From 857349e94270226dd2bcead66667dc169366736c Mon Sep 17 00:00:00 2001 From: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com> Date: Mon, 24 Jun 2024 20:52:52 +0200 Subject: [PATCH] wip2 Signed-off-by: Ahmed AbouZaid <6760103+aabouzaid@users.noreply.github.com> --- .github/workflows/test-regression.yaml | 58 ++-- .../testsuites/vars/files/testsuite-core.yaml | 6 +- .../vars/files/testsuite-preflight.yaml | 4 +- .../testsuites/vars/files/testsuite-core.yaml | 275 +++++++++++++++ .../vars/files/testsuite-preflight.yaml | 115 +++++++ .../vars/files/variables-default.yaml | 7 +- .../files/variables-ingress-combined.yaml | 9 +- .../testsuites/vars/kustomization.yaml | 7 + .../testsuites/vars/files/testsuite-core.yaml | 301 +++++++++++++++++ .../vars/files/testsuite-preflight.yaml | 115 +++++++ .../vars/files/variables-default.yaml | 5 +- .../files/variables-ingress-combined.yaml | 7 +- .../testsuites/vars/kustomization.yaml | 7 + .../testsuites/vars/files/testsuite-core.yaml | 316 ++++++++++++++++++ .../vars/files/testsuite-preflight.yaml | 114 +++++++ .../testsuites/vars/kustomization.yaml | 7 + .../testsuites/vars/files/testsuite-core.yaml | 316 ++++++++++++++++++ .../vars/files/testsuite-preflight.yaml | 114 +++++++ .../testsuites/vars/kustomization.yaml | 7 + .../scenarios/chart-full-setup/Taskfile.yaml | 1 + .../scenarios/lib/chart-upgrade-taskfile.yaml | 2 +- 21 files changed, 1739 insertions(+), 54 deletions(-) create mode 100644 charts/camunda-platform-8.3/test/integration/testsuites/vars/files/testsuite-core.yaml create mode 100644 charts/camunda-platform-8.3/test/integration/testsuites/vars/files/testsuite-preflight.yaml create mode 100644 charts/camunda-platform-8.4/test/integration/testsuites/vars/files/testsuite-core.yaml create mode 100644 charts/camunda-platform-8.4/test/integration/testsuites/vars/files/testsuite-preflight.yaml create mode 100644 charts/camunda-platform-alpha/test/integration/testsuites/vars/files/testsuite-core.yaml create mode 100644 charts/camunda-platform-alpha/test/integration/testsuites/vars/files/testsuite-preflight.yaml create mode 100644 charts/camunda-platform-latest/test/integration/testsuites/vars/files/testsuite-core.yaml create mode 100644 charts/camunda-platform-latest/test/integration/testsuites/vars/files/testsuite-preflight.yaml diff --git a/.github/workflows/test-regression.yaml b/.github/workflows/test-regression.yaml index 6471346f11..c045e415c7 100644 --- a/.github/workflows/test-regression.yaml +++ b/.github/workflows/test-regression.yaml @@ -35,39 +35,38 @@ jobs: with: charts-path: "charts/camunda-platform-8*" - # validation: - # if: ${{ needs.init.outputs.matrix != '[]' }} - # name: Validation - Camunda ${{ matrix.version }} - # needs: init - # strategy: - # fail-fast: false - # matrix: - # version: ${{ fromJson(needs.init.outputs.matrix) }} - # uses: ./.github/workflows/chart-validate-template.yaml - # with: - # identifier: "${{ github.event.pull_request.number }}-vald-${{ matrix.version }}" - # camunda-helm-dir: "camunda-platform-${{ matrix.version }}" - # camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" + validation: + if: ${{ needs.init.outputs.matrix != '[]' }} + name: Validation - Camunda ${{ matrix.version }} + needs: init + strategy: + fail-fast: false + matrix: + version: ${{ fromJson(needs.init.outputs.matrix) }} + uses: ./.github/workflows/chart-validate-template.yaml + with: + identifier: "${{ github.event.pull_request.number }}-vald-${{ matrix.version }}" + camunda-helm-dir: "camunda-platform-${{ matrix.version }}" + camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" - # unit: - # if: ${{ needs.init.outputs.matrix != '[]' }} - # name: Unit Test - Camunda ${{ matrix.version }} - # needs: [init] - # strategy: - # fail-fast: false - # matrix: - # version: ${{ fromJson(needs.init.outputs.matrix) }} - # uses: ./.github/workflows/test-unit-template.yml - # with: - # identifier: "${{ github.event.pull_request.number }}-unit-${{ matrix.version }}" - # camunda-helm-dir: "camunda-platform-${{ matrix.version }}" - # camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" + unit: + if: ${{ needs.init.outputs.matrix != '[]' }} + name: Unit Test - Camunda ${{ matrix.version }} + needs: [init] + strategy: + fail-fast: false + matrix: + version: ${{ fromJson(needs.init.outputs.matrix) }} + uses: ./.github/workflows/test-unit-template.yml + with: + identifier: "${{ github.event.pull_request.number }}-unit-${{ matrix.version }}" + camunda-helm-dir: "camunda-platform-${{ matrix.version }}" + camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" integration: if: ${{ needs.init.outputs.matrix != '[]' }} name: Integration Test - Camunda ${{ matrix.version }} - #needs: [init, validation, unit] - needs: [init] + needs: [init, validation, unit] strategy: fail-fast: false matrix: @@ -82,7 +81,6 @@ jobs: identifier: "${{ github.event.pull_request.number }}-intg-${{ matrix.version }}" deployment-ttl: "${{ contains(github.event.pull_request.labels.*.name, 'test-persistent') && '1w' || '' }}" platforms: "gke" - flows: "install" - # flows: "install,upgrade" + flows: "install,upgrade" camunda-helm-dir: "camunda-platform-${{ matrix.version }}" camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" diff --git a/charts/camunda-platform-8.2/test/integration/testsuites/vars/files/testsuite-core.yaml b/charts/camunda-platform-8.2/test/integration/testsuites/vars/files/testsuite-core.yaml index f512ef49be..db73d2d8c8 100644 --- a/charts/camunda-platform-8.2/test/integration/testsuites/vars/files/testsuite-core.yaml +++ b/charts/camunda-platform-8.2/test/integration/testsuites/vars/files/testsuite-core.yaml @@ -62,7 +62,7 @@ testcases: # TODO: Use Venom "web" module to test actual login. It's easy but requires "PhantomJS" # which is not available on Alpine, so it needs to be installed first. -- name: TEST - Interacting with Camunda Platform login page +- name: TEST - Interacting with Camunda login page steps: - name: "{{ .value.component }}" skip: @@ -97,7 +97,7 @@ testcases: - result.body ShouldNotContainSubstring error # TODO: Add Optimize. -- name: TEST - Interacting with Camunda Platform web API +- name: TEST - Interacting with Camunda web API steps: - name: "{{ .value.component }}" type: http @@ -251,4 +251,4 @@ testcases: # = Request Body: {{ .result.request.body }} # = Response Body: {{ .result.body }} assertions: - - result.statuscode ShouldEqual 200 \ No newline at end of file + - result.statuscode ShouldEqual 200 diff --git a/charts/camunda-platform-8.2/test/integration/testsuites/vars/files/testsuite-preflight.yaml b/charts/camunda-platform-8.2/test/integration/testsuites/vars/files/testsuite-preflight.yaml index 8e8deca4d2..1d61d16a96 100644 --- a/charts/camunda-platform-8.2/test/integration/testsuites/vars/files/testsuite-preflight.yaml +++ b/charts/camunda-platform-8.2/test/integration/testsuites/vars/files/testsuite-preflight.yaml @@ -82,8 +82,8 @@ testcases: url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/liveness" - component: Connectors url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/liveness" - - component: Zeebe-Gateway - url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/liveness" + - component: ZeebeGateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/health" method: GET url: "{{ .value.url }}" retry: 3 diff --git a/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/testsuite-core.yaml b/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/testsuite-core.yaml new file mode 100644 index 0000000000..9f5e232690 --- /dev/null +++ b/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/testsuite-core.yaml @@ -0,0 +1,275 @@ +# NOTE: WebModeler has its own step because Venom doesn't support skip in loops yet. +# https://github.com/ovh/venom/issues/651 +name: Test core functionality of Camunda + +# Vars without defaults are passed as a Venom var, e.g. "VENOM_VAR_TEST_CLIENT_SECRET". +vars: + releaseName: integration + venomClientID: '{{ .TEST_CLIENT_ID | default "venom" }}' + venomClientSecret: '{{ .TEST_CLIENT_SECRET }}' + skipTestIngress: '{{ .SKIP_TEST_INGRESS }}' + skipTestWebModeler: '{{ .SKIP_TEST_WEBMODELER }}' + +testcases: + +# https://docs.camunda.io/docs/self-managed/identity/user-guide/generating-m2m-tokens/ +- name: TEST - Generating machine-to-machine token + steps: + - name: "{{ .value.component }}" + type: http + range: + - component: Tasklist + clientID: tasklist + clientSecret: "{{ .TASKLIST_CLIENT_SECRET }}" + - component: Operate + clientID: operate + clientSecret: "{{ .OPERATE_CLIENT_SECRET }}" + - component: Optimize + clientID: optimize + clientSecret: "{{ .OPTIMIZE_CLIENT_SECRET }}" + - component: Connectors + clientID: connectors + clientSecret: "{{ .CONNECTORS_CLIENT_SECRET }}" + method: POST + url: "{{ .coreVars.authURL }}" + headers: + Content-Type: application/x-www-form-urlencoded + body: |- + client_id={{ .value.clientID }}&client_secret={{ .value.clientSecret }}&grant_type=client_credentials + # info: | + # Component: {{ .value.component }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# Helper to get access token for Venom Identity client which's seeded during Helm deployment. +- name: helperVenomToken + steps: + - name: Get Venom token + type: http + method: POST + url: "{{ .coreVars.authURL }}" + headers: + Content-Type: application/x-www-form-urlencoded + body: "client_id={{ .venomClientID }}&client_secret={{ .venomClientSecret }}&grant_type=client_credentials" + # info: | + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + vars: + jwt: + from: result.bodyjson.access_token + +# TODO: Use Venom "web" module to test actual login. It's easy but requires "PhantomJS" +# which is not available on Alpine, so it needs to be installed first. +- name: TEST - Interacting with Camunda login page + steps: + - name: "{{ .value.component }}" + skip: + - skiptestingress ShouldBeFalse + type: http + range: + - component: Keycloak + url: "{{ .coreVars.baseURLs.keycloak }}" + - component: Identity + url: "{{ .coreVars.baseURLs.identity }}" + - component: Operate + url: "{{ .coreVars.baseURLs.operate }}" + - component: Optimize + url: "{{ .coreVars.baseURLs.optimize }}" + - component: Tasklist + url: "{{ .coreVars.baseURLs.tasklist }}" + - component: Connectors + url: "{{ .coreVars.baseURLs.connectors }}" + - component: WebModeler + url: "{{ .coreVars.baseURLs.webModeler }}" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 15 + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.body ShouldNotContainSubstring error + +# TODO: Add Optimize. +- name: TEST - Interacting with Camunda web API + steps: + - name: "{{ .value.component }}" + type: http + range: + - component: Identity + url: "{{ .coreVars.baseURLs.identity }}/api/users" + method: GET + body: '' + - component: Operate + docs: https://docs.camunda.io/docs/self-managed/operate-deployment/operate-authentication/ + url: "{{ .coreVars.baseURLs.operate }}/v1/process-definitions/search" + method: POST + body: '{}' + - component: Tasklist + docs: https://docs.camunda.io/docs/self-managed/tasklist-deployment/tasklist-authentication/ + url: "{{ .coreVars.baseURLs.tasklist }}/graphql" + method: POST + body: '{"query": "{tasks(query:{}){id name}}"}' + method: "{{ .value.method }}" + url: "{{ .value.url }}" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: "{{ .value.body }}" + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# Unlike other apps, WebModeler by default expects the JWT token to be acquired from external Keycloak URL. +# Hence, this test is added in the extra tests when Ingress is enabled. +- name: TEST - Interacting with WebModeler + steps: + # TODO: Check why WM 8.3.0 cannot be accessed internally. + # - name: Check WebModeler internal API + # skip: + # - skiptestwebmodeler ShouldBeFalse + # type: http + # method: GET + # url: "{{ .coreVars.baseURLs.webModelerRestapi }}/api/v1/info" + # headers: + # Content-Type: application/json + # Authorization: "Bearer {{ .helperVenomToken.jwt }}" + # # info: | + # # = Request Body: {{ .result.request.body }} + # # = Response Body: {{ .result.body }} + # assertions: + # - result.statuscode ShouldEqual 200 + # - result.bodyjson.version ShouldNotBeEmpty + - name: Check WebModeler login page + skip: + - skiptestingress ShouldBeFalse + - skiptestwebmodeler ShouldBeFalse + type: http + method: GET + url: "{{ .coreVars.baseURLs.webModeler }}" + retry: 3 + delay: 15 + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.body ShouldNotContainSubstring error + +- name: TEST - Interacting with Zeebe Gateway + steps: + - name: Check Zeebe Gateway status + type: exec + script: | + zbctl --clientCache=/tmp/zeebe \ + --clientId {{ .venomClientID }} --clientSecret {{ .venomClientSecret }} \ + --authzUrl "{{ .coreVars.authURL }}" --address "{{ .coreVars.baseURLs.zeebeGateway }}" \ + {{ .coreVars.zbctl.extraArgs }} \ + status + retry: 2 + delay: 10 + # info: | + # = systemerr: {{ .result.systemerr }} + # = err: {{ .result.err }} + assertions: + - result.code ShouldEqual 0 + - result.systemout ShouldContainSubstring "Leader, Healthy" + - result.systemout ShouldNotContainSubstring Unhealthy + - result.timeseconds ShouldBeLessThan 1 + +- name: TEST - Deploying BPMN process + steps: + - name: Deploy BPMN process to Zeebe - {{ .value.name }} + type: exec + range: + - name: Basic + file: test-process.bpmn + - name: Inbound Connector + file: test-inbound-process.bpmn + script: | + zbctl --clientCache=/tmp/zeebe \ + --clientId {{ .venomClientID }} --clientSecret {{ .venomClientSecret }} \ + --authzUrl "{{ .coreVars.authURL }}" --address "{{ .coreVars.baseURLs.zeebeGateway }}" \ + {{ .coreVars.zbctl.extraArgs }} \ + deploy /mnt/fixtures/{{ .value.file }} + # info: | + # = systemerr: {{ .result.systemerr }} + # = err: {{ .result.err }} + assertions: + - result.code ShouldEqual 0 + +- name: TEST - Check deployed BPMN process + steps: + - name: Check deployed BPMN process in Operate - {{ .value.name }} + type: http + range: + - name: Basic + id: it-test-process + - name: Inbound Connector + id: test-inbound-process + method: POST + url: "{{ .coreVars.baseURLs.operate }}/v1/process-definitions/search" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: '{}' + retry: 3 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + # NOTE: JSON keys are lowercased automatically, the original key is "bpmnProcessId". + - result.bodyjson.items.items{{ .index }}.bpmnprocessid ShouldEqual {{ .value.id }} + +- name: TEST - Check Connectors webhook + steps: + - name: Check deployed BPMN webhook + type: http + method: POST + url: "{{ .coreVars.baseURLs.connectors }}/test-mywebhook" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: '{"webhookDataKey":"webhookDataValue"}' + retry: 4 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +- name: TEST - Check ServiceMonitor + steps: + - name: Check prometheus could query containers + type: http + method: GET + url: "http://{{ .coreVars.baseURLs.prometheus }}/api/v1/query?query=system_cpu_count%7Bnamespace%3D%22{{ .coreVars.testNamespace }}%22%7D" + retry: 4 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.body ShouldContainSubstring connectors + - result.body ShouldContainSubstring identity + - result.body ShouldContainSubstring operate + - result.body ShouldContainSubstring optimize + - result.body ShouldContainSubstring tasklist + - result.body ShouldContainSubstring web-modeler-restapi + - result.body ShouldContainSubstring zeebe + - result.body ShouldContainSubstring zeebe-gateway diff --git a/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/testsuite-preflight.yaml b/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/testsuite-preflight.yaml new file mode 100644 index 0000000000..e0ae8cde7c --- /dev/null +++ b/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/testsuite-preflight.yaml @@ -0,0 +1,115 @@ +# NOTE: WebModeler has its own step because Venom doesn't support skip in loops yet. +# https://github.com/ovh/venom/issues/651 +name: Run preflight checks for Camunda + +# Vars without defaults are passed as a Venom var, e.g. "VENOM_VAR_TEST_CLIENT_SECRET". +vars: + releaseName: integration + skipTestWebModeler: '{{ .SKIP_TEST_WEBMODELER }}' + +testcases: + +- name: TEST - Readiness + steps: + - name: "{{ .value.component }}" + type: http + range: + # Dependencies. + - component: Elasticsearch + url: "{{ .preflightVars.baseURLs.elasticsearch }}/_cluster/health?