feat: implement basic e2e tests (#207)

external-secrets · Nov 14, 2019 · dfa210b · dfa210b
1 parent 5527530
commit dfa210b
Show file tree

Hide file tree

Showing 14 changed files with 794 additions and 8 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,5 +1,7 @@
 sudo: false
 language: node_js
+services:
+- docker
 matrix:
   fast_finish: true
   include:
@@ -9,6 +11,13 @@ before_install:
 # package-lock.json was introduced in npm@5
 - '[[ $(node -v) =~ ^v9.*$ ]] || npm install -g npm@latest' # skipped when using node 9
 - npm install -g greenkeeper-lockfile
+# kubectl, kind, helm
+- curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/
+- curl -Lo kind https://github.com/kubernetes-sigs/kind/releases/download/v0.5.1/kind-linux-amd64 && chmod +x kind && sudo mv kind /usr/local/bin/
+- curl -Lo helm.tgz https://get.helm.sh/helm-v2.16.0-linux-amd64.tar.gz && tar -zxvf helm.tgz && sudo mv linux-amd64/helm /usr/local/bin/helm
 before_script: greenkeeper-lockfile-update
 after_script: greenkeeper-lockfile-upload
 install: npm install
+script:
+- npm test
+- npm run test-e2e
diff --git a/config/aws-config.js b/config/aws-config.js
@@ -2,23 +2,40 @@
 
 /* eslint-disable no-process-env */
 const AWS = require('aws-sdk')
+const clonedeep = require('lodash.clonedeep')
+const merge = require('lodash.merge')
 
 const localstack = process.env.LOCALSTACK || 0
 
-const secretsManagerConfig = localstack ? { endpoint: 'http://localhost:4584', region: 'us-west-2' } : {}
-const systemManagerConfig = localstack ? { endpoint: 'http://localhost:4583', region: 'us-west-2' } : {}
-const stsConfig = localstack ? { endpoint: 'http://localhost:4592', region: 'us-west-2' } : {}
+let secretsManagerConfig = {}
+let systemManagerConfig = {}
+let stsConfig = {}
+
+if (localstack) {
+  secretsManagerConfig = {
+    endpoint: process.env.LOCALSTACK_SM_URL || 'http://localhost:4584',
+    region: process.env.AWS_REGION || 'us-west-2'
+  }
+  systemManagerConfig = {
+    endpoint: process.env.LOCALSTACK_SSM_URL || 'http://localhost:4583',
+    region: process.env.AWS_REGION || 'us-west-2'
+  }
+  stsConfig = {
+    endpoint: process.env.LOCALSTACK_STS_URL || 'http://localhost:4592',
+    region: process.env.AWS_REGION || 'us-west-2'
+  }
+}
 
 module.exports = {
-  secretsManagerFactory: (opts) => {
+  secretsManagerFactory: (opts = {}) => {
     if (localstack) {
-      opts = secretsManagerConfig
+      opts = merge(clonedeep(opts), secretsManagerConfig)
     }
     return new AWS.SecretsManager(opts)
   },
-  systemManagerFactory: (opts) => {
+  systemManagerFactory: (opts = {}) => {
     if (localstack) {
-      opts = systemManagerConfig
+      opts = merge(clonedeep(opts), systemManagerConfig)
     }
     return new AWS.SSM(opts)
   },

diff --git a/config/index.js b/config/index.js
@@ -49,6 +49,7 @@ const systemManagerBackend = new SystemManagerBackend({
 const vaultClient = vault({ apiVersion: 'v1', endpoint: envConfig.vaultEndpoint })
 const vaultBackend = new VaultBackend({ client: vaultClient, logger })
 const backends = {
+  // when adding a new backend, make sure to change the CRD property too
   secretsManager: secretsManagerBackend,
   systemManager: systemManagerBackend,
   vault: vaultBackend
@@ -58,6 +59,7 @@ const backends = {
 backends.secretManager = secretsManagerBackend
 
 module.exports = {
+  awsConfig,
   backends,
   customResourceManager,
   customResourceManifest,

