Add comments

kubernetes-sigs · Dec 14, 2024 · 39d590f · 39d590f
1 parent d788f47
commit 39d590f
Showing 1 changed file with 27 additions and 24 deletions.
diff --git a/test/scripts/run-e2e-gcp.sh b/test/scripts/run-e2e-gcp.sh
@@ -44,43 +44,46 @@ main() {
 
     #install boskosctl
     if [[ -z "$(command -v boskosctl)" ]]; then
-       echo "installing boskosctl"
-       GO111MODULE=on go install sigs.k8s.io/boskos/cmd/boskosctl@master
-       echo "'boskosctl' has been installed to $GOPATH/bin, make sure this directory is in your \$PATH"
+        echo "installing boskosctl"
+        GO111MODULE=on go install sigs.k8s.io/boskos/cmd/boskosctl@master
+        echo "'boskosctl' has been installed to $GOPATH/bin, make sure this directory is in your \$PATH"
     fi
 
     echo "testing boskosctl"
     boskosctl --help
 
+    # Aquire a project from boskos pool, test will use secret created on this
     if [ -n "${BOSKOS_HOST:-}" ]; then
-       echo "Boskos acquire - ${BOSKOS_HOST}"
-       export BOSKOS_RESOURCE="$( boskosctlwrapper acquire --type gce-project --state free --target-state busy --timeout 1h )"
-       export RESOURCE_NAME=$(echo $BOSKOS_RESOURCE | jq  -r ".name")
-       export GCP_PROJECT=$(echo $BOSKOS_RESOURCE | jq  -r ".name")
-
-       # send a heartbeat in the background to keep the lease while using the resource
-       echo "Starting Boskos HeartBeat"
-       boskosctlwrapper heartbeat --resource "${BOSKOS_RESOURCE}" &
-   fi
+        echo "Boskos acquire - ${BOSKOS_HOST}"
+        export BOSKOS_RESOURCE="$( boskosctlwrapper acquire --type gce-project --state free --target-state busy --timeout 1h )"
+        export RESOURCE_NAME=$(echo $BOSKOS_RESOURCE | jq  -r ".name")
+        export GCP_PROJECT=$(echo $BOSKOS_RESOURCE | jq  -r ".name")
+
+        # send a heartbeat in the background to keep the lease while using the resource
+        echo "Starting Boskos HeartBeat"
+        boskosctlwrapper heartbeat --resource "${BOSKOS_RESOURCE}" &
+    fi
 
-   echo "Using project ${GCP_PROJECT}"
-   gcloud config set project ${GCP_PROJECT}
+    echo "Using project ${GCP_PROJECT}"
+    gcloud config set project ${GCP_PROJECT}
 
-   export SECRET_ID="test-secret-$(openssl rand -hex 4)"
-   export SECRET_VALUE="secret-a"
-   echo -n ${SECRET_VALUE} | gcloud beta secrets create ${SECRET_ID} --data-file=- --ttl=1800s --quiet
+    # create a secret in the aquired project 
+    export SECRET_ID="test-secret-$(openssl rand -hex 4)"
+    export SECRET_VALUE="secret-a"
+    echo -n ${SECRET_VALUE} | gcloud beta secrets create ${SECRET_ID} --data-file=- --ttl=1800s --quiet
 
-   export SECRET_PROJECT_ID="$(gcloud config get project)"
-   export SECRET_PROJECT_NUMBER="$(gcloud projects describe $SECRET_PROJECT_ID --format='value(projectNumber)')"
+    export SECRET_PROJECT_ID="$(gcloud config get project)"
+    export SECRET_PROJECT_NUMBER="$(gcloud projects describe $SECRET_PROJECT_ID --format='value(projectNumber)')"
 
-   export SECRET_URI="projects/${CLUSTER_PROJECT_NUMBER}/secrets/${SECRET_ID}/versions/latest"
+    export SECRET_URI="projects/${CLUSTER_PROJECT_NUMBER}/secrets/${SECRET_ID}/versions/latest"
 
-   gcloud secrets add-iam-policy-binding ${SECRET_ID} \
-   --role=roles/secretmanager.secretAccessor \
-   --member=principalSet://iam.googleapis.com/projects/773781448124/locations/global/workloadIdentityPools/k8s-infra-prow-build.svc.id.goog/namespace/test-pods
+    # Prow jobs are executed by `k8s-infra-prow-build.svc.id.goog` in test-pods namespace, so grant the access to the secret
+    gcloud secrets add-iam-policy-binding ${SECRET_ID} \
+    --role=roles/secretmanager.secretAccessor \
+    --member=principalSet://iam.googleapis.com/projects/773781448124/locations/global/workloadIdentityPools/k8s-infra-prow-build.svc.id.goog/namespace/test-pods
 
     # wait for permissions to propogate
-   sleep 60
+    sleep 60
 
     make e2e-bootstrap e2e-helm-deploy e2e-gcp
 }