diff --git a/Makefile b/Makefile index cbfcf7cb8..ad0f7f99a 100644 --- a/Makefile +++ b/Makefile @@ -99,6 +99,10 @@ run: generate gen-semver fmt vet static-manifests ## Run a controller from your podman-build: gen-semver build-base-image ## Build podman image with the manager. podman build . -t ${DEFAULT_IMG} --build-arg BASEIMAGE=$(BASEIMAGE) --build-arg GOIMAGE=$(DEFAULT_GOIMAGE) +podman-push: podman-build ## Builds, tags and pushes docker image with the manager. + podman tag ${DEFAULT_IMG} ${IMG} + podman push ${IMG} + docker-build: gen-semver build-base-image ## Build docker image with the manager. docker build . -t ${DEFAULT_IMG} --build-arg BASEIMAGE=$(BASEIMAGE) --build-arg GOIMAGE=$(DEFAULT_GOIMAGE) diff --git a/deploy/crds/storage.dell.com.crds.all.yaml b/deploy/crds/storage.dell.com.crds.all.yaml index d300d56c5..69726d5e1 100644 --- a/deploy/crds/storage.dell.com.crds.all.yaml +++ b/deploy/crds/storage.dell.com.crds.all.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: apexconnectivityclients.storage.dell.com spec: group: storage.dell.com @@ -73,9 +73,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -85,6 +82,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -405,9 +405,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -417,6 +414,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -726,9 +726,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -738,6 +735,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -1063,7 +1063,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: containerstoragemodules.storage.dell.com spec: group: storage.dell.com @@ -1137,9 +1137,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -1149,6 +1146,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -1458,9 +1458,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -1470,6 +1467,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -1798,9 +1798,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -1810,6 +1807,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -2117,9 +2117,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -2129,6 +2126,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -2441,9 +2441,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -2453,6 +2450,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -2786,9 +2786,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -2798,6 +2795,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: @@ -3116,9 +3116,6 @@ spec: authorizationControllerReplicas: description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer - controllerReconcileInterval: - description: ControllerReconcileInterval is the interval which the reconcile of each controller is run. - type: string certificate: description: Certificate is a certificate used for a certificate/private-key pair type: string @@ -3128,6 +3125,9 @@ spec: commander: description: Commander is the image tag for the Container type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string credentials: description: ComponentCred is to store the velero credential contents items: diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/upgrade-path.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/upgrade-path.yaml new file mode 100644 index 000000000..9c28fced3 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v1.8.0 diff --git a/tests/README.md b/tests/README.md index 77d5cb0b7..aa4a19ad9 100644 --- a/tests/README.md +++ b/tests/README.md @@ -4,14 +4,18 @@ This directory contains the testing infrastructure and E2E test implementation f ## Table of Contents -* [Unit Tests](#unit-tests) -* [E2E Tests](#e2e-tests) - * [Prerequisites](#prerequisites) - * [Application Mobility Prerequisites](#application-mobility-prerequisites) - * [Run](#run) - * [Scenarios File](#scenarios-file) - * [Developing E2E Tests](#developing-e2e-tests) -* [Directory Layout](#directory-layout) +- [Testing for the CSM Operator](#testing-for-the-csm-operator) + - [Table of Contents](#table-of-contents) + - [Unit Tests](#unit-tests) + - [E2E Tests](#e2e-tests) + - [Prerequisites](#prerequisites) + - [Array Information](#array-information) + - [Application Mobility Prerequisites](#application-mobility-prerequisites) + - [Authorization Proxy Server Prerequisites](#authorization-proxy-server-prerequisites) + - [Run](#run) + - [Scenarios File](#scenarios-file) + - [Developing E2E Tests](#developing-e2e-tests) + - [Directory Layout](#directory-layout) ## Unit Tests @@ -61,6 +65,18 @@ If running the Application Mobility e2e tests, (the sanity suite includes a few - have the latest Application Mobility controller and plugin images The application-mobility repo has information on all of these pre-requisites up, including a script to install minio. +### Authorization Proxy Server Prerequisites + +If running the Authorization proxy server e2e tests, further setup must be done: + +- have a vault server running configured with the authorization namespace. This is documented in the CSM documentation. +- update V2 CRs with vault address. + +Notes: + - Authorization V1 scenarios support PowerFlex and PowerScale + - Authorization V2 scenarios only support PowerFlex + - Upgrade from Authorization V1 to V2 is not supported. Only V1 to other V1 versions is allowed. + ## Run The tests are run by the `run-e2e-test.sh` script in the `tests/e2e` directory. @@ -68,7 +84,7 @@ The tests are run by the `run-e2e-test.sh` script in the `tests/e2e` directory. - Ensure you meet all [prerequisites](https://github.com/dell/csm-operator/blob/main/tests/README.md#prerequisites). - Change to the `tests/e2e` directory. - Set your array information in the `array-info.sh` file. -- If you do not have `cert-csi`, `karavictl`, and (for app-mobility) `dellctl` accessible through your `PATH` variable, pass the path to each executable to the script, like so, `run-e2e-test.sh --cert-csi=/path/to/cert-csi --karavictl=/path/to/karavictl`, and they will be added to `/usr/local/bin` +- If you do not have `cert-csi`, `karavictl`, and (for app-mobility and authorization proxy server) `dellctl` accessible through your `PATH` variable, pass the path to each executable to the script, like so, `run-e2e-test.sh --cert-csi=/path/to/cert-csi --karavictl=/path/to/karavictl`, and they will be added to `/usr/local/bin` - Decide on the test suites you want to run, based on the changes made. Available test suites can be seen by running `run-e2e-test.sh -h` If multiple suites are specified, the union (not intersection) of those suites will be run. - Run the e2e tests by executing the `run-e2e-test.sh` script with desired options. Three examples are provided: @@ -135,6 +151,8 @@ Each test has: Most steps to cover common use cases already have their respective backend implementations. Sometimes we run into a situation where we may need to add a new step. For the sake of illustration, please follow the constraints and steps below to add a new test scenario called `"Install PowerHello Driver(With a module called World)"` to excerpt of yaml file shown above. +Note: Please be mindful when updating upgrade scenarios for Authorization Proxy Server. We do not support upgrade from V1 to V2 versions. + - Add the new test scenario to the existing values file ```yaml @@ -153,7 +171,7 @@ Most steps to cover common use cases already have their respective backend imple # name of custom test to run name: Cert CSI # Provide command-line argument to run. Ginkgo will run the command and return output - # The