OSSM-8078 Automate Test Expose Grpc With Https Gateway (#745)

OSSM-8078 Automate Test Expose Grpc With Https Gateway

images.yaml

@@ -117,3 +117,9 @@ busybox:
   z: quay.io/maistra/busybox:1.28
   arm64: quay.io/maistra/busybox:1.28
 
+grpcurl:
+  x86: quay.io/maistra/grpcurl:latest
+  p: quay.io/maistra/grpcurl:latest
+  z: quay.io/maistra/grpcurl:latest
+  arm64: quay.io/maistra/grpcurl:latest
+

pkg/app/grpcurl.go

@@ -0,0 +1,83 @@
+// Copyright 2024 Red Hat, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package app
+
+import (
+	"github.com/maistra/maistra-test-tool/pkg/util/oc"
+	"github.com/maistra/maistra-test-tool/pkg/util/test"
+)
+
+type grpcurl struct {
+	ns string
+}
+
+var _ App = &grpcurl{}
+
+func GrpCurl(ns string) App {
+
+	return &grpcurl{
+		ns: ns,
+	}
+}
+
+func (a *grpcurl) Name() string {
+	return "grpcurl"
+}
+
+func (a *grpcurl) Namespace() string {
+	return a.ns
+}
+
+func (a *grpcurl) Install(t test.TestHelper) {
+	t.T().Helper()
+	oc.ApplyTemplate(t, a.ns, grpcCurlTemplate, nil)
+}
+
+func (a *grpcurl) Uninstall(t test.TestHelper) {
+	t.T().Helper()
+	oc.DeleteFromTemplate(t, a.ns, grpcCurlTemplate, nil)
+}
+
+func (a *grpcurl) WaitReady(t test.TestHelper) {
+	t.T().Helper()
+	oc.WaitDeploymentRolloutComplete(t, a.ns, "grpcurl")
+}
+
+const grpcCurlTemplate = `
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: grpcurl
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: grpcurl
+        version: v1
+    spec:
+      containers:
+      - name: grpcurl
+        image: {{ image "grpcurl" }}
+        imagePullPolicy: IfNotPresent
+        command: ["sh", "-c"]
+        args: 
+        - |
+          echo "Empty command for grpc service to be ready"
+          grpcurl -insecure -authority grpc.example.com istio-ingressgateway.istio-system:443 list
+        ports:
+        - containerPort: 443
+      restartPolicy: Never
+`

pkg/tests/tasks/traffic/ingress/grpc_https_gateway_test.go

@@ -0,0 +1,84 @@
+// Copyright 2024 Red Hat, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ingress
+
+import (
+	_ "embed"
+	"testing"
+
+	"github.com/maistra/maistra-test-tool/pkg/app"
+	"github.com/maistra/maistra-test-tool/pkg/tests/ossm"
+	"github.com/maistra/maistra-test-tool/pkg/util/check/assert"
+	"github.com/maistra/maistra-test-tool/pkg/util/env"
+	"github.com/maistra/maistra-test-tool/pkg/util/ns"
+	"github.com/maistra/maistra-test-tool/pkg/util/oc"
+	"github.com/maistra/maistra-test-tool/pkg/util/retry"
+	"github.com/maistra/maistra-test-tool/pkg/util/test"
+)
+
+var (
+	//go:embed yaml/grpc_https_gateway.yaml
+	grpcurlTLSGatewayHTTPS string
+
+	//go:embed yaml/grpc_echo_server.yaml
+	grpcEchoServerTemplate string
+
+	grpcSampleCertKey = env.GetRootDir() + "/sampleCerts/grpc.example.com/grpc.example.com.key"
+	grpcSampleCert    = env.GetRootDir() + "/sampleCerts/grpc.example.com/grpc.example.com.crt"
+)
+
+func TestExposeGrpcWithHttpsGateway(t *testing.T) {
+	test.NewTest(t).Id("T44").Groups(test.Full, test.InterOp, test.ARM).Run(func(t test.TestHelper) {
+
+		t.Log("This test verifies tls decapsulation of grpc messages in gateway.")
+
+		t.Cleanup(func() {
+			app.Uninstall(t, app.GrpCurl(ns.Default))
+			oc.DeleteNamespace(t, ns.EchoGrpc)
+			oc.RecreateNamespace(t, meshNamespace)
+			oc.DeleteSecret(t, meshNamespace, "grpc-credential")
+		})
+
+		t.LogStep("Create echo-grpc project")
+		oc.CreateNamespace(t, ns.EchoGrpc)
+
+		t.LogStep("Deploy Control Plane")
+		ossm.DeployControlPlane(t)
+
+		t.LogStep("Update SMMR to include EchoGrpc Namespaces")
+		oc.ApplyString(t, meshNamespace, ossm.AppendDefaultSMMR(ns.EchoGrpc))
+		oc.WaitSMMRReady(t, meshNamespace)
+
+		t.LogStep("Create Echo Grpc Server Pods")
+		oc.ApplyTemplate(t, ns.EchoGrpc, grpcEchoServerTemplate, nil)
+
+		t.LogStep("Create TLS secrets")
+		oc.CreateTLSSecret(t, meshNamespace, "grpc-credential", grpcSampleCertKey, grpcSampleCert)
+
+		t.LogStep("Configure a TLS ingress gateway for a single host")
+		oc.ApplyString(t, meshNamespace, grpcurlTLSGatewayHTTPS)
+
+		t.LogStep("Install grpcurl image")
+		app.Install(t, app.GrpCurl(ns.Default))
+
+		retry.UntilSuccessWithOptions(t, retry.Options().MaxAttempts(20), func(t test.TestHelper) {
+			oc.LogsFromPods(t,
+				ns.Default,
+				"app=grpcurl",
+				assert.OutputContains("EchoTestService", "rpc command worked successfully", "rpc error"))
+		})
+
+	})
+}

pkg/tests/tasks/traffic/ingress/yaml/grpc_echo_server.yaml

@@ -0,0 +1,183 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: echo
+  name: echo
+  namespace: echo-grpc
+spec:
+  selector:
+    app: echo
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 80
+    targetPort: 18080
+  - name: grpc
+    port: 7070
+    targetPort: 17070
+  - name: tcp
+    port: 9090
+    targetPort: 19090
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: echo-v1
+  namespace: echo-grpc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: echo
+      version: v1
+  template:
+    metadata:
+      annotations:
+        sidecar.istio.io/inject: "true"
+      labels:
+        app: echo
+        version: v1
+    spec:
+      containers:
+        - args:
+          - --metrics=15014
+          - --port
+          - "18080"
+          - --tcp
+          - "19090"
+          - --grpc
+          - "17070"
+          - --grpc
+          - "17171"
+          - --port
+          - "3333"
+          - --port
+          - "8080"
+          - --version
+          - v1
+          env:
+          - name: INSTANCE_IP
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: status.podIP
+          image: gcr.io/istio-testing/app:latest
+          imagePullPolicy: Always
+          livenessProbe:
+            failureThreshold: 10
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            tcpSocket:
+              port: tcp-health-port
+            timeoutSeconds: 1
+          name: app
+          ports:
+          - containerPort: 17070
+            protocol: TCP
+          - containerPort: 17171
+            protocol: TCP
+          - containerPort: 8080
+            protocol: TCP
+          - containerPort: 3333
+            name: tcp-health-port
+            protocol: TCP
+          readinessProbe:
+            failureThreshold: 10
+            httpGet:
+              path: /
+              port: 8080
+              scheme: HTTP
+            initialDelaySeconds: 1
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 1
+          startupProbe:
+            failureThreshold: 10
+            periodSeconds: 10
+            successThreshold: 1
+            tcpSocket:
+              port: tcp-health-port
+            timeoutSeconds: 1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: echo-v2
+  namespace: echo-grpc
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: echo
+      version: v2
+  template:
+    metadata:
+      annotations:
+        sidecar.istio.io/inject: "true"
+      labels:
+        app: echo
+        version: v2
+    spec:
+      containers:
+        - args:
+          - --metrics=15014
+          - --port
+          - "18080"
+          - --tcp
+          - "19090"
+          - --grpc
+          - "17070"
+          - --grpc
+          - "17171"
+          - --port
+          - "3333"
+          - --port
+          - "8080"
+          - --version
+          - v2
+          env:
+          - name: INSTANCE_IP
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: status.podIP
+          image: gcr.io/istio-testing/app:latest
+          imagePullPolicy: Always
+          livenessProbe:
+            failureThreshold: 10
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            tcpSocket:
+              port: tcp-health-port
+            timeoutSeconds: 1
+          name: app
+          ports:
+          - containerPort: 17070
+            protocol: TCP
+          - containerPort: 17171
+            protocol: TCP
+          - containerPort: 8080
+            protocol: TCP
+          - containerPort: 3333
+            name: tcp-health-port
+            protocol: TCP
+          readinessProbe:
+            failureThreshold: 10
+            httpGet:
+              path: /
+              port: 8080
+              scheme: HTTP
+            initialDelaySeconds: 1
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 1
+          startupProbe:
+            failureThreshold: 10
+            periodSeconds: 10
+            successThreshold: 1
+            tcpSocket:
+              port: tcp-health-port
+            timeoutSeconds: 1

pkg/tests/tasks/traffic/ingress/yaml/grpc_https_gateway.yaml

@@ -0,0 +1,33 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: grpc-gateway
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 443
+      name: https
+      protocol: HTTPS
+    tls:
+      mode: SIMPLE
+      credentialName: grpc-credential
+    hosts:
+    - "*"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: grpc
+spec:
+  hosts:
+  - "*"
+  gateways:
+  - grpc-gateway
+  http:
+  - route:
+    - destination:
+        host: echo.echo-grpc.svc.cluster.local
+        port:
+          number: 7070