Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VC-37264] Update E2E test to check for certificate in the API #629

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[VC-37264] Update E2E test to check for certificate in the API #629

wants to merge 1 commit into from

Conversation

wallrj
Copy link
Member

@wallrj wallrj commented Nov 22, 2024
edited
Loading

I adapted the commands that @maelvls described in the PR #628.

The E2E test script will now create a TLS certificate in a Secret (not managed by cert-manager) with a unique common name,
and wait for a certificate with that unique common name to appear in the Venafi Cloud API.
Signifying that the venafi-kubernetes-agent has successfully uploaded the data and that the TLSPK backend has successfully processed the data.

$ make test-e2e-gke
...
{
  "ts": 1732293943910.6917,
  "caller": "cache/reflector.go:368",
  "msg": "Caches populated for *v1alpha1.VenafiConnection from k8s.io/[email protected]/tools/cache/reflector.go:243",
  "v": 2
}
{"ts":1732293944460.7644,"caller":"agent/run.go:409","msg":"Data sent successfully","v":0,"logger":"Run.gatherAndOutputData.postData"}
.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+...+...+.....+......+..........+.....+.+..+......+...................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+.......+...+...+..+....+.....+.........+.......+.....+............+.+....................+.+........+...+.............+..+..........+.........+..................+...+........+....+..+...+.......+........+...+...+.......+.....+.........+.+............+...+..+.+...........+.............+...+.................+.+............+..+.+.....+.+...+........+....+...+...+.....+...+.........+................+..+............+..........+...+...+.....+......+...+...+...+....+.....+......+.+...+..+.+...+.....+.......+.....+.........+....+......+........+.............+..+.......+.....+...+.......+...+........+...+....+......+..+...+......+.+...+......+...+.....+..........+...+........+.+......+..+.+............+..+.......+......+.......................+......+.............+.....+......+............+...+....+..+.+..+.+...........+....+.....+....+..+.+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....................+....+...+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+....................+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+...+.....+..........+.....+.......+..+....+......+...+......+......+......+..+.+..+.......+...........+......+....+.....+......+.+.....+...+......+.+........+.........+...+.......+..+...+......+.......+.....+..................+.......+..+.+......+...........+...+..........+..+.............+..+....+...+..+...+.+.....+.+......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
secret/venafi-kubernetes-agent-e2e.fc151446-d61a-4f44-88e7-fea34cbed76e created
{"count":0,"certificates":[]}
{"count":0,"certificates":[]}
{"count":0,"certificates":[]}
{"count":0,"certificates":[]}
{
  "count": 1,
  "certificates": [
    {
      "id": "8055dc30-a8f1-11ef-a949-796f7926985d",
      "companyId": "9a0cab61-2b00-11ee-ba09-0733b0fe5adc",
      "managedCertificateId": "81508fe0-a8f1-11ef-825d-05a7a681c5d0",
      "fingerprint": "C47F482C252FFDEFFE330A3B9F98EBFA6347A61D",
      "certificateName": "venafi-kubernetes-agent-e2e.fc151446-d61a-4f44-88e7-fea34cbed76e",
      "issuerCertificateIds": [],
      "certificateStatus": "ACTIVE",
      "modificationDate": "2024-11-22T16:47:48.178+00:00",
      "validityStart": "2024-11-22T16:45:53.000+00:00",
      "validityEnd": "2025-11-22T16:45:53.000+00:00",
      "selfSigned": true,
      "signatureAlgorithm": "SHA256_WITH_RSA_ENCRYPTION",
      "signatureHashAlgorithm": "SHA256",
      "encryptionType": "RSA",
      "keyStrength": 2048,
      "subjectKeyIdentifierHash": "AC927B150927F9BEF588364B5C7468F36CACD687",
      "authorityKeyIdentifierHash": "AC927B150927F9BEF588364B5C7468F36CACD687",
      "serialNumber": "44EB333BB52D2D110490B97563D58A79E9C491B6",
      "subjectDN": "cn=venafi-kubernetes-agent-e2e.fc151446-d61a-4f44-88e7-fea34cbed76e",
      "subjectCN": [
        "venafi-kubernetes-agent-e2e.fc151446-d61a-4f44-88e7-fea34cbed76e"
      ],
      "subjectAlternativeNamesByType": {
        "otherName": [],
        "rfc822Name": [],
        "dNSName": [],
        "x400Address": [],
        "directoryName": [],
        "ediPartyName": [],
        "uniformResourceIdentifier": [],
        "iPAddress": [],
        "registeredID": []
      },
      "issuerDN": "cn=venafi-kubernetes-agent-e2e.fc151446-d61a-4f44-88e7-fea34cbed76e",
      "issuerCN": [
        "venafi-kubernetes-agent-e2e.fc151446-d61a-4f44-88e7-fea34cbed76e"
      ],
      "ocspNoCheck": false,
      "versionType": "CURRENT",
      "totalInstanceCount": 1,
      "totalActiveInstanceCount": 0,
      "instances": [],
      "ownership": {}
    }
  ]
}

$ echo $?
0

@wallrj wallrj changed the base branch from master to VC-37264-disable-compression November 22, 2024 16:51
@wallrj wallrj mentioned this pull request Nov 22, 2024
Merged
Base automatically changed from VC-37264-disable-compression to master November 22, 2024 17:31
@wallrj wallrj changed the title WIP: Update E2E test to check for certificate in the API [VC-37264] Update E2E test to check for certificate in the API Nov 22, 2024
wallrj
wallrj commented Nov 22, 2024
View reviewed changes
hack/e2e/test.sh
Comment on lines +197 to +202
set +o pipefail
kubectl logs deployments/venafi-kubernetes-agent \
--follow \
--namespace venafi \
| timeout 60 jq 'if .msg | test("Data sent successfully") then . | halt_error(0) end'
set -o pipefail
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd accidentally removed this pipefail trick in #596
and it resulted in the test always exiting with a 141 status.

I've restored it here so that the new shell lines can run after the "Data sent successfully" message.

hack/e2e/test.sh
}

# Wait 5 minutes for the certificate to appear.
for ((i=0;;i++)); do if getCertificate; then exit 0; fi; sleep 30; done | timeout -v -- 5m cat
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't realise that you can pipe into the timeout command. This allows me to run the getCertificate repeatedly until it succeeds, or until the timeout expires.

@wallrj wallrj requested a review from maelvls November 22, 2024 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maelvls maelvls Awaiting requested review from maelvls

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@wallrj