Skip to content

Commit beab13f

Browse files
mattmoormattmoor
authored
Revert "Delete duplicated auto tls test script (#7018)" (#7048)
This reverts commit 058b5a4.
1 parent 26cf13e commit beab13f

File tree

1 file changed

+201
-0
lines changed

1 file changed

+201
-0
lines changed

test/e2e-auto-tls.sh

Lines changed: 201 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,201 @@
1+
#!/usr/bin/env bash
2+
3+
# Copyright 2020 The Knative Authors
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
set -e
18+
19+
source $(dirname $0)/e2e-common.sh
20+
21+
function knative_setup() {
22+
install_knative_serving
23+
}
24+
25+
function setup_auto_tls_env_variables() {
26+
# DNS zone for the testing domain.
27+
export DNS_ZONE="knative-e2e"
28+
# Google Cloud project that hosts the DNS server for the testing domain `kn-e2e.dev`
29+
export CLOUD_DNS_PROJECT="knative-e2e-dns"
30+
# The service account credential file used to access the DNS server.
31+
export CLOUD_DNS_SERVICE_ACCOUNT_KEY_FILE="/etc/test-account/service-account.json"
32+
33+
export CUSTOM_DOMAIN_SUFFIX="$(($RANDOM % 10000)).${E2E_PROJECT_ID}.kn-e2e.dev"
34+
35+
local INGRESS_NAMESPACE=${GATEWAY_NAMESPACE}
36+
if [[ -z "${GATEWAY_NAMESPACE}" ]]; then
37+
INGRESS_NAMESPACE="istio-system"
38+
fi
39+
local INGRESS_SERVICE=${GATEWAY_OVERRIDE}
40+
if [[ -z "${GATEWAY_OVERRIDE}" ]]; then
41+
INGRESS_SERVICE="istio-ingressgateway"
42+
fi
43+
local IP=$(kubectl get svc -n ${INGRESS_NAMESPACE} ${INGRESS_SERVICE} -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
44+
export INGRESS_IP=${IP}
45+
}
46+
47+
function setup_custom_domain() {
48+
echo ">> Configuring custom domain for Auto TLS tests: ${CUSTOM_DOMAIN_SUFFIX}"
49+
cat <<EOF | kubectl apply -f -
50+
apiVersion: v1
51+
kind: ConfigMap
52+
metadata:
53+
name: config-domain
54+
namespace: knative-serving
55+
labels:
56+
serving.knative.dev/release: devel
57+
data:
58+
${CUSTOM_DOMAIN_SUFFIX}: ""
59+
EOF
60+
}
61+
62+
function cleanup_custom_domain() {
63+
kubectl apply -f ./config/config-domain.yaml
64+
}
65+
66+
function turn_on_auto_tls() {
67+
kubectl patch configmap config-network -n knative-serving -p '{"data":{"autoTLS":"Enabled"}}'
68+
}
69+
70+
function turn_off_auto_tls() {
71+
kubectl patch configmap config-network -n knative-serving -p '{"data":{"autoTLS":"Disabled"}}'
72+
}
73+
74+
function setup_auto_tls_common() {
75+
setup_auto_tls_env_variables
76+
77+
setup_custom_domain
78+
79+
turn_on_auto_tls
80+
}
81+
82+
function cleanup_auto_tls_common() {
83+
cleanup_custom_domain
84+
85+
turn_off_auto_tls
86+
kubectl delete kcert --all -n serving-tests
87+
}
88+
89+
function setup_http01_auto_tls() {
90+
# The name of the test.
91+
export AUTO_TLS_TEST_NAME="HTTP01"
92+
# The name of the Knative Service deployed in Auto TLS E2E test.
93+
export TLS_SERVICE_NAME="http01"
94+
# The full host name of the Knative Service. This is used to configure the DNS record.
95+
export FULL_HOST_NAME="${TLS_SERVICE_NAME}.serving-tests.${CUSTOM_DOMAIN_SUFFIX}"
96+
97+
kubectl delete kcert --all -n serving-tests
98+
99+
kubectl apply -f test/config/autotls/certmanager/http01/
100+
setup_dns_record
101+
}
102+
103+
function setup_selfsigned_per_ksvc_auto_tls() {
104+
# The name of the test.
105+
export AUTO_TLS_TEST_NAME="SelfSignedPerKsvc"
106+
# The name of the Knative Service deployed in Auto TLS E2E test.
107+
