Add support for pre 1.0 versions and 0.16 tests

alenkacz · Jan 9, 2021 · a59e942 · a59e942
1 parent 66aa35f
commit a59e942
Show file tree

Hide file tree

Showing 10 changed files with 19,509 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 Helps you properly wait for cert-manager installation to be ready to use.
 
-DISCLAIMER: this currently works only with latest cert-manager. Support of older versions is in progress.
+All versions of cert-manager are supported down to 0.12.
 
 ## Motivation
 

diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/alenkacz/cert-manager-verifier
 go 1.15
 
 require (
+	github.com/novln/docker-parser v1.0.0
 	github.com/sirupsen/logrus v1.6.0
 	github.com/spf13/cobra v1.1.1
 	k8s.io/apimachinery v0.19.4

diff --git a/go.sum b/go.sum
@@ -265,6 +265,8 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/novln/docker-parser v1.0.0 h1:PjEBd9QnKixcWczNGyEdfUrP6GR0YUilAqG7Wksg3uc=
+github.com/novln/docker-parser v1.0.0/go.mod h1:oCeM32fsoUwkwByB5wVjsrsVQySzPWkl3JdlTn1txpE=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -338,6 +340,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=

diff --git a/pkg/verify/certificate.go b/pkg/verify/certificate.go
@@ -15,8 +15,8 @@ import (
 )
 
 const (
-	group   = "cert-manager.io"
-	version = "v1"
+	defaultGroup   = "cert-manager.io"
+	defaultVersion = "v1"
 )
 
 var namespace = &unstructured.Unstructured{
@@ -31,10 +31,11 @@ var namespace = &unstructured.Unstructured{
 
 // TODO support also other API versions
 // TODO make it possible to execute this inside namespace, not creating one
-func WaitForTestCertificate(ctx context.Context, dynamicClient dynamic.Interface) error {
+func WaitForTestCertificate(ctx context.Context, dynamicClient dynamic.Interface, cmVersion string) error {
 	if err := ctx.Err(); err != nil {
 		return fmt.Errorf("Timeout reached: %v", err)
 	}
+	group, version := getGroupVersion(cmVersion)
 	cert := certificate("cert-manager-test", group, version)
 	resources := []*unstructured.Unstructured{namespace, issuer("cert-manager-test", group, version), cert}
 	defer cleanupTestResources(dynamicClient, resources)
@@ -50,6 +51,14 @@ func WaitForTestCertificate(ctx context.Context, dynamicClient dynamic.Interface
 	return wait.PollImmediateUntil(defaultPollInterval, poller.certificateReady, ctx.Done())
 }
 
+func getGroupVersion(cmVersion string) (string, string) {
+	if strings.HasPrefix(cmVersion, "v1.0") {
+		return defaultGroup, defaultVersion
+	} else {
+		return defaultGroup, "v1alpha2"
+	}
+}
+
 func createWithRetry(ctx context.Context, res *unstructured.Unstructured, dynamicClient dynamic.Interface) error {
 	for {
 		select {

diff --git a/pkg/verify/deployment.go b/pkg/verify/deployment.go
@@ -3,9 +3,11 @@ package verify
 import (
 	"context"
 	"fmt"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"time"
 
+	dp "github.com/novln/docker-parser"
+	"k8s.io/apimachinery/pkg/api/errors"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -20,7 +22,7 @@ type DeploymentDefinition struct {
 }
 
 type Deployment struct {
-	Name string
+	Name     string
 	Required bool
 }
 
@@ -34,9 +36,10 @@ func DeploymentDefinitionDefault(namespace string) DeploymentDefinition {
 }
 
 type DeploymentResult struct {
-	Deployment    Deployment
-	Status   Status
-	Error   error
+	Deployment Deployment
+	Status     Status
+	Error      error
+	Version    string
 }
 
 type Status int
@@ -57,22 +60,31 @@ func DeploymentsReady(ctx context.Context, kubeClient *kubernetes.Clientset, dep
 	for _, d := range deployments.Deployments {
 		if err := ctx.Err(); err != nil {
 			dr := DeploymentResult{
-				Deployment:  d,
-				Error: fmt.Errorf("Timeout reached: %v", err),
+				Deployment: d,
+				Error:      fmt.Errorf("Timeout reached: %v", err),
 			}
 			result = append(result, dr)
 			continue
 		}
 		dr := DeploymentResult{
-			Deployment:  d,
-			Status: Ready,
+			Deployment: d,
+			Status:     Ready,
 		}
-		_, err := kubeClient.AppsV1().Deployments(deployments.Namespace).Get(context.TODO(), d.Name, metav1.GetOptions{})
+		deployment, err := kubeClient.AppsV1().Deployments(deployments.Namespace).Get(context.TODO(), d.Name, metav1.GetOptions{})
 		if errors.IsNotFound(err) {
 			dr.Status = NotFound
 			result = append(result, dr)
 			continue
 		}
+		if d.Required {
+			c := deployment.Spec.Template.Spec.Containers
+			if len(c) > 0 {
+				r, err := dp.Parse(c[0].Image)
+				if err == nil {
+					dr.Version = r.Tag()
+				}
+			}
+		}
 		poller := &poller{kubeClient, d, deployments.Namespace}
 		err = wait.PollImmediateUntil(defaultPollInterval, poller.deploymentReady, ctx.Done())
 		if err != nil {

diff --git a/pkg/verify/verify.go b/pkg/verify/verify.go
@@ -49,7 +49,7 @@ func Verify(ctx context.Context, config *rest.Config, options *Options) (*Verify
 		return result, nil
 	}
 	result.DeploymentsSuccess = true
-	err = WaitForTestCertificate(ctx, dynamicClient)
+	err = WaitForTestCertificate(ctx, dynamicClient, version(deploymentResult))
 	if err != nil {
 		result.CertificateError = err
 	} else {
@@ -60,6 +60,15 @@ func Verify(ctx context.Context, config *rest.Config, options *Options) (*Verify
 	return result, nil
 }
 
+func version(result []DeploymentResult) string {
+	for _, r := range result {
+		if r.Version != "" {
+			return r.Version
+		}
+	}
+	return ""
+}
+
 func allReady(result []DeploymentResult) bool {
 	for _, r := range result {
 		if r.Status == NotReady || (r.Status == NotFound && r.Deployment.Required) {

diff --git a/test/e2e/verify-0.16.0/00-install.yaml b/test/e2e/verify-0.16.0/00-install.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: kubectl apply --validate=false -f cert-manager/cert-manager.yaml
diff --git a/test/e2e/verify-0.16.0/01-verify.yaml b/test/e2e/verify-0.16.0/01-verify.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: ./../../../bin/cm-verifier
diff --git a/test/e2e/verify-0.16.0/02-delete.yaml b/test/e2e/verify-0.16.0/02-delete.yaml
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: kubectl delete -f cert-manager/cert-manager.yaml