Skip to content
This repository was archived by the owner on Jul 26, 2022. It is now read-only.

Commit dfa210b

Browse files
moolenFlydiverny
moolen
authored and
Flydiverny
committed
feat: implement basic e2e tests (#207)
1 parent 5527530 commit dfa210b

14 files changed

+794
-8
lines changed

.travis.yml

+9
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
sudo: false
22
language: node_js
3+
services:
4+
- docker
35
matrix:
46
fast_finish: true
57
include:
@@ -9,6 +11,13 @@ before_install:
911
# package-lock.json was introduced in npm@5
1012
- '[[ $(node -v) =~ ^v9.*$ ]] || npm install -g npm@latest' # skipped when using node 9
1113
- npm install -g greenkeeper-lockfile
14+
# kubectl, kind, helm
15+
- curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
16+
- curl -Lo kind https://github.com/kubernetes-sigs/kind/releases/download/v0.5.1/kind-linux-amd64 && chmod +x kind && sudo mv kind /usr/local/bin/
17+
- curl -Lo helm.tgz https://get.helm.sh/helm-v2.16.0-linux-amd64.tar.gz && tar -zxvf helm.tgz && sudo mv linux-amd64/helm /usr/local/bin/helm
1218
before_script: greenkeeper-lockfile-update
1319
after_script: greenkeeper-lockfile-upload
1420
install: npm install
21+
script:
22+
- npm test
23+
- npm run test-e2e

config/aws-config.js

+24-7
Original file line numberDiff line numberDiff line change
@@ -2,23 +2,40 @@
22

33
/* eslint-disable no-process-env */
44
const AWS = require('aws-sdk')
5+
const clonedeep = require('lodash.clonedeep')
6+
const merge = require('lodash.merge')
57

68
const localstack = process.env.LOCALSTACK || 0
79

8-
const secretsManagerConfig = localstack ? { endpoint: 'http://localhost:4584', region: 'us-west-2' } : {}
9-
const systemManagerConfig = localstack ? { endpoint: 'http://localhost:4583', region: 'us-west-2' } : {}
10-
const stsConfig = localstack ? { endpoint: 'http://localhost:4592', region: 'us-west-2' } : {}
10+
let secretsManagerConfig = {}
11+
let systemManagerConfig = {}
12+
let stsConfig = {}
13+
14+
if (localstack) {
15+
secretsManagerConfig = {
16+
endpoint: process.env.LOCALSTACK_SM_URL || 'http://localhost:4584',
17+
region: process.env.AWS_REGION || 'us-west-2'
18+
}
19+
systemManagerConfig = {
20+
endpoint: process.env.LOCALSTACK_SSM_URL || 'http://localhost:4583',
21+
region: process.env.AWS_REGION || 'us-west-2'
22+
}
23+
stsConfig = {
24+
endpoint: process.env.LOCALSTACK_STS_URL || 'http://localhost:4592',
25+
region: process.env.AWS_REGION || 'us-west-2'
26+
}
27+
}
1128

1229
module.exports = {
13-
secretsManagerFactory: (opts) => {
30+
secretsManagerFactory: (opts = {}) => {
1431
if (localstack) {
15-
opts = secretsManagerConfig
32+
opts = merge(clonedeep(opts), secretsManagerConfig)
1633
}
1734
return new AWS.SecretsManager(opts)
1835
},
19-
systemManagerFactory: (opts) => {
36+
systemManagerFactory: (opts = {}) => {
2037
if (localstack) {
21-
opts = systemManagerConfig
38+
opts = merge(clonedeep(opts), systemManagerConfig)
2239
}
2340
return new AWS.SSM(opts)
2441
},

config/index.js

+2
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ const systemManagerBackend = new SystemManagerBackend({
4949
const vaultClient = vault({ apiVersion: 'v1', endpoint: envConfig.vaultEndpoint })
5050
const vaultBackend = new VaultBackend({ client: vaultClient, logger })
5151
const backends = {
52+
// when adding a new backend, make sure to change the CRD property too
5253
secretsManager: secretsManagerBackend,
5354
systemManager: systemManagerBackend,
5455
vault: vaultBackend
@@ -58,6 +59,7 @@ const backends = {
5859
backends.secretManager = secretsManagerBackend
5960

