mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-11-13 00:50:38 -05:00
s3proxy: initial e2e tests and workflows
This commit is contained in:
Otto Bittner
parent
76d7d30245
commit
a19227cac9
9 changed files with 302 additions and 30 deletions
47
s3proxy/e2e/clear.sh
Executable file
47
s3proxy/e2e/clear.sh
Executable file
|
|
@ -0,0 +1,47 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# This script can be used to remove buckets from S3.
|
||||
# It will empty the buckets and eventually remove them.
|
||||
# It is expected that the script throws some errors. E.g. "Bucket is missing Object Lock Configuration" or "Invalid type for parameter Delete.Objects, value: None [..]"
|
||||
# These can be ignored. The first error is thrown if the bucket does not have object lock enabled. The second error is thrown if the bucket is already empty.
|
||||
# In both cases the bucket is empty and can be removed.
|
||||
|
||||
# Usage: ./clear.sh <prefix>
|
||||
# The prefix is necessary, as otherwise all buckets are removed.
|
||||
|
||||
readonly prefix=$1
|
||||
|
||||
if [ -z "$prefix" ]; then
|
||||
echo "Usage: $0 <prefix>"
|
||||
echo "WARNING: If you don't provide a prefix, all buckets are destroyed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
restore_aws_page="$AWS_PAGER"
|
||||
export AWS_PAGER=""
|
||||
|
||||
function empty_bucket() {
|
||||
# List all object versions in the bucket
|
||||
versions=$(aws s3api list-object-versions --bucket "$1" --output=json --query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}')
|
||||
|
||||
# Remove all legal holds
|
||||
for version in $versions; do
|
||||
key=$(echo "$version" | jq '.Objects[0].Key' | tr -d '"')
|
||||
aws s3api put-object-legal-hold --bucket "$1" --key "$key" --legal-hold Status=OFF
|
||||
done
|
||||
# Delete all object versions
|
||||
aws s3api delete-objects --bucket "$1" --delete "$versions" || true
|
||||
|
||||
# List all delete markers in the bucket
|
||||
markers=$(aws s3api list-object-versions --bucket "$1" --output=json --query='{Objects: DeleteMarkers[].{Key:Key,VersionId:VersionId}}')
|
||||
|
||||
# Remove all delete markers
|
||||
aws s3api delete-objects --bucket "$1" --delete "$markers" || true
|
||||
}
|
||||
|
||||
for i in $(aws s3api list-buckets --query "Buckets[?starts_with(Name, '${prefix}')].Name" --output text); do
|
||||
empty_bucket "$i"
|
||||
aws s3 rb s3://"$i"
|
||||
done
|
||||
|
||||
export AWS_PAGER="$restore_aws_page"
|
||||
110
s3proxy/e2e/deploy.sh
Executable file
110
s3proxy/e2e/deploy.sh
Executable file
|
|
@ -0,0 +1,110 @@
|
|||
#!/bin/bash
|
||||
|
||||
function terminate_mint() {
|
||||
# shellcheck disable=SC2317
|
||||
kubectl logs job/mint-deploy
|
||||
# shellcheck disable=SC2317
|
||||
kubectl delete job mint-deploy
|
||||
}
|
||||
|
||||
if [[ ! $1 =~ ^ghcr.io/edgelesssys/mint:v.*$ ]]; then
|
||||
echo "Error: invalid tag, expected input to match pattern '^ghcr.io\/edgelesssys\/mint:v*$'"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z $KUBECONFIG ]]; then
|
||||
echo "Error: KUBECONFIG environment variable not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z $ACCESS_KEY ]]; then
|
||||
echo "Error: ACCESS_KEY environment variable not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z $SECRET_KEY ]]; then
|
||||
echo "Error: SECRET_KEY environment variable not set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Wait for the s3proxy service to be created. kubectl wait can not wait for resources to be created.
|
||||
start_time=$(date +%s)
|
||||
timeout=300
|
||||
while true; do
|
||||
if [[ -n "$(kubectl get svc -l app=s3proxy -o jsonpath='{.items[*]}')" ]]; then
|
||||
echo "Service with label app=s3proxy found"
|
||||
service_ip=$(kubectl get svc s3proxy-service -o=jsonpath='{.spec.clusterIP}')
|
||||
break
|
||||
else
|
||||
current_time=$(date +%s)
|
||||
elapsed_time=$((current_time - start_time))
|
||||
if [[ $elapsed_time -ge $timeout ]]; then
|
||||
echo "Timeout waiting for service with label app=s3proxy"
|
||||
exit 1
|
||||
else
|
||||
echo "Waiting for service with label app=s3proxy"
|
||||
sleep 5
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
kubectl delete job mint-deploy --ignore-not-found=true
|
||||
|
||||
cat << EOF | kubectl apply -f -
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: mint-deploy
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: mint-deploy
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
hostAliases:
|
||||
- ip: "$service_ip"
|
||||
hostnames:
|
||||
- "s3.eu-west-1.amazonaws.com"
|
||||
containers:
|
||||
- name: mint
|
||||
image: "$1"
|
||||
args:
|
||||
- "aws-sdk-go"
|
||||
- "versioning"
|
||||
volumeMounts:
|
||||
- name: ca-cert
|
||||
mountPath: /etc/ssl/certs/kube-ca.crt
|
||||
subPath: kube-ca.crt
|
||||
env:
|
||||
- name: SERVER_REGION
|
||||
value: eu-west-1
|
||||
- name: SERVER_ENDPOINT
|
||||
value: s3.eu-west-1.amazonaws.com:443
|
||||
- name: ENABLE_HTTPS
|
||||
value: "1"
|
||||
- name: AWS_CA_BUNDLE
|
||||
value: /etc/ssl/certs/kube-ca.crt
|
||||
- name: ACCESS_KEY
|
||||
value: "$ACCESS_KEY"
|
||||
- name: SECRET_KEY
|
||||
value: "$SECRET_KEY"
|
||||
volumes:
|
||||
- name: ca-cert
|
||||
secret:
|
||||
secretName: s3proxy-tls
|
||||
items:
|
||||
- key: ca.crt
|
||||
path: kube-ca.crt
|
||||
EOF
|
||||
|
||||
# Remove job before this script finishes.
|
||||
trap "terminate_mint" EXIT
|
||||
|
||||
# Tests have to complete within 10 minutes, otherwise they have failed.
|
||||
if kubectl wait --for=condition=complete job/mint-deploy --timeout=600s; then
|
||||
echo "Mint tests completed successfully"
|
||||
exit 0
|
||||
else
|
||||
echo "Mint tests failed"
|
||||
exit 1
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue