simplify env vars again, create one well known /tmp/integration-test-env file again
This commit is contained in:
Benjamin A. Petersen
parent
050750d682
commit
d803b7c3d4
@ -50,19 +50,8 @@ cd "$pinniped_path" || exit 1
|
||||
# - app: unimportant, but always first
|
||||
# - tag: uuidgen in hack/prepare-for-integration-tests.sh
|
||||
# if this script is run standalone, then auto-fill with a unique value
|
||||
# - env_file_name: the text file to write environment variables for integration tests, IDEs, etc.
|
||||
app=${1:-"undefined"}
|
||||
tag=${2:-$(uuidgen)}
|
||||
# best if this is passed in by calling code to share the same file
|
||||
env_file_name=${3:-"undefined"}
|
||||
|
||||
|
||||
if [ "${env_file_name}" == "undefined" ]; then
|
||||
env_file_name="$(mktemp /tmp/pinniped.integration.XXXXXXXX)"
|
||||
log_note "env file name not passed, generating new environment file: ${env_file_name}"
|
||||
else
|
||||
log_note "appending to shared env file: ${env_file_name}"
|
||||
fi
|
||||
|
||||
# TODO: automate the version by release somehow.
|
||||
# the tag is the version in our build scripts, but we will want real versions for releases
|
||||
@ -293,9 +282,6 @@ kubectl create secret generic "$test_username" \
|
||||
--output yaml |
|
||||
kubectl apply -f -
|
||||
|
||||
# TODO: this is a race, we need to wait for this secret to exist, should we --wait?
|
||||
webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')"
|
||||
# end local-user-authenticator
|
||||
|
||||
|
||||
# start concierge
|
||||
@ -347,6 +333,7 @@ stringData:
|
||||
custom_labels: $concierge_custom_labels
|
||||
image_repo: $registry_repo
|
||||
image_tag: $tag
|
||||
discovery_url: $discovery_url
|
||||
EOF
|
||||
|
||||
KAPP_CONTROLLER_APP_NAME="${resource_name}-pkginstall"
|
||||
@ -416,14 +403,6 @@ log_note "deploying ${KAPP_CONTROLLER_APP_NAME}..."
|
||||
kapp deploy --app "${KAPP_CONTROLLER_APP_NAME}" --file "${PACKAGE_INSTALL_FILE_NAME}" -y
|
||||
# end supervisor
|
||||
|
||||
log_note "writing to environment file: ${env_file_name}..."
|
||||
echo "# carvel package script additions........."
|
||||
echo "export PINNIPED_TEST_USER_USERNAME=${test_username}" >> "${env_file_name}"
|
||||
echo "export PINNIPED_TEST_USER_GROUPS=${test_groups}" >> "${env_file_name}"
|
||||
echo "export PINNIPED_TEST_USER_TOKEN=${test_username}:${test_password}" >> "${env_file_name}"
|
||||
echo "export PINNIPED_TEST_WEBHOOK_CA_BUNDLE=${webhook_ca_bundle}" >> "${env_file_name}"
|
||||
echo "# carvel package script additions end....."
|
||||
|
||||
log_note "verifying PackageInstall resources..."
|
||||
kubectl get PackageInstall -A | grep pinniped
|
||||
kubectl get secret -A | grep pinniped
|
||||
|
||||
@ -11,15 +11,8 @@ set -euo pipefail
|
||||
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
|
||||
|
||||
env_file_name=${1:-"undefined"}
|
||||
if [ "${env_file_name}" == "undefined" ]
|
||||
then
|
||||
echo "environment variable file name must be specified."
