xref: /aosp_15_r20/external/grpc-grpc-java/buildscripts/kokoro/psm-security.sh (revision e07d83d3ffcef9ecfc9f7f475418ec639ff0e5fe) 
1#!/usr/bin/env bash
2set -eo pipefail
3
4# Constants
5readonly GITHUB_REPOSITORY_NAME="grpc-java"
6readonly TEST_DRIVER_INSTALL_SCRIPT_URL="https://raw.githubusercontent.com/${TEST_DRIVER_REPO_OWNER:-grpc}/grpc/${TEST_DRIVER_BRANCH:-master}/tools/internal_ci/linux/grpc_xds_k8s_install_test_driver.sh"
7## xDS test server/client Docker images
8readonly SERVER_IMAGE_NAME="gcr.io/grpc-testing/xds-interop/java-server"
9readonly CLIENT_IMAGE_NAME="gcr.io/grpc-testing/xds-interop/java-client"
10readonly FORCE_IMAGE_BUILD="${FORCE_IMAGE_BUILD:-0}"
11readonly BUILD_APP_PATH="interop-testing/build/install/grpc-interop-testing"
12
13#######################################
14# Builds the test app using gradle and smoke-checks its binaries
15# Globals:
16#   SRC_DIR
17#   BUILD_APP_PATH
18# Arguments:
19#   None
20# Outputs:
21#   Writes the output of xds-test-client and xds-test-server --help to stderr
22#######################################
23build_java_test_app() {
24  echo "Building Java test app"
25  cd "${SRC_DIR}"
26  GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx1g'" \
27  ./gradlew --no-daemon grpc-interop-testing:installDist -x test \
28    -PskipCodegen=true -PskipAndroid=true --console=plain
29
30  # Test-run binaries
31  run_ignore_exit_code "${SRC_DIR}/${BUILD_APP_PATH}/bin/xds-test-client" --help
32  run_ignore_exit_code "${SRC_DIR}/${BUILD_APP_PATH}/bin/xds-test-server" --help
33}
34
35#######################################
36# Builds test app Docker images and pushes them to GCR
37# Globals:
38#   BUILD_APP_PATH
39#   SERVER_IMAGE_NAME: Test server Docker image name
40#   CLIENT_IMAGE_NAME: Test client Docker image name
41#   GIT_COMMIT: SHA-1 of git commit being built
42#   TESTING_VERSION: version branch under test, f.e. v1.42.x, master
43# Arguments:
44#   None
45# Outputs:
46#   Writes the output of `gcloud builds submit` to stdout, stderr
47#######################################
48build_test_app_docker_images() {
49  echo "Building Java xDS interop test app Docker images"
50  local docker_dir="${SRC_DIR}/buildscripts/xds-k8s"
51  local build_dir
52  build_dir="$(mktemp -d)"
53  # Copy Docker files, log properties, and the test app to the build dir
54  cp -v "${docker_dir}/"*.Dockerfile "${build_dir}"
55  cp -v "${docker_dir}/"*.properties "${build_dir}"
56  cp -rv "${SRC_DIR}/${BUILD_APP_PATH}" "${build_dir}"
57  # Pick a branch name for the built image
58  local branch_name='experimental'
59  if is_version_branch "${TESTING_VERSION}"; then
60    branch_name="${TESTING_VERSION}"
61  fi
62  # Run Google Cloud Build
63  gcloud builds submit "${build_dir}" \
64    --config "${docker_dir}/cloudbuild.yaml" \
65    --substitutions "_SERVER_IMAGE_NAME=${SERVER_IMAGE_NAME},_CLIENT_IMAGE_NAME=${CLIENT_IMAGE_NAME},COMMIT_SHA=${GIT_COMMIT},BRANCH_NAME=${branch_name}"
66  # TODO(sergiitk): extra "cosmetic" tags for versioned branches, e.g. v1.34.x
67  # TODO(sergiitk): do this when adding support for custom configs per version
68}
69
70#######################################
71# Builds test app and its docker images unless they already exist
72# Globals:
73#   SERVER_IMAGE_NAME: Test server Docker image name
74#   CLIENT_IMAGE_NAME: Test client Docker image name
75#   GIT_COMMIT: SHA-1 of git commit being built
76#   FORCE_IMAGE_BUILD
77# Arguments:
78#   None
79# Outputs:
80#   Writes the output to stdout, stderr
81#######################################
82build_docker_images_if_needed() {
83  # Check if images already exist
84  server_tags="$(gcloud_gcr_list_image_tags "${SERVER_IMAGE_NAME}" "${GIT_COMMIT}")"
85  printf "Server image: %s:%s\n" "${SERVER_IMAGE_NAME}" "${GIT_COMMIT}"
86  echo "${server_tags:-Server image not found}"
87
88  client_tags="$(gcloud_gcr_list_image_tags "${CLIENT_IMAGE_NAME}" "${GIT_COMMIT}")"
89  printf "Client image: %s:%s\n" "${CLIENT_IMAGE_NAME}" "${GIT_COMMIT}"
90  echo "${client_tags:-Client image not found}"
91
92  # Build if any of the images are missing, or FORCE_IMAGE_BUILD=1
93  if [[ "${FORCE_IMAGE_BUILD}" == "1" || -z "${server_tags}" || -z "${client_tags}" ]]; then
94    build_java_test_app
95    build_test_app_docker_images
96  else
97    echo "Skipping Java test app build"
98  fi
99}
100
101#######################################
102# Executes the test case
103# Globals:
104#   TEST_DRIVER_FLAGFILE: Relative path to test driver flagfile
105#   KUBE_CONTEXT: The name of kubectl context with GKE cluster access
106#   TEST_XML_OUTPUT_DIR: Output directory for the test xUnit XML report
107#   SERVER_IMAGE_NAME: Test server Docker image name
108#   CLIENT_IMAGE_NAME: Test client Docker image name
109#   GIT_COMMIT: SHA-1 of git commit being built
110#   TESTING_VERSION: version branch under test: used by the framework to
111#                     determine the supported PSM features.
112# Arguments:
113#   Test case name
114# Outputs:
115#   Writes the output of test execution to stdout, stderr
116#   Test xUnit report to ${TEST_XML_OUTPUT_DIR}/${test_name}/sponge_log.xml
117#######################################
118run_test() {
119  # Test driver usage:
120  # https://github.com/grpc/grpc/tree/master/tools/run_tests/xds_k8s_test_driver#basic-usage
121  local test_name="${1:?Usage: run_test test_name}"
122  local out_dir="${TEST_XML_OUTPUT_DIR}/${test_name}"
123  mkdir -pv "${out_dir}"
124  set -x
125  python -m "tests.${test_name}" \
126    --flagfile="${TEST_DRIVER_FLAGFILE}" \
127    --kube_context="${KUBE_CONTEXT}" \
128    --server_image="${SERVER_IMAGE_NAME}:${GIT_COMMIT}" \
129    --client_image="${CLIENT_IMAGE_NAME}:${GIT_COMMIT}" \
130    --testing_version="${TESTING_VERSION}" \
131    --force_cleanup \
132    --collect_app_logs \
133    --log_dir="${out_dir}" \
134    --xml_output_file="${out_dir}/sponge_log.xml" \
135    |& tee "${out_dir}/sponge_log.log"
136}
137
138#######################################
139# Main function: provision software necessary to execute tests, and run them
140# Globals:
141#   KOKORO_ARTIFACTS_DIR
142#   GITHUB_REPOSITORY_NAME
143#   SRC_DIR: Populated with absolute path to the source repo
144#   TEST_DRIVER_REPO_DIR: Populated with the path to the repo containing
145#                         the test driver
146#   TEST_DRIVER_FULL_DIR: Populated with the path to the test driver source code
147#   TEST_DRIVER_FLAGFILE: Populated with relative path to test driver flagfile
148#   TEST_XML_OUTPUT_DIR: Populated with the path to test xUnit XML report
149#   GIT_ORIGIN_URL: Populated with the origin URL of git repo used for the build
150#   GIT_COMMIT: Populated with the SHA-1 of git commit being built
151#   GIT_COMMIT_SHORT: Populated with the short SHA-1 of git commit being built
152#   KUBE_CONTEXT: Populated with name of kubectl context with GKE cluster access
153# Arguments:
154#   None
155# Outputs:
156#   Writes the output of test execution to stdout, stderr
157#######################################
158main() {
159  local script_dir
160  script_dir="$(dirname "$0")"
161
162  # Source the test driver from the master branch.
163  echo "Sourcing test driver install script from: ${TEST_DRIVER_INSTALL_SCRIPT_URL}"
164  source /dev/stdin <<< "$(curl -s "${TEST_DRIVER_INSTALL_SCRIPT_URL}")"
165
166  activate_gke_cluster GKE_CLUSTER_PSM_SECURITY
167
168  set -x
169  if [[ -n "${KOKORO_ARTIFACTS_DIR}" ]]; then
170    kokoro_setup_test_driver "${GITHUB_REPOSITORY_NAME}"
171  else
172    local_setup_test_driver "${script_dir}"
173  fi
174  build_docker_images_if_needed
175  # Run tests
176  cd "${TEST_DRIVER_FULL_DIR}"
177  local failed_tests=0
178  test_suites=("baseline_test" "security_test" "authz_test")
179  for test in "${test_suites[@]}"; do
180    run_test $test || (( ++failed_tests ))
181  done
182  echo "Failed test suites: ${failed_tests}"
183}
184
185main "$@"
186