ARO-RP/test/e2e/adminapi_cluster_getlogs.go

package e2e

// Copyright (c) Microsoft Corporation.
// Licensed under the Apache License 2.0.

import (
	"context"
	"errors"
	"fmt"
	"net/http"
	"net/url"
	"strings"
	"time"

	. "github.com/onsi/ginkgo/v2"
	. "github.com/onsi/gomega"

	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/util/wait"
)

var _ = Describe("[Admin API] Kubernetes get pod logs action", func() {
	BeforeEach(skipIfNotInDevelopmentEnv)

	const containerName = "e2e-test-container-name"
	const podName = "e2e-test-pod-name"

	When("in a standard openshift namespace", func() {
		const namespace = "openshift-azure-operator"

		It("must be able to get logs from a container of a pod", func(ctx context.Context) {
			testGetPodLogsOK(ctx, containerName, podName, namespace)
		})
	})

	When("in a customer namespace", func() {
		const namespace = "e2e-test-namespace"

		It("must be not be able to get logs from customer workload namespaces", func(ctx context.Context) {
			testGetPodLogsFromCustomerNamespaceForbidden(ctx, containerName, podName, namespace)
		})
	})
})

// We will create a pod with known logs of its container and will compare the logs gotten through the kubernetes client and through the Admin API.
func testGetPodLogsOK(ctx context.Context, containerName, podName, namespace string) {
	expectedLog := "mock-pod-logs"

	By("creating a test pod in openshift-azure-operator namespace with some known logs")
	pod := mockPod(containerName, podName, namespace, expectedLog)
	pod, err := clients.Kubernetes.CoreV1().Pods(namespace).Create(ctx, pod, metav1.CreateOptions{})
	Expect(err).NotTo(HaveOccurred())

	defer func() {
		By("deleting the test pod")
		err = clients.Kubernetes.CoreV1().Pods(namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{})
		Expect(err).NotTo(HaveOccurred())
	}()

	By("waiting for the pod to successfully terminate")
	err = wait.PollInfinite(time.Second*5, func() (done bool, err error) {
		pod, err = clients.Kubernetes.CoreV1().Pods(namespace).Get(ctx, pod.Name, metav1.GetOptions{})
		Expect(err).NotTo(HaveOccurred())

		switch pod.Status.Phase {
		case corev1.PodSucceeded:
			return true, nil
		case corev1.PodPending:
			if pod.CreationTimestamp.Time.Add(5*time.Minute).Unix() < time.Now().Unix() {
				return false, errors.New("pod was pending for more than 5min")
			}
			return false, nil
		case corev1.PodFailed:
			return true, errors.New(pod.Status.Message)
		}
		return false, nil
	})
	Expect(err).NotTo(HaveOccurred())

	By("requesting logs via RP admin API")
	params := url.Values{
		"container": []string{containerName},
		"namespace": []string{namespace},
		"podname":   []string{podName},
	}
	var logs string
	resp, err := adminRequest(ctx, http.MethodGet, "/admin"+resourceIDFromEnv()+"/kubernetespodlogs", params, nil, &logs)
	Expect(err).NotTo(HaveOccurred())
	Expect(resp.StatusCode).To(Equal(http.StatusOK))

	By("verifying that logs received from RP match known logs")
	Expect(strings.TrimRight(logs, "\n")).To(Equal(expectedLog))
}

func testGetPodLogsFromCustomerNamespaceForbidden(ctx context.Context, containerName, podName, namespace string) {
	By("requesting logs via RP admin API")
	params := url.Values{
		"container": []string{containerName},
		"namespace": []string{namespace},
		"podname":   []string{podName},
	}

	var logs string
	resp, err := adminRequest(ctx, http.MethodGet, "/admin"+resourceIDFromEnv()+"/kubernetespodlogs", params, nil, logs)
	Expect(err).NotTo(HaveOccurred())
	Expect(resp.StatusCode).To(Equal(http.StatusForbidden))

	By("verifying that we not receive any logs from RP")
	Expect(strings.TrimRight(logs, "\n")).To(BeEmpty())
}

func mockPod(containerName, podName, namespace, fakeLog string) *corev1.Pod {
	return &corev1.Pod{
		TypeMeta: metav1.TypeMeta{
			Kind:       "Pod",
			APIVersion: "v1",
		},
		ObjectMeta: metav1.ObjectMeta{
			Name:      podName,
			Namespace: namespace,
		},
		Spec: corev1.PodSpec{
			Containers: []corev1.Container{{
				Name:    containerName,
				Image:   "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:103505c93bf45c4a29301f282f1ff046e35b63bceaf4df1cca2e631039289da2",
				Command: []string{"/bin/bash", "-c", fmt.Sprintf("echo %q", fakeLog)},
			}},
			RestartPolicy: "Never",
			HostNetwork:   true,
			HostPID:       true,
		},
		Status: corev1.PodStatus{},
	}
}
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`package e2e`

			`// Copyright (c) Microsoft Corporation.`
			`// Licensed under the Apache License 2.0.`

			`import (`
			`"context"`
attempt to make this e2e test a bit more reliable 2022-06-14 04:15:29 +03:00			`"errors"`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`"fmt"`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`"net/http"`
			`"net/url"`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`"strings"`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`"time"`

update to ginkgo v2 in the e2e tests 2022-06-15 03:10:42 +03:00			`. "github.com/onsi/ginkgo/v2"`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`. "github.com/onsi/gomega"`

			`corev1 "k8s.io/api/core/v1"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`"k8s.io/apimachinery/pkg/util/wait"`
			`)`

			`var _ = Describe("[Admin API] Kubernetes get pod logs action", func() {`
			`BeforeEach(skipIfNotInDevelopmentEnv)`

