Merge pull request #69 from Skyscanner/e2e-tests

Add e2e testing as a github workflow
Skyscanner · May 27, 2022 · d11875c · d11875c
2 parents 672ecaf + 94c00ee
commit d11875c
Show file tree

Hide file tree

Showing 6 changed files with 111 additions and 11 deletions.
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -0,0 +1,75 @@
+name: E2E Tests
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  e2e:
+    name: e2e
+    runs-on: ubuntu-latest
+    env:
+      IMG: skyscanner/kms-issuer:dev
+    steps:
+      - uses: actions/checkout@v3.0.2
+
+      # Build testing docker image
+      - name: Build the testing kms-issuer docker image
+        run: docker build -t ${IMG} .
+
+      # Setup kind cluster
+      - name: Create k8s Kind Cluster
+        uses: helm/kind-action@v1.2.0
+        with:
+          cluster_name: kind
+      - name: Load test docker image into the kind cluster
+        run: kind load docker-image ${IMG}
+
+      # Install local-kms to the cluster
+      - name: Create local-kms namespace
+        run: kubectl create namespace local-kms
+      - name: Create local-kms deployment
+        run: kubectl create deployment local-kms -n local-kms --port 8080 --image nsmithuk/local-kms:3.11.2
+      - name: Create local-kms service
+        run: kubectl expose deployment local-kms -n local-kms --port 8080
+      - name: Wait for local-kms pod to be ready
+        run: kubectl wait --for=condition=Ready -l app=local-kms -n local-kms pod
+
+      - name: Install cert-manager
+        run: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
+
+      - name: Install kms-issuer CRDs
+        run: make install
+
+      - name: Set docker image to use in Kustomization
+        run: make kustomize && cd config/manager && kustomize edit set image controller=${IMG}
+      - name: Deploy kms-issuer
+        run: kustomize build config/testing | kubectl apply -f -
+
+      - name: Apply KMSKey from samples
+        run: kubectl apply -f ./config/samples/cert-manager_v1alpha1_kmskey.yaml
+      - name: Wait for key to be ready
+        run: kubectl wait --for=condition=Ready kmskey/kmskey-sample
+
+      - name: port-forward to local-kms
+        run: kubectl port-forward -n local-kms svc/local-kms 8080 &
+        # See https://florian.ec/blog/github-actions-awscli-errors/
+      - name: Test a KMSKey is created
+        run: |
+          result=$(aws --endpoint http://localhost:8080 kms list-keys --region eu-west-1 --no-sign-request | jq '(.Keys | length) == 1')
+          if [[ "${result}" == true ]]; then
+            echo -n "Key created"
+          else
+            echo -n "Key not found"
+            exit 1
+          fi
+
+      - name: Apply KMSISsuer from sample
+        run: kubectl apply -f ./config/samples/cert-manager_v1alpha1_kmsissuer.yaml
+      - name: Wait for KMSIssuer to be ready
+        run: kubectl wait --for=condition=Ready kmsissuer/kms-issuer-sample
+
+      - name: Apply Certificate from sample
+        run: kubectl apply -f ./config/samples/certificate.yaml
+      - name: Wait for Certificate to be ready  
+        run: kubectl wait --for=condition=Ready certificate.cert-manager.io/example-com
diff --git a/config/samples/cert-manager.skyscanner.net_v1alpha1_kmsissuer.yaml b/config/samples/cert-manager.skyscanner.net_v1alpha1_kmsissuer.yaml
diff --git a/config/samples/cert-manager_v1alpha1_kmsissuer.yaml b/config/samples/cert-manager_v1alpha1_kmsissuer.yaml
@@ -6,4 +6,4 @@ metadata:
 spec:
   commonName: Test Root CA
   duration: 87600h # 10 years
-  keyId: a9695e53-9355-4f6e-8b60-dec3b19912b3
+  keyId: alias/kms-issuer-example
diff --git a/config/samples/certificate.yaml b/config/samples/certificate.yaml
@@ -33,7 +33,7 @@ spec:
     - 192.168.0.5
   # Issuer references are always required.
   issuerRef:
-    name: kms-issuer
+    name: kms-issuer-sample
     # We can reference ClusterIssuers by changing the kind here.
     # The default value is Issuer (i.e. a locally namespaced Issuer)
     kind: KMSIssuer

diff --git a/config/testing/kustomization.yaml b/config/testing/kustomization.yaml
@@ -0,0 +1,12 @@
+# Kustomization used during testing which sets overrides for --local-aws-endpoint, etc.
+bases:
+- ../default
+
+patches:
+- patch: |-
+    - op: add
+      path: /spec/template/spec/containers/1/args/0
+      value: --local-aws-endpoint=http://local-kms.local-kms.svc.cluster.local:8080
+  target:
+    kind: Deployment
+    name: controller-manager
diff --git a/main.go b/main.go
@@ -35,6 +35,8 @@ import (
 	certmanagerskyscannernetv1alpha1 "github.com/Skyscanner/kms-issuer/api/v1alpha1"
 	"github.com/Skyscanner/kms-issuer/controllers"
 	"github.com/Skyscanner/kms-issuer/pkg/kmsca"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
 	//+kubebuilder:scaffold:imports
@@ -59,13 +61,15 @@ func main() {
 	var metricsAddr string
 	var enableLeaderElection, enableApprovedCheck bool
 	var probeAddr string
+	var localAWSEndpoint string
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
 	flag.BoolVar(&enableApprovedCheck, "enable-approved-check", true,
 		"Enable waiting for CertificateRequests to have an approved condition before signing.")
+	flag.StringVar(&localAWSEndpoint, "local-aws-endpoint", "", "local-kms endpoint for testing")
 	opts := zap.Options{
 		Development: true,
 	}
@@ -88,9 +92,24 @@ func main() {
 	}
 
 	// Create a new aws session
-	sess := session.Must(session.NewSessionWithOptions(session.Options{
-		SharedConfigState: session.SharedConfigEnable,
-	}))
+	var sess *session.Session
+	if localAWSEndpoint == "" {
+		// Production mode
+		sess = session.Must(session.NewSessionWithOptions(session.Options{
+			SharedConfigState: session.SharedConfigEnable,
+		}))
+	} else {
+		// Testing mode
+		sess = session.Must(session.NewSessionWithOptions(session.Options{
+			Config: aws.Config{
+				Region:           aws.String("eu-west-1"),
+				Credentials:      credentials.NewStaticCredentials("test", "test", ""),
+				S3ForcePathStyle: aws.Bool(true),
+				Endpoint:         aws.String(localAWSEndpoint),
+			},
+			SharedConfigState: session.SharedConfigEnable,
+		}))
+	}
 	ca := kmsca.NewKMSCA(sess)
 
 	if err = (controllers.NewKMSIssuerReconciler(mgr, ca)).SetupWithManager(mgr); err != nil {