From f5c3a4ec096e97366b012c7e0ea342daa4504952 Mon Sep 17 00:00:00 2001 From: Moti Cohen Date: Sun, 13 Oct 2019 16:42:49 +0300 Subject: [PATCH 1/7] Implement automated tests. The tests have a common initialization flow and set of tests that follows. 1. Durinig intialization flow - the repo kubernetes-conjur-deploy is being cloned and deployed. - test_app namespace is being created - conjur master is being loaded with relevant policies 2. Execution of set of tests is being invoked via run_tests.sh that run each test such that - script test_case_setup.sh run before each test - script test_case_teardown.sh run after each test - on each error, execution is being terminated immediately, leaving environment untouched. Notes: - Under time limitation there was some compromise on code refactoring and code convention. - We should consider having proper tool for manipulting yaml files. --- test/5_deploy_test_env.sh | 35 -------- .../secrets-access-role-binding.sh.yml | 2 +- test/k8s-config/secrets-access-role.sh.yml | 17 ++++ test/k8s-config/secrets-access-role.yml | 8 -- test/k8s-config/test-env.sh.yml | 24 +++--- test/run_demo.sh | 2 +- test/stop | 2 +- ...EST_ID_10_SECRETS_DESTINATION_not_exist.sh | 18 ++++ ...TEST_ID_1_providing_secret_successfully.sh | 15 ++++ ..._2_multiple_pods_changing_pwd_inbetween.sh | 54 ++++++++++++ ...ECRETS_DESTINATION_with_incorrect_value.sh | 17 ++++ .../TEST_ID_4_CONTAINER_MODE_not_exist.sh | 17 ++++ .../TEST_ID_5_no_get_permission_to_secret.sh | 16 ++++ ...TEST_ID_6_no_patch_permission_to_secret.sh | 19 +++++ ...TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh | 20 +++++ .../TEST_ID_8_K8S_SECRETS_env_var_empty.sh | 19 +++++ ...D_9_K8S_SECRETS_env_var_incorrect_value.sh | 19 +++++ test/test_cases/run_tests.sh | 31 +++++++ test/test_cases/test_case_setup.sh | 16 ++++ test/test_cases/test_case_teardown.sh | 27 ++++++ test/test_in_docker.sh | 2 +- test/test_with_summon.sh | 46 +++++----- test/utils.sh | 83 +++++++++++++++++++ 23 files changed, 427 insertions(+), 82 deletions(-) delete mode 100755 test/5_deploy_test_env.sh create mode 100755 test/k8s-config/secrets-access-role.sh.yml delete mode 100644 test/k8s-config/secrets-access-role.yml create mode 100755 test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh create mode 100755 test/test_cases/TEST_ID_1_providing_secret_successfully.sh create mode 100755 test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh create mode 100755 test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh create mode 100755 test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh create mode 100755 test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh create mode 100755 test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh create mode 100755 test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh create mode 100755 test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh create mode 100755 test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh create mode 100755 test/test_cases/run_tests.sh create mode 100755 test/test_cases/test_case_setup.sh create mode 100755 test/test_cases/test_case_teardown.sh diff --git a/test/5_deploy_test_env.sh b/test/5_deploy_test_env.sh deleted file mode 100755 index 5fb6d1fc..00000000 --- a/test/5_deploy_test_env.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -eu - -. utils.sh - -set_namespace $TEST_APP_NAMESPACE_NAME - -echo "Publish docker image" -docker tag "cyberark-secrets-provider-for-k8s:dev" "${DOCKER_REGISTRY_PATH}/${TEST_APP_NAMESPACE_NAME}/secrets-provider" -docker push "${DOCKER_REGISTRY_PATH}/${TEST_APP_NAMESPACE_NAME}/secrets-provider" - -echo "Enable image pull" -$cli delete secret dockerpullsecret --ignore-not-found=true -# TODO: replace the following with `oc create secret` -$cli secrets new-dockercfg dockerpullsecret \ - --docker-server=${DOCKER_REGISTRY_PATH} \ - --docker-username=_ \ - --docker-password=$($cli whoami -t) \ - --docker-email=_ -$cli secrets add serviceaccount/default secrets/dockerpullsecret --for=pull - -readonly K8S_CONFIG_DIR="k8s-config" - -$cli delete clusterrole secrets-access --ignore-not-found=true -$cli create -f $K8S_CONFIG_DIR/secrets-access-role.yml - -./$K8S_CONFIG_DIR/secrets-access-role-binding.sh.yml | $cli create -f - - -conjur_node_pod=$($cli get pod --namespace $CONJUR_NAMESPACE_NAME --selector=app=conjur-node -o=jsonpath='{.items[].metadata.name}') - -# this variable is consumed in test-env.sh.yml -export CONJUR_SSL_CERTIFICATE=$($cli exec --namespace $CONJUR_NAMESPACE_NAME "${conjur_node_pod}" cat /opt/conjur/etc/ssl/conjur-master.pem) - -./$K8S_CONFIG_DIR/test-env.sh.yml | $cli create -f - - -$cli create -f $K8S_CONFIG_DIR/k8s-secret.yml diff --git a/test/k8s-config/secrets-access-role-binding.sh.yml b/test/k8s-config/secrets-access-role-binding.sh.yml index cc889059..7fd1de37 100755 --- a/test/k8s-config/secrets-access-role-binding.sh.yml +++ b/test/k8s-config/secrets-access-role-binding.sh.yml @@ -1,6 +1,6 @@ #!/bin/bash - set -euo pipefail + cat << EOL --- apiVersion: v1 diff --git a/test/k8s-config/secrets-access-role.sh.yml b/test/k8s-config/secrets-access-role.sh.yml new file mode 100755 index 00000000..f52f1540 --- /dev/null +++ b/test/k8s-config/secrets-access-role.sh.yml @@ -0,0 +1,17 @@ +#!/bin/bash +set -euo pipefail + +# Test cases can modify following variable from outside: +SECRET_CLUSTER_ROLE_VERBS=${SECRET_CLUSTER_ROLE_VERBS:-" verbs: [ \"get\", \"patch\" ]"} + +cat << EOL +--- +apiVersion: v1 +kind: ClusterRole +metadata: + name: secrets-access +rules: + - resources: ["secrets"] +${SECRET_CLUSTER_ROLE_VERBS} + +EOL \ No newline at end of file diff --git a/test/k8s-config/secrets-access-role.yml b/test/k8s-config/secrets-access-role.yml deleted file mode 100644 index 00989837..00000000 --- a/test/k8s-config/secrets-access-role.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: ClusterRole -metadata: - name: secrets-access -rules: - - resources: ["secrets"] - verbs: [ "get", "patch" ] diff --git a/test/k8s-config/test-env.sh.yml b/test/k8s-config/test-env.sh.yml index f376f235..c958bc59 100755 --- a/test/k8s-config/test-env.sh.yml +++ b/test/k8s-config/test-env.sh.yml @@ -1,6 +1,12 @@ #!/bin/bash - set -euo pipefail + +# Test cases can modify following variable from outside: +SECRETS_DESTINATION_KEY_VALUE=${SECRETS_DESTINATION_KEY_VALUE:-" - name: SECRETS_DESTINATION"$'\n'" value: k8s_secrets"} +CONTAINER_MODE_KEY_VALUE=${CONTAINER_MODE_KEY_VALUE:-" - name: CONTAINER_MODE"$'\n'" value: init"} +K8S_SECRETS_KEY_VALUE=${K8S_SECRETS_KEY_VALUE:-" - name: K8S_SECRETS"$'\n'" value: test-k8s-secret"} + + cat << EOL --- apiVersion: v1 @@ -22,8 +28,8 @@ spec: containers: - image: debian name: test-app - command: ["printenv"] - args: ["TEST_SECRET"] + command: ["sleep"] + args: ["infinity"] env: - name: TEST_SECRET valueFrom: @@ -35,9 +41,6 @@ spec: imagePullPolicy: Always name: cyberark-secrets-provider env: - - name: CONTAINER_MODE - value: init - - name: MY_POD_NAME valueFrom: fieldRef: @@ -78,15 +81,12 @@ spec: configMapKeyRef: name: conjur-master-ca-env key: ssl-certificate - - - name: K8S_SECRETS - value: test-k8s-secret - +${K8S_SECRETS_KEY_VALUE} +${CONTAINER_MODE_KEY_VALUE} - name: DEBUG value: "true" - - name: SECRETS_DESTINATION - value: k8s_secrets +${SECRETS_DESTINATION_KEY_VALUE} imagePullSecrets: - name: dockerpullsecret diff --git a/test/run_demo.sh b/test/run_demo.sh index 96bf5d7e..84fa2991 100755 --- a/test/run_demo.sh +++ b/test/run_demo.sh @@ -76,7 +76,7 @@ function enableImagePull() { function provideSecretAccessToServiceAccount() { $cli delete clusterrole secrets-access --ignore-not-found=true - $cli create -f k8s-config/secrets-access-role.yml + ./k8s-config/secrets-access-role.sh.yml | $cli create -f - ./k8s-config/secrets-access-role-binding.sh.yml | $cli create -f - } diff --git a/test/stop b/test/stop index 9a1abecb..42772749 100755 --- a/test/stop +++ b/test/stop @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -source bootstrap.env +#source bootstrap.env . utils.sh diff --git a/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh b/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh new file mode 100755 index 00000000..f379f7a3 --- /dev/null +++ b/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh @@ -0,0 +1,18 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +create_secret_access_role + +create_secret_access_role_binding + +echo "Create test-env pod. SECRETS_DESTINATION is with invalid value 'incorrect_secrets'" +export SECRETS_DESTINATION_KEY_VALUE=" " +deploy_test_env + +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') + +echo "Expecting secrets provider to fail with error 'CSPFK004E Environment variable 'SECRETS_DESTINATION' must be provided'" +wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" + diff --git a/test/test_cases/TEST_ID_1_providing_secret_successfully.sh b/test/test_cases/TEST_ID_1_providing_secret_successfully.sh new file mode 100755 index 00000000..8f46b991 --- /dev/null +++ b/test/test_cases/TEST_ID_1_providing_secret_successfully.