Webhookのテスト(Envtest)

ここではEnvtestを利用したWebhookのテストの書き方を学びます。

テスト環境のセットアップ

Webhookもコントローラーのテストと同じくEnvtestを利用できます。 Kubebuilderによってテストを実行するためのコードが以下のように生成されています。

api/v1/webhook_suite_test.go

/*
Copyright 2024.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1

import (
    "context"
    "crypto/tls"
    "fmt"
    "net"
    "path/filepath"
    "runtime"
    "testing"
    "time"

    . "github.com/onsi/ginkgo/v2"
    . "github.com/onsi/gomega"

    admissionv1 "k8s.io/api/admission/v1"
    // +kubebuilder:scaffold:imports
    apimachineryruntime "k8s.io/apimachinery/pkg/runtime"
    "k8s.io/client-go/rest"
    ctrl "sigs.k8s.io/controller-runtime"
    "sigs.k8s.io/controller-runtime/pkg/client"
    "sigs.k8s.io/controller-runtime/pkg/envtest"
    logf "sigs.k8s.io/controller-runtime/pkg/log"
    "sigs.k8s.io/controller-runtime/pkg/log/zap"
    metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
    "sigs.k8s.io/controller-runtime/pkg/webhook"
)

// These tests use Ginkgo (BDD-style Go testing framework). Refer to
// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.

var cfg *rest.Config
var k8sClient client.Client
var testEnv *envtest.Environment
var ctx context.Context
var cancel context.CancelFunc

func TestAPIs(t *testing.T) {
    RegisterFailHandler(Fail)

    RunSpecs(t, "Webhook Suite")
}

var _ = BeforeSuite(func() {
    logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))

    ctx, cancel = context.WithCancel(context.TODO())

    By("bootstrapping test environment")
    testEnv = &envtest.Environment{
        CRDDirectoryPaths:     []string{filepath.Join("..", "..", "config", "crd", "bases")},
        ErrorIfCRDPathMissing: false,

        // The BinaryAssetsDirectory is only required if you want to run the tests directly
        // without call the makefile target test. If not informed it will look for the
        // default path defined in controller-runtime which is /usr/local/kubebuilder/.
        // Note that you must have the required binaries setup under the bin directory to perform
        // the tests directly. When we run make test it will be setup and used automatically.
        BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s",
            fmt.Sprintf("1.30.0-%s-%s", runtime.GOOS, runtime.GOARCH)),

        WebhookInstallOptions: envtest.WebhookInstallOptions{
            Paths: []string{filepath.Join("..", "..", "config", "webhook")},
        },
    }

    var err error
    // cfg is defined in this file globally.
    cfg, err = testEnv.Start()
    Expect(err).NotTo(HaveOccurred())
    Expect(cfg).NotTo(BeNil())

    scheme := apimachineryruntime.NewScheme()
    err = AddToScheme(scheme)
    Expect(err).NotTo(HaveOccurred())

    err = admissionv1.AddToScheme(scheme)
    Expect(err).NotTo(HaveOccurred())

    // +kubebuilder:scaffold:scheme

    k8sClient, err = client.New(cfg, client.Options{Scheme: scheme})
    Expect(err).NotTo(HaveOccurred())
    Expect(k8sClient).NotTo(BeNil())

    // start webhook server using Manager
    webhookInstallOptions := &testEnv.WebhookInstallOptions
    mgr, err := ctrl.NewManager(cfg, ctrl.Options{
        Scheme: scheme,
        WebhookServer: webhook.NewServer(webhook.Options{
            Host:    webhookInstallOptions.LocalServingHost,
            Port:    webhookInstallOptions.LocalServingPort,
            CertDir: webhookInstallOptions.LocalServingCertDir,
        }),
        LeaderElection: false,
        Metrics:        metricsserver.Options{BindAddress: "0"},
    })
    Expect(err).NotTo(HaveOccurred())

    err = (&MarkdownView{}).SetupWebhookWithManager(mgr)
    Expect(err).NotTo(HaveOccurred())

    // +kubebuilder:scaffold:webhook

    go func() {
        defer GinkgoRecover()
        err = mgr.Start(ctx)
        Expect(err).NotTo(HaveOccurred())
    }()

    // wait for the webhook server to get ready
    dialer := &net.Dialer{Timeout: time.Second}
    addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort)
    Eventually(func() error {
        conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true})
        if err != nil {
            return err
        }
        return conn.Close()
    }).Should(Succeed())

})

var _ = AfterSuite(func() {
    cancel()
    By("tearing down the test environment")
    err := testEnv.Stop()
    Expect(err).NotTo(HaveOccurred())
})