6061
module.exports = {
62+
awsConfig,
6163
backends,
6264
customResourceManager,
6365
customResourceManifest,

e2e/Dockerfile

+14
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
FROM node:12.13.0-alpine
2+
3+
RUN npm install [email protected] -g
4+
5+
# Setup source directory
6+
RUN mkdir /app
7+
WORKDIR /app
8+
COPY package.json package-lock.json /app/
9+
RUN npm install
10+
11+
# Copy app to source directory
12+
COPY . /app
13+
14+
CMD ["/app/node_modules/.bin/mocha", "--timeout", "10000", "/app/e2e/tests/*.test.js"]

e2e/README.md

+83
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
# e2e tests
2+
3+
## Running e2e tests
4+
5+
Prerequisites:
6+
* docker
7+
* kind
8+
* helm
9+
* kubectl
10+
11+
Run them from the root of the repository `npm run test-e2e`.
12+
13+
14+
## Developing e2e tests
15+
16+
To better understand how they are being run take a look at `run-e2e-suite.sh`.
17+
18+
1. Prepare the environment
19+
20+
```
21+
kind create cluster \
22+
--name es-dev-cluster \
23+
--config ./kind.yaml \
24+
--image "kindest/node:v1.15.3"
25+
26+
export KUBECONFIG="$(kind get kubeconfig-path --name="es-dev-cluster")"
27+
28+
# build & load images
29+
docker build -t external-secrets:test -f ../Dockerfile ../
30+
kind load docker-image --name="es-dev-cluster" external-secrets:test
31+
32+
# prep localstack
33+
kubectl apply -f ./localstack.deployment.yaml
34+
35+
# deploy external secrets
36+
helm template ../charts/kubernetes-external-secrets \
37+
--set image.repository=external-secrets \
38+
--set image.tag=test \
39+
--set env.LOG_LEVEL=debug \
40+
--set env.LOCALSTACK=true \
41+
--set env.LOCALSTACK_SSM_URL=http://ssm \
42+
--set env.LOCALSTACK_SM_URL=http://secretsmanager \
43+
--set env.AWS_ACCESS_KEY_ID=foobar \
44+
--set env.AWS_SECRET_ACCESS_KEY=foobar \
45+
--set env.AWS_DEFAULT_REGION=us-east-1 \
46+
--set env.AWS_REGION=us-east-1 \
47+
--set env.POLLER_INTERVAL_MILLISECONDS=1000 \
48+
--set env.LOCALSTACK_STS_URL=http://sts | kubectl apply -f -
49+
50+
# prep e2e test
51+
kubectl create serviceaccount external-secrets-e2e || true
52+
kubectl create clusterrolebinding permissive-binding \
53+
--clusterrole=cluster-admin \
54+
--user=admin \
55+
--user=kubelet \
56+
--serviceaccount=default:external-secrets-e2e || true
57+
58+
# make sure that everything is running
59+
kubectl rollout status deploy/localstack
60+
kubectl rollout status deploy/release-name-kubernetes-external-secrets
61+
```
62+
63+
2. build image & deploy to start the e2e test
64+
65+
```
66+
docker build -t external-secrets-e2e:test -f Dockerfile ../
67+
kind load docker-image --name="es-dev-cluster" external-secrets-e2e:test
68+
kubectl run \
69+
--rm \
70+
--attach \
71+
--restart=Never \
72+
--env="LOCALSTACK=true" \
73+
--env="LOCALSTACK_SSM_URL=http://ssm" \
74+
--env="LOCALSTACK_SM_URL=http://secretsmanager" \
75+
--env="AWS_ACCESS_KEY_ID=foobar" \
76+
