test: catch broken scanner (#540)

* Do not remove failed images in e2e tests

This commit introduces an easier-to-use way of setting additional args
on the manager for the e2e tests. Along with this change,
`--scanner-arg=--delete-scan-failed-images=false` is the default,
meaning that tests will not delete images for which the scan failed.

This is to address #536, where a failing scanner was not caught by the
e2e tests.

I have verified locally that a failing scanner will cause at least one
test to fail.

Signed-off-by: Peter Engelbert <[email protected]>

* Ensure failing scanner causes at least one e2e test failure

Adds a new e2e test

Signed-off-by: Peter Engelbert <[email protected]>

* Rename tests to sort logs

Multiple tests were assigned the same name, and because the test_logs
are placed in directories named after the tests, the log directories
were getting cluttered with results from multiple tests. This commit
gives each test a unique name, and therefore a unique log directory.

Signed-off-by: Peter Engelbert <[email protected]>

* Tidy code in imagecollector_controller

Signed-off-by: Peter Engelbert <[email protected]>

Signed-off-by: Peter Engelbert <[email protected]>

Author: pmengelbert

controllers/imagecollector/imagecollector_controller.go

@@ -306,10 +306,14 @@ func (r *Reconciler) createImageJob(ctx context.Context, req ctrl.Request, argsC
 	}
 
 	if !scanDisabled {
+		deleteFailedString := strconv.FormatBool(*deleteScanFailedImages)
+		scanFailedArg := fmt.Sprintf("--delete-scan-failed-images=%s", deleteFailedString)
+		scannerArgs = append(scannerArgs, scanFailedArg)
+
 		scannerContainer := corev1.Container{
 			Name:  "trivy-scanner",
 			Image: *scannerImage,
-			Args:  append(scannerArgs, "delete-scan-failed-images="+strconv.FormatBool(*deleteScanFailedImages)),
+			Args:  scannerArgs,
 			VolumeMounts: []corev1.VolumeMount{
 				{MountPath: "/run/eraser.sh/shared-data", Name: "shared-data"},
 			},

test/e2e/tests/collector_disable_scan/main_test.go

@@ -40,7 +40,8 @@ func TestMain(m *testing.M) {
 			"--set", util.CollectorImageTag.Set(collectorImage.Tag),
 			"--set", util.ManagerImageRepo.Set(managerImage.Repo),
 			"--set", util.ManagerImageTag.Set(managerImage.Tag),
-			"--set", `controllerManager.additionalArgs={--job-cleanup-on-success-delay=1m}`),
+			"--set", util.ManagerAdditionalArgs.Set("--job-cleanup-on-success-delay=1m").String(),
+		),
 	).Finish(
 		envfuncs.DestroyKindCluster(util.KindClusterName),
 	)

test/e2e/tests/collector_ensure_scan/eraser_test.go

@@ -0,0 +1,39 @@
+//go:build e2e
+// +build e2e
+
+package e2e
+
+import (
+	"context"
+	"testing"
+
+	"github.com/Azure/eraser/test/e2e/util"
+
+	"sigs.k8s.io/e2e-framework/pkg/envconf"
+	"sigs.k8s.io/e2e-framework/pkg/features"
+)
+
+func TestEnsureScannerFunctions(t *testing.T) {
+	collectScanErasePipelineFeat := features.New("Collector pods should run automatically, trigger the scanner, then the eraser pods. Manifest deployment test.").
+		Assess("Vulnerable Image successfully deleted from all nodes", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
+			ctxT, cancel := context.WithTimeout(ctx, util.Timeout)
+			defer cancel()
+			util.CheckImageRemoved(ctxT, t, util.GetClusterNodes(t), util.Alpine)
+
+			return ctx
+		}).
+		Assess("Get logs", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
+			if err := util.GetManagerLogs(ctx, cfg, t); err != nil {
+				t.Error("error getting manager logs", err)
+			}
+
+			if err := util.GetPodLogs(ctx, cfg, t, false); err != nil {
+				t.Error("error getting manager logs", err)
+			}
+
+			return ctx
+		}).
+		Feature()
+
+	util.Testenv.Test(t, collectScanErasePipelineFeat)
+}

test/e2e/tests/collector_ensure_scan/main_test.go

@@ -0,0 +1,53 @@
+//go:build e2e
+// +build e2e
+
+package e2e
+
+import (
+	"os"
+	"testing"
+
+	eraserv1alpha1 "github.com/Azure/eraser/api/v1alpha1"
+	"github.com/Azure/eraser/test/e2e/util"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/e2e-framework/pkg/env"
+	"sigs.k8s.io/e2e-framework/pkg/envconf"
+	"sigs.k8s.io/e2e-framework/pkg/envfuncs"
+)
+
+func TestMain(m *testing.M) {
+	utilruntime.Must(eraserv1alpha1.AddToScheme(scheme.Scheme))
+
+	eraserImage := util.ParsedImages.EraserImage
+	managerImage := util.ParsedImages.ManagerImage
+	collectorImage := util.ParsedImages.CollectorImage
+	scannerImage := util.ParsedImages.ScannerImage
+
+	util.Testenv = env.NewWithConfig(envconf.New())
+	// Create KinD Cluster
+	util.Testenv.Setup(
+		envfuncs.CreateKindClusterWithConfig(util.KindClusterName, util.NodeVersion, "../../kind-config.yaml"),
+		envfuncs.CreateNamespace(util.TestNamespace),
+		envfuncs.LoadDockerImageToCluster(util.KindClusterName, util.ManagerImage),
+		envfuncs.LoadDockerImageToCluster(util.KindClusterName, util.Image),
+		envfuncs.LoadDockerImageToCluster(util.KindClusterName, util.CollectorImage),
+		envfuncs.LoadDockerImageToCluster(util.KindClusterName, util.VulnerableImage),
+		envfuncs.LoadDockerImageToCluster(util.KindClusterName, util.NonVulnerableImage),
+		envfuncs.LoadDockerImageToCluster(util.KindClusterName, util.ScannerImage),
+		util.DeployEraserHelm(util.TestNamespace,
+			"--set", util.ScannerImageRepo.Set(scannerImage.Repo),
+			"--set", util.ScannerImageTag.Set(scannerImage.Tag),
+			"--set", util.EraserImageRepo.Set(eraserImage.Repo),
+			"--set", util.EraserImageTag.Set(eraserImage.Tag),
+			"--set", util.CollectorImageRepo.Set(collectorImage.Repo),
+			"--set", util.CollectorImageTag.Set(collectorImage.Tag),
+			"--set", util.ManagerImageRepo.Set(managerImage.Repo),
+			"--set", util.ManagerImageTag.Set(managerImage.Tag),
+			"--set", util.ManagerAdditionalArgs.Set("--job-cleanup-on-success-delay=2m").String(),
+		),
+	).Finish(
+		envfuncs.DestroyKindCluster(util.KindClusterName),
+	)
+	os.Exit(util.Testenv.Run(m))
+}

