Bringing v3.3.x up to main (#656)

Copying the `main` branch over to the `3.3.x` branch.

Co-authored-by: edcdavid <86730676+edcdavid@users.noreply.github.com>
Co-authored-by: Salaheddine Hamadi <shamadi@redhat.com>
Co-authored-by: aabughosh <88486034+aabughosh@users.noreply.github.com>
Co-authored-by: Gonzalo Reyero Ferreras <87083379+greyerof@users.noreply.github.com>
Co-authored-by: Shimrit Peretz <34240686+shimritproj@users.noreply.github.com>
Co-authored-by: Shimrit peretz <speretz@redhat.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jmontesi <100689165+jmontesi@users.noreply.github.com>
Co-authored-by: Shai Oren <51234399+shaior@users.noreply.github.com>
Co-authored-by: Ramon Perez <ramperher@users.noreply.github.com>
Co-authored-by: David Elie-Dit-Cosaque <deliedit@redhat.com>
Co-authored-by: Gonzalo Reyero Ferreras <greyerof@redhat.com>

.github/workflows/merge.yaml

@@ -15,7 +15,7 @@ jobs:
       - name: Set up Go 1.17
         uses: actions/setup-go@v2
         with:
-          go-version: 1.17.6
+          go-version: 1.17.8
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2

.github/workflows/pre-main.yaml

@@ -20,6 +20,7 @@ env:
   TESTING_CMD_PARAMS: '-n host -i ${REGISTRY_LOCAL}/${IMAGE_NAME}:${IMAGE_TAG} -t ${TNF_CONFIG_DIR} -o ${TNF_OUTPUT_DIR}'
   TNF_PARTNER_DIR: '/usr/tnf-partner'
   TNF_PARTNER_SRC_DIR: '${TNF_PARTNER_DIR}/src'
+  TERM: xterm-color
 
 jobs:
   lint:
@@ -30,7 +31,10 @@ jobs:
       - name: Set up Go 1.17
         uses: actions/setup-go@v2
         with:
-          go-version: 1.17.6
+          go-version: 1.17.8
+
+      - name: Disable default go problem matcher
+        run: echo "::remove-matcher owner=go::"
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
@@ -78,7 +82,10 @@ jobs:
       - name: Set up Go 1.17
         uses: actions/setup-go@v2
         with:
-          go-version: 1.17.6
+          go-version: 1.17.8
+
+      - name: Disable default go problem matcher
+        run: echo "::remove-matcher owner=go::"
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
@@ -95,11 +102,11 @@ jobs:
 
       - name: Quality Gate - Test coverage shall be above threshold
         env:
-          TESTCOVERAGE_THRESHOLD: 70
+          TESTCOVERAGE_THRESHOLD: 50
         run: |
           echo "Quality Gate: checking test coverage is above threshold ..."
           echo "Threshold             : $TESTCOVERAGE_THRESHOLD %"
-          totalCoverage=`go tool cover -func=cover.out | grep total | grep -Eo '[0-9]+\.[0-9]+'`
+          totalCoverage=`UNIT_TEST='true' go tool cover -func=cover.out | grep total | grep -Eo '[0-9]+\.[0-9]+'`
           echo "Current test coverage : $totalCoverage %"
           if (( $(echo "$totalCoverage $TESTCOVERAGE_THRESHOLD" | awk '{print ($1 > $2)}') )); then
               echo "OK"
@@ -120,8 +127,11 @@ jobs:
       - name: Set up Go 1.17
         uses: actions/setup-go@v2
         with:
-          go-version: 1.17.6
+          go-version: 1.17.8
 
+      - name: Disable default go problem matcher
+        run: echo "::remove-matcher owner=go::"
+
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
         with:
@@ -145,7 +155,7 @@ jobs:
           path: cnf-certification-test-partner
 
