Merge pull request #577 from cockroachdb/nishanth/operator-advanced-tests

[CRDB-53973] e2e/operator: advanced e2e tests for bare-metal infrastructure(kind).

Author: shreyaskm623

Makefile

@@ -148,6 +148,13 @@ test/single-cluster/up: bin/k3d
 test/multi-cluster/down: bin/k3d
 	 ./tests/k3d/dev-multi-cluster.sh down
 
+test/nightly-e2e/advanced/single-region: bin/cockroach bin/kubectl bin/helm build/self-signer bin/kind
+	@PATH="$(PWD)/bin:${PATH}" PROVIDER=kind TEST_ADVANCED_FEATURES=true go test -timeout 90m -v -test.run TestOperatorInSingleRegion ./tests/e2e/operator/singleRegion/... || (echo "Advanced single-region tests failed with exit code $$?" && exit 1)
+
+test/nightly-e2e/advanced/multi-region: bin/cockroach bin/kubectl bin/helm build/self-signer bin/kind
+	@PATH="$(PWD)/bin:${PATH}" PROVIDER=kind TEST_ADVANCED_FEATURES=true go test -timeout 90m -v -test.run TestOperatorInMultiRegion ./tests/e2e/operator/multiRegion/... || (echo "Advanced multi-region tests failed with exit code $$?" && exit 1)
+
+
 test/lint: bin/helm ## lint the helm chart
 	@build/lint.sh && \
 	bin/helm lint cockroachdb && \

tests/e2e/migrate/helm_chart_to_cockroach_enterprise_operator_test.go

@@ -10,6 +10,7 @@ import (
 
 	api "github.com/cockroachdb/cockroach-operator/apis/v1alpha1"
 	"github.com/cockroachdb/helm-charts/tests/e2e/operator"
+	"github.com/cockroachdb/helm-charts/tests/e2e/operator/infra"
 	"github.com/cockroachdb/helm-charts/tests/testutil"
 	"github.com/cockroachdb/helm-charts/tests/testutil/migration"
 	"github.com/gruntwork-io/terratest/modules/helm"
@@ -59,6 +60,21 @@ func init() {
 	}
 }
 
+// providerCloudRegion returns the cloud region for the active provider.
+func providerCloudRegion() string {
+	p := strings.TrimSpace(strings.ToLower(os.Getenv("PROVIDER")))
+	switch p {
+	case "k3d", "": // default to k3d when PROVIDER is unset
+		return infra.RegionCodes[infra.ProviderK3D][0]
+	case "kind":
+		return infra.RegionCodes[infra.ProviderKind][0]
+	case "gcp":
+		return infra.RegionCodes[infra.ProviderGCP][0]
+	default:
+		return ""
+	}
+}
+
 func TestHelmChartToOperatorMigration(t *testing.T) {
 	h := newHelmChartToOperator()
 	t.Run("helm chart to cockroach enterprise operator migration", h.TestDefaultMigration)
@@ -145,7 +161,7 @@ func (h *HelmChartToOperator) TestDefaultMigration(t *testing.T) {
 		k8s.RunKubectl(t, kubectlOptions, "delete", "priorityclass", "crdb-critical")
 	}()
 
-	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions)
+	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions, providerCloudRegion())
 	defer func() {
 		t.Log("Uninstall the cockroachdb enterprise operator")
 		operator.UninstallCockroachDBEnterpriseOperator(t, kubectlOptions)
@@ -263,7 +279,7 @@ func (h *HelmChartToOperator) TestCertManagerMigration(t *testing.T) {
 		k8s.RunKubectl(t, kubectlOptions, "delete", "priorityclass", "crdb-critical")
 	}()
 
-	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions)
+	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions, providerCloudRegion())
 	defer func() {
 		t.Log("Uninstall the cockroachdb enterprise operator")
 		operator.UninstallCockroachDBEnterpriseOperator(t, kubectlOptions)
@@ -381,7 +397,7 @@ func (h *HelmChartToOperator) TestDedicatedLogsPVCMigration(t *testing.T) {
 		k8s.RunKubectl(t, kubectlOptions, "delete", "priorityclass", "crdb-critical")
 	}()
 
-	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions)
+	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions, providerCloudRegion())
 	defer func() {
 		t.Log("Uninstall the cockroachdb enterprise operator")
 		operator.UninstallCockroachDBEnterpriseOperator(t, kubectlOptions)
@@ -476,7 +492,7 @@ func (h *HelmChartToOperator) TestPCRPrimaryMigration(t *testing.T) {
 		k8s.RunKubectl(t, kubectlOptions, "delete", "priorityclass", "crdb-critical")
 	}()
 
