Merge pull request #7 from innovatrics/feature/helm-tests

Helm tests

.github/workflows/ci.yaml

@@ -17,6 +17,8 @@ jobs:
           # this is needed only temporarily - see https://github.com/helm/helm/issues/12423
           version: 3.12.3
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v3
       - name: Build helm dependencies
         run: |
           helm dependency build .
@@ -30,3 +32,38 @@ jobs:
       - uses: actions/setup-python@v3
       - uses: gabe565/setup-helm-docs-action@v1
       - uses: pre-commit/[email protected]
+      - name: Create kind cluster
+        uses: helm/[email protected]
+      - name: Install chart prerequisites
+        env:
+          REGISTRY_PASS: ${{ secrets.REGISTRY_PASS }}
+          LICENSE_BASE64: ${{ secrets.LICENSE_BASE64 }}
+        run: |
+          kubectl create secret docker-registry --dry-run=client sf-gitlab-registry-creds \
+            --docker-server=registry.gitlab.com \
+            --docker-username=sf-distribution \
+            --docker-password=${REGISTRY_PASS} -o yaml > docker-secret.yaml
+          echo ${LICENSE_BASE64} | base64 -d > iengine.lic
+          kubectl create secret generic --dry-run=client iface-lic \
+            --from-file=iengine.lic -o yaml > lic-secret.yaml
+          kubectl apply -f docker-secret.yaml
+          kubectl apply -f lic-secret.yaml
+      - name: Install helm chart
+        run: |
+          helm install -f ci-values.yaml smartface .
+          kubectl rollout status deployment sf-api --timeout=300s
+          kubectl wait --for=condition=complete job/sf-wl-update-log-population --timeout=300s
+      - name: Test helm chart
+        run: |
+          helm test smartface
+      - name: Dump cluster info
+        if: ${{ always() }}
+        run: |
+          kubectl cluster-info dump > cluster-info.txt
+      - name: Upload cluster-info
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: cluster-info
+          path: |
+            cluster-info.txt

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## [v0.6.0]
+
+### Added
+- Added test pods supporting `helm test` command
+
+### Breaking change
+- deployment of SmartFace Station is now disabled by default. To reenable previous behavior with deploying SmartFace Station please set the `station.enabled` value to `true`.
+  - previous behavior with enabled SmartFace Station caused the installation of helm chart with default values to fail on validation because SmartFace Station is currently dependant on SmartFace API with enabled authentication, which in turn requires the existence of external authentication provider and correct configuration of relevant SmartFace services
+
 ## [v0.5.2]
 
 ### Changed

README.md

@@ -33,6 +33,18 @@ The helm chart needs certain objects to be present in the cluster before it can
 
 By default an ingress object is created with the helm chart. To configure the ingress please see the `ingress.*` values
 
+## Tests
+
+[Helm chart tests](https://helm.sh/docs/topics/chart_tests/) are included and can be run using `helm test` command. The aim of these tests is to touch most of the deployments to check wether SmartFace components deployed successfully and are working. Their successful completion is not a guarantee that the application is fully functional.
+
+Based on the configured functionality of the helm chart (values) some tests might not be run as they might require functionality which is not deployed. Please see the test pod templates to see the impact of configured values to test pods which are run in the helm chart tests.
+
+In case the tests fail please refer to the output of the test pod to identify the issue.
+
+### Test data
+
+During the tests some data (Watchlists / EdgeStreams) will be created in the deployed smartface. The tests will try to cleanup all data they created without touching any other data present in the system, but the note that the cleanup might fail for various reasons, resulting in test data being left behind in the system.
+
 ## Requirements
 
 | Repository | Name | Version |
@@ -495,7 +507,7 @@ metadata:
 | station.annotations | object | `{}` | Annotations for station deployment |
 | station.containerPort | int | `80` |  |
 | station.dnsHost | string | `""` |  |
-| station.enabled | bool | `true` |  |
+| station.enabled | bool | `false` |  |
 | station.image.digest | string | `nil` | Overrides the image tag with an image digest |
 | station.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy |
 | station.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` |
@@ -528,6 +540,15 @@ metadata:
 | streamDataDbWorker.resources.requests.cpu | string | `"100m"` |  |
 | streamDataDbWorker.resources.requests.memory | string | `"100M"` |  |
 | streamDataDbWorker.tolerations | list | `[]` |  |
+| tests.image.digest | string | `nil` | Overrides the image tag with an image digest |
+| tests.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy |
+| tests.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` |
+| tests.image.repository | string | `"innovatrics/smartface/sf-cloud-func-tests"` | Docker image repository |
+| tests.image.tag | string | `nil` | Countly publisher follows different versioning, so the chart app needs to be overridden |
+| tests.nodeSelector | object | `{}` |  |
+| tests.podAnnotations | object | `{}` | Annotations for test pods |
+| tests.podLabels | object | `{}` | Additional labels for test pods |
+| tests.tolerations | list | `[]` |  |
 
 ## Maintainers
 
@@ -542,6 +563,10 @@ metadata:
 
