From 7c7a4699bc5c8b2c6eef4e43c08434b9de1eb021 Mon Sep 17 00:00:00 2001 From: katexochen <49727155+katexochen@users.noreply.github.com> Date: Tue, 30 Aug 2022 13:42:14 +0200 Subject: [PATCH] Azure e2e tests with manual creds --- .github/actions/constellation_create/action.yml | 8 +++++++- .github/actions/e2e_test/action.yml | 4 ++++ .github/workflows/e2e-test-azure-weekly.yml | 1 + .github/workflows/e2e-test-azure.yml | 2 ++ .github/workflows/e2e-test-manual.yml | 1 + 5 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index d3fe430e7..09917ee70 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -29,6 +29,9 @@ inputs: kubernetesVersion: description: "Kubernetes version to create the cluster from." required: false + azureClientSecret: + description: "The client secret value of the used secret" + required: false runs: using: "composite" steps: @@ -53,7 +56,10 @@ runs: "(.provider | select(. | has(\"azure\")).azure.subscription) = \"0d202bbb-4fa7-4af8-8125-58c269a05435\" | (.provider | select(. | has(\"azure\")).azure.tenant) = \"adb650a8-5da3-4b15-b4b0-3daf65ff7626\" | (.provider | select(. | has(\"azure\")).azure.location) = \"West US\" | - (.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-dev-identity\" | + (.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/e2e-test-creds/providers/Microsoft.ManagedIdentity/userAssignedIdentities/e2e-test-user-assigned-id\" | + (.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"e2e-test\" | + (.provider | select(. | has(\"azure\")).azure.appClientID) = \"b657a00e-813a-4dc7-9b09-fa498a254d71\" | + (.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" | (.provider | select(. | has(\"azure\")).azure.enforcedMeasurements) = [11,12]" \ constellation-conf.yaml yq eval -i \ diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index 12e0b50c6..b59f69a20 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -63,6 +63,9 @@ inputs: awsBucketName: description: "AWS S3 bucket name to upload measurements." required: false + azureClientSecret: + description: "The client secret value of the used secret" + required: false runs: using: "composite" @@ -101,6 +104,7 @@ runs: coreosImage: ${{ inputs.coreosImage }} isDebugImage: ${{ inputs.isDebugImage }} kubernetesVersion: ${{ inputs.kubernetesVersion }} + azureClientSecret: ${{ inputs.azureClientSecret }} - name: Measure cluster uses: ./.github/actions/constellation_measure with: diff --git a/.github/workflows/e2e-test-azure-weekly.yml b/.github/workflows/e2e-test-azure-weekly.yml index 30f92f685..dc0e4905c 100644 --- a/.github/workflows/e2e-test-azure-weekly.yml +++ b/.github/workflows/e2e-test-azure-weekly.yml @@ -30,4 +30,5 @@ jobs: azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' kubernetesVersion: ${{ matrix.version }} + azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }} msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/.github/workflows/e2e-test-azure.yml b/.github/workflows/e2e-test-azure.yml index aa329e2a3..4700f36ff 100644 --- a/.github/workflows/e2e-test-azure.yml +++ b/.github/workflows/e2e-test-azure.yml @@ -23,6 +23,7 @@ jobs: cloudProvider: "azure" machineType: "Standard_DC4as_v5" azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} + azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }} # TODO: Remove E2E_SKIP once AB#2174 is resolved sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} @@ -55,6 +56,7 @@ jobs: cloudProvider: "azure" machineType: "Standard_DC4as_v5" azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} + azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }} sonobuoyTestSuiteCmd: "--mode quick" kubernetesVersion: ${{ matrix.version }} msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/.github/workflows/e2e-test-manual.yml b/.github/workflows/e2e-test-manual.yml index 44243945b..9dd42e165 100644 --- a/.github/workflows/e2e-test-manual.yml +++ b/.github/workflows/e2e-test-manual.yml @@ -69,6 +69,7 @@ jobs: azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} sonobuoyTestSuiteCmd: ${{ github.event.inputs.sonobuoyTestSuiteCmd }} kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }} + azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }} msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} coreosImage: ${{ github.event.inputs.coreosImage }} isDebugImage: ${{ github.event.inputs.isDebugImage }}