✨ (go/v4) Add scaffold for e2e webhook checks

camilamacedo86 · camilamacedo86 · commit b13bb6ee81bf · 2024-09-07T08:06:11.000+01:00
A new scaffold marker is introduced to automatically adds end-to-end tests for webhooks in the test/e2e/test.go

The scaffolded tests include:
- Validation that cert-manager has successfully provisioned the secret, when/if an webhook is scaffold for the project.
- Verification that the CA bundle is injected into the mutating webhooks, if a mutating webhook is scaffolded.
- Verification that the CA bundle is injected into the validating webhooks, if a validating webhook is scaffolded.
diff --git a/docs/book/src/cronjob-tutorial/testdata/project/test/e2e/e2e_test.go b/docs/book/src/cronjob-tutorial/testdata/project/test/e2e/e2e_test.go
@@ -184,6 +184,46 @@ var _ = Describe("Manager", Ordered, func() {
 			))
 		})
 
+		It("should provisioned cert-manager", func() {
+			By("validating that cert-manager has the certificate Secret")
+			verifyCertManager := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get", "secrets", "webhook-server-cert", "-n", namespace)
+				_, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+			}
+			Eventually(verifyCertManager).Should(Succeed())
+		})
+
+		It("should have CA injection for mutating webhooks", func() {
+			By("checking CA injection for mutating webhooks")
+			verifyCAInjection := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get",
+					"mutatingwebhookconfigurations.admissionregistration.k8s.io",
+					"project-mutating-webhook-configuration",
+					"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+				mwhOutput, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(len(mwhOutput)).To(BeNumerically(">", 10))
+			}
+			Eventually(verifyCAInjection).Should(Succeed())
+		})
+
+		It("should have CA injection for validating webhooks", func() {
+			By("checking CA injection for validating webhooks")
+			verifyCAInjection := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get",
+					"validatingwebhookconfigurations.admissionregistration.k8s.io",
+					"project-validating-webhook-configuration",
+					"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+				vwhOutput, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(len(vwhOutput)).To(BeNumerically(">", 10))
+			}
+			Eventually(verifyCAInjection).Should(Succeed())
+		})
+
+		// +kubebuilder:scaffold:e2e-webhooks-checks
+
 		// TODO: Customize the e2e test suite with scenarios specific to your project.
 		// Consider applying sample/CR(s) and check their status and/or verifying
 		// the reconciliation by using the metrics, i.e.:
diff --git a/docs/book/src/getting-started/testdata/project/test/e2e/e2e_test.go b/docs/book/src/getting-started/testdata/project/test/e2e/e2e_test.go
@@ -184,6 +184,8 @@ var _ = Describe("Manager", Ordered, func() {
 			))
 		})
 
+		// +kubebuilder:scaffold:e2e-webhooks-checks
+
 		// TODO: Customize the e2e test suite with scenarios specific to your project.
 		// Consider applying sample/CR(s) and check their status and/or verifying
 		// the reconciliation by using the metrics, i.e.:
diff --git a/pkg/plugins/golang/v4/scaffolds/init.go b/pkg/plugins/golang/v4/scaffolds/init.go
@@ -160,6 +160,7 @@ func (s *initScaffolder) Scaffold() error {
 		&templates.Readme{},
 		&templates.Golangci{},
 		&e2e.Test{},
+		&e2e.WebhookTestUpdater{WireWebhook: false},
 		&e2e.SuiteTest{},
 		&utils.Utils{},
 		&templates.DevContainer{},
diff --git a/pkg/plugins/golang/v4/scaffolds/internal/templates/test/e2e/test.go b/pkg/plugins/golang/v4/scaffolds/internal/templates/test/e2e/test.go
@@ -17,11 +17,18 @@ limitations under the License.
 package e2e
 
 import (
+	"fmt"
+	"path/filepath"
+
 	"sigs.k8s.io/kubebuilder/v4/pkg/machinery"
 )
 
-var _ machinery.Template = &SuiteTest{}
+var _ machinery.Template = &Test{}
+var _ machinery.Inserter = &WebhookTestUpdater{}
 
