Skip to content

feat: E2E Test suite using ginkgo #1081

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TheiLLeniumStudios wants to merge 15 commits into
base: master
Choose a base branch
from
Open

feat: E2E Test suite using ginkgo #1081

TheiLLeniumStudios wants to merge 15 commits into from
+16,897 −8,007

Conversation

@TheiLLeniumStudios
Copy link
Contributor

@TheiLLeniumStudios TheiLLeniumStudios commented Jan 10, 2026
edited
Loading

This PR introduces a complete overhaul of the e2e testing infrastructure, replacing the previous test approach with a modern, maintainable, and faster test suite built on Ginkgo v2

Key Changes

Test Framework Migration

  • Migrated from custom test setup to Ginkgo v2 with Gomega matchers
  • Organized tests into logical suites: core, annotations, flags, advanced, csi, argo
  • ~90 test specs with ~180 table-driven entries covering all workload types and scenarios

Runtime Image Building

  • Tests build the Reloader image at runtime from the current codebase (make e2e)
  • Image automatically loaded into Kind cluster before test execution and decouples the code-base from e2e tests

Real Infrastructure Integration

  • Real Vault: Tests run against an actual HashiCorp Vault instance, not mocks
  • Real CSI Secrets Store Driver: Actual secrets-store-csi-driver with Vault provider
  • Real Argo Rollouts: Actual Argo Rollouts controller for Rollout workload testing
  • CSI tests create secrets in Vault, verify SecretProviderClass sync, and validate Reloader triggers rolling updates on secret rotation
  • All versions pinned for reproducibility (Vault 1.20.4, CSI Driver 1.5.5, Argo Rollouts 1.7.2)

Watch-Based Waiting Infrastructure

  • Replaced all time.Sleep() and polling-based waits with Kubernetes watch API
  • Generic WatchUntil[T runtime.Object] function for type-safe resource watching
  • Condition functions (DeploymentReady, DaemonSetReady, etc.) for clean assertions
  • Tests react to actual state changes instead of arbitrary timeouts - faster and more reliable

Workload Adapter Pattern

  • Unified WorkloadAdapter interface for all workload types
  • Supports: Deployment, DaemonSet, StatefulSet, Job, CronJob, Argo Rollout, OpenShift DeploymentConfig
  • Capability interfaces (Pausable, Recreatable, JobTriggerer) for workload-specific features
  • Single test code works across all workload types via table-driven tests

Test Coverage

Category What's Tested
Core Workloads ConfigMap/Secret reload via volumes, envFrom, env valueFrom for all 7 workload types
Annotations auto=true, typed auto (configmap.auto, secret.auto, secretproviderclass.auto), search/match, exclude, pause-period
Flags --watch-globally, --namespaces-to-ignore, --resources-to-ignore, --reload-on-create, --reload-on-delete, --auto-reload-all
CSI Integration Real Vault secret creation/rotation, SecretProviderClass sync, SPCPS version tracking, automatic reload on external secret changes
Advanced Job recreation, CronJob triggered jobs, multi-container pods, init containers, regex matching
Strategies Annotations strategy and env-vars strategy (STAKATER_* environment variables)

Infrastructure Scripts

  • scripts/e2e-cluster-setup.sh - Installs Argo Rollouts, CSI Secrets Store Driver, Vault (with Kubernetes auth configured)
  • scripts/e2e-cluster-cleanup.sh - Cleans up test resources
  • Makefile targets: make e2e-setup, make e2e, make e2e-cleanup, make e2e-ci

Code Quality

  • Added .golangci.yml with comprehensive linter configuration (errcheck, govet, staticcheck, ginkgolinter, etc.)
  • All e2e utility code passes lint checks
  • Unit tests for utility functions (annotations, helm, rand, test helpers)

List of all tests

advanced/job_reload_test.go

  • Job Workload Recreation Tests Job with auto annotation should recreate Job with auto=true when ConfigMap changes — Job
  • Job Workload Recreation Tests Job with ConfigMap reference should recreate Job when referenced ConfigMap changes — Job
  • Job Workload Recreation Tests Job with SecretProviderClass reference should recreate Job when Vault secret changes — Job
  • Job Workload Recreation Tests Job with Secret reference should recreate Job when referenced Secret changes — Job
  • Job Workload Recreation Tests Job with valueFrom ConfigMap reference should recreate Job when ConfigMap referenced via valueFrom changes — Job
  • Job Workload Recreation Tests Job with valueFrom Secret reference should recreate Job when Secret referenced via valueFrom changes — Job

advanced/multi_container_test.go

  • Multi-Container Tests Init container with CSI volume should reload when SecretProviderClassPodStatus used by init container changes
  • Multi-Container Tests Init container with CSI volume should reload with auto annotation when init container CSI volume changes
  • Multi-Container Tests Multiple containers different ConfigMaps should reload when any container's ConfigMap changes
  • Multi-Container Tests Multiple containers same ConfigMap should reload when ConfigMap used by multiple containers changes

