From 9497fd6c649f955206e1ae585abd28e8f53c5d9e Mon Sep 17 00:00:00 2001 From: Martin Matyas Date: Wed, 26 Jun 2024 14:18:20 +0200 Subject: [PATCH] remove duplicate test "volume_hostpath_not_found" (#2028) Ref: #2027 Signed-off-by: Martin Matyas --- .github/workflows/actions.yml | 4 ++-- docs/TEST_DOCUMENTATION.md | 24 +---------------------- embedded_files/points.yml | 4 ---- spec/utils/cnf_manager_spec.cr | 2 +- spec/workload/state_spec.cr | 24 ----------------------- src/tasks/workload/state.cr | 36 +--------------------------------- 6 files changed, 5 insertions(+), 89 deletions(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 15ee8c6a3..9221c3658 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -393,7 +393,7 @@ jobs: ./cnf-testsuite setup wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/main/example-cnfs/coredns/cnf-testsuite.yml ./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml - LOG_LEVEL=info ./cnf-testsuite all ~compatibility ~resilience ~reasonable_startup_time ~reasonable_image_size ~platform ~volume_hostpath_not_found ~privileged ~increase_capacity ~decrease_capacity ~install_script_helm ~helm_chart_valid ~helm_chart_published verbose + LOG_LEVEL=info ./cnf-testsuite all ~compatibility ~resilience ~reasonable_startup_time ~reasonable_image_size ~platform ~privileged ~increase_capacity ~decrease_capacity ~install_script_helm ~helm_chart_valid ~helm_chart_published verbose - name: Delete Cluster if: ${{ always() }} run: | @@ -468,7 +468,7 @@ jobs: ./cnf-testsuite setup wget -O cnf-testsuite.yml https://raw.githubusercontent.com/cnti-testcatalog/testsuite/main/example-cnfs/coredns/cnf-testsuite.yml ./cnf-testsuite cnf_setup cnf-config=./cnf-testsuite.yml - LOG_LEVEL=info ./cnf-testsuite all ~resilience ~compatibility ~pod_network_latency ~platform ~volume_hostpath_not_found ~privileged ~increase_capacity ~decrease_capacity ~ip_addresses ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~install_script_helm ~helm_chart_valid ~helm_chart_published ~rollback ~secrets_used ~immutable_configmap verbose + LOG_LEVEL=info ./cnf-testsuite all ~resilience ~compatibility ~pod_network_latency ~platform ~privileged ~increase_capacity ~decrease_capacity ~ip_addresses ~liveness ~readiness ~rolling_update ~rolling_downgrade ~rolling_version_change ~nodeport_not_used ~hostport_not_used ~hardcoded_ip_addresses_in_k8s_runtime_configuration ~install_script_helm ~helm_chart_valid ~helm_chart_published ~rollback ~secrets_used ~immutable_configmap verbose - name: Delete Cluster if: ${{ always() }} run: | diff --git a/docs/TEST_DOCUMENTATION.md b/docs/TEST_DOCUMENTATION.md index e9e7ebbde..83730ca9f 100644 --- a/docs/TEST_DOCUMENTATION.md +++ b/docs/TEST_DOCUMENTATION.md @@ -12,7 +12,7 @@ * [**Category: State Tests**](#category-state-tests) - [[Node drain]](#node-drain) | [[Volume hostpath not found]](#volume-hostpath-not-found) | [[No local volume configuration]](#no-local-volume-configuration) | [[Elastic volumes]](#elastic-volumes) | [[Database persistence]](#database-persistence) + [[Node drain]](#node-drain) | [[No local volume configuration]](#no-local-volume-configuration) | [[Elastic volumes]](#elastic-volumes) | [[Database persistence]](#database-persistence) * [**Category: Reliability, Resilience and Availability Tests**](#category-reliability-resilience--availability-tests) @@ -490,28 +490,6 @@ Ensure that your CNF can be successfully rescheduled when a node fails or is [dr ---------- -### Volume hostpath not found - -#### Overview - -This tests if volume host paths are configured and used by the CNF. -Expectation: Volume host path configurations should not be used. - -#### Rationale - -When a cnf uses a volume host path or local storage it makes the application tightly coupled -to the node that it is on. - -#### Remediation - -Ensure that none of the containers in your CNFs are using ["hostPath"] to mount volumes. - -#### Usage - -`./cnf-testsuite volume_hostpath_not_found` - ----------- - ### No