-	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions)
+	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions, providerCloudRegion())
 	defer func() {
 		t.Log("Uninstall the cockroachdb enterprise operator")
 		operator.UninstallCockroachDBEnterpriseOperator(t, kubectlOptions)

tests/e2e/migrate/public_operator_to_cockroach_enterprise_operator_test.go

@@ -156,7 +156,7 @@ func (o *PublicOperatorToCockroachEnterpriseOperator) TestDefaultMigration(t *te
 	k8s.KubectlApply(t, kubectlOptions, filepath.Join(manifestsDirPath, "rbac.yaml"))
 
 	t.Log("Install the cockroachdb enterprise operator")
-	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions)
+	operator.InstallCockroachDBEnterpriseOperator(t, kubectlOptions, providerCloudRegion())
 	defer func() {
 		t.Log("Uninstall the cockroachdb enterprise operator")
 		operator.UninstallCockroachDBEnterpriseOperator(t, kubectlOptions)

tests/e2e/operator/multiRegion/cockroachdb_multi_region_advanced_features_test.go

@@ -0,0 +1,250 @@
+package multiRegion
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/cockroachdb/helm-charts/tests/e2e/operator"
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/stretchr/testify/require"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// TestWALFailoverMultiRegion tests WAL failover with different paths in each region
+// Region 0: WAL failover enabled with custom path
+// Region 1: WAL failover disabled
+func (r *multiRegion) TestWALFailoverMultiRegion(t *testing.T) {
+	// Setup namespaces and CA for each region
+	cleanup := r.SetupMultiClusterWithCA(t)
+	defer cleanup()
+
+	// Region 0: Install with WAL failover enabled
+	cluster0 := r.Clusters[0]
+	walPath0 := "/cockroach/wal-region-0"
+
+	t.Logf("Installing region 0 (%s) with WAL failover enabled at path %s", cluster0, walPath0)
+	config0 := operator.AdvancedInstallConfig{
+		WALFailoverEnabled: true,
+		WALFailoverSize:    "5Gi",
+		CustomValues: map[string]string{
+			"cockroachdb.crdbCluster.walFailoverSpec.path": walPath0,
+		},
+	}
+	r.InstallChartsWithAdvancedConfig(t, cluster0, 0, config0)
+
+	// Region 1: Install without WAL failover
+	cluster1 := r.Clusters[1]
+	t.Logf("Installing region 1 (%s) without WAL failover", cluster1)
+	config1 := operator.AdvancedInstallConfig{}
+	r.InstallChartsWithAdvancedConfig(t, cluster1, 1, config1)
+
+	// Validate CockroachDB cluster health in both regions
+	for _, cluster := range r.Clusters {
+		r.ValidateCRDB(t, cluster)
+	}
+
+	// Validate multi-region setup
+	r.ValidateMultiRegionSetup(t)
+
+	// Validate WAL failover in region 0
+	t.Log("Validating WAL failover in region 0")
+	r.ValidateWALFailover(t, cluster0, &operator.AdvancedValidationConfig{
+		WALFailover: operator.WALFailoverValidation{
+			CustomPath: walPath0,
+		},
+	})
+
+	// Validate NO WAL failover in region 1
+	t.Log("Validating NO WAL failover in region 1")
+	kubeConfig, _ := r.GetCurrentContext(t)
+	kubectlOptions1 := k8s.NewKubectlOptions(cluster1, kubeConfig, r.Namespace[cluster1])
+
+	pods := k8s.ListPods(t, kubectlOptions1, metav1.ListOptions{
+		LabelSelector: operator.LabelSelector,
+	})
+	require.True(t, len(pods) > 0, "No CockroachDB pods found in region 1")
+
+	podCommand, err := k8s.RunKubectlAndGetOutputE(t, kubectlOptions1,
+		"get", "pod", pods[0].Name, "-o", "jsonpath={.spec.containers[?(@.name=='cockroachdb')].command}")
+	require.NoError(t, err)
+	require.NotContains(t, podCommand, "--wal-failover", "Region 1 should not have WAL failover enabled")
+	t.Log("Confirmed region 1 does not have WAL failover")
+
+	t.Logf("WAL failover multi-region test completed successfully")
+}
+
+// TestEncryptionAtRestMultiRegion tests encryption at rest with different secrets per region
+// Region 0: Encryption enabled with secret "cmek-key-secret-region-0"
+// Region 1: Encryption disabled (no encryption)
+func (r *multiRegion) TestEncryptionAtRestMultiRegion(t *testing.T) {
+	// Setup namespaces and CA for each region
+	cleanup := r.SetupMultiClusterWithCA(t)
+	defer cleanup()
+
+	// Generate encryption key for region 0
+	encryptionKeyB64 := r.GenerateEncryptionKey(t)
+	t.Logf("Generated encryption key for region 0 (base64 length: %d)", len(encryptionKeyB64))
+
+	// Region 0: Install with encryption at rest enabled
+	cluster0 := r.Clusters[0]
+	secretName0 := "cmek-key-secret-region-0"
+
+	encryptionRegions0 := []map[string]interface{}{
+		{
+			"code":          r.RegionCodes[0],
+			"cloudProvider": r.Provider,
+			"nodes":         r.NodeCount,
+			"namespace":     r.Namespace[cluster0],
+			"domain":        operator.CustomDomains[0],
+			"encryptionAtRest": map[string]interface{}{
+				"platform":      "UNKNOWN_KEY_TYPE",
+				"keySecretName": secretName0,
+			},
+		},
+	}
+
+	t.Logf("Installing region 0 (%s) with encryption at rest enabled", cluster0)
+	config0 := operator.AdvancedInstallConfig{
+		EncryptionEnabled:       true,
+		EncryptionKeySecret:     encryptionKeyB64,
+		EncryptionKeySecretName: secretName0,
+		CustomRegions:           encryptionRegions0,
+	}
+	r.InstallChartsWithAdvancedConfig(t, cluster0, 0, config0)
+
+	// Region 1: Install without encryption
