Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: new test framework for AKV provider #242

Merged
merged 1 commit into from
Feb 5, 2021
Merged

test: new test framework for AKV provider #242

merged 1 commit into from
Feb 5, 2021

Conversation

aramase
Copy link
Member

@aramase aramase commented Sep 28, 2020
edited

Reason for Change:

  • Add new test framework based on ginkgo
  • Uses e2eteam/busybox:1.29 for testing in windows. This is a smaller image.
  • New test framework reduces the tests run time from 45m to ~25m for windows clusters.
  • This framework will also allow us to setup soak tests.

Follow up after PR is merged:

  1. Add doc for how to run E2E tests locally
  2. Add script for setting up all artifacts required for tests (cc @bdlb77)
  3. Remove bats tests from the repo

Requirements

  • squashed commits
  • included documentation
  • added unit tests and e2e tests (if applicable).

Issue Fixed:

Please answer the following questions with yes/no:

  • Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

Special Notes for Reviewers:

@aramase aramase force-pushed the go-tests branch 10 times, most recently from c551d59 to e913374 Compare September 28, 2020 16:38
@aramase
Copy link
Member Author

aramase commented Sep 28, 2020

@bdlb77 This is the new test framework I was working on last week. PTAL when you get a chance!

@bdlb77
Copy link
Contributor

bdlb77 commented Sep 29, 2020

@aramase Will do! For splitting #45 Would you say for the testing section I should wait for this to be merged before making the PR to update the tests for local / remote container development or open a PR using bats and then a follow-up which will add any possible tests needed to make it compatible in Golang test suite?

@aramase
Copy link
Member Author

aramase commented Sep 30, 2020

@aramase Will do! For splitting #45 Would you say for the testing section I should wait for this to be merged before making the PR to update the tests for local / remote container development or open a PR using bats and then a follow-up which will add any possible tests needed to make it compatible in Golang test suite?

@bdlb77 I think we can start with PR using bats and then follow up with a new PR for the golang test suite. WDYT?

@bdlb77
Copy link
Contributor

bdlb77 commented Sep 30, 2020
edited

@bdlb77 I think we can start with PR using bats and then follow up with a new PR for the golang test suite. WDYT?

@aramase sounds good!

bdlb77
bdlb77 reviewed Oct 2, 2020
View reviewed changes
Copy link
Contributor

@bdlb77 bdlb77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks really good and awesome to see the test suite in Go! Just have a couple of questions mainly for clarity :)

@mitsutaka mitsutaka mentioned this pull request Oct 5, 2020
Closed
@aramase aramase added the test label Oct 21, 2020
@aristosvo
Copy link

Just curious: these e2e tests still require a Azure KeyVault filled with secrets, keys and certs, right?

@aramase
Copy link
Member Author

aramase commented Oct 29, 2020

Just curious: these e2e tests still require a Azure KeyVault filled with secrets, keys and certs, right?

That's right. @bdlb77 has a script in a branch that can be run to initially setup all the required artifacts for testing. Once we get this framework change updated and merged, we can add the scripts as part of the repo.

@aramase aramase added this to the 0.0.12 milestone Dec 11, 2020
@aramase aramase force-pushed the go-tests branch 2 times, most recently from 2ad538e to b12403e Compare December 17, 2020 22:18
@aramase aramase force-pushed the go-tests branch 3 times, most recently from 5782572 to 8c9db7a Compare January 5, 2021 17:43
@aramase aramase changed the title [WIP] update test framework update to new test framework Jan 6, 2021
@aramase aramase changed the title update to new test framework test: new test framework for AKV provider Jan 6, 2021
aramase
aramase commented Jan 6, 2021
View reviewed changes
test/e2e/framework/helm/helm.go
"install",
podIdentityChartName,
fmt.Sprintf("--namespace=%s", framework.NamespaceKubeSystem),
"aad-pod-identity/aad-pod-identity", "--set", "nmi.allowNetworkPluginKubenet=true", "--wait", "--timeout=5m", "--debug",
Copy link
Member Author

@aramase aramase Jan 6, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current test clusters run kubenet. I'll update the cluster config in a separate PR to use Azure CNI and then remove this configuration from testing.