       - name: Start the minikube cluster for `local-test-infra`
-        uses: ./cnf-certification-test-partner/.github/actions/start-minikube
+        uses: ./cnf-certification-test-partner/.github/actions/start-k8s-cluster
         with:
           working_directory: cnf-certification-test-partner
 
@@ -190,11 +200,6 @@ jobs:
 
       - name: 'Test: Run without any TS, just get diagnostic information'
         run: ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }}
-
-      - name: Delete the deployment and deploy Statefulset pods
-        uses: ./cnf-certification-test-partner/.github/actions/deploy-statefulset-pods
-        with:
-          working_directory: cnf-certification-test-partner
 
       - name: 'Test: Run generic test suite in a TNF container'
         run: ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -f access-control lifecycle platform observability networking affiliated-certification operator

.github/workflows/tnf-image.yaml

@@ -30,14 +30,16 @@ env:
   PARTNER_REPO: test-network-function/cnf-certification-test-partner
   PARTNER_SRC_URL: 'https://github.com/${PARTNER_REPO}'
   TESTING_CMD_PARAMS: '-n host -i ${REGISTRY_LOCAL}/${IMAGE_NAME}:${IMAGE_TAG} -t ${TNF_CONFIG_DIR} -o ${TNF_OUTPUT_DIR}'
+  LATEST_BRANCH_VERSION: 3.3.x
 
 jobs:
   test-and-push-tnf-image:
     name: 'Test and push the `test-network-function` image'
     runs-on: ubuntu-20.04
     strategy:
+      fail-fast: false
       matrix:
-        branch: [3.1.x, 3.2.x]
+        branch: [3.1.x, 3.2.x, 3.3.x]
     env:
       SHELL: /bin/bash
       KUBECONFIG: '/home/runner/.kube/config'
@@ -124,10 +126,33 @@ jobs:
           repository: test-network-function/cnf-certification-test-partner
           path: cnf-certification-test-partner
           ref: ${{ env.PARTNER_VERSION }}
-
+
+      # Only one of the following 2 steps will work depending on the repo version
+
+      # For versions > 3.3.0
+
+      - name: Check for start-k8s-cluster existence
+        id: check_start_k8s_cluster
+        uses: andstor/file-existence-action@v1
+        with:
+          files: "./cnf-certification-test-partner/.github/actions/start-k8s-cluster"
+
+      - name: Start the k8s cluster for `local-test-infra`
+        if: steps.check_start_k8s_cluster.outputs.files_exists == 'true'
+        uses: ./cnf-certification-test-partner/.github/actions/start-k8s-cluster
+
+      # For version <= 3.3.0
+
+      - name: Check for start-minikube existence
+        id: check_start_minikube
+        uses: andstor/file-existence-action@v1
+        with:
+          files: "./cnf-certification-test-partner/.github/actions/start-minikube"
+
       - name: Start the minikube cluster for `local-test-infra`
+        if: steps.check_start_minikube.outputs.files_exists == 'true'
         uses: ./cnf-certification-test-partner/.github/actions/start-minikube
-          
+
       - name: Create `local-test-infra` OpenShift resources
         uses: ./cnf-certification-test-partner/.github/actions/create-local-test-infra-resources
         with:
@@ -142,7 +167,7 @@ jobs:
         shell: bash
 
       - name: 'Test: Run without any TS, just get diagnostic information'
-        run: ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} 
+        run: ./run-tnf-container.sh ${{ env.TESTING_CMD_PARAMS }} -f diagnostic
 
       # Push the new TNF image to Quay.io.
 
@@ -156,4 +181,9 @@ jobs:
           password: ${{ secrets.QUAY_ROBOT_TOKEN }}
 
       - name: Push the newly built image to Quay.io
-        run: docker push --all-tags ${REGISTRY}/${IMAGE_NAME}
+        run: |
+          docker push ${REGISTRY}/${IMAGE_NAME}:${TNF_VERSION}
+          if [ "$CURRENT_VERSION_GENERIC_BRANCH" == "$LATEST_BRANCH_VERSION" ]; then
+            docker push ${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}
+          fi
+

