Skip to content

Cspl 545: Secret object Delete scenario with standalone deployment #289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 24, 2021
Merged

Cspl 545: Secret object Delete scenario with standalone deployment #289

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2224831
CSPL-545: Secret object Delete scenario with standalone deployment
tpereirasplunk Mar 22, 2021
22a4d82
CSPL-545: Secret object Delete scenario with standalone deployment
tpereirasplunk Mar 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 121 additions & 9 deletions test/secret/secret_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,8 @@ var _ = Describe("secret test", func() {
secretObj.Data.HecToken = testenv.EncodeBase64(modifiedHecToken)
secretObj.Data.Password = testenv.EncodeBase64(modifedKeyValue)
secretObj.Data.Pass4SymmKey = testenv.EncodeBase64(modifedKeyValue)
testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj)
err = testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj, false /*delete*/)
Expect(err).To(Succeed(), "Unable to update secret Object")

// Ensure standalone is updating
testenv.VerifyStandalonePhase(deployment, testenvInstance, deployment.GetName(), splcommon.PhaseUpdating)
Expand All @@ -91,7 +92,7 @@ var _ = Describe("secret test", func() {
// Verify MC Pod is Ready
testenv.MCPodReady(testenvInstance.GetName(), deployment)

// Once system is up after update check each pod for secret key update
// Once Pods are READY check each versioned secret for updated secret keys
standaloneSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "standalone", 2)
licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2)
monitoringConsoleSecretName := fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 2)
Expand All @@ -106,7 +107,7 @@ var _ = Describe("secret test", func() {
// Verify that Pass4SymmKey is updated
testenv.VerifySecretObjectUpdated(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey))

// All pods to be used to check for secret object update
// Once Pods are READY check each pod for updated secret keys
standalonePodName := fmt.Sprintf(testenv.StandalonePod, deployment.GetName(), 0)
licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0)
monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0)
Expand All @@ -120,6 +121,115 @@ var _ = Describe("secret test", func() {

// Verify that Pass4SymmKey is updated
testenv.VerifySecretsUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey))

// Delete secret key
err = testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj, true /*delete*/)
Expect(err).To(Succeed(), "Unable to delete secret Object")

// Ensure standalone is updating
testenv.VerifyStandalonePhase(deployment, testenvInstance, deployment.GetName(), splcommon.PhaseUpdating)

// Wait for License Master to be in READY status
testenv.LicenseMasterReady(deployment, testenvInstance)

// Wait for Standalone to be in READY status
testenv.StandaloneReady(deployment, deployment.GetName(), standalone, testenvInstance)

// Verify MC Pod is Ready
testenv.MCPodReady(testenvInstance.GetName(), deployment)

// Once Pods are READY check each versioned secret for updated secret keys
standaloneSecretName = fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "standalone", 3)
licenseMasterSecretName = fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 3)
monitoringConsoleSecretName = fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 3)
verificationSecrets = []string{standaloneSecretName, licenseMasterSecretName, monitoringConsoleSecretName}

// Verify that new HEC TOKEN is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["HecToken"], testenv.DecodeBase64(secretObj.Data.HecToken))

// Verify that new Admin Password is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["AdminPassword"], testenv.DecodeBase64(secretObj.Data.Password))

// Verify that new Pass4SymmKey is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey))

// Verify that new IdxcSecret is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["IdxcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.IdxcSecret))

// Verify that new ShcSecret is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret))

// Verify that new HEC TOKEN is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["HecToken"], testenv.DecodeBase64(secretObj.Data.HecToken))

// Verify that new Admin Password is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["AdminPassword"], testenv.DecodeBase64(secretObj.Data.Password))

// Verify that new Pass4SymmKey is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey))

// Verify that new IdxcSecret is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["IdxcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.IdxcSecret))

// Verify that new ShcSecret is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret))

// secret object for reference comparison
secretObj = testenv.GetSecretObject(deployment, testenvInstance.GetName(), secretName)

