Skip to content

End-to-End Test Suite #20

Description

@lukidoescode

Motivation

E2E tests verify the complete operator lifecycle against a real lldap instance in a real Kubernetes cluster (k3d). They catch integration issues that unit tests cannot.

Definition of Done

  • The E2E test suite covers:
    1. User lifecycle: create LldapUser CRD -> verify user exists in lldap -> update CRD -> verify changes propagate -> delete CRD -> verify user removed.
    2. Group lifecycle: same as above for LldapGroup.
    3. Membership lifecycle: create user + group + membership -> verify membership in lldap -> delete membership -> verify removed.
    4. Attribute schema lifecycle: create LldapAttributeSchema -> create user with that attribute -> verify in lldap -> delete schema -> verify removed.
    5. Password management: create user with Manage policy -> verify login works -> change Secret -> verify new password works.
    6. Built-in groups: verify virtual CRDs are created on startup -> create membership to lldap_admin -> verify user is admin.
    7. Restart resilience: operator restarts -> verify no duplicate create/update calls to lldap (check lldap logs or state).
    8. Error handling: missing Secret -> verify condition reflects error -> create Secret -> verify reconciliation recovers.
    9. Ordering: create membership before user/group exist -> verify pending state -> create user/group -> verify membership resolves.
    10. Deletion ordering: delete user while memberships exist -> verify cleanup succeeds without orphaned state.
  • Tests run in CI via GitHub Actions (k3d cluster).
  • Tests are idempotent and can be re-run without manual cleanup.
  • Each test run uses a unique namespace (e.g., e2e-<random-suffix>) to enable concurrent CI runs (multiple PRs) without collision. The namespace is cleaned up after the test run.
  • Documentation: The Development Guide chapter documents how to run E2E tests locally (prerequisites, k3d setup, commands).

Technical Details

  • Test framework: Rust integration tests using kube client to apply/delete resources and reqwest to query lldap directly for verification.
  • Alternatively: shell-based tests using kubectl and curl for simplicity.
  • lldap test instance: deployed via the existing tests/e2e/fixtures/lldap- deployment.yaml.
  • Operator image: built locally, imported into k3d via k3d image import.
  • Each test case should use unique usernames/group names to avoid interference.
  • Timeout assertions: use kubectl wait --for=condition=Ready with a timeout.
  • Verification against lldap: use the GraphQL API directly (authenticate as admin, query for users/groups).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions