Skip to content

Commit

Permalink
Feat: Limit cnf_setup to only one CNF
Browse files Browse the repository at this point in the history
Refs: #2095
  • Loading branch information
svteb committed Sep 30, 2024
1 parent 836581a commit 3e26888
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 58 deletions.
8 changes: 4 additions & 4 deletions spec/5g/ran_spec.cr
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,12 @@ describe "5g" do

it "'oran_e2_connection' should pass if the ORAN enabled RAN connects to the RIC using the e2 standard", tags: ["oran"] do
begin
ShellCmd.cnf_setup("cnf-config=sample-cnfs/sample_srsran_ueauth_open5gs/cnf-testsuite.yml")
Helm.install("open5gs sample-cnfs/sample_srsran_ueauth_open5gs/open5gs -f sample-cnfs/sample_srsran_ueauth_open5gs/cnf-testsuite.yml -n oran --create-namespace")
ShellCmd.cnf_setup("cnf-config=sample-cnfs/sample-oran-ric/cnf-testsuite.yml")
result = ShellCmd.run_testsuite("oran_e2_connection verbose")
(/(PASSED).*(RAN connects to a RIC using the e2 standard interface)/ =~ result[:output]).should_not be_nil
ensure
result = ShellCmd.run_testsuite("cnf_cleanup cnf-config=sample-cnfs/sample_srsran_ueauth_open5gs/cnf-testsuite.yml")
result = Helm.delete("open5gs -n oran")
result[:status].success?.should be_true
result = ShellCmd.run_testsuite("cnf_cleanup cnf-config=sample-cnfs/sample-oran-ric/cnf-testsuite.yml")
result[:status].success?.should be_true
Expand All @@ -29,12 +29,12 @@ describe "5g" do

it "'oran_e2_connection' should fail if the ORAN enabled RAN does not connect to the RIC using the e2 standard", tags: ["oran"] do
begin
ShellCmd.cnf_setup("cnf-config=sample-cnfs/sample_srsran_ueauth_open5gs/cnf-testsuite.yml")
Helm.install("open5gs sample-cnfs/sample_srsran_ueauth_open5gs/open5gs -f sample-cnfs/sample_srsran_ueauth_open5gs/cnf-testsuite.yml -n oran --create-namespace")
ShellCmd.cnf_setup("cnf-config=sample-cnfs/sample-oran-noric/cnf-testsuite.yml")
result = ShellCmd.run_testsuite("oran_e2_connection verbose")
(/(FAILED).*(RAN does not connect to a RIC using the e2 standard interface)/ =~ result[:output]).should_not be_nil
ensure
result = ShellCmd.run_testsuite("cnf_cleanup cnf-config=sample-cnfs/sample_srsran_ueauth_open5gs/cnf-testsuite.yml")
result = Helm.delete("open5gs -n oran")
result[:status].success?.should be_true
result = ShellCmd.run_testsuite("cnf_cleanup cnf-config=sample-cnfs/sample-oran-noric/cnf-testsuite.yml")
result[:status].success?.should be_true
Expand Down
13 changes: 13 additions & 0 deletions spec/setup_spec.cr
Original file line number Diff line number Diff line change
Expand Up @@ -109,4 +109,17 @@ describe "Setup" do
(/Successfully cleaned up/ =~ result[:output]).should_not be_nil
end
end

it "'cnf_setup' should fail if another CNF is already installed", tags: ["setup"] do
begin
result = ShellCmd.cnf_setup("cnf-path=sample-cnfs/sample_coredns/cnf-testsuite.yml")
(/Successfully setup coredns/ =~ result[:output]).should_not be_nil
result = ShellCmd.cnf_setup("cnf-path=sample-cnfs/sample-minimal-cnf/cnf-testsuite.yml")
(/A CNF is already set up. Setting up multiple CNFs is not allowed./ =~ result[:output]).should_not be_nil
ensure
result = ShellCmd.run_testsuite("cnf-cleanup cnf-path=sample-cnfs/sample_coredns/cnf-testsuite.yml")
result[:status].success?.should be_true
(/Successfully cleaned up/ =~ result[:output]).should_not be_nil
end
end
end
54 changes: 0 additions & 54 deletions spec/utils/utils_spec.cr
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ describe "Utils" do
#TODO make CNFManager.sample_setup_args accept the full path to the config yml instead of the directory
(check_cnf_config(args)).should eq("./sample-cnfs/sample-generic-cnf")
end


it "'upsert_skipped_task' should put a 0 in the results file", tags: ["task_runner"] do
CNFManager::Points.clean_results_yml
Expand Down Expand Up @@ -150,59 +149,6 @@ describe "Utils" do
(yaml["exit_code"]).should eq(2)
end

