external-secrets/e2e/run.sh

#!/bin/bash

# Copyright 2019 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -euo pipefail

if ! command -v kind --version &> /dev/null; then
  echo "kind is not installed. Use the package manager or visit the official site https://kind.sigs.k8s.io/"
  exit 1
fi

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $DIR

echo "Kubernetes cluster:"
kubectl get nodes -o wide

echo -e "Granting permissions to e2e service account..."
kubectl create serviceaccount external-secrets-e2e || true
kubectl create clusterrolebinding permissive-binding \
  --clusterrole=cluster-admin \
  --user=admin \
  --user=kubelet \
  --serviceaccount=default:external-secrets-e2e || true

echo -e "Granting anonymous access to service account issuer discovery"
kubectl create clusterrolebinding service-account-issuer-discovery-binding \
  --clusterrole=system:service-account-issuer-discovery \
  --group=system:unauthenticated || true

echo -e "Starting the e2e test pod ${E2E_IMAGE_NAME}:${VERSION}"
kubectl run --rm \
  --attach \
  --restart=Never \
  --pod-running-timeout=5m \
  --labels="app=eso-e2e" \
  --env="GINKGO_LABELS=${GINKGO_LABELS:-.*}" \
  --env="GCP_SM_SA_JSON=${GCP_SM_SA_JSON:-}" \
  --env="GCP_PROJECT_ID=${GCP_PROJECT_ID:-}" \
  --env="GCP_GSA_NAME=${GCP_GSA_NAME:-}" \
  --env="GCP_KSA_NAME=${GCP_KSA_NAME:-}" \
  --env="GCP_GKE_ZONE=${GCP_GKE_ZONE:-}" \
  --env="GCP_GKE_CLUSTER=${GCP_GKE_CLUSTER:-}" \
  --env="AWS_REGION=${AWS_REGION:-}" \
  --env="AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-}" \
  --env="AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-}" \
  --env="AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN:-}" \
  --env="AWS_SA_NAME=${AWS_SA_NAME:-}" \
  --env="AWS_SA_NAMESPACE=${AWS_SA_NAMESPACE:-}" \
  --env="AZURE_CLIENT_ID=${AZURE_CLIENT_ID:-}" \
  --env="AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET:-}" \
  --env="AKEYLESS_ACCESS_ID=${AKEYLESS_ACCESS_ID:-}" \
  --env="AKEYLESS_ACCESS_TYPE=${AKEYLESS_ACCESS_TYPE:-}" \
  --env="AKEYLESS_ACCESS_TYPE_PARAM=${AKEYLESS_ACCESS_TYPE_PARAM:-}" \
  --env="TENANT_ID=${TENANT_ID:-}" \
  --env="VAULT_URL=${VAULT_URL:-}" \
  --env="GITLAB_TOKEN=${GITLAB_TOKEN:-}" \
  --env="GITLAB_PROJECT_ID=${GITLAB_PROJECT_ID:-}" \
  --env="GITLAB_ENVIRONMENT=${GITLAB_ENVIRONMENT:-}" \
  --env="ORACLE_USER_OCID=${ORACLE_USER_OCID:-}" \
  --env="ORACLE_TENANCY_OCID=${ORACLE_TENANCY_OCID:-}" \
  --env="ORACLE_REGION=${ORACLE_REGION:-}" \
  --env="ORACLE_FINGERPRINT=${ORACLE_FINGERPRINT:-}" \
  --env="ORACLE_KEY=${ORACLE_KEY:-}" \
  --env="SCALEWAY_API_URL=${SCALEWAY_API_URL:-}" \
  --env="SCALEWAY_REGION=${SCALEWAY_REGION:-}" \
  --env="SCALEWAY_PROJECT_ID=${SCALEWAY_PROJECT_ID:-}" \
  --env="SCALEWAY_ACCESS_KEY=${SCALEWAY_ACCESS_KEY:-}" \
  --env="SCALEWAY_SECRET_KEY=${SCALEWAY_SECRET_KEY:-}" \
  --env="VERSION=${VERSION}" \
  --env="TEST_SUITES=${TEST_SUITES}" \
  --overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "external-secrets-e2e"}}' \
  e2e --image=${E2E_IMAGE_NAME}:${VERSION}
feat: add basic e2e test 2021-04-24 23:39:06 +00:00			`#!/bin/bash`

			`# Copyright 2019 The Kubernetes Authors.`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
Bump e2e kind & tools versions, remove dep on ginkgo on path 2021-11-06 20:12:13 +00:00			`set -euo pipefail`
feat: add basic e2e test 2021-04-24 23:39:06 +00:00
			`if ! command -v kind --version &> /dev/null; then`
			`echo "kind is not installed. Use the package manager or visit the official site https://kind.sigs.k8s.io/"`
			`exit 1`
			`fi`