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +create_secret_access_role + +create_secret_access_role_binding + +deploy_test_env + +echo "Verifying pod test_env has environment variable 'TEST_SECRET' with value 'supersecret'" +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +wait_for_it 30 " $cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'supersecret'" + diff --git a/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh b/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh new file mode 100755 index 00000000..6f034ebc --- /dev/null +++ b/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh @@ -0,0 +1,54 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +echo "Creating secrets access role" +$TEST_CASES_K8S_CONFIG_DIR/secrets-access-role.sh.yml | $cli create -f - + +echo "Creating secrets access role binding" +$TEST_CASES_K8S_CONFIG_DIR/secrets-access-role-binding.sh.yml | $cli create -f - + +deploy_test_env + +pod_name1=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') + +echo "Verify pod $pod_name1 has environment variable 'TEST_SECRET' with value 'supersecret'" +wait_for_it 30 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name1} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'supersecret'" + +#echo "Modify secret test_secret to 'secret2'" +#set_namespace "$CONJUR_NAMESPACE_NAME" +#configure_cli_pod +#$cli exec $(get_conjur_cli_pod_name) -- conjur variable values add secrets/test_secret "secret2" +#set_namespace $TEST_APP_NAMESPACE_NAME +test_app_set_secret secrets/test_secret secret2 + + +echo "Deleting pod $pod_name1" +$cli delete pod $pod_name1 + +pod_name2=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +echo "Verify pod $pod_name2 has environment variable 'TEST_SECRET' with value 'supersecret'" +wait_for_it 30 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name2} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'secret2'" + +#echo "Modify secret test_secret to 'secret3'" +#set_namespace "$CONJUR_NAMESPACE_NAME" +#configure_cli_pod +#$cli exec $(get_conjur_cli_pod_name) -- conjur variable values add secrets/test_secret "secret3" +#set_namespace $TEST_APP_NAMESPACE_NAME +test_app_set_secret secrets/test_secret secret3 + + +echo "Setting deploymentconfig test-env to replicas" +$cli scale dc test-env --replicas=3 + +echo "Waiting for 3 running pod test-env" +wait_for_it 30 "$cli get pods | grep test-env | grep Running | wc -l | tr -d ' ' | grep '^3$'" + +echo "Iterate over new pods and verify their secret was updated" +pod_names=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}' | grep -v $pod_name2) +for new_pod in $pod_names +do + echo "Verify pod $new_pod has environment variable 'TEST_SECRET' with value 'secret3'" + wait_for_it 30 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${new_pod} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'secret3'" +done diff --git a/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh b/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh new file mode 100755 index 00000000..5701c407 --- /dev/null +++ b/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +create_secret_access_role + +create_secret_access_role_binding + +echo "Deploying test_env with incorrect value for SECRETS_DESTINATION envrionment variable" +export SECRETS_DESTINATION_KEY_VALUE=" - name: SECRETS_DESTINATION"$'\n'" value: SECRETS_DESTINATION_incorrect_value" +deploy_test_env + +echo "Expecting secrets provider to fail with error 'CSPFK005E Provided incorrect value for environment variable SECRETS_DESTINATION'" +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK005E'" + diff --git a/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh b/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh new file mode 100755 index 00000000..7a5281b2 --- /dev/null +++ b/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +create_secret_access_role + +create_secret_access_role_binding + +echo "Deploying test_env without CONTAINER_MODE envrionment variable" +export CONTAINER_MODE_KEY_VALUE=" " +deploy_test_env + +echo "Expecting secrets provider to fail with error 'CSPFK007E Setting SECRETS_DESTINATION environment variable to 'k8s_secrets' must run as init container'" +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK007E'" + diff --git a/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh b/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh new file mode 100755 index 00000000..3288cd33 --- /dev/null +++ b/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +echo "Creating secrets access role without 'get' permission" +export SECRET_CLUSTER_ROLE_VERBS=" verbs: [ \"patch\" ]" +create_secret_access_role + +create_secret_access_role_binding + +deploy_test_env + +echo "Expecting secrets provider to fail with error 'CSPFK004D Failed to retrieve k8s secret. Reason:...'" +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004D'" diff --git a/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh b/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh new file mode 100755 index 00000000..61afa529 --- /dev/null +++ b/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +echo "Creating secrets access role without 'get' permission" +export SECRET_CLUSTER_ROLE_VERBS=" verbs: [ \"get\" ]" +create_secret_access_role + +create_secret_access_role_binding + +deploy_test_env + +echo "Expecting secrets provider to fail with error 'CSPFK005D Failed to patch k8s secret. Reason:...'" +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK005D'" + + + diff --git a/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh b/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh new file mode 100755 index 00000000..5cee08fd --- /dev/null +++ b/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh @@ -0,0 +1,20 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +create_secret_access_role + +create_secret_access_role_binding + +echo "Deploying test_env without K8S_SECRETS environment variable" +export K8S_SECRETS_KEY_VALUE=" " +deploy_test_env + +echo "Expecting for 'CrashLoopBackOff' state of pod test-env" +wait_for_it 30 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | grep CrashLoopBackOff" + +echo "Expecting secrets provider to fail with error 'CSPFK004E Environment variable K8S_SECRETS must be provided'" +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" + diff --git a/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh b/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh new file mode 100755 index 00000000..f9d06c1d --- /dev/null +++ b/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +create_secret_access_role + +create_secret_access_role_binding + +echo "Deploying test_env with empty value for K8S_SECRETS envrionment variable" +export K8S_SECRETS_KEY_VALUE="${K8S_SECRETS_KEY_VALUE:-" - name: K8S_SECRETS"$'\n'" value: "}" +deploy_test_env + +echo "Expecting for CrashLoopBackOff state of pod test-env" +wait_for_it 30 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | grep CrashLoopBackOff" + +echo "Expecting Secrets provider to fail with error 'CSPFK004E Environment variable K8S_SECRETS must be provided'" +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" diff --git a/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh b/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh new file mode 100755 index 00000000..97bdb771 --- /dev/null +++ b/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +create_secret_access_role + +create_secret_access_role_binding + +echo "Deploying test_env with incorrect value for K8S_SECRETS envrionment variable" +export K8S_SECRETS_KEY_VALUE="${K8S_SECRETS_KEY_VALUE:-" - name: K8S_SECRETS"$'\n'" value: K8S_SECRETS_invalid_value"}" +deploy_test_env + +echo "Expecting secrets provider to fail with debug message 'CSPFK004D Failed to retrieve k8s secret. Reason: secrets K8S_SECRETS_invalid_value not found'" +pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004D'" + +echo "Expecting secrets provider to fail with error 'CSPFK020E Failed to retrieve k8s secret'" +$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK020E' diff --git a/test/test_cases/run_tests.sh b/test/test_cases/run_tests.sh new file mode 100755 index 00000000..f2fa2dc7 --- /dev/null +++ b/test/test_cases/run_tests.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -euo pipefail + +# By default lookup for folders with specifics prefix of type 'test_'. Can be modified by passing argument. +TEST_NAME_PREFIX=${1:-TEST_ID_} + +# Keep envrionment variables for debugging +printenv > printenv.debug + +export TEST_CASES_K8S_CONFIG_DIR="$PWD/../k8s-config" +export TEST_CASES_UTILS="$PWD/../utils.sh" +TIMES=1 + +./test_case_teardown.sh + +source $TEST_CASES_UTILS + +for (( c=1; c<=$TIMES; c++ )) +do + for filename in ./$TEST_NAME_PREFIX*.sh; do ( + announce "Running '$filename'." + ./test_case_setup.sh + $filename + ./test_case_teardown.sh + announce "Test '$filename' ended successfully" + ); done +done + +rm printenv.debug + + diff --git a/test/test_cases/test_case_setup.sh b/test/test_cases/test_case_setup.sh new file mode 100755 index 00000000..cff7894c --- /dev/null +++ b/test/test_cases/test_case_setup.