it "'all_cnfs_task_runner' should run a test against all cnfs in the cnfs directory if there is not cnf-config argument passed to it", tags: ["task_runner"] do
my_args = Sam::Args.new
ShellCmd.cnf_setup("cnf-path=sample-cnfs/sample-generic-cnf")
ShellCmd.cnf_setup("cnf-path=sample-cnfs/sample_privileged_cnf")
task_response = CNFManager::Task.all_cnfs_task_runner(my_args) do |args, config|
Log.info { "all_cnfs_task_runner spec args #{args.inspect}" }
Log.for("verbose").info { "privileged_containers" } if check_verbose(args)
white_list_container_names = config.cnf_config[:white_list_container_names]
Log.for("verbose").info { "white_list_container_names #{white_list_container_names.inspect}" } if check_verbose(args)
violation_list = [] of String
resource_response = CNFManager.workload_resource_test(args, config) do |resource, container, initialized|

privileged_list = KubectlClient::Get.privileged_containers
resource_containers = KubectlClient::Get.resource_containers(resource["kind"],resource["name"],resource["namespace"])
resource_containers_list = (JSON.parse(resource_containers.to_json).as_a).map { |element| element["name"] }
# Only check the containers that are in the deployed helm chart or manifest
(privileged_list & (resource_containers_list - white_list_container_names)).each do |x|
violation_list << x
end
if violation_list.size > 0
false
else
true
end
end
Log.debug { "violator list: #{violation_list.flatten}" }
emoji_security=""
if resource_response
resp = upsert_passed_task("privileged_containers", "✔️ PASSED: No privileged containers", Time.utc)
else
resp = upsert_failed_task("privileged_containers", "✖️ FAILED: Found #{violation_list.size} privileged containers: #{violation_list.inspect}", Time.utc)
end
resp
end
(task_response).should eq(["✔️ PASSED: No privileged containers",
"✖️ FAILED: Found 1 privileged containers: [\"privileged-coredns\"]"])
ensure
CNFManager.sample_cleanup(config_file: "sample-cnfs/sample-generic-cnf", verbose: true)
CNFManager.sample_cleanup(config_file: "sample-cnfs/sample_privileged_cnf", verbose: true)
end

it "'task_runner' should run a test against a single cnf if passed a cnf-config argument even if there are multiple cnfs installed", tags: ["task_runner"] do
ShellCmd.cnf_setup("cnf-config=sample-cnfs/sample-generic-cnf/cnf-testsuite.yml")
ShellCmd.cnf_setup("cnf-config=sample-cnfs/sample_privileged_cnf/cnf-testsuite.yml")
result = ShellCmd.run_testsuite("privileged_containers")
(/(FAILED).*(Found 1 privileged containers)/ =~ result[:output]).should_not be_nil
ensure
result = ShellCmd.run_testsuite("cnf_cleanup cnf-config=sample-cnfs/sample-generic-cnf/cnf-testsuite.yml")
result[:status].success?.should be_true
result = ShellCmd.run_testsuite("cnf_cleanup cnf-config=sample-cnfs/sample_privileged_cnf/cnf-testsuite.yml")
result[:status].success?.should be_true
end

it "'logger' command line logger level setting via config.yml", tags: ["logger"] do
# NOTE: the config.yml file is in the root of the repo directory.
# as written this test depends on they key loglevel being set to 'info' in that config.yml
Expand Down
9 changes: 9 additions & 0 deletions src/tasks/cnf_setup.cr
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,21 @@ task "cnf_setup", ["helm_local_install", "create_namespace"] do |_, args|
Log.for("verbose").debug { "args = #{args.inspect}" } if check_verbose(args)
cli_hash = CNFManager.sample_setup_cli_args(args)
config_file = cli_hash[:config_file]

# To avoid undefined behavior, only one CNF can be set up at any time.
if CNFManager.cnf_installed?
stdout_warning "A CNF is already set up. Setting up multiple CNFs is not allowed."
stdout_warning "To set up a new CNF, please clean up the existing one: #{CNFManager.cnf_config_list.first}"
exit 0
end

if ClusterTools.install
stdout_success "ClusterTools installed"
else
stdout_failure "The ClusterTools installation timed out. Please check the status of the cluster-tools pods."
exit 1
end

stdout_success "cnf setup start"
CNFManager.sample_setup(cli_hash)
stdout_success "cnf setup complete"
Expand Down

0 comments on commit 3e26888

Please sign in to comment.