diff --git a/.github/workflows/integration-tests-pr.yml b/.github/workflows/integration-tests-pr.yml index c1af6b99..cf5e4c45 100644 --- a/.github/workflows/integration-tests-pr.yml +++ b/.github/workflows/integration-tests-pr.yml @@ -77,7 +77,7 @@ jobs: - name: Apply Calico Rules to LKE if: always() run: | - cd scripts && ./lke_calico_rules_e2e.sh + cd e2e_scripts/cloud_security_scripts/lke_calico_rules/ && ./lke_calico_rules_e2e.sh env: LINODE_TOKEN: ${{ secrets.DX_LINODE_TOKEN }} diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 53128363..564f143d 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -61,7 +61,7 @@ jobs: - name: Apply Calico Rules to LKE if: always() run: | - cd scripts && ./lke_calico_rules_e2e.sh + cd e2e_scripts/cloud_security_scripts/lke_calico_rules/ && ./lke_calico_rules_e2e.sh env: LINODE_TOKEN: ${{ secrets.DX_LINODE_TOKEN }} @@ -109,12 +109,12 @@ jobs: - name: Merge all test xmls in output directory run: | ls -R tests/output/junit - python tod_scripts/merge_ansible_results.py + python e2e_scripts/tod_scripts/xml_to_obj_storage/ansible_tests/merge_ansible_results.py - name: Add additional information to XML report run: | filename=$(ls | grep -E '^[0-9]{12}_ansible_merged\.xml$') - python tod_scripts/add_to_xml_test_report.py \ + python e2e_scripts/tod_scripts/xml_to_obj_storage/scripts/add_gha_info_to_xml.py \ --branch_name "${GITHUB_REF#refs/*/}" \ --gha_run_id "$GITHUB_RUN_ID" \ --gha_run_number "$GITHUB_RUN_NUMBER" \ @@ -123,7 +123,7 @@ jobs: - name: Upload test results to the bucket run: | filename=$(ls | grep -E '^[0-9]{12}_ansible_merged\.xml$') - python3 tod_scripts/test_report_upload_script.py "${filename}" + python3 e2e_scripts/tod_scripts/xml_to_obj_storage/scripts/xml_to_obj.py "${filename}" env: LINODE_CLI_OBJ_ACCESS_KEY: ${{ secrets.LINODE_CLI_OBJ_ACCESS_KEY }} LINODE_CLI_OBJ_SECRET_KEY: ${{ secrets.LINODE_CLI_OBJ_SECRET_KEY }} diff --git a/.gitmodules b/.gitmodules index df7dc11d..1a19a1c1 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ -[submodule "tod_scripts"] - path = tod_scripts - url = https://github.com/linode/TOD-test-report-uploader.git +[submodule "e2e_scripts"] + path = e2e_scripts + url = https://github.com/linode/dx-e2e-test-scripts diff --git a/Makefile b/Makefile index bbdd6870..35153616 100644 --- a/Makefile +++ b/Makefile @@ -66,7 +66,7 @@ integration-test: create-integration-config create-e2e-firewall create-e2e-firewall: @echo "Running create e2e firewall playbook..." - @if ansible-playbook scripts/create_e2e_cloud_firewall.yaml > /dev/null; then \ + @if e2e_scripts/cloud_security_scripts/cloud_e2e_firewall/ansible_linode/create_e2e_cloud_firewall.yaml > /dev/null; then \ echo "Successfully created e2e firewall"; \ else \ echo "Failed to create e2e firewall"; \ @@ -74,7 +74,7 @@ create-e2e-firewall: delete-e2e-firewall: @echo "Running delete e2e firewall playbook..." - @if ansible-playbook scripts/delete_e2e_cloud_firewall.yaml > /dev/null; then \ + @if e2e_scripts/cloud_security_scripts/cloud_e2e_firewall/ansible_linode/delete_e2e_cloud_firewall.yaml > /dev/null; then \ echo "Successfully deleted e2e firewall"; \ else \ echo "Failed to delete e2e firewall"; \ diff --git a/e2e_scripts b/e2e_scripts new file mode 160000 index 00000000..9240a167 --- /dev/null +++ b/e2e_scripts @@ -0,0 +1 @@ +Subproject commit 9240a16787de5ca7cbcebdd2eab5d597e8ba01c1 diff --git a/scripts/create_e2e_cloud_firewall.yaml b/scripts/create_e2e_cloud_firewall.yaml deleted file mode 100644 index 3963a5ac..00000000 --- a/scripts/create_e2e_cloud_firewall.yaml +++ /dev/null @@ -1,66 +0,0 @@ -- name: Create Linode E2E Cloud Firewall - hosts: localhost - gather_facts: yes - - vars: - linode_api_token: "{{ lookup('env', 'LINODE_TOKEN') | default(lookup('env', 'LINODE_API_TOKEN')) }}" - firewall_label: "e2e-firewall-{{ lookup('password', '/dev/null length=6 chars=ascii_letters') }}" - - tasks: - - name: Get public IP address of local machine - uri: - url: "https://api.ipify.org?format=json" - return_content: yes - register: public_ip - - - name: Set public IP address fact - set_fact: - public_ipv4: "{{ public_ip.json.ip }}" - - - name: Validate public IPv4 address - block: - - name: Create Linode firewall with inbound rule - linode.cloud.firewall: - label: "{{ firewall_label }}" - rules: - inbound_policy: "DROP" - outbound_policy: "ACCEPT" - inbound: - - label: ssh-accept-inbound-rule - addresses: - ipv4: [ "{{ public_ipv4 }}/32" ] - description: 'ACCEPT SSH from test machine' - ports: '22' - protocol: TCP - action: ACCEPT - outbound: [] - state: present - register: create - - name: Display Firewall Info - debug: - var: create - rescue: - - name: Create Linode firewall without inbound rule - linode.cloud.firewall: - label: "{{ firewall_label }}" - rules: - inbound_policy: "DROP" - outbound_policy: "ACCEPT" - inbound: [] - outbound: [] - state: present - register: create_without_inbound - - name: Display Firewall Info (without inbound rule) - debug: - var: create - - - name: Return Firewall ID - set_fact: - firewall_id: "{{ create.firewall.id }}" - when: create is defined - - - name: Write firewall ID to configuration file - lineinfile: - path: "../tests/integration/integration_config.yml" - line: "firewall_id: {{ firewall_id }}" - insertafter: EOF \ No newline at end of file diff --git a/scripts/delete_e2e_cloud_firewall.yaml b/scripts/delete_e2e_cloud_firewall.yaml deleted file mode 100644 index ef910d23..00000000 --- a/scripts/delete_e2e_cloud_firewall.yaml +++ /dev/null @@ -1,36 +0,0 @@ -- name: Delete Linode E2E Cloud Firewall - hosts: localhost - gather_facts: yes - - vars: - linode_api_token: "{{ lookup('env', 'LINODE_TOKEN') | default(lookup('env', 'LINODE_API_TOKEN')) }}" - - tasks: - - name: Read firewall ID from configuration file - slurp: - src: "../tests/integration/integration_config.yml" - register: config_file - - - name: Set firewall_id fact from configuration file - set_fact: - firewall_id: "{{ (config_file.content | b64decode).splitlines() | select('match', '^firewall_id: ') | first | regex_replace('^firewall_id: ', '') }}" - - - name: Ensure firewall_id is set - fail: - msg: "firewall_id not found in configuration file." - when: firewall_id is not defined or firewall_id == "" - - - name: Find the firewall by ID - linode.cloud.firewall_info: - id: "{{ firewall_id }}" - register: firewall_info - - - name: Delete the firewall - linode.cloud.firewall: - label: "{{ firewall_info.firewall.label }}" - state: absent - register: delete_firewall - - - name: Display Deletion Info - debug: - var: delete_firewall diff --git a/scripts/lke-policy.yaml b/scripts/lke-policy.yaml deleted file mode 100644 index 9859ca8b..00000000 --- a/scripts/lke-policy.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: projectcalico.org/v3 -kind: GlobalNetworkPolicy -metadata: - name: lke-rules -spec: - preDNAT: true - applyOnForward: true - order: 100 - # Remember to run calicoctl patch command for this to work - selector: "" - ingress: - # Allow ICMP - - action: Allow - protocol: ICMP - - action: Allow - protocol: ICMPv6 - - # Allow LKE-required ports - - action: Allow - protocol: TCP - destination: - nets: - - 192.168.128.0/17 - - 10.0.0.0/8 - ports: - - 10250 - - 10256 - - 179 - - action: Allow - protocol: UDP - destination: - nets: - - 192.168.128.0/17 - - 10.2.0.0/16 - ports: - - 51820 - - # Allow NodeBalancer ingress to the Node Ports & Allow DNS - - action: Allow - protocol: TCP - source: - nets: - - 192.168.255.0/24 - - 10.0.0.0/8 - destination: - ports: - - 53 - - 30000:32767 - - action: Allow - protocol: UDP - source: - nets: - - 