From 340bb628d315b5d051f91f6343171e8b87a0cc96 Mon Sep 17 00:00:00 2001 From: tpereirasplunk Date: Fri, 12 Mar 2021 15:20:30 -0800 Subject: [PATCH] CSPL-544: Automation for secret object update --- .circleci/config.yml | 2 +- test/licensemaster/lm_test.go | 12 +- test/scaling_test/scaling_test.go | 5 +- test/secret/secret_suite_test.go | 60 ++++++++ test/secret/secret_test.go | 233 +++++++++++++++++++++++++++++ test/smartstore/smartstore_test.go | 12 +- test/testenv/secretutil.go | 53 ++++--- test/testenv/testenv.go | 20 ++- test/testenv/verificationutils.go | 28 ++++ 9 files changed, 384 insertions(+), 41 deletions(-) create mode 100644 test/secret/secret_suite_test.go create mode 100644 test/secret/secret_test.go diff --git a/.circleci/config.yml b/.circleci/config.yml index 5c2b4e472..8f2d18eb4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -282,7 +282,7 @@ jobs: mkdir -p /tmp/test-results find ./test -name "*junit.xml" -exec cp {} /tmp/test-results \; environment: - TEST_FOCUS: "smoke|ingest_search|monitoring_console|smartstore|licensemaster|scaling_test|crcrud" + TEST_FOCUS: "smoke|ingest_search|monitoring_console|smartstore|licensemaster|scaling_test|crcrud|secret" - store_test_results: name: Save test results path: /tmp/test-results diff --git a/test/licensemaster/lm_test.go b/test/licensemaster/lm_test.go index fc06df881..bb73fac96 100644 --- a/test/licensemaster/lm_test.go +++ b/test/licensemaster/lm_test.go @@ -121,11 +121,11 @@ var _ = Describe("Licensemaster test", func() { testenv.VerifyRFSFMet(deployment, testenvInstance) // Verify LM is configured on indexers - indexerPodName := fmt.Sprintf(testenv.IndexerMultisitePod, deployment.GetName(), 1, 0) + indexerPodName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 1, 0) testenv.VerifyLMConfiguredOnPod(deployment, indexerPodName) - indexerPodName = fmt.Sprintf(testenv.IndexerMultisitePod, deployment.GetName(), 2, 0) + indexerPodName = fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 2, 0) testenv.VerifyLMConfiguredOnPod(deployment, indexerPodName) - indexerPodName = fmt.Sprintf(testenv.IndexerMultisitePod, deployment.GetName(), 3, 0) + indexerPodName = fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 3, 0) testenv.VerifyLMConfiguredOnPod(deployment, indexerPodName) // Verify LM is configured on SHs @@ -168,11 +168,11 @@ var _ = Describe("Licensemaster test", func() { testenv.VerifyRFSFMet(deployment, testenvInstance) // Verify LM is configured on indexers - indexerPodName := fmt.Sprintf(testenv.IndexerMultisitePod, deployment.GetName(), 1, 0) + indexerPodName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 1, 0) testenv.VerifyLMConfiguredOnPod(deployment, indexerPodName) - indexerPodName = fmt.Sprintf(testenv.IndexerMultisitePod, deployment.GetName(), 2, 0) + indexerPodName = fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 2, 0) testenv.VerifyLMConfiguredOnPod(deployment, indexerPodName) - indexerPodName = fmt.Sprintf(testenv.IndexerMultisitePod, deployment.GetName(), 3, 0) + indexerPodName = fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 3, 0) testenv.VerifyLMConfiguredOnPod(deployment, indexerPodName) }) }) diff --git a/test/scaling_test/scaling_test.go b/test/scaling_test/scaling_test.go index 49a5ab463..83f321950 100644 --- a/test/scaling_test/scaling_test.go +++ b/test/scaling_test/scaling_test.go @@ -287,8 +287,7 @@ var _ = Describe("Scaling test", func() { // Ingest data on Indexers for i := 1; i <= siteCount; i++ { - siteName := fmt.Sprintf("site%d", i) - podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteName, 0) + podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), i, 0) logFile := fmt.Sprintf("test-log-%s.log", testenv.RandomDNSName(3)) testenv.CreateMockLogfile(logFile, 2000) testenv.IngestFileViaMonitor(logFile, "main", podName, deployment) @@ -316,7 +315,7 @@ var _ = Describe("Scaling test", func() { testenv.IndexersReady(deployment, testenvInstance, siteCount) // Ingest data on new Indexers - podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), "site1", 1) + podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 1, 1) logFile := fmt.Sprintf("test-log-%s.log", testenv.RandomDNSName(3)) testenv.CreateMockLogfile(logFile, 2000) testenv.IngestFileViaMonitor(logFile, "main", podName, deployment) diff --git a/test/secret/secret_suite_test.go b/test/secret/secret_suite_test.go new file mode 100644 index 000000000..280edd799 --- /dev/null +++ b/test/secret/secret_suite_test.go @@ -0,0 +1,60 @@ +// Copyright (c) 2018-2021 Splunk Inc. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package secret + +import ( + "testing" + "time" + + . "github.com/onsi/ginkgo" + "github.com/onsi/ginkgo/reporters" + . "github.com/onsi/gomega" + + "github.com/splunk/splunk-operator/test/testenv" +) + +const ( + // PollInterval specifies the polling interval + PollInterval = 5 * time.Second + + // ConsistentPollInterval is the interval to use to consistently check a state is stable + ConsistentPollInterval = 200 * time.Millisecond + ConsistentDuration = 10 * ConsistentPollInterval +) + +var ( + testenvInstance *testenv.TestEnv + testSuiteName = "secret-" + testenv.RandomDNSName(2) +) + +// TestBasic is the main entry point +func TestBasic(t *testing.T) { + + RegisterFailHandler(Fail) + + junitReporter := reporters.NewJUnitReporter(testSuiteName + "_junit.xml") + RunSpecsWithDefaultAndCustomReporters(t, "Running "+testSuiteName, []Reporter{junitReporter}) +} + +var _ = BeforeSuite(func() { + var err error + testenvInstance, err = testenv.NewDefaultTestEnv(testSuiteName) + Expect(err).ToNot(HaveOccurred()) +}) + +var _ = AfterSuite(func() { + if testenvInstance != nil { + Expect(testenvInstance.Teardown()).ToNot(HaveOccurred()) + } +}) diff --git a/test/secret/secret_test.go b/test/secret/secret_test.go new file mode 100644 index 000000000..aa93b8dd8 --- /dev/null +++ b/test/secret/secret_test.go @@ -0,0 +1,233 @@ +// Copyright (c) 2018-2021 Splunk Inc. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package secret + +import ( + "fmt" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + + splcommon "github.com/splunk/splunk-operator/pkg/splunk/common" + "github.com/splunk/splunk-operator/test/testenv" +) + +var _ = Describe("secret test", func() { + + var deployment *testenv.Deployment + + BeforeEach(func() { + var err error + deployment, err = testenvInstance.NewDeployment(testenv.RandomDNSName(3)) + Expect(err).To(Succeed(), "Unable to create deployment") + }) + + AfterEach(func() { + // When a test spec failed, skip the teardown so we can troubleshoot. + if CurrentGinkgoTestDescription().Failed { + testenvInstance.SkipTeardown = true + } + if deployment != nil { + deployment.Teardown() + } + }) + + Context("Standalone deployment (S1) with LM", func() { + It("secret: Secret update on a standalone instance", func() { + + // Download License File + licenseFilePath, err := testenv.DownloadFromS3Bucket() + Expect(err).To(Succeed(), "Unable to download license file") + + // Create License Config Map + testenvInstance.CreateLicenseConfigMap(licenseFilePath) + + // Create standalone Deployment with License Master + standalone, err := deployment.DeployStandaloneWithLM(deployment.GetName()) + Expect(err).To(Succeed(), "Unable to deploy standalone instance with LM") + + // Wait for License Master to be in READY status + testenv.LicenseMasterReady(deployment, testenvInstance) + + // Wait for Standalone to be in READY status + testenv.StandaloneReady(deployment, deployment.GetName(), standalone, testenvInstance) + + // Modify Secret key with new value + secretKey := testenv.SecretObject["HecToken"] + standalonePodName := fmt.Sprintf(testenv.StandalonePod, deployment.GetName(), 0) + HecToken := testenv.GetMountedKey(deployment, standalonePodName, secretKey) + modifiedHecToken := HecToken[:len(HecToken)-2] + "11" + testenv.ModifySecretKey(deployment, testenvInstance.GetName(), secretKey, modifiedHecToken) + + // Ensure standalone is updating + testenv.VerifyStandalonePhase(deployment, testenvInstance, deployment.GetName(), splcommon.PhaseUpdating) + + // Wait for License Master to be in READY status + testenv.LicenseMasterReady(deployment, testenvInstance) + + // Wait for Standalone to be in READY status + testenv.StandaloneReady(deployment, deployment.GetName(), standalone, testenvInstance) + + // Verify MC Pod is Ready + testenv.MCPodReady(testenvInstance.GetName(), deployment) + + //Once system is up after update check each pod for secret key update + standaloneSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "standalone", 2) + licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2) + monitoringConsoleSecretName := fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 2) + verificationSecrets := []string{standaloneSecretName, licenseMasterSecretName, monitoringConsoleSecretName} + + //Verify that each StatefulSet based secret has been update + testenv.VerifySecretObjectUpdate(deployment, testenvInstance, verificationSecrets, secretKey, modifiedHecToken) + + //All pods to be used to check for secret object update + licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0) + monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0) + verificationPods := []string{standalonePodName, licenseMasterPodName, monitoringConsolePodName} + + //Verify that new token is mounted on each pod + testenv.VerifySecretPodUpdate(deployment, testenvInstance, verificationPods, secretKey, modifiedHecToken) + }) + }) + + Context("Clustered deployment (C3 - clustered indexer, search head cluster)", func() { + It("secret: Secret update on indexers and search head cluster", func() { + + // Download License File + licenseFilePath, err := testenv.DownloadFromS3Bucket() + Expect(err).To(Succeed(), "Unable to download license file") + + // Create License Config Map + testenvInstance.CreateLicenseConfigMap(licenseFilePath) + + err = deployment.DeploySingleSiteCluster(deployment.GetName(), 3, true /*shc*/) + Expect(err).To(Succeed(), "Unable to deploy cluster") + + // Ensure that the cluster-master goes to Ready phase + testenv.ClusterMasterReady(deployment, testenvInstance) + + // Modify Secret key with new value + secretKey := testenv.SecretObject["HecToken"] + clusterMasterPodName := fmt.Sprintf(testenv.ClusterMasterPod, deployment.GetName()) + HecToken := testenv.GetMountedKey(deployment, clusterMasterPodName, secretKey) + modifiedHecToken := HecToken[:len(HecToken)-2] + "11" + testenv.ModifySecretKey(deployment, testenvInstance.GetName(), secretKey, modifiedHecToken) + + // Ensure indexers go to Ready phase + testenv.SingleSiteIndexersReady(deployment, testenvInstance) + + // Ensure search head cluster go to Ready phase + testenv.SearchHeadClusterReady(deployment, testenvInstance) + + // Verify MC Pod is Ready + testenv.MCPodReady(testenvInstance.GetName(), deployment) + + // Verify RF SF is met + testenv.VerifyRFSFMet(deployment, testenvInstance) + + //Once system is up after update check each pod for secret key update + clusterMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "cluster-master", 2) + indexerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "idxc-indexer", 2) + licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2) + searchHeadDeployerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "shc-deployer", 2) + searchHeadSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "shc-search-head", 2) + monitoringConsoleSecretName := fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 2) + verificationSecrets := []string{clusterMasterSecretName, indexerSecretName, licenseMasterSecretName, searchHeadDeployerSecretName, searchHeadSecretName, monitoringConsoleSecretName} + + //Verify that each StatefulSet based secret has been update + testenv.VerifySecretObjectUpdate(deployment, testenvInstance, verificationSecrets, secretKey, modifiedHecToken) + + //All pods to be used to check for secret object update + licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0) + monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0) + indexerPodName0 := fmt.Sprintf(testenv.IndexerPod, deployment.GetName(), 0) + indexerPodName1 := fmt.Sprintf(testenv.IndexerPod, deployment.GetName(), 1) + indexerPodName2 := fmt.Sprintf(testenv.IndexerPod, deployment.GetName(), 2) + SearchHeadPodName0 := fmt.Sprintf(testenv.SearchHeadPod, deployment.GetName(), 0) + SearchHeadPodName1 := fmt.Sprintf(testenv.SearchHeadPod, deployment.GetName(), 1) + SearchHeadPodName2 := fmt.Sprintf(testenv.SearchHeadPod, deployment.GetName(), 2) + verificationPods := []string{licenseMasterPodName, monitoringConsolePodName, clusterMasterPodName, indexerPodName1, indexerPodName2, indexerPodName0, SearchHeadPodName0, SearchHeadPodName1, SearchHeadPodName2} + + //Verify that new token is mounted on each pod + testenv.VerifySecretPodUpdate(deployment, testenvInstance, verificationPods, secretKey, modifiedHecToken) + + }) + }) + + Context("Multisite cluster deployment (M13 - Multisite indexer cluster, Search head cluster)", func() { + It("secret: secret update on multisite indexers and search head cluster", func() { + + // Download License File + licenseFilePath, err := testenv.DownloadFromS3Bucket() + Expect(err).To(Succeed(), "Unable to download license file") + + // Create License Config Map + testenvInstance.CreateLicenseConfigMap(licenseFilePath) + + siteCount := 3 + err = deployment.DeployMultisiteClusterWithSearchHead(deployment.GetName(), 1, siteCount) + Expect(err).To(Succeed(), "Unable to deploy cluster") + + // Ensure that the cluster-master goes to Ready phase + testenv.ClusterMasterReady(deployment, testenvInstance) + + // Modify Secret key with new value + secretKey := testenv.SecretObject["HecToken"] + clusterMasterPodName := fmt.Sprintf(testenv.ClusterMasterPod, deployment.GetName()) + HecToken := testenv.GetMountedKey(deployment, clusterMasterPodName, secretKey) + modifiedHecToken := HecToken[:len(HecToken)-2] + "11" + testenv.ModifySecretKey(deployment, testenvInstance.GetName(), secretKey, modifiedHecToken) + + // Ensure that the cluster-master goes to Ready phase + testenv.ClusterMasterReady(deployment, testenvInstance) + + // Ensure the indexers of all sites go to Ready phase + testenv.IndexersReady(deployment, testenvInstance, siteCount) + + // Ensure cluster configured as multisite + testenv.IndexerClusterMultisiteStatus(deployment, testenvInstance, siteCount) + + // Ensure search head cluster go to Ready phase + testenv.SearchHeadClusterReady(deployment, testenvInstance) + + //Once system is up after update check each pod for secret key update + clusterMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "cluster-master", 2) + licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2) + searchHeadDeployerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "shc-deployer", 2) + searchHeadSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "shc-search-head", 2) + monitoringConsoleSecretName := fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 2) + site1IndexerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "site1-indexer", 2) + site2IndexerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "site2-indexer", 2) + site3IndexerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "site3-indexer", 2) + verificationSecrets := []string{site1IndexerSecretName, site3IndexerSecretName, site2IndexerSecretName, clusterMasterSecretName, licenseMasterSecretName, searchHeadDeployerSecretName, searchHeadSecretName, monitoringConsoleSecretName} + + //Verify that each StatefulSet based secret has been update + testenv.VerifySecretObjectUpdate(deployment, testenvInstance, verificationSecrets, secretKey, modifiedHecToken) + + //All pods to be used to check for secret object update + licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0) + monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0) + SearchHeadPodName0 := fmt.Sprintf(testenv.SearchHeadPod, deployment.GetName(), 0) + SearchHeadPodName1 := fmt.Sprintf(testenv.SearchHeadPod, deployment.GetName(), 1) + SearchHeadPodName2 := fmt.Sprintf(testenv.SearchHeadPod, deployment.GetName(), 2) + Site1IndexerPodName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 1, 0) + Site2IndexerPodName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 2, 0) + Site3IndexerPodName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), 3, 0) + verificationPods := []string{licenseMasterPodName, monitoringConsolePodName, clusterMasterPodName, SearchHeadPodName0, SearchHeadPodName1, SearchHeadPodName2, Site1IndexerPodName, Site2IndexerPodName, Site3IndexerPodName} + + //Verify that new token is mounted on each pod + testenv.VerifySecretPodUpdate(deployment, testenvInstance, verificationPods, secretKey, modifiedHecToken) + }) + }) +}) diff --git a/test/smartstore/smartstore_test.go b/test/smartstore/smartstore_test.go index 5b8bad788..be7203ab7 100644 --- a/test/smartstore/smartstore_test.go +++ b/test/smartstore/smartstore_test.go @@ -191,15 +191,13 @@ var _ = Describe("Smoke test", func() { // Check index on pod for siteNumber := 1; siteNumber <= siteCount; siteNumber++ { - siteName := fmt.Sprintf("site%d", siteNumber) - podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteName, 0) + podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteNumber, 0) testenv.VerifyIndexFoundOnPod(deployment, podName, indexName) } // Ingest data to the index for siteNumber := 1; siteNumber <= siteCount; siteNumber++ { - siteName := fmt.Sprintf("site%d", siteNumber) - podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteName, 0) + podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteNumber, 0) logFile := fmt.Sprintf("test-log-%s.log", testenv.RandomDNSName(3)) testenv.CreateMockLogfile(logFile, 2000) testenv.IngestFileViaMonitor(logFile, indexName, podName, deployment) @@ -207,15 +205,13 @@ var _ = Describe("Smoke test", func() { // Roll Hot Buckets on the test index per indexer for siteNumber := 1; siteNumber <= siteCount; siteNumber++ { - siteName := fmt.Sprintf("site%d", siteNumber) - podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteName, 0) + podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteNumber, 0) testenv.RollHotToWarm(deployment, podName, indexName) } // Roll index buckets and Check for indexes on S3 for siteNumber := 1; siteNumber <= siteCount; siteNumber++ { - siteName := fmt.Sprintf("site%d", siteNumber) - podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteName, 0) + podName := fmt.Sprintf(testenv.MultiSiteIndexerPod, deployment.GetName(), siteNumber, 0) testenv.VerifyIndexExistsOnS3(deployment, indexName, podName) } }) diff --git a/test/testenv/secretutil.go b/test/testenv/secretutil.go index f992403db..ac057cee4 100644 --- a/test/testenv/secretutil.go +++ b/test/testenv/secretutil.go @@ -50,8 +50,7 @@ func EncodeBase64(str string) string { } // GetSecretObject Gets the secret object -func GetSecretObject(deployment *Deployment, ns string) *SecretResponse { - secretName := fmt.Sprintf(SecretObjectName, ns) +func GetSecretObject(deployment *Deployment, ns string, secretName string) *SecretResponse { output, err := exec.Command("kubectl", "get", "secret", secretName, "-n", ns, "-o", "jsonpath='{.data}'").Output() if err != nil { cmd := fmt.Sprintf("kubectl get secret %s -n %s -o jsonpath='{.data}'", secretName, ns) @@ -69,33 +68,34 @@ func GetSecretObject(deployment *Deployment, ns string) *SecretResponse { } // GetSecretKey Gets the value to specific key from secret object -func GetSecretKey(deployment *Deployment, ns string, key string) string { - restResponse := GetSecretObject(deployment, ns) +func GetSecretKey(deployment *Deployment, ns string, key string, secretName string) string { + restResponse := GetSecretObject(deployment, ns, secretName) + logf.Log.Info("Secret object encoded values", string(secretName)) //return key based on request switch key { case "hec_token": - key := DecodeBase64(restResponse.HecToken) - return key + value := DecodeBase64(restResponse.HecToken) + return value case "idxc_secret": - key := DecodeBase64(restResponse.IdxcSecret) - return key + value := DecodeBase64(restResponse.IdxcSecret) + return value case "pass4SymmKey": - key := DecodeBase64(restResponse.Pass4SymmKey) - return key + value := DecodeBase64(restResponse.Pass4SymmKey) + return value case "password": - key := DecodeBase64(restResponse.Password) - return key + value := DecodeBase64(restResponse.Password) + return value case "shc_secret": - key := DecodeBase64(restResponse.ShcSecret) - return key + value := DecodeBase64(restResponse.ShcSecret) + return value default: return "Invalid Key" } } //ModifySecretObject Modifies the entire secret object -func ModifySecretObject(deployment *Deployment, data map[string][]byte, ns string) bool { - secretName := fmt.Sprintf(SecretObjectName, ns) +func ModifySecretObject(deployment *Deployment, data map[string][]byte, ns string, secretName string) bool { + logf.Log.Info("Modify secret object", secretName, "with secret", data) secret := newSecretSpec(ns, secretName, data) //Update object using spec err := deployment.UpdateCR(secret) @@ -109,7 +109,8 @@ func ModifySecretObject(deployment *Deployment, data map[string][]byte, ns strin //ModifySecretKey Modifies the specific key in secret object func ModifySecretKey(deployment *Deployment, ns string, key string, value string) bool { //Get current config for update - restResponse := GetSecretObject(deployment, ns) + secretName := fmt.Sprintf(SecretObjectName, ns) + restResponse := GetSecretObject(deployment, ns, secretName) out, err := json.Marshal(restResponse) if err != nil { logf.Log.Error(err, "Failed to parse response") @@ -123,7 +124,21 @@ func ModifySecretKey(deployment *Deployment, ns string, key string, value string return false } //Modify data - data[key] = []byte(EncodeBase64(value)) - modify := ModifySecretObject(deployment, data, ns) + data[key] = []byte(value) + logf.Log.Info("Modify secret object", secretName, "with key", key, "Value", value) + modify := ModifySecretObject(deployment, data, ns, secretName) return modify } + +//GetMountedKey Gets the key mounted on pod +func GetMountedKey(deployment *Deployment, podName string, key string) string { + stdin := fmt.Sprintf("cat /mnt/splunk-secrets/%s", key) + command := []string{"/bin/sh"} + stdout, stderr, err := deployment.PodExecCommand(podName, command, stdin, false) + if err != nil { + logf.Log.Error(err, "Failed to execute command on pod", "pod", podName, "command", command) + return "" + } + logf.Log.Info("key found on pod", "pod", podName, "Key", stdout, "stderr", stderr) + return string(stdout) +} diff --git a/test/testenv/testenv.go b/test/testenv/testenv.go index 8e4be7b87..e9bc88bc7 100644 --- a/test/testenv/testenv.go +++ b/test/testenv/testenv.go @@ -65,12 +65,12 @@ const ( // StandalonePod Template String for standalone pod StandalonePod = "splunk-%s-standalone-%d" + // LicenseMasterPod Template String for standalone pod + LicenseMasterPod = "splunk-%s-license-master-%d" + // IndexerPod Template String for indexer pod IndexerPod = "splunk-%s-idxc-indexer-%d" - // IndexerMultisitePod Template String for indexer pod in multisite cluster - IndexerMultisitePod = "splunk-%s-site%d-indexer-%d" - // MonitoringConsoleSts Montioring Console Statefulset Template MonitoringConsoleSts = "splunk-%s-monitoring-console" @@ -81,12 +81,24 @@ const ( ClusterMasterPod = "splunk-%s-cluster-master-0" // MultiSiteIndexerPod Indexer Pod Template String - MultiSiteIndexerPod = "splunk-%s-%s-indexer-%d" + MultiSiteIndexerPod = "splunk-%s-site%d-indexer-%d" // SecretObjectName Secret object Template SecretObjectName = "splunk-%s-secret" + + // SecretObjectPodName Secret object Template + SecretObjectPodName = "splunk-%s-%s-secret-v%d" ) +//SecretObject Secret Object structure +var SecretObject = map[string]string{ + "HecToken": "hec_token", + "AdminPassword": "password", + "IdxcPass4Symmkey": "idxc_secret", + "ShcPass4Symmkey": "shc_secret", + "GeneralPass4Symmkey": "pass4Symmkey", +} + var ( metricsHost = "0.0.0.0" metricsPort = 8383 diff --git a/test/testenv/verificationutils.go b/test/testenv/verificationutils.go index f95489b63..4af0de42c 100644 --- a/test/testenv/verificationutils.go +++ b/test/testenv/verificationutils.go @@ -423,3 +423,31 @@ func VerifyCPULimits(deployment *Deployment, ns string, podName string, expected return result }, deployment.GetTimeout(), PollInterval).Should(gomega.Equal(true)) } + +// VerifySecretObjectUpdate Check whether the secret object info is pushed to other pods +func VerifySecretObjectUpdate(deployment *Deployment, testenvInstance *TestEnv, verificationPods []string, secretKey string, modifiedKey string) { + gomega.Equal(func() bool { + for _, pod := range verificationPods { + key := GetSecretKey(deployment, testenvInstance.GetName(), secretKey, pod) + if key != modifiedKey { + testenvInstance.Log.Info("Key", modifiedKey, "not updated on pod", "Pod", pod, "Key found", key) + return false + } + } + return true + }) +} + +// VerifySecretPodUpdate Check whether the secret object info is mounted on all pods +func VerifySecretPodUpdate(deployment *Deployment, testenvInstance *TestEnv, verificationPods []string, secretKey string, modifiedKey string) { + gomega.Equal(func() bool { + for _, pod := range verificationPods { + key := GetMountedKey(deployment, pod, secretKey) + if key != modifiedKey { + testenvInstance.Log.Info("Key", modifiedKey, "not updated on pod", "Pod", pod, "Key found", key) + return false + } + } + return true + }) +}