Eventing TLS: Test ApiServerSource with eventshub TLS receiver as sink

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
knative · May 18, 2023 · b656232 · b656232
1 parent 4b9fdef
commit b656232
Show file tree

Hide file tree

Showing 7 changed files with 103 additions and 45 deletions.
diff --git a/test/rekt/apiserversource_test.go b/test/rekt/apiserversource_test.go
@@ -24,13 +24,15 @@ import (
 	"time"
 
 	"knative.dev/pkg/system"
+	"knative.dev/reconciler-test/pkg/eventshub"
 	"knative.dev/reconciler-test/pkg/k8s"
 	"knative.dev/reconciler-test/pkg/knative"
 
-	apiserversourcefeatures "knative.dev/eventing/test/rekt/features/apiserversource"
 	_ "knative.dev/pkg/system/testing"
 	"knative.dev/reconciler-test/pkg/environment"
 	"knative.dev/reconciler-test/pkg/feature"
+
+	apiserversourcefeatures "knative.dev/eventing/test/rekt/features/apiserversource"
 )
 
 // TestApiServerSourceValidationWebhookConfigurationOnCreate tests if the webhook
@@ -74,6 +76,7 @@ func TestApiServerSourceDataPlane_SinkTypes(t *testing.T) {
 		k8s.WithEventListener,
 		environment.Managed(t),
 		environment.WithPollTimings(5*time.Second, 2*time.Minute),
+		eventshub.WithTLS(t),
 	)
 
 	env.TestSet(ctx, t, apiserversourcefeatures.DataPlane_SinkTypes())

diff --git a/test/rekt/features/apiserversource/data_plane.go b/test/rekt/features/apiserversource/data_plane.go
@@ -21,6 +21,7 @@ import (
 	"fmt"
 
 	"github.com/cloudevents/sdk-go/v2/test"
+	duckv1 "knative.dev/pkg/apis/duck/v1"
 
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -32,6 +33,8 @@ import (
 	"knative.dev/reconciler-test/pkg/manifest"
 	"knative.dev/reconciler-test/pkg/resources/service"
 
+	"knative.dev/reconciler-test/pkg/resources/pod"
+
 	"knative.dev/eventing/pkg/apis/sources"
 	v1 "knative.dev/eventing/pkg/apis/sources/v1"
 	"knative.dev/eventing/test/rekt/resources/account_role"
@@ -41,7 +44,6 @@ import (
 	"knative.dev/eventing/test/rekt/resources/namespace"
 	"knative.dev/eventing/test/rekt/resources/pingsource"
 	"knative.dev/eventing/test/rekt/resources/trigger"
-	"knative.dev/reconciler-test/pkg/resources/pod"
 )
 
 const (
@@ -55,6 +57,7 @@ func DataPlane_SinkTypes() *feature.FeatureSet {
 			SendsEventsWithSinkRef(),
 			SendsEventsWithSinkUri(),
 			SendsEventsWithEventTypes(),
+			SendsEventsWithTLS(),
 
 			// TODO: things to test:
 			// - check if we actually receive add, update and delete events
@@ -110,7 +113,7 @@ func SendsEventsWithSinkRef() *feature.Feature {
 	cfg := []manifest.CfgFn{
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode(v1.ResourceMode),
-		apiserversource.WithSink(service.AsKReference(sink), ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion: "v1",
 			Kind:       "Event",
@@ -147,7 +150,7 @@ func SendsEventsWithSinkUri() *feature.Feature {
 		cfg := []manifest.CfgFn{
 			apiserversource.WithServiceAccountName(sacmName),
 			apiserversource.WithEventMode(v1.ResourceMode),
-			apiserversource.WithSink(nil, sinkuri.String()),
+			apiserversource.WithSink(&duckv1.Destination{URI: sinkuri}),
 			apiserversource.WithResources(v1.APIVersionKindSelector{
 				APIVersion: "v1",
 				Kind:       "Event",
@@ -165,6 +168,47 @@ func SendsEventsWithSinkUri() *feature.Feature {
 	return f
 }
 
