Skip to content

Commit

Permalink
Utilise quay.io/infinispan-test/kindest-node:v1.24.15 in testsuite
Browse files Browse the repository at this point in the history 
Co-authored-by: Ryan Emerson <[email protected]>
Co-authored-by: Pavel Drobek <[email protected]>
  • Loading branch information
@ryanemerson @Crumby
ryanemerson and Crumby authored Nov 2, 2023
1 parent c9391b6 commit 1f219f5
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 47 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/upgrade_tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ env:
CONFIG_LISTENER_IMAGE: localhost:5001/infinispan-operator
KUBECONFIG: ${{ github.workspace }}/kind-kube-config.yaml
TESTING_LOG_DIR: ${{ github.workspace }}/test/reports
KINDEST_NODE_VERSION: v1.24.7
KINDEST_NODE_VERSION: v1.24.15

jobs:
build:
Expand Down
37 changes: 0 additions & 37 deletions pkg/kubernetes/controllerutil.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,43 +47,6 @@ func LookupResource(name, namespace string, resource, caller client.Object, clie
return nil, nil
}

func LookupServiceAccountTokenSecret(name, namespace string, client client.Client, ctx context.Context) (*corev1.Secret, error) {
serviceAccount := &corev1.ServiceAccount{}
if err := client.Get(ctx, types.NamespacedName{Namespace: namespace, Name: name}, serviceAccount); err != nil {
return nil, err
}
for _, secretReference := range serviceAccount.Secrets {
secret := &corev1.Secret{}
if err := client.Get(ctx, types.NamespacedName{Namespace: namespace, Name: secretReference.Name}, secret); err != nil {
continue
}
if isServiceAccountToken(secret, serviceAccount) {
return secret, nil
}
}
return nil, fmt.Errorf("could not find a service account token secret for service account %q", serviceAccount.Name)
}

// isServiceAccountToken returns true if the secret is a valid api token for the service account
func isServiceAccountToken(secret *corev1.Secret, sa *corev1.ServiceAccount) bool {
if secret.Type != corev1.SecretTypeServiceAccountToken {
return false
}

name := secret.Annotations[corev1.ServiceAccountNameKey]
uid := secret.Annotations[corev1.ServiceAccountUIDKey]
if name != sa.Name {
// Name must match
return false
}
if len(uid) > 0 && uid != string(sa.UID) {
// If UID is specified, it must match
return false
}

return true
}

func IsControlledByGVK(refs []metav1.OwnerReference, gvk schema.GroupVersionKind) bool {
for _, ref := range refs {
if ref.Controller != nil && *ref.Controller && ref.APIVersion == gvk.GroupVersion().String() && ref.Kind == gvk.Kind {
Expand Down
2 changes: 1 addition & 1 deletion scripts/ci/configure-xsite.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ METALLB_VERSION=v0.9.6
TESTING_NAMESPACE=${TESTING_NAMESPACE-namespace-for-testing}
KIND_SUBNET=${KIND_SUBNET-172.172.0.0}
SERVER_IMAGE=${SERVER_IMAGE:-'quay.io/infinispan/server:14.0'}
KINDEST_NODE_VERSION=${KINDEST_NODE_VERSION:-'v1.22.17'}
KINDEST_NODE_VERSION=${KINDEST_NODE_VERSION:-'v1.24.15'}

# Cleanup any existing clusters
kind delete clusters --all
Expand Down
2 changes: 1 addition & 1 deletion scripts/ci/kind.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
set -o errexit

