Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

E2E Workflow scripts test against Enterprise follower outside K8s #362

Merged
merged 7 commits into from
Aug 5, 2021
Merged

E2E Workflow scripts test against Enterprise follower outside K8s #362

merged 7 commits into from
Aug 5, 2021

Conversation

john-odonnell
Copy link
Contributor

@john-odonnell john-odonnell commented Aug 2, 2021
edited
Loading

What does this PR do?

E2E workflow scripts test against Conjur Enterprise deployed in Jenkins with conjur-intro, with a test app deployed to GKE.
Installs Cluster prep and Namespace prep Helm charts to the same K8s namespace.

This PR is dependent on a conjur-intro PR branch which allows:

  • custom ports for Conjur leader and follower
  • accepts CONJUR_AUTHENTICATORS envvar to whitelist authenticators in Conjur

What ticket does this PR close?

Resolves #244

Checklists

Change log

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code changes, or
  • The changes in this PR do not require tests

Documentation

  • Docs (e.g. READMEs) were updated in this PR, and/or there is a follow-on issue to update docs, or
  • This PR does not require updating any documentation

Manual tests

If you are preparing for a release, have you run the following manual tests to verify existing functionality continues to function as expected?

@john-odonnell john-odonnell force-pushed the e2e-follower-out-k8s branch 6 times, most recently from bbd387b to 6ee79af Compare August 2, 2021 18:20
@john-odonnell john-odonnell mentioned this pull request Aug 2, 2021
Closed
@john-odonnell john-odonnell marked this pull request as ready for review August 2, 2021 18:35
@john-odonnell john-odonnell requested review from a team as code owners August 2, 2021 18:35
diverdane
diverdane reviewed Aug 3, 2021
View reviewed changes
Copy link
Contributor

@diverdane diverdane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fantastic!!! This had to be a tough nut to crack.
Just a few minor suggestions.

bin/test-workflow/0_prep_env.sh Outdated Show resolved Hide resolved
bin/test-workflow/0_prep_env.sh Outdated Show resolved Hide resolved
bin/test-workflow/1_deploy_conjur.sh Show resolved Hide resolved
bin/test-workflow/1_deploy_conjur.sh Outdated Show resolved Hide resolved
bin/test-workflow/1_deploy_conjur.sh Outdated Show resolved Hide resolved
bin/test-workflow/2_admin_load_conjur_policies.sh Outdated Show resolved Hide resolved
bin/test-workflow/1_deploy_conjur.sh Outdated Show resolved Hide resolved
bin/test-workflow/4_admin_cluster_prep.sh Outdated
elif [[ "$CONJUR_PLATFORM" == "jenkins" ]]; then
get_cert_options="-v -s -u"
service_account_options=""
target_namespace="$TEST_APP_NAMESPACE_NAME"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's probably more representative to use a Namespace other than the TEST_APP_NAMESPACE_NAME Namespace to install the cluster prep. I don't know if it would be too confusing to use CONJUR_NAMESPACE_NAME in this case to mean the Namespace to which you're installing the cluster prep Helm chart? I know the Namespace isn't used for a Conjur leader/follower, but it would be used for Conjur authentication. If that isn't too confusing, it would contract/simplify some of the code below.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok - I'll install the cluster prep into CONJUR_NAMESPACE_NAME, but I'll give it a more specific name in this case, maybe conjur-authentication-$UNIQUE_TEST_ID.

@john-odonnell john-odonnell force-pushed the e2e-follower-out-k8s branch 3 times, most recently from 4e20857 to 55f65c0 Compare August 4, 2021 14:44
@john-odonnell
Copy link
Contributor Author

@diverdane Updated and rebased! Should be ready for another look

diverdane
diverdane approved these changes Aug 5, 2021
View reviewed changes
Copy link
Contributor

@diverdane diverdane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome sauce!!!
LGTM!!!
Ship it.

@john-odonnell john-odonnell merged commit e058c1c into master Aug 5, 2021
@john-odonnell john-odonnell deleted the e2e-follower-out-k8s branch August 5, 2021 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diverdane diverdane diverdane approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

There are end-to-end tests for Kubernetes sidecars with Conjur Enterprise and follower outside Kubernetes
2 participants
@john-odonnell @diverdane