			`DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"`
			`cd $DIR`

			`echo "Kubernetes cluster:"`
			`kubectl get nodes -o wide`

			`echo -e "Granting permissions to e2e service account..."`
			`kubectl create serviceaccount external-secrets-e2e \|\| true`
			`kubectl create clusterrolebinding permissive-binding \`
			`--clusterrole=cluster-admin \`
			`--user=admin \`
			`--user=kubelet \`
			`--serviceaccount=default:external-secrets-e2e \|\| true`

feat(vault): add option for JWT backend to authenticate with Kubernetes service account token (#768) 2022-04-04 19:20:58 +00:00			`echo -e "Granting anonymous access to service account issuer discovery"`
			`kubectl create clusterrolebinding service-account-issuer-discovery-binding \`
			`--clusterrole=system:service-account-issuer-discovery \`
			`--group=system:unauthenticated \|\| true`

feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`echo -e "Starting the e2e test pod ${E2E_IMAGE_NAME}:${VERSION}"`
feat: add basic e2e test 2021-04-24 23:39:06 +00:00			`kubectl run --rm \`
			`--attach \`
			`--restart=Never \`
feat(e2e): implement aws tests, enhance gcp tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-01-21 20:05:37 +00:00			`--pod-running-timeout=5m \`
ArgoCD & Flux e2e suites (#1041) * feat: add gitops suite Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add flux tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: pin to v1.23 kubectl version to avoid invalid apiVersion issue see: https://github.com/aws/aws-cli/issues/6920 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Revert "fix: pin to v1.23 kubectl version to avoid invalid apiVersion issue" This reverts commit 2f78226cdce1683a0255457b41199d10dd30509f. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-05-23 14:14:21 +00:00			`--labels="app=eso-e2e" \`
feat(e2e): implement aws tests, enhance gcp tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-01-21 20:05:37 +00:00			`--env="GINKGO_LABELS=${GINKGO_LABELS:-.*}" \`
fix(e2e): refactor e2e tests 2021-07-12 18:27:48 +00:00			`--env="GCP_SM_SA_JSON=${GCP_SM_SA_JSON:-}" \`
			`--env="GCP_PROJECT_ID=${GCP_PROJECT_ID:-}" \`
e2e testing for gcp Workload Identity 2021-12-29 12:02:56 +00:00			`--env="GCP_GSA_NAME=${GCP_GSA_NAME:-}" \`
chore: test e2e Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-01-24 14:03:15 +00:00			`--env="GCP_KSA_NAME=${GCP_KSA_NAME:-}" \`
feat(e2e): implement aws tests, enhance gcp tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-01-21 20:05:37 +00:00			`--env="GCP_GKE_ZONE=${GCP_GKE_ZONE:-}" \`
			`--env="GCP_GKE_CLUSTER=${GCP_GKE_CLUSTER:-}" \`
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> 2022-10-29 18:15:50 +00:00			`--env="AWS_REGION=${AWS_REGION:-}" \`
feat(e2e): implement aws tests, enhance gcp tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-01-21 20:05:37 +00:00			`--env="AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-}" \`
			`--env="AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-}" \`
Feature: initial generator implementation + Github Actions OIDC/AWS (#1539) Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Gustavo Fernandes de Carvalho <gusfcarvalho@gmail.com> 2022-10-29 18:15:50 +00:00			`--env="AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN:-}" \`
feat(e2e): implement aws tests, enhance gcp tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-01-21 20:05:37 +00:00			`--env="AWS_SA_NAME=${AWS_SA_NAME:-}" \`
			`--env="AWS_SA_NAMESPACE=${AWS_SA_NAMESPACE:-}" \`
fix(e2e): refactor e2e tests 2021-07-12 18:27:48 +00:00			`--env="AZURE_CLIENT_ID=${AZURE_CLIENT_ID:-}" \`
			`--env="AZURE_CLIENT_SECRET=${AZURE_CLIENT_SECRET:-}" \`
PR Suggested change 2021-11-10 13:57:37 +00:00			`--env="AKEYLESS_ACCESS_ID=${AKEYLESS_ACCESS_ID:-}" \`
			`--env="AKEYLESS_ACCESS_TYPE=${AKEYLESS_ACCESS_TYPE:-}" \`
			`--env="AKEYLESS_ACCESS_TYPE_PARAM=${AKEYLESS_ACCESS_TYPE_PARAM:-}" \`
fix(e2e): refactor e2e tests 2021-07-12 18:27:48 +00:00			`--env="TENANT_ID=${TENANT_ID:-}" \`
			`--env="VAULT_URL=${VAULT_URL:-}" \`
passes 1st e2e test 2021-08-04 09:42:07 +00:00			`--env="GITLAB_TOKEN=${GITLAB_TOKEN:-}" \`
			`--env="GITLAB_PROJECT_ID=${GITLAB_PROJECT_ID:-}" \`
enable configuration of environment_scope for gitlab provider (#1565) * enable configuration of environment_scope for gitlab provider Signed-off-by: Dominik Zeiger <dominik@zeiger.biz> 2022-09-27 20:08:38 +00:00			`--env="GITLAB_ENVIRONMENT=${GITLAB_ENVIRONMENT:-}" \`
Adding environment variables for e2e tests and fixed incorrectly used arguments in 2 functions 2021-09-07 10:20:09 +00:00			`--env="ORACLE_USER_OCID=${ORACLE_USER_OCID:-}" \`
Fixing assignment issues 2021-09-09 22:57:43 +00:00			`--env="ORACLE_TENANCY_OCID=${ORACLE_TENANCY_OCID:-}" \`
			`--env="ORACLE_REGION=${ORACLE_REGION:-}" \`
			`--env="ORACLE_FINGERPRINT=${ORACLE_FINGERPRINT:-}" \`
			`--env="ORACLE_KEY=${ORACLE_KEY:-}" \`
