From 00242e4df9f80e4260c754493714cf0f744e166e Mon Sep 17 00:00:00 2001 From: Joe Stringer Date: Mon, 13 Apr 2020 16:00:10 -0700 Subject: [PATCH 1/3] cilium: Add verbose flag to policy validate Add a flag to "cilium policy validate ..." which allows making the output less verbose, so that the upcoming test output is less noisy. Signed-off-by: Joe Stringer --- Documentation/cmdref/cilium_policy_validate.md | 5 +++-- cilium/cmd/policy_validate.go | 14 +++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/Documentation/cmdref/cilium_policy_validate.md b/Documentation/cmdref/cilium_policy_validate.md index a81f8240da51..f535052c4f68 100644 --- a/Documentation/cmdref/cilium_policy_validate.md +++ b/Documentation/cmdref/cilium_policy_validate.md @@ -15,8 +15,9 @@ cilium policy validate [flags] ### Options ``` - -h, --help help for validate - --print Print policy after validation + -h, --help help for validate + --print Print policy after validation + -v, --verbose Enable verbose output (default true) ``` ### Options inherited from parent commands diff --git a/cilium/cmd/policy_validate.go b/cilium/cmd/policy_validate.go index cbfeb7fa54ac..81f20a3519a1 100644 --- a/cilium/cmd/policy_validate.go +++ b/cilium/cmd/policy_validate.go @@ -21,6 +21,8 @@ import ( "github.com/spf13/cobra" ) +var policyVerbose bool + // policyValidateCmd represents the policy_validate command var policyValidateCmd = &cobra.Command{ Use: "validate ", @@ -29,19 +31,21 @@ var policyValidateCmd = &cobra.Command{ Run: func(cmd *cobra.Command, args []string) { path := args[0] if ruleList, err := loadPolicy(path); err != nil { - Fatalf("Validation of policy has failed: %s\n", err) + Fatalf("Validation of policy %s has failed: %s\n", path, err) } else { for _, r := range ruleList { if err := r.Sanitize(); err != nil { - Fatalf("Validation of policy has failed: %s\n", err) + Fatalf("Validation of policy %s has failed: %s\n", path, err) } } - fmt.Printf("All policy elements are valid.\n") + if policyVerbose { + fmt.Printf("All policy elements in %s are valid.\n", path) + } if printPolicy { jsonPolicy, err := json.MarshalIndent(ruleList, "", " ") if err != nil { - Fatalf("Cannot marshal policy: %s\n", err) + Fatalf("Cannot marshal policy %s: %s\n", path, err) } fmt.Printf("%s", string(jsonPolicy)) } @@ -52,5 +56,5 @@ var policyValidateCmd = &cobra.Command{ func init() { policyCmd.AddCommand(policyValidateCmd) policyValidateCmd.Flags().BoolVarP(&printPolicy, "print", "", false, "Print policy after validation") - + policyValidateCmd.Flags().BoolVarP(&policyVerbose, "verbose", "v", true, "Enable verbose output") } From 9a18283485eb71fa1462e97efc281789ff1cb4a3 Mon Sep 17 00:00:00 2001 From: Joe Stringer Date: Mon, 13 Apr 2020 16:05:02 -0700 Subject: [PATCH 2/3] docs: Add dependencies to builder target This allows make to determine when to run this target depending on the files that change. Signed-off-by: Joe Stringer --- Documentation/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/Makefile b/Documentation/Makefile index 9fa4864ff911..0b331366cf33 100644 --- a/Documentation/Makefile +++ b/Documentation/Makefile @@ -7,7 +7,7 @@ default: html clean: -$(QUIET)rm -rf _build -builder-image: +builder-image: Dockerfile requirements.txt $(QUIET)tar c requirements.txt Dockerfile \ | docker build --tag cilium/docs-builder - From 6e7b97cadbe1ec1c69cbd0c7bd51a5fda28a905e Mon Sep 17 00:00:00 2001 From: Joe Stringer Date: Mon, 13 Apr 2020 15:32:32 -0700 Subject: [PATCH 3/3] test: Move policy examples validation to container There's no need to run this