Merge pull request #165 from jweite-amazon/e2e-toxiproxy

E2e toxiproxy

Author: jweite-amazon

.gitignore

@@ -40,6 +40,7 @@ test/e2e/data/infrastructure-cloudstack/v1beta*/*yaml
 
 # ACS Credentials file.
 cloud-config
+cloud-config.yaml
 
 # Editor and IDE paraphernalia
 .idea

Makefile

@@ -236,7 +236,7 @@ tilt-up: cluster-api kind-cluster cluster-api/tilt-settings.json manifests ## Se
 
 .PHONY: kind-cluster
 kind-cluster: cluster-api ## Create a kind cluster with a local Docker repository.
-	-./cluster-api/hack/kind-install-for-capd.sh
+	./cluster-api/hack/kind-install-for-capd.sh
 
 cluster-api: ## Clone cluster-api repository for tilt use.
 	git clone --branch v1.0.0 --depth 1 https://github.com/kubernetes-sigs/cluster-api.git
@@ -271,7 +271,7 @@ JOB ?= .*
 run-e2e: e2e-essentials ## Run e2e testing. JOB is an optional REGEXP to select certainn test cases to run. e.g. JOB=PR-Blocking, JOB=Conformance
 	$(KUBECTL) apply -f cloud-config.yaml && \
 	cd test/e2e && \
-	$(REPO_ROOT)/$(GINKGO_V1) -v -trace -tags=e2e -focus=$(JOB) -skip=Conformance -nodes=1 -noColor=false ./... -- \
+	$(REPO_ROOT)/$(GINKGO_V1) -v -trace -tags=e2e -focus=$(JOB) -skip=Conformance -skipPackage=helpers -nodes=1 -noColor=false ./... -- \
 	    -e2e.artifacts-folder=${REPO_ROOT}/_artifacts \
 	    -e2e.config=${REPO_ROOT}/test/e2e/config/cloudstack.yaml \
 	    -e2e.skip-resource-cleanup=false -e2e.use-existing-cluster=true

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackaffinitygroups.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: cloudstackaffinitygroups.infrastructure.cluster.x-k8s.io
 spec:

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackclusters.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: cloudstackclusters.infrastructure.cluster.x-k8s.io
 spec:

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackfailuredomains.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: cloudstackfailuredomains.infrastructure.cluster.x-k8s.io
 spec:

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackisolatednetworks.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: cloudstackisolatednetworks.infrastructure.cluster.x-k8s.io
 spec:

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackmachines.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: cloudstackmachines.infrastructure.cluster.x-k8s.io
 spec:

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackmachinestatecheckers.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: cloudstackmachinestatecheckers.infrastructure.cluster.x-k8s.io
 spec:

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackmachinetemplates.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: cloudstackmachinetemplates.infrastructure.cluster.x-k8s.io
 spec:

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackzones.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
   name: cloudstackzones.infrastructure.cluster.x-k8s.io
 spec:

config/rbac/role.yaml

@@ -1,4 +1,3 @@
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

config/webhook/manifests.yaml

@@ -1,4 +1,3 @@
-
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
@@ -46,7 +45,6 @@ webhooks:
     resources:
     - cloudstackmachines
   sideEffects: None
-
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration

controllers/utils/affinity_group.go

@@ -18,6 +18,8 @@ package utils
 
 import (
 	"fmt"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
 	"strings"
 
 	"github.com/pkg/errors"
@@ -91,6 +93,7 @@ func GenerateAffinityGroupName(csm infrav1.CloudStackMachine, capiMachine *clust
 	if managerOwnerRef == nil {
 		return "", errors.Errorf("could not find owner UID for %s/%s", csm.Namespace, csm.Name)
 	}
+	titleCaser := cases.Title(language.English)
 	return fmt.Sprintf("%sAffinity-%s-%s-%s",
-		strings.Title(csm.Spec.Affinity), managerOwnerRef.Name, managerOwnerRef.UID, csm.Spec.FailureDomainName), nil
+		titleCaser.String(csm.Spec.Affinity), managerOwnerRef.Name, managerOwnerRef.UID, csm.Spec.FailureDomainName), nil
 }

go.mod

@@ -3,7 +3,7 @@ module sigs.k8s.io/cluster-api-provider-cloudstack
 go 1.16
 
 require (
-	github.com/ReneKroon/ttlcache v1.7.0 // indirect
+	github.com/ReneKroon/ttlcache v1.7.0
 	github.com/apache/cloudstack-go/v2 v2.13.0
 	github.com/go-logr/logr v1.2.3
 	github.com/golang/mock v1.6.0
@@ -14,6 +14,7 @@ require (
 	github.com/prometheus/client_golang v1.11.0
 	github.com/smallfish/simpleyaml v0.1.0
 	github.com/spf13/pflag v1.0.5
+	golang.org/x/text v0.3.7
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	k8s.io/api v0.23.0
 	k8s.io/apimachinery v0.23.0