+func SendsEventsWithTLS() *feature.Feature {
+	source := feature.MakeRandomK8sName("apiserversource")
+	sink := feature.MakeRandomK8sName("sink")
+
+	f := feature.NewFeatureNamed("Send events to TLS sink")
+
+	f.Setup("install sink", eventshub.Install(sink, eventshub.StartReceiverTLS))
+
+	sacmName := feature.MakeRandomK8sName("apiserversource")
+	f.Requirement("Create Service Account for ApiServerSource with RBAC for v1.Event resources",
+		setupAccountAndRoleForPods(sacmName))
+
+	cfg := []manifest.CfgFn{
+		apiserversource.WithServiceAccountName(sacmName),
+		apiserversource.WithEventMode(v1.ResourceMode),
+		apiserversource.WithResources(v1.APIVersionKindSelector{
+			APIVersion: "v1",
+			Kind:       "Event",
+		}),
+	}
+
+	f.Requirement("install ApiServerSource", func(ctx context.Context, t feature.T) {
+		d := service.AsDestinationRef(sink)
+		d.CACerts = eventshub.GetCaCerts(ctx)
+
+		cfg = append(cfg, apiserversource.WithSink(d))
+		apiserversource.Install(source, cfg...)(ctx, t)
+	})
+	f.Requirement("ApiServerSource goes ready", apiserversource.IsReady(source))
+
+	f.Stable("ApiServerSource as event source").
+		Must("delivers events on sink with ref",
+			eventasssert.OnStore(sink).
+				Match(eventasssert.MatchKind(eventshub.EventReceived)).
+				MatchEvent(test.HasType("dev.knative.apiserver.resource.update")).
+				AtLeast(1),
+		)
+
+	return f
+}
+
 // SendsEventsWithEventTypes tests apiserversource to a ready broker.
 func SendsEventsWithEventTypes() *feature.Feature {
 	source := feature.MakeRandomK8sName("source")
@@ -194,7 +238,7 @@ func SendsEventsWithEventTypes() *feature.Feature {
 		cfg := []manifest.CfgFn{
 			apiserversource.WithServiceAccountName(sacmName),
 			apiserversource.WithEventMode(v1.ResourceMode),
-			apiserversource.WithSink(nil, brokeruri.String()),
+			apiserversource.WithSink(&duckv1.Destination{URI: brokeruri}),
 			apiserversource.WithResources(v1.APIVersionKindSelector{
 				APIVersion: "v1",
 				Kind:       "Event",
@@ -229,7 +273,7 @@ func SendsEventsWithObjectReferencePayload() *feature.Feature {
 	cfg := []manifest.CfgFn{
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode(v1.ReferenceMode),
-		apiserversource.WithSink(service.AsKReference(sink), ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion: "v1",
 			Kind:       "Pod",
@@ -272,7 +316,7 @@ func SendsEventsWithResourceEventPayload() *feature.Feature {
 	cfg := []manifest.CfgFn{
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode(v1.ResourceMode),
-		apiserversource.WithSink(service.AsKReference(sink), ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion: "v1",
 			Kind:       "Pod",
@@ -315,7 +359,7 @@ func SendsEventsForAllResources() *feature.Feature {
 	cfg := []manifest.CfgFn{
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode("Reference"),
-		apiserversource.WithSink(service.AsKReference(sink), ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion: "v1",
 			Kind:       "Pod",
@@ -368,7 +412,7 @@ func SendsEventsForAllResourcesWithNamespaceSelector() *feature.Feature {
 	cfg := []manifest.CfgFn{
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode("Reference"),
-		apiserversource.WithSink(service.AsKReference(sink), ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion: "v1",
 			Kind:       "Pod",
@@ -441,7 +485,7 @@ func SendsEventsForAllResourcesWithEmptyNamespaceSelector() *feature.Feature {
 	cfg := []manifest.CfgFn{
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode("Reference"),
-		apiserversource.WithSink(service.AsKReference(sink), ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion: "sources.knative.dev/v1",
 			Kind:       "PingSource",
@@ -499,7 +543,7 @@ func SendsEventsForLabelMatchingResources() *feature.Feature {
 	cfg := []manifest.CfgFn{
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode("Reference"),
-		apiserversource.WithSink(service.AsKReference(sink), ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion:    "v1",
 			Kind:          "Pod",
@@ -593,7 +637,7 @@ func SendEventsForLabelExpressionMatchingResources() *feature.Feature {
 	cfg := []manifest.CfgFn{
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode("Reference"),
-		apiserversource.WithSink(service.AsKReference(sink), ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion:    "v1",
 			Kind:          "Pod",
@@ -682,7 +726,7 @@ func SendsEventsWithRetries() *feature.Feature {
 		cfg := []manifest.CfgFn{
 			apiserversource.WithServiceAccountName(sacmName),
 			apiserversource.WithEventMode(v1.ReferenceMode),
-			apiserversource.WithSink(nil, sinkuri.String()),
+			apiserversource.WithSink(&duckv1.Destination{URI: sinkuri}),
 			apiserversource.WithResources(v1.APIVersionKindSelector{
 				APIVersion:    "v1",
 				Kind:          "Pod",

