Skip to content

CSPL-949: Refactor of secret test cases #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 27, 2021
Merged

CSPL-949: Refactor of secret test cases #298

merged 2 commits into from
Mar 27, 2021

Conversation

pdhanoya-splunk
Copy link
Contributor

@pdhanoya-splunk pdhanoya-splunk commented Mar 26, 2021
edited
Loading

Refactored Secret Test Cases and added support for server.conf secret verification

  • Split test case's into individual files based on SVA
  • Created method to fetch Secret Object through API, eliminating need to encode/decode secrets
  • Added method to fetch splunk pods in a namespace
  • Added method to fetch versioned secrets in a namespace
  • Refactored Secret Verification Methods
  • Added additional verification for verifying shc_secret, idxc_secret, pass4SymmKey on Splunk Instance
  • Modified existing util to parse splunk config file based on stanza
  • Added commons methods to remove duplicated code in multiple test Cases
  • Marked one S1 test case as smoke test
  • Renamed some variable to match naming conventions used across Splunk Operator Code
  • Fixed a logic bug in mcutil.go

Passing Test Runs

S1 SVA: secret update is applied to standalone

[2] Secret Test for SVA S1
[2] /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_s1_test.go:24
[2]   Standalone deployment (S1) with LM
[2]   /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_s1_test.go:44
[2]     secret: Secret update on a standalone instance
[2]     /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_s1_test.go:45
[2] ------------------------------
[2] {"level":"info","ts":1616737584.6970189,"msg":"testenv deleted.\n","testenv":"secret-dw2"}
[2] 
[2] JUnit report was created: /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret-dw2_junit.xml
[2] 
[2] Ran 1 of 1 Specs in 539.048 seconds
[2] SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped
[2] PASS

S1 SVA: Secret Object data is repopulated in secret object on passing empty Data map and new secrets are applied to Splunk Pods

[2] Secret Test for SVA S1
[2] /Users/pdhanoya/splunk-operator-git/automation-test/splunk-operator/test/secret/secret_s1_test.go:26
[2]   Standalone deployment (S1)
[2]   /Users/pdhanoya/splunk-operator-git/automation-test/splunk-operator/test/secret/secret_s1_test.go:205
[2]     secret,smoke: Secret Object data is repopulated in secret object on passing empty Data map and new secrets are applied to Splunk Pods
[2]     /Users/pdhanoya/splunk-operator-git/automation-test/splunk-operator/test/secret/secret_s1_test.go:206
[2] ------------------------------
[2] {"level":"info","ts":1616706688.443281,"msg":"testenv deleted.\n","testenv":"secret-vj"}
[2] 
[2] JUnit report was created: /Users/pdhanoya/splunk-operator-git/automation-test/splunk-operator/test/secret/secret-vj_junit.xml
[2] 
[2] Ran 1 of 2 Specs in 388.682 seconds
[2] SUCCESS! -- 1 Passed | 0 Failed | 1 Pending | 0 Skipped
[2] PASS

Secret Object is recreated on delete and new secrets are applied to Splunk Pods

[1] • [SLOW TEST:555.138 seconds]
[1] Secret Test for SVA S1
[1] /Users/pdhanoya/splunk-operator-git/automation-test/splunk-operator/test/secret/secret_s1_test.go:26
[1]   Standalone deployment (S1) with LM
[1]   /Users/pdhanoya/splunk-operator-git/automation-test/splunk-operator/test/secret/secret_s1_test.go:46
[1]     secret: Secret update on a standalone instance
[1]     /Users/pdhanoya/splunk-operator-git/automation-test/splunk-operator/test/secret/secret_s1_test.go:47
[1] ------------------------------
[1] {"level":"info","ts":1616708352.028694,"msg":"testenv deleted.\n","testenv":"secret-rn"}
[1] 
[1] JUnit report was created: /Users/pdhanoya/splunk-operator-git/automation-test/splunk-operator/test/secret/secret-rn_junit.xml
[1] 
[1] Ran 1 of 2 Specs in 562.198 seconds
[1] SUCCESS! -- 1 Passed | 0 Failed | 1 Pending | 0 Skipped
[1] PASS

Ginkgo ran 1 suite in 9m28.570545562s
Test Suite Passed

C3 SVA : secret update on indexers and search head cluster

[1] • [SLOW TEST:2026.156 seconds]
[1] secret test
[1] /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_c3_test.go:24
[1]   Clustered deployment (C3 - clustered indexer, search head cluster)
[1]   /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_c3_test.go:44
[1]     secret: secret update on indexers and search head cluster
[1]     /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_c3_test.go:45
[1] ------------------------------
[1] {"level":"info","ts":1616731745.991369,"msg":"testenv deleted.\n","testenv":"secret-hpc"}
[1] 
[1] JUnit report was created: /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret-hpc_junit.xml
[1] 
[1] Ran 1 of 1 Specs in 2032.645 seconds
[1] SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped
[1] PASS

M4 SVA: secret update on multisite indexers and search head cluster

[2] Secret Test for M4 SVA
[2] /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_m4_test.go:24
[2]   Multisite cluster deployment (M13 - Multisite indexer cluster, Search head cluster)
[2]   /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_m4_test.go:44
[2]     secret: secret update on multisite indexers and search head cluster
[2]     /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret_m4_test.go:45
[2] ------------------------------
[2] {"level":"info","ts":1616736128.170295,"msg":"testenv deleted.\n","testenv":"secret-fal"}
[2] 
[2] JUnit report was created: /Users/pdhanoya/splunk-operator-git/automation/splunk-operator/test/secret/secret-fal_junit.xml
[2] 
[2] Ran 1 of 3 Specs in 2159.138 seconds
[2] SUCCESS! -- 1 Passed | 0 Failed | 2 Pending | 0 Skipped
[2] PASS