+const webhookChecksMarker = "e2e-webhooks-checks"
+
+// Test defines the basic setup for the e2e test
 type Test struct {
 	machinery.TemplateMixin
 	machinery.BoilerplateMixin
@@ -31,13 +38,115 @@ type Test struct {
 
 func (f *Test) SetTemplateDefaults() error {
 	if f.Path == "" {
-		f.Path = "test/e2e/e2e_test.go"
+		f.Path = filepath.Join("test", "e2e", "e2e_test.go")
 	}
 
+	// This is where the template body is defined with markers
 	f.TemplateBody = TestTemplate
+
 	return nil
 }
 
+// WebhookTestUpdater updates e2e_test.go to insert additional webhook validation tests
+type WebhookTestUpdater struct {
+	machinery.RepositoryMixin
+	machinery.ProjectNameMixin
+	machinery.ResourceMixin
+	WireWebhook bool
+}
+
+// GetPath implements file.Builder
+func (*WebhookTestUpdater) GetPath() string {
+	return filepath.Join("test", "e2e", "e2e_test.go")
+}
+
+// GetIfExistsAction implements file.Builder
+func (*WebhookTestUpdater) GetIfExistsAction() machinery.IfExistsAction {
+	return machinery.OverwriteFile // Ensures only the marker is replaced
+}
+
+// GetMarkers implements file.Inserter
+func (f *WebhookTestUpdater) GetMarkers() []machinery.Marker {
+	return []machinery.Marker{
+		machinery.NewMarkerFor(f.GetPath(), webhookChecksMarker),
+	}
+}
+
+// GetCodeFragments implements file.Inserter
+func (f *WebhookTestUpdater) GetCodeFragments() machinery.CodeFragmentsMap {
+	codeFragments := machinery.CodeFragmentsMap{}
+	if !f.WireWebhook {
+		return nil
+	}
+	codeFragments[machinery.NewMarkerFor(f.GetPath(), webhookChecksMarker)] = append(
+		codeFragments[machinery.NewMarkerFor(f.GetPath(), webhookChecksMarker)],
+		webhookChecksFragment,
+	)
+
+	if f.Resource != nil && f.Resource.HasDefaultingWebhook() {
+		mutatingWebhookCode := fmt.Sprintf(mutatingWebhookChecksFragment, f.ProjectName)
+		codeFragments[machinery.NewMarkerFor(f.GetPath(), webhookChecksMarker)] = append(
+			codeFragments[machinery.NewMarkerFor(f.GetPath(), webhookChecksMarker)],
+			mutatingWebhookCode,
+		)
+	}
+
+	if f.Resource.HasValidationWebhook() {
+		validatingWebhookCode := fmt.Sprintf(validatingWebhookChecksFragment, f.ProjectName)
+		codeFragments[machinery.NewMarkerFor(f.GetPath(), webhookChecksMarker)] = append(
+			codeFragments[machinery.NewMarkerFor(f.GetPath(), webhookChecksMarker)],
+			validatingWebhookCode,
+		)
+	}
+
+	return codeFragments
+}
+
+const webhookChecksFragment = `It("should provisioned cert-manager", func() {
+	By("validating that cert-manager has the certificate Secret")
+	verifyCertManager := func(g Gomega) {
+		cmd := exec.Command("kubectl", "get", "secrets", "webhook-server-cert", "-n", namespace)
+		_, err := utils.Run(cmd)
+		g.Expect(err).NotTo(HaveOccurred())
+	}
+	Eventually(verifyCertManager).Should(Succeed())
+})
+
+`
+
+const mutatingWebhookChecksFragment = `It("should have CA injection for mutating webhooks", func() {
+	By("checking CA injection for mutating webhooks")
+	verifyCAInjection := func(g Gomega) {
+		cmd := exec.Command("kubectl", "get",
+			"mutatingwebhookconfigurations.admissionregistration.k8s.io",
+			"%s-mutating-webhook-configuration",
+			"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+		mwhOutput, err := utils.Run(cmd)
+		g.Expect(err).NotTo(HaveOccurred())
+		g.Expect(len(mwhOutput)).To(BeNumerically(">", 10))
+	}
+	Eventually(verifyCAInjection).Should(Succeed())
+})
+
+`
+
+// nolint:lll
+const validatingWebhookChecksFragment = `It("should have CA injection for validating webhooks", func() {
+	By("checking CA injection for validating webhooks")
+	verifyCAInjection := func(g Gomega) {
+		cmd := exec.Command("kubectl", "get",
+			"validatingwebhookconfigurations.admissionregistration.k8s.io",
+			"%s-validating-webhook-configuration",
+			"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+		vwhOutput, err := utils.Run(cmd)
+		g.Expect(err).NotTo(HaveOccurred())
+		g.Expect(len(vwhOutput)).To(BeNumerically(">", 10))
+	}
+	Eventually(verifyCAInjection).Should(Succeed())
+})
+
+`
+
 var TestTemplate = `{{ .Boilerplate }}
 