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +# TODO: replace the following with `oc create secret` +$cli secrets new-dockercfg dockerpullsecret \ + --docker-server=${DOCKER_REGISTRY_PATH} \ + --docker-username=_ \ + --docker-password=$($cli whoami -t) \ + --docker-email=_ + +$cli secrets add serviceaccount/default secrets/dockerpullsecret --for=pull + +echo "Create secret k8s-secret" +$cli create -f $TEST_CASES_K8S_CONFIG_DIR/k8s-secret.yml diff --git a/test/test_cases/test_case_teardown.sh b/test/test_cases/test_case_teardown.sh new file mode 100755 index 00000000..18ae4980 --- /dev/null +++ b/test/test_cases/test_case_teardown.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -euxo pipefail + +source $TEST_CASES_UTILS + +# Restore secret to original value +set_namespace $CONJUR_NAMESPACE_NAME +configure_cli_pod +$cli exec $(get_conjur_cli_pod_name) -- conjur variable values add secrets/test_secret "supersecret" + +set_namespace $TEST_APP_NAMESPACE_NAME + +$cli delete secret dockerpullsecret --ignore-not-found=true + +$cli delete clusterrole secrets-access --ignore-not-found=true + +$cli delete secret test-k8s-secret --ignore-not-found=true + +#$cli delete serviceaccount -n $TEST_APP_NAMESPACE_NAME ${TEST_APP_NAMESPACE_NAME}-sa --ignore-not-found=true +$cli delete serviceaccount ${TEST_APP_NAMESPACE_NAME}-sa --ignore-not-found=true + +$cli delete rolebinding secrets-access-role-binding --namespace $TEST_APP_NAMESPACE_NAME --ignore-not-found=true + +$cli delete deploymentconfig -n $TEST_APP_NAMESPACE_NAME test-env --ignore-not-found=true + +$cli delete configmap -n $TEST_APP_NAMESPACE_NAME conjur-master-ca-env --ignore-not-found=true + diff --git a/test/test_in_docker.sh b/test/test_in_docker.sh index 5eabeaed..6d9d69c9 100755 --- a/test/test_in_docker.sh +++ b/test/test_in_docker.sh @@ -26,7 +26,7 @@ function deployConjur() { } function deployTest() { - runDockerCommand "cd test && ./test_with_summon.sh" +runDockerCommand "cd test && ./test_with_summon.sh" } main diff --git a/test/test_with_summon.sh b/test/test_with_summon.sh index d405031e..8d098a5a 100755 --- a/test/test_with_summon.sh +++ b/test/test_with_summon.sh @@ -1,6 +1,8 @@ #!/bin/bash set -xeuo pipefail +. utils.sh + ./platform_login.sh ./1_check_dependencies.sh @@ -14,27 +16,25 @@ if [[ "${DEPLOY_MASTER_CLUSTER}" = "true" ]]; then ./4_init_conjur_cert_authority.sh fi -./5_deploy_test_env.sh - -exit_code=1 -for n in {1..5}; do - pod_name=$(oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') - if [[ "$(oc logs $pod_name)" == "supersecret" ]]; then - exit_code=0 - break - else - sleep 5 - fi -done - -if [[ "$exit_code" = 1 ]]; then - echo "Couldn't retrieve conjur secret in app container. It was not provided by the secrets-provider container" - pod_name=$(oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') - oc logs $pod_name -c cyberark-secrets-provider -else - ./stop - ../kubernetes-conjur-deploy-"$UNIQUE_TEST_ID"/stop - rm -rf "../kubernetes-conjur-deploy-$UNIQUE_TEST_ID" -fi +set_namespace $TEST_APP_NAMESPACE_NAME + +echo "Publish docker image" +docker tag "cyberark-secrets-provider-for-k8s:dev" "${DOCKER_REGISTRY_PATH}/${TEST_APP_NAMESPACE_NAME}/secrets-provider" +docker push "${DOCKER_REGISTRY_PATH}/${TEST_APP_NAMESPACE_NAME}/secrets-provider" + +readonly K8S_CONFIG_DIR="k8s-config" + +# this variable is consumed in test-env.sh.yml +conjur_node_pod=$($cli get pod --namespace $CONJUR_NAMESPACE_NAME --selector=app=conjur-node -o=jsonpath='{.items[].metadata.name}') +export CONJUR_SSL_CERTIFICATE=$($cli exec --namespace $CONJUR_NAMESPACE_NAME "${conjur_node_pod}" cat /opt/conjur/etc/ssl/conjur.pem) + +pushd . > /dev/null +cd ./test_cases +./run_tests.sh +popd > /dev/null + +./stop +../kubernetes-conjur-deploy-"$UNIQUE_TEST_ID"/stop +rm -rf "../kubernetes-conjur-deploy-$UNIQUE_TEST_ID" -exit $exit_code +exit 0 diff --git a/test/utils.sh b/test/utils.sh index 289c6144..2c0639a5 100644 --- a/test/utils.sh +++ b/test/utils.sh @@ -31,6 +31,35 @@ has_namespace() { fi } +wait_for_it() { + local timeout=$1 + local spacer=2 + shift + + if ! [ $timeout = '-1' ]; then + local times_to_run=$((timeout / spacer)) + + echo "Waiting for '$@' up to $timeout s" + for i in $(seq $times_to_run); do + eval $@ > /dev/null && echo 'Success!' && return 0 + echo -n . + sleep $spacer + done + + # Last run evaluated. If this fails we return an error exit code to caller + eval $@ + else + echo "Waiting for '$@' forever" + + while ! eval $@ > /dev/null; do + echo -n . + sleep $spacer + done + echo 'Success!' + fi +} + + set_namespace() { if [[ $# != 1 ]]; then printf "Error in %s/%s - expecting 1 arg.\n" "$(pwd)" $0 @@ -88,3 +117,57 @@ function runDockerCommand() { $1 " } + +configure_cli_pod() { + announce "Configuring Conjur CLI." + + conjur_url="https://conjur-master.$CONJUR_NAMESPACE_NAME.svc.cluster.local" + + conjur_cli_pod=$(get_conjur_cli_pod_name) + + if [ $CONJUR_VERSION = '4' ]; then + $cli exec $conjur_cli_pod -- bash -c "yes yes | conjur init -a $CONJUR_ACCOUNT -h $conjur_url" + $cli exec $conjur_cli_pod -- conjur plugin install policy + elif [ $CONJUR_VERSION = '5' ]; then + $cli exec $conjur_cli_pod -- bash -c "yes yes | conjur init -a $CONJUR_ACCOUNT -u $conjur_url" + fi + + $cli exec $conjur_cli_pod -- conjur authn login -u admin -p $CONJUR_ADMIN_PASSWORD +} + +function deploy_test_env { + echo "Verifying there are no (terminating) pods of type test-env" + wait_for_it 30 "oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | tr -d ' ' | grep '^0$'" + + echo "Deploying test-env" + $TEST_CASES_K8S_CONFIG_DIR/test-env.sh.yml | $cli create -f - + + expected_num_replicas=`$TEST_CASES_K8S_CONFIG_DIR/test-env.sh.yml | awk '/replicas:/ {print $2}' ` + + # deploying deploymentconfig might fail on error flows, even before creating the pods. If so, retry deploy again + wait_for_it 30 "oc get dc/test-env -o jsonpath={.status.replicas} | grep '^${expected_num_replicas}$'|| oc rollout latest dc/test-env" + + echo "Expecting for $expected_num_replicas deployed pods" + wait_for_it 30 "oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | grep $expected_num_replicas" +} + +function create_secret_access_role () { + echo "Creating secrets access role" + $TEST_CASES_K8S_CONFIG_DIR/secrets-access-role.sh.yml | $cli create -f - +} + +function create_secret_access_role_binding () { + echo "Creating secrets access role binding" + $TEST_CASES_K8S_CONFIG_DIR/secrets-access-role-binding.sh.yml | $cli create -f - +} + +function test_app_set_secret () { + SECRET_NAME=$1 + SECRET_VALUE=$2 + echo "Set secret '$SECRET_NAME' to '$SECRET_VALUE'" + set_namespace "$CONJUR_NAMESPACE_NAME" + configure_cli_pod + $cli exec $(get_conjur_cli_pod_name) -- conjur variable values add $SECRET_NAME $SECRET_VALUE + set_namespace $TEST_APP_NAMESPACE_NAME +} + From c2be905b7b06bfdc7948d2a103e4d26d650eae32 Mon Sep 17 00:00:00 2001 From: Moti Cohen Date: Sun, 13 Oct 2019 18:47:53 +0300 Subject: [PATCH 2/7] Implement automated tests - modify wait_for_it timeout from 30 to 600 --- .../TEST_ID_10_SECRETS_DESTINATION_not_exist.sh | 2 +- .../test_cases/TEST_ID_1_providing_secret_successfully.sh | 2 +- .../TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh | 8 ++++---- .../TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh | 2 +- test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh | 2 +- test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh | 2 +- .../test_cases/TEST_ID_6_no_patch_permission_to_secret.sh | 2 +- .../test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh | 4 ++-- test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh | 4 ++-- .../TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh | 2 +- test/utils.sh | 6 +++--- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh b/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh index f379f7a3..4c0f530c 100755 --- a/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh +++ b/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh @@ -14,5 +14,5 @@ deploy_test_env pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') echo "Expecting secrets provider to fail with error 'CSPFK004E Environment variable 'SECRETS_DESTINATION' must be provided'" -wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" +wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" diff --git a/test/test_cases/TEST_ID_1_providing_secret_successfully.sh b/test/test_cases/TEST_ID_1_providing_secret_successfully.sh index 8f46b991..bae1f3cc 100755 --- a/test/test_cases/TEST_ID_1_providing_secret_successfully.sh +++ b/test/test_cases/TEST_ID_1_providing_secret_successfully.sh @@ -11,5 +11,5 @@ deploy_test_env echo "Verifying pod test_env has environment variable 'TEST_SECRET' with value 'supersecret'" pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 30 " $cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'supersecret'" +wait_for_it 600 " $cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'supersecret'" diff --git a/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh b/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh index 6f034ebc..9d126756 100755 --- a/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh +++ b/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh @@ -14,7 +14,7 @@ deploy_test_env pod_name1=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') echo "Verify pod $pod_name1 has environment variable 'TEST_SECRET' with value 'supersecret'" -wait_for_it 30 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name1} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'supersecret'" +wait_for_it 600 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name1} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'supersecret'" #echo "Modify secret test_secret to 'secret2'" #set_namespace "$CONJUR_NAMESPACE_NAME" @@ -29,7 +29,7 @@ $cli delete pod $pod_name1 pod_name2=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') echo "Verify pod $pod_name2 has environment variable 'TEST_SECRET' with value 'supersecret'" -wait_for_it 30 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name2} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'secret2'" +wait_for_it 600 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name2} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'secret2'" #echo "Modify secret test_secret to 'secret3'" #set_namespace "$CONJUR_NAMESPACE_NAME" @@ -43,12 +43,12 @@ echo "Setting deploymentconfig test-env to replicas" $cli scale dc test-env --replicas=3 echo "Waiting for 3 running pod test-env" -wait_for_it 30 "$cli get pods | grep test-env | grep Running | wc -l | tr -d ' ' | grep '^3$'" +wait_for_it 600 "$cli get pods | grep test-env | grep Running | wc -l | tr -d ' ' | grep '^3$'" echo "Iterate over new pods and verify their secret was updated" pod_names=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}' | grep -v $pod_name2) for new_pod in $pod_names do echo "Verify pod $new_pod has environment variable 'TEST_SECRET' with value 'secret3'" - wait_for_it 30 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${new_pod} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'secret3'" + wait_for_it 600 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${new_pod} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'secret3'" done diff --git a/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh b/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh index 5701c407..ef06ca47 100755 --- a/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh +++ b/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh @@ -13,5 +13,5 @@ deploy_test_env echo "Expecting secrets provider to fail with error 'CSPFK005E Provided incorrect value for environment variable SECRETS_DESTINATION'" pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK005E'" +wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK005E'" diff --git a/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh b/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh index 7a5281b2..d694d50e 100755 --- a/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh +++ b/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh @@ -13,5 +13,5 @@ deploy_test_env echo "Expecting secrets provider to fail with error 'CSPFK007E Setting SECRETS_DESTINATION environment variable to 'k8s_secrets' must run as init container'" pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK007E'" +wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK007E'" diff --git a/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh b/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh index 3288cd33..18381d51 100755 --- a/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh +++ b/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh @@ -13,4 +13,4 @@ deploy_test_env echo "Expecting secrets provider to fail with error 'CSPFK004D Failed to retrieve k8s secret. Reason:...'" pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004D'" +wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004D'" diff --git a/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh b/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh index 61afa529..d5d3ae0d 100755 --- a/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh +++ b/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh @@ -13,7 +13,7 @@ deploy_test_env echo "Expecting secrets provider to fail with error 'CSPFK005D Failed to patch k8s secret. Reason:...'" pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK005D'" +wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK005D'" diff --git a/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh b/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh index 5cee08fd..c498510d 100755 --- a/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh +++ b/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh @@ -12,9 +12,9 @@ export K8S_SECRETS_KEY_VALUE=" " deploy_test_env echo "Expecting for 'CrashLoopBackOff' state of pod test-env" -wait_for_it 30 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | grep CrashLoopBackOff" +wait_for_it 600 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | grep CrashLoopBackOff" echo "Expecting secrets provider to fail with error 'CSPFK004E Environment variable K8S_SECRETS must be provided'" pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" +wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" diff --git a/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh b/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh index f9d06c1d..28d7a1ce 100755 --- a/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh +++ b/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh @@ -12,8 +12,8 @@ export K8S_SECRETS_KEY_VALUE="${K8S_SECRETS_KEY_VALUE:-" - name: K8S_SE deploy_test_env echo "Expecting for CrashLoopBackOff state of pod test-env" -wait_for_it 30 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | grep CrashLoopBackOff" +wait_for_it 600 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | grep CrashLoopBackOff" echo "Expecting Secrets provider to fail with error 'CSPFK004E Environment variable K8S_SECRETS must be provided'" pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" +wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" diff --git a/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh b/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh index 97bdb771..f887676d 100755 --- a/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh +++ b/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh @@ -13,7 +13,7 @@ deploy_test_env echo "Expecting secrets provider to fail with debug message 'CSPFK004D Failed to retrieve k8s secret. Reason: secrets K8S_SECRETS_invalid_value not found'" pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 30 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004D'" +wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004D'" echo "Expecting secrets provider to fail with error 'CSPFK020E Failed to retrieve k8s secret'" $cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK020E' diff --git a/test/utils.sh b/test/utils.sh index 2c0639a5..dc1b1239 100644 --- a/test/utils.sh +++ b/test/utils.sh @@ -137,7 +137,7 @@ configure_cli_pod() { function deploy_test_env { echo "Verifying there are no (terminating) pods of type test-env" - wait_for_it 30 "oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | tr -d ' ' | grep '^0$'" + wait_for_it 600 "oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | tr -d ' ' | grep '^0$'" echo "Deploying test-env" $TEST_CASES_K8S_CONFIG_DIR/test-env.sh.yml | $cli create -f - @@ -145,10 +145,10 @@ function deploy_test_env { expected_num_replicas=`$TEST_CASES_K8S_CONFIG_DIR/test-env.sh.yml | awk '/replicas:/ {print $2}' ` # deploying deploymentconfig might fail on error flows, even before creating the pods. If so, retry deploy again - wait_for_it 30 "oc get dc/test-env -o jsonpath={.status.replicas} | grep '^${expected_num_replicas}$'|| oc rollout latest dc/test-env" + wait_for_it 600 "oc get dc/test-env -o jsonpath={.status.replicas} | grep '^${expected_num_replicas}$'|| oc rollout latest dc/test-env" echo "Expecting for $expected_num_replicas deployed pods" - wait_for_it 30 "oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | grep $expected_num_replicas" + wait_for_it 600 "oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | grep $expected_num_replicas" } function create_secret_access_role () { From 6cc62611396751464299f4f2ad722b09e594c835 Mon Sep 17 00:00:00 2001 From: Moti Cohen Date: Thu, 24 Oct 2019 17:29:06 +0300 Subject: [PATCH 3/7] =?UTF-8?q?-=20PR=20fixes=20of=20"Implement=20automate?