From 2224831ba2025adf28065775ab1fe8cdb1e1390f Mon Sep 17 00:00:00 2001 From: tpereirasplunk Date: Mon, 22 Mar 2021 13:49:00 -0700 Subject: [PATCH 1/2] CSPL-545: Secret object Delete scenario with standalone deployment --- test/secret/secret_test.go | 130 +++++++++++++++++++++++++++--- test/testenv/deployment.go | 7 ++ test/testenv/secretutil.go | 55 ++++++++----- test/testenv/verificationutils.go | 30 +++++++ 4 files changed, 193 insertions(+), 29 deletions(-) diff --git a/test/secret/secret_test.go b/test/secret/secret_test.go index 1041276d4..de3e5d49d 100644 --- a/test/secret/secret_test.go +++ b/test/secret/secret_test.go @@ -77,7 +77,8 @@ var _ = Describe("secret test", func() { secretObj.Data.HecToken = testenv.EncodeBase64(modifiedHecToken) secretObj.Data.Password = testenv.EncodeBase64(modifedKeyValue) secretObj.Data.Pass4SymmKey = testenv.EncodeBase64(modifedKeyValue) - testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj) + err = testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj, false /*delete*/) + Expect(err).To(Succeed(), "Unable to update secret Object") // Ensure standalone is updating testenv.VerifyStandalonePhase(deployment, testenvInstance, deployment.GetName(), splcommon.PhaseUpdating) @@ -91,7 +92,7 @@ var _ = Describe("secret test", func() { // Verify MC Pod is Ready testenv.MCPodReady(testenvInstance.GetName(), deployment) - // Once system is up after update check each pod for secret key update + // Once Pods are READY check each versioned secret for updated secret keys standaloneSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "standalone", 2) licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2) monitoringConsoleSecretName := fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 2) @@ -106,7 +107,7 @@ var _ = Describe("secret test", func() { // Verify that Pass4SymmKey is updated testenv.VerifySecretObjectUpdated(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey)) - // All pods to be used to check for secret object update + // Once Pods are READY check each pod for updated secret keys standalonePodName := fmt.Sprintf(testenv.StandalonePod, deployment.GetName(), 0) licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0) monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0) @@ -120,6 +121,115 @@ var _ = Describe("secret test", func() { // Verify that Pass4SymmKey is updated testenv.VerifySecretsUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey)) + + // Delete secret key + err = testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj, true /*delete*/) + Expect(err).To(Succeed(), "Unable to delete secret Object") + + // Ensure standalone is updating + testenv.VerifyStandalonePhase(deployment, testenvInstance, deployment.GetName(), splcommon.PhaseUpdating) + + // Wait for License Master to be in READY status + testenv.LicenseMasterReady(deployment, testenvInstance) + + // Wait for Standalone to be in READY status + testenv.StandaloneReady(deployment, deployment.GetName(), standalone, testenvInstance) + + // Verify MC Pod is Ready + testenv.MCPodReady(testenvInstance.GetName(), deployment) + + // Once Pods are READY check each versioned secret for updated secret keys + standaloneSecretName = fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "standalone", 3) + licenseMasterSecretName = fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 3) + monitoringConsoleSecretName = fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 3) + verificationSecrets = []string{standaloneSecretName, licenseMasterSecretName, monitoringConsoleSecretName} + + // Verify that new HEC TOKEN is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["HecToken"], testenv.DecodeBase64(secretObj.Data.HecToken)) + + // Verify that new Admin Password is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["AdminPassword"], testenv.DecodeBase64(secretObj.Data.Password)) + + // Verify that new Pass4SymmKey is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey)) + + // Verify that new IdxcSecret is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["IdxcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.IdxcSecret)) + + // Verify that new ShcSecret is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret)) + + // Verify that new HEC TOKEN is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["HecToken"], testenv.DecodeBase64(secretObj.Data.HecToken)) + + // Verify that new Admin Password is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["AdminPassword"], testenv.DecodeBase64(secretObj.Data.Password)) + + // Verify that new Pass4SymmKey is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey)) + + // Verify