-
Notifications
You must be signed in to change notification settings - Fork 298
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e71b923
commit 4e76357
Showing
1 changed file
with
5 additions
and
114 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,120 +20,11 @@ set -o pipefail | |
|
|
||
| : "${GOOGLE_APPLICATION_CREDENTIALS:?Environment variable empty or not defined.}" | ||
|
|
||
| readonly CLUSTER_NAME="secret-provider-cluster-gcp-$(openssl rand -hex 4)" | ||
|
|
||
| function boskosctlwrapper() { | ||
| boskosctl --server-url http://"${BOSKOS_HOST}" --owner-name "cluster-api-provider-gcp" "${@}" | ||
| } | ||
|
|
||
| cleanup() { | ||
|
|
||
| gcloud container clusters delete --location us-central1-c ${CLUSTER_NAME} | ||
| # stop boskos heartbeat | ||
| if [ -n "${BOSKOS_HOST:-}" ]; then | ||
| boskosctlwrapper release --name "${ }" --target-state dirty | ||
| fi | ||
|
|
||
| } | ||
| trap cleanup EXIT | ||
|
|
||
| main() { | ||
| echo "starting the script" | ||
|
|
||
| if [[ -z "$GOOGLE_APPLICATION_CREDENTIALS" ]]; then | ||
| echo "GOOGLE_APPLICATION_CREDENTIALS is not set. Please set this to the path of the service account used to run this script." | ||
| else | ||
| gcloud auth activate-service-account --key-file="${GOOGLE_APPLICATION_CREDENTIALS}" | ||
| fi | ||
|
|
||
| GCP_PROJECT=$(jq -r .project_id "${GOOGLE_APPLICATION_CREDENTIALS}") | ||
|
|
||
| echo "Using project ${GCP_PROJECT}" | ||
|
|
||
| # gcloud projects describe ${GCP_PROJECT} | ||
| # export CLUSTER_PROJECT_NUMBER="$(gcloud projects describe $GCP_PROJECT --format='value(projectNumber)')" | ||
|
|
||
| # echo "project number" | ||
| # echo $CLUSTER_PROJECT_NUMBER | ||
|
|
||
|
|
||
| # gcloud projects get-iam-policy ${GCP_PROJECT} \ | ||
| # --flatten="bindings[].members" \ | ||
| # --format='table(bindings.role)' \ | ||
| # --filter="bindings.members:[email protected]" | ||
|
|
||
| # gcloud iam service-accounts create gke-workload | ||
|
|
||
| ####### approach 2 ################# | ||
| echo "starting the secret store csi driver test for gcp provider" | ||
| # TODOs | ||
| # 1. Create a temporary secret in boskos pool once https://github.com/kubernetes/k8s.io/pull/7416 is submitted. | ||
| # 2. Rotate secrets created in above step | ||
| # 3. Clean up the secret. | ||
| make e2e-bootstrap e2e-helm-deploy e2e-gcp | ||
|
|
||
|
|
||
| } | ||
|
|
||
|
|
||
| use_boskos_setup() { | ||
|
|
||
| printenv | ||
| if [[ -z "$(command -v boskosctl)" ]]; then | ||
| echo "installing boskosctl" | ||
| GO111MODULE=on go install sigs.k8s.io/boskos/cmd/boskosctl@master | ||
| echo "'boskosctl' has been installed to $GOPATH/bin, make sure this directory is in your \$PATH" | ||
| fi | ||
|
|
||
| echo "testing boskosctl" | ||
| boskosctl --help | ||
|
|
||
| if [ -n "${BOSKOS_HOST:-}" ]; then | ||
| echo "Boskos acquire - ${BOSKOS_HOST}" | ||
| export BOSKOS_RESOURCE="$( boskosctlwrapper acquire --type gce-project --state free --target-state busy --timeout 1h )" | ||
| export RESOURCE_NAME=$(echo $BOSKOS_RESOURCE | jq -r ".name") | ||
| export GCP_PROJECT=$(echo $BOSKOS_RESOURCE | jq -r ".name") | ||
|
|
||
| # send a heartbeat in the background to keep the lease while using the resource | ||
| echo "Starting Boskos HeartBeat" | ||
| boskosctlwrapper heartbeat --resource "${BOSKOS_RESOURCE}" & | ||
| fi | ||
|
|
||
| if [[ -z "$GOOGLE_APPLICATION_CREDENTIALS" ]]; then | ||
| echo "GOOGLE_APPLICATION_CREDENTIALS is not set. Please set this to the path of the service account used to run this script." | ||
| else | ||
| gcloud auth activate-service-account --key-file="${GOOGLE_APPLICATION_CREDENTIALS}" | ||
| fi | ||
| # GCP_PROJECT=$(jq -r .project_id "${GOOGLE_APPLICATION_CREDENTIALS}") | ||
| echo "Using project ${GCP_PROJECT}" | ||
|
|
||
| gcloud projects describe ${GCP_PROJECT} | ||
|
|
||
| gcloud config set project ${GCP_PROJECT} | ||
|
|
||
| gcloud iam service-accounts list | ||
|
|
||
| echo "creating secret" | ||
|
|
||
| export SECRET_ID="test-secret-$(openssl rand -hex 4)" | ||
|
|
||
| echo -n "my super secret string" | gcloud beta secrets create ${SECRET_ID} --data-file=- --ttl=1800s --quiet | ||
|
|
||
| export CLUSTER_PROJECT_ID="$(gcloud config get project)" | ||
| export CLUSTER_PROJECT_NUMBER="$(gcloud projects describe $CLUSTER_PROJECT_ID --format='value(projectNumber)')" | ||
|
|
||
| export SECRET_URI="projects/${CLUSTER_PROJECT_NUMBER}/secrets/${SECRET_ID}/versions/latest" | ||
|
|
||
| gcloud projects get-iam-policy ${GCP_PROJECT} \ | ||
| --flatten="bindings[].members" \ | ||
| --format='table(bindings.role)' \ | ||
| --filter="bindings.members:[email protected]" | ||
|
|
||
| echo "creating cluster..." | ||
| gcloud container clusters create ${CLUSTER_NAME} --location=us-central1-c --workload-pool=${GCP_PROJECT}.svc.id.goog | ||
|
|
||
|
|
||
| echo "Install pre-requisiste...." | ||
| # make e2e-install-prerequisites | ||
|
|
||
| make e2e-bootstrap e2e-helm-deploy e2e-gcp | ||
|
|
||
|
|
||
| } | ||
|
|
||
| main | ||