= =?UTF-8?q?d=20tests"=20-=20Update=20conjur=20version=20from=205.0-stable?= =?UTF-8?q?=20to=205.5.0=20because=20tests=20get=20failed=20on=20known=20i?= =?UTF-8?q?ssue=20:=20=E2=80=9C502=20Bad=20Gateway=E2=80=A6=20nginx?= =?UTF-8?q?=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- test/bootstrap.env | 6 ++--- test/k8s-config/secrets-access-role.sh.yml | 4 ++-- test/k8s-config/test-env.sh.yml | 15 ++++++------ test/stop | 2 -- ...EST_ID_10_SECRETS_DESTINATION_not_exist.sh | 5 ++-- ...TEST_ID_1_providing_secret_successfully.sh | 5 ++-- ..._2_multiple_pods_changing_pwd_inbetween.sh | 24 +++++-------------- ...ECRETS_DESTINATION_with_incorrect_value.sh | 5 ++-- .../TEST_ID_4_CONTAINER_MODE_not_exist.sh | 5 ++-- .../TEST_ID_5_no_get_permission_to_secret.sh | 4 ++-- ...TEST_ID_6_no_patch_permission_to_secret.sh | 7 ++---- ...TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh | 7 +++--- .../TEST_ID_8_K8S_SECRETS_env_var_empty.sh | 6 ++--- ...D_9_K8S_SECRETS_env_var_incorrect_value.sh | 4 ++-- test/test_cases/run_tests.sh | 6 ++--- test/test_cases/test_case_teardown.sh | 9 ++++--- test/test_in_docker.sh | 7 ++++-- test/test_local.sh | 1 + test/test_with_summon.sh | 18 ++++++++------ 19 files changed, 61 insertions(+), 79 deletions(-) diff --git a/test/bootstrap.env b/test/bootstrap.env index 3784096a..2a239d28 100644 --- a/test/bootstrap.env +++ b/test/bootstrap.env @@ -1,8 +1,7 @@ export UNIQUE_TEST_ID="$(uuidgen | tr "[:upper:]" "[:lower:]" | head -c 10)" - export CONJUR_VERSION=5 -export CONJUR_MINOR_VERSION=0 -export CONJUR_APPLIANCE_IMAGE=registry.tld/conjur-appliance:$CONJUR_VERSION.$CONJUR_MINOR_VERSION-stable +export CONJUR_MINOR_VERSION=5.0 +export CONJUR_APPLIANCE_IMAGE=registry.tld/conjur-appliance:$CONJUR_VERSION.$CONJUR_MINOR_VERSION export CONJUR_FOLLOWER_COUNT=1 export CONJUR_ACCOUNT=account-$UNIQUE_TEST_ID export AUTHENTICATOR_ID=conjur-$CONJUR_VERSION-$UNIQUE_TEST_ID-test @@ -26,4 +25,3 @@ export TEST_APP_NAMESPACE_NAME=test-app-$UNIQUE_TEST_ID export MINIKUBE="${MINIKUBE:-false}" export MINISHIFT="${MINISHIFT:-false}" - diff --git a/test/k8s-config/secrets-access-role.sh.yml b/test/k8s-config/secrets-access-role.sh.yml index f52f1540..9d13c0c7 100755 --- a/test/k8s-config/secrets-access-role.sh.yml +++ b/test/k8s-config/secrets-access-role.sh.yml @@ -2,7 +2,7 @@ set -euo pipefail # Test cases can modify following variable from outside: -SECRET_CLUSTER_ROLE_VERBS=${SECRET_CLUSTER_ROLE_VERBS:-" verbs: [ \"get\", \"patch\" ]"} +SECRET_CLUSTER_ROLE_VERBS_VALUE=${SECRET_CLUSTER_ROLE_VERBS_VALUE:-"[ \"get\", \"patch\" ]"} cat << EOL --- @@ -12,6 +12,6 @@ metadata: name: secrets-access rules: - resources: ["secrets"] -${SECRET_CLUSTER_ROLE_VERBS} + verbs: ${SECRET_CLUSTER_ROLE_VERBS_VALUE} EOL \ No newline at end of file diff --git a/test/k8s-config/test-env.sh.yml b/test/k8s-config/test-env.sh.yml index c958bc59..ffb28bfa 100755 --- a/test/k8s-config/test-env.sh.yml +++ b/test/k8s-config/test-env.sh.yml @@ -1,11 +1,12 @@ #!/bin/bash set -euo pipefail -# Test cases can modify following variable from outside: -SECRETS_DESTINATION_KEY_VALUE=${SECRETS_DESTINATION_KEY_VALUE:-" - name: SECRETS_DESTINATION"$'\n'" value: k8s_secrets"} -CONTAINER_MODE_KEY_VALUE=${CONTAINER_MODE_KEY_VALUE:-" - name: CONTAINER_MODE"$'\n'" value: init"} -K8S_SECRETS_KEY_VALUE=${K8S_SECRETS_KEY_VALUE:-" - name: K8S_SECRETS"$'\n'" value: test-k8s-secret"} +source $TEST_CASES_UTILS +# Test cases can modify following variable from outside: +SECRETS_DESTINATION_KEY_VALUE=${SECRETS_DESTINATION_KEY_VALUE:-"SECRETS_DESTINATION k8s_secrets"} +CONTAINER_MODE_KEY_VALUE=${CONTAINER_MODE_KEY_VALUE:-"CONTAINER_MODE init"} +K8S_SECRETS_KEY_VALUE=${K8S_SECRETS_KEY_VALUE:-"K8S_SECRETS test-k8s-secret"} cat << EOL --- @@ -81,12 +82,12 @@ spec: configMapKeyRef: name: conjur-master-ca-env key: ssl-certificate -${K8S_SECRETS_KEY_VALUE} -${CONTAINER_MODE_KEY_VALUE} - name: DEBUG value: "true" -${SECRETS_DESTINATION_KEY_VALUE} +`yaml_print_key_name_value " " ${K8S_SECRETS_KEY_VALUE}` +`yaml_print_key_name_value " " ${CONTAINER_MODE_KEY_VALUE}` +`yaml_print_key_name_value " " ${SECRETS_DESTINATION_KEY_VALUE}` imagePullSecrets: - name: dockerpullsecret diff --git a/test/stop b/test/stop index 42772749..b10196a1 100755 --- a/test/stop +++ b/test/stop @@ -1,8 +1,6 @@ #!/bin/bash set -euo pipefail -#source bootstrap.env - . utils.sh set_namespace default diff --git a/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh b/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh index 4c0f530c..4009a7d8 100755 --- a/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh +++ b/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh @@ -8,11 +8,10 @@ create_secret_access_role create_secret_access_role_binding echo "Create test-env pod. SECRETS_DESTINATION is with invalid value 'incorrect_secrets'" -export SECRETS_DESTINATION_KEY_VALUE=" " +export SECRETS_DESTINATION_KEY_VALUE=$KEY_VALUE_NOT_EXIST deploy_test_env -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name=$(cli_get_pods_test_env | awk '{print $1}') echo "Expecting secrets provider to fail with error 'CSPFK004E Environment variable 'SECRETS_DESTINATION' must be provided'" wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" - diff --git a/test/test_cases/TEST_ID_1_providing_secret_successfully.sh b/test/test_cases/TEST_ID_1_providing_secret_successfully.sh index bae1f3cc..e6da21a4 100755 --- a/test/test_cases/TEST_ID_1_providing_secret_successfully.sh +++ b/test/test_cases/TEST_ID_1_providing_secret_successfully.sh @@ -10,6 +10,5 @@ create_secret_access_role_binding deploy_test_env echo "Verifying pod test_env has environment variable 'TEST_SECRET' with value 'supersecret'" -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') -wait_for_it 600 " $cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'supersecret'" - +pod_name=$(cli_get_pods_test_env | awk '{print $1}') +verify_secret_value_in_pod $pod_name TEST_SECRET supersecret diff --git a/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh b/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh index 9d126756..41cc2a2d 100755 --- a/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh +++ b/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh @@ -11,34 +11,22 @@ $TEST_CASES_K8S_CONFIG_DIR/secrets-access-role-binding.sh.yml | $cli create -f - deploy_test_env -pod_name1=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name1=$(cli_get_pods_test_env | awk '{print $1}') echo "Verify pod $pod_name1 has environment variable 'TEST_SECRET' with value 'supersecret'" -wait_for_it 600 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name1} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'supersecret'" +verify_secret_value_in_pod $pod_name1 TEST_SECRET supersecret -#echo "Modify secret test_secret to 'secret2'" -#set_namespace "$CONJUR_NAMESPACE_NAME" -#configure_cli_pod -#$cli exec $(get_conjur_cli_pod_name) -- conjur variable values add secrets/test_secret "secret2" -#set_namespace $TEST_APP_NAMESPACE_NAME test_app_set_secret secrets/test_secret secret2 - echo "Deleting pod $pod_name1" $cli delete pod $pod_name1 -pod_name2=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name2=$(cli_get_pods_test_env | awk '{print $1}') echo "Verify pod $pod_name2 has environment variable 'TEST_SECRET' with value 'supersecret'" -wait_for_it 600 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${pod_name2} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'secret2'" +verify_secret_value_in_pod $pod_name2 TEST_SECRET secret2 -#echo "Modify secret test_secret to 'secret3'" -#set_namespace "$CONJUR_NAMESPACE_NAME" -#configure_cli_pod -#$cli exec $(get_conjur_cli_pod_name) -- conjur variable values add secrets/test_secret "secret3" -#set_namespace $TEST_APP_NAMESPACE_NAME test_app_set_secret secrets/test_secret secret3 - echo "Setting deploymentconfig test-env to replicas" $cli scale dc test-env --replicas=3 @@ -46,9 +34,9 @@ echo "Waiting for 3 running pod test-env" wait_for_it 600 "$cli get pods | grep test-env | grep Running | wc -l | tr -d ' ' | grep '^3$'" echo "Iterate over new pods and verify their secret was updated" -pod_names=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}' | grep -v $pod_name2) +pod_names=$(cli_get_pods_test_env | awk '{print $1}' | grep -v $pod_name2) for new_pod in $pod_names do echo "Verify pod $new_pod has environment variable 'TEST_SECRET' with value 'secret3'" - wait_for_it 600 "$cli exec -n $TEST_APP_NAMESPACE_NAME ${new_pod} printenv | grep TEST_SECRET | cut -d \"=\" -f 2 | grep 'secret3'" + verify_secret_value_in_pod $new_pod TEST_SECRET secret3 done diff --git a/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh b/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh index ef06ca47..5cc1e741 100755 --- a/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh +++ b/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh @@ -8,10 +8,9 @@ create_secret_access_role create_secret_access_role_binding echo "Deploying test_env with incorrect value for SECRETS_DESTINATION envrionment variable" -export SECRETS_DESTINATION_KEY_VALUE=" - name: SECRETS_DESTINATION"$'\n'" value: SECRETS_DESTINATION_incorrect_value" +export SECRETS_DESTINATION_KEY_VALUE="SECRETS_DESTINATION SECRETS_DESTINATION_incorrect_value" deploy_test_env echo "Expecting secrets provider to fail with error 'CSPFK005E Provided incorrect value for environment variable SECRETS_DESTINATION'" -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name=$(cli_get_pods_test_env | awk '{print $1}') wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK005E'" - diff --git a/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh b/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh index d694d50e..0cb57929 100755 --- a/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh +++ b/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh @@ -8,10 +8,9 @@ create_secret_access_role create_secret_access_role_binding echo "Deploying test_env without CONTAINER_MODE envrionment variable" -export CONTAINER_MODE_KEY_VALUE=" " +export CONTAINER_MODE_KEY_VALUE=$KEY_VALUE_NOT_EXIST deploy_test_env echo "Expecting secrets provider to fail with error 'CSPFK007E Setting SECRETS_DESTINATION environment variable to 'k8s_secrets' must run as init container'" -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name=$(cli_get_pods_test_env | awk '{print $1}') wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK007E'" - diff --git a/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh b/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh index 18381d51..f31367ab 100755 --- a/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh +++ b/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh @@ -4,7 +4,7 @@ set -euxo pipefail source $TEST_CASES_UTILS echo "Creating secrets access role without 'get' permission" -export SECRET_CLUSTER_ROLE_VERBS=" verbs: [ \"patch\" ]" +export SECRET_CLUSTER_ROLE_VERBS_VALUE="[ \"patch\" ]" create_secret_access_role create_secret_access_role_binding @@ -12,5 +12,5 @@ create_secret_access_role_binding deploy_test_env echo "Expecting secrets provider to fail with error 'CSPFK004D Failed to retrieve k8s secret. Reason:...'" -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name=$(cli_get_pods_test_env | awk '{print $1}') wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004D'" diff --git a/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh b/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh index d5d3ae0d..21a94eb6 100755 --- a/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh +++ b/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh @@ -4,7 +4,7 @@ set -euxo pipefail source $TEST_CASES_UTILS echo "Creating secrets access role without 'get' permission" -export SECRET_CLUSTER_ROLE_VERBS=" verbs: [ \"get\" ]" +export SECRET_CLUSTER_ROLE_VERBS_VALUE="[ \"get\" ]" create_secret_access_role create_secret_access_role_binding @@ -12,8 +12,5 @@ create_secret_access_role_binding deploy_test_env echo "Expecting secrets provider to fail with error 'CSPFK005D Failed to patch k8s secret. Reason:...'" -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name=$(cli_get_pods_test_env | awk '{print $1}') wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK005D'" - - - diff --git a/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh b/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh index c498510d..28ce69b0 100755 --- a/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh +++ b/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh @@ -8,13 +8,12 @@ create_secret_access_role create_secret_access_role_binding echo "Deploying test_env without K8S_SECRETS environment variable" -export K8S_SECRETS_KEY_VALUE=" " +export K8S_SECRETS_KEY_VALUE=$KEY_VALUE_NOT_EXIST deploy_test_env echo "Expecting for 'CrashLoopBackOff' state of pod test-env" -wait_for_it 600 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | grep CrashLoopBackOff" +wait_for_it 600 "cli_get_pods_test_env | grep CrashLoopBackOff" echo "Expecting secrets provider to fail with error 'CSPFK004E Environment variable K8S_SECRETS must be provided'" -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name=$(cli_get_pods_test_env | awk '{print $1}') wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" - diff --git a/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh b/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh index 28d7a1ce..2f5c3e4e 100755 --- a/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh +++ b/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh @@ -8,12 +8,12 @@ create_secret_access_role create_secret_access_role_binding echo "Deploying test_env with empty value for K8S_SECRETS envrionment variable" -export K8S_SECRETS_KEY_VALUE="${K8S_SECRETS_KEY_VALUE:-" - name: K8S_SECRETS"$'\n'" value: "}" +export K8S_SECRETS_KEY_VALUE="K8S_SECRETS" deploy_test_env echo "Expecting for CrashLoopBackOff state of pod test-env" -wait_for_it 600 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | grep CrashLoopBackOff" +wait_for_it 600 "cli_get_pods_test_env | grep CrashLoopBackOff" echo "Expecting Secrets provider to fail with error 'CSPFK004E Environment variable K8S_SECRETS must be provided'" -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name=$(cli_get_pods_test_env | awk '{print $1}') wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004E'" diff --git a/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh b/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh index f887676d..e24cb87f 100755 --- a/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh +++ b/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh @@ -8,11 +8,11 @@ create_secret_access_role create_secret_access_role_binding echo "Deploying test_env with incorrect value for K8S_SECRETS envrionment variable" -export K8S_SECRETS_KEY_VALUE="${K8S_SECRETS_KEY_VALUE:-" - name: K8S_SECRETS"$'\n'" value: K8S_SECRETS_invalid_value"}" +export K8S_SECRETS_KEY_VALUE="K8S_SECRETS K8S_SECRETS_invalid_value" deploy_test_env echo "Expecting secrets provider to fail with debug message 'CSPFK004D Failed to retrieve k8s secret. Reason: secrets K8S_SECRETS_invalid_value not found'" -pod_name=$($cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}') +pod_name=$(cli_get_pods_test_env | awk '{print $1}') wait_for_it 600 "$cli logs $pod_name -c cyberark-secrets-provider | grep 'CSPFK004D'" echo "Expecting secrets provider to fail with error 'CSPFK020E Failed to retrieve k8s secret'" diff --git a/test/test_cases/run_tests.sh b/test/test_cases/run_tests.sh index f2fa2dc7..2281a136 100755 --- a/test/test_cases/run_tests.sh +++ b/test/test_cases/run_tests.sh @@ -4,17 +4,17 @@ set -euo pipefail # By default lookup for folders with specifics prefix of type 'test_'. Can be modified by passing argument. TEST_NAME_PREFIX=${1:-TEST_ID_} -# Keep envrionment variables for debugging +# Keep environment variables for debugging printenv > printenv.debug export TEST_CASES_K8S_CONFIG_DIR="$PWD/../k8s-config" export TEST_CASES_UTILS="$PWD/../utils.sh" -TIMES=1 ./test_case_teardown.sh source $TEST_CASES_UTILS +TIMES=1 for (( c=1; c<=$TIMES; c++ )) do for filename in ./$TEST_NAME_PREFIX*.sh; do ( @@ -27,5 +27,3 @@ do done rm printenv.debug - - diff --git a/test/test_cases/test_case_teardown.sh b/test/test_cases/test_case_teardown.sh index 18ae4980..9dc3d0ea 100755 --- a/test/test_cases/test_case_teardown.sh +++ b/test/test_cases/test_case_teardown.sh @@ -5,6 +5,7 @@ source $TEST_CASES_UTILS # Restore secret to original value set_namespace $CONJUR_NAMESPACE_NAME + configure_cli_pod $cli exec $(get_conjur_cli_pod_name) -- conjur variable values add secrets/test_secret "supersecret" @@ -16,12 +17,10 @@ $cli delete clusterrole secrets-access --ignore-not-found=true $cli delete secret test-k8s-secret --ignore-not-found=true -#$cli delete serviceaccount -n $TEST_APP_NAMESPACE_NAME ${TEST_APP_NAMESPACE_NAME}-sa --ignore-not-found=true $cli delete serviceaccount ${TEST_APP_NAMESPACE_NAME}-sa --ignore-not-found=true -$cli delete rolebinding secrets-access-role-binding --namespace $TEST_APP_NAMESPACE_NAME --ignore-not-found=true - -$cli delete deploymentconfig -n $TEST_APP_NAMESPACE_NAME test-env --ignore-not-found=true +$cli delete rolebinding secrets-access-role-binding --ignore-not-found=true -$cli delete configmap -n $TEST_APP_NAMESPACE_NAME conjur-master-ca-env --ignore-not-found=true +$cli delete deploymentconfig test-env --ignore-not-found=true +$cli delete configmap conjur-master-ca-env --ignore-not-found=true diff --git a/test/test_in_docker.sh b/test/test_in_docker.sh index 6d9d69c9..b245a183 100755 --- a/test/test_in_docker.sh +++ b/test/test_in_docker.sh @@ -19,14 +19,17 @@ function buildTestRunnerImage() { function deployConjur() { pushd .. - git clone --single-branch --branch master git@github.com:cyberark/kubernetes-conjur-deploy