|
||||
echo "hint: this is typically in the output of running hack/prepare-for-integration-tests.sh"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
source "${env_file_name}"
|
||||
source "/tmp/integration-test-env"
|
||||
|
||||
echo -n "PINNIPED_TEST_GOLAND_RUNNER=true;"
|
||||
|
||||
|
||||
25
hack/noop.sh
25
hack/noop.sh
@ -40,31 +40,6 @@ function check_dependency() {
|
||||
fi
|
||||
}
|
||||
|
||||
## two vars will be received by this script:
|
||||
## Received: local-user-authenticator
|
||||
## Received: D00A4537-80F1-4AF2-A3B3-5F20BDBB9AEB
|
||||
app=${1}
|
||||
## tag is fed in from the prepare-for-integration-tests.sh script, just uuidgen to identify a
|
||||
## specific docker build of the pinniped-server image.
|
||||
tag=${2}
|
||||
# env_file_name is where to write env vars, if necessary to contribute to the environment
|
||||
env_file_name=${3}
|
||||
#SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
#log_note "noop.sh >>> script dir: ${SCRIPT_DIR}"
|
||||
log_note "noop.sh >>> app: ${app} tag: ${tag}"
|
||||
## nothing else, this is a test.
|
||||
#
|
||||
#log_note "temporarily creating ns:local-user-authenticator as workaround..."
|
||||
#
|
||||
#local_user_authenticator_file="/tmp/install-local-user-authenticator-namespace.yaml"
|
||||
#cat <<EOF > "${local_user_authenticator_file}"
|
||||
#---
|
||||
#apiVersion: v1
|
||||
#kind: Namespace
|
||||
#metadata:
|
||||
# name: local-user-authenticator
|
||||
# labels:
|
||||
# name: local-user-authenticator
|
||||
#EOF
|
||||
#
|
||||
#kubectl apply -f "${local_user_authenticator_file}"
|
||||
|
||||
@ -232,10 +232,6 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# since we allow other scripts to write to the environment file, we need to create a new one every time
|
||||
env_file_name="$(mktemp /tmp/pinniped.integration.XXXXXXXX)"
|
||||
log_note "creating environment variable file: $env_file_name"
|
||||
|
||||
# registry="pinniped.local"
|
||||
registry="kind-registry.local:5000"
|
||||
# TODO: need to prompt the user to edit their /etc/hosts here, because otherwise
|
||||
@ -280,18 +276,14 @@ docker push "$registry_repo_tag"
|
||||
# Deploy local-user-authenticator
|
||||
#
|
||||
manifest=/tmp/pinniped-local-user-authenticator.yaml
|
||||
test_username=""
|
||||
test_groups=""
|
||||
test_password=""
|
||||
webhook_ca_bundle=""
|
||||
if [ "$alternate_deploy" != "undefined" ] || [ "$alternate_deploy_local_user_authenticator" != "undefined" ] ; then
|
||||
if [ "$alternate_deploy" != "undefined" ]; then
|
||||
log_note "The Pinniped local-user-authenticator will be deployed with $alternate_deploy local-user-authenticator $tag..."
|
||||
$alternate_deploy local-user-authenticator $tag $env_file_name
|
||||
$alternate_deploy local-user-authenticator $tag
|
||||
fi
|
||||
if [ "$alternate_deploy_local_user_authenticator" != "undefined" ]; then
|
||||
log_note "The Pinniped local-user-authenticator will be deployed with $alternate_deploy_local_user_authenticator local-user-authenticator $tag..."
|
||||
$alternate_deploy_local_user_authenticator local-user-authenticator $tag $env_file_name
|
||||
$alternate_deploy_local_user_authenticator local-user-authenticator $tag
|
||||
fi
|
||||
else
|
||||
log_note "Deploying the local-user-authenticator app to the cluster using kapp..."
|
||||
@ -303,26 +295,6 @@ else
|
||||
kapp deploy --yes --app local-user-authenticator --diff-changes --file "$manifest"
|
||||
kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema.
|
||||
|
||||
|
||||
log_note "Creating test user '$test_username'..."
