Added test for Configure namespace object limits

benchmarks/e2e/tests/configure_ns_object_quotas/configure_ns_object_quotas.go

@@ -0,0 +1,65 @@
+package configure_ns_object_quotas
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/onsi/ginkgo"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/kubernetes/test/e2e/framework"
+	configutil "sigs.k8s.io/multi-tenancy/benchmarks/e2e/config"
+)
+
+const (
+	expectedVal = "Error from server (Forbidden)"
+)
+
+var _ = framework.KubeDescribe("A tenant namespace must have object resource quotas", func() {
+	var config *configutil.BenchmarkConfig
+	var tenantA configutil.TenantSpec
+	var user string
+	var err error
+	resourceNameList := [9]string{"pods", "services", "replicationcontrollers", "resourcequotas", "secrets", "configmaps", "persistentvolumeclaims", "services.nodeports", "services.loadbalancers"}
+
+	ginkgo.BeforeEach(func() {
+		config, err = configutil.ReadConfig(configutil.ConfigPath)
+		framework.ExpectNoError(err)
+
+		tenantA, err = config.GetValidTenant()
+		framework.ExpectNoError(err)
+		user = configutil.GetContextFromKubeconfig(tenantA.Kubeconfig)
+	})
+
+	ginkgo.It("validate object resource quotas are configured", func() {
+		ginkgo.By(fmt.Sprintf("tenant %s namespace must have object resource quotas configured", user))
+		tenantResourcequotas := getTenantResoureQuotas(tenantA)
+		expectedVal := strings.Join(tenantResourcequotas, " ")
+		for _, r := range resourceNameList {
+			if !strings.Contains(expectedVal, r) {
+				framework.Failf("%s must be configured in tenant %s namespace resource quotas", r, user)
+			}
+		}
+	})
+})
+
+func getTenantResoureQuotas(t configutil.TenantSpec) []string {
+	var tmpList string
+	var tenantResourceQuotas []string
+
+	kclient := configutil.NewKubeClientWithKubeconfig(t.Kubeconfig)
+	resourcequotaList, err := kclient.CoreV1().ResourceQuotas(t.Namespace).List(metav1.ListOptions{})
+	framework.ExpectNoError(err)
+
+	for _, resourcequota := range resourcequotaList.Items {
+		for name := range resourcequota.Spec.Hard {
+			if strings.Contains(tmpList, name.String()) {
+				continue
+			}
+
+			tenantResourceQuotas = append(tenantResourceQuotas, name.String())
+			tmpList = tmpList + name.String()
+		}
+	}
+
+	return tenantResourceQuotas
+}

benchmarks/e2e/tests/e2e.go

@@ -18,6 +18,7 @@ import (
 	_ "sigs.k8s.io/multi-tenancy/benchmarks/e2e/tests/block_ns_quotas"
 	_ "sigs.k8s.io/multi-tenancy/benchmarks/e2e/tests/block_other_tenant_resources"
 	_ "sigs.k8s.io/multi-tenancy/benchmarks/e2e/tests/block_privileged_containers"
+	_ "sigs.k8s.io/multi-tenancy/benchmarks/e2e/tests/configure_ns_object_quotas"
 	_ "sigs.k8s.io/multi-tenancy/benchmarks/e2e/tests/configure_ns_quotas"
 	_ "sigs.k8s.io/multi-tenancy/benchmarks/e2e/tests/create_role_bindings"
 )

benchmarks/go.mod

@@ -20,7 +20,6 @@ require (
 	github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4 // indirect
 	github.com/prometheus/common v0.7.0 // indirect
 	github.com/prometheus/procfs v0.0.5 // indirect
-	github.com/realshuting/multi-tenancy-benchmarks v0.0.0-20191028041724-a27250830445 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.uber.org/zap v1.12.0 // indirect
 	golang.org/x/crypto v0.0.0-20191029031824-8986dd9e96cf // indirect