192.168.255.0/24 - - 10.0.0.0/8 - destination: - ports: - - 53 - - 30000:32767 - - # Allow cluster internal communication - - action: Allow - destination: - nets: - - 10.0.0.0/8 - - action: Allow - source: - nets: - - 10.0.0.0/8 - - # 127.0.0.1/32 is needed for kubectl exec and node-shell - - action: Allow - destination: - nets: - - 127.0.0.1/32 - - # Block everything else - - action: Deny - - action: Log diff --git a/scripts/lke_calico_rules_e2e.sh b/scripts/lke_calico_rules_e2e.sh deleted file mode 100755 index 48ad5cae..00000000 --- a/scripts/lke_calico_rules_e2e.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash - -RETRIES=3 -DELAY=30 - -# Function to retry a command with exponential backoff -retry_command() { - local retries=$1 - local wait_time=60 - shift - until "$@"; do - if ((retries == 0)); then - echo "Command failed after multiple retries. Exiting." - exit 1 - fi - echo "Command failed. Retrying in $wait_time seconds..." - sleep $wait_time - ((retries--)) - wait_time=$((wait_time * 2)) - done -} - -# Fetch the list of LKE cluster IDs -CLUSTER_IDS=$(curl -s -H "Authorization: Bearer $LINODE_TOKEN" \ - -H "Content-Type: application/json" \ - "https://api.linode.com/v4/lke/clusters" | jq -r '.data[].id') - -# Check if CLUSTER_IDS is empty -if [ -z "$CLUSTER_IDS" ]; then - echo "All clusters have been cleaned and properly destroyed. No need to apply inbound or outbound rules" - exit 0 -fi - -for ID in $CLUSTER_IDS; do - echo "Applying Calico rules to nodes in Cluster ID: $ID" - - # Download cluster configuration file with retry - for ((i=1; i<=RETRIES; i++)); do - config_response=$(curl -sH "Authorization: Bearer $LINODE_TOKEN" "https://api.linode.com/v4/lke/clusters/$ID/kubeconfig") - if [[ $config_response != *"kubeconfig is not yet available"* ]]; then - echo $config_response | jq -r '.[] | @base64d' > "/tmp/${ID}_config.yaml" - break - fi - echo "Attempt $i to download kubeconfig for cluster $ID failed. Retrying in $DELAY seconds..." - sleep $DELAY - done - - if [[ $config_response == *"kubeconfig is not yet available"* ]]; then - echo "kubeconfig for cluster id:$ID not available after $RETRIES attempts, mostly likely it is an empty cluster. Skipping..." - else - # Export downloaded config file - export KUBECONFIG="/tmp/${ID}_config.yaml" - - retry_command $RETRIES kubectl get nodes - - retry_command $RETRIES calicoctl patch kubecontrollersconfiguration default --allow-version-mismatch --patch='{"spec": {"controllers": {"node": {"hostEndpoint": {"autoCreate": "Enabled"}}}}}' - - retry_command $RETRIES calicoctl apply --allow-version-mismatch -f "$(pwd)/lke-policy.yaml" - fi -done diff --git a/scripts/test_all.sh b/scripts/test_all.sh index ccb19a59..4dcfd828 100755 --- a/scripts/test_all.sh +++ b/scripts/test_all.sh @@ -7,19 +7,34 @@ run_test() { } cleanup() { - make delete-e2e-firewall + if [[ -z "$CLEANUP_DONE" ]]; then + make delete-e2e-firewall + CLEANUP_DONE=1 + fi } # Set trap to ensure cleanup is run on script exit trap cleanup EXIT -make create-integration-config -make create-e2e-firewall +# Create integration_yaml +if ! make create-integration-config; then + echo "Failed to create integration config..." + exit 1 +fi + +if ! make create-e2e-firewall; then + echo "Failed to create e2e firewall..." + exit 1 +fi export -f run_test -parallel -j $PARALLEL_JOBS --group --keep-order run_test ::: $(ls tests/integration/targets) -TEST_EXIT_CODE=$? +# Run tests in parallel +if ! parallel -j $PARALLEL_JOBS --group --keep-order run_test ::: $(ls tests/integration/targets); then + TEST_EXIT_CODE=$? +else + TEST_EXIT_CODE=0 +fi cleanup diff --git a/tod_scripts b/tod_scripts deleted file mode 160000 index e8c8e15c..00000000 --- a/tod_scripts +++ /dev/null @@ -1 +0,0 @@ -Subproject commit e8c8e15ce833a169837f8d1513bd2185af2c645b