|
||||
test_username="test-username"
|
||||
test_groups="test-group-0,test-group-1"
|
||||
test_password="$(openssl rand -hex 16)"
|
||||
echo "export PINNIPED_TEST_USER_USERNAME=${test_username}" >> "${env_file_name}"
|
||||
echo "export PINNIPED_TEST_USER_GROUPS=${test_groups}" >> "${env_file_name}"
|
||||
echo "export PINNIPED_TEST_USER_TOKEN=${test_username}:${test_password}" >> "${env_file_name}"
|
||||
|
||||
kubectl create secret generic "$test_username" \
|
||||
--namespace local-user-authenticator \
|
||||
--from-literal=groups="$test_groups" \
|
||||
--from-literal=passwordHash="$(htpasswd -nbBC 10 x "$test_password" | sed -e "s/^x://")" \
|
||||
--dry-run=client \
|
||||
--output yaml |
|
||||
kubectl apply -f -
|
||||
|
||||
# TODO: this is a race, we need to wait for this secret to exist, should we --wait?
|
||||
webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')"
|
||||
echo "export PINNIPED_TEST_WEBHOOK_CA_BUNDLE=${webhook_ca_bundle}" >> "${env_file_name}"
|
||||
popd >/dev/null
|
||||
fi
|
||||
|
||||
@ -361,11 +333,11 @@ service_https_clusterip_port="443"
|
||||
if [ "$alternate_deploy" != "undefined" ] || [ "$alternate_deploy_supervisor" != "undefined" ] ; then
|
||||
if [ "$alternate_deploy" != "undefined" ]; then
|
||||
log_note "The Pinniped Supervisor will be deployed with $alternate_deploy pinniped-supervisor $tag..."
|
||||
$alternate_deploy pinniped-supervisor $tag $env_file_name
|
||||
$alternate_deploy pinniped-supervisor $tag
|
||||
fi
|
||||
if [ "$alternate_deploy_supervisor" != "undefined" ]; then
|
||||
log_note "The Pinniped Supervisor will be deployed with $alternate_deploy_supervisor pinniped-supervisor $tag..."
|
||||
$alternate_deploy_supervisor pinniped-supervisor $tag $env_file_name
|
||||
$alternate_deploy_supervisor pinniped-supervisor $tag
|
||||
fi
|
||||
else
|
||||
log_note "Deploying the Pinniped Supervisor app to the cluster using kapp..."
|
||||
@ -402,11 +374,11 @@ log_level="debug"
|
||||
if [ "$alternate_deploy" != "undefined" ] || [ "$alternate_deploy_concierge" != "undefined" ] ; then
|
||||
if [ "$alternate_deploy" != "undefined" ]; then
|
||||
log_note "The Pinniped Concierge will be deployed with $alternate_deploy pinniped-concierge $tag..."
|
||||
$alternate_deploy pinniped-concierge $tag $env_file_name
|
||||
$alternate_deploy pinniped-concierge $tag
|
||||
fi
|
||||
if [ "$alternate_deploy_concierge" != "undefined" ]; then
|
||||
log_note "The Pinniped Concierge will be deployed with $alternate_deploy_concierge pinniped-concierge $tag..."
|
||||
$alternate_deploy_concierge pinniped-concierge $tag $env_file_name
|
||||
$alternate_deploy_concierge pinniped-concierge $tag
|
||||
fi
|
||||
else
|
||||
log_note "Deploying the Pinniped Concierge app to the cluster using kapp..."
|
||||
@ -433,9 +405,31 @@ fi
|
||||
# running it after the above also allows appending to the environment variable file
|
||||
if [ "$post_install" != "undefined" ] ; then
|
||||
log_note "The post-install script will be called with $tag..."
|
||||
$post_install post-install-script $tag $env_file_name
|
||||
$post_install post-install-script $tag
|
||||
fi
|
||||
|
||||
#
|
||||
# Test user for the authenticator
|
||||
# the authenticator may be deployed in alternative ways (ex. carvel package) but regardless we need a test user.
|
||||
#
|
||||
log_note "Creating test user for local-user-authenticator..."