&timeout=1s" + - component: Keycloak + url: "{{ .preflightVars.baseURLs.keycloak }}/auth/realms/master" + # Camunda. + - component: Identity + url: "{{ .preflightVars.baseURLs.identity }}/actuator/health" + - component: Optimize + url: "{{ .preflightVars.baseURLs.optimize }}/api/readyz" + - component: Operate + url: "{{ .preflightVars.baseURLs.operate }}/actuator/health/readiness" + - component: Tasklist + url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/readiness" + - component: Connectors + url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/readiness" + - component: Zeebe-Gateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/readiness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + + - name: "WebModeler - {{ .value.component }}" + skip: + - skiptestwebmodeler ShouldBeFalse + type: http + range: + - component: RESTAPI + url: "{{ .preflightVars.baseURLs.webModelerRestapi }}/health/readiness" + - component: WebApp + url: "{{ .preflightVars.baseURLs.webModelerWebapp }}/health/readiness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +- name: TEST - Liveness + steps: + - name: "{{ .value.component }}" + type: http + range: + # Dependencies. + - component: Elasticsearch + url: "{{ .preflightVars.baseURLs.elasticsearch }}/_cluster/health?wait_for_status=green&timeout=1s" + - component: Keycloak + url: "{{ .preflightVars.baseURLs.keycloak }}/auth/realms/camunda-platform" + # Camunda. + - component: Identity + url: "{{ .preflightVars.baseURLs.identity }}/actuator/health" + - component: Optimize + url: "{{ .preflightVars.baseURLs.optimize }}/api/readyz" + - component: Operate + url: "{{ .preflightVars.baseURLs.operate }}/actuator/health/liveness" + - component: Tasklist + url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/liveness" + - component: Connectors + url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/liveness" + - component: Zeebe-Gateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/liveness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - name: "WebModeler - {{ .value.component }}" + skip: + - skiptestwebmodeler ShouldBeFalse + type: http + range: + - component: RESTAPI + url: "{{ .preflightVars.baseURLs.webModelerRestapi }}/health/liveness" + - component: WebApp + url: "{{ .preflightVars.baseURLs.webModelerWebapp }}/health/liveness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# TODO: Check seed config like ES indexes. diff --git a/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/variables-default.yaml b/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/variables-default.yaml index bfe3750509..7e132710b3 100644 --- a/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/variables-default.yaml +++ b/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/variables-default.yaml @@ -1,21 +1,19 @@ preflightVars: baseURLs: elasticsearch: http://integration-elasticsearch:9200 - console: http://integration-console:9100 keycloak: http://integration-keycloak identity: http://integration-identity:82 optimize: http://integration-optimize operate: http://integration-operate tasklist: http://integration-tasklist connectors: http://integration-connectors:8080 + zeebeGateway: http://integration-zeebe-gateway:9600 webModelerRestapi: http://integration-web-modeler-restapi:8091 webModelerWebapp: http://integration-web-modeler-webapp:8071 - zeebeGateway: http://integration-zeebe-gateway:9600 coreVars: authURL: "http://integration-keycloak/auth/realms/camunda-platform/protocol/openid-connect/token" baseURLs: - console: http://integration-console keycloak: http://integration-keycloak identity: http://integration-identity optimize: http://integration-optimize @@ -23,7 +21,6 @@ coreVars: tasklist: http://integration-tasklist connectors: http://integration-connectors:8080/inbound webModelerRestapi: http://integration-web-modeler-restapi - zeebeGatewayGRPC: http://integration-zeebe-gateway:9600 - zeebeGatewayREST: http://integration-zeebe-gateway:8080 + zeebeGateway: integration-zeebe-gateway:26500 zbctl: extraArgs: "--insecure" diff --git a/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/variables-ingress-combined.yaml b/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/variables-ingress-combined.yaml index 1746027b84..190283d560 100644 --- a/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/variables-ingress-combined.yaml +++ b/charts/camunda-platform-8.3/test/integration/testsuites/vars/files/variables-ingress-combined.yaml @@ -1,23 +1,21 @@ preflightVars: baseURLs: elasticsearch: http://integration-elasticsearch:9200 - console: http://integration-console:9100 keycloak: http://integration-keycloak identity: http://integration-identity:82 optimize: http://integration-optimize/optimize operate: http://integration-operate/operate tasklist: http://integration-tasklist/tasklist connectors: http://integration-connectors:8080/connectors + zeebeGateway: http://integration-zeebe-gateway:9600 webModelerRestapi: http://integration-web-modeler-restapi:8091 webModelerWebapp: http://integration-web-modeler-webapp:8071 - zeebeGateway: http://integration-zeebe-gateway:9600/zeebe coreVars: authURL: "https://{{ .TEST_INGRESS_HOST }}/auth/realms/camunda-platform/protocol/openid-connect/token" testNamespace: "{{ .K8S_NAMESPACE }}" baseURLs: - console: "https://{{ .TEST_INGRESS_HOST }}" - keycloak: "https://{{ .TEST_INGRESS_HOST }}/auth/" + keycloak: "https://{{ .TEST_INGRESS_HOST }}/auth" identity: "https://{{ .TEST_INGRESS_HOST }}/identity" operate: "https://{{ .TEST_INGRESS_HOST }}/operate" optimize: "https://{{ .TEST_INGRESS_HOST }}/optimize" @@ -25,8 +23,7 @@ coreVars: connectors: "https://{{ .TEST_INGRESS_HOST }}/connectors/inbound" webModeler: "https://{{ .TEST_INGRESS_HOST }}/modeler" webModelerRestapi: http://integration-web-modeler-restapi - zeebeGatewayGRPC: "zeebe-{{ .TEST_INGRESS_HOST }}:443" - zeebeGatewayREST: "https://{{ .TEST_INGRESS_HOST }}/zeebe" + zeebeGateway: "zeebe-{{ .TEST_INGRESS_HOST }}:443" prometheus: "prometheus-operated.kube-prometheus-stack.svc.cluster.local:9090" zbctl: extraArgs: "" diff --git a/charts/camunda-platform-8.3/test/integration/testsuites/vars/kustomization.yaml b/charts/camunda-platform-8.3/test/integration/testsuites/vars/kustomization.yaml index ced36288a4..412b1b9334 100644 --- a/charts/camunda-platform-8.3/test/integration/testsuites/vars/kustomization.yaml +++ b/charts/camunda-platform-8.3/test/integration/testsuites/vars/kustomization.yaml @@ -2,6 +2,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: +# This will be added in the CI. +# - name: venom-tests +# options: +# disableNameSuffixHash: true +# files: +# - files/testsuite-preflight.yaml +# - files/testsuite-core.yaml - name: venom-vars options: disableNameSuffixHash: true diff --git a/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/testsuite-core.yaml b/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/testsuite-core.yaml new file mode 100644 index 0000000000..5d18a524ee --- /dev/null +++ b/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/testsuite-core.yaml @@ -0,0 +1,301 @@ +# NOTE: WebModeler has its own step because Venom doesn't support skip in loops yet. +# https://github.com/ovh/venom/issues/651 +name: Test core functionality of Camunda + +# Vars without defaults are passed as a Venom var, e.g. "VENOM_VAR_TEST_CLIENT_SECRET". +vars: + releaseName: integration + venomClientID: '{{ .TEST_CLIENT_ID | default "venom" }}' + venomClientSecret: '{{ .TEST_CLIENT_SECRET }}' + skipTestIngress: '{{ .SKIP_TEST_INGRESS }}' + skipTestWebModeler: '{{ .SKIP_TEST_WEBMODELER }}' + +testcases: + +# https://docs.camunda.io/docs/self-managed/identity/user-guide/generating-m2m-tokens/ +- name: TEST - Generating machine-to-machine token + description: | + Test generating tokens from Keycloak for components that use client type "CONFIDENTIAL". + This test will not work with type "PUBLIC" because "Public client not allowed to retrieve service account". + https://datatracker.ietf.org/doc/html/rfc6749#section-2.1 + steps: + - name: "{{ .value.component }}" + type: http + range: + - component: Tasklist + clientID: tasklist + clientSecret: "{{ .TASKLIST_CLIENT_SECRET }}" + - component: Operate + clientID: operate + clientSecret: "{{ .OPERATE_CLIENT_SECRET }}" + - component: Optimize + clientID: optimize + clientSecret: "{{ .OPTIMIZE_CLIENT_SECRET }}" + - component: Connectors + clientID: connectors + clientSecret: "{{ .CONNECTORS_CLIENT_SECRET }}" + method: POST + url: "{{ .coreVars.authURL }}" + headers: + Content-Type: application/x-www-form-urlencoded + body: |- + client_id={{ .value.clientID }}&client_secret={{ .value.clientSecret }}&grant_type=client_credentials + # info: | + # Component: {{ .value.component }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# Helper to get access token for Venom Identity client which's seeded during Helm deployment. +- name: helperVenomToken + steps: + - name: Get Venom token + type: http + method: POST + url: "{{ .coreVars.authURL }}" + headers: + Content-Type: application/x-www-form-urlencoded + body: "client_id={{ .venomClientID }}&client_secret={{ .venomClientSecret }}&grant_type=client_credentials" + # info: | + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + vars: + jwt: + from: result.bodyjson.access_token + +- name: TEST - Interacting with Camunda login page + steps: + - name: "{{ .value.component }}" + skip: + - skiptestingress ShouldBeFalse + type: http + range: + - component: Console + url: "{{ .coreVars.baseURLs.console }}" + - component: Keycloak + url: "{{ .coreVars.baseURLs.keycloak }}" + - component: Identity + url: "{{ .coreVars.baseURLs.identity }}" + - component: Operate + url: "{{ .coreVars.baseURLs.operate }}" + - component: Optimize + url: "{{ .coreVars.baseURLs.optimize }}" + - component: Tasklist + url: "{{ .coreVars.baseURLs.tasklist }}" + - component: WebModeler + url: "{{ .coreVars.baseURLs.webModeler }}" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 15 + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.body ShouldNotContainSubstring error + +# Connectors Inbound doesn't have the same flow like the rest of the components. +# So it needs different check. +- name: TEST - Interacting with Camunda login page - Connectors + steps: + - name: "Check Inbound Connectors" + skip: + - skiptestingress ShouldBeFalse + type: http + method: GET + url: "{{ .coreVars.baseURLs.connectors }}" + retry: 3 + delay: 15 + info: | + = Request Method: {{ .value.method }} + = Request Body: {{ .result.request.body }} + = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + # - result.bodyjson.items.items0.health.status ShouldEqual UP + +# TODO: Add Optimize. +- name: TEST - Interacting with Camunda web API + steps: + - name: "{{ .value.component }}" + type: http + range: + - component: Console + url: "{{ .coreVars.baseURLs.console }}/api/clusters" + method: GET + body: '' + - component: Identity + url: "{{ .coreVars.baseURLs.identity }}/api/users" + method: GET + body: '' + - component: Operate + docs: https://docs.camunda.io/docs/self-managed/operate-deployment/operate-authentication/ + url: "{{ .coreVars.baseURLs.operate }}/v1/process-definitions/search" + method: POST + body: '{}' + - component: Tasklist + docs: https://docs.camunda.io/docs/self-managed/tasklist-deployment/tasklist-authentication/ + url: "{{ .coreVars.baseURLs.tasklist }}/graphql" + method: POST + body: '{"query": "{tasks(query:{}){id name}}"}' + method: "{{ .value.method }}" + url: "{{ .value.url }}" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: "{{ .value.body }}" + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# Unlike other apps, WebModeler by default expects the JWT token to be acquired from external Keycloak URL. +# Hence, this test is added in the extra tests when Ingress is enabled. +- name: TEST - Interacting with WebModeler + steps: + # TODO: Check why WM 8.3.0 cannot be accessed internally. + # - name: Check WebModeler internal API + # skip: + # - skiptestwebmodeler ShouldBeFalse + # type: http + # method: GET + # url: "{{ .coreVars.baseURLs.webModelerRestapi }}/api/v1/info" + # headers: + # Content-Type: application/json + # Authorization: "Bearer {{ .helperVenomToken.jwt }}" + # # info: | + # # = Request Body: {{ .result.request.body }} + # # = Response Body: {{ .result.body }} + # assertions: + # - result.statuscode ShouldEqual 200 + # - result.bodyjson.version ShouldNotBeEmpty + - name: Check WebModeler login page + skip: + - skiptestingress ShouldBeFalse + - skiptestwebmodeler ShouldBeFalse + type: http + method: GET + url: "{{ .coreVars.baseURLs.webModeler }}" + retry: 3 + delay: 15 + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.body ShouldNotContainSubstring error + +- name: TEST - Interacting with Zeebe Gateway + steps: + - name: Check Zeebe Gateway status + type: exec + script: | + zbctl --clientCache=/tmp/zeebe \ + --clientId {{ .venomClientID }} --clientSecret {{ .venomClientSecret }} \ + --authzUrl "{{ .coreVars.authURL }}" --address "{{ .coreVars.baseURLs.zeebeGateway }}" \ + {{ .coreVars.zbctl.extraArgs }} \ + status + retry: 2 + delay: 10 + # info: | + # = systemerr: {{ .result.systemerr }} + # = err: {{ .result.err }} + assertions: + - result.code ShouldEqual 0 + - result.systemout ShouldContainSubstring "Leader, Healthy" + - result.systemout ShouldNotContainSubstring Unhealthy + - result.timeseconds ShouldBeLessThan 1 + +- name: TEST - Deploying BPMN process + steps: + - name: Deploy BPMN process to Zeebe - {{ .value.name }} + type: exec + range: + - name: Basic + file: test-process.bpmn + - name: Inbound Connector + file: test-inbound-process.bpmn + script: | + zbctl --clientCache=/tmp/zeebe \ + --clientId {{ .venomClientID }} --clientSecret {{ .venomClientSecret }} \ + --authzUrl "{{ .coreVars.authURL }}" --address "{{ .coreVars.baseURLs.zeebeGateway }}" \ + {{ .coreVars.zbctl.extraArgs }} \ + deploy /mnt/fixtures/{{ .value.file }} + # info: | + # = systemerr: {{ .result.systemerr }} + # = err: {{ .result.err }} + assertions: + - result.code ShouldEqual 0 + +- name: TEST - Check deployed BPMN process + steps: + - name: Check deployed BPMN process in Operate - {{ .value.name }} + type: http + range: + - name: Basic + id: it-test-process + - name: Inbound Connector + id: test-inbound-process + method: POST + url: "{{ .coreVars.baseURLs.operate }}/v1/process-definitions/search" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: '{}' + retry: 3 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + # NOTE: JSON keys are lowercased automatically, the original key is "bpmnProcessId". + - result.bodyjson.items.items{{ .index }}.bpmnprocessid ShouldEqual {{ .value.id }} + +- name: TEST - Check Connectors webhook + steps: + - name: Check deployed BPMN webhook + type: http + method: POST + url: "{{ .coreVars.baseURLs.connectors }}/test-mywebhook" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: '{"webhookDataKey":"webhookDataValue"}' + retry: 4 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# - name: TEST - Check ServiceMonitor +# steps: +# - name: Check prometheus could query containers +# type: http +# method: GET +# url: "http://{{ .coreVars.baseURLs.prometheus }}/api/v1/query?query=system_cpu_count%7Bnamespace%3D%22{{ .coreVars.testNamespace }}%22%7D" +# retry: 4 +# delay: 15 +# # info: | +# # = Request Body: {{ .result.request.body }} +# # = Response Body: {{ .result.body }} +# assertions: +# - result.body ShouldContainSubstring connectors +# - result.body ShouldContainSubstring identity +# - result.body ShouldContainSubstring operate +# - result.body ShouldContainSubstring optimize +# - result.body ShouldContainSubstring tasklist +# - result.body ShouldContainSubstring web-modeler-restapi +# - result.body ShouldContainSubstring zeebe +# - result.body ShouldContainSubstring zeebe-gateway diff --git a/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/testsuite-preflight.yaml b/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/testsuite-preflight.yaml new file mode 100644 index 0000000000..e0ae8cde7c --- /dev/null +++ b/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/testsuite-preflight.yaml @@ -0,0 +1,115 @@ +# NOTE: WebModeler has its own step because Venom doesn't support skip in loops yet. +# https://github.com/ovh/venom/issues/651 +name: Run preflight checks for Camunda + +# Vars without defaults are passed as a Venom var, e.g. "VENOM_VAR_TEST_CLIENT_SECRET". +vars: + releaseName: integration + skipTestWebModeler: '{{ .SKIP_TEST_WEBMODELER }}' + +testcases: + +- name: TEST - Readiness + steps: + - name: "{{ .value.component }}" + type: http + range: + # Dependencies. + - component: Elasticsearch + url: "{{ .preflightVars.baseURLs.elasticsearch }}/_cluster/health?