 ## Breaking changes
 
+### [v0.6.0]
+- deployment of SmartFace Station is now disabled by default. To reenable previous behavior with deploying SmartFace Station please set the `station.enabled` value to `true`.
+  - previous behavior with enabled SmartFace Station caused the installation of helm chart with default values to fail on validation because SmartFace Station is currently dependant on SmartFace API with enabled authentication, which in turn requires the existence of external authentication provider and correct configuration of relevant SmartFace services
+
 ### [v0.5.0]
 - MinIO subchart is enabled and used by default. To keep using S3 bucket managed outside of this helm chart please set the `minio.enabled` value to `false` and provide configuration details via `configurations.s3`
 - Postgresql subchart is enabled and used by default. To keep using PgSQL instance managed outside of this helm chart please set the `postgresql.enabled` value to `false` and provide configuration details via `configurations.database`

README.md.gotmpl

@@ -34,6 +34,18 @@ The helm chart needs certain objects to be present in the cluster before it can
 
 By default an ingress object is created with the helm chart. To configure the ingress please see the `ingress.*` values
 
+## Tests
+
+[Helm chart tests](https://helm.sh/docs/topics/chart_tests/) are included and can be run using `helm test` command. The aim of these tests is to touch most of the deployments to check wether SmartFace components deployed successfully and are working. Their successful completion is not a guarantee that the application is fully functional.
+
+Based on the configured functionality of the helm chart (values) some tests might not be run as they might require functionality which is not deployed. Please see the test pod templates to see the impact of configured values to test pods which are run in the helm chart tests.
+
+In case the tests fail please refer to the output of the test pod to identify the issue.
+
+### Test data
+
+During the tests some data (Watchlists / EdgeStreams) will be created in the deployed smartface. The tests will try to cleanup all data they created without touching any other data present in the system, but the note that the cleanup might fail for various reasons, resulting in test data being left behind in the system.
+
 {{ template "chart.requirementsSection" . }}
 
 All chart dependencies are optional and can be disabled and supplemented with other (for example cloud-based) alternatives
@@ -125,6 +137,10 @@ metadata:
 
 ## Breaking changes
 
+### [v0.6.0]
+- deployment of SmartFace Station is now disabled by default. To reenable previous behavior with deploying SmartFace Station please set the `station.enabled` value to `true`.
+  - previous behavior with enabled SmartFace Station caused the installation of helm chart with default values to fail on validation because SmartFace Station is currently dependant on SmartFace API with enabled authentication, which in turn requires the existence of external authentication provider and correct configuration of relevant SmartFace services
+
 ### [v0.5.0]
 - MinIO subchart is enabled and used by default. To keep using S3 bucket managed outside of this helm chart please set the `minio.enabled` value to `false` and provide configuration details via `configurations.s3`
 - Postgresql subchart is enabled and used by default. To keep using PgSQL instance managed outside of this helm chart please set the `postgresql.enabled` value to `false` and provide configuration details via `configurations.database`

ci-values.yaml

@@ -0,0 +1,46 @@
+# we don't need persistence since the kind cluster will be deleted after the tests anyway
+rabbitmq:
+  persistence:
+    enabled: false
+postgresql:
+  primary:
+    persistence:
+      enabled: false
+minio:
+  persistence:
+    enabled: false
+
+# We enabled edge streams so we can run all of the tests in one go with all features enabled
+features:
+  edgeStreams:
+    enabled: true
+
+api:
+  resources: null
+authApi:
+  resources: null
+graphqlApi:
+  resources: null
+detector:
+  resources: null
+extractor:
+  resources: null
+matcher:
+  resources: null
+liveness:
+  resources: null
+edgeStreamProcessor:
+  resources: null
+# edge stream tests test WL sync, which requires the population job to be run
+edgeStreamsStateSync:
+  resources: null
+  wlStreamPopulationJob:
+    enabled: true
+base:
+  resources: null
+faceMatcher:
+  resources: null
+accessController:
+  resources: null
+streamDataDbWorker:
+  resources: null

templates/_components.tpl

@@ -465,3 +465,34 @@ Template used for resolving S3 config map name
 {{- $suffix := "s3" -}}
 {{- printf "%s-%s" $prefix $suffix -}}
 {{- end -}}
+
+{{/*
+Tests
+*/}}
+
+{{/*
+Template used for resolving Watchlist tests name
+*/}}
+{{- define "smartface.watchlistTests.name" }}
+{{- $prefix := include "smartface.name" . -}}
+{{- $suffix := "watchlist-tests" -}}
+{{- printf "%s-%s" $prefix $suffix -}}
+{{- end -}}
+
+{{/*
+Template used for resolving Edge Stream tests name
+*/}}
+{{- define "smartface.edgeStreamTests.name" }}
+{{- $prefix := include "smartface.name" . -}}
+{{- $suffix := "edge-stream-tests" -}}
+{{- printf "%s-%s" $prefix $suffix -}}
+{{- end -}}
+
+{{/*
+Template used for resolving GraphQL tests name
+*/}}
+{{- define "smartface.graphQlTests.name" }}
+{{- $prefix := include "smartface.name" . -}}
+{{- $suffix := "graphql-tests" -}}
+{{- printf "%s-%s" $prefix $suffix -}}
+{{- end -}}

templates/edge-streams/watchlist-update-log-populating-job.yaml

@@ -28,18 +28,14 @@ spec:
           "--rmq-virtual-host", "/",
           "--rmq-streams-port", "$(RabbitMQ__StreamsPort)",
 