local volume configuration #### Overview diff --git a/embedded_files/points.yml b/embedded_files/points.yml index fed65b321..11294b238 100644 --- a/embedded_files/points.yml +++ b/embedded_files/points.yml @@ -197,10 +197,6 @@ # - name: chaos_container_kill # tags: resilience, dynamic, workload -- name: volume_hostpath_not_found - emoji: "💾" - tags: [state, dynamic, workload, essential, cert] - pass: 100 - name: no_local_volume_configuration emoji: "💾" tags: [state, dynamic, workload, cert, bonus] diff --git a/spec/utils/cnf_manager_spec.cr b/spec/utils/cnf_manager_spec.cr index 4a56d3d15..62287e842 100644 --- a/spec/utils/cnf_manager_spec.cr +++ b/spec/utils/cnf_manager_spec.cr @@ -128,7 +128,7 @@ describe "SampleUtils" do it "'CNFManager::Points.all_task_test_names' should return all tasks names", tags: ["points"] do CNFManager::Points.clean_results_yml - tags = ["alpha_k8s_apis", "application_credentials", "cni_compatible", "container_sock_mounts", "database_persistence", "default_namespace", "disk_fill", "elastic_volumes", "external_ips", "hardcoded_ip_addresses_in_k8s_runtime_configuration", "helm_chart_published", "helm_chart_valid", "helm_deploy", "host_network", "host_pid_ipc_privileges", "hostpath_mounts", "hostport_not_used", "immutable_configmap", "immutable_file_systems", "increase_decrease_capacity", "ingress_egress_blocked", "insecure_capabilities", "ip_addresses", "latest_tag", "linux_hardening", "liveness", "log_output", "no_local_volume_configuration", "node_drain", "nodeport_not_used", "non_root_containers", "open_metrics", "operator_installed", "oran_e2_connection", "pod_delete", "pod_dns_error", "pod_io_stress", "pod_memory_hog", "pod_network_corruption", "pod_network_duplication", "pod_network_latency", "privilege_escalation", "privileged", "privileged_containers", "prometheus_traffic", "readiness", "reasonable_image_size", "reasonable_startup_time", "require_labels", "cpu_limits", "memory_limits", "rollback", "rolling_downgrade", "rolling_update", "rolling_version_change", "routed_logs", "secrets_used", "selinux_options", "service_account_mapping", "service_discovery", "shared_database", "sig_term_handled", "single_process_type", "smf_upf_heartbeat", "specialized_init_system", "suci_enabled", "symlink_file_system", "sysctls", "tracing", "versioned_tag", "volume_hostpath_not_found", "zombie_handled"] + tags = ["alpha_k8s_apis", "application_credentials", "cni_compatible", "container_sock_mounts", "database_persistence", "default_namespace", "disk_fill", "elastic_volumes", "external_ips", "hardcoded_ip_addresses_in_k8s_runtime_configuration", "helm_chart_published", "helm_chart_valid", "helm_deploy", "host_network", "host_pid_ipc_privileges", "hostpath_mounts", "hostport_not_used", "immutable_configmap", "immutable_file_systems", "increase_decrease_capacity", "ingress_egress_blocked", "insecure_capabilities", "ip_addresses", "latest_tag", "linux_hardening", "liveness", "log_output", "no_local_volume_configuration", "node_drain", "nodeport_not_used", "non_root_containers", "open_metrics", "operator_installed", "oran_e2_connection", "pod_delete", "pod_dns_error", "pod_io_stress", "pod_memory_hog", "pod_network_corruption", "pod_network_duplication", "pod_network_latency", "privilege_escalation", "privileged", "privileged_containers", "prometheus_traffic", "readiness", "reasonable_image_size", "reasonable_startup_time", "require_labels", "cpu_limits", "memory_limits", "rollback", "rolling_downgrade", "rolling_update", "rolling_version_change", "routed_logs", "secrets_used", "selinux_options", "service_account_mapping", "service_discovery", "shared_database", "sig_term_handled", "single_process_type", "smf_upf_heartbeat", "specialized_init_system", "suci_enabled", "symlink_file_system", "sysctls", "tracing", "versioned_tag", "zombie_handled"] (CNFManager::Points.all_task_test_names()).sort.should eq(tags.sort) end diff --git a/spec/workload/state_spec.cr b/spec/workload/state_spec.cr index 055b925f0..274664d83 100644 --- a/spec/workload/state_spec.cr +++ b/spec/workload/state_spec.cr @@ -65,30 +65,6 @@ describe "State" do end end - it "'volume_hostpath_not_found' should pass if the cnf doesn't have a hostPath volume", tags: ["volume_hostpath_not_found"] do - begin - result = ShellCmd.run_testsuite("cnf_setup cnf-config=sample-cnfs/sample-coredns-cnf/cnf-testsuite.yml") - result[:status].success?.should be_true - result = ShellCmd.run_testsuite("volume_hostpath_not_found verbose") - (/(PASSED).