minimal linting / cilium policy validation from the runtime VM; replace it with a simple docker run of a bash script from the docs-builder image. This will help to avoid out-of-sync issues between dependencies in the Cilium tree and the Cilium packer ci VMs used to run runtime tests. It should also speed up the jenkins runs slightly. Examples failures are easier to debug, too: JSON: $ make -C Documentation check ... CHECK Documentation examples Error: Validation of policy /src/examples/policies/l3/simple/l3.json has failed: malformed policy, not JSON? make: *** [Makefile:29: check] Error 1 YAML: $ make -C Documentation check ... /src/examples/crds/ciliumendpoints.yaml 56:1 error too many blank lines (1 > 0) (empty-lines) make: *** [Makefile:29: check] Error 1 Signed-off-by: Joe Stringer --- Documentation/Makefile | 4 +- Documentation/check-examples.sh | 23 ++++++ Documentation/requirements.txt | 1 + {test => Documentation}/yaml.config | 0 Makefile | 2 +- test/runtime/examples.go | 123 ---------------------------- 6 files changed, 28 insertions(+), 125 deletions(-) create mode 100755 Documentation/check-examples.sh rename {test => Documentation}/yaml.config (100%) delete mode 100644 test/runtime/examples.go diff --git a/Documentation/Makefile b/Documentation/Makefile index 0b331366cf33..25f879de95cf 100644 --- a/Documentation/Makefile +++ b/Documentation/Makefile @@ -22,9 +22,11 @@ update-cmdref: builder-image -$(QUIET)rm -rf cmdref/cilium*.md $(QUIET)$(DOCKER_RUN) ./update-cmdref.sh -check-cmdref: builder-image update-cmdref +check: builder-image update-cmdref @$(ECHO_CHECK) cmdref $(QUIET)$(DOCKER_RUN) ./check-cmdref.sh + @$(ECHO_CHECK) examples + $(QUIET)$(DOCKER_RUN) ./check-examples.sh ifeq ($(V),0) SPHINX_OPTS += -q diff --git a/Documentation/check-examples.sh b/Documentation/check-examples.sh new file mode 100755 index 000000000000..ea5103250c7b --- /dev/null +++ b/Documentation/check-examples.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source_dir="$(cd "${script_dir}/.." && pwd)" +examples_dir="${source_dir}/examples" +cilium="${source_dir}/cilium/cilium" + +JSON_FILES=$(find ${examples_dir} \ + -wholename "*/policies/*.json" \ + -o -wholename "*/demo/*.json") +YAML_FILES=$(find ${examples_dir}/policies -name "*.yaml") + +for f in $JSON_FILES; do + ${cilium} policy validate --verbose=false "$f" +done + +for f in $YAML_FILES; do + yamllint -c "$script_dir/yaml.config" "$f" +done diff --git a/Documentation/requirements.txt b/Documentation/requirements.txt index 133c342dc214..1d051f83ee91 100644 --- a/Documentation/requirements.txt +++ b/Documentation/requirements.txt @@ -27,3 +27,4 @@ recommonmark==0.4.0 sphinxcontrib-spelling==4.2.0 sphinx-version-warning==1.1.2 semver==2.9.0 +yamllint==1.22.0 diff --git a/test/yaml.config b/Documentation/yaml.config similarity index 100% rename from test/yaml.config rename to Documentation/yaml.config diff --git a/Makefile b/Makefile index 37e8fe3a7c25..1652e36cd8f9 100644 --- a/Makefile +++ b/Makefile @@ -471,7 +471,7 @@ install-manpages: mandb postcheck: build - $(QUIET)$(MAKE) $(SUBMAKEOPTS) -C Documentation update-cmdref check-cmdref + $(QUIET)$(MAKE) $(SUBMAKEOPTS) -C Documentation update-cmdref check @$(ECHO_CHECK) contrib/scripts/lock-check.sh $(QUIET) contrib/scripts/lock-check.sh diff --git a/test/runtime/examples.go b/test/runtime/examples.go deleted file mode 100644 index a9b3fbb3966d..000000000000 --- a/test/runtime/examples.go +++ /dev/null @@ -1,123 +0,0 @@ -// Copyright 2018 Authors of Cilium -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package