 
@@ -208,6 +317,8 @@ var _ = Describe("Manager", Ordered, func() {
 			))
 		})
 
+		// +kubebuilder:scaffold:e2e-webhooks-checks
+
 		// TODO: Customize the e2e test suite with scenarios specific to your project. 
 		// Consider applying sample/CR(s) and check their status and/or verifying 
 		// the reconciliation by using the metrics, i.e.:
diff --git a/pkg/plugins/golang/v4/scaffolds/webhook.go b/pkg/plugins/golang/v4/scaffolds/webhook.go
@@ -29,6 +29,7 @@ import (
 	"sigs.k8s.io/kubebuilder/v4/pkg/plugins/golang/v4/scaffolds/internal/templates"
 	"sigs.k8s.io/kubebuilder/v4/pkg/plugins/golang/v4/scaffolds/internal/templates/api"
 	"sigs.k8s.io/kubebuilder/v4/pkg/plugins/golang/v4/scaffolds/internal/templates/hack"
+	"sigs.k8s.io/kubebuilder/v4/pkg/plugins/golang/v4/scaffolds/internal/templates/test/e2e"
 )
 
 var _ plugins.Scaffolder = &webhookScaffolder{}
@@ -86,6 +87,7 @@ func (s *webhookScaffolder) Scaffold() error {
 
 	if err := scaffold.Execute(
 		&api.Webhook{Force: s.force},
+		&e2e.WebhookTestUpdater{WireWebhook: true},
 		&templates.MainUpdater{WireWebhook: true},
 		&api.WebhookTest{Force: s.force},
 	); err != nil {
diff --git a/testdata/project-v4-multigroup-with-deploy-image/test/e2e/e2e_test.go b/testdata/project-v4-multigroup-with-deploy-image/test/e2e/e2e_test.go
@@ -184,6 +184,46 @@ var _ = Describe("Manager", Ordered, func() {
 			))
 		})
 
+		It("should provisioned cert-manager", func() {
+			By("validating that cert-manager has the certificate Secret")
+			verifyCertManager := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get", "secrets", "webhook-server-cert", "-n", namespace)
+				_, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+			}
+			Eventually(verifyCertManager).Should(Succeed())
+		})
+
+		It("should have CA injection for mutating webhooks", func() {
+			By("checking CA injection for mutating webhooks")
+			verifyCAInjection := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get",
+					"mutatingwebhookconfigurations.admissionregistration.k8s.io",
+					"project-v4-multigroup-with-deploy-image-mutating-webhook-configuration",
+					"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+				mwhOutput, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(len(mwhOutput)).To(BeNumerically(">", 10))
+			}
+			Eventually(verifyCAInjection).Should(Succeed())
+		})
+
+		It("should have CA injection for validating webhooks", func() {
+			By("checking CA injection for validating webhooks")
+			verifyCAInjection := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get",
+					"validatingwebhookconfigurations.admissionregistration.k8s.io",
+					"project-v4-multigroup-with-deploy-image-validating-webhook-configuration",
+					"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+				vwhOutput, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(len(vwhOutput)).To(BeNumerically(">", 10))
+			}
+			Eventually(verifyCAInjection).Should(Succeed())
+		})
+
+		// +kubebuilder:scaffold:e2e-webhooks-checks
+
 		// TODO: Customize the e2e test suite with scenarios specific to your project.
 		// Consider applying sample/CR(s) and check their status and/or verifying
 		// the reconciliation by using the metrics, i.e.:
diff --git a/testdata/project-v4-multigroup/test/e2e/e2e_test.go b/testdata/project-v4-multigroup/test/e2e/e2e_test.go
@@ -184,6 +184,46 @@ var _ = Describe("Manager", Ordered, func() {
 			))
 		})
 