--env="AWS_SECRET_ACCESS_KEY=foobar" \
77+
--env="AWS_DEFAULT_REGION=us-east-1" \
78+
--env="AWS_REGION=us-east-1" \
79+
--env="LOCALSTACK_STS_URL=http://sts" \
80+
--generator=run-pod/v1 \
81+
--overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "external-secrets-e2e"}}' \
82+
e2e --image=external-secrets-e2e:test
83+
``

e2e/kind.yaml

+18
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
kind: Cluster
2+
apiVersion: kind.sigs.k8s.io/v1alpha3
3+
networking:
4+
apiServerPort: 6443
5+
kubeadmConfigPatches:
6+
- |
7+
apiVersion: kubelet.config.k8s.io/v1beta1
8+
kind: KubeletConfiguration
9+
metadata:
10+
name: config
11+
# this is only relevant for btrfs uses
12+
# https://github.com/kubernetes/kubernetes/issues/80633#issuecomment-550994513
13+
featureGates:
14+
LocalStorageCapacityIsolation: false
15+
nodes:
16+
- role: control-plane
17+
- role: worker
18+
- role: worker

e2e/localstack.deployment.yaml

+101
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
apiVersion: apps/v1
2+
kind: Deployment
3+
metadata:
4+
name: localstack
5+
spec:
6+
selector:
7+
matchLabels:
8+
app: localstack
9+
replicas: 1
10+
template:
11+
metadata:
12+
labels:
13+
app: localstack
14+
spec:
15+
containers:
16+
- name: localstack
17+
image: localstack/localstack:0.10.5
18+
resources:
19+
limits:
20+
cpu: 300m
21+
memory: 500Mi
22+
livenessProbe:
23+
tcpSocket:
24+
port: 4100
25+
initialDelaySeconds: 30
26+
periodSeconds: 15
27+
readinessProbe:
28+
tcpSocket:
29+
port: 4100
30+
initialDelaySeconds: 30
31+
periodSeconds: 15
32+
ports:
33+
- containerPort: 4100
34+
name: ssm
35+
- containerPort: 4101
36+
name: secretsmanager
37+
- containerPort: 4102
38+
name: sts
39+
- containerPort: 32000
40+
name: ui
41+
env:
42+
- name: SERVICES
43+
value: "ssm:4100,secretsmanager:4101,sts:4102"
44+
- name: PORT_WEB_UI
45+
value: "32000"
46+
---
47+
apiVersion: v1
48+
kind: Service
49+
metadata:
50+
name: ssm
51+
spec:
52+
# selector tells Kubernetes what Deployment this Service
53+
# belongs to
54+
selector:
55+
app: localstack
56+
ports:
57+
- port: 80
58+
targetPort: ssm
59+
---
60+
apiVersion: v1
61+
kind: Service
62+
metadata:
63+
name: secretsmanager
64+
spec:
65+
# selector tells Kubernetes what Deployment this Service
66+
# belongs to
67+
selector:
68+
app: localstack
69+
ports:
70+
- port: 80
71+
targetPort: secretsmanager
72+
---
73+
apiVersion: v1
74+
kind: Service
75+
metadata:
76+
name: sts
77+
spec:
78+
# selector tells Kubernetes what Deployment this Service
79+
# belongs to
80+
selector:
81+
app: localstack
82+
ports:
83+
- port: 80
84+
targetPort: sts
85+
---
86+
apiVersion: v1
87+
kind: Service
88+
metadata:
89+
name: localstack
90+
spec:
91+
# selector tells Kubernetes what Deployment this Service
92+
# belongs to
93+
type: NodePort
94+
selector:
95+
app: localstack
96+
ports:
97+
- nodePort: 32000
98+
port: 80
99+
targetPort: ui
100+
101+
---

0 commit comments

Comments
 (0)