that new IdxcSecret is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["IdxcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.IdxcSecret)) + + // Verify that new ShcSecret is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret)) + + // secret object for reference comparison + secretObj = testenv.GetSecretObject(deployment, testenvInstance.GetName(), secretName) + + // delete secret by passing empty data in spec + var data map[string][]byte + err = testenv.ModifySecretObject(deployment, data, testenvInstance.GetName(), secretName) + Expect(err).To(Succeed(), "Unable to delete secret Object") + + // Ensure standalone is updating + testenv.VerifyStandalonePhase(deployment, testenvInstance, deployment.GetName(), splcommon.PhaseUpdating) + + // Wait for License Master to be in READY status + testenv.LicenseMasterReady(deployment, testenvInstance) + + // Wait for Standalone to be in READY status + testenv.StandaloneReady(deployment, deployment.GetName(), standalone, testenvInstance) + + // Verify MC Pod is Ready + testenv.MCPodReady(testenvInstance.GetName(), deployment) + + // Once Pods are READY check each versioned secret for updated secret keys + standaloneSecretName = fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "standalone", 4) + licenseMasterSecretName = fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 4) + monitoringConsoleSecretName = fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 4) + verificationSecrets = []string{standaloneSecretName, licenseMasterSecretName, monitoringConsoleSecretName} + + // Verify that new HEC TOKEN is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["HecToken"], testenv.DecodeBase64(secretObj.Data.HecToken)) + + // Verify that new Admin Password is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["AdminPassword"], testenv.DecodeBase64(secretObj.Data.Password)) + + // Verify that new Pass4SymmKey is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey)) + + // Verify that new IdxcSecret is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["IdxcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.IdxcSecret)) + + // Verify that new ShcSecret is created + testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret)) + + // Verify that new HEC TOKEN is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["HecToken"], testenv.DecodeBase64(secretObj.Data.HecToken)) + + // Verify that new Admin Password is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["AdminPassword"], testenv.DecodeBase64(secretObj.Data.Password)) + + // Verify that new Pass4SymmKey is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey)) + + // Verify that new IdxcSecret is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["IdxcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.IdxcSecret)) + + // Verify that new ShcSecret is updated on pod + testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret)) + }) }) @@ -167,7 +277,8 @@ var _ = Describe("secret test", func() { secretObj.Data.Pass4SymmKey = testenv.EncodeBase64(modifedKeyValue) secretObj.Data.IdxcSecret = testenv.EncodeBase64(modifedKeyValue) secretObj.Data.ShcSecret = testenv.EncodeBase64(modifedKeyValue) - testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj) + err = testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj, false /*delete*/) + Expect(err).To(Succeed(), "Unable to update secret Object") // Ensure that Cluster Master goes to update phase testenv.VerifyClusterMasterPhase(deployment, testenvInstance, splcommon.PhaseUpdating) @@ -190,7 +301,7 @@ var _ = Describe("secret test", func() { // Verify RF SF is met testenv.VerifyRFSFMet(deployment, testenvInstance) - // Once PODS are up after update check each pod for secret key update + // Once Pods are READY check each versioned secret for updated secret keys clusterMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "cluster-master", 2) indexerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "idxc-indexer", 2) licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2) @@ -214,7 +325,7 @@ var _ = Describe("secret test", func() { // Verify that ShcPass4Symmkey is updated testenv.VerifySecretObjectUpdated(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret)) - // All pods to be used to check for secret object update + // Once Pods are READY check each pod for updated secret keys clusterMasterPodName := fmt.Sprintf(testenv.ClusterMasterPod, deployment.GetName()) licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0) monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0) @@ -289,7 +400,8 @@ var _ = Describe("secret test", func() { secretObj.Data.Pass4SymmKey = testenv.EncodeBase64(modifedKeyValue) secretObj.Data.IdxcSecret = testenv.EncodeBase64(modifedKeyValue) secretObj.Data.ShcSecret = testenv.EncodeBase64(modifedKeyValue) - testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj) + err = testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj, false /*delete*/) + Expect(err).To(Succeed(), "Unable to update secret Object") // Ensure that Cluster Master goes to update phase testenv.VerifyClusterMasterPhase(deployment, testenvInstance, splcommon.PhaseUpdating) @@ -309,7 +421,7 @@ var _ = Describe("secret test", func() { // Verify MC Pod is Ready testenv.MCPodReady(testenvInstance.GetName(), deployment) - // Once POS are up after update check each pod for secret key update + // Once Pods are READY check each versioned secret for updated secret keys clusterMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "cluster-master", 2) licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2) searchHeadDeployerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "shc-deployer", 2) @@ -335,7 +447,7 @@ var _ = Describe("secret test", func() { // Verify that ShcPass4Symmkey is updated testenv.VerifySecretObjectUpdated(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret)) - // All pods to be used to check for secret object update + // Once Pods are READY check each versioned secret for updated secret keys clusterMasterPodName := fmt.Sprintf(testenv.ClusterMasterPod, deployment.GetName()) licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0) monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0) diff --git a/test/testenv/deployment.go b/test/testenv/deployment.go index 322a9664b..6faf0bea8 100644 --- a/test/testenv/deployment.go +++ b/test/testenv/deployment.go @@ -277,6 +277,13 @@ func (d *Deployment) DeleteCR(cr runtime.Object) error { return err } +// DeleteCR method to delete existing CR spec +func (d *Deployment) DeleteCR(cr runtime.Object) error { + + err := d.testenv.GetKubeClient().Delete(context.TODO(), cr) + return err +} + // DeploySingleSiteCluster deploys a lm and indexer cluster (shc optional) func (d *Deployment) DeploySingleSiteCluster(name string, indexerReplicas int, shc bool) error { diff --git a/test/testenv/secretutil.go b/test/testenv/secretutil.go index 1c15c5205..e56b03af8 100644 --- a/test/testenv/secretutil.go +++ b/test/testenv/secretutil.go @@ -88,53 +88,63 @@ func GetSecretKey(deployment *Deployment, ns string, key string, secretName stri } logf.Log.Info("Get secret object encoded value", "Secret Name", secretName, "Key", key) value := "Invalid Key" - if key == "hec_token" { + switch key { + case "hec_token": value = DecodeBase64(restResponse.Data.HecToken) - } - if key == "idxc_secret" { + case "idxc_secret": value = DecodeBase64(restResponse.Data.IdxcSecret) - } - if key == "pass4SymmKey" { + case "pass4SymmKey": value = DecodeBase64(restResponse.Data.Pass4SymmKey) - } - if key == "password" { + case "password": value = DecodeBase64(restResponse.Data.Password) - } - if key == "shc_secret" { + case "shc_secret": value = DecodeBase64(restResponse.Data.ShcSecret) } return value } //ModifySecretObject Modifies the entire secret object -func ModifySecretObject(deployment *Deployment, data map[string][]byte, ns string, secretName string) bool { +func ModifySecretObject(deployment *Deployment, data map[string][]byte, ns string, secretName string) error { logf.Log.Info("Modify secret object", "Secret Name", secretName, "Data", data) secret := newSecretSpec(ns, secretName, data) //Update object using spec err := deployment.UpdateCR(secret) if err != nil { logf.Log.Error(err, "Unable to update secret object") - return false + return err + } + return nil +} + +//DeleteSecretObject Modifies the entire secret object +func DeleteSecretObject(deployment *Deployment, data map[string][]byte, ns string, secretName string) error { + logf.Log.Info("Delete secret object", "Secret Name", secretName) + secret := newSecretSpec(ns, secretName, data) + //Update object using spec + err := deployment.DeleteCR(secret) + if err != nil { + logf.Log.Error(err, "Unable to delete secret object") + return err } - return true + return nil } //ModifySecretKey Modifies the specific key in secret object -func ModifySecretKey(deployment *Deployment, ns string, key string, value string) bool { +func ModifySecretKey(deployment *Deployment, ns string, key string, value string) error { //Get current config for update secretName := fmt.Sprintf(SecretObjectName, ns) restResponse := GetSecretObject(deployment, ns, secretName) out, err := json.Marshal(restResponse.Data) if err != nil { logf.Log.Error(err, "Failed to parse response") - return false + return err } //Convert object to map for update var data map[string][]byte err = json.Unmarshal([]byte(out), &data) if err != nil { logf.Log.Error(err, "Failed to parse response") - return false + return err } //Modify data data[key] = []byte(value) @@ -144,22 +154,27 @@ func ModifySecretKey(deployment *Deployment, ns string, key string, value string } // UpdateSecret Updates the secret object based on SecretResponse Struct -func UpdateSecret(deployment *Deployment, ns string, secretObj SecretResponse) (bool, error) { +func UpdateSecret(deployment *Deployment, ns string, secretObj SecretResponse, delete bool) error { secretName := fmt.Sprintf(SecretObjectName, ns) secretDataString, err := json.Marshal(secretObj.Data) if err != nil { logf.Log.Error(err, "Failed to parse response") - return false, err + return err } //Convert object to map for update var data map[string][]byte err = json.Unmarshal([]byte(secretDataString), &data) if err != nil { logf.Log.Error(err, "Failed to parse response") - return false, err + return err } - modify := ModifySecretObject(deployment, data, ns, secretName) - return modify, err + // Update or delete the secret object based on delete parameter + if delete { + err = DeleteSecretObject(deployment, data, ns, secretName) + } else { + err = ModifySecretObject(deployment, data, ns, secretName) + } + return err } //GetMountedKey Gets the key mounted on pod diff --git a/test/testenv/verificationutils.go b/test/testenv/verificationutils.go index 9e5ec38e7..ebcbc03aa 100644 --- a/test/testenv/verificationutils.go +++ b/test/testenv/verificationutils.go @@ -441,6 +441,36 @@ func VerifySecretsUpdatedOnPod(deployment *Deployment, testenvInstance *TestEnv, } } +// VerifyNewSecretValueOnVersionedSecretObject Check whether the new versioned secret object is created with new value +func VerifyNewSecretValueOnVersionedSecretObject(deployment *Deployment, testenvInstance *TestEnv, verificationSecrets []string, secretKey string, previousValue string) { + for _, secretObject := range verificationSecrets { + found := false + currentValue := GetSecretKey(deployment, testenvInstance.GetName(), secretKey, secretObject) + if currentValue == previousValue { + testenvInstance.Log.Info("New Key Not created ", "Secret Object Name", secretObject, "Secret Key", secretKey, "Previous Value of Key", previousValue, "Key Value found", currentValue) + } else { + testenvInstance.Log.Info("New key created ", "Secret Object Name", secretObject, "Secret Key", secretKey, "Previous Value of Key", previousValue, "Key Value found", currentValue) + found = true + } + gomega.Expect(found).Should(gomega.Equal(true)) + } +} + +// VerifyNewVersionedSecretValueUpdatedOnPod Check whether the new secret object value is mounted on all pods +func VerifyNewVersionedSecretValueUpdatedOnPod(deployment *Deployment, testenvInstance *TestEnv, verificationPods []string, secretKey string, previousValue string) { + for _, pod := range verificationPods { + found := false + currentValue := GetMountedKey(deployment, pod, secretKey) + if currentValue == previousValue { + testenvInstance.Log.Info("New Key not updated on pod", "Pod Name ", pod, "Secret Key", secretKey, "Previous Value of Key", previousValue, "Key Value found", currentValue) + } else { + testenvInstance.Log.Info("New Key verified on pod", "Pod Name ", pod, "Secret Key", secretKey, "Previous Value of Key", previousValue, "Key Value found", currentValue) + found = true + } + gomega.Expect(found).Should(gomega.Equal(true)) + } +} + // VerifyClusterMasterPhase verify phase of cluster master func VerifyClusterMasterPhase(deployment *Deployment, testenvInstance *TestEnv, phase splcommon.Phase) { cm := &enterprisev1.ClusterMaster{} From 22a4d82837b97121fbec476888434aa00c01ced1 Mon Sep 17 00:00:00 2001 From: tpereirasplunk Date: Mon, 22 Mar 2021 13:49:00 -0700 Subject: [PATCH 2/2] CSPL-545: Secret object Delete scenario with standalone deployment --- test/testenv/deployment.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/test/testenv/deployment.go b/test/testenv/deployment.go index 6faf0bea8..322a9664b 100644 --- a/test/testenv/deployment.go +++ b/test/testenv/deployment.go @@ -277,13 +277,6 @@ func (d *Deployment) DeleteCR(cr runtime.Object) error { return err } -// DeleteCR method to delete existing CR spec -func (d *Deployment) DeleteCR(cr runtime.Object) error { - - err := d.testenv.GetKubeClient().Delete(context.TODO(), cr) - return err -} - // DeploySingleSiteCluster deploys a lm and indexer cluster (shc optional) func (d *Deployment) DeploySingleSiteCluster(name string, indexerReplicas int, shc bool) error {