-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathlocal-testing.sh
executable file
·83 lines (61 loc) · 3.1 KB
/
local-testing.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/bash
set -euo pipefail
# Default to root if no .git missing
ROOT=$(git rev-parse --show-toplevel || echo '.' )
cd $ROOT
# Ensure tmp folder exists
mkdir -p tmp/
# Ensure local certs exist
testing/certs.sh
echo "Removing old test file"
rm -f tmp/kube-audit-rest.log;
echo "Removing old servers if still running"
pkill kube-audit-rest || echo "No old server running"
# Use a random unused ephemeral port
function ephemeral_port() {
local -r min=49152 max=65535
while true; do
local port=$((RANDOM % (max - min + 1) + min))
if ! (echo >/dev/tcp/127.0.0.1/$port) >/dev/null 2>&1; then
echo "$port"
break
fi
done
}
export SERVER_PORT="$(ephemeral_port)"
export METRICS_PORT="$(ephemeral_port)"
if [[ "$(uname -m)" == 'x86_64' ]]
then
# Run current server with those local certs on port $SERVER_PORT
# With race detection on x86_64
# Redirecting output to confirm standard library logs redirected to
# structured logger to prevent repeats of #31
echo "Also doing race detection"
go run -race ./cmd/kube-audit-rest/main.go --cert-filename=./tmp/server.crt --cert-key-filename=./tmp/server.key \
--server-port="$SERVER_PORT" --metrics-port="$METRICS_PORT" --logger-filename=./tmp/kube-audit-rest.log > ./tmp/kube-audit-rest-output.log 2>&1 &
else
# Run current server with those local certs on port $SERVER_PORT
go run ./cmd/kube-audit-rest/main.go --cert-filename=./tmp/server.crt --cert-key-filename=./tmp/server.key \
--server-port="$SERVER_PORT" --metrics-port="$METRICS_PORT" --logger-filename=./tmp/kube-audit-rest.log > ./tmp/kube-audit-rest-output.log 2>&1 &
fi
KUBE_AUDIT_PID=$!
# Wait for server to run
while ! nc -z localhost "$SERVER_PORT"; do
sleep 1 # wait for 1/10 of the second before check again
done
go run testing/locally/main.go --server-port="$SERVER_PORT" --metrics-port="$METRICS_PORT"
export TEST_EXIT="$?"
sleep 2 # Scientific way of waiting for the file to be written as async...
# Removing backgrounded process
kill "$KUBE_AUDIT_PID"
# Ensure every line has a requestReceivedTimestamp
if [ "$(cat tmp/kube-audit-rest.log | grep -c "requestReceivedTimestamp")" -ne "$(wc -l tmp/kube-audit-rest.log | cut -d ' ' -f 1)" ]; then
echo "output not as expected, not all lines contain requestReceivedTimestamp"
exit 1
fi
# Sort audit log by uid as it's the only guaranteed field, and kube-audit-rest doesn't guarantee request ordering
# Removing the requestReceivedTimestamp timestamp as it's not deterministic
cat tmp/kube-audit-rest.log | jq -s -c '. | sort_by(.request.uid)| del(.[].requestReceivedTimestamp)| .[]' > tmp/kube-audit-rest-sorted.log
# Making sure that we're capturing standard library logs via structured logging
cat tmp/kube-audit-rest-output.log | grep "remote error: tls: bad certificate" | jq -e '.msg' > /dev/null || bash -c 'echo "output not as expected: failed to get standard library logs via structured logging" && exit 255'
diff testing/locally/data/kube-audit-rest-sorted.log tmp/kube-audit-rest-sorted.log && [ "$TEST_EXIT" -eq "0" ] && echo "Test passed" || bash -c 'echo "output not as expected" && exit 255'