diff --git a/test/helm/helm_test.go b/test/helm/helm_test.go index ebaab60e..7bae087b 100644 --- a/test/helm/helm_test.go +++ b/test/helm/helm_test.go @@ -36,90 +36,103 @@ var _ = Describe("Jenkins Controller with webhook", func() { e2e.ShowLogsIfTestHasFailed(CurrentGinkgoTestDescription().Failed, namespace.Name) e2e.DestroyNamespace(namespace) }) - It("Deploys Jenkins operator with webhook enabled along with the default jenkins image", func() { - jenkins := &v1alpha2.Jenkins{ - TypeMeta: v1alpha2.JenkinsTypeMeta(), - ObjectMeta: metav1.ObjectMeta{ - Name: "jenkins", - Namespace: namespace.Name, - }, - } - cmd := exec.Command("../../bin/helm", "upgrade", "jenkins", "../../chart/jenkins-operator", "--namespace", namespace.Name, "--debug", - "--set-string", fmt.Sprintf("jenkins.namespace=%s", namespace.Name), - "--set-string", fmt.Sprintf("operator.image=%s", *imageName), "--install", "--wait") - output, err := cmd.CombinedOutput() - Expect(err).NotTo(HaveOccurred(), string(output)) + Context("Deploys jenkins operator with helm charts with default values", func() { + It("Deploys Jenkins operator and configures default Jenkins instance", func() { + jenkins := &v1alpha2.Jenkins{ + TypeMeta: v1alpha2.JenkinsTypeMeta(), + ObjectMeta: metav1.ObjectMeta{ + Name: "jenkins", + Namespace: namespace.Name, + }, + } - e2e.WaitForJenkinsBaseConfigurationToComplete(jenkins) - e2e.WaitForJenkinsUserConfigurationToComplete(jenkins) + cmd := exec.Command("../../bin/helm", "upgrade", "jenkins", "../../chart/jenkins-operator", "--namespace", namespace.Name, "--debug", + "--set-string", fmt.Sprintf("jenkins.namespace=%s", namespace.Name), + "--set-string", fmt.Sprintf("operator.image=%s", *imageName), "--install", "--wait") + output, err := cmd.CombinedOutput() + Expect(err).NotTo(HaveOccurred(), string(output)) + e2e.WaitForJenkinsBaseConfigurationToComplete(jenkins) + e2e.WaitForJenkinsUserConfigurationToComplete(jenkins) + + }) }) - It("Deploys Jenkins operator along with webhook and cert-manager", func() { + Context("Deploys jenkins operator with helm charts with validating webhook and jenkins instance disabled", func() { + It("Deploys operator,denies creating a jenkins cr and creates jenkins cr with validation turned off", func() { - By("Deploying the operator along with webhook and cert-manager") - cmd := exec.Command("../../bin/helm", "upgrade", "jenkins", "../../chart/jenkins-operator", "--namespace", namespace.Name, "--debug", - "--set-string", fmt.Sprintf("jenkins.namespace=%s", namespace.Name), "--set-string", fmt.Sprintf("operator.image=%s", *imageName), - "--set", fmt.Sprintf("webhook.enabled=%t", true), "--set", fmt.Sprintf("jenkins.enabled=%t", false), "--install", "--wait") - output, err := cmd.CombinedOutput() - Expect(err).NotTo(HaveOccurred(), string(output)) + By("Deploying the operator along with webhook and cert-manager") + cmd := exec.Command("../../bin/helm", "upgrade", "jenkins", "../../chart/jenkins-operator", "--namespace", namespace.Name, "--debug", + "--set-string", fmt.Sprintf("jenkins.namespace=%s", namespace.Name), "--set-string", fmt.Sprintf("operator.image=%s", *imageName), + "--set", fmt.Sprintf("webhook.enabled=%t", true), "--set", fmt.Sprintf("jenkins.enabled=%t", false), "--install", "--wait") + output, err := cmd.CombinedOutput() + Expect(err).NotTo(HaveOccurred(), string(output)) - By("Waiting for the operator to fetch the plugin data ") - time.Sleep(time.Duration(200) * time.Second) + By("Waiting for the operator to fetch the plugin data ") + time.Sleep(time.Duration(200) * time.Second) - By("Denies a create request for a Jenkins custom resource with some plugins having security warnings and validation is turned on") - userplugins := []v1alpha2.Plugin{ - {Name: "simple-theme-plugin", Version: "0.6"}, - {Name: "audit-trail", Version: "3.5"}, - {Name: "github", Version: "1.29.0"}, - } - jenkins := CreateJenkinsCR("jenkins", namespace.Name, userplugins, true) - Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(MatchError("admission webhook \"vjenkins.kb.io\" denied the request: security vulnerabilities detected in the following user-defined plugins: \naudit-trail:3.5\ngithub:1.29.0")) + By("Denying a create request for a Jenkins custom resource with some plugins having security warnings and validation is turned on") + userplugins := []v1alpha2.Plugin{ + {Name: "simple-theme-plugin", Version: "0.6"}, + {Name: "audit-trail", Version: "3.5"}, + {Name: "github", Version: "1.29.0"}, + } + jenkins := CreateJenkinsCR("jenkins", namespace.Name, userplugins, true) + Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(MatchError("admission webhook \"vjenkins.kb.io\" denied the request: security vulnerabilities detected in the following user-defined plugins: \naudit-trail:3.5\ngithub:1.29.0")) - By("Creating the same Jenkins custom resource with some plugins having security warnings but validation is turned off") - userplugins = []v1alpha2.Plugin{ - {Name: "simple-theme-plugin", Version: "0.6"}, - {Name: "audit-trail", Version: "3.5"}, - {Name: "github", Version: "1.29.0"}, - } - jenkins = CreateJenkinsCR("jenkins", namespace.Name, userplugins, false) - Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(Succeed()) - e2e.WaitForJenkinsBaseConfigurationToComplete(jenkins) - e2e.WaitForJenkinsUserConfigurationToComplete(jenkins) + By("Creating the Jenkins resource with plugins not having any security warnings and validation is turned on") + userplugins = []v1alpha2.Plugin{ + {Name: "simple-theme-plugin", Version: "0.6"}, + {Name: "audit-trail", Version: "3.8"}, + {Name: "github", Version: "1.31.0"}, + } + jenkins = CreateJenkinsCR("jenkins", namespace.Name, userplugins, true) + Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(Succeed()) + e2e.WaitForJenkinsBaseConfigurationToComplete(jenkins) + e2e.WaitForJenkinsUserConfigurationToComplete(jenkins) - By("Updating the Jenkins resource with plugins not having any security warnings and validation is turned on") - userplugins = []v1alpha2.Plugin{ - {Name: "simple-theme-plugin", Version: "0.6"}, - {Name: "audit-trail", Version: "3.8"}, - {Name: "github", Version: "1.31.0"}, - } - jenkins.Spec.Master.Plugins = userplugins - jenkins.Spec.ValidateSecurityWarnings = true - Expect(e2e.K8sClient.Update(context.TODO(), jenkins)).Should(Succeed()) - jenkins = &v1alpha2.Jenkins{ - TypeMeta: v1alpha2.JenkinsTypeMeta(), - ObjectMeta: metav1.ObjectMeta{ - Name: "jenkins", - Namespace: namespace.Name, - }, - } - e2e.WaitForJenkinsBaseConfigurationToComplete(jenkins) - e2e.WaitForJenkinsUserConfigurationToComplete(jenkins) + }) - By("Failing to update the Jenkins custom resource because some plugins having security warnings and validation is turned on") - userplugins = []v1alpha2.Plugin{ - {Name: "vncviewer", Version: "1.7"}, - {Name: "build-timestamp", Version: "1.0.3"}, - {Name: "deployit-plugin", Version: "7.5.5"}, - {Name: "github-branch-source", Version: "2.0.7"}, - {Name: "aws-lambda-cloud", Version: "0.4"}, - {Name: "groovy", Version: "1.31"}, - {Name: "google-login", Version: "1.2"}, - } - jenkins.Spec.Master.Plugins = userplugins - Expect(e2e.K8sClient.Update(context.TODO(), jenkins)).Should(MatchError("admission webhook \"vjenkins.kb.io\" denied the request: security vulnerabilities detected in the following user-defined plugins: \nvncviewer:1.7\ndeployit-plugin:7.5.5\ngithub-branch-source:2.0.7\ngroovy:1.31\ngoogle-login:1.2")) + It("Deploys operator, creates a jenkins cr and denies update request for another one", func() { + By("Deploying the operator along with webhook and cert-manager") + cmd := exec.Command("../../bin/helm", "upgrade", "jenkins", "../../chart/jenkins-operator", "--namespace", namespace.Name, "--debug", + "--set-string", fmt.Sprintf("jenkins.namespace=%s", namespace.Name), "--set-string", fmt.Sprintf("operator.image=%s", *imageName), + "--set", fmt.Sprintf("webhook.enabled=%t", true), "--set", fmt.Sprintf("jenkins.enabled=%t", false), "--install", "--wait") + output, err := cmd.CombinedOutput() + Expect(err).NotTo(HaveOccurred(), string(output)) + + By("Waiting for the operator to fetch the plugin data ") + time.Sleep(time.Duration(200) * time.Second) + + By("Creating a Jenkins custom resource with some plugins having security warnings but validation is turned off") + userplugins := []v1alpha2.Plugin{ + {Name: "simple-theme-plugin", Version: "0.6"}, + {Name: "audit-trail", Version: "3.5"}, + {Name: "github", Version: "1.29.0"}, + } + jenkins := CreateJenkinsCR("jenkins", namespace.Name, userplugins, false) + Expect(e2e.K8sClient.Create(context.TODO(), jenkins)).Should(Succeed()) + e2e.WaitForJenkinsBaseConfigurationToComplete(jenkins) + e2e.WaitForJenkinsUserConfigurationToComplete(jenkins) + + By("Failing to update the Jenkins custom resource because some plugins have security warnings and validation is turned on") + userplugins = []v1alpha2.Plugin{ + {Name: "vncviewer", Version: "1.7"}, + {Name: "build-timestamp", Version: "1.0.3"}, + {Name: "deployit-plugin", Version: "7.5.5"}, + {Name: "github-branch-source", Version: "2.0.7"}, + {Name: "aws-lambda-cloud", Version: "0.4"}, + {Name: "groovy", Version: "1.31"}, + {Name: "google-login", Version: "1.2"}, + } + jenkins.Spec.Master.Plugins = userplugins + jenkins.Spec.ValidateSecurityWarnings = true + Expect(e2e.K8sClient.Update(context.TODO(), jenkins)).Should(MatchError("admission webhook \"vjenkins.kb.io\" denied the request: security vulnerabilities detected in the following user-defined plugins: \nvncviewer:1.7\ndeployit-plugin:7.5.5\ngithub-branch-source:2.0.7\ngroovy:1.31\ngoogle-login:1.2")) + + }) }) + }) func CreateJenkinsCR(name string, namespace string, userPlugins []v1alpha2.Plugin, validateSecurityWarnings bool) *v1alpha2.Jenkins {