-
Notifications
You must be signed in to change notification settings - Fork 1.1k
e2e: generate SSH secret per test case #2560
Conversation
The issue with the setup before this commit surfaced while adding a new test suite for GPG functionalities. Due to `fluxctl install` creating a boilerplate secret with the same name as the secret generated by `run.bash`, it was removed during the teardown of the test suite which tests the command, as this simply `kubectl delete -f -`s the output of `fluxctl install`. This caused my own tests to never get past the point of booting a new git server instance, as the secret it was trying to mount was no longer present. This commit adds two helper methods to `lib/install.bash`, `generate_ssh_secret` and `delete_generated_ssh_secret` which should be run during the setup and teardown of tests which require an SSH key (and `known_hosts`) file to be present. Both functions accept a parameter to control what the secret should be named, which falls back to `flux-git-deploy`. This same behaviour has been introduced to `install_git_srv`.
kubectl apply -n "${FLUX_NAMESPACE}" -f "${E2E_DIR}/fixtures/gitsrv.yaml" | ||
local secret_name=${1:-flux-git-deploy} | ||
|
||
sed "s/\$GIT_SECRET_NAME/$secret_name/" <"${E2E_DIR}/fixtures/gitsrv.yaml" | kubectl apply -n "${FLUX_NAMESPACE}" -f - |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it's cleaner to use envsubst
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, do we need it to make the name configurable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For envsubst
the variable needs to be set as an environment variable.
I made the name configurable so that we are able to bootstrap the secret for any kind of setup that we may need in a test case, and to be able to create e.g. different secrets for the Helm operator and the Flux daemon.
@2opremio as you are sick and should rest, I am giving Stefan the honour of reviewing this as it is blocking for the next PR I have lined up to take care of the environment variables. In case you see anything that should be fixed or aligned, please comment and I will fix it post-merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks Stefan!! |
The issue with the setup before this commit surfaced while adding a
new test suite for GPG functionalities.
Due to
fluxctl install
creating a boilerplate secret with the samename as the secret generated by
run.bash
, it was removed during theteardown of the test suite which tests the command, as this simply
kubectl delete -f -
s the output offluxctl install
.This caused my own tests to never get past the point of booting a
new git server instance, as the secret it was trying to mount was
no longer present.
This commit adds two helper methods to
lib/install.bash
,generate_ssh_secret
anddelete_generated_ssh_secret
which shouldbe run during the setup and teardown of tests which require an SSH
key (and
known_hosts
) file to be present. Both functions accepta parameter to control what the secret should be named, which falls
back to
flux-git-deploy
. This same behaviour has been introducedto
install_git_srv
.