diff --git a/e2e/Dockerfile b/e2e/Dockerfile
@@ -0,0 +1,14 @@
+FROM node:12.13.0-alpine
+
+RUN npm install [email protected] -g
+
+# Setup source directory
+RUN mkdir /app
+WORKDIR /app
+COPY package.json package-lock.json /app/
+RUN npm install
+
+# Copy app to source directory
+COPY . /app
+
+CMD ["/app/node_modules/.bin/mocha", "--timeout", "10000", "/app/e2e/tests/*.test.js"]
diff --git a/e2e/README.md b/e2e/README.md
@@ -0,0 +1,83 @@
+# e2e tests
+
+## Running e2e tests
+
+Prerequisites:
+* docker
+* kind
+* helm
+* kubectl
+
+Run them from the root of the repository `npm run test-e2e`.
+
+
+## Developing e2e tests
+
+To better understand how they are being run take a look at `run-e2e-suite.sh`.
+
+1. Prepare the environment
+
+```
+kind create cluster \
+  --name es-dev-cluster \
+  --config ./kind.yaml \
+  --image "kindest/node:v1.15.3"
+
+export KUBECONFIG="$(kind get kubeconfig-path --name="es-dev-cluster")"
+
+# build & load images
+docker build -t external-secrets:test -f ../Dockerfile ../
+kind load docker-image --name="es-dev-cluster" external-secrets:test
+
+# prep localstack
+kubectl apply -f ./localstack.deployment.yaml
+
+# deploy external secrets
+helm template ../charts/kubernetes-external-secrets \
+  --set image.repository=external-secrets \
+  --set image.tag=test \
+  --set env.LOG_LEVEL=debug \
+  --set env.LOCALSTACK=true \
+  --set env.LOCALSTACK_SSM_URL=http://ssm \
+  --set env.LOCALSTACK_SM_URL=http://secretsmanager \
+  --set env.AWS_ACCESS_KEY_ID=foobar \
+  --set env.AWS_SECRET_ACCESS_KEY=foobar \
+  --set env.AWS_DEFAULT_REGION=us-east-1 \
+  --set env.AWS_REGION=us-east-1 \
+  --set env.POLLER_INTERVAL_MILLISECONDS=1000 \
+  --set env.LOCALSTACK_STS_URL=http://sts | kubectl apply -f -
+
+# prep e2e test
+kubectl create serviceaccount external-secrets-e2e || true
+kubectl create clusterrolebinding permissive-binding \
+  --clusterrole=cluster-admin \
+  --user=admin \
+  --user=kubelet \
+  --serviceaccount=default:external-secrets-e2e || true
+
+# make sure that everything is running
+kubectl rollout status deploy/localstack
+kubectl rollout status deploy/release-name-kubernetes-external-secrets
+```
+
+2. build image & deploy to start the e2e test
+
+```
+docker build -t external-secrets-e2e:test -f Dockerfile ../
+kind load docker-image --name="es-dev-cluster" external-secrets-e2e:test
+kubectl run \
+  --rm \
+  --attach \
+  --restart=Never \
+  --env="LOCALSTACK=true" \
+  --env="LOCALSTACK_SSM_URL=http://ssm" \
+  --env="LOCALSTACK_SM_URL=http://secretsmanager" \
+  --env="AWS_ACCESS_KEY_ID=foobar" \
+  --env="AWS_SECRET_ACCESS_KEY=foobar" \
+  --env="AWS_DEFAULT_REGION=us-east-1" \
+  --env="AWS_REGION=us-east-1" \
+  --env="LOCALSTACK_STS_URL=http://sts" \
+  --generator=run-pod/v1 \
+  --overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "external-secrets-e2e"}}' \
+  e2e --image=external-secrets-e2e:test
+``
diff --git a/e2e/kind.yaml b/e2e/kind.yaml
@@ -0,0 +1,18 @@
+kind: Cluster
+apiVersion: kind.sigs.k8s.io/v1alpha3
+networking:
+  apiServerPort: 6443
+kubeadmConfigPatches:
+- |
+  apiVersion: kubelet.config.k8s.io/v1beta1
+  kind: KubeletConfiguration
+  metadata:
+    name: config
+  # this is only relevant for btrfs uses
+  # https://github.com/kubernetes/kubernetes/issues/80633#issuecomment-550994513
+  featureGates:
+    LocalStorageCapacityIsolation: false
+nodes:
+- role: control-plane
+- role: worker
+- role: worker
diff --git a/e2e/localstack.deployment.yaml b/e2e/localstack.deployment.yaml
@@ -0,0 +1,101 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: localstack
+spec:
+  selector:
+    matchLabels:
+      app: localstack
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: localstack
+    spec:
+      containers:
+      - name: localstack
+        image: localstack/localstack:0.10.5
+        resources:
+          limits:
+            cpu: 300m
+            memory: 500Mi
+        livenessProbe:
+          tcpSocket:
+            port: 4100
+          initialDelaySeconds: 30
+          periodSeconds: 15
+        readinessProbe:
+          tcpSocket:
+            port: 4100
+          initialDelaySeconds: 30
+          periodSeconds: 15
+        ports:
+        - containerPort: 4100
+          name: ssm
+        - containerPort: 4101
+          name: secretsmanager
+        - containerPort: 4102
+          name: sts
+        - containerPort: 32000
+          name: ui
+        env:
+          - name: SERVICES
+            value: "ssm:4100,secretsmanager:4101,sts:4102"
+          - name: PORT_WEB_UI
+            value: "32000"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ssm
+spec:
+  # selector tells Kubernetes what Deployment this Service
+  # belongs to
+  selector:
+    app: localstack
+  ports:
+  - port: 80
+    targetPort: ssm
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: secretsmanager
+spec:
+  # selector tells Kubernetes what Deployment this Service
+  # belongs to
+  selector:
+    app: localstack
+  ports:
+  - port: 80
+    targetPort: secretsmanager
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sts
+spec:
+  # selector tells Kubernetes what Deployment this Service
+  # belongs to
+  selector:
+    app: localstack
+  ports:
+  - port: 80
+    targetPort: sts
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: localstack
+spec:
+  # selector tells Kubernetes what Deployment this Service
+  # belongs to
+  type: NodePort
+  selector:
+    app: localstack
+  ports:
+  - nodePort: 32000
+    port: 80
+    targetPort: ui
+
+---