CATALOG.md

@@ -98,6 +98,18 @@ Description|http://test-network-function.com/testcases/affiliated-certification/
 Result Type|normative
 Suggested Remediation|Ensure that your container has passed the Red Hat Container Certification Program (CCP).
 Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.3.7
+#### helmchart-is-certified
+
+Property|Description
+---|---
+Test Case Name|helmchart-is-certified
+Test Case Label|affiliated-certification-helmchart-is-certified
+Unique ID|http://test-network-function.com/testcases/affiliated-certification/helmchart-is-certified
+Version|v1.0.0
+Description|http://test-network-function.com/testcases/affiliated-certification/helmchart-is-certified tests whether helm charts listed in the cluster passed the Red Hat Helm Certification Program.
+Result Type|normative
+Suggested Remediation|Ensure that the helm charts under test passed the Red Hat's helm Certification Program (e.g. listed in https://charts.openshift.io/index.yaml).
+Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.2.12 and Section 6.3.3
 #### operator-is-certified
 
 Property|Description
@@ -149,6 +161,18 @@ Description|http://test-network-function.com/testcases/lifecycle/image-pull-poli
 Result Type|normative
 Suggested Remediation|Ensure that the containers under test are using IfNotPresent as Image Pull Policy.
 Best Practice Reference|https://docs.google.com/document/d/1wRHMk1ZYUSVmgp_4kxvqjVOKwolsZ5hDXjr5MLy-wbg/edit#  Section 15.6
+#### liveness
+
+Property|Description
+---|---
+Test Case Name|liveness
+Test Case Label|lifecycle-liveness
+Unique ID|http://test-network-function.com/testcases/lifecycle/liveness
+Version|v1.0.0
+Description|http://test-network-function.com/testcases/lifecycle/liveness Checks that all pods under test have a liveness probe defined.
+Result Type|normative
+Suggested Remediation|Ensure that all CNF's pods under test have a liveness probe defined.
+Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.2
 #### pod-high-availability
 
 Property|Description
@@ -209,6 +233,18 @@ Description|http://test-network-function.com/testcases/lifecycle/pod-termination
 Result Type|informative
 Suggested Remediation|Choose a terminationGracePeriod that is appropriate for your given CNF.  If the default (30s) is appropriate, then feel free to ignore this informative message.  This test is meant to raise awareness around how Pods are terminated, and to suggest that a CNF is configured based on its requirements.  In addition to a terminationGracePeriod, consider utilizing a termination hook in the case that your application requires special shutdown instructions.
 Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.2
+#### readiness
+
+Property|Description
+---|---
+Test Case Name|readiness
+Test Case Label|lifecycle-readiness
+Unique ID|http://test-network-function.com/testcases/lifecycle/readiness
+Version|v1.0.0
+Description|http://test-network-function.com/testcases/lifecycle/readiness Checks that all pods under test have a readiness probe defined.
+Result Type|normative
+Suggested Remediation|Ensure that all CNF's pods under test have a readiness probe defined.
+Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.2
 #### statefulset-scaling
 
