From 1246c1fc4e868fcc4c5815f4fbc3d64528c8999d Mon Sep 17 00:00:00 2001 From: xeniape Date: Thu, 17 Jul 2025 14:08:16 +0200 Subject: [PATCH 1/2] chore: add metrics tests for NiFi 2.x --- .../kuttl/smoke_v2/50-install-test-nifi.yaml | 20 ++++++ .../kuttl/smoke_v2/60-assert.yaml.j2 | 1 + .../kuttl/smoke_v2/60-prepare-test-nifi.yaml | 1 + .../kuttl/smoke_v2/test_nifi_metrics.py | 67 +++++++++++++++++++ 4 files changed, 89 insertions(+) create mode 100755 tests/templates/kuttl/smoke_v2/test_nifi_metrics.py diff --git a/tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml b/tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml index 3bc67dbc..14849385 100644 --- a/tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml +++ b/tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml @@ -15,6 +15,8 @@ spec: labels: app: test-nifi spec: + securityContext: + fsGroup: 1000 containers: - name: test-nifi image: oci.stackable.tech/sdp/testing-tools:0.2.0-stackable0.0.0-dev @@ -26,3 +28,21 @@ spec: limits: memory: "128Mi" cpu: "400m" + volumeMounts: + - name: tls + mountPath: /stackable/tls + volumes: + - name: tls + ephemeral: + volumeClaimTemplate: + metadata: + annotations: + secrets.stackable.tech/class: tls + secrets.stackable.tech/scope: pod + spec: + storageClassName: secrets.stackable.tech + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "1" diff --git a/tests/templates/kuttl/smoke_v2/60-assert.yaml.j2 b/tests/templates/kuttl/smoke_v2/60-assert.yaml.j2 index 4a8047d1..1d531af0 100644 --- a/tests/templates/kuttl/smoke_v2/60-assert.yaml.j2 +++ b/tests/templates/kuttl/smoke_v2/60-assert.yaml.j2 @@ -4,3 +4,4 @@ kind: TestAssert timeout: 300 commands: - script: kubectl exec -n $NAMESPACE test-nifi-0 -- python /tmp/test_nifi.py -u admin -p 'passwordWithSpecialCharacter\@<&>"'"'" -n $NAMESPACE -c 3 + - script: kubectl exec -n $NAMESPACE test-nifi-0 -- python /tmp/test_nifi_metrics.py -n $NAMESPACE diff --git a/tests/templates/kuttl/smoke_v2/60-prepare-test-nifi.yaml b/tests/templates/kuttl/smoke_v2/60-prepare-test-nifi.yaml index 8e3cdd76..c3ac9b79 100644 --- a/tests/templates/kuttl/smoke_v2/60-prepare-test-nifi.yaml +++ b/tests/templates/kuttl/smoke_v2/60-prepare-test-nifi.yaml @@ -2,5 +2,6 @@ apiVersion: kuttl.dev/v1beta1 kind: TestStep commands: + - script: kubectl cp -n $NAMESPACE ./test_nifi_metrics.py test-nifi-0:/tmp - script: kubectl cp -n $NAMESPACE ./test_nifi.py test-nifi-0:/tmp - script: kubectl cp -n $NAMESPACE ./cacert.pem test-nifi-0:/tmp diff --git a/tests/templates/kuttl/smoke_v2/test_nifi_metrics.py b/tests/templates/kuttl/smoke_v2/test_nifi_metrics.py new file mode 100755 index 00000000..245ca1b7 --- /dev/null +++ b/tests/templates/kuttl/smoke_v2/test_nifi_metrics.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python +import requests +import time +import argparse + +if __name__ == "__main__": + # Construct an argument parser + all_args = argparse.ArgumentParser() + + # Add arguments to the parser + all_args.add_argument( + "-m", + "--metric", + required=False, + default="nifi_amount_bytes_read", + help="The name of a certain metric to check", + ) + all_args.add_argument( + "-n", "--namespace", required=True, help="The namespace the test is running in" + ) + all_args.add_argument( + "-p", + "--port", + required=False, + default="8443", + help="The port where metrics are exposed", + ) + all_args.add_argument( + "-t", + "--timeout", + required=False, + default="120", + help="The timeout in seconds to wait for the metrics port to be opened", + ) + + args = vars(all_args.parse_args()) + metric_name = args["metric"] + namespace = args["namespace"] + port = args["port"] + timeout = int(args["timeout"]) + + url = f"https://nifi-node-default-metrics.{args['namespace']}.svc.cluster.local:{port}/nifi-api/flow/metrics/prometheus" + + # wait for 'timeout' seconds + t_end = time.time() + timeout + while time.time() < t_end: + try: + response = requests.get( + url, + cert=("/stackable/tls/tls.crt", "/stackable/tls/tls.key"), + verify="/stackable/tls/ca.crt", + ) + response.raise_for_status() + if metric_name in response.text: + print("Test metrics succeeded!") + exit(0) + else: + print( + f"Could not find metric [{metric_name}] in response:\n {response.text}" + ) + time.sleep(timeout) + except ConnectionError: + # NewConnectionError is expected until metrics are available + time.sleep(10) + + print("Test failed") + exit(-1) From db27307883e480b0be44c80da07ef9cbd4df5d26 Mon Sep 17 00:00:00 2001 From: xeniape Date: Thu, 17 Jul 2025 17:28:34 +0200 Subject: [PATCH 2/2] add openshift-specific rbac --- ...nifi.yaml => 50-install-test-nifi.yaml.j2} | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) rename tests/templates/kuttl/smoke_v2/{50-install-test-nifi.yaml => 50-install-test-nifi.yaml.j2} (64%) diff --git a/tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml b/tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml.j2 similarity index 64% rename from tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml rename to tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml.j2 index 14849385..79128264 100644 --- a/tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml +++ b/tests/templates/kuttl/smoke_v2/50-install-test-nifi.yaml.j2 @@ -15,6 +15,7 @@ spec: labels: app: test-nifi spec: + serviceAccountName: "tls-sa" securityContext: fsGroup: 1000 containers: @@ -46,3 +47,32 @@ spec: resources: requests: storage: "1" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tls-sa +{% if test_scenario['values']['openshift'] == 'true' %} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: use-integration-tests-scc +subjects: + - kind: ServiceAccount + name: tls-sa +roleRef: + kind: Role + name: use-integration-tests-scc + apiGroup: rbac.authorization.k8s.io +{% endif %}