openshift
diff --git a/‎Dockerfile.openshift‎
Lines changed: 6 additions & 0 deletions b/‎Dockerfile.openshift‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 9 additions & 0 deletions b/‎Makefile‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 36 additions & 0 deletions b/‎go.mod‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 6 additions & 1 deletion b/‎go.sum‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎test/Makefile‎
Lines changed: 44 additions & 0 deletions b/‎test/Makefile‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎test/bin/ingress-node-firewall-tests‎
34.7 MB b/‎test/bin/ingress-node-firewall-tests‎
34.7 MB
diff --git a/‎test/cmd/main.go‎
Lines changed: 33 additions & 0 deletions b/‎test/cmd/main.go‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎test/e2e/cli.go‎
Lines changed: 69 additions & 0 deletions b/‎test/e2e/cli.go‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎test/e2e/operator/operator.go‎
Lines changed: 74 additions & 0 deletions b/‎test/e2e/operator/operator.go‎
Lines changed: 74 additions & 0 deletions
@@ -14,13 +14,19 @@ COPY controllers/ controllers/
 COPY pkg/ pkg/
 COPY vendor/ vendor/
 COPY bindata/manifests/ bindata/manifests/
+COPY test/ test/
 
 # Build
 RUN CGO_ENABLED=0 GO111MODULE=on go build -a -mod=vendor -o manager main.go
 
+# Build extended tests
+RUN make -C test build-e2e-tests && \
+    gzip test/bin/ingress-node-firewall-tests
+
 FROM registry.ci.openshift.org/ocp/4.22:base-rhel9
 WORKDIR /
 COPY --from=builder /workspace/manager .
 COPY --from=builder /workspace/bindata/manifests /bindata/manifests
+COPY --from=builder /workspace/test/bin/ingress-node-firewall-tests.gz /usr/bin/
 
 ENTRYPOINT ["/manager"]
@@ -480,3 +480,12 @@ podman-build-daemon: ## Build the daemon image with podman. To change location,
 .PHONY: podman-push-daemon
 podman-push-daemon: ## Push the daemon image with docker. To change location, specify DAEMON_IMG=<image>.
 	podman push ${DAEMON_IMG}
+
+##@ Extended Tests (OTE)
+.PHONY: build-e2e-tests
+build-e2e-tests: ## Build the extended e2e test binary for OpenShift
+	$(MAKE) -C test build-e2e-tests
+
+.PHONY: clean-e2e-tests
+clean-e2e-tests: ## Clean the extended e2e test artifacts
+	$(MAKE) -C test clean
@@ -13,10 +13,12 @@ require (
 	github.com/google/gopacket v1.1.19
 	github.com/kennygrant/sanitize v1.2.4
 	github.com/onsi/ginkgo v1.16.5
+	github.com/onsi/ginkgo/v2 v2.23.3
 	github.com/onsi/gomega v1.37.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.22.0
 	github.com/prometheus/common v0.63.0
+	github.com/spf13/cobra v1.8.1
 	github.com/vishvananda/netlink v1.3.1-0.20250206174618-62fb240731fa
 	golang.org/x/sys v0.32.0
 	gopkg.in/mcuadros/go-syslog.v2 v2.3.0
@@ -47,16 +49,19 @@ require (
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
@@ -85,6 +90,7 @@ require (
 	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/tools v0.30.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
@@ -97,3 +103,33 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
+
+// Replace directives for OTE framework
+replace (
+	k8s.io/api => k8s.io/api v0.32.3
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.32.3
+	k8s.io/apimachinery => k8s.io/apimachinery v0.32.3
+	k8s.io/apiserver => k8s.io/apiserver v0.32.3
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.32.3
+	k8s.io/client-go => k8s.io/client-go v0.32.3
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.32.3
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.32.3
+	k8s.io/code-generator => k8s.io/code-generator v0.32.3
+	k8s.io/component-base => k8s.io/component-base v0.32.3
+	k8s.io/component-helpers => k8s.io/component-helpers v0.32.3
+	k8s.io/controller-manager => k8s.io/controller-manager v0.32.3
+	k8s.io/cri-api => k8s.io/cri-api v0.32.3
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.32.3
+	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.32.3
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.32.3
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.32.3
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.32.3
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.32.3
+	k8s.io/kubectl => k8s.io/kubectl v0.32.3
+	k8s.io/kubelet => k8s.io/kubelet v0.32.3
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.32.3
+	k8s.io/metrics => k8s.io/metrics v0.32.3
+	k8s.io/mount-utils => k8s.io/mount-utils v0.32.3
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.32.3
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.32.3
+)
@@ -16,6 +16,7 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cilium/ebpf v0.18.0 h1:OsSwqS4y+gQHxaKgg2U/+Fev834kdnsQbtzRnbVC6Gs=
 github.com/cilium/ebpf v0.18.0/go.mod h1:vmsAT73y4lW2b4peE+qcOqw6MxvWQdC+LiU5gd/xyo4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -45,7 +46,6 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6 h1:teYtXy9B7y5lHTp8V9KPxpYRAVA7dozigQcMiBust1s=
 github.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6/go.mod h1:p4lGIVX+8Wa6ZPNDvqcxq36XpUDLh42FLetFU7odllI=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
@@ -88,6 +88,8 @@ github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
 github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
@@ -157,6 +159,9 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 
@@ -0,0 +1,44 @@
+# test/Makefile - Build targets for ingress-node-firewall extended tests
+
+SHELL := /bin/bash
+
+# Binary name
+BINARY_NAME := ingress-node-firewall-tests
+
+# Build directory
+BUILD_DIR := bin
+BINARY_PATH := $(BUILD_DIR)/$(BINARY_NAME)
+
+# Go build flags
+GO := go
+GOFLAGS ?=
+LDFLAGS := -w -s
+
+# Version information
+VERSION ?= $(shell git describe --tags --always --dirty 2>/dev/null || echo "unknown")
+GIT_COMMIT ?= $(shell git rev-parse HEAD 2>/dev/null || echo "unknown")
+BUILD_DATE ?= $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+# LDFLAGS with version info
+LDFLAGS += -X github.com/openshift/ingress-node-firewall/test/version.Version=$(VERSION)
+LDFLAGS += -X github.com/openshift/ingress-node-firewall/test/version.GitCommit=$(GIT_COMMIT)
+LDFLAGS += -X github.com/openshift/ingress-node-firewall/test/version.BuildDate=$(BUILD_DATE)
+
+.PHONY: all
+all: build-e2e-tests
+
+.PHONY: build-e2e-tests
+build-e2e-tests: ## Build the extended e2e test binary
+	@echo "Building $(BINARY_NAME)..."
+	@mkdir -p $(BUILD_DIR)
+	$(GO) build $(GOFLAGS) -ldflags "$(LDFLAGS)" -o $(BINARY_PATH) ./cmd/main.go
+	@echo "Built $(BINARY_PATH)"
+
+.PHONY: clean
+clean: ## Clean build artifacts
+	@echo "Cleaning test build artifacts..."
+	@rm -rf $(BUILD_DIR)
+
+.PHONY: help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
@@ -0,0 +1,33 @@
+package main
+
+import (
+	"os"
+
+	"github.com/spf13/cobra"
+
+	_ "github.com/openshift/ingress-node-firewall/test/e2e/operator"
+	"github.com/openshift/ingress-node-firewall/test/extension"
+	testcmd "github.com/openshift/ingress-node-firewall/test/extension/cmd"
+)
+
+func main() {
+	// Create the extension registry
+	registry := extension.NewTestRegistry()
+
+	// Register ingress-node-firewall tests
+	registry.RegisterTests("ingress-node-firewall", "Ingress Node Firewall extended tests")
+
+	// Create root command
+	rootCmd := &cobra.Command{
+		Use:   "ingress-node-firewall-tests",
+		Short: "OpenShift extended tests for ingress-node-firewall",
+		Long:  "This binary contains extended e2e tests for ingress-node-firewall operator",
+	}
+
+	// Add OTE standard extension commands (info, list, run-test)
+	rootCmd.AddCommand(testcmd.DefaultExtensionCommands(registry)...)
+
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
@@ -0,0 +1,69 @@
+package e2e
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os/exec"
+	"strings"
+)
+
+// OCClient provides helper methods for executing oc commands
+type OCClient struct {
+	kubeconfig string
+}
+
+// NewOCClient creates a new OCClient
+func NewOCClient(kubeconfig string) *OCClient {
+	if kubeconfig == "" {
+		kubeconfig = GetKubeconfig()
+	}
+	return &OCClient{
+		kubeconfig: kubeconfig,
+	}
+}
+
+// Run executes an oc command and returns the output
+func (c *OCClient) Run(ctx context.Context, args ...string) (string, error) {
+	cmdArgs := append([]string{"--kubeconfig", c.kubeconfig}, args...)