test/e2e/README.md

@@ -61,3 +61,15 @@ For example,
 JOB=PR-Blocking make run-e2e
 ```
 This command runs the e2e tests that contains `PR-Blocking` in their spec names. 
+
+### Debugging the e2e tests
+The E2E tests can be debugged by attaching a debugger to the e2e process after it is launched (*i.e., make run-e2e*).
+To facilitate this, the E2E tests can be run with environment variable PAUSE_FOR_DEBUGGER_ATTACH=true.
+(This is only strictly needed when you want the debugger to break early in the test process, i.e., in SynchronizedBeforeSuite.
+There's usually quite enough time to attach if you're not breaking until your actual test code runs.)
+
+When this environment variable is set to *true* a 15s pause is inserted at the beginning of the test process
+(i.e., in the SynchronizedBeforeSuite).  The workflow is:
+- Launch the e2e test: *PAUSE_FOR_DEBUGGER_ATTACH=true JOB=MyTest make run-e2e*
+- Wait for console message: *Pausing 15s so you have a chance to attach a debugger to this process...*
+- Quickly attach your debugger to the e2e process (i.e., e2e.test)

test/e2e/deploy_app_toxi.go

@@ -0,0 +1,162 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package e2e
+
+import (
+	"context"
+	"fmt"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/utils/pointer"
+	"os"
+	"path/filepath"
+	"runtime"
+	"sigs.k8s.io/cluster-api-provider-cloudstack-staging/test/e2e/helpers"
+	"sigs.k8s.io/cluster-api/test/framework/clusterctl"
+	"sigs.k8s.io/cluster-api/util"
+)
+
+// DeployAppToxiSpec implements a test that verifies that an app deployed to the workload cluster works.
+func DeployAppToxiSpec(ctx context.Context, inputGetter func() CommonSpecInput) {
+	var (
+		specName                         = "deploy-app-toxi"
+		input                            CommonSpecInput
+		namespace                        *corev1.Namespace
+		cancelWatches                    context.CancelFunc
+		clusterResources                 *clusterctl.ApplyClusterTemplateAndWaitResult
+		bootstrapClusterToxicName        string
+		cloudStackToxicName              string
+		bootstrapClusterToxiProxyContext *helpers.ToxiProxyContext
+		cloudStackToxiProxyContext       *helpers.ToxiProxyContext
+		appName                          = "httpd"
+		appManifestPath                  = "data/fixture/sample-application.yaml"
+		expectedHtmlPath                 = "data/fixture/expected-webpage.html"
+		appDeploymentReadyTimeout        = 180
+		appPort                          = 8080
+		appDefaultHtmlPath               = "/"
+		expectedHtml                     = ""
+		clusterName                      = fmt.Sprintf("%s-%s", specName, util.RandomString(6))
+	)
+
+	BeforeEach(func() {
+		// ToxiProxy running in a docker container requires docker host networking, only available in linux.
+		Expect(runtime.GOOS).To(Equal("linux"))
+
+		Expect(ctx).NotTo(BeNil(), "ctx is required for %s spec", specName)
+		input = inputGetter()
+		Expect(input.E2EConfig).ToNot(BeNil(), "Invalid argument. input.E2EConfig can't be nil when calling %s spec", specName)
+		Expect(input.ClusterctlConfigPath).To(BeAnExistingFile(), "Invalid argument. input.ClusterctlConfigPath must be an existing file when calling %s spec", specName)
+		Expect(input.BootstrapClusterProxy).ToNot(BeNil(), "Invalid argument. input.BootstrapClusterProxy can't be nil when calling %s spec", specName)
+		Expect(os.MkdirAll(input.ArtifactFolder, 0750)).To(Succeed(), "Invalid argument. input.ArtifactFolder can't be created for %s spec", specName)
+		Expect(input.E2EConfig.Variables).To(HaveKey(KubernetesVersion))
+
+		// Set up a toxiProxy for bootstrap server.
+		bootstrapClusterToxiProxyContext = helpers.SetupForToxiProxyTestingBootstrapCluster(input.BootstrapClusterProxy, clusterName)
+		const ToxicLatencyMs = 100
+		const ToxicJitterMs = 100
+		const ToxicToxicity = 1
+		bootstrapClusterToxicName = bootstrapClusterToxiProxyContext.AddLatencyToxic(ToxicLatencyMs, ToxicJitterMs, ToxicToxicity, false)
+
+		// Set up a toxiProxy for CloudStack
+		cloudStackToxiProxyContext = helpers.SetupForToxiProxyTestingACS(
+			ctx,
+			clusterName,
+			input.BootstrapClusterProxy,
+			input.E2EConfig,
+			input.ClusterctlConfigPath,
+		)
+		cloudStackToxicName = cloudStackToxiProxyContext.AddLatencyToxic(ToxicLatencyMs, ToxicJitterMs, ToxicToxicity, false)
+
+		// Set up a Namespace to host objects for this spec and create a watcher for the namespace events.