export TLS_SERVICE_NAME="self-per-ksvc"
108+
109+
kubectl delete kcert --all -n serving-tests
110+
kubectl apply -f test/config/autotls/certmanager/selfsigned/
111+
}
112+
113+
function setup_selfsigned_per_namespace_auto_tls() {
114+
# The name of the test.
115+
export AUTO_TLS_TEST_NAME="SelfSignedPerNamespace"
116+
# The name of the Knative Service deployed in Auto TLS E2E test.
117+
export TLS_SERVICE_NAME="self-per-namespace"
118+
119+
kubectl delete kcert --all -n serving-tests
120+
121+
# Enable namespace certificate only for serving-tests namespaces
122+
export NAMESPACE_WITH_CERT="serving-tests"
123+
go run ./test/e2e/autotls/config/disablenscert
124+
125+
kubectl apply -f test/config/autotls/certmanager/selfsigned/
126+
127+
# SERVING_NSCERT_YAML is set in build_knative_from_source function
128+
# when building knative.
129+
echo "Intall namespace cert controller: ${SERVING_NSCERT_YAML}"
130+
if [[ -z "${SERVING_NSCERT_YAML}" ]]; then
131+
echo "Error: variable SERVING_NSCERT_YAML is not set."
132+
exit 1
133+
fi
134+
kubectl apply -f ${SERVING_NSCERT_YAML}
135+
}
136+
137+
function cleanup_per_selfsigned_namespace_auto_tls() {
138+
# Disable namespace cert for all namespaces
139+
unset NAMESPACE_WITH_CERT
140+
go run ./test/e2e/autotls/config/disablenscert
141+
142+
echo "Uninstall namespace cert controller"
143+
kubectl delete -f ${SERVING_NSCERT_YAML} --ignore-not-found=true
144+
145+
kubectl delete kcert --all -n serving-tests
146+
kubectl delete -f ./test/config/autotls/certmanager/selfsigned/ --ignore-not-found=true
147+
}
148+
149+
function setup_dns_record() {
150+
go run ./test/e2e/autotls/config/dnssetup/
151+
}
152+
153+
function delete_dns_record() {
154+
go run ./test/e2e/autotls/config/dnscleanup/
155+
}
156+
157+
# Script entry point.
158+
159+
# Skip installing istio as an add-on
160+
initialize $@ --skip-istio-addon
161+
162+
# Run the tests
163+
header "Running tests"
164+
165+
failed=0
166+
167+
# Auto TLS E2E tests mutate the cluster and must be ran separately
168+
# because they need auto-tls and cert-manager specific configurations
169+
subheader "Setup auto tls"
170+
setup_auto_tls_common
171+
add_trap "cleanup_auto_tls_common" EXIT SIGKILL SIGTERM SIGQUIT
172+
173+
subheader "Auto TLS test for per-ksvc certificate provision using self-signed CA"
174+
setup_selfsigned_per_ksvc_auto_tls
175+
go_test_e2e -timeout=10m \
176+
./test/e2e/autotls/ || failed=1
177+
kubectl delete -f ./test/config/autotls/certmanager/selfsigned/
178+
179+
subheader "Auto TLS test for per-namespace certificate provision using self-signed CA"
180+
setup_selfsigned_per_namespace_auto_tls
181+
add_trap "cleanup_per_selfsigned_namespace_auto_tls" SIGKILL SIGTERM SIGQUIT
182+
go_test_e2e -timeout=10m \
183+
./test/e2e/autotls/ || failed=1
184+
cleanup_per_selfsigned_namespace_auto_tls
185+
186+
subheader "Auto TLS test for per-ksvc certificate provision using HTTP01 challenge"
187+
setup_http01_auto_tls
188+
add_trap "delete_dns_record" SIGKILL SIGTERM SIGQUIT
189+
go_test_e2e -timeout=10m \
190+
./test/e2e/autotls/ || failed=1
191+
kubectl delete -f ./test/config/autotls/certmanager/http01/
192+
delete_dns_record
193+
194+
subheader "Cleanup auto tls"
195+
cleanup_auto_tls_common
196+
197+
# Dump cluster state in case of failure
198+
(( failed )) && dump_cluster_state
199+
(( failed )) && fail_test
200+
201+
success

0 commit comments

Comments
 (0)