diff --git a/test/rekt/features/apiserversource/readiness.go b/test/rekt/features/apiserversource/readiness.go
@@ -18,13 +18,13 @@ package apiserversource
 
 import (
 	rbacv1 "k8s.io/api/rbac/v1"
-	v1 "knative.dev/eventing/pkg/apis/sources/v1"
-	"knative.dev/eventing/test/rekt/resources/account_role"
-	"knative.dev/eventing/test/rekt/resources/apiserversource"
-	duckv1 "knative.dev/pkg/apis/duck/v1"
 	"knative.dev/reconciler-test/pkg/feature"
 	"knative.dev/reconciler-test/pkg/manifest"
 	"knative.dev/reconciler-test/pkg/resources/service"
+
+	v1 "knative.dev/eventing/pkg/apis/sources/v1"
+	"knative.dev/eventing/test/rekt/resources/account_role"
+	"knative.dev/eventing/test/rekt/resources/apiserversource"
 )
 
 // GoesReady returns a feature testing if an ApiServerSource becomes ready.
@@ -60,11 +60,7 @@ func Install(name string, cfg ...manifest.CfgFn) *feature.Feature {
 	cfg = append(cfg,
 		apiserversource.WithServiceAccountName(sacmName),
 		apiserversource.WithEventMode(v1.ResourceMode),
-		apiserversource.WithSink(&duckv1.KReference{
-			Kind:       "Service",
-			Name:       sink,
-			APIVersion: "v1",
-		}, ""),
+		apiserversource.WithSink(service.AsDestinationRef(sink)),
 		apiserversource.WithResources(v1.APIVersionKindSelector{
 			APIVersion: "v1",
 			Kind:       "Event",

diff --git a/test/rekt/features/apiserversource/webhook_validation_smoke.go b/test/rekt/features/apiserversource/webhook_validation_smoke.go
@@ -20,12 +20,13 @@ import (
 	"context"
 
 	"github.com/stretchr/testify/assert"
+	"knative.dev/reconciler-test/pkg/resources/service"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"knative.dev/reconciler-test/pkg/feature"
+
 	v1 "knative.dev/eventing/pkg/apis/sources/v1"
 	"knative.dev/eventing/test/rekt/resources/apiserversource"
-	duckv1 "knative.dev/pkg/apis/duck/v1"
-	"knative.dev/reconciler-test/pkg/feature"
 )
 
 func CreateWithInvalidSpec() *feature.Feature {
@@ -53,11 +54,7 @@ func UpdateWithInvalidSpec(name string) *feature.Feature {
 func createApiServerSourceWithInvalidSpec(name string) func(ctx context.Context, t feature.T) {
 	return func(ctx context.Context, t feature.T) {
 		_, err := apiserversource.InstallLocalYaml(ctx, name,
-			apiserversource.WithSink(&duckv1.KReference{
-				Kind:       "Service",
-				Name:       "foo-svc",
-				APIVersion: "v1",
-			}, ""),
+			apiserversource.WithSink(service.AsDestinationRef("foo-svc")),
 			apiserversource.WithResources(v1.APIVersionKindSelector{
 				APIVersion: "v1",
 				Kind:       "Event",

diff --git a/test/rekt/resources/apiserversource/apiserversource.go b/test/rekt/resources/apiserversource/apiserversource.go
@@ -24,10 +24,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	v1 "knative.dev/eventing/pkg/apis/sources/v1"
 	"knative.dev/reconciler-test/pkg/feature"
 	"knative.dev/reconciler-test/pkg/k8s"
 