// delete secret by passing empty data in spec
var data map[string][]byte
err = testenv.ModifySecretObject(deployment, data, testenvInstance.GetName(), secretName)
Expect(err).To(Succeed(), "Unable to delete secret Object")

// Ensure standalone is updating
testenv.VerifyStandalonePhase(deployment, testenvInstance, deployment.GetName(), splcommon.PhaseUpdating)

// Wait for License Master to be in READY status
testenv.LicenseMasterReady(deployment, testenvInstance)

// Wait for Standalone to be in READY status
testenv.StandaloneReady(deployment, deployment.GetName(), standalone, testenvInstance)

// Verify MC Pod is Ready
testenv.MCPodReady(testenvInstance.GetName(), deployment)

// Once Pods are READY check each versioned secret for updated secret keys
standaloneSecretName = fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "standalone", 4)
licenseMasterSecretName = fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 4)
monitoringConsoleSecretName = fmt.Sprintf(testenv.SecretObjectPodName, testenvInstance.GetName(), "monitoring-console", 4)
verificationSecrets = []string{standaloneSecretName, licenseMasterSecretName, monitoringConsoleSecretName}

// Verify that new HEC TOKEN is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["HecToken"], testenv.DecodeBase64(secretObj.Data.HecToken))

// Verify that new Admin Password is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["AdminPassword"], testenv.DecodeBase64(secretObj.Data.Password))

// Verify that new Pass4SymmKey is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey))

// Verify that new IdxcSecret is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["IdxcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.IdxcSecret))

// Verify that new ShcSecret is created
testenv.VerifyNewSecretValueOnVersionedSecretObject(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret))

// Verify that new HEC TOKEN is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["HecToken"], testenv.DecodeBase64(secretObj.Data.HecToken))

// Verify that new Admin Password is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["AdminPassword"], testenv.DecodeBase64(secretObj.Data.Password))

// Verify that new Pass4SymmKey is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["Pass4SymmKey"], testenv.DecodeBase64(secretObj.Data.Pass4SymmKey))

// Verify that new IdxcSecret is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["IdxcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.IdxcSecret))

// Verify that new ShcSecret is updated on pod
testenv.VerifyNewVersionedSecretValueUpdatedOnPod(deployment, testenvInstance, verificationPods, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret))

})
})

Expand Down Expand Up @@ -167,7 +277,8 @@ var _ = Describe("secret test", func() {
secretObj.Data.Pass4SymmKey = testenv.EncodeBase64(modifedKeyValue)
secretObj.Data.IdxcSecret = testenv.EncodeBase64(modifedKeyValue)
secretObj.Data.ShcSecret = testenv.EncodeBase64(modifedKeyValue)
testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj)
err = testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj, false /*delete*/)
Expect(err).To(Succeed(), "Unable to update secret Object")

// Ensure that Cluster Master goes to update phase
testenv.VerifyClusterMasterPhase(deployment, testenvInstance, splcommon.PhaseUpdating)
Expand All @@ -190,7 +301,7 @@ var _ = Describe("secret test", func() {
// Verify RF SF is met
testenv.VerifyRFSFMet(deployment, testenvInstance)

// Once PODS are up after update check each pod for secret key update
// Once Pods are READY check each versioned secret for updated secret keys
clusterMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "cluster-master", 2)
indexerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "idxc-indexer", 2)
licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2)
Expand All @@ -214,7 +325,7 @@ var _ = Describe("secret test", func() {
// Verify that ShcPass4Symmkey is updated
testenv.VerifySecretObjectUpdated(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret))

// All pods to be used to check for secret object update
// Once Pods are READY check each pod for updated secret keys
clusterMasterPodName := fmt.Sprintf(testenv.ClusterMasterPod, deployment.GetName())
licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0)
monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0)
Expand Down Expand Up @@ -289,7 +400,8 @@ var _ = Describe("secret test", func() {
secretObj.Data.Pass4SymmKey = testenv.EncodeBase64(modifedKeyValue)
secretObj.Data.IdxcSecret = testenv.EncodeBase64(modifedKeyValue)
secretObj.Data.ShcSecret = testenv.EncodeBase64(modifedKeyValue)
testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj)
err = testenv.UpdateSecret(deployment, testenvInstance.GetName(), secretObj, false /*delete*/)
Expect(err).To(Succeed(), "Unable to update secret Object")

// Ensure that Cluster Master goes to update phase
testenv.VerifyClusterMasterPhase(deployment, testenvInstance, splcommon.PhaseUpdating)
Expand All @@ -309,7 +421,7 @@ var _ = Describe("secret test", func() {
// Verify MC Pod is Ready
testenv.MCPodReady(testenvInstance.GetName(), deployment)

// Once POS are up after update check each pod for secret key update
// Once Pods are READY check each versioned secret for updated secret keys
clusterMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "cluster-master", 2)
licenseMasterSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "license-master", 2)
searchHeadDeployerSecretName := fmt.Sprintf(testenv.SecretObjectPodName, deployment.GetName(), "shc-deployer", 2)
Expand All @@ -335,7 +447,7 @@ var _ = Describe("secret test", func() {
// Verify that ShcPass4Symmkey is updated
testenv.VerifySecretObjectUpdated(deployment, testenvInstance, verificationSecrets, testenv.SecretObject["ShcPass4Symmkey"], testenv.DecodeBase64(secretObj.Data.ShcSecret))

// All pods to be used to check for secret object update
// Once Pods are READY check each versioned secret for updated secret keys
clusterMasterPodName := fmt.Sprintf(testenv.ClusterMasterPod, deployment.GetName())
licenseMasterPodName := fmt.Sprintf(testenv.LicenseMasterPod, deployment.GetName(), 0)
monitoringConsolePodName := fmt.Sprintf(testenv.MonitoringConsolePod, testenvInstance.GetName(), 0)
Expand Down
55 changes: 35 additions & 20 deletions test/testenv/secretutil.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,53 +88,63 @@ func GetSecretKey(deployment *Deployment, ns string, key string, secretName stri
}
logf.Log.Info("Get secret object encoded value", "Secret Name", secretName, "Key", key)
value := "Invalid Key"
if key == "hec_token" {
switch key {
case "hec_token":
value = DecodeBase64(restResponse.Data.HecToken)
}
if key == "idxc_secret" {
case "idxc_secret":
value = DecodeBase64(restResponse.Data.IdxcSecret)
}
if key == "pass4SymmKey" {
case "pass4SymmKey":
value = DecodeBase64(restResponse.Data.Pass4SymmKey)
}
if key == "password" {
case "password":
value = DecodeBase64(restResponse.Data.Password)
}
if key == "shc_secret" {
case "shc_secret":
value = DecodeBase64(restResponse.Data.ShcSecret)
}
return value
}

//ModifySecretObject Modifies the entire secret object
func ModifySecretObject(deployment *Deployment, data map[string][]byte, ns string, secretName string) bool {
func ModifySecretObject(deployment *Deployment, data map[string][]byte, ns string, secretName string) error {
logf.Log.Info("Modify secret object", "Secret Name", secretName, "Data", data)
secret := newSecretSpec(ns, secretName, data)
//Update object using spec
err := deployment.UpdateCR(secret)
if err != nil {
logf.Log.Error(err, "Unable to update secret object")
return false
return err
}
return nil
}

//DeleteSecretObject Modifies the entire secret object
func DeleteSecretObject(deployment *Deployment, data map[string][]byte, ns string, secretName string) error {
logf.Log.Info("Delete secret object", "Secret Name", secretName)
secret := newSecretSpec(ns, secretName, data)
//Update object using spec
err := deployment.DeleteCR(secret)
if err != nil {
logf.Log.Error(err, "Unable to delete secret object")
return err
}
return true
return nil
}