 Property|Description
@@ -248,6 +284,30 @@ Description|http://test-network-function.com/testcases/networking/icmpv4-connect
 Result Type|normative
 Suggested Remediation|Ensure that the CNF is able to communicate via the Multus network(s). In some rare cases, CNFs may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv4 connectivity tests, add the test-network-function.com/skip_connectivity_tests label to it. The label value is not important, only its presence.
 Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.2
+#### icmpv6-connectivity
+
+Property|Description
+---|---
+Test Case Name|icmpv6-connectivity
+Test Case Label|networking-icmpv6-connectivity
+Unique ID|http://test-network-function.com/testcases/networking/icmpv6-connectivity
+Version|v1.0.0
+Description|http://test-network-function.com/testcases/networking/icmpv6-connectivity checks that each CNF Container is able to communicate via ICMPv6 on the Default OpenShift network.  This test case requires the Deployment of the debug daemonset.
+Result Type|normative
+Suggested Remediation|Ensure that the CNF is able to communicate via the Default OpenShift network. In some rare cases, CNFs may require routing table changes in order to communicate over the Default network. To exclude a particular pod from ICMPv6 connectivity tests, add the test-network-function.com/skip_connectivity_tests label to it. The label value is not important, only its presence.
+Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.2
+#### icmpv6-connectivity-multus
+
+Property|Description
+---|---
+Test Case Name|icmpv6-connectivity-multus
+Test Case Label|networking-icmpv6-connectivity-multus
+Unique ID|http://test-network-function.com/testcases/networking/icmpv6-connectivity-multus
+Version|v1.0.0
+Description|http://test-network-function.com/testcases/networking/icmpv6-connectivity-multus checks that each CNF Container is able to communicate via ICMPv6 on the Multus network(s).  This test case requires the Deployment of the debug daemonset.
+Result Type|normative
+Suggested Remediation|Ensure that the CNF is able to communicate via the Multus network(s). In some rare cases, CNFs may require routing table changes in order to communicate over the Multus network(s). To exclude a particular pod from ICMPv6 connectivity tests, add the test-network-function.com/skip_connectivity_tests label to it.The label value is not important, only its presence. 
+Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.2
 #### service-type
 
 Property|Description
@@ -260,6 +320,18 @@ Description|http://test-network-function.com/testcases/networking/service-type t
 Result Type|normative
 Suggested Remediation|Ensure Services are not configured to use NodePort(s).
 Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 6.3.1
+#### undeclared-container-ports-usage
+
+Property|Description
+---|---
+Test Case Name|undeclared-container-ports-usage
+Test Case Label|networking-undeclared-container-ports-usage
+Unique ID|http://test-network-function.com/testcases/networking/undeclared-container-ports-usage
+Version|v1.0.0
+Description|http://test-network-function.com/testcases/networking/undeclared-container-ports-usage check that containers don't listen on ports that weren't declared in their specification
+Result Type|normative
+Suggested Remediation|ensure the CNF apps don't listen on undeclared containers' ports
+Best Practice Reference|[CNF Best Practice V1.2](https://connect.redhat.com/sites/default/files/2021-03/Cloud%20Native%20Network%20Function%20Requirements.pdf) Section 16.3.1.1
 
 ### observability
 

Dockerfile

@@ -13,10 +13,12 @@ ENV TEMP_DIR=/tmp
 
 # Install dependencies
 RUN yum install -y gcc git jq make wget
-
+RUN wget https://get.helm.sh/helm-v3.8.1-linux-amd64.tar.gz && \
+    tar -xvf helm-v3.8.1-linux-amd64.tar.gz && \
+    cp linux-amd64/helm /usr/bin/helm
 # Install Go binary
 ENV GO_DL_URL="https://golang.org/dl"
-ENV GO_BIN_TAR="go1.17.6.linux-amd64.tar.gz"
+ENV GO_BIN_TAR="go1.17.8.linux-amd64.tar.gz"
 ENV GO_BIN_URL_x86_64=${GO_DL_URL}/${GO_BIN_TAR}
 ENV GOPATH="/root/go"
 RUN if [[ "$(uname -m)" -eq "x86_64" ]] ; then \
@@ -41,7 +43,7 @@ ENV PATH=${PATH}:"/usr/local/go/bin":${GOPATH}/"bin"
 
 # Git identifier to checkout
 ARG TNF_VERSION
-ARG TNF_SRC_URL=https://github.com/test-network-function/test-network-function
+ARG TNF_SRC_URL=$TNF_SRC_URL
 ARG GIT_CHECKOUT_TARGET=$TNF_VERSION
 