+		namespace, cancelWatches = setupSpecNamespace(ctx, specName, bootstrapClusterToxiProxyContext.ClusterProxy, input.ArtifactFolder)
+		clusterResources = new(clusterctl.ApplyClusterTemplateAndWaitResult)
+
+		fileContent, err := os.ReadFile(expectedHtmlPath)
+		Expect(err).To(BeNil(), "Failed to read "+expectedHtmlPath)
+		expectedHtml = string(fileContent)
+	})
+
+	It("Should be able to download an HTML from the app deployed to the workload cluster", func() {
+		By("Creating a workload cluster")
+
+		flavor := clusterctl.DefaultFlavor
+		if input.Flavor != nil {
+			flavor = *input.Flavor
+		}
+		namespace := namespace.Name
+
+		clusterctl.ApplyClusterTemplateAndWait(ctx, clusterctl.ApplyClusterTemplateAndWaitInput{
+			ClusterProxy:    bootstrapClusterToxiProxyContext.ClusterProxy,
+			CNIManifestPath: input.E2EConfig.GetVariable(CNIPath),
+			ConfigCluster: clusterctl.ConfigClusterInput{
+				LogFolder:                filepath.Join(input.ArtifactFolder, "clusters", bootstrapClusterToxiProxyContext.ClusterProxy.GetName()),
+				ClusterctlConfigPath:     cloudStackToxiProxyContext.ConfigPath,
+				KubeconfigPath:           bootstrapClusterToxiProxyContext.ClusterProxy.GetKubeconfigPath(),
+				InfrastructureProvider:   clusterctl.DefaultInfrastructureProvider,
+				Flavor:                   flavor,
+				Namespace:                namespace,
+				ClusterName:              clusterName,
+				KubernetesVersion:        input.E2EConfig.GetVariable(KubernetesVersion),
+				ControlPlaneMachineCount: pointer.Int64Ptr(1),
+				WorkerMachineCount:       pointer.Int64Ptr(2),
+			},
+			WaitForClusterIntervals:      input.E2EConfig.GetIntervals(specName, "wait-cluster"),
+			WaitForControlPlaneIntervals: input.E2EConfig.GetIntervals(specName, "wait-control-plane"),
+			WaitForMachineDeployments:    input.E2EConfig.GetIntervals(specName, "wait-worker-nodes"),
+		}, clusterResources)
+
+		workloadClusterProxy := bootstrapClusterToxiProxyContext.ClusterProxy.GetWorkloadCluster(ctx, namespace, clusterName)
+		workloadKubeconfigPath := workloadClusterProxy.GetKubeconfigPath()
+
+		appManifestAbsolutePath, _ := filepath.Abs(appManifestPath)
+		Byf("Deploying a simple web server application to the workload cluster from %s", appManifestAbsolutePath)
+		Expect(DeployAppToWorkloadClusterAndWaitForDeploymentReady(ctx, workloadKubeconfigPath, appName, appManifestAbsolutePath, appDeploymentReadyTimeout)).To(Succeed())
+
+		By("Downloading the default html of the web server")
+		actualHtml, err := DownloadFromAppInWorkloadCluster(ctx, workloadKubeconfigPath, appName, appPort, appDefaultHtmlPath)
+		Expect(err).To(BeNil(), "Failed to download")
+
+		Expect(actualHtml).To(Equal(expectedHtml))
+
+		By("Confirming that the custom reconciliation error metric is scrape-able")
+		// TODO: Rebuild an E2E test designed purely to test this. Adding this requirement here is too flaky.
+		// Newer CloudStack instances return a different error code when the ZoneID is missing, and this test
+		// keeps us from fixing the additional error message that was present when reconciling the Isolated Network
+		// a bit too soon.
+		// BIG NOTE: The first reconciliation attempt of isolated_network!AssociatePublicIPAddress() returns
+		//  a CloudStack error 9999. This test expects that to happen.
+		//  No acs_reconciliation_errors appear in the scrape until logged.
+		//  If that error ever gets fixed, this test will break.
+		// metricsScrape, err := DownloadMetricsFromCAPCManager(ctx, input.BootstrapClusterProxy.GetKubeconfigPath())
+		// Expect(err).To(BeNil())
+		// Expect(metricsScrape).To(MatchRegexp("acs_reconciliation_errors\\{acs_error_code=\"9999\"\\} [0-9]+"))
+		By("PASSED!")
+	})
+
+	AfterEach(func() {
+		// Dumps all the resources in the spec namespace, then cleanups the cluster object and the spec namespace itself.
+		dumpSpecResourcesAndCleanup(ctx, specName, bootstrapClusterToxiProxyContext.ClusterProxy, input.ArtifactFolder, namespace, cancelWatches, clusterResources.Cluster, input.E2EConfig.GetIntervals, input.SkipCleanup)
+
+		// Tear down the ToxiProxies
+		cloudStackToxiProxyContext.RemoveToxic(cloudStackToxicName)
+		helpers.TearDownToxiProxyACS(ctx, input.BootstrapClusterProxy, cloudStackToxiProxyContext)
+
+		bootstrapClusterToxiProxyContext.RemoveToxic(bootstrapClusterToxicName)
+		helpers.TearDownToxiProxyBootstrap(bootstrapClusterToxiProxyContext)
+	})
+}

test/e2e/deploy_app_toxi_test.go

@@ -0,0 +1,39 @@
+//go:build e2e
+// +build e2e
+
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package e2e
+
+import (
+	"context"
+	. "github.com/onsi/ginkgo"
+)
+
+var _ = Describe("When testing app deployment to the workload cluster with slow network [ToxiProxy]", func() {
+
+	DeployAppToxiSpec(context.TODO(), func() CommonSpecInput {
+		return CommonSpecInput{
+			E2EConfig:             e2eConfig,
+			ClusterctlConfigPath:  clusterctlConfigPath,
+			BootstrapClusterProxy: bootstrapClusterProxy,
+			ArtifactFolder:        artifactFolder,
+			SkipCleanup:           skipCleanup,
+		}
+	})
+
+})

test/e2e/e2e_suite_test.go

@@ -24,8 +24,11 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	go_runtime "runtime"
+	"sigs.k8s.io/cluster-api-provider-cloudstack-staging/test/e2e/helpers"
 	"strings"
 	"testing"
+	"time"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -102,6 +105,11 @@ func TestE2E(t *testing.T) {
 var _ = SynchronizedBeforeSuite(func() []byte {
 	// Before all ParallelNodes.
 
+	if os.Getenv("PAUSE_FOR_DEBUGGER_ATTACH") == "true" {
+		By("Pausing 15s so you have a chance to attach a debugger to this process...")
+		time.Sleep(15 * time.Second)
+	}
+
 	Expect(configPath).To(BeAnExistingFile(), "Invalid test suite argument. e2e.config should be an existing file.")
 	Expect(os.MkdirAll(artifactFolder, 0755)).To(Succeed(), "Invalid test suite argument. Can't create e2e.artifacts-folder %q", artifactFolder) //nolint:gosec
 
@@ -111,6 +119,12 @@ var _ = SynchronizedBeforeSuite(func() []byte {
 	Byf("Loading the e2e test configuration from %q", configPath)
 	e2eConfig = loadE2EConfig(configPath)
 
+	// Toxiproxy running in a docker container requires docker host networking, only available in linux.
+	if go_runtime.GOOS == "linux" {
+		By("Launching Toxiproxy Server")
+		Expect(helpers.ToxiProxyServerExec(ctx)).To(Succeed())
+	}
+
 	if clusterctlConfig == "" {
 		Byf("Creating a clusterctl local repository into %q", artifactFolder)
 		clusterctlConfigPath = createClusterctlLocalRepository(e2eConfig, filepath.Join(artifactFolder, "repository"))
@@ -163,6 +177,11 @@ var _ = SynchronizedAfterSuite(func() {
 	if !skipCleanup {
 		tearDown(bootstrapClusterProvider, bootstrapClusterProxy)
 	}
+
+	if go_runtime.GOOS == "linux" {
+		By("Killing Toxiproxy Server")
+		Expect(helpers.ToxiProxyServerKill(ctx)).To(Succeed())
+	}
 })
 
 func initScheme() *runtime.Scheme {

test/e2e/go.mod

@@ -3,11 +3,12 @@ module sigs.k8s.io/cluster-api-provider-cloudstack-staging/test/e2e
 go 1.16
 
 require (
+	github.com/Shopify/toxiproxy/v2 v2.5.0
 	github.com/apache/cloudstack-go/v2 v2.12.0
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.17.0
-	gopkg.in/ini.v1 v1.63.2
+	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.23.0
 	k8s.io/apimachinery v0.23.0
 	k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b

test/e2e/go.sum

@@ -0,0 +1,3 @@
+For simplicity of diffing in the test, the kubeconfig file in this directory has been formatted to match the
+whitespacing done by golang's default map[string]interface{} marshaller (which is not they way many actual
+kubeconfigs are typically whitespaced).

test/e2e/helpers/data/README

@@ -0,0 +1,67 @@
+apiVersion: v1
+clusters:
+    - cluster:
+        certificate-authority-data: LS0tLS1==
+        server: https://008DEB5B0A4AB3DF7594BEDB9C185602.gr7.us-east-2.eks.amazonaws.com
+      name: guestbook.us-east-2.eksctl.io
+    - cluster:
+        certificate-authority-data: LS0tLS1==
+        server: https://568592C67CC6996CCE8E826617A05E34.gr7.us-east-2.eks.amazonaws.com
+      name: user-5368.us-east-2.eksctl.io
+    - cluster:
+        certificate-authority-data: LS0tLS1==
+        server: https://127.0.0.1:64927
+      name: kind-capi-test
+contexts:
+    - context:
+        cluster: guestbook.us-east-2.eksctl.io
+        user: user-Isengard@guestbook.us-east-2.eksctl.io
+      name: user-Isengard@guestbook.us-east-2.eksctl.io
+    - context:
+        cluster: user-5368.us-east-2.eksctl.io
+        user: user-Isengard@user-5368.us-east-2.eksctl.io
+      name: user-Isengard@user-5368.us-east-2.eksctl.io
+    - context:
+        cluster: kind-capi-test
+        user: kind-capi-test
+      name: kind-capi-test
+current-context: kind-capi-test
+kind: Config
+preferences: {}
+users:
+    - name: user-Isengard@guestbook.us-east-2.eksctl.io
+      user:
+        exec:
+            apiVersion: client.authentication.k8s.io/v1alpha1
+            args:
+                - token
+                - -i
+                - guestbook
+            command: aws-iam-authenticator
+            env:
+                - name: AWS_STS_REGIONAL_ENDPOINTS
+                  value: regional
+                - name: AWS_DEFAULT_REGION
+                  value: us-east-2
+            interactiveMode: IfAvailable
+            provideClusterInfo: false
+    - name: user-Isengard@user-5368.us-east-2.eksctl.io
+      user:
+        exec:
+            apiVersion: client.authentication.k8s.io/v1alpha1
+            args:
+                - token
+                - -i
+                - user-5368
+            command: aws-iam-authenticator
+            env:
+                - name: AWS_STS_REGIONAL_ENDPOINTS
+                  value: regional
+                - name: AWS_DEFAULT_REGION
+                  value: us-east-2
+            interactiveMode: IfAvailable
+            provideClusterInfo: false
+    - name: kind-capi-test
+      user:
+        client-certificate-data: LS0tL==
+        client-key-data: LS0tLS==

test/e2e/helpers/data/kubeconfig

@@ -0,0 +1,200 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package helpers
+
+import (
+	"errors"
+	"gopkg.in/yaml.v3"
+	"io/ioutil"
+)
+
+type Kubeconfig struct {
+	content map[string]interface{}
+}
+
+func NewKubeconfig() *Kubeconfig {
+	return &Kubeconfig{}
+}
+
+func (k *Kubeconfig) Load(path string) error {
+	rawContent, err := ioutil.ReadFile(path)
+	if err != nil {
+		return err
+	}
+
+	var content interface{}
+	if err := yaml.Unmarshal(rawContent, &content); err != nil {
+		return err
+	}
+
+	mapContent, ok := content.(map[string]interface{})
+	if ok == false {
+		return errors.New("kubeconfig unmarshalling didn't provide expected type map[string]interface{}")
+	}
+
+	k.content = mapContent
+	return nil
+}
+
+func (k *Kubeconfig) Save(path string) error {
+	rawContent, err := yaml.Marshal(k.content)
+	if err != nil {
+		return err
+	}
+
+	err = ioutil.WriteFile(path, rawContent, 0644)
+	if err != nil {
+		return err
+	}
+
+	return err
+}
+
+func (k *Kubeconfig) GetCurrentContextName() (string, error) {
+	value, present := k.content["current-context"]
+	if present == false {
+		return "", errors.New("current context not present")
+	}
+
+	castValue, ok := value.(string)
+	if ok == false {
+		return "", errors.New("current content not unmarshalled as a string")
+	}
+
+	return castValue, nil
+}
+
+func (k *Kubeconfig) GetCurrentContext() (map[string]interface{}, error) {
+	currentContextName, err := k.GetCurrentContextName()
+	if err != nil {
+		return nil, err
+	}
+
+	contexts := k.content["contexts"].([]interface{})
+	var currentContextArrayEntry map[string]interface{} = nil
+	for _, ctx := range contexts {
+		castCtxArrayEntry, ok := ctx.(map[string]interface{})
+		if ok != true {
+			return nil, errors.New("unmarshalled kubeconfig context array entry not of expected type map[string]interface{}")
+		}
+		if castCtxArrayEntry["name"] == currentContextName {
+			currentContextArrayEntry = ctx.(map[string]interface{})
+			break
+		}
+	}
+	if currentContextArrayEntry == nil {
+		return nil, errors.New("no context matching current context name exists in kubeconfig contexts")
+	}
+
+	currentContext, present := currentContextArrayEntry["context"]
+	if present == false {
+		return nil, errors.New("context object not found in matched context array object")
+	}
+
+	castCurrentContext, ok := currentContext.(map[string]interface{})
+	if ok != true {
+		return nil, errors.New("unmarshalled kubeconfig context not of expected type map[string]interface{}")
+	}
+
+	return castCurrentContext, nil
+}
+
+func (k *Kubeconfig) GetCurrentClusterName() (string, error) {
+	currentContext, err := k.GetCurrentContext()
+	if err != nil {
+		return "", err
+	}
+
+	clusterName, present := currentContext["cluster"]
+	if present == false {
+		return "", errors.New("cluster name not found in current context")
+	}
+
+	castClusterName, ok := clusterName.(string)
+	if ok == false {
+		return "", errors.New("context's cluster name not unmarshalled a string")
+	}
+
+	return castClusterName, nil
+}
+
+func (k *Kubeconfig) GetCurrentCluster() (map[string]interface{}, error) {
+	currentClusterName, err := k.GetCurrentClusterName()
+	if err != nil {
+		return nil, err
+	}
+
+	clusters := k.content["clusters"].([]interface{})