+	cluster1 := r.Clusters[1]
+	t.Logf("Installing region 1 (%s) without encryption at rest", cluster1)
+	config1 := operator.AdvancedInstallConfig{}
+	r.InstallChartsWithAdvancedConfig(t, cluster1, 1, config1)
+
+	// Validate CockroachDB cluster health in both regions
+	for _, cluster := range r.Clusters {
+		r.ValidateCRDB(t, cluster)
+	}
+
+	// Validate multi-region setup
+	r.ValidateMultiRegionSetup(t)
+
+	// Validate encryption in region 0
+	t.Log("Validating encryption at rest in region 0")
+	r.ValidateEncryptionAtRest(t, cluster0, &operator.AdvancedValidationConfig{
+		EncryptionAtRest: operator.EncryptionAtRestValidation{
+			SecretName: secretName0,
+		},
+	})
+
+	// Validate NO encryption in region 1
+	t.Log("Validating NO encryption at rest in region 1")
+	kubeConfig, _ := r.GetCurrentContext(t)
+	kubectlOptions1 := k8s.NewKubectlOptions(cluster1, kubeConfig, r.Namespace[cluster1])
+
+	pods := k8s.ListPods(t, kubectlOptions1, metav1.ListOptions{
+		LabelSelector: operator.LabelSelector,
+	})
+	require.True(t, len(pods) > 0, "No CockroachDB pods found in region 1")
+
+	podCommand, err := k8s.RunKubectlAndGetOutputE(t, kubectlOptions1,
+		"get", "pod", pods[0].Name, "-o", "jsonpath={.spec.containers[?(@.name=='cockroachdb')].command}")
+	require.NoError(t, err)
+	require.NotContains(t, podCommand, "--enterprise-encryption", "Region 1 should not have encryption enabled")
+	t.Log("Confirmed region 1 does not have encryption at rest")
+
+	t.Logf("Encryption at rest multi-region test completed successfully")
+}
+
+// TestPCRMultiRegion tests Physical Cluster Replication with multi-region setup
+// Creates a multi-region primary cluster, then creates a standby cluster and tests failover/failback
+func (r *multiRegion) TestPCRMultiRegion(t *testing.T) {
+	// Creating random namespace for primary multi-region cluster
+	for _, cluster := range r.Clusters {
+		r.Namespace[cluster] = fmt.Sprintf("%s-primary-%s", operator.Namespace, strings.ToLower(random.UniqueId()))
+	}
+
+	// Create CA certificate once for all clusters
+	cleanupCA := r.RequireCACertificate(t)
+	defer cleanupCA()
+
+	var standbyNamespace string
+
+	// Capture primary namespaces now. During standby installation r.Namespace[Clusters[0]]
+	// is temporarily overwritten with the standby namespace. If the test fails before
+	// restoring it, CleanupResources would clean up the wrong namespace and leak the
+	// primary namespace. Restoring here ensures correct cleanup regardless of failure point.
+	primaryNS := make(map[string]string)
+	for _, cluster := range r.Clusters {
+		primaryNS[cluster] = r.Namespace[cluster]
+	}
+	defer func() {
+		for cluster, ns := range primaryNS {
+			r.Namespace[cluster] = ns
+		}
+		r.CleanupResources(t)
+	}()
+	defer func() {
+		if standbyNamespace != "" {
+			kubeConfig, _ := r.GetCurrentContext(t)
+			// Standby is always installed on Clusters[0]; use its context explicitly.
+			kubectlOptions := k8s.NewKubectlOptions(r.Clusters[0], kubeConfig, standbyNamespace)
+			if err := k8s.DeleteNamespaceE(t, kubectlOptions, standbyNamespace); err != nil {
+				t.Logf("Warning: failed to delete standby namespace %s (cluster may be unreachable): %v", standbyNamespace, err)
+			}
+		}
+	}()
+
+	// Step 1: Install primary multi-region cluster
+	t.Log("Installing primary multi-region cluster")
+	for i, cluster := range r.Clusters {
+		primaryConfig := operator.AdvancedInstallConfig{
+			VirtualClusterMode: "primary",
+		}
+		r.InstallChartsWithAdvancedConfig(t, cluster, i, primaryConfig)
+	}
+
+	// Validate primary cluster health in all regions
+	for _, cluster := range r.Clusters {
+		r.ValidateCRDB(t, cluster)
+	}
+
+	// Validate multi-region setup
+	r.ValidateMultiRegionSetup(t)
+	t.Log("Primary multi-region cluster is healthy")
+
+	// Step 2: Install standby cluster (single region for simplicity)
+	t.Log("Installing standby cluster")
+	standbyCluster := r.Clusters[0] // Use first cluster for standby
+	standbyNamespace = fmt.Sprintf("%s-standby-%s", operator.Namespace, strings.ToLower(random.UniqueId()))
+
+	// Temporarily update namespace for standby installation
+	originalNamespace := r.Namespace[standbyCluster]
+	r.Namespace[standbyCluster] = standbyNamespace
+
+	standbyConfig := operator.AdvancedInstallConfig{
+		VirtualClusterMode:  "standby",
+		SkipOperatorInstall: true, // Operator already installed
+	}
+	r.InstallChartsWithAdvancedConfig(t, standbyCluster, 0, standbyConfig)
+
+	// Validate standby cluster
+	r.VirtualClusterModeStandby = true
+	r.ValidateCRDB(t, standbyCluster)
+	r.VirtualClusterModeStandby = false
+	t.Log("Standby cluster is healthy")
+
+	// Step 3: Set up replication and test failover/failback
+	t.Log("Testing PCR failover and failback")
+	r.ValidatePCR(t, &operator.AdvancedValidationConfig{
+		PCR: operator.PCRValidation{
+			Cluster:          standbyCluster,
+			PrimaryNamespace: originalNamespace,
+			StandbyNamespace: standbyNamespace,
+		},
+	})
+
+	// Restore original namespace
+	r.Namespace[standbyCluster] = originalNamespace
+
+	t.Logf("PCR multi-region test completed successfully")
+}