@aramase aramase requested a review from ritazh January 6, 2021 22:25
@aramase aramase requested a review from sozercan January 20, 2021 18:05
@aramase aramase modified the milestones: 0.0.12, 0.0.13 Jan 20, 2021
ritazh
ritazh reviewed Jan 25, 2021
View reviewed changes
coverage.txt Outdated Show resolved Hide resolved
ritazh
ritazh reviewed Jan 25, 2021
View reviewed changes
test/e2e/auto_rotation_test.go
"objects": string(objects),
"usePodIdentity": "false",
"useVMManagedIdentity": "true",
"userAssignedIdentityID": config.UserAssignedIdentityID,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where do you grant permissions to the kv resources for this identity?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Permissions and role assignments aren't done as part of the test suite. They should be done out of band as part of e2e setup.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In a followup PR, can you pls document prerequisite steps (or a script) for how someone can setup the e2e?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good! this is the issue #151 to track the script and docs.

ritazh
ritazh reviewed Jan 25, 2021
View reviewed changes
test/e2e/framework/secretproviderclass/secretproviderclass.go
Config *framework.Config
Name string
Namespace string
Spec v1alpha1.SecretProviderClassSpec
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be good to create a json template for the spec to catch regressions for all the expected values in parameters. WDYT?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on offline discussion:

  1. We'll keep the examples dir which will contain sample manifests for each supported configuration.
  2. For schema validation, we'll need to ensure with thorough unit testing that the AKV provider handles all expected values.

@aramase aramase force-pushed the go-tests branch 3 times, most recently from fccd4ef to 4b5c081 Compare January 25, 2021 22:38
@codecov-io
Copy link

codecov-io commented Jan 25, 2021
edited

Codecov Report

Merging #242 (cbf5d72) into master (a87ef7e) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #242   +/-   ##
=======================================
  Coverage   62.50%   62.50%           
=======================================
  Files           6        6           
  Lines         472      472           
=======================================
  Hits          295      295           
  Misses        145      145           
  Partials       32       32

@aramase aramase requested a review from ritazh January 26, 2021 23:03
sozercan
sozercan reviewed Feb 5, 2021
View reviewed changes
.pipelines/e2e-tests-template.yaml Outdated Show resolved Hide resolved
azure-pipelines.yml Outdated Show resolved Hide resolved
test/e2e/Makefile

.PHONY: run
run:
cd $(TEST_E2E_DIR); GODEBUG=x509ignoreCN=0 go test -tags=e2e -timeout=90m -v -ginkgo.v \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does tests require x509ignoreCN=0?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The x509: certificate relies on legacy Common Name field. If we use SANs in the certificate, then we don't need this. With the current artifacts we have in keyvault for testing we enable Common Name matching with GODEBUG=x509ignoreCN=0 to resolve the error.

@aramase
add new test framework
d2445bb 
refactor certs util for tests

add test for public key

configure pod identity test
@aramase
Copy link
Member Author

aramase commented Feb 5, 2021

/azp run pr-e2e-azure

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@aramase aramase requested a review from sozercan February 5, 2021 22:17
@aramase aramase merged commit 584551e into Azure:master Feb 5, 2021
Secret Store CSI Azure Provider Roadmap automation moved this from In progress to Done Feb 5, 2021
@aramase aramase deleted the go-tests branch February 5, 2021 23:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdlb77 bdlb77 bdlb77 left review comments

@ritazh ritazh ritazh approved these changes

@sozercan sozercan Awaiting requested review from sozercan

Assignees
No one assigned
Labels
test
Projects
Secret Store CSI Azure Provider Roadmap
  
Done
Milestone
0.0.13
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@aramase @bdlb77 @aristosvo @codecov-io @sozercan @ritazh