			`const containerName = "e2e-test-container-name"`
			`const podName = "e2e-test-pod-name"`

			`When("in a standard openshift namespace", func() {`
			`const namespace = "openshift-azure-operator"`

Improves context usage in E2Es Unifies context usage across e2e specs: makes our tests use Ginkgo provided context. 2022-10-31 19:19:20 +03:00			`It("must be able to get logs from a container of a pod", func(ctx context.Context) {`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`testGetPodLogsOK(ctx, containerName, podName, namespace)`
			`})`
			`})`

			`When("in a customer namespace", func() {`
			`const namespace = "e2e-test-namespace"`

Improves context usage in E2Es Unifies context usage across e2e specs: makes our tests use Ginkgo provided context. 2022-10-31 19:19:20 +03:00			`It("must be not be able to get logs from customer workload namespaces", func(ctx context.Context) {`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`testGetPodLogsFromCustomerNamespaceForbidden(ctx, containerName, podName, namespace)`
			`})`
			`})`
			`})`

			`// We will create a pod with known logs of its container and will compare the logs gotten through the kubernetes client and through the Admin API.`
			`func testGetPodLogsOK(ctx context.Context, containerName, podName, namespace string) {`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`expectedLog := "mock-pod-logs"`

			`By("creating a test pod in openshift-azure-operator namespace with some known logs")`
			`pod := mockPod(containerName, podName, namespace, expectedLog)`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`pod, err := clients.Kubernetes.CoreV1().Pods(namespace).Create(ctx, pod, metav1.CreateOptions{})`
			`Expect(err).NotTo(HaveOccurred())`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`defer func() {`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`By("deleting the test pod")`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`err = clients.Kubernetes.CoreV1().Pods(namespace).Delete(ctx, pod.Name, metav1.DeleteOptions{})`
			`Expect(err).NotTo(HaveOccurred())`
			`}()`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00
			`By("waiting for the pod to successfully terminate")`
attempt to make this e2e test a bit more reliable 2022-06-14 04:15:29 +03:00			`err = wait.PollInfinite(time.Second*5, func() (done bool, err error) {`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`pod, err = clients.Kubernetes.CoreV1().Pods(namespace).Get(ctx, pod.Name, metav1.GetOptions{})`
			`Expect(err).NotTo(HaveOccurred())`
attempt to make this e2e test a bit more reliable 2022-06-14 04:15:29 +03:00
			`switch pod.Status.Phase {`
			`case corev1.PodSucceeded:`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`return true, nil`
attempt to make this e2e test a bit more reliable 2022-06-14 04:15:29 +03:00			`case corev1.PodPending:`
			`if pod.CreationTimestamp.Time.Add(5*time.Minute).Unix() < time.Now().Unix() {`
			`return false, errors.New("pod was pending for more than 5min")`
			`}`
			`return false, nil`
			`case corev1.PodFailed:`
			`return true, errors.New(pod.Status.Message)`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`}`
			`return false, nil`
			`})`
			`Expect(err).NotTo(HaveOccurred())`

Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`By("requesting logs via RP admin API")`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`params := url.Values{`
			`"container": []string{containerName},`
			`"namespace": []string{namespace},`
			`"podname": []string{podName},`
			`}`
			`var logs string`
			`resp, err := adminRequest(ctx, http.MethodGet, "/admin"+resourceIDFromEnv()+"/kubernetespodlogs", params, nil, &logs)`
			`Expect(err).NotTo(HaveOccurred())`
			`Expect(resp.StatusCode).To(Equal(http.StatusOK))`

Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`By("verifying that logs received from RP match known logs")`
			`Expect(strings.TrimRight(logs, "\n")).To(Equal(expectedLog))`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`}`

			`func testGetPodLogsFromCustomerNamespaceForbidden(ctx context.Context, containerName, podName, namespace string) {`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`By("requesting logs via RP admin API")`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`params := url.Values{`
			`"container": []string{containerName},`
			`"namespace": []string{namespace},`
			`"podname": []string{podName},`
			`}`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00
			`var logs string`
			`resp, err := adminRequest(ctx, http.MethodGet, "/admin"+resourceIDFromEnv()+"/kubernetespodlogs", params, nil, logs)`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`Expect(err).NotTo(HaveOccurred())`
			`Expect(resp.StatusCode).To(Equal(http.StatusForbidden))`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00
			`By("verifying that we not receive any logs from RP")`
			`Expect(strings.TrimRight(logs, "\n")).To(BeEmpty())`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`}`

Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`func mockPod(containerName, podName, namespace, fakeLog string) *corev1.Pod {`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`return &corev1.Pod{`
			`TypeMeta: metav1.TypeMeta{`
			`Kind: "Pod",`
			`APIVersion: "v1",`
			`},`
			`ObjectMeta: metav1.ObjectMeta{`
			`Name: podName,`
			`Namespace: namespace,`
			`},`
			`Spec: corev1.PodSpec{`
			`Containers: []corev1.Container{{`
			`Name: containerName,`
			`Image: "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:103505c93bf45c4a29301f282f1ff046e35b63bceaf4df1cca2e631039289da2",`
Fixes get pod logs E2E Previously the test was claiming to compare logs from RP with known logs, but in fact we were comparing logs from RP with logs received derectly from API server. 2022-10-11 15:50:37 +03:00			`Command: []string{"/bin/bash", "-c", fmt.Sprintf("echo %q", fakeLog)},`
add: Getpodlogs kubeaction api (#1885) 2022-06-02 12:56:07 +03:00			`}},`
			`RestartPolicy: "Never",`
			`HostNetwork: true,`
			`HostPID: true,`
			`},`
			`Status: corev1.PodStatus{},`
			`}`
			`}`