RuntimeTest - -import ( - "fmt" - "os" - "path/filepath" - "strings" - - . "github.com/cilium/cilium/test/ginkgo-ext" - "github.com/cilium/cilium/test/helpers" - - . "github.com/onsi/gomega" -) - -var _ = Describe("RuntimePolicyValidationTests", func() { - var vm *helpers.SSHMeta - - BeforeAll(func() { - vm = helpers.InitRuntimeHelper(helpers.Runtime, logger) - ExpectCiliumReady(vm) - }) - - JustAfterEach(func() { - vm.ValidateNoErrorsInLogs(CurrentGinkgoTestDescription().Duration) - }) - - AfterFailed(func() { - vm.ReportFailed() - }) - - AfterAll(func() { - vm.CloseSSHClient() - }) - - It("Validates Example Policies", func() { - By("Validating Demos") - - // Helper function which returns the path to all files in directory dir - // and all of dir's subdirectories with suffix extension. The file paths - // returned contain the path without the prefix dir. This allows for - // gathering of the list of files on the host and for the validation - // of the policy files to occur the VM, as the root directory of Cilium - // is different in each environment. - getFilesWithExtensionFromDir := func(dir, extension string) ([]string, error) { - fileNames := []string{} - - walkFunc := func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if strings.HasSuffix(info.Name(), extension) { - relativePath := strings.TrimPrefix(path, dir) - fileNames = append(fileNames, relativePath) - } - return nil - } - - err := filepath.Walk(dir, walkFunc) - if err != nil { - return nil, err - } - - filesWithExtension := []string{} - for _, file := range fileNames { - if strings.HasSuffix(file, extension) { - filesWithExtension = append(filesWithExtension, file) - } - } - return filesWithExtension, nil - } - - examplesDemoPath := "examples/demo" - examplesPoliciesPath := "examples/policies" - examplePathHost := filepath.Join("..", examplesDemoPath) - jsonFiles, err := getFilesWithExtensionFromDir(examplePathHost, "json") - Expect(err).Should(BeNil(), "Unable to get files at path %s: %s", examplePathHost, err) - - examplePathVM := filepath.Join(vm.BasePath(), "..", examplesDemoPath) - for _, file := range jsonFiles { - jsonPolicyPath := filepath.Join(examplePathVM, file) - vm.ExecCilium(fmt.Sprintf("policy validate %s", jsonPolicyPath)).ExpectSuccess("Unable to validate policy %s", jsonPolicyPath) - } - - By("Validating JSON Examples") - - jsonExamplesPathHost := filepath.Join("..", examplesPoliciesPath) - jsonFiles, err = getFilesWithExtensionFromDir(jsonExamplesPathHost, "json") - Expect(err).Should(BeNil(), "Unable to get files at path %s: %s", jsonExamplesPathHost, err) - - jsonExamplesPathVM := filepath.Join(vm.BasePath(), "..", examplesPoliciesPath) - for _, file := range jsonFiles { - jsonPolicyPath := filepath.Join(jsonExamplesPathVM, file) - vm.ExecCilium(fmt.Sprintf("policy validate %s", jsonPolicyPath)).ExpectSuccess("Unable to validate policy %s", jsonPolicyPath) - } - - By("Validating YAML Examples") - - yamlExamplesPathHost := filepath.Join("..", examplesPoliciesPath) - jsonFiles, err = getFilesWithExtensionFromDir(yamlExamplesPathHost, "yaml") - Expect(err).Should(BeNil(), "Unable to get files at path %s: %s", yamlExamplesPathHost, err) - - yamlExamplesPathVM := filepath.Join(vm.BasePath(), "..", examplesPoliciesPath) - for _, file := range jsonFiles { - yamlPolicyPath := filepath.Join(yamlExamplesPathVM, file) - res := vm.Exec(fmt.Sprintf("yamllint -c %s %s", filepath.Join(vm.BasePath(), "yaml.config"), yamlPolicyPath)) - res.ExpectSuccess("Unable to validate YAML %s", yamlPolicyPath) - } - }) -})