Calico test to be run from our CI (#209)

* Adding calico next to canal in validators

* First calico test

* Use the default availability zone for subnet creation

* Something is wrong with the AZ of us-west. Fixing the region.

* Addressing comments

.gitignore

@@ -1,3 +1,5 @@
 .cache/
+.pytest_cache/
+cleanup-vpc*
 __pycache__/
 logs/

integration-tests/test-calico/bootstrap-single-subnet-aws.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+set -eux
+
+VPC_CIDR=172.30.0.0/24
+SUBNET0_CIDR=172.30.0.0/24
+
+alias aws="aws --output text"
+
+# Pre-deploy: Create a single-subnet VPC
+VPC_ID=$(aws ec2 create-vpc --cidr $VPC_CIDR | cut -f 7)
+aws ec2 create-tags --resource $VPC_ID --tags Key=created-by,Value=test-calico
+SUBNET0_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $SUBNET0_CIDR --availability-zone us-east-1b | cut -f 9)
+aws ec2 create-tags --resource $SUBNET0_ID --tags Key=created-by,Value=test-calico
+aws ec2 modify-subnet-attribute --subnet-id $SUBNET0_ID --map-public-ip-on-launch
+GATEWAY_ID=$(aws ec2 create-internet-gateway | cut -f 2)
+aws ec2 create-tags --resource $GATEWAY_ID --tags Key=created-by,Value=test-calico
+aws ec2 attach-internet-gateway --vpc-id $VPC_ID --internet-gateway $GATEWAY_ID
+ROUTE_TABLE_ID=$(aws --output text ec2 describe-route-tables | grep $VPC_ID | cut -f 2)
+aws ec2 create-tags --resource $ROUTE_TABLE_ID --tags Key=created-by,Value=test-calico
+aws ec2 create-route --route-table-id $ROUTE_TABLE_ID --destination-cidr-block 0.0.0.0/0 --gateway-id $GATEWAY_ID
+aws ec2 modify-vpc-attribute --vpc-id=$VPC_ID --enable-dns-support
+aws ec2 modify-vpc-attribute --vpc-id=$VPC_ID --enable-dns-hostnames
+
+# For convenience, create a cleanup script for this VPC
+cat > cleanup-$VPC_ID.sh << EOF
+set -ux
+aws ec2 detach-internet-gateway --internet-gateway-id $GATEWAY_ID --vpc-id $VPC_ID
+aws ec2 delete-internet-gateway --internet-gateway-id $GATEWAY_ID
+aws ec2 delete-subnet --subnet-id $SUBNET0_ID
+aws ec2 delete-vpc --vpc-id $VPC_ID
+EOF
+chmod +x cleanup-$VPC_ID.sh
+cp cleanup-$VPC_ID.sh cleanup-vpc.sh
+
+# Bootstrap juju controller
+juju bootstrap aws/us-east-1 aws-test-vpc --config vpc-id=$VPC_ID --to subnet=$SUBNET0_CIDR --config test-mode=true
+juju model-defaults vpc-id=$VPC_ID test-mode=true

integration-tests/test-calico/test_calico.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+set -eux
+
+# This job expect awscli and juju to be configured
+
+CHARM_CHANNEL=${CHARM_CHANNEL:-"candidate"}
+
+function cleanup {
+  juju destroy-controller aws-test-vpc --destroy-all-models -y || true
+  ./cleanup-vpc.sh
+}
+trap cleanup EXIT
+
+./integration-tests/test-calico/bootstrap-single-subnet-aws.sh
+
+# Deploy kubernetes with calico
+juju deploy cs:~containers/kubernetes-calico --channel ${CHARM_CHANNEL}
+
+# Deploy e2e and an extra worker for it
+juju deploy cs:~containers/kubernetes-e2e --channel ${CHARM_CHANNEL}
+juju relate kubernetes-e2e easyrsa
+juju relate kubernetes-e2e kubernetes-master:kube-control
+juju relate kubernetes-e2e kubernetes-master:kube-api-endpoint
+
+# Disable source-dest-check on all instances
+MACHINES_CSV=`juju status --format json | jq -r '.machines | keys | @csv' | tr -d \"`
+IFS=$','
+for machine in $MACHINES_CSV; do
+  until juju status --format yaml $machine | grep instance-id | grep -v pending; do sleep 10; done
+  INSTANCE_ID=$(juju status --format yaml $machine | grep instance-id | head -n 1 | cut -d " " -f 6)
+  aws ec2 modify-instance-attribute --instance-id $INSTANCE_ID --source-dest-check '{"Value": false}'
+done
+
+pytest -s --no-print-logs ./integration-tests/test_live_model.py

integration-tests/validation.py

@@ -36,8 +36,8 @@ async def validate_all(model, log_dir):
     await validate_e2e_tests(model, log_dir)
     await validate_worker_master_removal(model)
     await validate_sans(model)
-    if "canal" in model.applications:
-        log("Running canal specific tests")
+    if any(app in model.applications for app in ('canal', 'calico')):
+        log("Running network policy specific tests")
         await validate_network_policies(model)
     await validate_extra_args(model)
     await validate_docker_logins(model)