From 87e68961dda714fba286075d38f4710570b7b8ee Mon Sep 17 00:00:00 2001 From: Nils Hanke Date: Mon, 29 Aug 2022 08:55:36 +0200 Subject: [PATCH] Add GCP ServiceAccount to E2E test --- .github/actions/constellation_create/action.yml | 11 +++++++++++ .github/actions/e2e_test/action.yml | 4 ++++ .github/workflows/e2e-test-gcp-weekly.yml | 1 + .github/workflows/e2e-test-gcp.yml | 2 ++ .github/workflows/e2e-test-manual.yml | 1 + 5 files changed, 19 insertions(+) diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index e0746655d..3bd27c00e 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -14,6 +14,9 @@ inputs: cloudProvider: description: "Either 'gcp' or 'azure'." required: true + gcpClusterServiceAccountKey: + description: "Service account to use inside the created Constellation cluster on GCP." + required: false machineType: description: "Machine type of VM to spawn." required: true @@ -125,6 +128,14 @@ runs: shell: bash if: ${{ inputs.isDebugImage == 'true' }} + - name: Create serviceAccountKey.json + if: ${{ inputs.cloudProvider == 'gcp' }} + shell: bash + run: | + echo "$GCP_CLUSTER_SERVICE_ACCOUNT_KEY" > serviceAccountKey.json + env: + GCP_CLUSTER_SERVICE_ACCOUNT_KEY: ${{ inputs.gcpClusterServiceAccountKey }} + - name: Constellation init run: | if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index e0a769d5a..12e0b50c6 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -27,6 +27,9 @@ inputs: gcp_service_account_json: description: "Service account with permissions to create Constellation on GCP." required: false + gcpClusterServiceAccountKey: + description: "Service account to use inside the created Constellation cluster on GCP." + required: false azure_credentials: description: "Credentials authorized to create Constellation on Azure." required: false @@ -90,6 +93,7 @@ runs: uses: ./.github/actions/constellation_create with: cloudProvider: ${{ inputs.cloudProvider }} + gcpClusterServiceAccountKey: ${{ inputs.gcpClusterServiceAccountKey }} autoscale: ${{ inputs.autoscale }} workerNodesCount: ${{ inputs.workerNodesCount }} controlNodesCount: ${{ inputs.controlNodesCount }} diff --git a/.github/workflows/e2e-test-gcp-weekly.yml b/.github/workflows/e2e-test-gcp-weekly.yml index ddf2dd4c6..800da9542 100644 --- a/.github/workflows/e2e-test-gcp-weekly.yml +++ b/.github/workflows/e2e-test-gcp-weekly.yml @@ -28,6 +28,7 @@ jobs: cloudProvider: "gcp" machineType: "n2d-standard-2" gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} + gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' kubernetesVersion: ${{ matrix.version }} msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/.github/workflows/e2e-test-gcp.yml b/.github/workflows/e2e-test-gcp.yml index 1597a5368..dafd57243 100644 --- a/.github/workflows/e2e-test-gcp.yml +++ b/.github/workflows/e2e-test-gcp.yml @@ -23,6 +23,7 @@ jobs: cloudProvider: "gcp" machineType: "n2d-standard-2" gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} + gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} # TODO: Remove E2E_SKIP once AB#2174 is resolved sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} @@ -55,6 +56,7 @@ jobs: cloudProvider: "gcp" machineType: "n2d-standard-2" gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} + gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} sonobuoyTestSuiteCmd: "--mode quick" kubernetesVersion: ${{ matrix.version }} msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/.github/workflows/e2e-test-manual.yml b/.github/workflows/e2e-test-manual.yml index 7d12665e8..00794caf9 100644 --- a/.github/workflows/e2e-test-manual.yml +++ b/.github/workflows/e2e-test-manual.yml @@ -65,6 +65,7 @@ jobs: cloudProvider: ${{ github.event.inputs.cloudProvider }} machineType: ${{ github.event.inputs.machineType }} gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} + gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} sonobuoyTestSuiteCmd: ${{ github.event.inputs.sonobuoyTestSuiteCmd }} kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}