SERVER_TAGS=${SERVER_TAGS:-'13.0.10.Final 14.0.1.Final 14.0.6.Final 14.0.9.Final 14.0.13.Final 14.0.17.Final 14.0.19.Final 14.0'}
KINDEST_NODE_VERSION=${KINDEST_NODE_VERSION:-'v1.22.17'}
KINDEST_NODE_VERSION=${KINDEST_NODE_VERSION:-'v1.24.15'}
KIND_SUBNET=${KIND_SUBNET-172.172.0.0}

docker network create kind --subnet "${KIND_SUBNET}/16" || true
Expand Down
29 changes: 22 additions & 7 deletions test/e2e/xsite/xsite_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,12 @@ import (
tutils "github.com/infinispan/infinispan-operator/test/e2e/utils"
routev1 "github.com/openshift/api/route/v1"
"github.com/stretchr/testify/assert"
authenticationv1 "k8s.io/api/authentication/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/types"
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/clientcmd/api"
"k8s.io/utils/pointer"
Expand Down Expand Up @@ -460,16 +462,13 @@ func testCrossSiteView(t *testing.T, isMultiCluster bool, schemeType ispnv1.Cros
defer tesKubes["xsite1"].kube.DeleteSecret(crossSiteCertificateSecret("xsite2", tesKubes["xsite1"].namespace, clientConfig, tesKubes["xsite2"].context))
defer tesKubes["xsite2"].kube.DeleteSecret(crossSiteCertificateSecret("xsite1", tesKubes["xsite2"].namespace, clientConfig, tesKubes["xsite1"].context))
} else if schemeType == ispnv1.CrossSiteSchemeTypeOpenShift {
serviceAccount := tutils.OperatorSAName
operatorNamespaceSite1 := constants.GetWithDefault(tutils.OperatorNamespace, tesKubes["xsite1"].namespace)
tokenSecretXsite1, err := kube.LookupServiceAccountTokenSecret(serviceAccount, operatorNamespaceSite1, tesKubes["xsite1"].kube.Kubernetes.Client, context.TODO())
tutils.ExpectNoError(err)
operatorNamespaceSite2 := constants.GetWithDefault(tutils.OperatorNamespace, tesKubes["xsite2"].namespace)
tokenSecretXsite2, err := kube.LookupServiceAccountTokenSecret(serviceAccount, operatorNamespaceSite2, tesKubes["xsite2"].kube.Kubernetes.Client, context.TODO())
tutils.ExpectNoError(err)
xsite1Token := getServiceAccountToken(operatorNamespaceSite1, tesKubes["xsite1"].kube)
xsite2Token := getServiceAccountToken(operatorNamespaceSite2, tesKubes["xsite2"].kube)

tesKubes["xsite1"].kube.CreateSecret(crossSiteTokenSecret("xsite2", tesKubes["xsite1"].namespace, tokenSecretXsite2.Data["token"]))
tesKubes["xsite2"].kube.CreateSecret(crossSiteTokenSecret("xsite1", tesKubes["xsite2"].namespace, tokenSecretXsite1.Data["token"]))
tesKubes["xsite1"].kube.CreateSecret(crossSiteTokenSecret("xsite2", tesKubes["xsite1"].namespace, xsite2Token))
tesKubes["xsite2"].kube.CreateSecret(crossSiteTokenSecret("xsite1", tesKubes["xsite2"].namespace, xsite1Token))

defer tesKubes["xsite1"].kube.DeleteSecret(crossSiteTokenSecret("xsite2", tesKubes["xsite1"].namespace, []byte("")))
defer tesKubes["xsite2"].kube.DeleteSecret(crossSiteTokenSecret("xsite1", tesKubes["xsite2"].namespace, []byte("")))
Expand Down Expand Up @@ -647,3 +646,19 @@ func expectHeartBeatConfiguration(t *testing.T, siteKube *crossSiteKubernetes, e
assert.False(t, strings.Contains(data, "heartbeat_timeout"), "TUNNEL hearbeat configuration not expected")
}
}

func getServiceAccountToken(namespace string, k8s *tutils.TestKubernetes) []byte {
response, err := corev1client.New(k8s.Kubernetes.RestClient).
ServiceAccounts(namespace).
CreateToken(
context.TODO(),
tutils.OperatorSAName,
&authenticationv1.TokenRequest{},
metav1.CreateOptions{},
)
tutils.ExpectNoError(err)
if len(response.Status.Token) == 0 {
panic(fmt.Errorf("failed to create token: no token in server response"))
}
return []byte(response.Status.Token)
}

0 comments on commit 1f219f5

Please sign in to comment.