基本的にはコントローラーのテストコードと似ていますが、envtest.Environmentを作成する際に、Webhook用のマニフェストのパスを指定したり、 ctrl.NewManagerを呼び出す際にHost,Port,CertDirのパラメータをtestEnvのパラメータで上書きする必要があります。

Webhookのテスト

Webhookのテストコードを書いてみましょう。

api/v1/markdownview_webhook_test.go

/*
Copyright 2024.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1

import (
    "bytes"
    "context"
    "errors"
    "os"
    "path/filepath"

    . "github.com/onsi/ginkgo/v2"
    . "github.com/onsi/gomega"
    apierrors "k8s.io/apimachinery/pkg/api/errors"
    "k8s.io/apimachinery/pkg/types"
    "k8s.io/apimachinery/pkg/util/yaml"
)

func testMutating(input string, output string) {
    ctx := context.Background()

    y, err := os.ReadFile(input)
    Expect(err).NotTo(HaveOccurred())
    d := yaml.NewYAMLOrJSONDecoder(bytes.NewReader(y), 4096)
    inputView := &MarkdownView{}
    err = d.Decode(inputView)
    Expect(err).NotTo(HaveOccurred())

    err = k8sClient.Create(ctx, inputView)
    Expect(err).NotTo(HaveOccurred())

    ret := &MarkdownView{}
    err = k8sClient.Get(ctx, types.NamespacedName{Name: inputView.GetName(), Namespace: inputView.GetNamespace()}, ret)
    Expect(err).NotTo(HaveOccurred())

    y, err = os.ReadFile(output)
    Expect(err).NotTo(HaveOccurred())
    d = yaml.NewYAMLOrJSONDecoder(bytes.NewReader(y), 4096)
    outputView := &MarkdownView{}
    err = d.Decode(outputView)
    Expect(err).NotTo(HaveOccurred())

    Expect(ret.Spec).Should(Equal(outputView.Spec))
}

func testValidating(file string, valid bool) {
    ctx := context.Background()
    y, err := os.ReadFile(file)
    Expect(err).NotTo(HaveOccurred())
    d := yaml.NewYAMLOrJSONDecoder(bytes.NewReader(y), 4096)
    view := &MarkdownView{}
    err = d.Decode(view)
    Expect(err).NotTo(HaveOccurred())

    err = k8sClient.Create(ctx, view)

    if valid {
        Expect(err).NotTo(HaveOccurred(), "MarkdownView: %v", view)
    } else {
        Expect(err).To(HaveOccurred(), "MarkdownView: %v", view)
        statusErr := &apierrors.StatusError{}
        Expect(errors.As(err, &statusErr)).To(BeTrue())
        expected := view.Annotations["message"]
        Expect(statusErr.ErrStatus.Message).To(ContainSubstring(expected))
    }
}

var _ = Describe("MarkdownView Webhook", func() {

    Context("When creating MarkdownView under Defaulting Webhook", func() {
        It("Should fill in the default value if a required field is empty", func() {
            testMutating(filepath.Join("testdata", "mutating", "input.yaml"), filepath.Join("testdata", "mutating", "output.yaml"))
        })
    })

    Context("When creating MarkdownView under Validating Webhook", func() {
        It("Should deny if a required field is empty or invalid", func() {
            testValidating(filepath.Join("testdata", "validating", "empty-markdowns.yaml"), false)
            testValidating(filepath.Join("testdata", "validating", "invalid-replicas.yaml"), false)
            testValidating(filepath.Join("testdata", "validating", "without-summary.yaml"), false)
        })

        It("Should admit if all required fields are valid", func() {
            testValidating(filepath.Join("testdata", "validating", "valid.yaml"), true)
        })
    })

})

MutatingWebhookのテストでは、入力となるマニフェストファイル(input.yaml)を利用してリソースを作成し、 作成されたリソースが期待値となるマニフェストファイル(output.yaml)の内容と一致することを確認しています。

ValidatingWebhookのテストでは、Validなマニフェストファイル(valid.yaml)を利用してリソースが作成できることと、 Invalidなマニフェストファイル(empty-markdowns.yaml, invalid-replicas.yaml, without-summary.yaml)を利用してリソースの作成に失敗することをテストしています。

最後に、make testでテストに通ることを確認しましょう。

$ make test
KUBEBUILDER_ASSETS="~/markdown-view/bin/k8s/1.30.0-linux-amd64" go test $(go list ./... | grep -v /e2e) -coverprofile cover.out
        github.com/zoetrope/markdown-view/cmd           coverage: 0.0% of statements
        github.com/zoetrope/markdown-view/test/utils            coverage: 0.0% of statements
ok      github.com/zoetrope/markdown-view/api/v1        5.573s  coverage: 51.6% of statements
ok      github.com/zoetrope/markdown-view/internal/controller   6.136s  coverage: 69.6% of statements