+		It("should provisioned cert-manager", func() {
+			By("validating that cert-manager has the certificate Secret")
+			verifyCertManager := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get", "secrets", "webhook-server-cert", "-n", namespace)
+				_, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+			}
+			Eventually(verifyCertManager).Should(Succeed())
+		})
+
+		It("should have CA injection for mutating webhooks", func() {
+			By("checking CA injection for mutating webhooks")
+			verifyCAInjection := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get",
+					"mutatingwebhookconfigurations.admissionregistration.k8s.io",
+					"project-v4-multigroup-mutating-webhook-configuration",
+					"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+				mwhOutput, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(len(mwhOutput)).To(BeNumerically(">", 10))
+			}
+			Eventually(verifyCAInjection).Should(Succeed())
+		})
+
+		It("should have CA injection for validating webhooks", func() {
+			By("checking CA injection for validating webhooks")
+			verifyCAInjection := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get",
+					"validatingwebhookconfigurations.admissionregistration.k8s.io",
+					"project-v4-multigroup-validating-webhook-configuration",
+					"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+				vwhOutput, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(len(vwhOutput)).To(BeNumerically(">", 10))
+			}
+			Eventually(verifyCAInjection).Should(Succeed())
+		})
+
+		// +kubebuilder:scaffold:e2e-webhooks-checks
+
 		// TODO: Customize the e2e test suite with scenarios specific to your project.
 		// Consider applying sample/CR(s) and check their status and/or verifying
 		// the reconciliation by using the metrics, i.e.:
diff --git a/testdata/project-v4-with-deploy-image/test/e2e/e2e_test.go b/testdata/project-v4-with-deploy-image/test/e2e/e2e_test.go
@@ -184,6 +184,32 @@ var _ = Describe("Manager", Ordered, func() {
 			))
 		})
 
+		It("should provisioned cert-manager", func() {
+			By("validating that cert-manager has the certificate Secret")
+			verifyCertManager := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get", "secrets", "webhook-server-cert", "-n", namespace)
+				_, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+			}
+			Eventually(verifyCertManager).Should(Succeed())
+		})
+
+		It("should have CA injection for validating webhooks", func() {
+			By("checking CA injection for validating webhooks")
+			verifyCAInjection := func(g Gomega) {
+				cmd := exec.Command("kubectl", "get",
+					"validatingwebhookconfigurations.admissionregistration.k8s.io",
+					"project-v4-with-deploy-image-validating-webhook-configuration",
+					"-o", "go-template={{ range .webhooks }}{{ .clientConfig.caBundle }}{{ end }}")
+				vwhOutput, err := utils.Run(cmd)
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(len(vwhOutput)).To(BeNumerically(">", 10))
+			}
+			Eventually(verifyCAInjection).Should(Succeed())
+		})
+
+		// +kubebuilder:scaffold:e2e-webhooks-checks
+
 		// TODO: Customize the e2e test suite with scenarios specific to your project.
 		// Consider applying sample/CR(s) and check their status and/or verifying
 		// the reconciliation by using the metrics, i.e.:
diff --git a/testdata/project-v4-with-grafana/test/e2e/e2e_test.go b/testdata/project-v4-with-grafana/test/e2e/e2e_test.go
@@ -184,6 +184,8 @@ var _ = Describe("Manager", Ordered, func() {
 			))
 		})
 
+		// +kubebuilder:scaffold:e2e-webhooks-checks
+
 		// TODO: Customize the e2e test suite with scenarios specific to your project.
 		// Consider applying sample/CR(s) and check their status and/or verifying
 		// the reconciliation by using the metrics, i.e.:
diff --git a/testdata/project-v4/test/e2e/e2e_test.go b/testdata/project-v4/test/e2e/e2e_test.go