@pdhanoya-splunk pdhanoya-splunk force-pushed the CSPL-949-secret-server-conf-verification branch from da80a5a to 4e3ff93 Compare March 26, 2021 05:57
@pdhanoya-splunk pdhanoya-splunk force-pushed the CSPL-949-secret-server-conf-verification branch 2 times, most recently from 9c16114 to d433760 Compare March 26, 2021 19:45
tpereirasplunk
tpereirasplunk reviewed Mar 26, 2021
View reviewed changes
@pdhanoya-splunk pdhanoya-splunk force-pushed the CSPL-949-secret-server-conf-verification branch from d433760 to 1f78f8c Compare March 26, 2021 21:07
akondur
akondur reviewed Mar 27, 2021
View reviewed changes
.circleci/config.yml
find ./test -name "*junit.xml" -exec cp {} /tmp/test-results \;
environment:
TEST_FOCUS: "smoke|ingest_search|monitoring_console|smartstore|licensemaster|scaling_test|crcrud|secret"
# TEST_FOCUS: "smoke|ingest_search|monitoring_console|smartstore|licensemaster|scaling_test|crcrud|secret"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need the commented out line?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just for reference I will remove it in future.

.circleci/config.yml
environment:
TEST_FOCUS: "smoke|ingest_search|monitoring_console|smartstore|licensemaster|scaling_test|crcrud|secret"
# TEST_FOCUS: "smoke|ingest_search|monitoring_console|smartstore|licensemaster|scaling_test|crcrud|secret"
TEST_FOCUS: "integration"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we able to control which tests we can run with this change?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes we are coming up with keyword to define different test and this is a change in that direction. We should be able to run different test based on keyword.

test/ingest_search/ingest_search_test.go Outdated

Context("Standalone deployment (S1)", func() {
It("ingest_search: can search internal logs for standalone instance", func() {
It("ingest_search,integration: can search internal logs for standalone instance", func() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: ingest_search, integration an extra space between the ingest_search and integration?

Similarly in other occurrences below.

test/monitoring_console/monitoring_console_test.go Outdated

Context("Standalone deployment (S1)", func() {
It("monitoring_console: can deploy a MC with standalone instance and update MC with new standalone deployment", func() {
It("monitoring_console,integration: can deploy a MC with standalone instance and update MC with new standalone deployment", func() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Same comment as above.

test/monitoring_console/monitoring_console_test.go Outdated

Context("Clustered deployment (C3 - clustered indexer, search head cluster)", func() {
It("monitoring_console: MC can configure SHC, indexer instances after scale up and standalone in a namespace", func() {
It("monitoring_console,integration: MC can configure SHC, indexer instances after scale up and standalone in a namespace", func() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Same comment as above.

test/smartstore/smartstore_test.go Outdated
Context("Configure multiple indexes on standlaone deployment using CR Spec", func() {
It("smartstore: Can configure multiple indexes through app", func() {
Context("Standalone Deployment (S1)", func() {
It("smartstore,integration: Can configure multiple indexes through app", func() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Same comment as above

test/smartstore/smartstore_test.go Outdated
Context("Confiugre volume in default settings on standlaone deployment using CR Spec", func() {
It("smartstore: Can configure indexes which use default volumes through app", func() {
Context("Standalone Deployment (S1)", func() {
It("smartstore,integration: Can configure indexes which use default volumes through app", func() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Same comment as above

test/smartstore/smartstore_test.go Outdated
Context("Confiugre indexes and volumes on Indexer Cluster using CR Spec", func() {
It("smartstore: Can configure indexes and volumes on Multisite Indexer Cluster through app", func() {
Context("Multisite Indexer Cluster with Search Head Cluster (M4)", func() {
It("smartstore,integration: Can configure indexes and volumes on Multisite Indexer Cluster through app", func() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Same comment as above

test/testenv/verificationutils.go
func VerifySplunkServerConfSecrets(deployment *Deployment, testenvInstance *TestEnv, verificationPods []string, data map[string][]byte, match bool) {
for _, podName := range verificationPods {
keysToMatch := GetKeysToMatch(podName)
testenvInstance.Log.Info("Verificaton Keys Set", "Pod Name", podName, "Keys To Compare", keysToMatch)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Do we need the log for production?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Useful for DEBUG. Autogenerated secrets should not cause any security issues. Online test runs are behind secured credentials anyways.

@pdhanoya-splunk pdhanoya-splunk force-pushed the CSPL-949-secret-server-conf-verification branch from 1f78f8c to 81c7444 Compare March 27, 2021 00:21
@pdhanoya-splunk pdhanoya-splunk force-pushed the CSPL-949-secret-server-conf-verification branch from 81c7444 to 2a9e978 Compare March 27, 2021 00:25
@smohan-splunk smohan-splunk merged commit 0b34f28 into develop Mar 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akondur akondur akondur left review comments

+3 more reviewers

@jambrosiano jambrosiano jambrosiano approved these changes

@smohan-splunk smohan-splunk smohan-splunk approved these changes

@tpereirasplunk tpereirasplunk tpereirasplunk approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@pdhanoya-splunk @jambrosiano @smohan-splunk @akondur @tpereirasplunk @pdhanoyasplunk