Skip to content

Add integration tests for Kafka messaging#85

Open
lubomir wants to merge 1 commit into
feature/integration-testsfrom
overseer/84
Open

Add integration tests for Kafka messaging#85
lubomir wants to merge 1 commit into
feature/integration-testsfrom
overseer/84

Conversation

@lubomir

@lubomir lubomir commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

🤖 This was posted automatically by an AI agent.

Add integration tests for Kafka messaging

Closes #84

Changes

tests/test_integration_api.py

  • Added kafka_url module-scoped fixture that skips when KAFKA_URL is not set.
  • Added _consume_kafka_message helper using KafkaConsumer with auto_offset_reset='earliest' and a per-call UUID group_id, so messages published before the consumer subscribes are still visible.
  • Added three self-verifying integration tests:
    • test_kafka_compose_created — imports a compose and asserts a message arrives on cts.compose-created.
    • test_kafka_compose_tagged — tags a compose and asserts a message arrives on cts.compose-tagged.
    • test_kafka_compose_untagged — untags a compose and asserts a message arrives on cts.compose-untagged.
  • All three tests are skipped (with reason "requires KAFKA_URL") when KAFKA_URL is unset, preserving backward compatibility.

test-requirements.txt

  • Added kafka-python for use in the integration tests.

.tekton/integration-test-eaas.yaml

  • Added deploy-kafka task (after provision-environment) that deploys a Bitnami Kafka 3.7 single-broker KRaft instance accessible at kafka:9092 with no TLS or SASL.
  • Added deploy-kafka to deploy-cts's runAfter list to enforce ordering.
  • Added Kafka config to the cts-config ConfigMap inside deploy-cts:
    MESSAGING_BACKEND = "kafka"
    MESSAGING_BROKER_URLS = ["kafka:9092"]
    MESSAGING_KAFKA_SECURITY_PROTOCOL = "PLAINTEXT"
    MESSAGING_TOPIC_PREFIX = "cts."
  • Updated the run-tests task's pip install to include kafka-python and its pytest invocation to pass KAFKA_URL=kafka:9092.

Acceptance criteria verification

  1. pytest … -k "not kafka" with no KAFKA_URL — no new errors; three Kafka tests deselected.
  2. test_kafka_compose_created skips gracefully without KAFKA_URL; asserts both positive (correct event field) and negative (non-empty payload) when running live.
  3. test_kafka_compose_tagged — same pattern.
  4. test_kafka_compose_untagged — same pattern.
  5. deploy-kafka task exists and deploy-cts lists deploy-kafka in its runAfter field.
  6. run-tests pip install includes kafka-python; kubectl exec script passes KAFKA_URL=kafka:9092.

@lubomir lubomir changed the base branch from main to feature/integration-tests June 26, 2026 13:21
@lubomir

lubomir commented Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

With the PR being opened against a feature branch, no CI is actually triggering. Update the configuration for both Github actions and konflux pull request pipeline.

@lubomir

lubomir commented Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

🤖 This was posted automatically by an AI agent.

All three MUST FIX issues and the SHOULD FIX addressed:

  1. Offset-anchored consumption — added _get_kafka_end_offset() which snapshots the partition-0 end offset before each action. _consume_kafka_message() now takes a mandatory start_offset parameter and seeks to it, so only messages produced by the test's own action are visible.

  2. Meaningful assertions — replaced the always-true compose_id or id or "compose" in str(msg) guards with checks that msg["compose"] is present and that msg["compose"]["compose_info"] references the specific compose ID created in that test.

  3. Configurable timeout — default raised to 30 s; overridable via KAFKA_CONSUMER_TIMEOUT_MS.

@lubomir

lubomir commented Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

🤖 This was posted automatically by an AI agent.

CI triggers now include feature/integration-tests:

  • GitHub Actions (gating.yaml): added feature/integration-tests to both push and pull_request branch lists.
  • Konflux PR pipeline (cts-pull-request.yaml): updated the CEL expression to target_branch in ["main", "feature/integration-tests"].