*(hostPath volumes not found)/ =~ result[:output]).should_not be_nil - ensure - result = ShellCmd.run_testsuite("cnf_cleanup cnf-config=sample-cnfs/sample-coredns-cnf/cnf-testsuite.yml") - result[:status].success?.should be_true - end - end - - it "'volume_hostpath_not_found' should fail if the cnf has a hostPath volume", tags: ["volume_hostpath_not_found"] do - begin - result = ShellCmd.run_testsuite("cnf_setup cnf-config=sample-cnfs/sample-fragile-state/cnf-testsuite.yml deploy_with_chart=false") - result[:status].success?.should be_true - result = ShellCmd.run_testsuite("volume_hostpath_not_found verbose") - (/(FAILED).*(hostPath volumes found)/ =~ result[:output]).should_not be_nil - ensure - result = ShellCmd.run_testsuite("cnf_cleanup cnf-config=sample-cnfs/sample-fragile-state/cnf-testsuite.yml deploy_with_chart=false") - result[:status].success?.should be_true - end - end - it "'no_local_volume_configuration' should fail if local storage configuration found", tags: ["no_local_volume_configuration"] do begin # update the helm parameter with a schedulable node for the pv chart diff --git a/src/tasks/workload/state.cr b/src/tasks/workload/state.cr index 95585cc58..c6b7fce1a 100644 --- a/src/tasks/workload/state.cr +++ b/src/tasks/workload/state.cr @@ -7,7 +7,7 @@ require "../utils/utils.cr" require "kubectl_client" desc "The CNF test suite checks if state is stored in a custom resource definition or a separate database (e.g. etcd) rather than requiring local storage. It also checks to see if state is resilient to node failure" -task "state", ["volume_hostpath_not_found", "no_local_volume_configuration", "elastic_volumes", "database_persistence", "node_drain"] do |_, args| +task "state", ["no_local_volume_configuration", "elastic_volumes", "database_persistence", "node_drain"] do |_, args| stdout_score("state") case "#{ARGV.join(" ")}" when /state/ @@ -471,40 +471,6 @@ task "database_persistence" do |t, args| # TODO Match and check if the provisioning driver used is of an elastic volume type. end -desc "Does the CNF use a non-cloud native data store: hostPath volume" -task "volume_hostpath_not_found" do |t, args| - CNFManager::Task.task_runner(args, task: t) do |args, config| - destination_cnf_dir = config.cnf_config[:destination_cnf_dir] - task_response = CNFManager.cnf_workload_resources(args, config) do | resource| - hostPath_found = nil - begin - # TODO check to see if volume is actually mounted. Check to see if mount (without volume) has host path as well - volumes = resource.dig?("spec", "template", "spec", "volumes") - if volumes - hostPath_not_found = volumes.as_a.none? do |volume| - if volume.as_h["hostPath"]? - true - end - end - else - hostPath_not_found = true - end - rescue ex - VERBOSE_LOGGING.error ex.message if check_verbose(args) - puts "Rescued: On resource #{resource["metadata"]["name"]?} of kind #{resource["kind"]}, volumes not found.".colorize(:yellow) - hostPath_not_found = true - end - hostPath_not_found - end - - if task_response.any?(false) - CNFManager::TestcaseResult.new(CNFManager::ResultStatus::Failed, "hostPath volumes found (ভ_ভ) ރ") - else - CNFManager::TestcaseResult.new(CNFManager::ResultStatus::Passed, "hostPath volumes not found 🖥️") - end - end -end - desc "Does the CNF use a non-cloud native data store: local volumes on the node?" task "no_local_volume_configuration" do |t, args| CNFManager::Task.task_runner(args, task: t) do |args, config|