Refactor tests and add 1.10.1 support

We're adding a rock definition for cert-manager 1.10.1.

At the same time, we're refactoring the tests to use the updated
test harness.

acmesolver/1.10.1/rockcraft.yaml

@@ -0,0 +1,39 @@
+name: cert-manager-acmesolver
+summary: ROCK for the cert-manager-acmesolver Project.
+description: |
+  This ROCK is a drop-in replacement for the autoscaling/cert-manager-acmesolver image.
+version: "1.10.1"
+license: Apache-2.0
+
+base: bare
+build-base: [email protected]
+platforms:
+  amd64:
+  arm64:
+
+run-user: _daemon_
+entrypoint-service: cert-manager-acmesolver
+services:
+  cert-manager-acmesolver:
+    override: replace
+    summary: "cert-manager-acmesolver service"
+    startup: enabled
+    command: "/acmesolver-linux [ -h ]"
+    on-failure: shutdown
+
+parts:
+  cert-manager-acmesolver:
+    plugin: nil
+    source: https://github.com/cert-manager/cert-manager.git
+    source-type: git
+    source-tag: v1.10.1
+    source-depth: 1
+    build-snaps:
+      - jq
+      - go/1.22/stable
+    override-build: |
+      # CTR=echo is hacky way of passing docker check not required for build
+      make CTR=echo _bin/server/acmesolver-linux-${CRAFT_PLATFORM}
+      cp _bin/server/acmesolver-linux-${CRAFT_PLATFORM} ${CRAFT_PART_INSTALL}/acmesolver-linux
+    prime:
+      - acmesolver-linux

cainjector/1.10.1/rockcraft.yaml

@@ -0,0 +1,39 @@
+name: cert-manager-cainjector
+summary: ROCK for the cert-manager-cainjector Project.
+description: |
+  This ROCK is a drop-in replacement for the autoscaling/cert-manager-cainjector image.
+version: 1.10.1
+license: Apache-2.0
+
+base: bare
+build-base: [email protected]
+platforms:
+  amd64:
+  arm64:
+
+run-user: _daemon_
+entrypoint-service: cert-manager-cainjector
+services:
+  cert-manager-cainjector:
+    override: replace
+    summary: "cert-manager-cainjector service"
+    startup: enabled
+    command: "/cainjector-linux [ -h ]"
+    on-failure: shutdown
+
+parts:
+  cert-manager-cainjector:
+    plugin: nil
+    source: https://github.com/cert-manager/cert-manager.git
+    source-type: git
+    source-tag: v1.10.1
+    source-depth: 1
+    build-snaps:
+      - jq
+      - go/1.22/stable
+    override-build: |
+      # CTR=echo is hacky way of passing docker check not required for build
+      make CTR=echo _bin/server/cainjector-linux-${CRAFT_PLATFORM}
+      cp _bin/server/cainjector-linux-${CRAFT_PLATFORM} ${CRAFT_PART_INSTALL}/cainjector-linux
+    prime:
+      - cainjector-linux

cainjector/rockcraft.yaml → cainjector/1.12.2/rockcraft.yaml

@@ -1,6 +1,6 @@
 name: cert-manager-cainjector
 summary: ROCK for the cert-manager-cainjector Project.
-description: | 
+description: |
   This ROCK is a drop-in replacement for the autoscaling/cert-manager-cainjector image.
 version: "1.12.2"
 license: Apache-2.0

controller/1.10.1/rockcraft.yaml

@@ -0,0 +1,39 @@
+name: cert-manager-controller
+summary: ROCK for the cert-manager-controller Project.
+description: |
+  This ROCK is a drop-in replacement for the autoscaling/cert-manager-controller image.
+version: 1.10.1
+license: Apache-2.0
+
+base: bare
+build-base: [email protected]
+platforms:
+  amd64:
+  arm64:
+
+run-user: _daemon_
+entrypoint-service: cert-manager-controller
+services:
+  cert-manager-controller:
+    override: replace
+    summary: "cert-manager-controller service"
+    startup: enabled
+    command: "/controller-linux [ -h ]"
+    on-failure: shutdown
+
+parts:
+  cert-manager-controller:
+    plugin: nil
+    source: https://github.com/cert-manager/cert-manager.git
+    source-type: git
+    source-tag: v1.10.1
+    source-depth: 1
+    build-snaps:
+      - jq
+      - go/1.22/stable
+    override-build: |
+      # CTR=echo is hacky way of passing docker check not required for build
+      make CTR=echo _bin/server/controller-linux-${CRAFT_PLATFORM}
+      cp _bin/server/controller-linux-${CRAFT_PLATFORM} ${CRAFT_PART_INSTALL}/controller-linux
+    prime:
+      - controller-linux

tests/.copyright.tmpl

@@ -0,0 +1,2 @@
+Copyright ${years} ${owner}.
+See LICENSE file for licensing details

tests/integration/check_certmanager.py

@@ -0,0 +1,74 @@
+#
+# Copyright 2024 Canonical, Ltd.
+# See LICENSE file for licensing details
+#
+
+from pathlib import Path
+
+from k8s_test_harness import harness
+from k8s_test_harness.util import constants, env_util, k8s_util
+from k8s_test_harness.util.k8s_util import HelmImage
+
+from config import MANIFESTS_DIR
+
+IMG_PLATFORM = "amd64"
+IMG_VERSION = "1.10.1"
+CHART_VERSION = IMG_VERSION
+INSTALL_NAME = "cert-manager"
+
+
+def _get_rock_image(name: str, verson: str):
+    rock = env_util.get_build_meta_info_for_rock_version(
+        "cert-manager-%s", IMG_VERSION, IMG_PLATFORM
+    )
+    return rock.image
+
+def check_certmanager(module_instance: harness.Instance,
+                      img_version: str, chart_version: str):
+    images = [
+        HelmImage(uri=_get_rock_image("controller", img_version)),
+        HelmImage(uri=_get_rock_image("webhook", img_version),
+                  prefix="webhook"),
+        HelmImage(uri=_get_rock_image("cainjector", img_version),
+                  prefix="cainjector"),
+        HelmImage(uri=_get_rock_image("acmesolver", img_version),
+                  prefix="acmesolver"),
+    ]
+
+    helm_command = k8s_util.get_helm_install_command(
+        name=INSTALL_NAME,
+        chart_name="cert-manager",
+        images=[k8s_util.HelmImage(uri=rock.image)],
+        namespace=constants.K8S_NS_KUBE_SYSTEM,
+        chart_version=chart_version,
+        repository="https://charts.jetstack.io",
+    )
+    helm_command += ['--set', 'installCRDs=true']
+    module_instance.exec(helm_command)
+
+    manifest = MANIFESTS_DIR / "cert-manager-test.yaml"
+    module_instance.exec(
+        ["k8s", "kubectl", "apply", "-f", "-"],
+        input=Path(manifest).read_bytes(),
+    )
+
+    k8s_utils.wait_for_resource(
+        module_instance,
+        resource_type="certificate",
+        name="selfsigned-cert",
+        namespace="cert-manager-test")
+
+    exec_util.stubbornly(retries=5, delay_s=10).on(module_instance).until(
+        lambda p: "selfsigned-cert-tls" in p.stdout.decode()
+    ).exec(
+        [
+            "k8s",
+            "kubectl",
+            "get",
+            "secret",
+            "--namespace",
+            "cert-manager-test",
+            "-o",
+            "json",
+        ]
+    )

tests/integration/config.py

@@ -0,0 +1,9 @@
+#
+# Copyright 2024 Canonical, Ltd.
+#
+import os
+from pathlib import Path
+
+DIR = Path(__file__).absolute().parent
+
+MANIFESTS_DIR = DIR / ".." / "templates"