command should be accessible from e2e test repo. + # The command should be accessible from e2e test repo. # Example: # ./hello_world.sh # cert-csi test vio --sc --chainNumber 2 --chainLength 2 @@ -198,7 +216,7 @@ Most steps to cover common use cases already have their respective backend imple } /* - Takes four more arguments for each group as defined here "Validate it is [raining], [snowing], [sunny], and [pay-day]". + Takes four more arguments for each group as defined here "Validate it is [raining], [snowing], [sunny], and [pay-day]". Thus function wll be automatically called with: checkWeather(Resource{}, "raining", "snowing", "sunny", "pay-day") Please see "Validate [powerhello] driver is installed" step and the function signature that implemented it diff --git a/tests/e2e/array-info.sh b/tests/e2e/array-info.sh index 6e541655a..4f0a13f57 100755 --- a/tests/e2e/array-info.sh +++ b/tests/e2e/array-info.sh @@ -1,5 +1,5 @@ # Copyright © 2022-2024 Dell Inc. or its subsidiaries. All Rights Reserved. -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -10,21 +10,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +# Must specify and manually create driver namespace + # USER MODIFICATION REQUIRED: must supply address of Authorization Proxy Server # Since this e2e exposes the Proxy Server via NodePort, you can use a cluster node IP export PROXY_HOST="csm-authorization.com" - -# The following are Authorization Proxy Server specific: -# Must supply storage array details -# Storage type examples - powerscale, powerflex, powermax -export STORAGE_TYPE="powerscale" -export END_POINT="1.1.1.1:8080" -export SYSTEM_ID="Isilon-System-Name" -export STORAGE_USER="username" -export STORAGE_PASSWORD="password" -export STORAGE_POOL="/ifs/data/csi" -# Must specify and manually create driver namespace -export DRIVER_NAMESPACE="isilon" +export DELLCTL="/usr/local/bin/dellctl" # The following are for creating PFlex secret/storage class # do not include "https://" in the endpoint @@ -33,17 +24,33 @@ export PFLEX_PASS="password" export PFLEX_SYSTEMID="00990099ddcc" export PFLEX_ENDPOINT="10.1.1.1" export PFLEX_MDM="10.0.0.1,10.0.0.2" -export PFLEX_AUTH_ENDPOINT="localhost:9401" +export PFLEX_AUTH_ENDPOINT="localhost:9401" +# The following are Authorization Proxy Server specific for powerflex: export PFLEX_POOL="pool1" +export PFLEX_STORAGE="powerflex" +export PFLEX_VAULT_STORAGE_PATH="storage\/powerflex" # escape / with \ +export PFLEX_QUOTA="10GB" +export PFLEX_ROLE="csmrole-powerflex" +export PFLEX_TENANT="csmtenant-powerflex" +export PFLEX_TENANT_PREFIX="tn1" # The following are for creating PScale secret/storage class # do not include "https://" in the endpoint export PSCALE_CLUSTER="Isilon-System-Name" export PSCALE_USER="username" export PSCALE_PASS="password" -export PSCALE_ENDPOINT="1.1.1.1" +export PSCALE_ENDPOINT="1.1.1.1:8080" export PSCALE_AUTH_ENDPOINT="localhost" export PSCALE_AUTH_PORT="9400" +# The following are Authorization Proxy Server specific for powerscale: +export PSCALE_POOL_V1="ifs/data/csi" +export PSCALE_POOL_V2="ifs\/data\/csi" # escape / with \ +export PSCALE_STORAGE="powerscale" +export PSCALE_VAULT_STORAGE_PATH="storage\/powerscale" # escape / with \ +export PSCALE_QUOTA="0GB" +export PSCALE_ROLE="csmrole-powerscale" +export PSCALE_TENANT="csmtenant-powerscale" +export PSCALE_TENANT_PREFIX="tn1" # The following are for testing AM export VOL_NS=wordpress @@ -51,7 +58,7 @@ export RES_NS=res-wordpress export AM_NS=test-vxflexos export BACKEND_STORAGE_URL="10.0.0.4:32000" export BUCKET_NAME="my-bucket" -export ALT_BUCKET_NAME="alt-bucket" +export ALT_BUCKET_NAME="alt-bucket" # Be sure to escape / with \ export AM_CONTROLLER_IMAGE="dellemc/csm-application-mobility-controller:nightly" export AM_PLUGIN_IMAGE="dellemc/csm-application-mobility-velero-plugin:nightly" diff --git a/tests/e2e/go.mod b/tests/e2e/go.mod index 1e2c4c771..2ca14b103 100644 --- a/tests/e2e/go.mod +++ b/tests/e2e/go.mod @@ -6,6 +6,7 @@ require ( github.com/dell/csm-operator v0.0.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 + golang.org/x/mod v0.18.0 k8s.io/api v0.28.9 k8s.io/apimachinery v0.28.9 k8s.io/client-go v0.28.9 @@ -86,7 +87,6 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.23.0 // indirect golang.org/x/exp v0.0.0-20221028150844-83b7d23a625f // indirect - golang.org/x/mod v0.18.0 // indirect golang.org/x/net v0.25.0 // indirect golang.org/x/oauth2 v0.11.0 // indirect golang.org/x/sync v0.7.0 // indirect diff --git a/tests/e2e/run-e2e-test.sh b/tests/e2e/run-e2e-test.sh index fbf00fa27..bf4648e85 100755 --- a/tests/e2e/run-e2e-test.sh +++ b/tests/e2e/run-e2e-test.sh @@ -100,7 +100,7 @@ fi # cp $CERT_CSI . # Uncomment for authorization proxy server -# cp $DELLCTL /usr/local/bin/ +#cp $DELLCTL /usr/local/bin/ PATH=$PATH:$(go env GOPATH)/bin @@ -253,6 +253,8 @@ checkForKaravictl if [ -v APPLICATIONMOBILITY ]; then checkForDellctl fi +if [ -v AUTHORIZATIONPROXYSERVER ]; then + checkForDellctl +fi checkForGinkgo # runTests - diff --git a/tests/e2e/steps/step_common.go b/tests/e2e/steps/step_common.go index 7d9c1d140..a20165e7b 100644 --- a/tests/e2e/steps/step_common.go +++ b/tests/e2e/steps/step_common.go @@ -324,7 +324,7 @@ func checkAuthorizationProxyServerPods(ctx context.Context, namespace string, k8 } else if strings.Contains(pod.Name, "redis-commander") { errMsg, allReady = arePodsRunning(pod) notReadyMessage += errMsg - } else if strings.Contains(pod.Name, "redis-primary") { + } else if strings.Contains(pod.Name, "redis") { errMsg, allReady = arePodsRunning(pod) notReadyMessage += errMsg } else if strings.Contains(pod.Name, "role-service") { @@ -336,6 +336,9 @@ func checkAuthorizationProxyServerPods(ctx context.Context, namespace string, k8 } else if strings.Contains(pod.Name, "tenant-service") { errMsg, allReady = arePodsRunning(pod) notReadyMessage += errMsg + } else if strings.Contains(pod.Name, "sentinel") { + errMsg, allReady = arePodsRunning(pod) + notReadyMessage += errMsg } } @@ -489,7 +492,7 @@ func checkAuthorizationProxyServerNoRunningPods(ctx context.Context, namespace s } else if strings.Contains(pod.Name, "redis-commander") { podsFound += (pod.Name + ",") n++ - } else if strings.Contains(pod.Name, "redis-primary") { + } else if strings.Contains(pod.Name, "redis") { podsFound += (pod.Name + ",") n++ } else if strings.Contains(pod.Name, "role-service") { @@ -501,6 +504,9 @@ func checkAuthorizationProxyServerNoRunningPods(ctx context.Context, namespace s } else if strings.Contains(pod.Name, "tenant-service") { podsFound += (pod.Name + ",") n++ + } else if strings.Contains(pod.Name, "sentinel") { + podsFound += (pod.Name + ",") + n++ } } if n != 0 { diff --git a/tests/e2e/steps/steps_def.go b/tests/e2e/steps/steps_def.go index ee4705844..2e6233b08 100644 --- a/tests/e2e/steps/steps_def.go +++ b/tests/e2e/steps/steps_def.go @@ -27,6 +27,7 @@ import ( "github.com/dell/csm-operator/pkg/constants" "github.com/dell/csm-operator/pkg/modules" "github.com/dell/csm-operator/pkg/utils" + "golang.org/x/mod/semver" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/errors" @@ -58,9 +59,11 @@ var ( pflexAuthSidecarMap = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_PASS": "PFLEX_PASS", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PFLEX_AUTH_ENDPOINT"} authSidecarRootCertMap = map[string]string{} amConfigMap = map[string]string{"REPLACE_ALT_BUCKET_NAME": "ALT_BUCKET_NAME", "REPLACE_BUCKET_NAME": "BUCKET_NAME", "REPLACE_S3URL": "BACKEND_STORAGE_URL", "REPLACE_CONTROLLER_IMAGE": "AM_CONTROLLER_IMAGE", "REPLACE_PLUGIN_IMAGE": "AM_PLUGIN_IMAGE"} - storageCrMap = map[string]string{"REPLACE_STORAGE_NAME": "STORAGE_TYPE", "REPLACE_STORAGE_TYPE": "STORAGE_TYPE", "REPLACE_ENDPOINT": "END_POINT", "REPLACE_SYSTEM_ID": "SYSTEM_ID", "REPLACE_VAULT_STORAGE_PATH": "VAULT_STORAGE_PATH"} - roleCrMap = map[string]string{"REPLACE_STORAGE_TYPE": "STORAGE_TYPE", "REPLACE_QUOTA": "QUOTA", "REPLACE_SYSTEM_ID": "SYSTEM_ID", "REPLACE_STORAGE_POOL_PATH": "STORAGE_POOL_PATH"} - tenantCrMap = map[string]string{"REPLACE_TENANT_ROLES": "TENANT_ROLES", "REPLACE_TENANT_VOLUME_PREFIX": "TENANT_PREFIX"} + // Auth V2 + pflexCrMap = map[string]string{"REPLACE_STORAGE_NAME": "PFLEX_STORAGE", "REPLACE_STORAGE_TYPE": "PFLEX_STORAGE", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_SYSTEM_ID": "PFLEX_SYSTEMID", "REPLACE_VAULT_STORAGE_PATH": "PFLEX_VAULT_STORAGE_PATH", "REPLACE_ROLE_NAME": "PFLEX_ROLE", "REPLACE_QUOTA": "PFLEX_QUOTA", "REPLACE_STORAGE_POOL_PATH": "PFLEX_POOL", "REPLACE_TENANT_NAME": "PFLEX_TENANT", "REPLACE_TENANT_ROLES": "PFLEX_ROLE", "REPLACE_TENANT_VOLUME_PREFIX": "PFLEX_TENANT_PREFIX"} + + // Auth V2 + pscaleCrMap = map[string]string{"REPLACE_STORAGE_NAME": "PSCALE_STORAGE", "REPLACE_STORAGE_TYPE": "PSCALE_STORAGE", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_SYSTEM_ID": "PSCALE_CLUSTER", "REPLACE_VAULT_STORAGE_PATH": "PSCALE_VAULT_STORAGE_PATH", "REPLACE_ROLE_NAME": "PSCALE_ROLE", "REPLACE_QUOTA": "PSCALE_QUOTA", "REPLACE_STORAGE_POOL_PATH": "PSCALE_POOL_V2", "REPLACE_TENANT_NAME": "PSCALE_TENANT", "REPLACE_TENANT_ROLES": "PSCALE_ROLE", "REPLACE_TENANT_VOLUME_PREFIX": "PSCALE_TENANT_PREFIX"} ) var correctlyAuthInjected = func(cr csmv1.ContainerStorageModule, annotations map[string]string, vols []acorev1.VolumeApplyConfiguration, cnt []acorev1.ContainerApplyConfiguration) error { @@ -754,12 +757,10 @@ func determineMap(crType string) (map[string]string, error) { mapValues = authSidecarRootCertMap } else if crType == "application-mobility" { mapValues = amConfigMap - } else if crType == "storage" { - mapValues = storageCrMap - } else if crType == "csmrole" { - mapValues = roleCrMap - } else if crType == "csmtenant" { - mapValues = tenantCrMap + } else if crType == "pflexAuthCRs" { + mapValues = pflexCrMap + } else if crType == "pscaleAuthCRs" { + mapValues = pscaleCrMap } else { return mapValues, fmt.Errorf("type: %s is not supported", crType) } @@ -1122,50 +1123,117 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string, crNum, _ := strconv.Atoi(crNumStr) cr := res.CustomResource[crNum-1] - var b []byte var err error - var ( storageType = "" driverNamespace = "" proxyHost = "" + csmTenantName = "" ) // if tests are running multiple scenarios that require differently configured auth servers, we will not be able to use one set of vars // this section is for powerflex, other drivers can add their sections as required. if driver == "powerflex" { - os.Setenv("STORAGE_TYPE", "powerflex") + os.Setenv("PFLEX_STORAGE", "powerflex") os.Setenv("DRIVER_NAMESPACE", "test-vxflexos") + storageType = os.Getenv("PFLEX_STORAGE") + csmTenantName = os.Getenv("PFLEX_TENANT") } if driver == "powerscale" { - os.Setenv("STORAGE_TYPE", "powerscale") + os.Setenv("PSCALE_STORAGE", "powerscale") os.Setenv("DRIVER_NAMESPACE", "isilon") - } - // get env variables - if os.Getenv("STORAGE_TYPE") != "" { - storageType = os.Getenv("STORAGE_TYPE") - } - if os.Getenv("DRIVER_NAMESPACE") != "" { - driverNamespace = os.Getenv("DRIVER_NAMESPACE") + storageType = os.Getenv("PSCALE_STORAGE") + csmTenantName = os.Getenv("PSCALE_TENANT") } proxyHost = os.Getenv("PROXY_HOST") + driverNamespace = os.Getenv("DRIVER_NAMESPACE") port, err := getPortContainerizedAuth(cr.Namespace) if err != nil { return err } + address := proxyHost + // For v1.9.1 and earlier, use the old address + configVersion := cr.GetModule(csmv1.AuthorizationServer).ConfigVersion + isOldVersion, _ := utils.MinVersionCheck(configVersion, "v1.9.1") + if isOldVersion { + address = "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + } + + fmt.Printf("Address: %s\n", address) + + switch semver.Major(configVersion) { + case "v2": + return step.AuthorizationV2Resources(storageType, driver, driverNamespace, address, port, csmTenantName) + case "v1": + return step.AuthorizationV1Resources(storageType, driver, port, address, driverNamespace) + default: + return fmt.Errorf("authorization major version %s not supported", semver.Major(configVersion)) + } +} + +// AuthorizationV1Resources creates resources using karavictl for V1 versions of Authorization Proxy Server +func (step *Step) AuthorizationV1Resources(storageType, driver, port, proxyHost, driverNamespace string) error { + var ( + endpoint = "" + sysID = "" + user = "" + password = "" + pool = "" + // YAML variables + endpointvar = "" + systemIdvar = "" + uservar = "" + passvar = "" + poolvar = "" + ) + + if driver == "powerflex" { + endpointvar = "PFLEX_ENDPOINT" + systemIdvar = "PFLEX_SYSTEMID" + uservar = "PFLEX_USER" + passvar = "PFLEX_PASS" + poolvar = "PFLEX_POOL" + } + + if driver == "powerscale" { + endpointvar = "PSCALE_ENDPOINT" + systemIdvar = "PSCALE_CLUSTER" + uservar = "PSCALE_USER" + passvar = "PSCALE_PASS" + poolvar = "PSCALE_POOL_V1" + } + + // get env variables + if os.Getenv(endpointvar) != "" { + endpoint = os.Getenv(endpointvar) + } + if os.Getenv(systemIdvar) != "" { + sysID = os.Getenv(systemIdvar) + } + if os.Getenv(uservar) != "" { + user = os.Getenv(uservar) + } + if os.Getenv(passvar) != "" { + password = os.Getenv(passvar) + } + if os.Getenv(poolvar) != "" { + pool = os.Getenv(poolvar) + } + + // Create Admin Token fmt.Printf("=== Generating Admin Token ===\n") - adminTkn := exec.Command("dellctl", + adminTkn := exec.Command("karavictl", "admin", "token", "--name", "Admin", "--jwt-signing-secret", "secret", "--refresh-token-expiration", fmt.Sprint(30*24*time.Hour), "--access-token-expiration", fmt.Sprint(2*time.Hour), ) - b, err = adminTkn.CombinedOutput() + b, err := adminTkn.CombinedOutput() if err != nil { return fmt.Errorf("failed to create admin token: %v\nErrMessage:\n%s", err, string(b)) } @@ -1176,100 +1244,189 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string, return fmt.Errorf("failed to write admin token: %v\nErrMessage:\n%s", err, string(b)) } - address := proxyHost - // For v1.9.1 and earlier, use the old address - configVersion := cr.GetModule(csmv1.AuthorizationServer).ConfigVersion - isOldVersion, _ := utils.MinVersionCheck(configVersion, "v1.9.1") - if isOldVersion { - address = "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + // Create storage + fmt.Println("=== Creating Storage ===\n ") + cmd := exec.Command("karavictl", + "--admin-token", "/tmp/adminToken.yaml", + "storage", "create", + "--type", storageType, + "--endpoint", fmt.Sprintf("https://%s", endpoint), + "--system-id", sysID, + "--user", user, + "--password", password, + "--array-insecure", + "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), + ) + fmt.Println("=== Storage === \n", cmd.String()) + b, err = cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("failed to create storage %s: %v\nErrMessage:\n%s", storageType, err, string(b)) } - fmt.Printf("Address: %s\n", address) + // Create Tenant + fmt.Println("=== Creating Tenant ===\n ") + cmd = exec.Command("karavictl", + "--admin-token", "/tmp/adminToken.yaml", + "tenant", "create", + "-n", tenantName, "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), + ) + b, err = cmd.CombinedOutput() + fmt.Println("=== Tenant === \n", cmd.String()) - fmt.Println("=== Creating Storage ===\n ") - mapValues, err := determineMap("storage") - if err != nil { - return err + if err != nil && !strings.Contains(string(b), "tenant already exists") { + return fmt.Errorf("failed to create tenant %s: %v\nErrMessage:\n%s", tenantName, err, string(b)) } - for key := range mapValues { - err := replaceInFile(key, os.Getenv(mapValues[key]), "testfiles/authorization-templates/csm-authorization_storage.yaml") - if err != nil { - return err - } + // Create Role + fmt.Println("=== Creating Role ===\n", cmd.String()) + if storageType == "powerscale" { + quotaLimit = "0" } - cmd := exec.Command("kubectl", "apply", - "-f", "testfiles/authorization-templates/csm-authorization_storage.yaml", + cmd = exec.Command("karavictl", + "--admin-token", "/tmp/adminToken.yaml", + "role", "create", + fmt.Sprintf("--role=%s=%s=%s=%s=%s", + roleName, storageType, sysID, pool, quotaLimit), + "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), ) - fmt.Println("=== Storage === \n", cmd.String()) + + fmt.Println("=== Role === \n", cmd.String()) b, err = cmd.CombinedOutput() - if err != nil && !strings.Contains(string(b), "is already registered") { - return fmt.Errorf("failed to create storage %s: %v\nErrMessage:\n%s", storageType, err, string(b)) + if err != nil { + return fmt.Errorf("failed to create role %s: %v\nErrMessage:\n%s", roleName, err, string(b)) } - // Create Tenant - fmt.Println("=== Creating Tenant ===\n ") - mapValues, err = determineMap("csmtenant") + // role creation take few seconds + time.Sleep(5 * time.Second) + + // Bind role + cmd = exec.Command("karavictl", + "--admin-token", "/tmp/adminToken.yaml", + "rolebinding", "create", + "--tenant", tenantName, + "--role", roleName, + "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), + ) + fmt.Println("=== Binding Role ===\n", cmd.String()) + b, err = cmd.CombinedOutput() if err != nil { - return err + return fmt.Errorf("failed to create rolebinding %s: %v\nErrMessage:\n%s", roleName, err, string(b)) } - for key := range mapValues { - err := replaceInFile(key, os.Getenv(mapValues[key]), "testfiles/authorization-templates/csm-authorization_csmtenant.yaml") - if err != nil { - return err - } + // Generate token + fmt.Println("=== Generating token ===\n ") + cmd = exec.Command("karavictl", + "--admin-token", "/tmp/adminToken.yaml", + "generate", "token", + "--tenant", tenantName, + "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), + "--access-token-expiration", fmt.Sprint(10*time.Minute), + ) + fmt.Println("=== Token ===\n", cmd.String()) + b, err = cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("failed to generate token for %s: %v\nErrMessage:\n%s", tenantName, err, string(b)) } + + // Apply token to CSI driver host + fmt.Println("=== Applying token ===\n ") + + err = os.WriteFile("/tmp/token.yaml", b, 0o644) + if err != nil { + return fmt.Errorf("failed to write tenant token: %v\nErrMessage:\n%s", err, string(b)) + } + cmd = exec.Command("kubectl", "apply", - "-f", "testfiles/authorization-templates/csm-authorization_csmtenant.yaml", + "-f", "/tmp/token.yaml", + "-n", driverNamespace, ) b, err = cmd.CombinedOutput() - fmt.Println("=== Tenant === \n", cmd.String()) + if err != nil { + return fmt.Errorf("failed to apply token: %v\nErrMessage:\n%s", err, string(b)) + } - if err != nil && !strings.Contains(string(b), "tenant already exists") { - return fmt.Errorf("failed to create tenant %s: %v\nErrMessage:\n%s", tenantName, err, string(b)) + fmt.Println("=== Token Applied ===\n ") + return nil +} + +// AuthorizationV2Resources creates resources using CRs and dellctl for V2 versions of Authorization Proxy Server +func (step *Step) AuthorizationV2Resources(storageType, driver, driverNamespace, proxyHost, port, csmTenantName string) error { + var ( + crMap = "" + templateFile = "testfiles/authorization-templates/csm-authorization-template.yaml" + updatedTemplateFile = "" + ) + + if driver == "powerflex" { + crMap = "pflexAuthCRs" + updatedTemplateFile = "testfiles/authorization-templates/csm-authorization-crs-powerflex.yaml" + } else if driver == "powerscale" { + crMap = "pscaleAuthCRs" + updatedTemplateFile = "testfiles/authorization-templates/csm-authorization-crs-powerscale.yaml" } - fmt.Println("=== Creating Role ===\n", cmd.String()) - // Create Role - mapValues, err = determineMap("csmrole") + copyFile := exec.Command("cp", templateFile, updatedTemplateFile) + b, err := copyFile.CombinedOutput() + if err != nil { + return fmt.Errorf("failed to copy template file: %v\nErrMessage:\n%s", err, string(b)) + } + + // Create Admin Token + fmt.Printf("=== Generating Admin Token ===\n") + adminTkn := exec.Command("dellctl", + "admin", "token", + "--name", "Admin", + "--jwt-signing-secret", "secret", + "--refresh-token-expiration", fmt.Sprint(30*24*time.Hour), + "--access-token-expiration", fmt.Sprint(2*time.Hour), + ) + b, err = adminTkn.CombinedOutput() + if err != nil { + return fmt.Errorf("failed to create admin token: %v\nErrMessage:\n%s", err, string(b)) + } + + fmt.Println("=== Writing Admin Token to Tmp File ===\n ") + err = os.WriteFile("/tmp/adminToken.yaml", b, 0o644) + if err != nil { + return fmt.Errorf("failed to write admin token: %v\nErrMessage:\n%s", err, string(b)) + } + + // Create Resources + fmt.Println("=== Creating Storage, Role, and Tenant ===\n ") + mapValues, err := determineMap(crMap) if err != nil { return err } for key := range mapValues { - err := replaceInFile(key, os.Getenv(mapValues[key]), "testfiles/authorization-templates/csm-authorization_csmrole.yaml") + err := replaceInFile(key, os.Getenv(mapValues[key]), updatedTemplateFile) if err != nil { return err } } - cmd = exec.Command("kubectl", "apply", - "-f", "testfiles/authorization-templates/csm-authorization_csmrole.yaml", + cmd := exec.Command("kubectl", "apply", + "-f", updatedTemplateFile, ) - - fmt.Println("=== Role === \n", cmd.String()) + fmt.Println("=== Storage, Role, and Tenant === \n", cmd.String()) b, err = cmd.CombinedOutput() - if err != nil { - return fmt.Errorf("failed to create role %s: %v\nErrMessage:\n%s", roleName, err, string(b)) + if err != nil && !strings.Contains(string(b), "is already registered") { + return fmt.Errorf("failed to create resources for %s: %v\nErrMessage:\n%s", storageType, err, string(b)) } - // role creation take few seconds - time.Sleep(5 * time.Second) - - // Generate token + // Generate tenant token fmt.Println("=== Generating token ===\n ") cmd = exec.Command("dellctl", "generate", "token", "--admin-token", "/tmp/adminToken.yaml", "--access-token-expiration", fmt.Sprint(10*time.Minute), "--refresh-token-expiration", "48h", - "--tenant", "csmtenant-sample", + "--tenant", csmTenantName, "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), ) fmt.Println("=== Token ===\n", cmd.String()) b, err = cmd.CombinedOutput() if err != nil { - return fmt.Errorf("failed to generate token for %s: %v\nErrMessage:\n%s", tenantName, err, string(b)) + return fmt.Errorf("failed to generate token for %s: %v\nErrMessage:\n%s", csmTenantName, err, string(b)) } // Apply token to CSI driver host @@ -1288,8 +1445,8 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string, if err != nil { return fmt.Errorf("failed to apply token: %v\nErrMessage:\n%s", err, string(b)) } - fmt.Println("=== Token Applied ===\n ") + return nil } @@ -1574,6 +1731,29 @@ func (step *Step) validateCustomResourceDefinition(res Resource, crdName string) return nil } +// deleteAuthorizationCRs will delete storage, role, and tenant objects +func (step *Step) deleteAuthorizationCRs(_ Resource, driver string) error { + updatedTemplateFile := "" + if driver == "powerflex" { + updatedTemplateFile = "testfiles/authorization-templates/csm-authorization-crs-powerflex.yaml" + } else if driver == "powerscale" { + updatedTemplateFile = "testfiles/authorization-templates/csm-authorization-crs-powerscale.yaml" + } + + cmd := exec.Command("kubectl", "delete", "-f", updatedTemplateFile) + err := cmd.Run() + if err != nil { + return fmt.Errorf("failed to delete csm authorization CRs: %v", err) + } + + err = os.Remove(updatedTemplateFile) + if err != nil { + return fmt.Errorf("failed to delete %s file: %v", updatedTemplateFile, err) + } + + return nil +} + func (step *Step) deleteCustomResourceDefinition(res Resource, crdNumStr string) error { crdNum, _ := strconv.Atoi(crdNumStr) cmd := exec.Command("kubectl", "delete", "-f", res.Scenario.Paths[crdNum-1]) diff --git a/tests/e2e/steps/steps_runner.go b/tests/e2e/steps/steps_runner.go index 510d1efe8..c0f40d270 100644 --- a/tests/e2e/steps/steps_runner.go +++ b/tests/e2e/steps/steps_runner.go @@ -72,6 +72,12 @@ func StepRunnerInit(runner *Runner, ctrlClient client.Client, clientSet *kuberne // Configure authorization-proxy-server for [powerflex] runner.addStep(`^Configure authorization-proxy-server for \[([^"]*)\] for CR \[(\d+)\]$`, step.configureAuthorizationProxyServer) + // Authorization Proxy Server V2 additional steps + runner.addStep(`^Install Authorization CRDs \[(\d+)\]$`, step.createCustomResourceDefinition) + runner.addStep(`^Validate \[([^"]*)\] CRD for Authorization is installed$`, step.validateCustomResourceDefinition) + runner.addStep(`^Delete Authorization CRs for \[([^"]*)\]$`, step.deleteAuthorizationCRs) + runner.addStep(`^Delete Authorization CRDs \[(\d+)\]$`, step.deleteCustomResourceDefinition) + runner.addStep(`^Set up application mobility CR \[([^"]*)\]$`, step.configureAMInstall) // Connectivity Client steps @@ -82,9 +88,6 @@ func StepRunnerInit(runner *Runner, ctrlClient client.Client, clientSet *kuberne runner.addStep(`^Uninstall connectivity client from CR \[(\d+)\]`, step.uninstallConnectivityClient) runner.addStep(`^Upgrade client from custom resource \[(\d+)\] to \[(\d+)\]$`, step.upgradeCustomResourceClient) runner.addStep(`^Uninstall connectivity client secret from CR \[(\d+)\]`, step.uninstallConnectivityClientSecret) - runner.addStep(`^Install Authorization CRDs \[(\d+)\]$`, step.createCustomResourceDefinition) - runner.addStep(`^Validate \[([^"]*)\] CRD for Authorization is installed$`, step.validateCustomResourceDefinition) - runner.addStep(`^Delete Authorization CRDs \[(\d+)\]$`, step.deleteCustomResourceDefinition) runner.addStep(`^Validate rbac created in namespace \[([^"]*)\]$`, step.validateRbacCreated) runner.addStep(`^Validate connectivity client rbac objects are removed from all namespaces$`, step.validateRbacDeleted) runner.addStep(`^Validate connectivity client rbac objects are removed from namespace \[([^"]*)\]$`, step.validateDeleteRbac) diff --git a/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml b/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml new file mode 100644 index 000000000..0fedf9f7d --- /dev/null +++ b/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml @@ -0,0 +1,51 @@ +apiVersion: csm-authorization.storage.dell.com/v1alpha1 +kind: Storage +metadata: + name: "REPLACE_STORAGE_NAME" +spec: + type: "REPLACE_STORAGE_TYPE" + endpoint: "https://REPLACE_ENDPOINT" + systemID: "REPLACE_SYSTEM_ID" + credentialStore: vault + credentialPath: "REPLACE_VAULT_STORAGE_PATH" + skipCertificateValidation: true + pollInterval: 30s + +--- + +apiVersion: csm-authorization.storage.dell.com/v1alpha1 +kind: CSMRole +metadata: + labels: + app.kubernetes.io/name: role + app.kubernetes.io/instance: role-sample + app.kubernetes.io/part-of: csm-authorization + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: csm-authorization + name: "REPLACE_ROLE_NAME" +spec: + quota: "REPLACE_QUOTA" + systemID: "REPLACE_SYSTEM_ID" + systemType: "REPLACE_STORAGE_TYPE" + pool: "REPLACE_STORAGE_POOL_PATH" + +--- + +apiVersion: csm-authorization.storage.dell.com/v1alpha1 +kind: CSMTenant +metadata: + labels: + app.kubernetes.io/name: csmtenant + app.kubernetes.io/instance: csmtenant-sample + app.kubernetes.io/part-of: csm-authorization + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: csm-authorization + name: "REPLACE_TENANT_NAME" +spec: + # TODO(user): Add fields here + roles: "REPLACE_TENANT_ROLES" + approveSdc: false + revoke: false + # This prefix is added for each new volume provisioned by the tenant. + # It should not exceed 3 characters. Example: tn1 + volumePrefix: "REPLACE_TENANT_VOLUME_PREFIX" diff --git a/tests/e2e/testfiles/authorization-templates/csm-authorization_csmrole.yaml b/tests/e2e/testfiles/authorization-templates/csm-authorization_csmrole.yaml deleted file mode 100644 index dc764942e..000000000 --- a/tests/e2e/testfiles/authorization-templates/csm-authorization_csmrole.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: csm-authorization.storage.dell.com/v1alpha1 -kind: CSMRole -metadata: - labels: - app.kubernetes.io/name: role - app.kubernetes.io/instance: role-sample - app.kubernetes.io/part-of: csm-authorization - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: csm-authorization - name: csmrole-sample -spec: - quota: "REPLACE_QUOTA" - systemID: "REPLACE_SYSTEM_ID" - systemType: "REPLACE_STORAGE_TYPE" - pool: "REPLACE_STORAGE_POOL_PATH" diff --git a/tests/e2e/testfiles/authorization-templates/csm-authorization_csmtenant.yaml b/tests/e2e/testfiles/authorization-templates/csm-authorization_csmtenant.yaml deleted file mode 100644 index e3cbcce21..000000000 --- a/tests/e2e/testfiles/authorization-templates/csm-authorization_csmtenant.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: csm-authorization.storage.dell.com/v1alpha1 -kind: CSMTenant -metadata: - labels: - app.kubernetes.io/name: csmtenant - app.kubernetes.io/instance: csmtenant-sample - app.kubernetes.io/part-of: csm-authorization - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: csm-authorization - name: csmtenant-sample -spec: - # TODO(user): Add fields here - roles: "REPLACE_TENANT_ROLES" - approveSdc: false - revoke: false - # This prefix is added for each new volume provisioned by the tenant. - # It should not exceed 3 characters. Example: tn1 - volumePrefix: "REPLACE_TENANT_VOLUME_PREFIX" diff --git a/tests/e2e/testfiles/authorization-templates/csm-authorization_storage.yaml b/tests/e2e/testfiles/authorization-templates/csm-authorization_storage.yaml deleted file mode 100644 index 366dcd593..000000000 --- a/tests/e2e/testfiles/authorization-templates/csm-authorization_storage.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: csm-authorization.storage.dell.com/v1alpha1 -kind: Storage -metadata: - name: "REPLACE_STORAGE_NAME" -spec: - type: "REPLACE_STORAGE_TYPE" - endpoint: "REPLACE_ENDPOINT" - systemID: "REPLACE_SYSTEM_ID" - credentialStore: vault - credentialPath: "REPLACE_VAULT_STORAGE_PATH" - skipCertificateValidation: true - pollInterval: 30s diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_alt_ns.