Merge pull request #46 from DataDog/edouard/add-full-system-test-vert…

…ices

Add end to end system tests

.github/workflows/system-test.yml

@@ -16,15 +16,21 @@ jobs:
           cluster_name: kubehound.test.local
           config: test/setup/test-cluster/cluster.yaml
           wait: 5m
+        env:
+          KUBECONFIG: ./test/setup/.kube/config
 
       - name: Create K8s resources
         working-directory: test/setup/
         run: bash create-cluster-resources.sh
+        env:
+          KUBECONFIG: .kube/config
 
       - name: Setup Golang
         uses: actions/setup-go@v4
         with:
           go-version: "1.20"
 
       - name: Run integration Tests
-        run: make system-test
+        run: make system-test
+        env:
+          KUBECONFIG: .kube/config

.gitignore

@@ -32,4 +32,10 @@ deployments/kubehound/data
 deployments/kubehound/data/*
 # System test json files
 test/**/*.json
-*.env
+
+# kind config
+test/setup/.kube
+
+# binary for the autogen of fixtures
+test/system/generator/generator
+*.env

Makefile

@@ -22,19 +22,30 @@ ifeq (${DD_API_KEY},)
     DOCKER_COMPOSE_FILE_PATH := -f test/system/docker-compose.yaml
 endif
 
+
+DOCKER_CMD = docker
+UNAME_S := $(shell uname -s)
+ifeq ($(UNAME_S),Linux)
+	DOCKER_CMD = sudo docker
+endif
+
 all: build
 
-.PHONEY: build
-build: ## Build the application
+.PHONY: generate
+generate: ## generate code the application
+	go generate ./...
+
+.PHONY: build
+build: generate ## Build the application
 	cd cmd && go build -ldflags="-X pkg/config.BuildVersion=$(BUILD_VERSION)" -o ../bin/kubehound kubehound/*.go
 
 .PHONY: infra-rm
 infra-rm: ## Delete the testing stack
-	docker compose $(DOCKER_COMPOSE_FILE_PATH) rm -fvs 
+	$(DOCKER_CMD) compose $(DOCKER_COMPOSE_FILE_PATH) rm -fvs 
 
 .PHONY: infra-up
-infra-up: ## Spawn the testing stack
-	docker compose $(DOCKER_COMPOSE_FILE_PATH) up --force-recreate --build -d
+infra-up: ## Spwan the testing stack
+	$(DOCKER_CMD) compose $(DOCKER_COMPOSE_FILE_PATH) up --force-recreate --build -d
 
 .PHONY: test
 test: ## Run the full suite of unit tests 
@@ -46,7 +57,9 @@ test: ## Run the full suite of unit tests
 system-test: ## Run the system tests
 	$(MAKE) infra-rm
 	$(MAKE) infra-up
-	cd test/system && go test -v -timeout "60s" -count 1 -race ./...
+	# we print the KUBECONFIG envvar here to make it easier to see what is actively used
+	sleep 10
+	cd test/system && export KUBECONFIG=$(ROOT_DIR)/test/setup/.kube/config && bash -c "printenv KUBECONFIG" && go test -v -timeout "60s" -count=1 ./...
 
 .PHONY: local-cluster-reset
 local-cluster-reset: ## Destroy the current kind cluster and creates a new one

README.md

@@ -32,6 +32,11 @@ The repository includes a suite of system tests that will do the following:
 
 The cluster setup and running instances can be found under [test/setup](./test/setup/)
 
+If you need to manually access the system test environement with kubectl and other commands, you'll need to set (assuming you are at the root dir):
+```bash
+cd test/setup/ && export KUBECONFIG=$(pwd)/.kube/config
+```
+
 ### Requirements
 
 + Kind: https://kind.sigs.k8s.io/docs/user/quick-start/#installing-with-a-package-manager

go.mod

@@ -5,13 +5,16 @@ go 1.20
 require (
 	github.com/DataDog/datadog-go/v5 v5.1.1
 	github.com/alitto/pond v1.8.3
+	github.com/apache/tinkerpop/gremlin-go v0.0.0-20220530191148-29272fa563ec
 	github.com/apache/tinkerpop/gremlin-go/v3 v3.6.4
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/spf13/cobra v1.6.1
 	github.com/stretchr/testify v1.8.2
 	go.mongodb.org/mongo-driver v1.11.6
 	go.uber.org/ratelimit v0.2.0
+	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
 	gopkg.in/DataDog/dd-trace-go.v1 v1.51.0
+	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.27.2
 	k8s.io/apimachinery v0.27.2
 	sigs.k8s.io/controller-runtime v0.15.0
@@ -102,7 +105,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 	inet.af/netaddr v0.0.0-20220811202034-502d2d690317 // indirect
 	k8s.io/apiextensions-apiserver v0.27.2 // indirect
 	k8s.io/component-base v0.27.2 // indirect

go.sum

@@ -63,6 +63,8 @@ github.com/alitto/pond v1.8.3 h1:ydIqygCLVPqIX/USe5EaV/aSRXTRXDEI9JwuDdu+/xs=
 github.com/alitto/pond v1.8.3/go.mod h1:CmvIIGd5jKLasGI3D87qDkQxjzChdKMmnXMg3fG6M6Q=
 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI=
 github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg=
+github.com/apache/tinkerpop/gremlin-go v0.0.0-20220530191148-29272fa563ec h1:9cMmVpOQmePSOC13vDamxE79yyRFbmBv7eLaoBayGZs=
+github.com/apache/tinkerpop/gremlin-go v0.0.0-20220530191148-29272fa563ec/go.mod h1:+83SLBh+WdhcTo/eUHRuU0PZKH60Mg3wR5yX2UKyhyo=
 github.com/apache/tinkerpop/gremlin-go/v3 v3.6.4 h1:76fnwJwUtsqLptsUuLiowpYkxXebWzD8afxXar5hT4A=
 github.com/apache/tinkerpop/gremlin-go/v3 v3.6.4/go.mod h1:KZ4BFULeKTVqzgX41fiTj2XYTs9meWc/TWQHsICy69I=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -400,6 +402,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
+golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

pkg/kubehound/models/converter/graph.go

@@ -94,10 +94,12 @@ func (c *GraphConverter) Pod(input *store.Pod) (*graph.Pod, error) {
 		ServiceAccount: input.K8.Spec.ServiceAccountName,
 		Node:           input.K8.Spec.NodeName,
 	}
-
 	if input.K8.Spec.ShareProcessNamespace != nil {
 		output.SharedProcessNamespace = *input.K8.Spec.ShareProcessNamespace
 	}
+	if output.Namespace != "" {
+		output.IsNamespaced = true
+	}
 
 	return output, nil
 }

test/setup/.env.local

@@ -1,2 +1,3 @@
 CLUSTER_NAME=kubehound.test.local
-CONFIG_DIR=./test-cluster
+CONFIG_DIR=./test-cluster
+KUBECONFIG=./test/setup/.kube/config

test/setup/create-cluster-resources.sh

@@ -3,6 +3,7 @@ set -e
 
 CLUSTER_NAME=kubehound.test.local
 CONFIG_DIR=./test-cluster
+export KUBECONFIG=.kube/config
 
 echo "[*] Deploying test resources via kubectl apply"
 for attack in ${CONFIG_DIR}/attacks/*.yaml; do

test/setup/destroy-cluster.sh

@@ -2,6 +2,7 @@
 set -e
 
 CLUSTER_NAME=kubehound.test.local
+export KUBECONFIG=.kube/config
 
 echo "[*] Destroying test cluster "${CLUSTER_NAME}" via kind"
 kind delete cluster --name "${CLUSTER_NAME}" 

test/setup/manage-cluster-resources.sh

@@ -13,6 +13,7 @@ function handle_resources(){
     _printf_warn "$2 test resources via kubectl apply"
     for attack in ${SCRIPT_DIR}/${CONFIG_DIR}/attacks/*.yaml; do
         [ -e "$attack" ] || continue
+        echo "$attack"
         # since deletion can take some times, || true to be able to retry in case of C-C
         kubectl $1 -f "$attack" --context "kind-${CLUSTER_NAME}" || true
     done

test/setup/manage-cluster.sh

@@ -11,18 +11,19 @@ PROJECT_MAN="options: [create | destroy]"
 
 function create_cluster(){
     echo "[*] Creating test cluster "${CLUSTER_NAME}" via kind"
-    kind create cluster \
+    $KIND create cluster \
         --name "${CLUSTER_NAME}" \
         --config "${CONFIG_DIR}/cluster.yaml" \
 
+    echo "Using KUBECONFIG: $(printenv KUBECONFIG)"
     kubectl cluster-info --context "kind-${CLUSTER_NAME}"
 
     echo "[*] Cluster ${CLUSTER_NAME} configuration complete"
 }
 
 function destroy_cluster(){
     echo "[*] Destroying test cluster "${CLUSTER_NAME}" via kind"
-    kind delete cluster --name "${CLUSTER_NAME}" 
+    $KIND delete cluster --name "${CLUSTER_NAME}" 
 }
 
 case $SCRIPT_ACTION in

test/setup/setup-cluster.sh

@@ -3,6 +3,7 @@ set -e
 
 CLUSTER_NAME=kubehound.test.local
 CONFIG_DIR=./test-cluster
+export KUBECONFIG=.kube/config
 
 echo "[*] Creating test cluster "${CLUSTER_NAME}" via kind"
 kind create cluster \

test/setup/util.sh

@@ -33,4 +33,16 @@ function load_env(){
     fi
 }
 
-load_env
+load_env
+
+# post load env
+KIND=kind
+if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+    KIND="sudo kind"
+fi
+
+KIND="$KIND --kubeconfig $KUBECONFIG"
+if [ -f $KUBECONFIG ]; then
+    sudo chown $USER:$USER $KUBECONFIG
+fi
+echo "Using KUBECONFIG: $(printenv KUBECONFIG)"