-          "--connection-string", "$(db_cs)",
-          "-dbe", "PgSql",
+          "--connection-string", "$(ConnectionStrings__CoreDbContext)",
+          "-dbe", "$(Database__DbEngine)",
 
           "--generation-id", {{ uuidv4 | quote }},
           "--tenant-id", "default"
         ]
         env:
-        - name: "db_cs"
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.configurations.database.existingSecretName | quote }}
-              key: {{ .Values.configurations.database.connectionStringKey | quote }}
+        {{- include "smartface.dbConfig" . | nindent 8 }}
         {{- include "smartface.rmqConfig" . | nindent 8 }}
         volumeMounts:
         {{- include "smartface.licVolumeMount" . | nindent 8 }}

templates/tests/edge-stream-test.yaml

@@ -0,0 +1,66 @@
+{{- if (and .Values.features.edgeStreams.enabled .Values.api.enabled .Values.graphqlApi.enabled (not .Values.graphqlApi.enableAuth) (eq .Values.edgeStreamProcessor.operationMode.matchingDataStrategy "ServerOnly")) }}
+{{- $name := include "smartface.edgeStreamTests.name" . -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ $name | quote }}
+  annotations:
+    "helm.sh/hook": test
+    {{- with .Values.podAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.tests.podAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- with .Values.podLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.tests.podLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  serviceAccountName: {{ .Values.serviceAccount.name | quote }}
+  automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+  {{- with .Values.imagePullSecrets }}
+  imagePullSecrets:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  containers:
+  - name: {{ $name | quote }}
+    image: {{ include "smartface.image" (dict "local" .Values.tests.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }}
+    imagePullPolicy: {{ .Values.tests.image.pullPolicy }}
+    args: ['--filter', 'Category=EdgeStreams']
+    env:
+    - name: "SF_TEST_API_URL"
+      value: "http://{{ include "smartface.api.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.api.servicePort }}"
+    - name: "SF_TEST_GQL_API_URL"
+      value: "http://{{ include "smartface.graphqlApi.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.graphqlApi.servicePort }}"
+    - name: "SF_ZMQ_HOST"
+      value: "{{ include "smartface.base.name" . }}.{{ .Release.Namespace }}.svc.cluster.local"
+    - name: "SF_ZMQ_PORT"
+      value: "{{ .Values.base.zmqServicePort }}"
+
+    {{- include "smartface.mqttConfig" . | nindent 4 }}
+    - name: "SF_MQTT_HOST"
+      value: "$(MQTT__Hostname)"
+    - name: "SF_MQTT_PORT"
+      value: "$(MQTT__Port)"
+    - name: "SF_MQTT_USER"
+      value: "$(MQTT__Username)"
+    - name: "SF_MQTT_PASS"
+      value: "$(MQTT__Password)"
+    volumeMounts:
+    {{- include "smartface.licVolumeMount" . | nindent 4 }}
+  volumes:
+    {{- include "smartface.licVolume" . | nindent 4 }}
+  {{- with .Values.tests.nodeSelector }}
+  nodeSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.tests.tolerations }}
+  tolerations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  restartPolicy: Never
+{{- end }}

templates/tests/graphql-test.yaml

@@ -0,0 +1,52 @@
+{{- if (and .Values.api.enabled .Values.graphqlApi.enabled (not .Values.graphqlApi.enableAuth)) }}
+{{- $name := include "smartface.graphQlTests.name" . -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ $name | quote }}
+  annotations:
+    "helm.sh/hook": test
+    {{- with .Values.podAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.tests.podAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- with .Values.podLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.tests.podLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  serviceAccountName: {{ .Values.serviceAccount.name | quote }}
+  automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+  {{- with .Values.imagePullSecrets }}
+  imagePullSecrets:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  containers:
+  - name: {{ $name | quote }}
+    image: {{ include "smartface.image" (dict "local" .Values.tests.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }}
+    imagePullPolicy: {{ .Values.tests.image.pullPolicy }}
+    args: ['--filter', 'Category=GraphQL']
+    env:
+    - name: "SF_TEST_API_URL"
+      value: "http://{{ include "smartface.api.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.api.servicePort }}"
+    - name: "SF_TEST_GQL_API_URL"
+      value: "http://{{ include "smartface.graphqlApi.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.graphqlApi.servicePort }}"
+    volumeMounts:
+    {{- include "smartface.licVolumeMount" . | nindent 4 }}
+  volumes:
+    {{- include "smartface.licVolume" . | nindent 4 }}
+  {{- with .Values.tests.nodeSelector }}
+  nodeSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.tests.tolerations }}
+  tolerations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  restartPolicy: Never
+{{- end }}