Feature/scaleway provider (#2086) * wip: basic structure of scaleway provider Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: add some tests for GetAllSecrets Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: implement PushSecret Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: improved test fixtures Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: allow finding secrets by project using the path property Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: add delete secret method Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * Delete dupplicate of push remote ref test implem Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: add capability to use a secret for configuring access token Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: implement GetSecretMap Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: filtering by name and projetc id Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: add test for finding secret by name regexp Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: config validation Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: handle situation where no namespace is specified and we cannot provide a default Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: reference secrets by id or name Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: invalid request caused by pagination handling Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: log the error when failing to access secret version Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: pass context to sdk where missing Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: add a cache for reducing AccessSecretVersion() calls Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * refacto: use GetSecret with name instead of ListSecrets Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: allow using secret name in ExternalSecrets Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: use latest_enabled instead of latest Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * refacto: optimized PushSecret and improved its test coverage Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: doesConfigDependOnNamespace was always true Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: use new api with refactored name-based endpoints Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * remove useless todo Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * fix: use secret names as key for GetAllSecrets Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: support gjson propery lookup Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: e2e tests Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: e2e test using secret to store api key Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: cleanup left over resources on the secret manager before each e2e run Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * doc: add doc for scaleway provider Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * refacto: fix lint issues Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * test: cleanup code in e2e was commented Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: the previous version is disabled when we push to a secret Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * doc: add comments to ScalewayProvider struct to point to console and doc Signed-off-by: Julien Loctaux <no.mail@jloc.fr> * feat: add missing e2e env vars for scaleway Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * docs: add scaleway to support/stability table Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: Julien Loctaux <no.mail@jloc.fr> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com> 2023-03-16 00:03:52 +00:00			`--env="SCALEWAY_API_URL=${SCALEWAY_API_URL:-}" \`
			`--env="SCALEWAY_REGION=${SCALEWAY_REGION:-}" \`
			`--env="SCALEWAY_PROJECT_ID=${SCALEWAY_PROJECT_ID:-}" \`
			`--env="SCALEWAY_ACCESS_KEY=${SCALEWAY_ACCESS_KEY:-}" \`
			`--env="SCALEWAY_SECRET_KEY=${SCALEWAY_SECRET_KEY:-}" \`
feat(e2e): implement aws tests, enhance gcp tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-01-21 20:05:37 +00:00			`--env="VERSION=${VERSION}" \`
ArgoCD & Flux e2e suites (#1041) * feat: add gitops suite Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * feat: add flux tests Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * fix: pin to v1.23 kubectl version to avoid invalid apiVersion issue see: https://github.com/aws/aws-cli/issues/6920 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> * Revert "fix: pin to v1.23 kubectl version to avoid invalid apiVersion issue" This reverts commit 2f78226cdce1683a0255457b41199d10dd30509f. Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> 2022-05-23 14:14:21 +00:00			`--env="TEST_SUITES=${TEST_SUITES}" \`
feat: add basic e2e test 2021-04-24 23:39:06 +00:00			`--overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "external-secrets-e2e"}}' \`
feat: test UBI image build (#1574) * feat: test UBI image build Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-Authored-By: Idan Adar <iadar@il.ibm.com> Co-Authored-By: mrgadgil 2022-10-06 17:14:13 +00:00			`e2e --image=${E2E_IMAGE_NAME}:${VERSION}`