Skip to content

Adds unit test to test CRDs #331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Adds unit test to test CRDs #331

wants to merge 2 commits into from

Conversation

@bowei
Copy link
Contributor

@bowei bowei commented Oct 9, 2025
edited
Loading 

crdtest tests the current CRDs against example valid and invalid CRs. There
are two ways to use this:

Each test case takes its name from the name of the resource being
instantiated.

  - pkg/crdtest/valid are valid resource definitions.
  - pkg/crdtest/invalid are invalid resource definitions.

Run as a standard Go-test:

     $ go test ./pkg/crdtest

Run in -watch mode for development:

     $ go test -c -o crdtest ./pkg/crdtest # make crdtest
     $ ./crdtest -crdDir config/crd/standard -watch pkg/crdtest/valid 2>/tmp/out

will watch changes to the *.yaml files in pkg/crdtest/valid and attempt to
load them into an API server. Validation errors will be written to stdout.

Example output for -watch:

$ ./crdtest -crdDir config/crd/standard -watch pkg/crdtest/valid 2>/tmp/out

apiVersion: policy.networking.k8s.io/v1alpha2
kind: ClusterNetworkPolicy
metadata:
  name: cluster-wide-deny
spec:
  tier: Admin
  priority: 0
  subject:
    namespaces:
      matchLabels:
        kubernetes.io/metadata.name: sensitive-ns
  ingress:
    - action: Denyx
      name: select-all-deny-all
      from:
      - pods:
          namespaceSelector:
            matchLabels: {}
          podSelector:
            matchLabels: {}

❌ pkg/crdtest/valid/cluster-wide-deny.yaml: ClusterNetworkPolicy.policy.networking.k8s.io "cluster-wide-deny" is invalid: [spec.ingress[0].action: Unsupported value: "Denyx": supported values: "Accept", "Deny", "Pass", <nil>: Invalid value: null: some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]
---
apiVersion: policy.networking.k8s.io/v1alpha2
kind: ClusterNetworkPolicy
metadata:
  name: cluster-wide-deny
spec:
  tier: Admin
  priority: 0
  subject:
    namespaces:
      matchLabels:
        kubernetes.io/metadata.name: sensitive-ns
  ingress:
    - action: Deny
      name: select-all-deny-all
      from:
      - pods:
          namespaceSelector:
            matchLabels: {}
          podSelector:
            matchLabels: {}

✅ pkg/crdtest/valid/cluster-wide-deny.yaml

@netlify
Copy link

netlify bot commented Oct 9, 2025
edited
Loading

Deploy Preview for kubernetes-sigs-network-policy-api ready!

Name Link
🔨 Latest commit 0e627c4
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-sigs-network-policy-api/deploys/68fbff903324a7000811cac9
😎 Deploy Preview https://deploy-preview-331--kubernetes-sigs-network-policy-api.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Oct 9, 2025
@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 9, 2025
@bowei
Copy link
Contributor Author

bowei commented Oct 9, 2025

@robscott thanks for the idea

@bowei bowei force-pushed the pr-add-crdtest branch 2 times, most recently from 3da3849 to 37d6d5e Compare October 9, 2025 23:49
@robscott
Copy link
Member

This is very cool, thanks @bowei! All credit to @rikatz for the improvements on GW API side.

@bowei
Copy link
Contributor Author

bowei commented Oct 13, 2025

/test

@k8s-ci-robot
Copy link
Contributor

@bowei: The /test command needs one or more targets.
The following commands are available to trigger required jobs:

/test pull-network-policy-api-crd-e2e

/test pull-network-policy-api-verify

Use /test all to run all jobs.

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@bowei
Copy link
Contributor Author

bowei commented Oct 13, 2025

/test pull-network-policy-api-verify

@bowei
Copy link
Contributor Author

bowei commented Oct 14, 2025

@tssurya @npinaeva @danwinship -- any comments?

rikatz
rikatz reviewed Oct 14, 2025
View reviewed changes
rikatz
rikatz reviewed Oct 14, 2025
View reviewed changes
pkg/crdtest/crd_test.go
}
for _, e := range entries {
obj, text, err := loadYAML(validCases, path.Join(validDir, e.Name()))
if err != nil {
Copy link
Member

@rikatz rikatz Oct 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

somehow nit, but...

you have testify already on this repo, so maybe require.NoError(t, err) just to reduce the verbosity

(applies to all below, but instead of adding a require on the Create and delete you can do an assert so it wont leave the test)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the style recommended by the Go authors...

https://google.github.io/styleguide/go/decisions#assert

rikatz
rikatz reviewed Oct 14, 2025
View reviewed changes
rikatz
rikatz reviewed Oct 14, 2025
View reviewed changes
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bowei
Once this PR has been reviewed and has the lgtm label, please assign npinaeva for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

npinaeva
npinaeva reviewed Oct 21, 2025
View reviewed changes
Copy link
Member

@npinaeva npinaeva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice automation!

@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Oct 24, 2025
@bowei
Copy link
Contributor Author

bowei commented Oct 24, 2025

I incorporated all of the comments.

bowei added 2 commits October 24, 2025 15:36
@bowei
Adds unit test to test CRDs
fe915e8 
Tests the current CRDs against example valid and invalid CRDs. There
are two ways to use this:

Test cases
----------

Each test case takes its name from the name of the resource being
instantiated.

 - pkg/crdtest/testdata/{valid, invalid}

Running
-------

Run as a standard Go-test:

  $ go test ./pkg/crdtest

Run in -watch mode for development:

  $ go test -c -o crdtest ./pkg/crdtest # or "make crdtest"
  $ ./crdtest -crdDir config/crd/standard -watch pkg/crdtest/testdata/valid

will apply all yamls in pkg/crdtest/valid folder and continue watching
the changes to the *.yaml files in the folder. When a file is
changed, it will load it into an API server and print the result.
@bowei
Update go mod for crdtest
0e627c4
npinaeva
npinaeva reviewed Oct 27, 2025
View reviewed changes
pkg/crdtest/main_test.go
if *watchDir != "" {
watchAndTest(*watchDir)
if testEnv != nil {
if err := testEnv.Stop(); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so if Stop succeeds, you will continue to m.Run() and cleaning up test env again?
maybe you can just

if *watchDir != "" {
    watchAndTest(*watchDir)
    rc = 0 
} else {
    rc = m.Run()
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@npinaeva npinaeva npinaeva left review comments

@astoycos astoycos Awaiting requested review from astoycos

@danwinship danwinship Awaiting requested review from danwinship

+1 more reviewer

@rikatz rikatz rikatz left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bowei @robscott @k8s-ci-robot @rikatz @npinaeva