@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (feature/integration-tests@d999a50). Learn more about missing BASE report.

Additional details and impacted files
@@                     Coverage Diff                      @@
##             feature/integration-tests      #85   +/-   ##
============================================================
  Coverage                             ?   83.69%           
============================================================
  Files                                ?       13           
  Lines                                ?     1325           
  Branches                             ?        0           
============================================================
  Hits                                 ?     1109           
  Misses                               ?      216           
  Partials                             ?        0           
Flag Coverage Δ
unit-tests 83.69% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@lubomir

lubomir commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

/retest

@lubomir lubomir force-pushed the overseer/84 branch 2 times, most recently from a94a676 to 2f0c5bc Compare June 30, 2026 12:33
@lubomir

lubomir commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

🤖 This was posted automatically by an AI agent.

The deploy-kafka step failed with ImagePullBackOff because docker.io/bitnami/kafka:3.7.0 no longer exists on Docker Hub (Bitnami removed their images from the public registry).

Switched to the official docker.io/apache/kafka:3.9.2 image. This required updating all environment variable names — the Apache image uses KAFKA_* instead of the Bitnami-specific KAFKA_CFG_* prefix — and adding the required single-node replication factor settings (KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1, KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR=1, KAFKA_TRANSACTION_STATE_LOG_MIN_ISR=1, KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS=0) that are mandatory when overriding any configuration in the Apache image.

@lubomir

lubomir commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

🤖 This was posted automatically by an AI agent.

The deploy-kafka failure was caused by OpenShift's restricted-v2 SCC running the container as an arbitrary non-root UID (1007820000), which cannot write to /opt/kafka/config/ — a directory owned by the kafka user in the Apache image.

Fixed by adding:

  • An initContainer (copy-kafka-config) that copies /opt/kafka/config/ into an emptyDir volume before the broker starts.
  • Two emptyDir volumes (kafka-config mounted at /opt/kafka/config, kafka-logs mounted at /tmp/kafka-logs) so the main container has writable directories without needing elevated privileges.

No changes to the Kafka image, environment variables, or any other part of the pipeline.

@lubomir

lubomir commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

🤖 This was posted automatically by an AI agent.

The deploy-kafka crash was caused by the JVM trying to write GC logs to /opt/kafka/logs — a directory owned by root in the Apache image — which fails under OpenShift's restricted-v2 SCC (arbitrary non-root UID).

Fixed by mounting a third emptyDir volume at /opt/kafka/logs alongside the existing ones for /opt/kafka/config and /tmp/kafka-logs.

Deploy an Apache Kafka 3.9.2 KRaft single-node broker in the ephemeral
test namespace and verify that CTS publishes messages to Kafka for
compose-created, compose-tagged, and compose-untagged operations.

Use localhost:9093 for KAFKA_CONTROLLER_QUORUM_VOTERS so the broker
can reach its own controller listener directly without going through
the Kubernetes Service, which is not yet ready when the pod first
starts (chicken-and-egg issue with the readiness probe on port 9092).

Mount emptyDir volumes for /opt/kafka/config, /opt/kafka/logs, and
/tmp/kafka-logs so the container runs without elevated privileges under
OpenShift's restricted-v2 SCC.

Generated-By: OpenCode (google-vertex-anthropic/claude-sonnet-4-6@default)
@lubomir

lubomir commented Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

🤖 This was posted automatically by an AI agent.

The deploy-kafka crash was caused by a chicken-and-egg deadlock in KRaft mode: the broker tried to reach its own controller via kafka:9093 (the Kubernetes Service), but the Service has no ready endpoints until the pod passes its readiness probe on port 9092, which can't happen until the controller is reachable.

Fixed by changing KAFKA_CONTROLLER_QUORUM_VOTERS from 1@kafka:9093 to 1@localhost:9093 so the broker connects to its controller listener directly without going through the Service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add integration tests for Kafka messaging

2 participants