+	var currentClusterArrayEntry map[string]interface{} = nil
+	for _, clu := range clusters {
+		castClusterArrayEntry, ok := clu.(map[string]interface{})
+		if ok != true {
+			return nil, errors.New("unmarshalled kubeconfig cluster array entry not of expected type map[string]interface{}")
+		}
+		if castClusterArrayEntry["name"] == currentClusterName {
+			currentClusterArrayEntry = clu.(map[string]interface{})
+			break
+		}
+	}
+	if currentClusterArrayEntry == nil {
+		return nil, errors.New("no cluster matching cluster name specified in current context exists in kubeconfig contexts")
+	}
+
+	currentCluster, present := currentClusterArrayEntry["cluster"]
+	if present == false {
+		return nil, errors.New("cluster object not found in matched cluster array entry")
+	}
+
+	castCurrentCluster, ok := currentCluster.(map[string]interface{})
+	if ok != true {
+		return nil, errors.New("unmarshalled kubeconfig cluster not of expected type map[string]interface{}")
+	}
+
+	return castCurrentCluster, nil
+}
+
+func (k *Kubeconfig) GetCurrentServer() (string, error) {
+
+	currentCluster, err := k.GetCurrentCluster()
+	if err != nil {
+		return "", err
+	}
+
+	server, present := currentCluster["server"]
+	if present == false {
+		return "", errors.New("server attribute not present in current cluster")
+	}
+
+	castServer, ok := server.(string)
+	if ok == false {
+		return "", errors.New("unmarshalled server not of expected type string")
+	}
+
+	return castServer, nil
+}
+
+func (k *Kubeconfig) SetCurrentServer(newServer string) error {
+	currentCluster, err := k.GetCurrentCluster()
+	if err != nil {
+		return err
+	}
+
+	var newServerUntyped interface{} = newServer
+	currentCluster["server"] = newServerUntyped
+
+	return nil
+}

test/e2e/helpers/kubeconfig.go

@@ -0,0 +1,72 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package helpers_test
+
+import (
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"io/ioutil"
+	"sigs.k8s.io/cluster-api-provider-cloudstack-staging/test/e2e/helpers"
+)
+
+var _ = Describe("Test kubeconfig helper methods", func() {
+	It("should work", func() {
+		kubeconfig := helpers.NewKubeconfig()
+
+		var kubeconfigPath string = "./data/kubeconfig"
+		var unmodifiedKubeconfigPath string = "/tmp/unmodifiedKubeconfig"
+		Ω(kubeconfig.Load(kubeconfigPath)).Should(Succeed())
+		Ω(kubeconfig.Save(unmodifiedKubeconfigPath)).Should(Succeed())
+
+		originalKubeconfig, err := ioutil.ReadFile(kubeconfigPath)
+		Ω(err).ShouldNot(HaveOccurred())
+		rewrittenKubeconfig, err := ioutil.ReadFile(unmodifiedKubeconfigPath)
+		Ω(err).ShouldNot(HaveOccurred())
+		Ω(rewrittenKubeconfig).Should(Equal(originalKubeconfig))
+
+		currentContextName, err := kubeconfig.GetCurrentContextName()
+		Ω(err).ShouldNot(HaveOccurred())
+		Ω(currentContextName).Should(Equal("kind-capi-test"))
+
+		_, err = kubeconfig.GetCurrentContext()
+		Ω(err).ShouldNot(HaveOccurred())
+
+		currentClusterName, err := kubeconfig.GetCurrentClusterName()
+		Ω(err).ShouldNot(HaveOccurred())
+		Ω(currentClusterName).Should(Equal("kind-capi-test"))
+
+		currentCluster, err := kubeconfig.GetCurrentCluster()
+		Ω(err).ShouldNot(HaveOccurred())
+		Ω(currentCluster).ShouldNot(BeEmpty())
+
+		currentServer, err := kubeconfig.GetCurrentServer()
+		Ω(err).ShouldNot(HaveOccurred())
+		Ω(currentServer).Should(Equal("https://127.0.0.1:64927"))
+
+		var newServerUrl string = "\"https://myTestServer:12345\""
+		kubeconfig.SetCurrentServer(newServerUrl)
+
+		var modifiedKubeconfigPath string = "/tmp/modifiedKubeconfig.yaml"
+		Ω(kubeconfig.Save(modifiedKubeconfigPath)).Should(Succeed())
+		Ω(modifiedKubeconfigPath).Should(BeAnExistingFile())
+
+		modifiedKubeconfigContent, err := ioutil.ReadFile(modifiedKubeconfigPath)
+		Ω(err).ShouldNot(HaveOccurred())
+		Ω(string(modifiedKubeconfigContent)).Should(ContainSubstring(newServerUrl))
+
+	})
+})

test/e2e/helpers/kubeconfig_test.go

@@ -0,0 +1,13 @@
+package helpers_test
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+func TestHelpers(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Helpers Suite")
+}

test/e2e/helpers/suite_test.go

@@ -0,0 +1,254 @@
+package helpers
+
+import (
+	"context"
+	"fmt"
+	toxiproxyapi "github.com/Shopify/toxiproxy/v2/client"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	"net"
+	"os"
+	"path"
+	"regexp"
+	"sigs.k8s.io/cluster-api/test/framework"
+	"sigs.k8s.io/cluster-api/test/framework/clusterctl"
+	"sigs.k8s.io/cluster-api/test/framework/exec"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"strconv"
+	"strings"
+)
+
+func ToxiProxyServerExec(ctx context.Context) error {
+	execArgs := []string{"run", "-d", "--name=capc-e2e-toxiproxy", "--net=host", "--rm", "ghcr.io/shopify/toxiproxy"}
+	runCmd := exec.NewCommand(
+		exec.WithCommand("docker"),
+		exec.WithArgs(execArgs...),
+	)
+	_, stderr, err := runCmd.Run(ctx)
+	if err != nil {
+		fmt.Println(string(stderr))
+	}
+	return err
+}
+
+func ToxiProxyServerKill(ctx context.Context) error {
+	execArgs := []string{"stop", "capc-e2e-toxiproxy"}
+	runCmd := exec.NewCommand(
+		exec.WithCommand("docker"),
+		exec.WithArgs(execArgs...),
+	)
+	_, _, err := runCmd.Run(ctx)
+	return err
+}
+
+type ToxiProxyContext struct {
+	KubeconfigPath string
+	Secret         corev1.Secret
+	ClusterProxy   framework.ClusterProxy
+	ToxiProxy      *toxiproxyapi.Proxy
+	ConfigPath     string
+}
+
+func SetupForToxiProxyTestingBootstrapCluster(bootstrapClusterProxy framework.ClusterProxy, clusterName string) *ToxiProxyContext {
+	// Read/parse the actual kubeconfig for the cluster
+	kubeConfig := NewKubeconfig()
+	unproxiedKubeconfigPath := bootstrapClusterProxy.GetKubeconfigPath()
+	err := kubeConfig.Load(unproxiedKubeconfigPath)
+	Expect(err).To(BeNil())
+
+	// Get the cluster's server url from the kubeconfig
+	server, err := kubeConfig.GetCurrentServer()
+	Expect(err).To(BeNil())
+
+	// Decompose server url into protocol, address and port
+	protocol, address, port, _ := parseUrl(server)
+
+	// Format into the needed addresses/URL form
+	actualBootstrapClusterAddress := fmt.Sprintf("%v:%v", address, port)
+
+	// Create the toxiProxy for this test
+	toxiProxyClient := toxiproxyapi.NewClient("127.0.0.1:8474")
+	toxiProxyName := fmt.Sprintf("deploy_app_toxi_test_%v_bootstrap", clusterName)
+	proxy, err := toxiProxyClient.CreateProxy(toxiProxyName, "127.0.0.1:0", actualBootstrapClusterAddress)
+	Expect(err).To(BeNil())
+
+	// Get the actual listen address (having the toxiproxy-assigned port #).
+	toxiProxyServerUrl := fmt.Sprintf("%v://%v", protocol, proxy.Listen)
+
+	// Modify the kubeconfig to use the toxiproxy's server url
+	err = kubeConfig.SetCurrentServer(toxiProxyServerUrl)
+	Expect(err).To(BeNil())
+
+	// Write the modified kubeconfig using a new name.
+	extension := path.Ext(unproxiedKubeconfigPath)
+	baseWithoutExtension := strings.TrimSuffix(path.Base(unproxiedKubeconfigPath), extension)
+	toxiProxyKubeconfigFileName := fmt.Sprintf("toxiProxy_%v_%v%v", baseWithoutExtension, clusterName, extension)
+	toxiProxyKubeconfigPath := path.Join("/tmp", toxiProxyKubeconfigFileName)
+	err = kubeConfig.Save(toxiProxyKubeconfigPath)
+	Expect(err).To(BeNil())
+
+	// Create a new ClusterProxy using the new kubeconfig
+	toxiproxyBootstrapClusterProxy := framework.NewClusterProxy(
+		"toxiproxy-bootstrap",
+		toxiProxyKubeconfigPath,
+		bootstrapClusterProxy.GetScheme(),
+		framework.WithMachineLogCollector(framework.DockerLogCollector{}),
+	)
+
+	return &ToxiProxyContext{
+		KubeconfigPath: toxiProxyKubeconfigPath,
+		ClusterProxy:   toxiproxyBootstrapClusterProxy,
+		ToxiProxy:      proxy,
+	}
+}
+
+func TearDownToxiProxyBootstrap(toxiProxyContext *ToxiProxyContext) {
+	// Tear down the proxy
+	err := toxiProxyContext.ToxiProxy.Delete()
+	Expect(err).To(BeNil())
+
+	// Delete the kubeconfig pointing to the proxy
+	err = os.Remove(toxiProxyContext.KubeconfigPath)
+	Expect(err).To(BeNil())
+}
+
+func (tp *ToxiProxyContext) RemoveToxic(toxicName string) {
+	err := tp.ToxiProxy.RemoveToxic(toxicName)
+	Expect(err).To(BeNil())
+}
+
+func (tp *ToxiProxyContext) AddLatencyToxic(latencyMs int, jitterMs int, toxicity float32, upstream bool) string {
+	stream := "downstream"
+	if upstream == true {
+		stream = "upstream"
+	}
+	toxicName := fmt.Sprintf("latency_%v", stream)
+
+	_, err := tp.ToxiProxy.AddToxic(toxicName, "latency", stream, toxicity, toxiproxyapi.Attributes{
+		"latency": latencyMs,
+		"jitter":  jitterMs,
+	})
+	Expect(err).To(BeNil())
+
+	return toxicName
+}
+
+func SetupForToxiProxyTestingACS(ctx context.Context, clusterName string, clusterProxy framework.ClusterProxy, e2eConfig *clusterctl.E2EConfig, configPath string) *ToxiProxyContext {
+	// Get the cloud-config secret that CAPC will use to access CloudStack
+	fdEndpointSecretObjectKey := client.ObjectKey{
+		Namespace: e2eConfig.GetVariable("CLOUDSTACK_FD1_SECRET_NAMESPACE"),
