker run --rm --ipc=host --net=host -e FULL_CORE="true" --mount type=bind,source="$(pwd)",target=/app mcr.microsoft.com/playwright:v1.48.1-noble sh -c " \ cd app && \ npm ci && \ npx playwright test \ From df1b254e8e34a5a4634f4f9406cf06aae0cdf000 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 17 Oct 2024 11:54:36 -0600 Subject: [PATCH 24/27] chore: update playwright version --- e2e/playwright/package-lock.json | 25 ++++++++++++------------- e2e/playwright/package.json | 2 +- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/e2e/playwright/package-lock.json b/e2e/playwright/package-lock.json index 280265eee..d85661f43 100644 --- a/e2e/playwright/package-lock.json +++ b/e2e/playwright/package-lock.json @@ -5,20 +5,19 @@ "packages": { "": { "name": "test", - "license": "Apache-2.0", "devDependencies": { - "@playwright/test": "^1.47.2", + "@playwright/test": "^1.48.1", "@types/node": "^22.7.4", "typescript": "^5.6.2" } }, "node_modules/@playwright/test": { - "version": "1.47.2", - "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.47.2.tgz", - "integrity": "sha512-jTXRsoSPONAs8Za9QEQdyjFn+0ZQFjCiIztAIF6bi1HqhBzG9Ma7g1WotyiGqFSBRZjIEqMdT8RUlbk1QVhzCQ==", + "version": "1.48.1", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.48.1.tgz", + "integrity": "sha512-s9RtWoxkOLmRJdw3oFvhFbs9OJS0BzrLUc8Hf6l2UdCNd1rqeEyD4BhCJkvzeEoD1FsK4mirsWwGerhVmYKtZg==", "dev": true, "dependencies": { - "playwright": "1.47.2" + "playwright": "1.48.1" }, "bin": { "playwright": "cli.js" @@ -51,12 +50,12 @@ } }, "node_modules/playwright": { - "version": "1.47.2", - "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.47.2.tgz", - "integrity": "sha512-nx1cLMmQWqmA3UsnjaaokyoUpdVaaDhJhMoxX2qj3McpjnsqFHs516QAKYhqHAgOP+oCFTEOCOAaD1RgD/RQfA==", + "version": "1.48.1", + "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.48.1.tgz", + "integrity": "sha512-j8CiHW/V6HxmbntOfyB4+T/uk08tBy6ph0MpBXwuoofkSnLmlfdYNNkFTYD6ofzzlSqLA1fwH4vwvVFvJgLN0w==", "dev": true, "dependencies": { - "playwright-core": "1.47.2" + "playwright-core": "1.48.1" }, "bin": { "playwright": "cli.js" @@ -69,9 +68,9 @@ } }, "node_modules/playwright-core": { - "version": "1.47.2", - "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.47.2.tgz", - "integrity": "sha512-3JvMfF+9LJfe16l7AbSmU555PaTl2tPyQsVInqm3id16pdDfvZ8TTZ/pyzmkbDrZTQefyzU7AIHlZqQnxpqHVQ==", + "version": "1.48.1", + "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.48.1.tgz", + "integrity": "sha512-Yw/t4VAFX/bBr1OzwCuOMZkY1Cnb4z/doAFSwf4huqAGWmf9eMNjmK7NiOljCdLmxeRYcGPPmcDgU0zOlzP0YA==", "dev": true, "bin": { "playwright-core": "cli.js" diff --git a/e2e/playwright/package.json b/e2e/playwright/package.json index 8b4e61e68..f652235aa 100644 --- a/e2e/playwright/package.json +++ b/e2e/playwright/package.json @@ -1,7 +1,7 @@ { "name": "test", "devDependencies": { - "@playwright/test": "^1.47.2", + "@playwright/test": "^1.48.1", "@types/node": "^22.7.4", "typescript": "^5.6.2" } From e33fad5a7840e55dadff815e39ab2e5f20e3c0ac Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 17 Oct 2024 12:53:38 -0600 Subject: [PATCH 25/27] align es version, scale up backend --- bundles/k3d-standard/uds-bundle.yaml | 2 +- e2e/playwright/tsconfig.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml index f0e9c2bab..15c4a9d81 100644 --- a/bundles/k3d-standard/uds-bundle.yaml +++ b/bundles/k3d-standard/uds-bundle.yaml @@ -79,7 +79,7 @@ packages: - name: LOKI_BACKEND_REPLICAS path: backend.replicas description: "Loki backend replicas" - default: "1" + default: "2" istio-admin-gateway: uds-istio-config: variables: diff --git a/e2e/playwright/tsconfig.json b/e2e/playwright/tsconfig.json index 5a8d3341b..ffc74c778 100644 --- a/e2e/playwright/tsconfig.json +++ b/e2e/playwright/tsconfig.json @@ -1,6 +1,6 @@ { "compilerOptions": { - "target": "es2016", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */ + "target": "ES2022", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */ "module": "commonjs", /* Specify what module code is generated. */ "esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables 'allowSyntheticDefaultImports' for type compatibility. */ "forceConsistentCasingInFileNames": true, /* Ensure that casing is correct in imports. */ From 173d266630b58b200ed85216b3908f43529dffaf Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 17 Oct 2024 13:16:58 -0600 Subject: [PATCH 26/27] chore: tweaks --- bundles/k3d-standard/uds-bundle.yaml | 2 +- .../templates/peerauthentication/loki-simple-scalable.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml index 15c4a9d81..33b987de7 100644 --- a/bundles/k3d-standard/uds-bundle.yaml +++ b/bundles/k3d-standard/uds-bundle.yaml @@ -79,7 +79,7 @@ packages: - name: LOKI_BACKEND_REPLICAS path: backend.replicas description: "Loki backend replicas" - default: "2" + default: "3" istio-admin-gateway: uds-istio-config: variables: diff --git a/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml b/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml index 12ac3e56b..342067420 100644 --- a/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml +++ b/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml @@ -17,4 +17,7 @@ spec: # GRPC exception to support Loki internal communication "9095": mode: PERMISSIVE + # Exception to support Loki memberlist traffic + "7946": + mode: PERMISSIVE {{- end }} From 61f27cb0405588efe8c7a7c5a54287824dd66bc8 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Thu, 17 Oct 2024 14:17:35 -0600 Subject: [PATCH 27/27] chore: change --- bundles/k3d-standard/uds-bundle.yaml | 2 +- .../templates/peerauthentication/loki-simple-scalable.yaml | 3 --- src/loki/values/values.yaml | 5 ----- 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml index 33b987de7..f0e9c2bab 100644 --- a/bundles/k3d-standard/uds-bundle.yaml +++ b/bundles/k3d-standard/uds-bundle.yaml @@ -79,7 +79,7 @@ packages: - name: LOKI_BACKEND_REPLICAS path: backend.replicas description: "Loki backend replicas" - default: "3" + default: "1" istio-admin-gateway: uds-istio-config: variables: diff --git a/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml b/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml index 342067420..12ac3e56b 100644 --- a/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml +++ b/src/loki/chart/templates/peerauthentication/loki-simple-scalable.yaml @@ -17,7 +17,4 @@ spec: # GRPC exception to support Loki internal communication "9095": mode: PERMISSIVE - # Exception to support Loki memberlist traffic - "7946": - mode: PERMISSIVE {{- end }} diff --git a/src/loki/values/values.yaml b/src/loki/values/values.yaml index 3e20edea3..0c9827d51 100644 --- a/src/loki/values/values.yaml +++ b/src/loki/values/values.yaml @@ -12,11 +12,6 @@ fullnameOverride: loki # -- Overrides the chart's cluster label clusterLabelOverride: null -# Prevent startup issues with service existence/resolution -memberlist: - service: - publishNotReadyAddresses: true - chunksCache: enabled: false