From f52555d1487e6120e665b765c5ee4ade858473d3 Mon Sep 17 00:00:00 2001 From: ytimocin Date: Thu, 7 Dec 2023 16:18:49 -0800 Subject: [PATCH] Updating RBAC for Controller Signed-off-by: ytimocin --- .github/scripts/cleanup-cluster.sh | 10 ++-- .github/workflows/long-running-azure.yaml | 57 ++++++++++++++----- test/functional/kubernetes/kubernetes_test.go | 1 - 3 files changed, 46 insertions(+), 22 deletions(-) diff --git a/.github/scripts/cleanup-cluster.sh b/.github/scripts/cleanup-cluster.sh index eb1ab03b972..355eae7d826 100755 --- a/.github/scripts/cleanup-cluster.sh +++ b/.github/scripts/cleanup-cluster.sh @@ -6,7 +6,7 @@ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software @@ -23,8 +23,7 @@ kubectl delete queuemessages.ucp.dev -n radius-system --all # Delete all test resources in resources without proxy resource. resources=$(kubectl get resources.ucp.dev -n radius-system --no-headers -o custom-columns=":metadata.name") -for r in $resources -do +for r in $resources; do if [[ $r == scope.local.* || $r == scope.aws.* || -z "$r" ]]; then echo "skip deletion: $r" else @@ -34,9 +33,8 @@ do done # Delete all test namespaces. -namespaces=$(kubectl get namespace | grep -E '^corerp.*|^default-.*|^radiusfunctionaltestbucket.*|^radius-test.*|^kubernetes-cli.*|^dpsb-.*|^azstorage-workload.*|^dapr-serviceinvocation|^ms.+' | awk '{print $1}') -for ns in $namespaces -do +namespaces=$(kubectl get namespace | grep -E '^demo.*|^corerp.*|^default-.*|^radiusfunctionaltestbucket.*|^radius-test.*|^kubernetes-cli.*|^dpsb-.*|^azstorage-workload.*|^dapr-serviceinvocation|^ms.+' | awk '{print $1}') +for ns in $namespaces; do if [ -z "$ns" ]; then break fi diff --git a/.github/workflows/long-running-azure.yaml b/.github/workflows/long-running-azure.yaml index df8f8d8760f..3c89da3a61a 100644 --- a/.github/workflows/long-running-azure.yaml +++ b/.github/workflows/long-running-azure.yaml @@ -55,12 +55,15 @@ env: # gotestsum version - see: https://github.com/gotestyourself/gotestsum GOTESTSUM_VER: 1.10.0 + # Helm version + HELM_VER: "v3.12.0" + # Container registry for storing container images CONTAINER_REGISTRY: ghcr.io/radius-project/dev # Container registry for storing Bicep recipe artifacts BICEP_RECIPE_REGISTRY: ghcr.io/radius-project/dev # The radius functional test timeout - FUNCTIONALTEST_TIMEOUT: 60m + FUNCTIONALTEST_TIMEOUT: 30m # The Azure Location to store test resources AZURE_LOCATION: westus3 # The base directory for storing test logs @@ -277,8 +280,8 @@ jobs: tests: name: Run functional tests needs: build - runs-on: ubuntu-latest if: github.repository == 'radius-project/radius' + runs-on: ubuntu-latest env: SKIP_BUILD: ${{ needs.build.outputs.SKIP_BUILD }} UNIQUE_ID: ${{ needs.build.outputs.UNIQUE_ID }} @@ -305,6 +308,16 @@ jobs: with: name: ${{ env.RAD_CLI_ARTIFACT_NAME }} path: bin + - name: Login to Azure + uses: azure/login@v1 + with: + creds: '{"clientId":"${{ secrets.INTEGRATION_TEST_SP_APP_ID }}","clientSecret":"${{ secrets.INTEGRATION_TEST_SP_PASSWORD }}","subscriptionId":"${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.INTEGRATION_TEST_TENANT_ID }}"}' + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Restore the latest cached binaries if: env.SKIP_BUILD == 'true' uses: actions/cache/restore@v3 @@ -317,10 +330,6 @@ jobs: mkdir -p ./bin mv ./dist/cache/rad ./bin/ chmod +x ./bin/rad - - name: Login to Azure - uses: azure/login@v1 - with: - creds: '{"clientId":"${{ secrets.INTEGRATION_TEST_SP_APP_ID }}","clientSecret":"${{ secrets.INTEGRATION_TEST_SP_PASSWORD }}","subscriptionId":"${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.INTEGRATION_TEST_TENANT_ID }}"}' - name: Create azure resource group - ${{ env.AZURE_TEST_RESOURCE_GROUP }} run: | current_time=$(date +%s) @@ -372,24 +381,22 @@ jobs: echo "*** Create workspace, group and environment for test ***" rad workspace create kubernetes - rad workspace list - rad group create radius-e2e - rad group switch radius-e2e + rad group create kind-radius + rad group switch kind-radius # The functional test is designed to use default namespace. So you must create the environment for default namespace. - rad env create radius-e2e --namespace default - rad env switch radius-e2e - rad workspace list + rad env create kind-radius --namespace default + rad env switch kind-radius echo "*** Configuring Azure provider ***" - rad env update radius-e2e --azure-subscription-id ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }} \ + rad env update kind-radius --azure-subscription-id ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }} \ --azure-resource-group ${{ env.AZURE_TEST_RESOURCE_GROUP }} rad credential register azure --client-id ${{ secrets.INTEGRATION_TEST_SP_APP_ID }} \ --client-secret ${{ secrets.INTEGRATION_TEST_SP_PASSWORD }} \ --tenant-id ${{ secrets.INTEGRATION_TEST_TENANT_ID }} echo "*** Configuring AWS provider ***" - rad env update radius-e2e --aws-region ${{ env.AWS_REGION }} --aws-account-id ${{ secrets.FUNCTEST_AWS_ACCOUNT_ID }} + rad env update kind-radius --aws-region ${{ env.AWS_REGION }} --aws-account-id ${{ secrets.FUNCTEST_AWS_ACCOUNT_ID }} rad credential register aws \ --access-key-id ${{ secrets.FUNCTEST_AWS_ACCESS_KEY_ID }} --secret-access-key ${{ secrets.FUNCTEST_AWS_SECRET_ACCESS_KEY }} - name: Log radius installation status (failure) @@ -428,10 +435,28 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.FUNCTEST_AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.FUNCTEST_AWS_SECRET_ACCESS_KEY }} AWS_REGION: ${{ env.AWS_REGION }} - RADIUS_SAMPLES_REPO_ROOT: ${{ github.workspace }}/samples # Test_MongoDB_Recipe_Parameters is using the following environment variable. INTEGRATION_TEST_RESOURCE_GROUP_NAME: ${{ env.AZURE_TEST_RESOURCE_GROUP }} FUNC_TEST_OIDC_ISSUER: ${{ env.FUNCTEST_OIDC_ISSUER }} + DOCKER_REGISTRY: ${{ env.CONTAINER_REGISTRY }} + RADIUS_SAMPLES_REPO_ROOT: ${{ github.workspace }}/samples + BICEP_RECIPE_REGISTRY: ${{ env.BICEP_RECIPE_REGISTRY }} + BICEP_RECIPE_TAG_VERSION: ${{ env.BICEP_RECIPE_TAG_VERSION }} + - name: Collect Pod details + if: always() + run: | + POD_STATE_LOG_FILENAME='${{ env.RADIUS_CONTAINER_LOG_BASE }}/all-tests-pod-states.log' + mkdir -p $(dirname $POD_STATE_LOG_FILENAME) + echo "kubectl get pods -A" >> $POD_STATE_LOG_FILENAME + kubectl get pods -A >> $POD_STATE_LOG_FILENAME + echo "kubectl describe pods -A" >> $POD_STATE_LOG_FILENAME + kubectl describe pods -A >> $POD_STATE_LOG_FILENAME + - name: Upload container logs + if: always() + uses: actions/upload-artifact@v3 + with: + name: all_container_logs + path: ./${{ env.RADIUS_CONTAINER_LOG_BASE }} - name: Log radius e2e test status (success) if: success() run: | @@ -448,6 +473,8 @@ jobs: --subscription ${{ secrets.INTEGRATION_TEST_SUBSCRIPTION_ID }} \ --name ${{ env.AZURE_TEST_RESOURCE_GROUP }} \ --yes --verbose + env: + RESOURCE_GROUP: ${{ env.AZURE_TEST_RESOURCE_GROUP }} - name: Clean up cluster if: always() run: ./.github/scripts/cleanup-cluster.sh diff --git a/test/functional/kubernetes/kubernetes_test.go b/test/functional/kubernetes/kubernetes_test.go index c7ae4a790cd..c5e5f69bf3a 100644 --- a/test/functional/kubernetes/kubernetes_test.go +++ b/test/functional/kubernetes/kubernetes_test.go @@ -48,7 +48,6 @@ import ( ) func Test_TutorialApplication_KubernetesManifests(t *testing.T) { - t.Skip("Skipping for now, will reenable before merging.") ctx := testcontext.New(t) opts := shared.NewRPTestOptions(t)