test: Try ping and save key on redis replication

tests/e2e-chainsaw/v1beta2/password/redis-replication/chainsaw-test.yaml

@@ -0,0 +1,110 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: redis-replication-password
+spec:
+  steps:
+  - try:
+    - apply:
+        file: replication.yaml
+    - apply:
+        file: secret.yaml
+    - assert:
+        file: ready-sts.yaml
+    - assert:
+        file: ready-svc.yaml
+    - assert:
+        file: ready-pvc.yaml
+    - assert:
+        file: secret.yaml
+
+  - name: Sleep for five minutes
+    try:
+     - sleep:
+         duration: 5m   
+
+  - name: Ping Replicated Cluster With Password
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-0 -- redis-cli -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-1 -- redis-cli -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-2 -- redis-cli -p 6379 -a Opstree@1234 ping
+         check:
+          ($stdout=='PONG'): true
+
+  - name: Try saving a key With Password
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-0 -- redis-cli -p 6379 -a Opstree@1234 set foo-0 bar-0
+         check:
+          ($stdout=='OK'): true
+    #  - script:
+    #      timeout: 10s
+    #      content: |
+    #       kubectl exec --namespace ${NAMESPACE} redis-replication-1 -- redis-cli -p 6379 -a Opstree@1234 set foo-1 bar-1
+    #      check:
+    #       ($stdout=='READONLY You can't write against a read only replica.'): true
+    #  - script:
+    #      timeout: 10s
+    #      content: |
+    #       kubectl exec --namespace ${NAMESPACE} redis-replication-2 -- redis-cli -p 6379 -a Opstree@1234 set foo-2 bar-2
+    #      check:
+    #       ($stdout=='READONLY You can't write against a read only replica.'): true
+
+  - name: Ping Replicated Cluster Without Password 
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-0 -- redis-cli -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-1 -- redis-cli -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-2 -- redis-cli -p 6379 ping
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+
+  - name: Try saving a key Without Password
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-0 -- redis-cli -p 6379 set foo-0 bar-0
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-1 -- redis-cli -p 6379 set foo-1 bar-1
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-2 -- redis-cli -p 6379 set foo-2 bar-2
+         check:
+          ($stdout=='NOAUTH Authentication required.'): true

tests/e2e-chainsaw/v1beta2/password/redis-replication/ready-pvc.yaml

@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-replication-redis-replication-0
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+status:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  phase: Bound
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-replication-redis-replication-1
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+status:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  phase: Bound
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-replication-redis-replication-2
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+status:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  phase: Bound

tests/e2e-chainsaw/v1beta2/password/redis-replication/ready-sts.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  annotations:
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-replication
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  name: redis-replication
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisReplication
+      name: redis-replication
+status:
+  readyReplicas: 3
+  replicas: 3

tests/e2e-chainsaw/v1beta2/password/redis-replication/ready-svc.yaml

@@ -0,0 +1,90 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-replication
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  name: redis-replication
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisReplication
+      name: redis-replication
+spec:
+  ports:
+    - name: redis-client
+      port: 6379
+      protocol: TCP
+      targetPort: 6379
+  selector:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-replication
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  name: redis-replication-additional
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisReplication
+      name: redis-replication
+spec:
+  ports:
+    - name: redis-client
+      port: 6379
+      protocol: TCP
+      targetPort: 6379
+  selector:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/port: "9121"
+    prometheus.io/scrape: "true"
+    redis.opstreelabs.in: "true"
+    redis.opstreelabs.instance: redis-replication
+  labels:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  name: redis-replication-headless
+  ownerReferences:
+    - apiVersion: redis.redis.opstreelabs.in/v1beta2
+      controller: true
+      kind: RedisReplication
+      name: redis-replication
+spec:
+  clusterIP: None
+  ports:
+    - name: redis-client
+      port: 6379
+      protocol: TCP
+      targetPort: 6379
+  selector:
+    app: redis-replication
+    redis_setup_type: replication
+    role: replication
+  type: ClusterIP

tests/e2e-chainsaw/v1beta2/password/redis-replication/replication.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisReplication
+metadata:
+  name: redis-replication
+spec:
+  clusterSize: 3
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  kubernetesConfig:
+    image: quay.io/opstree/redis:latest
+    imagePullPolicy: Always
+    resources:
+      requests:
+        cpu: 101m
+        memory: 128Mi
+      limits:
+        cpu: 101m
+        memory: 128Mi
+    redisSecret:
+      name: redis-secret
+      key: password
+  storage:
+    volumeClaimTemplate:
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: 1Gi

tests/e2e-chainsaw/v1beta2/password/redis-replication/secret.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: redis-secret
+data:
+  password: T3BzdHJlZUAxMjM0Cg==
+type: Opaque

tests/e2e-chainsaw/v1beta2/setup/redis-replication/chainsaw-test.yaml

@@ -16,3 +16,44 @@ spec:
     - assert:
         file: ready-pvc.yaml
 
+  - name: Ping Replicated Cluster
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-0 -- redis-cli -p 6379 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-1 -- redis-cli -p 6379 ping
+         check:
+          ($stdout=='PONG'): true
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-2 -- redis-cli -p 6379 ping
+         check:
+          ($stdout=='PONG'): true
+
+  - name: Try saving a key
+    try:
+     - script:
+         timeout: 10s
+         content: |
+          kubectl exec --namespace ${NAMESPACE} redis-replication-0 -- redis-cli -p 6379 set foo-0 bar-0
+         check:
+          ($stdout=='OK'): true
+    #  - script:
+    #      timeout: 10s
+    #      content: |
+    #       kubectl exec --namespace ${NAMESPACE} redis-replication-1 -- redis-cli -p 6379 set foo-1 bar-1
+    #      check:
+    #       ($stdout==`READONLY You can't write against a read only replica.`): true
+    #  - script:
+    #      timeout: 10s
+    #      content: |
+    #       kubectl exec --namespace ${NAMESPACE} redis-replication-2 -- redis-cli -p 6379 set foo-2 bar-2
+    #      check:
+    #       ($stdout==`READONLY You can't write against a read only replica.`): true