sighupio · ralgozino · Sep 10, 2025 · Sep 8, 2025 · Sep 9, 2025
diff --git a/.drone.yml b/.drone.yml
diff --git a/katalog/tests/grafana-ldap.sh b/katalog/tests/grafana-ldap.sh
@@ -6,23 +6,7 @@
 
 load ./helper
 
-@test "Grafana apply" {
-    run apply katalog/grafana
-    [ "$status" -eq 0 ]
-}
-
-@test "Wait for Grafana instance" {
-    info
-    test(){
-        status=$(kubectl get pods -n monitoring -l app.kubernetes.io/name=grafana -o jsonpath="{.items[*].status.phase}")
-        if [ "${status}" != "Running" ]; then return 1; fi
-    }
-    loop_it test 30 2
-    status=${loop_it_result:?}
-    [ "$status" -eq 0 ]
-}
-
-@test "Deploy example ldap instance" {
+@test "Deploy example LDAP instance" {
     info
     setup_ldap(){
         kubectl create ns demo-ldap
@@ -33,52 +17,45 @@ load ./helper
     [ "$status" -eq 0 ]
 }
 
-@test "Wait for example ldap instance" {
+@test "Wait for example LDAP instance" {
     info
     test(){
-        status=$(kubectl get pods -n demo-ldap -l app=ldap-server -o jsonpath="{.items[*].status.phase}")
-        if [ "${status}" != "Running" ]; then return 1; fi
+        check_deploy_ready "ldap-server" "demo-ldap"
     }
     loop_it test 30 2
     status=${loop_it_result:?}
     [ "$status" -eq 0 ]
 }
 
-@test "Apply Grafana LDAP Configuration" {
-    info
-    run apply katalog/tests/grafana-ldap-auth/kustomize-project
-    [ "$status" -eq 0 ]
-}
-
-@test "Rollout Grafana" {
-    info
-    rollout(){
-        kubectl patch deployment grafana -n monitoring -p "{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"date\":\"$(date +'%s')\"}}}}}"
-    }
-    run rollout
-    [ "$status" -eq 0 ]
+@test "Deploy Grafana patched with LDAP auth" {
+  info
+  deploy() {
+    apply katalog/tests/grafana-ldap-auth/kustomize-project
+  }
+  run deploy
+  [ "$status" -eq 0 ]
 }
 
-@test "Wait for Grafana instance restart" {
-    info
-    test(){
-        status=$(kubectl get pods -n monitoring -l app.kubernetes.io/name=grafana -o jsonpath="{.items[*].status.phase}")
-        if [ "${status}" != "Running" ]; then return 1; fi
-    }
-    loop_it test 30 2
-    status=${loop_it_result:?}
-    [ "$status" -eq 0 ]
+@test "Grafana is Running" {
+  info
+  test() {
+    check_deploy_ready "grafana" "monitoring"
+  }
+  loop_it test 30 5
+  status=${loop_it_result:?}
+  [ "$status" -eq 0 ]
 }
 
 @test "Test Angel LDAP user in Grafana" {
     info
     test(){
         grafana_pod=$(kubectl get pods -n monitoring -l app.kubernetes.io/name=grafana -o jsonpath='{.items[*].metadata.name}')
         user_info=$(kubectl -n monitoring exec -it "${grafana_pod}" -- wget -qO- http://angel:angel@localhost:3000/api/user)
-        isGrafanaAdmin=$(echo "${user_info}" | jq -r .isGrafanaAdmin)
-        if [ "${isGrafanaAdmin}" != "false" ]; then return 1; fi
+        # Check that isGrafanaAdmin is false for Angel (non-admin user)
+        grep -q '"isGrafanaAdmin":false' <<< "${user_info}"
     }
     run test
+    echo $output
     [ "$status" -eq 0 ]
 }
 
@@ -87,9 +64,10 @@ load ./helper
     test(){
         grafana_pod=$(kubectl get pods -n monitoring -l app.kubernetes.io/name=grafana -o jsonpath='{.items[*].metadata.name}')
         user_info=$(kubectl -n monitoring exec -it "${grafana_pod}" -- wget -qO- http://jacopo:admin@localhost:3000/api/user)
-        isGrafanaAdmin=$(echo "${user_info}" | jq -r .isGrafanaAdmin)
-        if [ "${isGrafanaAdmin}" != "true" ]; then return 1; fi
+        # Check that isGrafanaAdmin is true for Jacopo (admin user)
+        grep -q '"isGrafanaAdmin":true' <<< "${user_info}"
     }
     run test
+    echo $output
     [ "$status" -eq 0 ]
 }
diff --git a/katalog/tests/helper.bash b/katalog/tests/helper.bash
@@ -1,21 +1,47 @@
 #!/usr/bin/env bats
 
+# Module Monitoring Test Helper Functions
+# ========================================
+# This file provides helper functions for BATS testing of the monitoring module.
+# Enhanced with comprehensive helper functions for robust testing.
+# Key functions:
+# - apply/delete: Deploy/remove Kustomize resources using kapp for GitOps-style management  
+# - check_*_ready: Validate that different Kubernetes resource types are ready
+# - loop_it: Retry mechanism for test conditions with configurable timeout
+# - info/show: Display test progress information
+
 # shellcheck disable=SC2086,SC2154,SC2034
 
+set -o pipefail
+
+kaction(){
+    path=$1
+    verb=$2
+    kustomize build $path | kubectl $verb -f -
+}
+
 apply (){
+  APP_NAME=${2:-$(basename $1)}  # Use second parameter or directory basename
   kustomize build $1 >&2
-  kustomize build $1 | kubectl apply --server-side -f - 2>&3
+  # We need to steal ownership of existing resources because Mimir deploys prometheus-operated too
+  kustomize build $1 | kapp deploy -a "$APP_NAME" -f - --yes --dangerous-override-ownership-of-existing-resources --apply-default-update-strategy=fallback-on-replace 2>&3
 }
 
 delete (){
+  APP_NAME=${2:-$(basename $1)}  # Use second parameter or directory basename  
   kustomize build $1 >&2
-  kustomize build $1 | kubectl delete -f - 2>&3
+  kapp delete -a "$APP_NAME" --yes 2>&3
 }
 
 info(){
   echo -e "${BATS_TEST_NUMBER}: ${BATS_TEST_DESCRIPTION}" >&3
 }
 
+# Display visible messages during BATS test execution
+show() {
+  echo "# $*" >&3
+}
+
 loop_it(){
   retry_counter=0
   max_retry=${2:-100}
@@ -25,7 +51,12 @@ loop_it(){
   loop_it_result=${ko}
   while [[ ko -ne 0 ]]
   do
-    if [ $retry_counter -ge $max_retry ]; then echo "Timeout waiting a condition"; return 1; fi
+    if [ $retry_counter -ge $max_retry ]; then 
+      echo "Timeout waiting for the command to succeed"
+      echo "Last command output was:"
+      echo "${output}"
+      return 1
+    fi
     sleep ${wait_time} && echo "# waiting..." $retry_counter >&3
     run ${1}
     ko=${status}
@@ -34,3 +65,57 @@ loop_it(){
   done
   return 0
 }
+
+check_sts_ready() {
+  local name=$1
+  local namespace=$2
+  local replicas ready_replicas
+  replicas=$(kubectl get sts "$name" -n "$namespace" -o jsonpath='{.status.replicas}' 2>/dev/null || echo "0")
+  ready_replicas=$(kubectl get sts "$name" -n "$namespace" -o jsonpath='{.status.readyReplicas}' 2>/dev/null || echo "0")
+  [ "$replicas" -eq "$ready_replicas" ] && [ "$replicas" -gt 0 ]
+}
+
+check_ds_ready() {
+  local name=$1
+  local namespace=$2
+  local desired ready
+  desired=$(kubectl get ds "$name" -n "$namespace" -o jsonpath='{.status.desiredNumberScheduled}' 2>/dev/null || echo "0")
+  ready=$(kubectl get ds "$name" -n "$namespace" -o jsonpath='{.status.numberReady}' 2>/dev/null || echo "0")
+  [ "$desired" -eq "$ready" ] && [ "$desired" -gt 0 ]
+}
+
+check_deploy_ready() {
+  local name=$1
+  local namespace=$2
+  local replicas ready_replicas
+  replicas=$(kubectl get deploy "$name" -n "$namespace" -o jsonpath='{.status.replicas}' 2>/dev/null || echo "0")
+  ready_replicas=$(kubectl get deploy "$name" -n "$namespace" -o jsonpath='{.status.readyReplicas}' 2>/dev/null || echo "0")
+  [ "$replicas" -eq "$ready_replicas" ] && [ "$replicas" -gt 0 ]
+}
+
+check_job_ready() {
+  local name=$1
+  local namespace=$2
+  local succeeded
+  succeeded=$(kubectl get job "$name" -n "$namespace" -o jsonpath='{.status.succeeded}' 2>/dev/null || echo "0")
+  [ "$succeeded" -eq 1 ]
+}
+
+check_http_endpoint_ready() {
+  # Generic function to check if HTTP endpoint returns acceptable status codes
+  local url=$1
+  local acceptable_codes=$2
+  local status_code
+
+  # Get HTTP status code
+  status_code=$(curl -k -s -o /dev/null -w "%{http_code}" --max-time 10 "$url" 2>/dev/null || echo "000")
+
+  # Check if status code matches any acceptable code
+  for code in $acceptable_codes; do
+    if [ "$status_code" = "$code" ]; then
+      return 0
+    fi
+  done
+
+  return 1
+}
diff --git a/katalog/tests/kind-config.yml b/katalog/tests/kind-config.yml
diff --git a/katalog/tests/kind/config.yml b/katalog/tests/kind/config.yml
@@ -0,0 +1,30 @@
+# Copyright (c) 2020 SIGHUP s.r.l All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+networking:
+  apiServerAddress: "0.0.0.0"
+
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: ClusterConfiguration
+    apiServer:
+      certSANs:
+      - 0.0.0.0
+      extraArgs:
+        enable-admission-plugins: "NamespaceLifecycle,LimitRanger,PodNodeSelector,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota"
+    etcd:
+      local:
+        extraArgs:
+          listen-metrics-urls: "http://0.0.0.0:2378"
+    controllerManager:
+      extraArgs:
+        bind-address: "0.0.0.0"
+    scheduler:
+      extraArgs:
+        bind-address: "0.0.0.0"
+- role: worker
diff --git a/katalog/tests/promtool.sh b/katalog/tests/promtool.sh
@@ -4,14 +4,14 @@
 # license that can be found in the LICENSE file.
 
 
-set -x
+# set -x
 set -e
 set -u
 set -o pipefail
 
 # Check prometheus rules
 grep -ril "kind: PrometheusRule" . | \
-grep -v "$0" | \
+grep -v "$(basename "$0")" | \
 grep -v "kustomization.yaml" | \
 grep -v "crds" | \
 while read -r rules_file; do