test/e2e/tests/collector_skip_excluded/main_test.go

@@ -46,7 +46,8 @@ func TestMain(m *testing.M) {
 			"--set", util.CollectorImageTag.Set(collectorImage.Tag),
 			"--set", util.ManagerImageRepo.Set(managerImage.Repo),
 			"--set", util.ManagerImageTag.Set(managerImage.Tag),
-			"--set", `controllerManager.additionalArgs={--job-cleanup-on-success-delay=2m}`),
+			"--set", util.ManagerAdditionalArgs.Set("--job-cleanup-on-success-delay=2m").String(),
+		),
 	).Finish(
 		envfuncs.DestroyKindCluster(util.KindClusterName),
 	)

test/e2e/tests/helm_pull_secret/main_test.go

@@ -43,7 +43,8 @@ func TestMain(m *testing.M) {
 			"--set", util.ManagerImageRepo.Set(managerImage.Repo),
 			"--set", util.ManagerImageTag.Set(managerImage.Tag),
 			"--set-json", util.ImagePullSecrets.Set(util.ImagePullSecretJSON),
-			"--set", `controllerManager.additionalArgs={--job-cleanup-on-success-delay=2m}`),
+			"--set", util.ManagerAdditionalArgs.Set("--job-cleanup-on-success-delay=2m").String(),
+		),
 	).Finish(
 		envfuncs.DestroyKindCluster(util.KindClusterName),
 	)

test/e2e/tests/imagelist_alias/main_test.go

@@ -37,7 +37,8 @@ func TestMain(m *testing.M) {
 			"--set", util.EraserImageTag.Set(eraserImage.Tag),
 			"--set", util.ManagerImageRepo.Set(managerImage.Repo),
 			"--set", util.ManagerImageTag.Set(managerImage.Tag),
-			"--set", `controllerManager.additionalArgs={--job-cleanup-on-success-delay=1m}`),
+			"--set", util.ManagerAdditionalArgs.Set("--job-cleanup-on-success-delay=1m").String(),
+		),
 	).Finish(
 		envfuncs.DestroyKindCluster(util.KindClusterName),
 	)

test/e2e/tests/imagelist_exclusion_list/main_test.go

@@ -36,7 +36,8 @@ func TestMain(m *testing.M) {
 			"--set", util.EraserImageTag.Set(eraserImage.Tag),
 			"--set", util.ManagerImageRepo.Set(managerImage.Repo),
 			"--set", util.ManagerImageTag.Set(managerImage.Tag),
-			"--set", `controllerManager.additionalArgs={--job-cleanup-on-success-delay=1m}`),
+			"--set", util.ManagerAdditionalArgs.Set("--job-cleanup-on-success-delay=1m").String(),
+		),
 	).Finish(
 		envfuncs.DestroyKindCluster(util.KindClusterName),
 	)

test/e2e/tests/imagelist_include_nodes/main_test.go

@@ -36,7 +36,8 @@ func TestMain(m *testing.M) {
 			"--set", util.EraserImageTag.Set(eraserImage.Tag),
 			"--set", util.ManagerImageRepo.Set(managerImage.Repo),
 			"--set", util.ManagerImageTag.Set(managerImage.Tag),
-			"--set", `controllerManager.additionalArgs={--filter-nodes=include, --job-cleanup-on-success-delay=1m}`),
+			"--set", util.ManagerAdditionalArgs.Set("--filter-nodes=include").Set("--job-cleanup-on-success-delay=1m").String(),
+		),
 	).Finish(
 		envfuncs.DestroyKindCluster(util.KindClusterName),
 	)

test/e2e/tests/imagelist_prune_images/main_test.go

@@ -36,7 +36,8 @@ func TestMain(m *testing.M) {
 			"--set", util.EraserImageTag.Set(eraserImage.Tag),
 			"--set", util.ManagerImageRepo.Set(managerImage.Repo),
 			"--set", util.ManagerImageTag.Set(managerImage.Tag),
-			"--set", `controllerManager.additionalArgs={--job-cleanup-on-success-delay=1m}`),
+			"--set", util.ManagerAdditionalArgs.Set("--job-cleanup-on-success-delay=1m").String(),
+		),
 	).Finish(
 		envfuncs.DestroyKindCluster(util.KindClusterName),
 	)