Introduce kata containerized testing tool #312
Conversation
Ankita13-code
changed the title
| return f.saveResults(results) | ||
| } | ||
|
|
||
| func (f *Framework) saveResults(results []TestResult) error { |
There was a problem hiding this comment.
Could you add an option to format the results in junit format? In the pipelines, that allows us to to upload the results to ADO and visualize the results like this . May look into https://github.com/gotestyourself/gotestsum?tab=readme-ov-file#junit-xml-output
| for _, testName := range enabledTests { | ||
| testName = strings.TrimSpace(testName) | ||
| if _, exists := f.tests[testName]; !exists { | ||
| warnings = append(warnings, fmt.Sprintf("Warning: Test '%s' is enabled but not registered", testName)) |
| "time" | ||
| ) | ||
|
|
||
| type TestResult struct { |
There was a problem hiding this comment.
Imagine we may have a test eg. for memory that may expect different values based on what runtime handler the container runs on, and imagine we wanted to only author a single pod YAML that would work for both kata and CC runtime handler? can we explain or think how this can be best implemented? or would it be better to author different pod manifests?
There was a problem hiding this comment.
@ms-mahuber Seems like we can have the test infra pass different params to the container based on the test infra environment?
There was a problem hiding this comment.
@ms-mahuber I was thinking of using a single config file which can be mounted as a volume for solving this problem instead of just passing the env variables or cmd line arguments.
We could have a single config.yaml with different environment configurations for the Host VM and the Guest VM -
environments:
host:
tests:
- name: "cpu"
expected_values:
expected_vcpu_count: 4
- name: "memory"
expected_values:
expected_memory_mb: 8192
uvm:
tests:
- name: "cpu"
expected_values:
expected_vcpu_count: 2
- name: "memory"
expected_values:
expected_memory_mb: 4096
Then based on the runtime handler, we can load the appropriate environment config. This would help us have a single pod manifest for both the scenarios and add/modify the test parameters in a cleaner way.
There was a problem hiding this comment.
I wouldn't tightly couple the test infra and code this way - this seems more appropriate #312 (comment)
There was a problem hiding this comment.
@sprt , @Ankita13-code - I would either trend towards the use of CLI as suggested above, or think of defining and adding a single config.yaml in the form of a container image layer. Assuming the container gets dynamically built in a test framework, and is thus "volatile", we can bake the configuration into a container image layer itself.
There was a problem hiding this comment.
Gotcha - if we plan to upstream this, my vote goes to CLI (otherwise it seems much harder to justify/generalize that config file)
There was a problem hiding this comment.
If the container would implement about 30 tests, would this still scale?
There was a problem hiding this comment.
I see two aspects to this:
- Passing the test parameters that correspond to a specific environment (e.g. footprint == X)
- Modifying the parameters based on the environment (e.g. for CoCo, footprint = X+1, for Kata == X).
(2) can be done with a file but I think that should be handled by the consumer of the container, otherwise we introduce coupling between the environments and the test container. For example, if this file is in the container image instead, downstreams will have conflicts.
Now (1) should be simpler to implement in the container. We could still use a file here but at a smaller scale it seems CLI args are more appropriate. Regardless, the consumer has to specify these args somehow.
| build: | ||
| go build -o $(BINARY_NAME) cmd/katatest/main.go | ||
|
|
||
| docker: |
| @@ -0,0 +1,14 @@ | |||
| .PHONY: build docker clean | |||
There was a problem hiding this comment.
Better to put a separate .PHONY next to each target (otherwise easy to miss this)
| yourregistry.azurecr.io/kata-test-container:v1 host-test | ||
| ``` | ||
|
|
||
| #### UVM |
There was a problem hiding this comment.
UVM is MSFT lingo
| #### UVM | |
| #### Guest VM |
| env: | ||
| - name: ENABLED_TESTS | ||
| value: "cpu,memory" | ||
| - name: TEST_CPU_EXPECTED_VCPU_COUNT | ||
| value: "2" | ||
| - name: TEST_MEMORY_EXPECTED_MEMORY_MB | ||
| value: "4096" |
There was a problem hiding this comment.
Are these parameters to the container because we expect the test infra to specify different parameters depending on the environment?
Regardless, I strongly suggest passing actual CLI parameters rather than environment variables. This will:
- Force us to pass parameters around explicitly in the Go code and make it more readable
- Make it much cleaner and easier to parse the parameters based on type and such - Go has builtin facilities for this
This should look something like:
| env: | |
| - name: ENABLED_TESTS | |
| value: "cpu,memory" | |
| - name: TEST_CPU_EXPECTED_VCPU_COUNT | |
| value: "2" | |
| - name: TEST_MEMORY_EXPECTED_MEMORY_MB | |
| value: "4096" | |
| args: [ | |
| "--test", "cpu", | |
| "--test", "memory", | |
| "--test.cpu.expected_vcpus", "2", | |
| "--test.memory.expected_memory_mb", "4096", | |
| ] |
| 2. Tag the container image | ||
|
|
||
| ``` | ||
| docker tag kata-test-container yourregistry.azurecr.io/kata-test-container:v1 |
There was a problem hiding this comment.
Any reason not to do this in the Makefile?
| go build -o kata-containerized-test-tool cmd/katatest/main.go | ||
|
|
||
| # Build container | ||
| docker build -t kata-test-container . |
There was a problem hiding this comment.
I strongly suggest that the pipeline should build the test container every time it is run, rather than having a pre-built container that we upload manually. This way:
- We reduce the number of manual steps we have to do to maintain/publish the container
- It becomes much easier to add a new test and validate it
| iproute \ | ||
| && tdnf clean all | ||
|
|
||
| RUN mkdir -p /results |
There was a problem hiding this comment.
Removed from the Dockerfile
| "time" | ||
| ) | ||
|
|
||
| type TestResult struct { |
There was a problem hiding this comment.
@ms-mahuber Seems like we can have the test infra pass different params to the container based on the test infra environment?
| return f.saveResults(results) | ||
| } | ||
|
|
||
| func (f *Framework) saveResults(results []TestResult) error { |
| framework.RegisterTest(cpu.New()) | ||
| framework.RegisterTest(memory.New()) |
There was a problem hiding this comment.
I would extract this list of tests to its own file, this way it's trivial to modify.
| outputDir string | ||
| } | ||
|
|
||
| // Create a new testing framework |
There was a problem hiding this comment.
In Go all doc comments are supposed to start with the name you're documenting, e.g. // NewFramework creates a new testing framework.
| FROM mcr.microsoft.com/azurelinux/base/core:3.0 | ||
|
|
||
| WORKDIR /app | ||
| COPY kata-containerized-test-tool . |
There was a problem hiding this comment.
nit: This should be a variable passed to the Dockerfile
| rm -f $(BINARY_NAME) | ||
|
|
||
| .PHONY: all | ||
| all: clean build docker |
There was a problem hiding this comment.
We shouldn't automatically clean, in case we can just reuse the binary and save time - go will check that for us.
| all: clean build docker | |
| all: build docker |
| "time" | ||
| ) | ||
|
|
||
| type TestResult struct { |
There was a problem hiding this comment.
I wouldn't tightly couple the test infra and code this way - this seems more appropriate #312 (comment)
Specify --release when BUILD_TYPE was not specified, or when BUILD_TYPE=release. The default "cargo build" behavior is to build in debug mode. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
- post-process to remove box_pointers annotation for generated files - while this unblocks the build, should look for better solution: - request/teach codegen to not add certain linter annotation - update ttrpc-codegen or other dependencies Signed-off-by: Manuel Huber <mahuber@microsoft.com>
- counterpart to upstream a131eec - unblocks build with rust v1.84 Signed-off-by: Manuel Huber <mahuber@microsoft.com>
- rust linter detects a potential future name collision - see rustc lint static 'UNSTABLE_NAME_COLLISIONS' - we can revisit this at a later point Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Use protobuf = "=3.7.1" for both agent and genpolicy, to fix version mismatches with the protobuf crate. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
Fix rebase merge in genpolicy-settings.json. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
Enable allow_storages after rule.rego rebase merge. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
$ git rev-parse cc-msft-prototypes 328e440 $ git checkout cc-msft-prototypes src/utarfs $ git checkout cc-msft-prototypes src/tarfs $ git checkout cc-msft-prototypes src/overlay $ git checkout cc-msft-prototypes src/tardev-snapshotter $ git checkout cc-msft-prototypes Makefile
Add option to use an IGVM image in the UVM Signed-off-by: Dallas Delaney <dadelan@microsoft.com>
Add configuration file configuration-clh-snp.toml with SNP related settings enabled Signed-off-by: Dallas Delaney <dadelan@microsoft.com>
* Remove unused param from CLH SNP config * Remove extra package definition from cbl-mariner rootfs config
* Enable SNP=on with CH conf-guest enabled and add dummy host_data value * Add IGVM, HostData, Snp to config markdown doc * sanitize clh-snp.toml.in and clh.toml.in * Further changes required for SEV SNP enablement * Remove unnecessary debug output * Update outdated comment in config
Signed-off-by: Dallas Delaney <dadelan@microsoft.com>
* Set PCI segments in all cases * Clean-up
This makes it so that any container has access to /dev/sev-guest out of
the box with no privileges required.
Since /dev/sev-guest isn't available yet, I've validated this change
using /dev/cpu_dma_latency (original chmod 600) by:
1. Verifying that the device is present in the container.
2. Verifying that reading from the device from a container yields
the same result as from the VM context.
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
Add image build macro to change partition format for kernel's "dm-mod.create" command, and allow for igvm + image usecase in kata shim Signed-off-by: Dallas Delaney <dadelan@microsoft.com>
This is a workaround for kata-containers#7993. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
* rootfs: delete some of the mariner packages Delete some of the mariner packages from the Guest image, for faster TEE memory measurement. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
The shell is useful for debugging. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
Useful for debugging. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
Useful for debugging. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
Introduce rules for UpdateInterfaceRequest and genpolicy tests for them. Signed-off-by: Cameron Baird <cameronbaird@microsoft.com>
Add test cases for basic and legacy requests to create pause container Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Validate sandbox name using a regex. If the YAML specifies metadata.name, use a regex that exact matches. If the YAML specifies metadata.generateName, use a regex that matches the prefix of the generated name. Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Copy the sample yaml files from the msft-main branch after rebasing to upstream. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
Fix the scripts after rebase merge. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
Re-generate Cargo.lock for protocols, agent, and genpolicy. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
Update samples with the latest policy after rebasing to recent upstream code. Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This keeps the repo changes clean while running update script and removes the need to remove the test settings at the end of the script Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
…accept expected values for test cases Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
…variables for expected values Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
…accept ENABLED_TESTS environment variable Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
…EADME - Remove the extra step for creating /results in Dockerfile - Modify Makefile to add build dependency and .PHONY for each target - Update README.md Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Ankita13-code
force-pushed
the
ankitapareek/kata-containerized-test-tool-v1
branch
from
7403479 to
9efd82d
Compare
Ankita13-code
force-pushed
the
ankitapareek/kata-containerized-test-tool-v1
branch
from
2b73144 to
9efd82d
Compare
- Add support for saving the test results in Junit format - Fix documentation - Add .gitignore Signed-off-by: Ankita Pareek <ankitapareek@microsoft.com>
Ankita13-code
force-pushed
the
ankitapareek/kata-containerized-test-tool-v1
branch
from
5057d46 to
b6d4e79
Compare
Merge Checklist
upstream/missinglabel (orupstream/not-needed) has been set on the PR.Summary
Test Methodology