tests/e2e/operator/multiRegion/cockroachdb_multi_region_e2e_test.go

@@ -83,14 +83,21 @@ func TestOperatorInMultiRegion(t *testing.T) {
 		// Set up infrastructure for this provider once.
 		cloudProvider.SetUpInfra(t)
 
-		testCases := map[string]func(*testing.T){
-			"TestHelmInstall":           providerRegion.TestHelmInstall,
-			"TestHelmUpgrade":           providerRegion.TestHelmUpgrade,
-			"TestClusterRollingRestart": providerRegion.TestClusterRollingRestart,
-			"TestKillingCockroachNode":  providerRegion.TestKillingCockroachNode,
-			"TestClusterScaleUp":        func(t *testing.T) { providerRegion.TestClusterScaleUp(t, cloudProvider) },
+		// Build test cases based on TEST_ADVANCED_FEATURES environment variable
+		testCases := make(map[string]func(*testing.T))
+
+		// Run only advanced test cases when TEST_ADVANCED_FEATURES is enabled
+		if os.Getenv("TEST_ADVANCED_FEATURES") == "true" {
+			testCases["TestWALFailoverMultiRegion"] = providerRegion.TestWALFailoverMultiRegion
+			testCases["TestEncryptionAtRestMultiRegion"] = providerRegion.TestEncryptionAtRestMultiRegion
+			testCases["TestPCRMultiRegion"] = providerRegion.TestPCRMultiRegion
+		} else {
+			testCases["TestHelmInstall"] = providerRegion.TestHelmInstall
+			testCases["TestHelmUpgrade"] = providerRegion.TestHelmUpgrade
+			testCases["TestClusterRollingRestart"] = providerRegion.TestClusterRollingRestart
+			testCases["TestKillingCockroachNode"] = providerRegion.TestKillingCockroachNode
+			testCases["TestClusterScaleUp"] = func(t *testing.T) { providerRegion.TestClusterScaleUp(t, cloudProvider) }
 		}
-
 		// Run tests sequentially within a provider.
 		var testFailed bool
 		for name, method := range testCases {