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_alt_ns.yaml index 1a4eba02c..b82937595 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_alt_ns.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_alt_ns.yaml @@ -9,9 +9,8 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v2.0.0-alpha + configVersion: v1.11.0 forceRemoveModule: true - components: # For Kubernetes Container Platform only # enabled: Enable/Disable NGINX Ingress Controller @@ -33,22 +32,12 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v2.0.0-alpha - proxyServiceReplicas: 1 - tenantService: dellemc/csm-authorization-tenant:v2.0.0-alpha - tenantServiceReplicas: 1 - roleService: dellemc/csm-authorization-role:v2.0.0-alpha - roleServiceReplicas: 1 - storageService: dellemc/csm-authorization-storage:v2.0.0-alpha - storageServiceReplicas: 1 + proxyService: dellemc/csm-authorization-proxy:v1.11.0 + tenantService: dellemc/csm-authorization-tenant:v1.11.0 + roleService: dellemc/csm-authorization-role:v1.11.0 + storageService: dellemc/csm-authorization-storage:v1.11.0 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 - authorizationController: dellemc/csm-authorization-controller:v2.0.0-alpha - authorizationControllerReplicas: 1 - leaderElection: true - - # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. - controllerReconcileInterval: 5m # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates # for self-signed certs, leave empty string @@ -71,42 +60,21 @@ spec: # additional host rules for the proxy-server ingress hosts: - - authorization-ingress-nginx-controller.proxy-ns.svc.cluster.local + [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local # additional annotations for the proxy-server ingress annotations: {} - name: redis - redis: redis:7.2.4-alpine + redis: redis:6.0.8-alpine commander: rediscommander/redis-commander:latest # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis # to use a different storage class for redis, specify the name of the storage class # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization # Default value: None - redisName: redis-csm - redisCommander: redicommander - sentinel: sentinel - redisReplicas: 5 storageclass: "" - - name: vault - vaultAddress: https://10.247.100.22:8400 - vaultRole: csm-authorization - skipCertificateValidation: true - kvEnginePath: secret - # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificateAuthority: "" - --- apiVersion: v1 kind: ConfigMap @@ -117,4 +85,3 @@ data: csm-config-params.yaml: | CONCURRENT_POWERFLEX_REQUESTS: 10 LOG_LEVEL: debug - STORAGE_CAPACITY_POLL_INTERVAL: 5m diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml index 13f4427d4..aaf92390d 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.1 + configVersion: v1.10.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -32,10 +32,10 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.10.1 - tenantService: dellemc/csm-authorization-tenant:v1.10.1 - roleService: dellemc/csm-authorization-role:v1.10.1 - storageService: dellemc/csm-authorization-storage:v1.10.1 + proxyService: dellemc/csm-authorization-proxy:v1.10.0 + tenantService: dellemc/csm-authorization-tenant:v1.10.0 + roleService: dellemc/csm-authorization-role:v1.10.0 + storageService: dellemc/csm-authorization-storage:v1.10.0 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml new file mode 100644 index 000000000..e42666b4e --- /dev/null +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml @@ -0,0 +1,87 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v1.9.0 + forceRemoveModule: true + components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true + + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: dellemc/csm-authorization-proxy:v1.9.0 + tenantService: dellemc/csm-authorization-tenant:v1.9.0 + roleService: dellemc/csm-authorization-role:v1.9.0 + storageService: dellemc/csm-authorization-storage:v1.9.0 + opa: openpolicyagent/opa + opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + + # proxy-server ingress will use this hostname + # NOTE: an additional hostname can be configured in proxyServerIngress.hosts + # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required + hostname: "csm-authorization.com" + + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx + + # additional host rules for the proxy-server ingress + hosts: + [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + + # additional annotations for the proxy-server ingress + annotations: {} + + - name: redis + redis: redis:6.0.8-alpine + commander: rediscommander/redis-commander:latest + # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis + # to use a different storage class for redis, specify the name of the storage class + # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization + # Default value: None + storageclass: "local-storage" + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: | + CONCURRENT_POWERFLEX_REQUESTS: 10 + LOG_LEVEL: debug diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index d1820fb61..ef343c119 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -1,53 +1,69 @@ -#List of E2E Tests Scenarios -- scenario: "Install Authorization Proxy Server" +# List of E2E Tests Scenarios + +- scenario: "Install Authorization Proxy Server V1" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" - - "testfiles/authorization-templates/csm_authorization_crds.yaml" + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" tags: - "authorizationproxyserver" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [2]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" - "Configure authorization-proxy-server for [powerscale] for CR [1]" - - "Configure authorization-proxy-server for [powerflex] for CR [1]" - "Delete custom resource [1]" - - "Delete Authorization CRDs [2]" -- scenario: "Install Authorization CRDs" +# Upgrade from V1 to V2 is not supported +- scenario: "Install Authorization Proxy Server V1 and upgrade" paths: - - "testfiles/authorization-templates/csm_authorization_crds.yaml" - modules: + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 + tags: - "authorizationproxyserver" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [1]" - - "Validate [csmroles] CRD for Authorization is installed" - - "Validate [csmtenants] CRD for Authorization is installed" - - "Validate [storages] CRD for Authorization is installed" - - "Delete Authorization CRDs [1]" + - "Create [authorization-proxy-server] prerequisites from CR [1]" + - "Apply custom resource [1]" + - "Validate [authorization-proxy-server] module from CR [1] is installed" + - "Configure authorization-proxy-server for [powerscale] for CR [1]" + # upgrade + - "Upgrade from custom resource [1] to [2]" + - "Validate custom resource [2]" + - "Validate [authorization-proxy-server] module from CR [2] is installed" + - "Delete custom resource [2]" -- scenario: "Install Authorization Proxy Server and upgrade" +# Authorization V2 scenarios only supports powerflex driver +- scenario: "Install Authorization Proxy Server V2" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" + - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" steps: - "Given an environment with k8s or openshift, and CSM operator installed" + - "Install Authorization CRDs [2]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" - "Configure authorization-proxy-server for [powerflex] for CR [1]" - #upgrade - - "Upgrade from custom resource [1] to [2]" - - "Validate custom resource [2]" - - "Validate [authorization-proxy-server] module from CR [2] is installed" - - "Delete custom resource [2]" + - "Delete Authorization CRs for [powerflex]" + - "Delete custom resource [1]" + - "Delete Authorization CRDs [2]" -- scenario: "Install Authorization Proxy Server With Default Redis Storage Class" +- scenario: "Install Authorization CRDs for V2" + paths: + - "testfiles/authorization-templates/csm_authorization_crds.yaml" + tags: + - "authorizationproxyserver" + steps: + - "Given an environment with k8s or openshift, and CSM operator installed" + - "Install Authorization CRDs [1]" + - "Validate [csmroles] CRD for Authorization is installed" + - "Validate [csmtenants] CRD for Authorization is installed" + - "Validate [storages] CRD for Authorization is installed" + - "Delete Authorization CRDs [1]" + +- scenario: "Install Authorization Proxy Server V2 With Default Redis Storage Class" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml" - "testfiles/authorization-templates/csm_authorization_crds.yaml" @@ -59,32 +75,29 @@ - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" - - "Configure authorization-proxy-server for [powerscale] for CR [1]" - "Configure authorization-proxy-server for [powerflex] for CR [1]" + - "Delete Authorization CRs for [powerflex]" - "Delete custom resource [1]" - "Delete Authorization CRDs [2]" -- scenario: "Install Authorization Proxy Server with alternate namespace" +- scenario: "Install Authorization Proxy Server V1 with alternate namespace" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server_alt_ns.yaml" - - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [2]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" - "Configure authorization-proxy-server for [powerscale] for CR [1]" - "Configure authorization-proxy-server for [powerflex] for CR [1]" - "Delete custom resource [1]" - - "Delete Authorization CRDs [2]" -- scenario: "Install Authorization Proxy Server & PowerFlex Driver (With Authorization), Upgrade both Authorization Proxy Server and PowerFlex Driver" +- scenario: "Install Authorization Proxy Server & PowerFlex Driver (With Authorization V1), Upgrade both Authorization Proxy Server and PowerFlex Driver" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 - "testfiles/storage_csm_powerflex_auth_n_minus_1.yaml" - "testfiles/storage_csm_powerflex_auth.yaml" tags: @@ -124,14 +137,13 @@ - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflexAuth]" - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" customTest: - name: Cert CSI - run: - - cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 + name: Cert CSI + run: + - cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - scenario: "Install PowerScale Driver(Standalone)" paths: - "testfiles/storage_csm_powerscale.yaml" - tags: - "powerscale" - "sanity" @@ -249,18 +261,16 @@ - cert-csi test vio --sc op-e2e-isilon --chainNumber 2 --chainLength 2 - /bin/bash check_parameters.sh testfiles/powerscale_health_monitor_values.csv dell powerscale -- scenario: "Install PowerScale Driver(With Authorization)" +- scenario: "Install PowerScale Driver(With Authorization V1)" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" - "testfiles/storage_csm_powerscale_auth.yaml" - - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" - "authorization" - "powerscale" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [3]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" @@ -278,7 +288,6 @@ - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [2]" - "Delete custom resource [1]" - - "Delete Authorization CRDs [3]" - "Restore template [testfiles/powerscale-templates/powerscale-auth-secret-template.yaml] for [pscaleAuth]" - "Restore template [testfiles/powerscale-templates/karavi-authorization-config.json] for [pscaleAuthSidecar]" customTest: @@ -290,7 +299,7 @@ paths: - "testfiles/storage_csm_powerscale_replica.yaml" tags: - #- "powerscale" + # - "powerscale" - "replication" steps: - "Given an environment with k8s or openshift, and CSM operator installed" @@ -314,7 +323,7 @@ - "testfiles/storage_csm_powerscale.yaml" - "testfiles/storage_csm_powerscale_replica.yaml" tags: - #- "powerscale" + # - "powerscale" - "replication" steps: - "Given an environment with k8s or openshift, and CSM operator installed" @@ -356,9 +365,9 @@ - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - "Validate [powerscale] driver from CR [1] is not installed" -- scenario: "Install PowerScale Driver, Enable/Disable Authorization module" +- scenario: "Install PowerScale Driver, Enable/Disable Authorization V1 module" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" - "testfiles/storage_csm_powerscale.yaml" tags: - "authorizationproxyserver" @@ -460,11 +469,10 @@ - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - "Restore template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" -- scenario: "Install PowerScale Driver(With Authorization and Observability)" +- scenario: "Install PowerScale Driver(With Authorization V1 and Observability)" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale_observability_auth.yaml" - - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" - "authorization" @@ -473,7 +481,6 @@ # - "sanity" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [3]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" @@ -492,7 +499,6 @@ - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [2]" - "Delete custom resource [1]" - - "Delete Authorization CRDs [3]" - "Restore template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" - "Restore template [testfiles/powerscale-templates/powerscale-auth-secret-template.yaml] for [pscaleAuth]" - "Restore template [testfiles/powerscale-templates/karavi-authorization-config.json] for [pscaleAuthSidecar]" @@ -502,11 +508,10 @@ run: - cert-csi test vio --sc op-e2e-isilon --chainNumber 2 --chainLength 2 -- scenario: "Install PowerScale Driver(Standalone), Enable Authorization, Enable Observability" +- scenario: "Install PowerScale Driver(Standalone), Enable Authorization V1, Enable Observability" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale.yaml" - - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" - "powerscale" @@ -514,7 +519,6 @@ - "authorization" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [3]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" @@ -541,15 +545,13 @@ - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [2]" - "Delete custom resource [1]" - - "Delete Authorization CRDs [3]" - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - "Restore template [testfiles/powerscale-templates/karavi-authorization-config.json] for [pscaleAuthSidecar]" -- scenario: "Install PowerScale Driver(With Authorization and Observability), Disable Authorization module, Disable Observability module" +- scenario: "Install PowerScale Driver(With Authorization V1 and Observability), Disable Authorization module, Disable Observability module" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale_observability_auth.yaml" - - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" - "authorization" @@ -557,7 +559,6 @@ - "observability" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [3]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" @@ -585,7 +586,6 @@ - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [2]" - "Delete custom resource [1]" - - "Delete Authorization CRDs [3]" - "Restore template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" - "Restore template [testfiles/powerscale-templates/powerscale-auth-secret-template.yaml] for [pscaleAuth]" - "Restore template [testfiles/powerscale-templates/karavi-authorization-config.json] for [pscaleAuthSidecar]" @@ -753,7 +753,7 @@ - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - "Validate [powerflex] driver from CR [1] is not installed" -- scenario: "Install PowerFlex Driver (With Authorization)" +- scenario: "Install PowerFlex Driver (With Authorization V2)" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" - "testfiles/storage_csm_powerflex_auth.yaml" @@ -782,6 +782,7 @@ # cleanup - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [2]" + - "Delete Authorization CRs for [powerflex]" - "Delete custom resource [1]" - "Delete Authorization CRDs [3]" - "Restore template [testfiles/powerflex-templates/csm-authorization-config.json] for [pflexAuthSidecar]" @@ -792,16 +793,18 @@ run: - cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 -- scenario: "Install PowerFlex Driver (With Authorization), Upgrade driver and authorization sidecar" +- scenario: "Install PowerFlex Driver (With Authorization V2), Upgrade driver and authorization sidecar" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" - "testfiles/storage_csm_powerflex_auth_n_minus_1.yaml" - "testfiles/storage_csm_powerflex_auth.yaml" + - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorization" - "authorizationproxyserver" steps: - "Given an environment with k8s or openshift, and CSM operator installed" + - "Install Authorization CRDs [4]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" @@ -825,7 +828,9 @@ # cleanup - "Enable forceRemoveDriver on CR [3]" - "Delete custom resource [3]" + - "Delete Authorization CRs for [powerflex]" - "Delete custom resource [1]" + - "Delete Authorization CRDs [4]" - "Restore template [testfiles/powerflex-templates/csm-authorization-config.json] for [pflexAuthSidecar]" - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflexAuth]" - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" @@ -861,7 +866,6 @@ - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - - scenario: "Install PowerFlex Driver(With Observability)" paths: - "testfiles/storage_csm_powerflex_observability.yaml" @@ -952,9 +956,9 @@ paths: - "testfiles/storage_csm_powerflex_replica.yaml" tags: - #- "powerflex" + # - "powerflex" - "replication" - #- "sanity" + # - "sanity" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - "Create storageclass with name [op-e2e-vxflexos] and template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" @@ -977,7 +981,7 @@ paths: - "testfiles/storage_csm_powerflex.yaml" tags: - #- "powerflex" + # - "powerflex" - "replication" steps: - "Given an environment with k8s or openshift, and CSM operator installed" @@ -998,11 +1002,10 @@ - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" -- scenario: "Install PowerFlex Driver(Standalone), Enable Authorization, Enable Observability" +- scenario: "Install PowerFlex Driver(Standalone), Enable Authorization V1, Enable Observability" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerflex.yaml" - - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" - "authorization" @@ -1010,7 +1013,6 @@ - "observability" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [3]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" @@ -1028,7 +1030,7 @@ - "Validate [powerflex] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" - "Validate [observability] module from CR [2] is not installed" -# - "Set secret for driver from CR [2] to [test-vxflexos-config-auth]" + # - "Set secret for driver from CR [2] to [test-vxflexos-config-auth]" - "Enable [observability] module from CR [2]" - "Validate [powerflex] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" @@ -1038,16 +1040,14 @@ - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [1]" - "Delete custom resource [2]" - - "Delete Authorization CRDs [3]" - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflexAuth]" - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - "Restore template [testfiles/powerflex-templates/csm-authorization-config.json] for [pflexAuthSidecar]" -- scenario: "Install PowerFlex Driver(With Authorization and Observability)" +- scenario: "Install PowerFlex Driver(With Authorization V1 and Observability)" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerflex_observability_auth.yaml" - - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" - "authorization" @@ -1055,7 +1055,6 @@ - "observability" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Install Authorization CRDs [3]" - "Create [authorization-proxy-server] prerequisites from CR [1]" - "Apply custom resource [1]" - "Validate [authorization-proxy-server] module from CR [1] is installed" @@ -1074,7 +1073,6 @@ - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [2]" - "Delete custom resource [1]" - - "Delete Authorization CRDs [3]" - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflexAuth]" - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - "Restore template [testfiles/powerflex-templates/csm-authorization-config.json] for [pflexAuthSidecar]" @@ -1083,9 +1081,9 @@ run: - cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 -- scenario: Install PowerFlex Driver(With Authorization and Observability), Disable Observability module, Disable Authorization module" +- scenario: Install PowerFlex Driver(With Authorization V2 and Observability), Disable Observability module, Disable Authorization module" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" + - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" - "testfiles/storage_csm_powerflex_observability_auth.yaml" - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: @@ -1122,6 +1120,7 @@ # cleanup - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [2]" + - "Delete Authorization CRs for [powerflex]" - "Delete custom resource [1]" - "Delete Authorization CRDs [3]" - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflexAuth]" @@ -1147,7 +1146,7 @@ customTest: name: CustomTest run: - - echo "no current test for resiliency" + - echo "no current test for resiliency" - scenario: "Install PowerFlex Driver(Standalone), Enable/Disable Resiliency" paths: @@ -1190,7 +1189,7 @@ customTest: name: CustomTest run: - - echo "no current test for resiliency" + - echo "no current test for resiliency" - scenario: "Install PowerScale Driver(Standalone), Enable/Disable Resiliency" paths: @@ -1281,7 +1280,7 @@ customTest: name: CustomTest run: - - echo "no current test for resiliency" + - echo "no current test for resiliency" - scenario: "Install PowerStore Driver(Standalone), Enable Resiliency" paths: @@ -1411,15 +1410,15 @@ - "Apply custom resource [1]" - "Validate [application-mobility] module from CR [1] is installed" - "Validate [powerflex] driver from CR [1] is installed" - #upgrade + # upgrade - "Apply custom resource [2]" - "Validate custom resource [2]" - "Validate [application-mobility] module from CR [2] is installed" - #downgrade + # downgrade - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [application-mobility] module from CR [1] is installed" - #clean up + # clean up - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - "Restore template [testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml] for [application-mobility]" @@ -1646,4 +1645,3 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" - \ No newline at end of file