From cfe18deb2c78261b8aac5ebba0ed002d2e58f39a Mon Sep 17 00:00:00 2001 From: Glen Johnson Date: Tue, 9 May 2023 08:45:26 -0600 Subject: [PATCH] Run in pipeline --- Dockerfile.e2e | 30 +++++++++++++++++++ Jenkinsfile | 70 ++++++++++++++++++++++++-------------------- bin/start | 19 ++++++++++-- bin/test_e2e | 16 ++++++++++ e2e/kind-config.yaml | 6 ---- e2e/main_test.go | 24 +++++++++++---- 6 files changed, 120 insertions(+), 45 deletions(-) create mode 100644 Dockerfile.e2e create mode 100755 bin/test_e2e delete mode 100644 e2e/kind-config.yaml diff --git a/Dockerfile.e2e b/Dockerfile.e2e new file mode 100644 index 00000000..81906376 --- /dev/null +++ b/Dockerfile.e2e @@ -0,0 +1,30 @@ +FROM golang:1.19-alpine +MAINTAINER CyberArk Software Ltd. +LABEL id="secrets-provider-for-k8s-test-runner" + +# On CyberArk dev laptops, golang module dependencies are downloaded with a +# corporate proxy in the middle. For these connections to succeed we need to +# configure the proxy CA certificate in build containers. +# +# To allow this script to also work on non-CyberArk laptops where the CA +# certificate is not available, we copy the (potentially empty) directory +# and update container certificates based on that, rather than rely on the +# CA file itself. +ADD build_ca_certificate /usr/local/share/ca-certificates/ +RUN update-ca-certificates + +WORKDIR /secrets-provider-for-k8s + +RUN apk add -u curl \ + gcc \ + git \ + mercurial \ + musl-dev + +COPY go.mod go.sum /secrets-provider-for-k8s/ + +RUN go mod download + +COPY . . + +ENTRYPOINT [ "go", "test", "-v" ] diff --git a/Jenkinsfile b/Jenkinsfile index 6307261b..560ca52e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -164,31 +164,37 @@ pipeline { } } - stage('Run Unit Tests') { + // stage('Run Unit Tests') { + // steps { + // sh './bin/test_unit' + // } + // post { + // always { + // sh './bin/coverage' + // junit 'junit.xml' + // cobertura autoUpdateHealth: false, autoUpdateStability: false, coberturaReportFile: 'coverage.xml', conditionalCoverageTargets: '70, 0, 0', failUnhealthy: false, failUnstable: false, maxNumberOfBuilds: 0, lineCoverageTargets: '70, 0, 0', methodCoverageTargets: '70, 0, 0', onlyStable: false, sourceEncoding: 'ASCII', zoomCoverageChart: false + // ccCoverage("gocov", "--prefix github.com/cyberark/secrets-provider-for-k8s") + // } + // } + // } + + stage('Run E2E Tests') { steps { - sh './bin/test_unit' - } - post { - always { - sh './bin/coverage' - junit 'junit.xml' - cobertura autoUpdateHealth: false, autoUpdateStability: false, coberturaReportFile: 'coverage.xml', conditionalCoverageTargets: '70, 0, 0', failUnhealthy: false, failUnstable: false, maxNumberOfBuilds: 0, lineCoverageTargets: '70, 0, 0', methodCoverageTargets: '70, 0, 0', onlyStable: false, sourceEncoding: 'ASCII', zoomCoverageChart: false - ccCoverage("gocov", "--prefix github.com/cyberark/secrets-provider-for-k8s") - } + sh './bin/test_e2e' } } - stage ("DAP Integration Tests on GKE") { - steps { - script { - def tasks = [:] - tasks["Kubernetes GKE, DAP"] = { - sh "./bin/start --docker --dap --gke" - } - parallel tasks - } - } - } + // stage ("DAP Integration Tests on GKE") { + // steps { + // script { + // def tasks = [:] + // tasks["Kubernetes GKE, DAP"] = { + // sh "./bin/start --docker --dap --gke" + // } + // parallel tasks + // } + // } + // } stage ("DAP Integration Tests on OpenShift") { when { @@ -226,17 +232,17 @@ pipeline { // We want to avoid running in parallel. // When we have 2 build running on the same environment (gke env only) in parallel, // we get the error "gcloud crashed : database is locked" - stage ("OSS Integration Tests on GKE") { - steps { - script { - def tasks = [:] - tasks["Kubernetes GKE, oss"] = { - sh "./bin/start --docker --oss --gke" - } - parallel tasks - } - } - } + // stage ("OSS Integration Tests on GKE") { + // steps { + // script { + // def tasks = [:] + // tasks["Kubernetes GKE, oss"] = { + // sh "./bin/start --docker --oss --gke" + // } + // parallel tasks + // } + // } + // } // Allows for the promotion of images. stage('Push images to internal registry') { diff --git a/bin/start b/bin/start index 0649511c..1afa5d29 100755 --- a/bin/start +++ b/bin/start @@ -70,7 +70,6 @@ export RUN_IN_DOCKER export CONJUR_DEPLOYMENT export DEV export SUMMON_ENV -export TEST export TEMPLATE_OVERRIDE echo $TEMPLATE_OVERRIDE @@ -81,7 +80,23 @@ export CONJUR_MAJOR_VERSION=5 # make sure we are in the project root cd $(git rev-parse --show-toplevel) -source bootstrap.env +# source bootstrap.env +export UNIQUE_TEST_ID="$(uuidgen | tr "[:upper:]" "[:lower:]" | head -c 10)" +export CONJUR_MINOR_VERSION=5.0 +export CONJUR_APPLIANCE_IMAGE=registry.tld/conjur-appliance:$CONJUR_MINOR_VERSION-stable +export CONJUR_FOLLOWER_COUNT=1 +export CONJUR_ACCOUNT=account-$UNIQUE_TEST_ID +export AUTHENTICATOR_ID=conjur-$UNIQUE_TEST_ID-test +export CONJUR_ADMIN_PASSWORD=ADmin123!!!! +export DEPLOY_MASTER_CLUSTER=true +export CONJUR_NAMESPACE_NAME=conjur-$UNIQUE_TEST_ID +export TEST_RUNNER_IMAGE=runner-$UNIQUE_TEST_ID +export DEV=false +export APP_NAMESPACE_NAME=app-$UNIQUE_TEST_ID +export SUMMON_ENV=gke +export RUN_IN_DOCKER=true + +export SECRETS_MODE=k8s # Supported: [k8s, k8s-rotation, p2f, p2f-rotation] pushd deploy if [[ $RUN_IN_DOCKER = true ]]; then diff --git a/bin/test_e2e b/bin/test_e2e new file mode 100755 index 00000000..baa5e549 --- /dev/null +++ b/bin/test_e2e @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +set -exo pipefail + +echo "NOTE: Running this locally requires that you have the DEV environment values uncommented in bootstrap.env!" +echo "It also assumes that you have Kubernetes enabled in Docker Desktop." + +# docker build -f Dockerfile.e2e -t secrets-provider-for-k8s-e2e-test-runner:latest . + +docker run --rm -t \ + --volume "$PWD"/:/secrets-provider-for-k8s/test/ \ + secrets-provider-for-k8s-e2e-test-runner:latest \ + ./e2e \ + $@ + +echo "E2E test exit status: $?" diff --git a/e2e/kind-config.yaml b/e2e/kind-config.yaml deleted file mode 100644 index ae8cd304..00000000 --- a/e2e/kind-config.yaml +++ /dev/null @@ -1,6 +0,0 @@ -kind: Cluster -apiVersion: kind.x-k8s.io/v1alpha4 -nodes: - - role: control-plane - - role: worker - - role: worker diff --git a/e2e/main_test.go b/e2e/main_test.go index 8d17b706..0421b695 100644 --- a/e2e/main_test.go +++ b/e2e/main_test.go @@ -2,6 +2,7 @@ package e2e import ( "context" + "flag" "fmt" "os" "os/exec" @@ -26,7 +27,12 @@ var ( k8sClient klient.Client ) +var platform = flag.String("platform", "gke", "Kubernetes platform to run tests on (gke, next, current, oldest)") +var oss = flag.Bool("oss", false, "Use Conjur OSS (default is DAP)") + func TestMain(m *testing.M) { + fmt.Printf("1") + testenv = env.New() path := conf.ResolveKubeConfigFile() cfg := envconf.NewWithKubeConfig(path) @@ -34,16 +40,27 @@ func TestMain(m *testing.M) { testenv.Setup( func(ctx context.Context, cfg *envconf.Config) (context.Context, error) { - fmt.Println("Setup") + fmt.Printf("2") + k8sClient = cfg.Client() + // Build the Secrets Provider image cmd1 := exec.Command("../bin/build") out, err := cmd1.CombinedOutput() if err != nil { fmt.Printf("Failed to execute command. %v, %s", err, out) } - cmd2 := exec.Command("../bin/start", "--dev") + // Run the dev environment start script + // NOTE - this won't work in CI - we probably need to run it + // with the following flag combinations based on parameters from the test script: + // --docker --oss --gke + // --docker --dap --gke + // --docker --oss --current/next/oldest + cmd2 := exec.Command("../bin/start", "--"+*platform) + if *oss { + cmd2.Args = append(cmd2.Args, "--oss") + } out, err = cmd2.CombinedOutput() if err != nil { fmt.Printf("Failed to execute command. %v, %s", err, out) @@ -67,9 +84,6 @@ func TestMain(m *testing.M) { fmt.Print(err) } - // Setup complete - fmt.Println("Setup done") - return ctx, nil }, )