kubernetes-conjur-deploy-$UNIQUE_TEST_ID + git clone --single-branch \ + --branch master \ + git@github.com:cyberark/kubernetes-conjur-deploy \ + kubernetes-conjur-deploy-$UNIQUE_TEST_ID popd runDockerCommand "cd kubernetes-conjur-deploy-$UNIQUE_TEST_ID && ./start" } function deployTest() { -runDockerCommand "cd test && ./test_with_summon.sh" + runDockerCommand "cd test && ./test_with_summon.sh" } main diff --git a/test/test_local.sh b/test/test_local.sh index 309b6c31..9de2faff 100755 --- a/test/test_local.sh +++ b/test/test_local.sh @@ -2,6 +2,7 @@ set -xeuo pipefail . utils.sh +printenv > /tmp/printenv_test_local.debug function main() { deployConjur diff --git a/test/test_with_summon.sh b/test/test_with_summon.sh index 8d098a5a..77f85486 100755 --- a/test/test_with_summon.sh +++ b/test/test_with_summon.sh @@ -19,18 +19,22 @@ fi set_namespace $TEST_APP_NAMESPACE_NAME echo "Publish docker image" -docker tag "cyberark-secrets-provider-for-k8s:dev" "${DOCKER_REGISTRY_PATH}/${TEST_APP_NAMESPACE_NAME}/secrets-provider" +docker tag "cyberark-secrets-provider-for-k8s:dev" \ + "${DOCKER_REGISTRY_PATH}/${TEST_APP_NAMESPACE_NAME}/secrets-provider" docker push "${DOCKER_REGISTRY_PATH}/${TEST_APP_NAMESPACE_NAME}/secrets-provider" readonly K8S_CONFIG_DIR="k8s-config" # this variable is consumed in test-env.sh.yml -conjur_node_pod=$($cli get pod --namespace $CONJUR_NAMESPACE_NAME --selector=app=conjur-node -o=jsonpath='{.items[].metadata.name}') -export CONJUR_SSL_CERTIFICATE=$($cli exec --namespace $CONJUR_NAMESPACE_NAME "${conjur_node_pod}" cat /opt/conjur/etc/ssl/conjur.pem) - -pushd . > /dev/null -cd ./test_cases -./run_tests.sh +conjur_node_pod=$($cli get pod --namespace $CONJUR_NAMESPACE_NAME \ + --selector=app=conjur-node \ + -o=jsonpath='{.items[].metadata.name}') +export CONJUR_SSL_CERTIFICATE=$($cli exec --namespace $CONJUR_NAMESPACE_NAME \ + "${conjur_node_pod}" \ + cat /opt/conjur/etc/ssl/conjur.pem) + +pushd test_cases > /dev/null + ./run_tests.sh popd > /dev/null ./stop From 87495f89eb573fe8e90c98f84c9cccfa6f915353 Mon Sep 17 00:00:00 2001 From: Moti Cohen Date: Thu, 24 Oct 2019 17:29:26 +0300 Subject: [PATCH 4/7] =?UTF-8?q?-=20PR=20fixes=20of=20"Implement=20automate?= =?UTF-8?q?d=20tests"=20-=20Update=20conjur=20version=20from=205.0-stable?= =?UTF-8?q?=20to=205.5.0=20because=20tests=20get=20failed=20on=20known=20i?= =?UTF-8?q?ssue=20:=20=E2=80=9C502=20Bad=20Gateway=E2=80=A6=20nginx?= =?UTF-8?q?=E2=80=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- test/utils.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/test/utils.sh b/test/utils.sh index dc1b1239..cc75f17b 100644 --- a/test/utils.sh +++ b/test/utils.sh @@ -1,4 +1,5 @@ #!/bin/bash +set -euo pipefail if [ $PLATFORM = 'kubernetes' ]; then cli=kubectl @@ -171,3 +172,36 @@ function test_app_set_secret () { set_namespace $TEST_APP_NAMESPACE_NAME } +export $KEY_VALUE_NOT_EXIST=" " +yaml_print_key_name_value () +{ + spaces=$1 + key_name=${2:-""} + key_value=${3:-""} + + if [ -z "$key_name" ] + then + echo "" + else + printf "$spaces- name: $key_name\n" + if [ -z "$key_value" ] + then + echo "" + else + echo "$spaces value: $key_value" + fi + fi +} + +cli_get_pods_test_env () +{ + $cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers +} + +verify_secret_value_in_pod () { + pod_name=$1 + secret_name=$2 + expected_value=$3 + wait_for_it 600 $cli exec -n "$TEST_APP_NAMESPACE_NAME ${pod_name} printenv + | grep $secret_name | cut -d '=' -f 2 | grep $expected_value" +} \ No newline at end of file From ca5fc1e7545a5e71c4aef6cdf1f5372be27a09b9 Mon Sep 17 00:00:00 2001 From: Moti Cohen Date: Mon, 28 Oct 2019 14:31:08 +0200 Subject: [PATCH 5/7] Small fix of environment variable declaration KEY_VALUE_NOT_EXIST --- test/utils.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/utils.sh b/test/utils.sh index cc75f17b..5d6c9dd6 100644 --- a/test/utils.sh +++ b/test/utils.sh @@ -172,7 +172,7 @@ function test_app_set_secret () { set_namespace $TEST_APP_NAMESPACE_NAME } -export $KEY_VALUE_NOT_EXIST=" " +export KEY_VALUE_NOT_EXIST=" " yaml_print_key_name_value () { spaces=$1 From 546a95c25d315fce2cb4b334071420f055517957 Mon Sep 17 00:00:00 2001 From: Moti Cohen Date: Wed, 30 Oct 2019 22:48:38 +0200 Subject: [PATCH 6/7] PR fixes --- test/bootstrap.env | 1 + test/k8s-config/test-env.sh.yml | 6 +++++- test/test_cases/run_tests.sh | 3 ++- test/test_in_docker.sh | 5 +++-- test/test_local.sh | 6 +++++- test/utils.sh | 18 +++++++----------- 6 files changed, 23 insertions(+), 16 deletions(-) diff --git a/test/bootstrap.env b/test/bootstrap.env index 2a239d28..f842a108 100644 --- a/test/bootstrap.env +++ b/test/bootstrap.env @@ -9,6 +9,7 @@ export CONJUR_ADMIN_PASSWORD=adminPass$UNIQUE_TEST_ID export DEPLOY_MASTER_CLUSTER=true export CONJUR_NAMESPACE_NAME=conjur-deploy-$UNIQUE_TEST_ID export TEST_RUNNER_IMAGE=demo-$UNIQUE_TEST_ID +export KUBERNETES_CONJUR_DEPLOY_BRANCH=v0.1 ####### # OpenShift diff --git a/test/k8s-config/test-env.sh.yml b/test/k8s-config/test-env.sh.yml index ffb28bfa..0452963d 100755 --- a/test/k8s-config/test-env.sh.yml +++ b/test/k8s-config/test-env.sh.yml @@ -3,7 +3,11 @@ set -euo pipefail source $TEST_CASES_UTILS -# Test cases can modify following variable from outside: +# Test cases can modify following variables from outside. Either by selecting +# default valid input, by leaving it unmodified. Or setting a single key which +# represent a key without a value. Or by setting it with invalid key or value. +# Another option is to set it to $KEY_VALUE_NOT_EXIST which means to omit +# related key-value from yaml file SECRETS_DESTINATION_KEY_VALUE=${SECRETS_DESTINATION_KEY_VALUE:-"SECRETS_DESTINATION k8s_secrets"} CONTAINER_MODE_KEY_VALUE=${CONTAINER_MODE_KEY_VALUE:-"CONTAINER_MODE init"} K8S_SECRETS_KEY_VALUE=${K8S_SECRETS_KEY_VALUE:-"K8S_SECRETS test-k8s-secret"} diff --git a/test/test_cases/run_tests.sh b/test/test_cases/run_tests.sh index 2281a136..41246b8a 100755 --- a/test/test_cases/run_tests.sh +++ b/test/test_cases/run_tests.sh @@ -15,7 +15,8 @@ export TEST_CASES_UTILS="$PWD/../utils.sh" source $TEST_CASES_UTILS TIMES=1 -for (( c=1; c<=$TIMES; c++ )) + +for c in {1..$TIMES} do for filename in ./$TEST_NAME_PREFIX*.sh; do ( announce "Running '$filename'." diff --git a/test/test_in_docker.sh b/test/test_in_docker.sh index b245a183..b6dc37f0 100755 --- a/test/test_in_docker.sh +++ b/test/test_in_docker.sh @@ -19,9 +19,10 @@ function buildTestRunnerImage() { function deployConjur() { pushd .. + # taking v0.1 since latest kubernetes-conjur-deploy is not stable git clone --single-branch \ - --branch master \ - git@github.com:cyberark/kubernetes-conjur-deploy \ + --branch $KUBERNETES_CONJUR_DEPLOY_BRANCH \ + https://github.com/cyberark/kubernetes-conjur-deploy.git \ kubernetes-conjur-deploy-$UNIQUE_TEST_ID popd diff --git a/test/test_local.sh b/test/test_local.sh index 9de2faff..8977042c 100755 --- a/test/test_local.sh +++ b/test/test_local.sh @@ -11,7 +11,11 @@ function main() { function deployConjur() { pushd .. - git clone --single-branch --branch master git@github.com:cyberark/kubernetes-conjur-deploy kubernetes-conjur-deploy-$UNIQUE_TEST_ID + # taking v0.1 since latest kubernetes-conjur-deploy is not stable + git clone --single-branch \ + --branch $KUBERNETES_CONJUR_DEPLOY_BRANCH \ + https://github.com/cyberark/kubernetes-conjur-deploy.git \ + kubernetes-conjur-deploy-$UNIQUE_TEST_ID pushd kubernetes-conjur-deploy-$UNIQUE_TEST_ID ./start diff --git a/test/utils.sh b/test/utils.sh index 5d6c9dd6..61fb4388 100644 --- a/test/utils.sh +++ b/test/utils.sh @@ -1,6 +1,10 @@ #!/bin/bash set -euo pipefail +# lookup test-env.sh.yml for explanation. +export KEY_VALUE_NOT_EXIST=" " + + if [ $PLATFORM = 'kubernetes' ]; then cli=kubectl elif [ $PLATFORM = 'openshift' ]; then @@ -126,12 +130,7 @@ configure_cli_pod() { conjur_cli_pod=$(get_conjur_cli_pod_name) - if [ $CONJUR_VERSION = '4' ]; then - $cli exec $conjur_cli_pod -- bash -c "yes yes | conjur init -a $CONJUR_ACCOUNT -h $conjur_url" - $cli exec $conjur_cli_pod -- conjur plugin install policy - elif [ $CONJUR_VERSION = '5' ]; then - $cli exec $conjur_cli_pod -- bash -c "yes yes | conjur init -a $CONJUR_ACCOUNT -u $conjur_url" - fi + $cli exec $conjur_cli_pod -- bash -c "yes yes | conjur init -a $CONJUR_ACCOUNT -u $conjur_url" $cli exec $conjur_cli_pod -- conjur authn login -u admin -p $CONJUR_ADMIN_PASSWORD } @@ -172,9 +171,7 @@ function test_app_set_secret () { set_namespace $TEST_APP_NAMESPACE_NAME } -export KEY_VALUE_NOT_EXIST=" " -yaml_print_key_name_value () -{ +yaml_print_key_name_value () { spaces=$1 key_name=${2:-""} key_value=${3:-""} @@ -193,8 +190,7 @@ yaml_print_key_name_value () fi } -cli_get_pods_test_env () -{ +cli_get_pods_test_env () { $cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers } From 6c5b6a5e3075958ae5b8ed96ea1cbcafcaab5166 Mon Sep 17 00:00:00 2001 From: Moti Cohen Date: Mon, 4 Nov 2019 23:52:30 +0200 Subject: [PATCH 7/7] PR fixes2 --- test/k8s-config/test-env.sh.yml | 2 -- .../TEST_ID_10_SECRETS_DESTINATION_not_exist.sh | 2 -- .../TEST_ID_1_providing_secret_successfully.sh | 2 -- ..._ID_2_multiple_pods_changing_pwd_inbetween.sh | 2 -- ...3_SECRETS_DESTINATION_with_incorrect_value.sh | 2 -- .../TEST_ID_4_CONTAINER_MODE_not_exist.sh | 2 -- .../TEST_ID_5_no_get_permission_to_secret.sh | 2 -- .../TEST_ID_6_no_patch_permission_to_secret.sh | 2 -- .../TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh | 2 -- .../TEST_ID_8_K8S_SECRETS_env_var_empty.sh | 2 -- ...T_ID_9_K8S_SECRETS_env_var_incorrect_value.sh | 2 -- test/test_cases/run_tests.sh | 16 +++++++++------- test/test_cases/test_case_setup.sh | 4 +--- test/test_cases/test_case_teardown.sh | 2 -- test/test_with_summon.sh | 2 -- test/utils.sh | 6 +++--- 16 files changed, 13 insertions(+), 39 deletions(-) diff --git a/test/k8s-config/test-env.sh.yml b/test/k8s-config/test-env.sh.yml index 0452963d..71839a37 100755 --- a/test/k8s-config/test-env.sh.yml +++ b/test/k8s-config/test-env.sh.yml @@ -1,8 +1,6 @@ #!/bin/bash set -euo pipefail -source $TEST_CASES_UTILS - # Test cases can modify following variables from outside. Either by selecting # default valid input, by leaving it unmodified. Or setting a single key which # represent a key without a value. Or by setting it with invalid key or value. diff --git a/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh b/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh index 4009a7d8..09c002eb 100755 --- a/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh +++ b/test/test_cases/TEST_ID_10_SECRETS_DESTINATION_not_exist.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - create_secret_access_role create_secret_access_role_binding diff --git a/test/test_cases/TEST_ID_1_providing_secret_successfully.sh b/test/test_cases/TEST_ID_1_providing_secret_successfully.sh index e6da21a4..2a53f836 100755 --- a/test/test_cases/TEST_ID_1_providing_secret_successfully.sh +++ b/test/test_cases/TEST_ID_1_providing_secret_successfully.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - create_secret_access_role create_secret_access_role_binding diff --git a/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh b/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh index 41cc2a2d..87ae6b94 100755 --- a/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh +++ b/test/test_cases/TEST_ID_2_multiple_pods_changing_pwd_inbetween.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - echo "Creating secrets access role" $TEST_CASES_K8S_CONFIG_DIR/secrets-access-role.sh.yml | $cli create -f - diff --git a/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh b/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh index 5cc1e741..0288a38d 100755 --- a/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh +++ b/test/test_cases/TEST_ID_3_SECRETS_DESTINATION_with_incorrect_value.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - create_secret_access_role create_secret_access_role_binding diff --git a/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh b/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh index 0cb57929..b54a4a31 100755 --- a/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh +++ b/test/test_cases/TEST_ID_4_CONTAINER_MODE_not_exist.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - create_secret_access_role create_secret_access_role_binding diff --git a/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh b/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh index f31367ab..2b1c9f25 100755 --- a/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh +++ b/test/test_cases/TEST_ID_5_no_get_permission_to_secret.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - echo "Creating secrets access role without 'get' permission" export SECRET_CLUSTER_ROLE_VERBS_VALUE="[ \"patch\" ]" create_secret_access_role diff --git a/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh b/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh index 21a94eb6..4ee34c70 100755 --- a/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh +++ b/test/test_cases/TEST_ID_6_no_patch_permission_to_secret.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - echo "Creating secrets access role without 'get' permission" export SECRET_CLUSTER_ROLE_VERBS_VALUE="[ \"get\" ]" create_secret_access_role diff --git a/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh b/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh index 28ce69b0..2ff3d8d6 100755 --- a/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh +++ b/test/test_cases/TEST_ID_7_K8S_SECRETS_env_var_not_exist.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - create_secret_access_role create_secret_access_role_binding diff --git a/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh b/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh index 2f5c3e4e..f87401a9 100755 --- a/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh +++ b/test/test_cases/TEST_ID_8_K8S_SECRETS_env_var_empty.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - create_secret_access_role create_secret_access_role_binding diff --git a/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh b/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh index e24cb87f..e76f7556 100755 --- a/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh +++ b/test/test_cases/TEST_ID_9_K8S_SECRETS_env_var_incorrect_value.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - create_secret_access_role create_secret_access_role_binding diff --git a/test/test_cases/run_tests.sh b/test/test_cases/run_tests.sh index 41246b8a..e0bad0b3 100755 --- a/test/test_cases/run_tests.sh +++ b/test/test_cases/run_tests.sh @@ -8,23 +8,25 @@ TEST_NAME_PREFIX=${1:-TEST_ID_} printenv > printenv.debug export TEST_CASES_K8S_CONFIG_DIR="$PWD/../k8s-config" -export TEST_CASES_UTILS="$PWD/../utils.sh" -./test_case_teardown.sh +# export all utils.sh functions to be available for all tests +set -a +source "../utils.sh" +set +a -source $TEST_CASES_UTILS +./test_case_teardown.sh -TIMES=1 +times=1 -for c in {1..$TIMES} +for c in {1..$times} do - for filename in ./$TEST_NAME_PREFIX*.sh; do ( + for filename in ./$TEST_NAME_PREFIX*.sh; do announce "Running '$filename'." ./test_case_setup.sh $filename ./test_case_teardown.sh announce "Test '$filename' ended successfully" - ); done + done done rm printenv.debug diff --git a/test/test_cases/test_case_setup.sh b/test/test_cases/test_case_setup.sh index cff7894c..0277157b 100755 --- a/test/test_cases/test_case_setup.sh +++ b/test/test_cases/test_case_setup.sh @@ -1,9 +1,7 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - -# TODO: replace the following with `oc create secret` +# TODO: replace the following with `$cli create secret` $cli secrets new-dockercfg dockerpullsecret \ --docker-server=${DOCKER_REGISTRY_PATH} \ --docker-username=_ \ diff --git a/test/test_cases/test_case_teardown.sh b/test/test_cases/test_case_teardown.sh index 9dc3d0ea..f190a0dd 100755 --- a/test/test_cases/test_case_teardown.sh +++ b/test/test_cases/test_case_teardown.sh @@ -1,8 +1,6 @@ #!/bin/bash set -euxo pipefail -source $TEST_CASES_UTILS - # Restore secret to original value set_namespace $CONJUR_NAMESPACE_NAME diff --git a/test/test_with_summon.sh b/test/test_with_summon.sh index 77f85486..8ea6cd7a 100755 --- a/test/test_with_summon.sh +++ b/test/test_with_summon.sh @@ -40,5 +40,3 @@ popd > /dev/null ./stop ../kubernetes-conjur-deploy-"$UNIQUE_TEST_ID"/stop rm -rf "../kubernetes-conjur-deploy-$UNIQUE_TEST_ID" - -exit 0 diff --git a/test/utils.sh b/test/utils.sh index 61fb4388..9470afaa 100644 --- a/test/utils.sh +++ b/test/utils.sh @@ -137,7 +137,7 @@ configure_cli_pod() { function deploy_test_env { echo "Verifying there are no (terminating) pods of type test-env" - wait_for_it 600 "oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | tr -d ' ' | grep '^0$'" + wait_for_it 600 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | tr -d ' ' | grep '^0$'" echo "Deploying test-env" $TEST_CASES_K8S_CONFIG_DIR/test-env.sh.yml | $cli create -f - @@ -145,10 +145,10 @@ function deploy_test_env { expected_num_replicas=`$TEST_CASES_K8S_CONFIG_DIR/test-env.sh.yml | awk '/replicas:/ {print $2}' ` # deploying deploymentconfig might fail on error flows, even before creating the pods. If so, retry deploy again - wait_for_it 600 "oc get dc/test-env -o jsonpath={.status.replicas} | grep '^${expected_num_replicas}$'|| oc rollout latest dc/test-env" + wait_for_it 600 "$cli get dc/test-env -o jsonpath={.status.replicas} | grep '^${expected_num_replicas}$'|| oc rollout latest dc/test-env" echo "Expecting for $expected_num_replicas deployed pods" - wait_for_it 600 "oc get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | grep $expected_num_replicas" + wait_for_it 600 "$cli get pods --namespace=$TEST_APP_NAMESPACE_NAME --selector app=test-env --no-headers | wc -l | grep $expected_num_replicas" } function create_secret_access_role () {