tests/integration/conftest.py

@@ -1,135 +1,5 @@
 #
 # Copyright 2024 Canonical, Ltd.
+# See LICENSE file for licensing details
 #
-import logging
-from pathlib import Path
-from typing import Generator, List
-
-import pytest
-from test_util import config, harness, util
-
-LOG = logging.getLogger(__name__)
-
-
-def _harness_clean(h: harness.Harness):
-    "Clean up created instances within the test harness."
-
-    if config.SKIP_CLEANUP:
-        LOG.warning(
-            "Skipping harness cleanup. "
-            "It is your job now to clean up cloud resources"
-        )
-    else:
-        LOG.debug("Cleanup")
-        h.cleanup()
-
-
-@pytest.fixture(scope="session")
-def h() -> harness.Harness:
-    LOG.debug("Create harness for %s", config.SUBSTRATE)
-    if config.SUBSTRATE == "local":
-        h = harness.LocalHarness()
-    elif config.SUBSTRATE == "lxd":
-        h = harness.LXDHarness()
-    elif config.SUBSTRATE == "multipass":
-        h = harness.MultipassHarness()
-    elif config.SUBSTRATE == "juju":
-        h = harness.JujuHarness()
-    else:
-        raise harness.HarnessError(
-            "TEST_SUBSTRATE must be one of: local, lxd, multipass, juju"
-        )
-
-    yield h
-
-    _harness_clean(h)
-
-
-def pytest_configure(config):
-    config.addinivalue_line(
-        "markers",
-        "node_count: Mark a test to specify how many instance nodes need to be created\n"
-        "disable_k8s_bootstrapping: By default, the first k8s node is bootstrapped. This marker disables that.",
-    )
-
-
-@pytest.fixture(scope="function")
-def node_count(request) -> int:
-    node_count_marker = request.node.get_closest_marker("node_count")
-    if not node_count_marker:
-        return 1
-    node_count_arg, *_ = node_count_marker.args
-    return int(node_count_arg)
-
-
-@pytest.fixture(scope="function")
-def disable_k8s_bootstrapping(request) -> int:
-    return bool(request.node.get_closest_marker("disable_k8s_bootstrapping"))
-
-
-@pytest.fixture(scope="function")
-def instances(
-    h: harness.Harness, node_count: int, tmp_path: Path, disable_k8s_bootstrapping: bool
-) -> Generator[List[harness.Instance], None, None]:
-    """Construct instances for a cluster.
-
-    Bootstrap and setup networking on the first instance, if `disable_k8s_bootstrapping` marker is not set.
-    """
-    if not config.SNAP_CHANNEL:
-        pytest.fail("Set TEST_SNAP_CHANNEL to the channel of the k8s snap to install.")
-
-    if node_count <= 0:
-        pytest.xfail("Test requested 0 or fewer instances, skip this test.")
-
-    LOG.info(f"Creating {node_count} instances")
-    instances: List[harness.Instance] = []
-
-    for _ in range(node_count):
-        # Create <node_count> instances and setup the k8s snap in each.
-        instance = h.new_instance()
-        instances.append(instance)
-        util.setup_k8s_snap(instance)
-
-    if not disable_k8s_bootstrapping:
-        first_node, *_ = instances
-        first_node.exec(["k8s", "bootstrap"])
-
-    yield instances
-
-    if config.SKIP_CLEANUP:
-        LOG.warning("Skipping clean-up of instances, delete them on your own")
-        return
-
-    # Cleanup after each test.
-    # We cannot execute _harness_clean() here as this would also
-    # remove the session_instance. The harness ensures that everything is cleaned up
-    # at the end of the test session.
-    for instance in instances:
-        h.delete_instance(instance.id)
-
-
-@pytest.fixture(scope="session")
-def session_instance(
-    h: harness.Harness, tmp_path_factory: pytest.TempPathFactory
-) -> Generator[harness.Instance, None, None]:
-    """Constructs and bootstraps an instance that persists over a test session.
-
-    Bootstraps the instance with all k8sd features enabled to reduce testing time.
-    """
-    LOG.info("Setup node and enable all features")
-
-    instance = h.new_instance()
-    util.setup_k8s_snap(instance)
-
-    bootstrap_config_path = "/home/ubuntu/bootstrap-session.yaml"
-    instance.send_file(
-        (config.MANIFESTS_DIR / "bootstrap-session.yaml").as_posix(),
-        bootstrap_config_path,
-    )
-
-    instance.exec(["k8s", "bootstrap", "--file", bootstrap_config_path])
-    util.wait_until_k8s_ready(instance, [instance])
-    util.wait_for_network(instance)
-    util.wait_for_dns(instance)
-
-    yield instance
+pytest_plugins = ["k8s_test_harness.plugin"]