&timeout=1s" + - component: Keycloak + url: "{{ .preflightVars.baseURLs.keycloak }}/auth/realms/master" + # Camunda. + - component: Identity + url: "{{ .preflightVars.baseURLs.identity }}/actuator/health" + - component: Optimize + url: "{{ .preflightVars.baseURLs.optimize }}/api/readyz" + - component: Operate + url: "{{ .preflightVars.baseURLs.operate }}/actuator/health/readiness" + - component: Tasklist + url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/readiness" + - component: Connectors + url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/readiness" + - component: Zeebe-Gateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/readiness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + + - name: "WebModeler - {{ .value.component }}" + skip: + - skiptestwebmodeler ShouldBeFalse + type: http + range: + - component: RESTAPI + url: "{{ .preflightVars.baseURLs.webModelerRestapi }}/health/readiness" + - component: WebApp + url: "{{ .preflightVars.baseURLs.webModelerWebapp }}/health/readiness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +- name: TEST - Liveness + steps: + - name: "{{ .value.component }}" + type: http + range: + # Dependencies. + - component: Elasticsearch + url: "{{ .preflightVars.baseURLs.elasticsearch }}/_cluster/health?wait_for_status=green&timeout=1s" + - component: Keycloak + url: "{{ .preflightVars.baseURLs.keycloak }}/auth/realms/camunda-platform" + # Camunda. + - component: Identity + url: "{{ .preflightVars.baseURLs.identity }}/actuator/health" + - component: Optimize + url: "{{ .preflightVars.baseURLs.optimize }}/api/readyz" + - component: Operate + url: "{{ .preflightVars.baseURLs.operate }}/actuator/health/liveness" + - component: Tasklist + url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/liveness" + - component: Connectors + url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/liveness" + - component: Zeebe-Gateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/liveness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - name: "WebModeler - {{ .value.component }}" + skip: + - skiptestwebmodeler ShouldBeFalse + type: http + range: + - component: RESTAPI + url: "{{ .preflightVars.baseURLs.webModelerRestapi }}/health/liveness" + - component: WebApp + url: "{{ .preflightVars.baseURLs.webModelerWebapp }}/health/liveness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# TODO: Check seed config like ES indexes. diff --git a/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/variables-default.yaml b/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/variables-default.yaml index bfe3750509..d109d84235 100644 --- a/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/variables-default.yaml +++ b/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/variables-default.yaml @@ -8,9 +8,9 @@ preflightVars: operate: http://integration-operate tasklist: http://integration-tasklist connectors: http://integration-connectors:8080 + zeebeGateway: http://integration-zeebe-gateway:9600 webModelerRestapi: http://integration-web-modeler-restapi:8091 webModelerWebapp: http://integration-web-modeler-webapp:8071 - zeebeGateway: http://integration-zeebe-gateway:9600 coreVars: authURL: "http://integration-keycloak/auth/realms/camunda-platform/protocol/openid-connect/token" @@ -23,7 +23,6 @@ coreVars: tasklist: http://integration-tasklist connectors: http://integration-connectors:8080/inbound webModelerRestapi: http://integration-web-modeler-restapi - zeebeGatewayGRPC: http://integration-zeebe-gateway:9600 - zeebeGatewayREST: http://integration-zeebe-gateway:8080 + zeebeGateway: integration-zeebe-gateway:26500 zbctl: extraArgs: "--insecure" diff --git a/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/variables-ingress-combined.yaml b/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/variables-ingress-combined.yaml index 1746027b84..11efb40924 100644 --- a/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/variables-ingress-combined.yaml +++ b/charts/camunda-platform-8.4/test/integration/testsuites/vars/files/variables-ingress-combined.yaml @@ -8,16 +8,16 @@ preflightVars: operate: http://integration-operate/operate tasklist: http://integration-tasklist/tasklist connectors: http://integration-connectors:8080/connectors + zeebeGateway: http://integration-zeebe-gateway:9600 webModelerRestapi: http://integration-web-modeler-restapi:8091 webModelerWebapp: http://integration-web-modeler-webapp:8071 - zeebeGateway: http://integration-zeebe-gateway:9600/zeebe coreVars: authURL: "https://{{ .TEST_INGRESS_HOST }}/auth/realms/camunda-platform/protocol/openid-connect/token" testNamespace: "{{ .K8S_NAMESPACE }}" baseURLs: console: "https://{{ .TEST_INGRESS_HOST }}" - keycloak: "https://{{ .TEST_INGRESS_HOST }}/auth/" + keycloak: "https://{{ .TEST_INGRESS_HOST }}/auth" identity: "https://{{ .TEST_INGRESS_HOST }}/identity" operate: "https://{{ .TEST_INGRESS_HOST }}/operate" optimize: "https://{{ .TEST_INGRESS_HOST }}/optimize" @@ -25,8 +25,7 @@ coreVars: connectors: "https://{{ .TEST_INGRESS_HOST }}/connectors/inbound" webModeler: "https://{{ .TEST_INGRESS_HOST }}/modeler" webModelerRestapi: http://integration-web-modeler-restapi - zeebeGatewayGRPC: "zeebe-{{ .TEST_INGRESS_HOST }}:443" - zeebeGatewayREST: "https://{{ .TEST_INGRESS_HOST }}/zeebe" + zeebeGateway: "zeebe-{{ .TEST_INGRESS_HOST }}:443" prometheus: "prometheus-operated.kube-prometheus-stack.svc.cluster.local:9090" zbctl: extraArgs: "" diff --git a/charts/camunda-platform-8.4/test/integration/testsuites/vars/kustomization.yaml b/charts/camunda-platform-8.4/test/integration/testsuites/vars/kustomization.yaml index ced36288a4..412b1b9334 100644 --- a/charts/camunda-platform-8.4/test/integration/testsuites/vars/kustomization.yaml +++ b/charts/camunda-platform-8.4/test/integration/testsuites/vars/kustomization.yaml @@ -2,6 +2,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: +# This will be added in the CI. +# - name: venom-tests +# options: +# disableNameSuffixHash: true +# files: +# - files/testsuite-preflight.yaml +# - files/testsuite-core.yaml - name: venom-vars options: disableNameSuffixHash: true diff --git a/charts/camunda-platform-alpha/test/integration/testsuites/vars/files/testsuite-core.yaml b/charts/camunda-platform-alpha/test/integration/testsuites/vars/files/testsuite-core.yaml new file mode 100644 index 0000000000..4884f29911 --- /dev/null +++ b/charts/camunda-platform-alpha/test/integration/testsuites/vars/files/testsuite-core.yaml @@ -0,0 +1,316 @@ +# NOTE: WebModeler has its own step because Venom doesn't support skip in loops yet. +# https://github.com/ovh/venom/issues/651 +name: Test core functionality of Camunda + +# Vars without defaults are passed as a Venom var, e.g. "VENOM_VAR_TEST_CLIENT_SECRET". +vars: + releaseName: integration + venomClientID: '{{ .TEST_CLIENT_ID | default "venom" }}' + venomClientSecret: '{{ .TEST_CLIENT_SECRET }}' + skipTestIngress: '{{ .SKIP_TEST_INGRESS }}' + skipTestWebModeler: '{{ .SKIP_TEST_WEBMODELER }}' + +testcases: + +# https://docs.camunda.io/docs/self-managed/identity/user-guide/generating-m2m-tokens/ +- name: TEST - Generating machine-to-machine token + description: | + Test generating tokens from Keycloak for components that use client type "CONFIDENTIAL". + This test will not work with type "PUBLIC" because "Public client not allowed to retrieve service account". + https://datatracker.ietf.org/doc/html/rfc6749#section-2.1 + steps: + - name: "{{ .value.component }}" + type: http + range: + - component: Tasklist + clientID: tasklist + clientSecret: "{{ .TASKLIST_CLIENT_SECRET }}" + - component: Operate + clientID: operate + clientSecret: "{{ .OPERATE_CLIENT_SECRET }}" + - component: Optimize + clientID: optimize + clientSecret: "{{ .OPTIMIZE_CLIENT_SECRET }}" + - component: Connectors + clientID: connectors + clientSecret: "{{ .CONNECTORS_CLIENT_SECRET }}" + method: POST + url: "{{ .coreVars.authURL }}" + headers: + Content-Type: application/x-www-form-urlencoded + body: |- + client_id={{ .value.clientID }}&client_secret={{ .value.clientSecret }}&grant_type=client_credentials + # info: | + # Component: {{ .value.component }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# Helper to get access token for Venom Identity client which's seeded during Helm deployment. +- name: helperVenomToken + steps: + - name: Get Venom token + type: http + method: POST + url: "{{ .coreVars.authURL }}" + headers: + Content-Type: application/x-www-form-urlencoded + body: "client_id={{ .venomClientID }}&client_secret={{ .venomClientSecret }}&grant_type=client_credentials" + # info: | + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + vars: + jwt: + from: result.bodyjson.access_token + +- name: TEST - Interacting with Camunda login page + steps: + - name: "{{ .value.component }}" + skip: + - skiptestingress ShouldBeFalse + type: http + range: + - component: Console + url: "{{ .coreVars.baseURLs.console }}" + - component: Keycloak + url: "{{ .coreVars.baseURLs.keycloak }}" + - component: Identity + url: "{{ .coreVars.baseURLs.identity }}" + - component: Operate + url: "{{ .coreVars.baseURLs.operate }}" + - component: Optimize + url: "{{ .coreVars.baseURLs.optimize }}" + - component: Tasklist + url: "{{ .coreVars.baseURLs.tasklist }}" + - component: WebModeler + url: "{{ .coreVars.baseURLs.webModeler }}" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 15 + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.body ShouldNotContainSubstring error + +# Connectors Inbound doesn't have the same flow like the rest of the components. +# So it needs different check. +- name: TEST - Interacting with Camunda login page - Connectors + steps: + - name: "Check Inbound Connectors" + skip: + - skiptestingress ShouldBeFalse + type: http + method: GET + url: "{{ .coreVars.baseURLs.connectors }}" + retry: 3 + delay: 15 + info: | + = Request Method: {{ .value.method }} + = Request Body: {{ .result.request.body }} + = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + # - result.bodyjson.items.items0.health.status ShouldEqual UP + +# TODO: Add Optimize. +- name: TEST - Interacting with Camunda web API + steps: + - name: "{{ .value.component }}" + type: http + range: + - component: Console + url: "{{ .coreVars.baseURLs.console }}/api/clusters" + method: GET + body: '' + - component: Identity + url: "{{ .coreVars.baseURLs.identity }}/api/users" + method: GET + body: '' + - component: Operate + docs: https://docs.camunda.io/docs/self-managed/operate-deployment/operate-authentication/ + url: "{{ .coreVars.baseURLs.operate }}/v1/process-definitions/search" + method: POST + body: '{}' + - component: Tasklist + docs: https://docs.camunda.io/docs/self-managed/tasklist-deployment/tasklist-authentication/ + url: "{{ .coreVars.baseURLs.tasklist }}/graphql" + method: POST + body: '{"query": "{tasks(query:{}){id name}}"}' + method: "{{ .value.method }}" + url: "{{ .value.url }}" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: "{{ .value.body }}" + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# Unlike other apps, WebModeler by default expects the JWT token to be acquired from external Keycloak URL. +# Hence, this test is added in the extra tests when Ingress is enabled. +- name: TEST - Interacting with WebModeler + steps: + # TODO: Check why WM 8.3.0 cannot be accessed internally. + # - name: Check WebModeler internal API + # skip: + # - skiptestwebmodeler ShouldBeFalse + # type: http + # method: GET + # url: "{{ .coreVars.baseURLs.webModelerRestapi }}/api/v1/info" + # headers: + # Content-Type: application/json + # Authorization: "Bearer {{ .helperVenomToken.jwt }}" + # # info: | + # # = Request Body: {{ .result.request.body }} + # # = Response Body: {{ .result.body }} + # assertions: + # - result.statuscode ShouldEqual 200 + # - result.bodyjson.version ShouldNotBeEmpty + - name: Check WebModeler login page + skip: + - skiptestingress ShouldBeFalse + - skiptestwebmodeler ShouldBeFalse + type: http + method: GET + url: "{{ .coreVars.baseURLs.webModeler }}" + retry: 3 + delay: 15 + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.body ShouldNotContainSubstring error + +- name: TEST - Interacting with Zeebe Gateway + steps: + - name: Check Zeebe Gateway status - gRPC + type: exec + script: | + zbctl --clientCache=/tmp/zeebe \ + --clientId {{ .venomClientID }} --clientSecret {{ .venomClientSecret }} \ + --authzUrl "{{ .coreVars.authURL }}" --address "{{ .coreVars.baseURLs.zeebeGatewayGRPC }}" \ + {{ .coreVars.zbctl.extraArgs }} \ + status + retry: 2 + delay: 10 + # info: | + # = systemerr: {{ .result.systemerr }} + # = err: {{ .result.err }} + assertions: + - result.code ShouldEqual 0 + - result.systemout ShouldContainSubstring "Leader, Healthy" + - result.systemout ShouldNotContainSubstring Unhealthy + - result.timeseconds ShouldBeLessThan 1 + - name: Check Zeebe Gateway status - REST + type: http + method: GET + url: "{{ .coreVars.baseURLs.zeebeGatewayREST }}/v1/topology" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + retry: 2 + delay: 10 + info: | + = Request Body: {{ .result.request.body }} + = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.bodyjson ShouldContainKey brokers + +- name: TEST - Deploying BPMN process + steps: + - name: Deploy BPMN process to Zeebe - {{ .value.name }} + type: exec + range: + - name: Basic + file: test-process.bpmn + - name: Inbound Connector + file: test-inbound-process.bpmn + script: | + zbctl --clientCache=/tmp/zeebe \ + --clientId {{ .venomClientID }} --clientSecret {{ .venomClientSecret }} \ + --authzUrl "{{ .coreVars.authURL }}" --address "{{ .coreVars.baseURLs.zeebeGatewayGRPC }}" \ + {{ .coreVars.zbctl.extraArgs }} \ + deploy /mnt/fixtures/{{ .value.file }} + # info: | + # = systemerr: {{ .result.systemerr }} + # = err: {{ .result.err }} + assertions: + - result.code ShouldEqual 0 + +- name: TEST - Check deployed BPMN process + steps: + - name: Check deployed BPMN process in Operate - {{ .value.name }} + type: http + range: + - name: Basic + id: it-test-process + - name: Inbound Connector + id: test-inbound-process + method: POST + url: "{{ .coreVars.baseURLs.operate }}/v1/process-definitions/search" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: '{}' + retry: 3 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + # NOTE: JSON keys are lowercased automatically, the original key is "bpmnProcessId". + - result.bodyjson.items.items{{ .index }}.bpmnprocessid ShouldEqual {{ .value.id }} + +- name: TEST - Check Connectors webhook + steps: + - name: Check deployed BPMN webhook + type: http + method: POST + url: "{{ .coreVars.baseURLs.connectors }}/test-mywebhook" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: '{"webhookDataKey":"webhookDataValue"}' + retry: 4 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# - name: TEST - Check ServiceMonitor +# steps: +# - name: Check prometheus could query containers +# type: http +# method: GET +# url: "http://{{ .coreVars.baseURLs.prometheus }}/api/v1/query?query=system_cpu_count%7Bnamespace%3D%22{{ .coreVars.testNamespace }}%22%7D" +# retry: 4 +# delay: 15 +# # info: | +# # = Request Body: {{ .result.request.body }} +# # = Response Body: {{ .result.body }} +# assertions: +# - result.body ShouldContainSubstring connectors +# - result.body ShouldContainSubstring identity +# - result.body ShouldContainSubstring operate +# - result.body ShouldContainSubstring optimize +# - result.body ShouldContainSubstring tasklist +# - result.body ShouldContainSubstring web-modeler-restapi +# - result.body ShouldContainSubstring zeebe +# - result.body ShouldContainSubstring zeebe-gateway diff --git a/charts/camunda-platform-alpha/test/integration/testsuites/vars/files/testsuite-preflight.yaml b/charts/camunda-platform-alpha/test/integration/testsuites/vars/files/testsuite-preflight.yaml new file mode 100644 index 0000000000..fba4d53c84 --- /dev/null +++ b/charts/camunda-platform-alpha/test/integration/testsuites/vars/files/testsuite-preflight.yaml @@ -0,0 +1,114 @@ +# NOTE: WebModeler has its own step because Venom doesn't support skip in loops yet. +# https://github.com/ovh/venom/issues/651 +name: Run preflight checks for Camunda + +# Vars without defaults are passed as a Venom var, e.g. "VENOM_VAR_TEST_CLIENT_SECRET". +vars: + releaseName: integration + skipTestWebModeler: '{{ .SKIP_TEST_WEBMODELER }}' + +testcases: + +- name: TEST - Readiness + steps: + - name: "{{ .value.component }}" + type: http + range: + # Dependencies. + - component: Elasticsearch + url: "{{ .preflightVars.baseURLs.elasticsearch }}/_cluster/health?&timeout=1s" + - component: Keycloak + url: "{{ .preflightVars.baseURLs.keycloak }}/auth/realms/master" + # Camunda. + - component: Identity + url: "{{ .preflightVars.baseURLs.identity }}/actuator/health" + - component: Optimize + url: "{{ .preflightVars.baseURLs.optimize }}/api/readyz" + - component: Operate + url: "{{ .preflightVars.baseURLs.operate }}/actuator/health/readiness" + - component: Tasklist + url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/readiness" + - component: Connectors + url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/readiness" + - component: ZeebeGateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/readiness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - name: "WebModeler - {{ .value.component }}" + skip: + - skiptestwebmodeler ShouldBeFalse + type: http + range: + - component: RESTAPI + url: "{{ .preflightVars.baseURLs.webModelerRestapi }}/health/readiness" + - component: WebApp + url: "{{ .preflightVars.baseURLs.webModelerWebapp }}/health/readiness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +- name: TEST - Liveness + steps: + - name: "{{ .value.component }}" + type: http + range: + # Dependencies. + - component: Elasticsearch + url: "{{ .preflightVars.baseURLs.elasticsearch }}/_cluster/health?wait_for_status=green&timeout=1s" + - component: Keycloak + url: "{{ .preflightVars.baseURLs.keycloak }}/auth/realms/camunda-platform" + # Camunda. + - component: Identity + url: "{{ .preflightVars.baseURLs.identity }}/actuator/health" + - component: Optimize + url: "{{ .preflightVars.baseURLs.optimize }}/api/readyz" + - component: Operate + url: "{{ .preflightVars.baseURLs.operate }}/actuator/health/liveness" + - component: Tasklist + url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/liveness" + - component: Connectors + url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/liveness" + - component: ZeebeGateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/liveness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - name: "WebModeler - {{ .value.component }}" + skip: + - skiptestwebmodeler ShouldBeFalse + type: http + range: + - component: RESTAPI + url: "{{ .preflightVars.baseURLs.webModelerRestapi }}/health/liveness" + - component: WebApp + url: "{{ .preflightVars.baseURLs.webModelerWebapp }}/health/liveness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# TODO: Check seed config like ES indexes. diff --git a/charts/camunda-platform-alpha/test/integration/testsuites/vars/kustomization.yaml b/charts/camunda-platform-alpha/test/integration/testsuites/vars/kustomization.yaml index ced36288a4..412b1b9334 100644 --- a/charts/camunda-platform-alpha/test/integration/testsuites/vars/kustomization.yaml +++ b/charts/camunda-platform-alpha/test/integration/testsuites/vars/kustomization.yaml @@ -2,6 +2,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: +# This will be added in the CI. +# - name: venom-tests +# options: +# disableNameSuffixHash: true +# files: +# - files/testsuite-preflight.yaml +# - files/testsuite-core.yaml - name: venom-vars options: disableNameSuffixHash: true diff --git a/charts/camunda-platform-latest/test/integration/testsuites/vars/files/testsuite-core.yaml b/charts/camunda-platform-latest/test/integration/testsuites/vars/files/testsuite-core.yaml new file mode 100644 index 0000000000..4884f29911 --- /dev/null +++ b/charts/camunda-platform-latest/test/integration/testsuites/vars/files/testsuite-core.yaml @@ -0,0 +1,316 @@ +# NOTE: WebModeler has its own step because Venom doesn't support skip in loops yet. +# https://github.com/ovh/venom/issues/651 +name: Test core functionality of Camunda + +# Vars without defaults are passed as a Venom var, e.g. "VENOM_VAR_TEST_CLIENT_SECRET". +vars: + releaseName: integration + venomClientID: '{{ .TEST_CLIENT_ID | default "venom" }}' + venomClientSecret: '{{ .TEST_CLIENT_SECRET }}' + skipTestIngress: '{{ .SKIP_TEST_INGRESS }}' + skipTestWebModeler: '{{ .SKIP_TEST_WEBMODELER }}' + +testcases: + +# https://docs.camunda.io/docs/self-managed/identity/user-guide/generating-m2m-tokens/ +- name: TEST - Generating machine-to-machine token + description: | + Test generating tokens from Keycloak for components that use client type "CONFIDENTIAL". + This test will not work with type "PUBLIC" because "Public client not allowed to retrieve service account". + https://datatracker.ietf.org/doc/html/rfc6749#section-2.1 + steps: + - name: "{{ .value.component }}" + type: http + range: + - component: Tasklist + clientID: tasklist + clientSecret: "{{ .TASKLIST_CLIENT_SECRET }}" + - component: Operate + clientID: operate + clientSecret: "{{ .OPERATE_CLIENT_SECRET }}" + - component: Optimize + clientID: optimize + clientSecret: "{{ .OPTIMIZE_CLIENT_SECRET }}" + - component: Connectors + clientID: connectors + clientSecret: "{{ .CONNECTORS_CLIENT_SECRET }}" + method: POST + url: "{{ .coreVars.authURL }}" + headers: + Content-Type: application/x-www-form-urlencoded + body: |- + client_id={{ .value.clientID }}&client_secret={{ .value.clientSecret }}&grant_type=client_credentials + # info: | + # Component: {{ .value.component }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# Helper to get access token for Venom Identity client which's seeded during Helm deployment. +- name: helperVenomToken + steps: + - name: Get Venom token + type: http + method: POST + url: "{{ .coreVars.authURL }}" + headers: + Content-Type: application/x-www-form-urlencoded + body: "client_id={{ .venomClientID }}&client_secret={{ .venomClientSecret }}&grant_type=client_credentials" + # info: | + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + vars: + jwt: + from: result.bodyjson.access_token + +- name: TEST - Interacting with Camunda login page + steps: + - name: "{{ .value.component }}" + skip: + - skiptestingress ShouldBeFalse + type: http + range: + - component: Console + url: "{{ .coreVars.baseURLs.console }}" + - component: Keycloak + url: "{{ .coreVars.baseURLs.keycloak }}" + - component: Identity + url: "{{ .coreVars.baseURLs.identity }}" + - component: Operate + url: "{{ .coreVars.baseURLs.operate }}" + - component: Optimize + url: "{{ .coreVars.baseURLs.optimize }}" + - component: Tasklist + url: "{{ .coreVars.baseURLs.tasklist }}" + - component: WebModeler + url: "{{ .coreVars.baseURLs.webModeler }}" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 15 + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.body ShouldNotContainSubstring error + +# Connectors Inbound doesn't have the same flow like the rest of the components. +# So it needs different check. +- name: TEST - Interacting with Camunda login page - Connectors + steps: + - name: "Check Inbound Connectors" + skip: + - skiptestingress ShouldBeFalse + type: http + method: GET + url: "{{ .coreVars.baseURLs.connectors }}" + retry: 3 + delay: 15 + info: | + = Request Method: {{ .value.method }} + = Request Body: {{ .result.request.body }} + = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + # - result.bodyjson.items.items0.health.status ShouldEqual UP + +# TODO: Add Optimize. +- name: TEST - Interacting with Camunda web API + steps: + - name: "{{ .value.component }}" + type: http + range: + - component: Console + url: "{{ .coreVars.baseURLs.console }}/api/clusters" + method: GET + body: '' + - component: Identity + url: "{{ .coreVars.baseURLs.identity }}/api/users" + method: GET + body: '' + - component: Operate + docs: https://docs.camunda.io/docs/self-managed/operate-deployment/operate-authentication/ + url: "{{ .coreVars.baseURLs.operate }}/v1/process-definitions/search" + method: POST + body: '{}' + - component: Tasklist + docs: https://docs.camunda.io/docs/self-managed/tasklist-deployment/tasklist-authentication/ + url: "{{ .coreVars.baseURLs.tasklist }}/graphql" + method: POST + body: '{"query": "{tasks(query:{}){id name}}"}' + method: "{{ .value.method }}" + url: "{{ .value.url }}" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: "{{ .value.body }}" + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# Unlike other apps, WebModeler by default expects the JWT token to be acquired from external Keycloak URL. +# Hence, this test is added in the extra tests when Ingress is enabled. +- name: TEST - Interacting with WebModeler + steps: + # TODO: Check why WM 8.3.0 cannot be accessed internally. + # - name: Check WebModeler internal API + # skip: + # - skiptestwebmodeler ShouldBeFalse + # type: http + # method: GET + # url: "{{ .coreVars.baseURLs.webModelerRestapi }}/api/v1/info" + # headers: + # Content-Type: application/json + # Authorization: "Bearer {{ .helperVenomToken.jwt }}" + # # info: | + # # = Request Body: {{ .result.request.body }} + # # = Response Body: {{ .result.body }} + # assertions: + # - result.statuscode ShouldEqual 200 + # - result.bodyjson.version ShouldNotBeEmpty + - name: Check WebModeler login page + skip: + - skiptestingress ShouldBeFalse + - skiptestwebmodeler ShouldBeFalse + type: http + method: GET + url: "{{ .coreVars.baseURLs.webModeler }}" + retry: 3 + delay: 15 + # info: | + # Component: {{ .value.component }} + # = Request Method: {{ .value.method }} + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.body ShouldNotContainSubstring error + +- name: TEST - Interacting with Zeebe Gateway + steps: + - name: Check Zeebe Gateway status - gRPC + type: exec + script: | + zbctl --clientCache=/tmp/zeebe \ + --clientId {{ .venomClientID }} --clientSecret {{ .venomClientSecret }} \ + --authzUrl "{{ .coreVars.authURL }}" --address "{{ .coreVars.baseURLs.zeebeGatewayGRPC }}" \ + {{ .coreVars.zbctl.extraArgs }} \ + status + retry: 2 + delay: 10 + # info: | + # = systemerr: {{ .result.systemerr }} + # = err: {{ .result.err }} + assertions: + - result.code ShouldEqual 0 + - result.systemout ShouldContainSubstring "Leader, Healthy" + - result.systemout ShouldNotContainSubstring Unhealthy + - result.timeseconds ShouldBeLessThan 1 + - name: Check Zeebe Gateway status - REST + type: http + method: GET + url: "{{ .coreVars.baseURLs.zeebeGatewayREST }}/v1/topology" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + retry: 2 + delay: 10 + info: | + = Request Body: {{ .result.request.body }} + = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - result.bodyjson ShouldContainKey brokers + +- name: TEST - Deploying BPMN process + steps: + - name: Deploy BPMN process to Zeebe - {{ .value.name }} + type: exec + range: + - name: Basic + file: test-process.bpmn + - name: Inbound Connector + file: test-inbound-process.bpmn + script: | + zbctl --clientCache=/tmp/zeebe \ + --clientId {{ .venomClientID }} --clientSecret {{ .venomClientSecret }} \ + --authzUrl "{{ .coreVars.authURL }}" --address "{{ .coreVars.baseURLs.zeebeGatewayGRPC }}" \ + {{ .coreVars.zbctl.extraArgs }} \ + deploy /mnt/fixtures/{{ .value.file }} + # info: | + # = systemerr: {{ .result.systemerr }} + # = err: {{ .result.err }} + assertions: + - result.code ShouldEqual 0 + +- name: TEST - Check deployed BPMN process + steps: + - name: Check deployed BPMN process in Operate - {{ .value.name }} + type: http + range: + - name: Basic + id: it-test-process + - name: Inbound Connector + id: test-inbound-process + method: POST + url: "{{ .coreVars.baseURLs.operate }}/v1/process-definitions/search" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: '{}' + retry: 3 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + # NOTE: JSON keys are lowercased automatically, the original key is "bpmnProcessId". + - result.bodyjson.items.items{{ .index }}.bpmnprocessid ShouldEqual {{ .value.id }} + +- name: TEST - Check Connectors webhook + steps: + - name: Check deployed BPMN webhook + type: http + method: POST + url: "{{ .coreVars.baseURLs.connectors }}/test-mywebhook" + headers: + Content-Type: application/json + Authorization: "Bearer {{ .helperVenomToken.jwt }}" + body: '{"webhookDataKey":"webhookDataValue"}' + retry: 4 + delay: 15 + # info: | + # = Request Body: {{ .result.request.body }} + # = Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# - name: TEST - Check ServiceMonitor +# steps: +# - name: Check prometheus could query containers +# type: http +# method: GET +# url: "http://{{ .coreVars.baseURLs.prometheus }}/api/v1/query?query=system_cpu_count%7Bnamespace%3D%22{{ .coreVars.testNamespace }}%22%7D" +# retry: 4 +# delay: 15 +# # info: | +# # = Request Body: {{ .result.request.body }} +# # = Response Body: {{ .result.body }} +# assertions: +# - result.body ShouldContainSubstring connectors +# - result.body ShouldContainSubstring identity +# - result.body ShouldContainSubstring operate +# - result.body ShouldContainSubstring optimize +# - result.body ShouldContainSubstring tasklist +# - result.body ShouldContainSubstring web-modeler-restapi +# - result.body ShouldContainSubstring zeebe +# - result.body ShouldContainSubstring zeebe-gateway diff --git a/charts/camunda-platform-latest/test/integration/testsuites/vars/files/testsuite-preflight.yaml b/charts/camunda-platform-latest/test/integration/testsuites/vars/files/testsuite-preflight.yaml new file mode 100644 index 0000000000..fba4d53c84 --- /dev/null +++ b/charts/camunda-platform-latest/test/integration/testsuites/vars/files/testsuite-preflight.yaml @@ -0,0 +1,114 @@ +# NOTE: WebModeler has its own step because Venom doesn't support skip in loops yet. +# https://github.com/ovh/venom/issues/651 +name: Run preflight checks for Camunda + +# Vars without defaults are passed as a Venom var, e.g. "VENOM_VAR_TEST_CLIENT_SECRET". +vars: + releaseName: integration + skipTestWebModeler: '{{ .SKIP_TEST_WEBMODELER }}' + +testcases: + +- name: TEST - Readiness + steps: + - name: "{{ .value.component }}" + type: http + range: + # Dependencies. + - component: Elasticsearch + url: "{{ .preflightVars.baseURLs.elasticsearch }}/_cluster/health?&timeout=1s" + - component: Keycloak + url: "{{ .preflightVars.baseURLs.keycloak }}/auth/realms/master" + # Camunda. + - component: Identity + url: "{{ .preflightVars.baseURLs.identity }}/actuator/health" + - component: Optimize + url: "{{ .preflightVars.baseURLs.optimize }}/api/readyz" + - component: Operate + url: "{{ .preflightVars.baseURLs.operate }}/actuator/health/readiness" + - component: Tasklist + url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/readiness" + - component: Connectors + url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/readiness" + - component: ZeebeGateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/readiness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - name: "WebModeler - {{ .value.component }}" + skip: + - skiptestwebmodeler ShouldBeFalse + type: http + range: + - component: RESTAPI + url: "{{ .preflightVars.baseURLs.webModelerRestapi }}/health/readiness" + - component: WebApp + url: "{{ .preflightVars.baseURLs.webModelerWebapp }}/health/readiness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +- name: TEST - Liveness + steps: + - name: "{{ .value.component }}" + type: http + range: + # Dependencies. + - component: Elasticsearch + url: "{{ .preflightVars.baseURLs.elasticsearch }}/_cluster/health?wait_for_status=green&timeout=1s" + - component: Keycloak + url: "{{ .preflightVars.baseURLs.keycloak }}/auth/realms/camunda-platform" + # Camunda. + - component: Identity + url: "{{ .preflightVars.baseURLs.identity }}/actuator/health" + - component: Optimize + url: "{{ .preflightVars.baseURLs.optimize }}/api/readyz" + - component: Operate + url: "{{ .preflightVars.baseURLs.operate }}/actuator/health/liveness" + - component: Tasklist + url: "{{ .preflightVars.baseURLs.tasklist }}/actuator/health/liveness" + - component: Connectors + url: "{{ .preflightVars.baseURLs.connectors }}/actuator/health/liveness" + - component: ZeebeGateway + url: "{{ .preflightVars.baseURLs.zeebeGateway }}/actuator/health/liveness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + - name: "WebModeler - {{ .value.component }}" + skip: + - skiptestwebmodeler ShouldBeFalse + type: http + range: + - component: RESTAPI + url: "{{ .preflightVars.baseURLs.webModelerRestapi }}/health/liveness" + - component: WebApp + url: "{{ .preflightVars.baseURLs.webModelerWebapp }}/health/liveness" + method: GET + url: "{{ .value.url }}" + retry: 3 + delay: 10 + # info: | + # {{ .value.component }} URL: {{ .value.url }} + # Response Body: {{ .result.body }} + assertions: + - result.statuscode ShouldEqual 200 + +# TODO: Check seed config like ES indexes. diff --git a/charts/camunda-platform-latest/test/integration/testsuites/vars/kustomization.yaml b/charts/camunda-platform-latest/test/integration/testsuites/vars/kustomization.yaml index ced36288a4..412b1b9334 100644 --- a/charts/camunda-platform-latest/test/integration/testsuites/vars/kustomization.yaml +++ b/charts/camunda-platform-latest/test/integration/testsuites/vars/kustomization.yaml @@ -2,6 +2,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization configMapGenerator: +# This will be added in the CI. +# - name: venom-tests +# options: +# disableNameSuffixHash: true +# files: +# - files/testsuite-preflight.yaml +# - files/testsuite-core.yaml - name: venom-vars options: disableNameSuffixHash: true diff --git a/test/integration/scenarios/chart-full-setup/Taskfile.yaml b/test/integration/scenarios/chart-full-setup/Taskfile.yaml index 9e9c8c7c2e..30b4bbe62e 100644 --- a/test/integration/scenarios/chart-full-setup/Taskfile.yaml +++ b/test/integration/scenarios/chart-full-setup/Taskfile.yaml @@ -73,6 +73,7 @@ tasks: --values {{ .TEST_VALUES_BASE_DIR }}/common/values-integration-test.yaml --values {{ .TEST_VALUES_BASE_DIR }}/chart-full-setup/values-integration-test-ingress.yaml --timeout 20m0s + --wait {{ .TEST_HELM_EXTRA_ARGS }} setup.post: diff --git a/test/integration/scenarios/lib/chart-upgrade-taskfile.yaml b/test/integration/scenarios/lib/chart-upgrade-taskfile.yaml index 1d0c5623bd..c18e48dd0b 100644 --- a/test/integration/scenarios/lib/chart-upgrade-taskfile.yaml +++ b/test/integration/scenarios/lib/chart-upgrade-taskfile.yaml @@ -47,4 +47,4 @@ tasks: --set identityKeycloak.postgresql.auth.password=$KEYCLOAK_POSTGRESQL_SECRET \ --set identityPostgresql.auth.password=dummy \ --timeout 20m0s \ - {{ .TEST_HELM_EXTRA_ARGS }} + --wait {{ .TEST_HELM_EXTRA_ARGS }}