+	v1 "knative.dev/eventing/pkg/apis/sources/v1"
+
 	duckv1 "knative.dev/pkg/apis/duck/v1"
 	"knative.dev/reconciler-test/pkg/manifest"
 )
@@ -79,15 +80,22 @@ func WithEventMode(eventMode string) manifest.CfgFn {
 }
 
 // WithSink adds the sink related config to a ApiServerSource spec.
-func WithSink(ref *duckv1.KReference, uri string) manifest.CfgFn {
+func WithSink(d *duckv1.Destination) manifest.CfgFn {
 	return func(cfg map[string]interface{}) {
 		if _, set := cfg["sink"]; !set {
 			cfg["sink"] = map[string]interface{}{}
 		}
 		sink := cfg["sink"].(map[string]interface{})
 
-		if uri != "" {
-			sink["uri"] = uri
+		ref := d.Ref
+		uri := d.URI
+
+		if d.CACerts != nil {
+			sink["CACerts"] = *d.CACerts
+		}
+
+		if uri != nil {
+			sink["uri"] = uri.String()
 		}
 		if ref != nil {
 			if _, set := sink["ref"]; !set {

diff --git a/test/rekt/resources/apiserversource/apiserversource.yaml b/test/rekt/resources/apiserversource/apiserversource.yaml
@@ -76,6 +76,9 @@ spec:
       name: {{ .sink.ref.name }}
       apiVersion: {{ .sink.ref.apiVersion }}
     {{ end }}
+    {{ if .sink.CACerts }}
+    CACerts: "{{ .sink.CACerts }}"
+    {{ end }}
     {{ if .sink.uri }}
     uri: {{ .sink.uri }}
     {{ end }}

diff --git a/test/rekt/resources/apiserversource/apiserversource_test.go b/test/rekt/resources/apiserversource/apiserversource_test.go
@@ -21,6 +21,7 @@ import (
 	"os"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"knative.dev/pkg/apis"
 	testlog "knative.dev/reconciler-test/pkg/logging"
 
 	v1 "knative.dev/eventing/pkg/apis/sources/v1"
@@ -120,13 +121,16 @@ func Example_withSink() {
 		"namespace": "bar",
 	}
 
-	sinkRef := &duckv1.KReference{
-		Kind:       "sinkkind",
-		Namespace:  "sinknamespace",
-		Name:       "sinkname",
-		APIVersion: "sinkversion",
+	sinkRef := &duckv1.Destination{
+		Ref: &duckv1.KReference{
+			Kind:       "sinkkind",
+			Namespace:  "sinknamespace",
+			Name:       "sinkname",
+			APIVersion: "sinkversion",
+		},
+		URI: &apis.URL{Path: "uri/parts"},
 	}
-	apiserversource.WithSink(sinkRef, "uri/parts")(cfg)
+	apiserversource.WithSink(sinkRef)(cfg)
 
 	files, err := manifest.ExecuteYAML(ctx, yaml, images, cfg)
 	if err != nil {
@@ -302,11 +306,14 @@ func Example_full() {
 		"namespace": "bar",
 	}
 
-	sinkRef := &duckv1.KReference{
-		Kind:       "sinkkind",
-		Namespace:  "sinknamespace",
-		Name:       "sinkname",
-		APIVersion: "sinkversion",
+	sinkRef := &duckv1.Destination{
+		Ref: &duckv1.KReference{
+			Kind:       "sinkkind",
+			Namespace:  "sinknamespace",
+			Name:       "sinkname",
+			APIVersion: "sinkversion",
+		},
+		URI: &apis.URL{Path: "uri/parts"},
 	}
 
 	res1 := v1.APIVersionKindSelector{
@@ -339,7 +346,7 @@ func Example_full() {
 
 	apiserversource.WithServiceAccountName("src-sa")(cfg)
 	apiserversource.WithEventMode(v1.ReferenceMode)(cfg)
-	apiserversource.WithSink(sinkRef, "uri/parts")(cfg)
+	apiserversource.WithSink(sinkRef)(cfg)
 	apiserversource.WithResources(res1, res2, res3)(cfg)
 
 	files, err := manifest.ExecuteYAML(ctx, yaml, images, cfg)