E2E test suite covers AWS Resource Access Manager(RAM) sharing scenario #567
Description
As far as I know, RAM related scenarios feature regression happens twice in this project:
We need to add automatic E2E test case to test RAM to prevent this thing happen again. While acknowledged setting up 2(or more) EKS clusters to fully test (lattice service and service network)RAM sharing is complex, we can start from a simple way by just testing recognizing of service network sharing via the RAM client in an other account:
our first simple RAM sharing e2e test case could look like this:
- Pre-create a role in secondary account and create a new ENV variable pass to the e2e test suite:
SECONDARY_AWS_ACCOUNT_RAM_SHARE_ROLE_NAME. - Still have one EKS cluster in primary account and kubeconfig uses context of this EKS cluster in primary account.
- In the test logic:
- Assume the
SECONDARY_AWS_ACCOUNT_RAM_SHARE_ROLE_NAMErole, in secondary account, use aws vpc lattice and ram client to create a service network and share it to primary account - In the EKS cluster in primary account, create a k8s
Gatewayresource that have the same name with the above service network name. Then, do verification logic to make sure the controller can recognize the foreign shared service network.
- Assume the