//ModifySecretKey Modifies the specific key in secret object
func ModifySecretKey(deployment *Deployment, ns string, key string, value string) bool {
func ModifySecretKey(deployment *Deployment, ns string, key string, value string) error {
//Get current config for update
secretName := fmt.Sprintf(SecretObjectName, ns)
restResponse := GetSecretObject(deployment, ns, secretName)
out, err := json.Marshal(restResponse.Data)
if err != nil {
logf.Log.Error(err, "Failed to parse response")
return false
return err
}
//Convert object to map for update
var data map[string][]byte
err = json.Unmarshal([]byte(out), &data)
if err != nil {
logf.Log.Error(err, "Failed to parse response")
return false
return err
}
//Modify data
data[key] = []byte(value)
Expand All @@ -144,22 +154,27 @@ func ModifySecretKey(deployment *Deployment, ns string, key string, value string
}

// UpdateSecret Updates the secret object based on SecretResponse Struct
func UpdateSecret(deployment *Deployment, ns string, secretObj SecretResponse) (bool, error) {
func UpdateSecret(deployment *Deployment, ns string, secretObj SecretResponse, delete bool) error {
secretName := fmt.Sprintf(SecretObjectName, ns)
secretDataString, err := json.Marshal(secretObj.Data)
if err != nil {
logf.Log.Error(err, "Failed to parse response")
return false, err
return err
}
//Convert object to map for update
var data map[string][]byte
err = json.Unmarshal([]byte(secretDataString), &data)
if err != nil {
logf.Log.Error(err, "Failed to parse response")
return false, err
return err
}
modify := ModifySecretObject(deployment, data, ns, secretName)
return modify, err
// Update or delete the secret object based on delete parameter
if delete {
err = DeleteSecretObject(deployment, data, ns, secretName)
} else {
err = ModifySecretObject(deployment, data, ns, secretName)
}
return err
}

//GetMountedKey Gets the key mounted on pod
Expand Down
30 changes: 30 additions & 0 deletions test/testenv/verificationutils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -441,6 +441,36 @@ func VerifySecretsUpdatedOnPod(deployment *Deployment, testenvInstance *TestEnv,
}
}

// VerifyNewSecretValueOnVersionedSecretObject Check whether the new versioned secret object is created with new value
func VerifyNewSecretValueOnVersionedSecretObject(deployment *Deployment, testenvInstance *TestEnv, verificationSecrets []string, secretKey string, previousValue string) {
for _, secretObject := range verificationSecrets {
found := false
currentValue := GetSecretKey(deployment, testenvInstance.GetName(), secretKey, secretObject)
if currentValue == previousValue {
testenvInstance.Log.Info("New Key Not created ", "Secret Object Name", secretObject, "Secret Key", secretKey, "Previous Value of Key", previousValue, "Key Value found", currentValue)
} else {
testenvInstance.Log.Info("New key created ", "Secret Object Name", secretObject, "Secret Key", secretKey, "Previous Value of Key", previousValue, "Key Value found", currentValue)
found = true
}
gomega.Expect(found).Should(gomega.Equal(true))
}
}

// VerifyNewVersionedSecretValueUpdatedOnPod Check whether the new secret object value is mounted on all pods
func VerifyNewVersionedSecretValueUpdatedOnPod(deployment *Deployment, testenvInstance *TestEnv, verificationPods []string, secretKey string, previousValue string) {
for _, pod := range verificationPods {
found := false
currentValue := GetMountedKey(deployment, pod, secretKey)
if currentValue == previousValue {
testenvInstance.Log.Info("New Key not updated on pod", "Pod Name ", pod, "Secret Key", secretKey, "Previous Value of Key", previousValue, "Key Value found", currentValue)
} else {
testenvInstance.Log.Info("New Key verified on pod", "Pod Name ", pod, "Secret Key", secretKey, "Previous Value of Key", previousValue, "Key Value found", currentValue)
found = true
}
gomega.Expect(found).Should(gomega.Equal(true))
}
}

// VerifyClusterMasterPhase verify phase of cluster master
func VerifyClusterMasterPhase(deployment *Deployment, testenvInstance *TestEnv, phase splcommon.Phase) {
cm := &enterprisev1.ClusterMaster{}
Expand Down