Azure e2e tests with manual creds

2024-10-01 01:36:09 -04:00 · 2022-08-30 13:42:14 +02:00 · 2022-08-30 13:42:14 +02:00 · 7c7a4699bc
commit 7c7a4699bc
parent 7d402f4e79
5 changed files with 15 additions and 1 deletions
--- a/.github/actions/constellation_create/action.yml
+++ b/.github/actions/constellation_create/action.yml
@ -29,6 +29,9 @@ inputs:
  kubernetesVersion:
    description: "Kubernetes version to create the cluster from."
    required: false
+  azureClientSecret:
+    description: "The client secret value of the used secret"
+    required: false
 runs:
  using: "composite"
  steps:
@ -53,7 +56,10 @@ runs:
          "(.provider | select(. | has(\"azure\")).azure.subscription) = \"0d202bbb-4fa7-4af8-8125-58c269a05435\" |
            (.provider | select(. | has(\"azure\")).azure.tenant) = \"adb650a8-5da3-4b15-b4b0-3daf65ff7626\" |
            (.provider | select(. | has(\"azure\")).azure.location) = \"West US\" |
-            (.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-dev-identity\" |
+            (.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/e2e-test-creds/providers/Microsoft.ManagedIdentity/userAssignedIdentities/e2e-test-user-assigned-id\" |
+            (.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"e2e-test\" |
+            (.provider | select(. | has(\"azure\")).azure.appClientID) = \"b657a00e-813a-4dc7-9b09-fa498a254d71\" |
+            (.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" |
            (.provider | select(. | has(\"azure\")).azure.enforcedMeasurements) = [11,12]" \
          constellation-conf.yaml
        yq eval -i \
--- a/.github/actions/e2e_test/action.yml
+++ b/.github/actions/e2e_test/action.yml
@ -63,6 +63,9 @@ inputs:
  awsBucketName:
    description: "AWS S3 bucket name to upload measurements."
    required: false
+  azureClientSecret:
+    description: "The client secret value of the used secret"
+    required: false

 runs:
  using: "composite"
@ -101,6 +104,7 @@ runs:
        coreosImage: ${{ inputs.coreosImage }}
        isDebugImage: ${{ inputs.isDebugImage }}
        kubernetesVersion: ${{ inputs.kubernetesVersion }}
+        azureClientSecret: ${{ inputs.azureClientSecret }}
    - name: Measure cluster
      uses: ./.github/actions/constellation_measure
      with:
--- a/.github/workflows/e2e-test-azure-weekly.yml
+++ b/.github/workflows/e2e-test-azure-weekly.yml
@ -30,4 +30,5 @@ jobs:
          azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
          sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
          kubernetesVersion: ${{ matrix.version }}
+          azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}
          msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
--- a/.github/workflows/e2e-test-azure.yml
+++ b/.github/workflows/e2e-test-azure.yml
@ -23,6 +23,7 @@ jobs:
          cloudProvider: "azure"
          machineType: "Standard_DC4as_v5"
          azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
+          azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}
          # TODO: Remove E2E_SKIP once AB#2174 is resolved
          sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
          msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
@ -55,6 +56,7 @@ jobs:
          cloudProvider: "azure"
          machineType: "Standard_DC4as_v5"
          azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
+          azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}
          sonobuoyTestSuiteCmd: "--mode quick"
          kubernetesVersion: ${{ matrix.version }}
          msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
--- a/.github/workflows/e2e-test-manual.yml
+++ b/.github/workflows/e2e-test-manual.yml
@ -69,6 +69,7 @@ jobs:
          azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
          sonobuoyTestSuiteCmd: ${{ github.event.inputs.sonobuoyTestSuiteCmd }}
          kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
+          azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}
          msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
          coreosImage: ${{ github.event.inputs.coreosImage }}
          isDebugImage: ${{ github.event.inputs.isDebugImage }}