huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
8b386ff0784ec30c5b29fe5a49d24e2c2dfd32c0
speckle-server/utils/test-deployment/run_tests.py
T
Iain Sproat b61f0ffabe Cilium network policies (#954) 
* feat(helm chart): deployes Cilium Network Policies when configured

Cilium Network Policies provide more features over regular Kubernetes Network Policies, but Cilium
is not available everywhere.  When selected by an operator, Cilium Network Policies will be deployed
instead of Kubernetes Network Policies.

Fixes https://github.com/specklesystems/speckle-server/issues/913

* Cilium Network Policy for fileimport service.
* tested only for external host.
* Still to test internal pod and external IP.

* Cilium network policy for file import service restricts DNS

* allows egress to service instead of endpoint
* file import service uses service url of speckle-server
* helper functions for server and dns

* DRY the prometheus selector

* CiliumNetworkPolicy for frontend

* CiliumNetworkPolicy for monitoring service

* CiliumNetworkPolicy for preview service

* CiliumNetworkPolicy for test

* CiliumNetworkPolicy for webhook_service

* CiliumNetworkPolicy for Server

* Test should egress to domain, not internally

* Test should be in tests directory to match Helm convention for tests
* Test should explicitly deny ingress from everywhere

* Server needs to egress to canonical domain (i.e. itself)

- DNS and egress for canonical domain added to Server
- As Test also egresses via canonical domain to access Server, we do not require the intra-cluster ingress to the server from the test pod
- Explicitly deny all egress from frontend

* WIP update to schema.json

* Breaking Change: inCluster network policies supported for cilium

* Breaking change: kubernetes network policy podSelector and namespaceSelector are now at a different level
* Updates schema.json

* add notes to remove egress once bug is fixed
2022-08-24 17:25:08 +02:00

63 lines
2.7 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
# Script-style deployment testing: any error should fail the test and have non-zero exit code.
import os
import sys
import requests
import urllib.parse
from specklepy.api.client import SpeckleClient
from specklepy.api.models import ServerInfo
# Setting the SPECKLE_SERVER to test on
SPECKLE_SERVER = ''
if len(sys.argv) > 1:
SPECKLE_SERVER = sys.argv[1]
if not SPECKLE_SERVER:
SPECKLE_SERVER = os.getenv('SPECKLE_SERVER', '')
if not SPECKLE_SERVER:
print("Error: No Speckle server specified. Use SPECKLE_SERVER environment variable or pass it as the first command-line argument")
exit(1)
if not SPECKLE_SERVER.startswith('http://') and not SPECKLE_SERVER.startswith('https://'):
SPECKLE_SERVER = 'http://' + SPECKLE_SERVER
print(f"Using Speckle server '{SPECKLE_SERVER}'")
# Test if frontend is accessible
frontend_response = requests.get(urllib.parse.urljoin(SPECKLE_SERVER, 'img/logo.ddce2456.svg'))
assert frontend_response.status_code == 200, "Frontend request doesn't return status code 200"
assert frontend_response.headers.get('Content-Type', '').startswith('image/'), 'Frontend logo Content-Type is not an image'
print("Frontend accessible")
# Test if backend is accessible
graphql_accept_header = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
backend_response = requests.get(urllib.parse.urljoin(SPECKLE_SERVER, 'graphql'), headers={'Accept': graphql_accept_header})
assert backend_response.status_code == 200, "Backend request doesn't return status code 200"
assert 'GraphQL Playground' in backend_response.text, "/graphql didn't respond with GraphQL Playground"
print("Backend accessible")
# Test basic unauthenticated operation using specklepy
client = SpeckleClient(SPECKLE_SERVER, use_ssl=SPECKLE_SERVER.startswith('https://'))
server_info = client.server.get()
assert isinstance(server_info, ServerInfo), "GraphQL ServerInfo query error"
print(f"GraphQL operation succeeded. Server name: {server_info.name}")
# Test that the deployed server version matches the expected version
SERVER_VERSION = ''
if len(sys.argv) > 2:
SERVER_VERSION = sys.argv[2]
if not SERVER_VERSION:
SERVER_VERSION = os.getenv('SERVER_VERSION')
if SERVER_VERSION:
if not SERVER_VERSION == 'latest':
assert server_info.version == SERVER_VERSION, f"The deployed version {server_info.version} doesn't match the expected {SERVER_VERSION}"
print(f"Server version {SERVER_VERSION} is deployed and available")
else:
print("Not testing server version, as it was set to 'latest'")
else:
print("Not testing server version, as an expected value was not provided via environment variables or command-line argument")
print('Deployment tests PASS')
Reference in New Issue View Git Blame Copy Permalink