 # Git identifier to checkout for partner

Makefile

@@ -47,7 +47,7 @@ COMMON_GO_ARGS=-race
 GIT_COMMIT=$(shell git rev-list -1 HEAD)
 GIT_RELEASE=$(shell git tag --points-at HEAD | head -n 1)
 GIT_PREVIOUS_RELEASE=$(shell git tag --no-contains HEAD --sort=v:refname | tail -n 1)
-GOLANGCI_VERSION=v1.44.0
+GOLANGCI_VERSION=v1.44.2
 
 # Run the unit tests and build all binaries
 build:
@@ -78,8 +78,7 @@ lint:
 # Build and run unit tests
 test: mocks
 	go build ${COMMON_GO_ARGS} ./...
-	go test -coverprofile=cover.out -covermode count `go list ./... | grep -v "github.com/test-network-function/test-network-function/test-network-function" | grep -v mock`
-	go tool cover -func cover.out
+	UNIT_TEST="true" go test -coverprofile=cover.out ./...
 
 coverage-html: test
 	go tool cover -html cover.out
@@ -126,10 +125,13 @@ update-deps:
 
 # Install build tools and other required software.
 install-tools:
-	go install github.com/onsi/ginkgo/v2/ginkgo@v2.1.1
+	go install github.com/onsi/ginkgo/v2/ginkgo@v2.1.3
 	go install github.com/onsi/gomega
 	go install github.com/golang/mock/mockgen@v1.6.0
-
+	wget https://get.helm.sh/helm-v3.8.1-linux-amd64.tar.gz && \
+    tar -xvf helm-v3.8.1-linux-amd64.tar.gz && \
+    cp linux-amd64/helm /usr/local/bin/helm
+
 # Install golangci-lint	
 install-lint:
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b ${GO_PATH}/bin ${GOLANGCI_VERSION}

README.md

@@ -227,7 +227,7 @@ At a minimum, the following dependencies must be installed *prior* to running `m
 Dependency|Minimum Version
 ---|---
 [GoLang](https://golang.org/dl/)|1.17
-[golangci-lint](https://golangci-lint.run/usage/install/)|1.44.0
+[golangci-lint](https://golangci-lint.run/usage/install/)|1.44.2
 [jq](https://stedolan.github.io/jq/)|1.6
 [OpenShift Client](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/)|4.7
 
@@ -550,4 +550,7 @@ TNF_DEFAULT_BUFFER_SIZE=32768 ./run-cnf-suites.sh -f networking
 to test if operator certified need to label it with this command
 ```shell script
 oc label csv <name> -n <namespace> "test-network-function.com/operator=target" 
-```
+```
+# Testing certified helm charts
+to test if the helm chart is certified its need to be deployed under the namespace that are under test.
+if there is a need to skip a spisific helm need to add his name into the tnf_config.

go.mod

@@ -11,19 +11,23 @@ require (
 	github.com/golang/mock v1.6.0
 	github.com/google/goexpect v0.0.0-20210330220015-096e5d1cbd97
 	github.com/google/goterm v0.0.0-20190703233501-fc88cf888a3f
-	github.com/kr/pretty v0.2.1 // indirect
-	github.com/onsi/ginkgo/v2 v2.1.1
+	github.com/onsi/ginkgo/v2 v2.1.3
 	github.com/onsi/gomega v1.18.1
 	github.com/sirupsen/logrus v1.8.1
-	github.com/spf13/cobra v1.3.0
-	github.com/stretchr/testify v1.7.0
+	github.com/spf13/cobra v1.4.0
+	github.com/stretchr/testify v1.7.1
 	github.com/test-network-function/test-network-function-claim v1.0.5
 	github.com/xeipuuv/gojsonschema v1.2.0
 	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
-	google.golang.org/grpc v1.44.0
+	google.golang.org/grpc v1.45.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
+require (
+	github.com/go-yaml/yaml v2.1.0+incompatible
+	github.com/hashicorp/go-version v1.4.0
+)
+
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect