Add a smoke-test for non-root login user (#707)

* Add a smoke-test for non-root login user Signed-off-by: Kimmo Lehto <[email protected]> * Use users home for hook check Signed-off-by: Kimmo Lehto <[email protected]> --------- Signed-off-by: Kimmo Lehto <[email protected]>
k0sproject · May 10, 2024 · b9a9e2e · b9a9e2e
1 parent 973541d
commit b9a9e2e
Show file tree

Hide file tree

Showing 6 changed files with 121 additions and 2 deletions.
diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml
@@ -67,6 +67,35 @@ jobs:
           LINUX_IMAGE: ${{ matrix.image }}
         run: make smoke-basic
 
+  smoke-basic-rootless:
+    strategy:
+      matrix:
+        image:
+          - quay.io/k0sproject/bootloose-debian12
+          - quay.io/k0sproject/bootloose-ubuntu20.04
+    name: Basic 1+1 smoke (regular user login)
+    needs: build
+    runs-on: ubuntu-20.04
+
+    steps:
+
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          check-latest: true
+
+      - {"name":"Compiled binary cache","uses":"actions/download-artifact@v4","with":{"name":"k0sctl","path":"."}}
+      - {"name":"K0sctl cache","uses":"actions/cache@v3","with":{"path":"/var/cache/k0sctl/k0s\n~/.cache/k0sctl/k0s\n","key":"k0sctl-cache"}}
+      - {"name":"Kubectl cache","uses":"actions/cache@v3","with":{"path":"smoke-test/kubectl\n","key":"kubectl-${{ hashFiles('smoke-test/smoke.common.sh') }}","restore-keys":"kubectl-"}}
+      - {"name":"Make binaries executable","run":"chmod +x k0sctl || true\nchmod +x smoke-test/kubectl || true"}
+
+      - name: Run smoke tests
+        env:
+          LINUX_IMAGE: ${{ matrix.image }}
+        run: make smoke-basic-rootless
+
   smoke-basic-idlike:
     name: Basic 1+1 smoke (ID_LIKE fallback)
     needs: build

diff --git a/Makefile b/Makefile
@@ -51,7 +51,7 @@ build-all: $(addprefix bin/,$(bins)) bin/checksums.md
 clean:
 	rm -rf bin/ k0sctl
 
-smoketests := smoke-basic smoke-files smoke-upgrade smoke-reset smoke-os-override smoke-init smoke-backup-restore smoke-dynamic smoke-basic-openssh smoke-dryrun smoke-downloadurl
+smoketests := smoke-basic smoke-basic-rootless smoke-files smoke-upgrade smoke-reset smoke-os-override smoke-init smoke-backup-restore smoke-dynamic smoke-basic-openssh smoke-dryrun smoke-downloadurl
 .PHONY: $(smoketests)
 $(smoketests): k0sctl
 	$(MAKE) -C smoke-test $@

diff --git a/smoke-test/Makefile b/smoke-test/Makefile
@@ -22,6 +22,9 @@ id_rsa_k0s:
 smoke-basic: $(bootloose) id_rsa_k0s k0sctl
 	./smoke-basic.sh
 
+smoke-basic-rootless: $(bootloose) id_rsa_k0s k0sctl
+	./smoke-basic-rootless.sh
+
 smoke-basic-openssh: $(bootloose) id_rsa_k0s k0sctl
 	./smoke-basic-openssh.sh
 

diff --git a/smoke-test/k0sctl-rootless.yaml.tpl b/smoke-test/k0sctl-rootless.yaml.tpl
@@ -0,0 +1,32 @@
+apiVersion: k0sctl.k0sproject.io/v1beta1
+kind: cluster
+spec:
+  hosts:
+    - role: controller
+      uploadBinary: true
+      os: "$OS_OVERRIDE"
+      ssh:
+        address: "127.0.0.1"
+        port: 9022
+        keyPath: ./id_rsa_k0s
+        user: ${SSH_USER}
+      hooks:
+        apply:
+          before:
+            - "echo hello > apply.hook"
+          after:
+            - "grep -q hello apply.hook"
+    - role: worker
+      uploadBinary: true
+      os: "$OS_OVERRIDE"
+      ssh:
+        address: "127.0.0.1"
+        port: 9023
+        keyPath: ./id_rsa_k0s
+        user: ${SSH_USER}
+  k0s:
+    version: "${K0S_VERSION}"
+    config:
+      spec:
+        telemetry:
+          enabled: false
diff --git a/smoke-test/k0sctl.yaml b/smoke-test/k0sctl.yaml
@@ -27,4 +27,4 @@ spec:
     config:
       spec:
         telemetry:
-          enabled: false
+          enabled: false
diff --git a/smoke-test/smoke-basic-rootless.sh b/smoke-test/smoke-basic-rootless.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env sh
+
+export SSH_USER=${SSH_USER:-"k0sctl-user"}
+K0SCTL_CONFIG="k0sctl-rootless.yaml"
+
+envsubst < "k0sctl-rootless.yaml.tpl" > "${K0SCTL_CONFIG}"
+
+set -e
+
+
+. ./smoke.common.sh
+trap cleanup EXIT
+
+deleteCluster
+createCluster
+
+for host in manager0 worker0; do
+  echo "* Creating ${SSH_USER} on ${host}"
+  bootloose ssh "root@${host}" -- groupadd --system k0sctl-admin
+  bootloose ssh "root@${host}" -- useradd -m -G k0sctl-admin -p '*' "${SSH_USER}"
+  bootloose ssh "root@${host}" -- echo "'%k0sctl-admin ALL=(ALL)NOPASSWD:ALL'" '>/etc/sudoers.d/k0sctl-admin'
+  bootloose ssh "root@${host}" -- chmod 0440 /etc/sudoers.d/k0sctl-admin
+  bootloose ssh "root@${host}" -- mkdir -p "/home/${SSH_USER}/.ssh"
+  bootloose ssh "root@${host}" -- cp '/root/.ssh/*' "/home/${SSH_USER}/.ssh/"
+  bootloose ssh "root@${host}" -- chown -R "${SSH_USER}:${SSH_USER}" "/home/${SSH_USER}/.ssh"
+done
+
+echo "* Starting apply"
+../k0sctl apply --config "${K0SCTL_CONFIG}" --kubeconfig-out applykubeconfig --debug
+echo "* Apply OK"
+
+echo "* Verify hooks were executed on the host"
+bootloose ssh root@manager0 -- grep -q hello "~${SSH_USER}/apply.hook"
+
+echo "* Verify 'k0sctl kubeconfig' output includes 'data' block"
+../k0sctl kubeconfig --config k0sctl.yaml | grep -v -- "-data"
+
+echo "* Run kubectl on controller"
+bootloose ssh root@manager0 -- k0s kubectl get nodes
+
+echo "* Downloading kubectl for local test"
+downloadKubectl
+
+echo "* Using the kubectl from apply"
+./kubectl --kubeconfig applykubeconfig get nodes
+
+echo "* Using k0sctl kubecofig locally"
+../k0sctl kubeconfig --config k0sctl.yaml > kubeconfig
+
+echo "* Output:"
+grep -v -- -data kubeconfig
+
+echo "* Running kubectl"
+./kubectl --kubeconfig kubeconfig get nodes
+echo "* Done"