advanced/regex_test.go

  • Regex Pattern Tests ConfigMap regex pattern should NOT reload when ConfigMap NOT matching pattern changes
  • Regex Pattern Tests ConfigMap regex pattern should reload when ConfigMap matching pattern changes
  • Regex Pattern Tests Secret regex pattern should reload when Secret matching pattern changes

annotations/auto_reload_test.go

  • Auto Reload Annotation Tests with auto annotation and explicit reload annotation together should reload when auto-detected resource changes
  • Auto Reload Annotation Tests with reloader.stakater.com/auto=true annotation should reload Deployment when any referenced ConfigMap changes — Deployment
  • Auto Reload Annotation Tests with reloader.stakater.com/auto=true annotation should reload Deployment when any referenced Secret changes — Deployment
  • Auto Reload Annotation Tests with reloader.stakater.com/auto=true annotation should reload Deployment when either ConfigMap or Secret changes — Deployment
  • Auto Reload Annotation Tests with secretproviderclass.reloader.stakater.com/auto=true annotation should NOT reload Deployment when ConfigMap changes (only SPC auto enabled) — Deployment
  • Auto Reload Annotation Tests with secretproviderclass.reloader.stakater.com/auto=true annotation should reload Deployment when SecretProviderClassPodStatus changes — Deployment
  • Auto Reload Annotation Tests with secretproviderclass.reloader.stakater.com/auto=true annotation should reload when using combined auto=true annotation for SPC

annotations/combination_test.go

  • Combination Annotation Tests auto=true with exclude annotations should NOT reload when excluded ConfigMap changes
  • Combination Annotation Tests auto=true with exclude annotations should NOT reload when excluded Secret changes
  • Combination Annotation Tests auto=true with exclude annotations should reload when non-excluded ConfigMap changes
  • Combination Annotation Tests auto=true with explicit reload annotations should reload when both auto-detected and explicitly listed ConfigMaps change
  • Combination Annotation Tests auto=true with explicit reload annotations should reload when explicitly listed ConfigMap changes with auto=true
  • Combination Annotation Tests auto=true with explicit reload annotations should reload when Secret changes with auto=true and explicit Secret annotation
  • Combination Annotation Tests multiple explicit references should reload when any of multiple explicitly listed ConfigMaps change
  • Combination Annotation Tests multiple explicit references should reload when any of multiple explicitly listed Secrets change
  • Combination Annotation Tests multiple explicit references should reload when both ConfigMap and Secret annotations are present

annotations/exclude_test.go

  • Exclude Annotation Tests ConfigMap exclude annotation should NOT reload when excluded ConfigMap changes
  • Exclude Annotation Tests ConfigMap exclude annotation should reload when non-excluded ConfigMap changes
  • Exclude Annotation Tests Exclude annotation on pod template — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Exclude Annotation Tests Secret exclude annotation should NOT reload when excluded Secret changes
  • Exclude Annotation Tests Secret exclude annotation should reload when non-excluded Secret changes
  • Exclude Annotation Tests SecretProviderClass exclude annotation should NOT reload when excluded SecretProviderClassPodStatus changes
  • Exclude Annotation Tests SecretProviderClass exclude annotation should reload when non-excluded SecretProviderClassPodStatus changes

annotations/pause_period_test.go

  • Pause Period Tests with pause-period annotation should NOT pause Deployment without pause-period annotation — Deployment
  • Pause Period Tests with pause-period annotation should pause Deployment after reload — Deployment
  • [PENDING] Pause Period Tests with pause-period annotation should pause Deployment when pause-period annotation is on pod template — Deployment

annotations/resource_ignore_test.go

  • Resource Ignore Annotation Tests with reloader.stakater.com/ignore annotation on resource should NOT reload when ConfigMap has ignore=true annotation
  • Resource Ignore Annotation Tests with reloader.stakater.com/ignore annotation on resource should NOT reload when Secret has ignore=true annotation

annotations/search_match_test.go

  • Search and Match Annotation Tests with search and match annotations should NOT reload when resource has match but no Deployment has search — Deployment
  • Search and Match Annotation Tests with search and match annotations should NOT reload when workload has search but ConfigMap has no match
  • Search and Match Annotation Tests with search and match annotations should reload only the deployment with search annotation when multiple deployments use same ConfigMap — Deployment
  • Search and Match Annotation Tests with search and match annotations should reload when workload has search annotation and ConfigMap has match annotation
  • Search and Match Annotation Tests with search annotation on pod template — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig

argo/rollout_test.go

  • Argo Rollout Strategy Tests Rollout strategy annotation should use default rollout strategy (annotation-based reload) — ArgoRollout
  • Argo Rollout Strategy Tests Rollout strategy annotation should use restart strategy when specified (sets restartAt field) — ArgoRollout

core/reference_methods_test.go

  • Reference Method Tests Auto Annotation with valueFrom should reload with auto=true when ConfigMap referenced via valueFrom changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests Init Container with envFrom should reload when ConfigMap referenced by init container changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests Init Container with envFrom should reload when Secret referenced by init container changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests Init Container with Volume Mount should reload when ConfigMap volume mounted in init container changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests Init Container with Volume Mount should reload when Secret volume mounted in init container changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests Projected Volumes should reload when ConfigMap changes in mixed projected volume — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests Projected Volumes should reload when ConfigMap in projected volume changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests Projected Volumes should reload when Secret changes in mixed projected volume — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests Projected Volumes should reload when Secret in projected volume changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests valueFrom.configMapKeyRef should reload when ConfigMap referenced via valueFrom.configMapKeyRef changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Reference Method Tests valueFrom.secretKeyRef should reload when Secret referenced via valueFrom.secretKeyRef changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig

core/workloads_test.go

  • Workload Reload Tests Annotations Strategy should NOT reload when only ConfigMap labels change (no data change) — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Annotations Strategy should NOT reload when only Secret labels change (no data change) — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Annotations Strategy should NOT reload when only SecretProviderClassPodStatus labels change — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Annotations Strategy should reload when ConfigMap changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Annotations Strategy should reload when Secret changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Annotations Strategy should reload when SecretProviderClassPodStatus changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Annotations Strategy should reload with auto=true annotation when ConfigMap changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests CronJob (special handling) should NOT reload without Reloader annotation — Deployment, DaemonSet, StatefulSet
  • Workload Reload Tests CronJob (special handling) should reload when volume-mounted ConfigMap changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests CronJob (special handling) should reload when volume-mounted Secret changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests CronJob (special handling) should trigger a Job when ConfigMap changes — CronJob
  • Workload Reload Tests CronJob (special handling) should trigger a Job when Secret changes — CronJob
  • Workload Reload Tests CronJob (special handling) should trigger a Job with auto=true annotation when ConfigMap changes — CronJob
  • Workload Reload Tests Edge Cases should NOT reload with auto=false annotation — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Edge Cases should reload multiple times for sequential ConfigMap updates — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Edge Cases should reload when either ConfigMap or Secret changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Edge Cases should reload with multiple ConfigMaps when any one changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Edge Cases should reload with multiple Secrets when any one changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests EnvVars Strategy should add STAKATER_ env var when ConfigMap changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests EnvVars Strategy should add STAKATER_ env var when Secret changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests EnvVars Strategy should add STAKATER_ env var when SecretProviderClassPodStatus changes — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests EnvVars Strategy should add STAKATER_ env var when SecretProviderClassPodStatus used by init container changes
  • Workload Reload Tests EnvVars Strategy should add STAKATER_ env var with secretproviderclass auto annotation
  • Workload Reload Tests EnvVars Strategy should NOT add STAKATER_ env var when excluded SecretProviderClassPodStatus changes
  • Workload Reload Tests EnvVars Strategy should NOT add STAKATER_ env var when only ConfigMap labels change — Deployment, DaemonSet, StatefulSet
  • Workload Reload Tests EnvVars Strategy should NOT add STAKATER_ env var when only Secret labels change — Deployment, DaemonSet, StatefulSet
  • Workload Reload Tests EnvVars Strategy should NOT add STAKATER_ env var when only SecretProviderClassPodStatus labels change — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Pod Template Annotations should NOT reload when pod template has ConfigMap annotation but Secret is updated — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Pod Template Annotations should reload when annotations are on both workload and pod template — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Pod Template Annotations should reload when auto=true annotation is on pod template only — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Pod Template Annotations should reload when ConfigMap annotation is on pod template only — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Pod Template Annotations should reload when Secret annotation is on pod template only — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Pod Template Annotations should reload when SecretProviderClass annotation is on pod template only — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig
  • Workload Reload Tests Pod Template Annotations should reload when secretproviderclass auto annotation is on pod template only — Deployment, DaemonSet, StatefulSet, ArgoRollout, DeploymentConfig

csi/csi_test.go

  • CSI SecretProviderClass Tests Real Vault Integration Tests should handle multiple Vault secret updates
  • CSI SecretProviderClass Tests Real Vault Integration Tests should reload when Vault secret changes
  • CSI SecretProviderClass Tests Typed Auto Annotation Tests should reload for both ConfigMap and SPC when using combined auto=true