+		Name:      e2eConfig.GetVariable("CLOUDSTACK_FD1_SECRET_NAME"),
+	}
+	fdEndpointSecret := corev1.Secret{}
+	err := clusterProxy.GetClient().Get(ctx, fdEndpointSecretObjectKey, &fdEndpointSecret)
+	Expect(err).To(BeNil())
+
+	// Extract and parse the URL for CloudStack from the secret
+	cloudstackUrl := string(fdEndpointSecret.Data["api-url"])
+	protocol, address, port, path := parseUrl(cloudstackUrl)
+	upstreamAddress := fmt.Sprintf("%v:%v", address, port)
+
+	// Create the CloudStack toxiProxy for this test
+	toxiProxyClient := toxiproxyapi.NewClient("127.0.0.1:8474")
+	toxiProxyName := fmt.Sprintf("%v_cloudstack", clusterName)
+
+	// Formulate the proxy listen address.
+	// CAPC can't route to the actual host's localhost.  We have to use a real host IP address for the proxy listen address.
+	hostIP := getOutboundIP()
+	proxyAddress := fmt.Sprintf("%v:0", hostIP)
+	proxy, err := toxiProxyClient.CreateProxy(toxiProxyName, proxyAddress, upstreamAddress)
+	Expect(err).To(BeNil())
+
+	// Retrieve the actual listen address (having the toxiproxy-assigned port #).
+	toxiProxyUrl := fmt.Sprintf("%v://%v%v", protocol, proxy.Listen, path)
+
+	// Create a new cloud-config secret using the proxy listen address
+	toxiProxyFdEndpointSecret := corev1.Secret{}
+	toxiProxyFdEndpointSecret.Type = fdEndpointSecret.Type
+	toxiProxyFdEndpointSecret.Namespace = fdEndpointSecret.Namespace
+	toxiProxyFdEndpointSecret.Name = fdEndpointSecret.Name + "-toxiproxy"
+	toxiProxyFdEndpointSecret.Data = make(map[string][]byte)
+	toxiProxyFdEndpointSecret.Data["api-key"] = fdEndpointSecret.Data["api-key"]
+	toxiProxyFdEndpointSecret.Data["secret-key"] = fdEndpointSecret.Data["secret-key"]
+	toxiProxyFdEndpointSecret.Data["verify-ssl"] = fdEndpointSecret.Data["verify-ssl"]
+	toxiProxyFdEndpointSecret.Data["api-url"] = []byte(toxiProxyUrl)
+
+	err = clusterProxy.GetClient().Create(ctx, &toxiProxyFdEndpointSecret)
+	Expect(err).To(BeNil())
+
+	// Override the test config to use this alternate cloud-config secret
+	e2eConfig.Variables["CLOUDSTACK_FD1_SECRET_NAME"] = toxiProxyFdEndpointSecret.Name
+
+	// Overriding e2e config file into a new temp copy, so as not to inadvertently override the other e2e tests.
+	newConfigFilePath := fmt.Sprintf("/tmp/%v.yaml", toxiProxyName)
+	editConfigFile(newConfigFilePath, configPath, "CLOUDSTACK_FD1_SECRET_NAME", toxiProxyFdEndpointSecret.Name)
+
+	// Return a context
+	return &ToxiProxyContext{
+		Secret:     toxiProxyFdEndpointSecret,
+		ToxiProxy:  proxy,
+		ConfigPath: newConfigFilePath,
+	}
+}
+
+func TearDownToxiProxyACS(ctx context.Context, clusterProxy framework.ClusterProxy, toxiProxyContext *ToxiProxyContext) {
+	// Tear down the proxy
+	err := toxiProxyContext.ToxiProxy.Delete()
+	Expect(err).To(BeNil())
+
+	// Delete the secret
+	err = clusterProxy.GetClient().Delete(ctx, &toxiProxyContext.Secret)
+	Expect(err).To(BeNil())
+
+	// Delete the overridden e2e config
+	err = os.Remove(toxiProxyContext.ConfigPath)
+	Expect(err).To(BeNil())
+
+}
+
+func parseUrl(url string) (string, string, int, string) {
+	serverRegex := regexp.MustCompilePOSIX("(https?)://([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+):([0-9]+)?(.*)")
+
+	urlComponents := serverRegex.FindStringSubmatch(url)
+	Expect(len(urlComponents)).To(BeNumerically(">=", 4))
+	protocol := urlComponents[1]
+	address := urlComponents[2]
+	port, err := strconv.Atoi(urlComponents[3])
+	Expect(err).To(BeNil())
+	path := urlComponents[4]
+	return protocol, address, port, path
+}
+
+func getOutboundIP() net.IP {
+	conn, err := net.Dial("udp", "8.8.8.8:80") // 8.8.8.8:80 is arbitrary.  Any IP will do, reachable or not.
+	Expect(err).To(BeNil())
+
+	defer conn.Close()
+
+	localAddr := conn.LocalAddr().(*net.UDPAddr)
+
+	return localAddr.IP
+}
+
+func editConfigFile(destFilename string, sourceFilename string, key string, newValue string) {
+	// For config files with key: value on each line.
+
+	dat, err := os.ReadFile(sourceFilename)
+	Expect(err).To(BeNil())
+
+	lines := strings.Split(string(dat), "\n")
+
+	keyFound := false
+	for index, line := range lines {
+		if strings.HasPrefix(line, "CLOUDSTACK_FD1_SECRET_NAME:") {
+			keyFound = true
+			lines[index] = fmt.Sprintf("%v: %v", key, newValue)
+			break
+		}
+	}
+	Expect(keyFound).To(BeTrue())
+
+	dat = []byte(strings.Join(lines[:], "\n"))
+	err = os.WriteFile(destFilename, dat, 0600)
+	Expect(err).To(BeNil())
+}