+	cmd := exec.CommandContext(ctx, "oc", cmdArgs...)
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	err := cmd.Run()
+	if err != nil {
+		return "", fmt.Errorf("command failed: %v, stderr: %s", err, stderr.String())
+	}
+
+	return strings.TrimSpace(stdout.String()), nil
+}
+
+// Apply applies a resource from a file
+func (c *OCClient) Apply(ctx context.Context, file string) error {
+	_, err := c.Run(ctx, "apply", "-f", file)
+	return err
+}
+
+// Delete deletes a resource
+func (c *OCClient) Delete(ctx context.Context, resourceType, name, namespace string) error {
+	args := []string{"delete", resourceType, name}
+	if namespace != "" {
+		args = append(args, "-n", namespace)
+	}
+	_, err := c.Run(ctx, args...)
+	return err
+}
+
+// Get gets a resource
+func (c *OCClient) Get(ctx context.Context, resourceType, name, namespace string) (string, error) {
+	args := []string{"get", resourceType}
+	if name != "" {
+		args = append(args, name)
+	}
+	if namespace != "" {
+		args = append(args, "-n", namespace)
+	}
+	return c.Run(ctx, args...)
+}
@@ -0,0 +1,74 @@
+package operator
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	g "github.com/onsi/ginkgo/v2"
+	o "github.com/onsi/gomega"
+
+	e2e "github.com/openshift/ingress-node-firewall/test/e2e"
+)
+
+var _ = g.Describe("[sig-network] INFW", func() {
+	defer g.GinkgoRecover()
+
+	var (
+		oc          *e2e.OCClient
+		ctx         context.Context
+		cancel      context.CancelFunc
+		opNamespace = "openshift-ingress-node-firewall"
+	)
+
+	g.BeforeEach(func() {
+		ctx, cancel = context.WithTimeout(context.Background(), 10*time.Minute)
+		oc = e2e.NewOCClient("")
+	})
+
+	g.AfterEach(func() {
+		if cancel != nil {
+			cancel()
+		}
+	})
+
+	// OCP-61481 - Ingress Node Firewall Operator Installation
+	g.It("Author:anusaxen-High-61481-[LEVEL0][OTP]-StagerunBoth-Ingress Node Firewall Operator Installation [apigroup:ingressnodefirewall.openshift.io]", func() {
+		g.By("Checking Ingress Node Firewall operator installation")
+
+		// Check that the operator namespace exists
+		output, err := oc.Get(ctx, "namespace", opNamespace, "")
+		o.Expect(err).NotTo(o.HaveOccurred(), "Operator namespace should exist")
+		o.Expect(output).To(o.ContainSubstring(opNamespace), "Namespace output should contain the operator namespace")
+
+		g.By("Verifying CRDs are installed")
+		crdOutput, err := oc.Run(ctx, "get", "crd")
+		o.Expect(err).NotTo(o.HaveOccurred(), "Should be able to list CRDs")
+
+		expectedCRDs := []string{
+			"ingressnodefirewallconfigs.ingressnodefirewall.openshift.io",
+			"ingressnodefirewallnodestates.ingressnodefirewall.openshift.io",
+			"ingressnodefirewalls.ingressnodefirewall.openshift.io",
+		}
+
+		for _, crd := range expectedCRDs {
+			o.Expect(strings.Contains(crdOutput, crd)).To(o.BeTrue(),
+				"CRD %s should be installed", crd)
+		}
+
+		g.By("Verifying operator deployment is running")
+		// Check that the operator deployment exists and is ready
+		deploymentOutput, err := oc.Run(ctx, "get", "deployment", "-n", opNamespace, "-o=jsonpath={.items[*].metadata.name}")
+		o.Expect(err).NotTo(o.HaveOccurred(), "Should be able to list deployments in operator namespace")
+		o.Expect(deploymentOutput).NotTo(o.BeEmpty(), "There should be at least one deployment in the operator namespace")
+
+		// Wait for the operator deployment to be ready
+		deploymentName := "ingress-node-firewall-controller-manager"
+		_, err = oc.Run(ctx, "wait", "deployment/"+deploymentName, "-n", opNamespace, "--for=condition=Available", "--timeout=5m")
+		o.Expect(err).NotTo(o.HaveOccurred(), "Operator deployment should be available")
+
+		g.By("SUCCESS - Ingress Node Firewall operator and CRDs installed")
+		fmt.Println("Operator install and CRDs check successful!")
+	})
+})