flags/auto_reload_all_test.go

  • Auto Reload All Flag Tests with autoReloadAll=true flag should reload workloads without any annotations when autoReloadAll is true
  • Auto Reload All Flag Tests with autoReloadAll=true flag should respect auto=false annotation even when autoReloadAll is true

flags/ignored_workloads_test.go

  • Ignored Workloads Flag Tests with both ignoreCronJobs=true and ignoreJobs=true flags should NOT reload CronJobs when both job flags are true — CronJob
  • Ignored Workloads Flag Tests with ignoreCronJobs=true flag should NOT reload CronJobs when ignoreCronJobs=true — CronJob
  • Ignored Workloads Flag Tests with ignoreCronJobs=true flag should still reload Deployments when ignoreCronJobs=true — CronJob

flags/ignore_resources_test.go

  • Ignore Resources Flag Tests with ignoreConfigMaps=true flag should NOT reload when ConfigMap changes with ignoreConfigMaps=true
  • Ignore Resources Flag Tests with ignoreConfigMaps=true flag should still reload when Secret changes with ignoreConfigMaps=true
  • Ignore Resources Flag Tests with ignoreSecrets=true flag should NOT reload when Secret changes with ignoreSecrets=true
  • Ignore Resources Flag Tests with ignoreSecrets=true flag should still reload when ConfigMap changes with ignoreSecrets=true

flags/namespace_ignore_test.go

  • Namespace Ignore Flag Tests with ignoreNamespaces flag should NOT reload in ignored namespace
  • Namespace Ignore Flag Tests with ignoreNamespaces flag should reload in watched (non-ignored) namespace

flags/namespace_selector_test.go

  • Namespace Selector Flag Tests with namespaceSelector flag should NOT reload workloads in non-matching namespaces
  • Namespace Selector Flag Tests with namespaceSelector flag should reload workloads in matching namespaces

flags/reload_on_create_test.go

  • Reload On Create Flag Tests with reloadOnCreate=false (default) should NOT reload when a new ConfigMap is created (default behavior)
  • Reload On Create Flag Tests with reloadOnCreate=true flag should reload when a new ConfigMap is created
  • Reload On Create Flag Tests with reloadOnCreate=true flag should reload when a new Secret is created

flags/reload_on_delete_test.go

  • Reload On Delete Flag Tests with reloadOnDelete=false (default) should NOT reload when a referenced ConfigMap is deleted (default behavior)
  • Reload On Delete Flag Tests with reloadOnDelete=true flag should reload when a referenced ConfigMap is deleted
  • Reload On Delete Flag Tests with reloadOnDelete=true flag should reload when a referenced Secret is deleted

flags/resource_selector_test.go

  • Resource Label Selector Flag Tests with resourceLabelSelector flag should NOT reload when unlabeled ConfigMap changes
  • Resource Label Selector Flag Tests with resourceLabelSelector flag should reload when labeled ConfigMap changes

flags/watch_globally_test.go

  • Watch Globally Flag Tests with watchGlobally=false flag should NOT reload workloads in other namespaces when watchGlobally=false
  • Watch Globally Flag Tests with watchGlobally=false flag should reload workloads in Reloader's namespace when watchGlobally=false
  • Watch Globally Flag Tests with watchGlobally=true flag (default) should reload workloads in any namespace when watchGlobally=true

@faizanahmad055 faizanahmad055 mentioned this pull request Jan 12, 2026
Closed
msafwankarim
msafwankarim reviewed Jan 19, 2026
View reviewed changes
Copy link
Contributor

@msafwankarim msafwankarim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to generate list of specs titles and add it in description maybe. Just for the overview and see if there is redundant or missing stuff

Rest looks good to me

faizanahmad055
faizanahmad055 reviewed Jan 19, 2026
View reviewed changes
@TheiLLeniumStudios
Copy link
Contributor Author

TheiLLeniumStudios commented Jan 21, 2026

@msafwankarim added a list of all tests in the description

faizanahmad055
faizanahmad055 reviewed Jan 21, 2026
View reviewed changes
internal/pkg/controller/controller.go
var secretControllerInitialized bool = false
var configmapControllerInitialized bool = false
var secretControllerInitialized = false
var configmapControllerInitialized = false
Copy link
Contributor

@faizanahmad055 faizanahmad055 Jan 21, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add some kind of synchronization here with atomic or mutex? Not sure but since multiple threads might try to access this, it could cause race condition or sync issues.

@faizanahmad055
Copy link
Contributor

faizanahmad055 commented Jan 21, 2026

Rest it looks okay. I ran the e2e and unit tests. It works great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msafwankarim msafwankarim msafwankarim left review comments

@faizanahmad055 faizanahmad055 faizanahmad055 approved these changes

@Felix-Stakater Felix-Stakater Awaiting requested review from Felix-Stakater

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TheiLLeniumStudios @faizanahmad055 @msafwankarim