|
||||
test_username="test-username"
|
||||
test_groups="test-group-0,test-group-1"
|
||||
test_password="$(openssl rand -hex 16)"
|
||||
|
||||
kubectl create secret generic "$test_username" \
|
||||
--namespace local-user-authenticator \
|
||||
--from-literal=groups="$test_groups" \
|
||||
--from-literal=passwordHash="$(htpasswd -nbBC 10 x "$test_password" | sed -e "s/^x://")" \
|
||||
--dry-run=client \
|
||||
--output yaml |
|
||||
kubectl apply -f -
|
||||
|
||||
#
|
||||
# Regardless of how the local-user-authenticator is installed, we need the webhook bundle in the environment file.
|
||||
#
|
||||
webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')"
|
||||
|
||||
#
|
||||
# Download the test CA bundle that was generated in the Dex pod.
|
||||
# Note that this returns a base64 encoded value.
|
||||
@ -452,14 +446,19 @@ test_ca_bundle_pem="$(kubectl get secrets -n tools certs -o go-template='{{index
|
||||
kind_capabilities_file="$pinniped_path/test/cluster_capabilities/kind.yaml"
|
||||
pinniped_cluster_capability_file_content=$(cat "$kind_capabilities_file")
|
||||
|
||||
env_file_name="/tmp/integration-test-env"
|
||||
|
||||
cat <<EOF >>"$env_file_name"
|
||||
cat <<EOF >"$env_file_name"
|
||||
# The following env vars should be set before running 'go test -v -count 1 -timeout 0 ./test/integration'
|
||||
export PINNIPED_TEST_TOOLS_NAMESPACE="tools"
|
||||
export PINNIPED_TEST_CONCIERGE_NAMESPACE=${concierge_namespace}
|
||||
export PINNIPED_TEST_CONCIERGE_APP_NAME=${concierge_app_name}
|
||||
export PINNIPED_TEST_CONCIERGE_CUSTOM_LABELS='${concierge_custom_labels}'
|
||||
export PINNIPED_TEST_USER_USERNAME=${test_username}
|
||||
export PINNIPED_TEST_USER_GROUPS=${test_groups}
|
||||
export PINNIPED_TEST_USER_TOKEN=${test_username}:${test_password}
|
||||
export PINNIPED_TEST_WEBHOOK_ENDPOINT=${webhook_url}
|
||||
export PINNIPED_TEST_WEBHOOK_CA_BUNDLE=${webhook_ca_bundle}
|
||||
export PINNIPED_TEST_SUPERVISOR_NAMESPACE=${supervisor_namespace}
|
||||
export PINNIPED_TEST_SUPERVISOR_APP_NAME=${supervisor_app_name}
|
||||
export PINNIPED_TEST_SUPERVISOR_CUSTOM_LABELS='${supervisor_custom_labels}'
|
||||
|
||||
@ -51,7 +51,6 @@ use_oidc_upstream=no
|
||||
use_ldap_upstream=no
|
||||
use_ad_upstream=no
|
||||
use_flow=""
|
||||
env_file_name=""
|
||||
while (("$#")); do
|
||||
case "$1" in
|
||||
--flow)
|
||||
@ -82,13 +81,6 @@ while (("$#")); do
|
||||
use_ad_upstream=yes
|
||||
shift
|
||||
;;
|
||||
--env)
|
||||
shift
|
||||
# Use an ActiveDirectoryIdentityProvider.
|
||||
# This assumes that you used the --get-active-directory-vars flag with hack/prepare-for-integration-tests.sh.
|
||||
env_file_name=$1
|
||||
shift
|
||||
;;
|
||||
-*)
|
||||
log_error "Unsupported flag $1" >&2
|
||||
exit 1
|
||||
@ -105,13 +97,8 @@ if [[ "$use_oidc_upstream" == "no" && "$use_ldap_upstream" == "no" && "$use_ad_u
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$env_file_name" == "" ]]; then
|
||||
log_error "Error: Please provide --env file, typically printed in the output of ./hack/prepare-for-integration-tests.sh"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Read the env vars output by hack/prepare-for-integration-tests.sh
|
||||
source $env_file_name
|
||||
source "/tmp/integration-test-env"
|
||||
|
||||
# Choose some filenames.
|
||||
root_ca_crt_path=root_ca.crt
|
||||
|
||||
Loading…
Reference in New Issue
Block a user