-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathaws-iam-spec.yml
101 lines (78 loc) · 2.55 KB
/
aws-iam-spec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
meta:
name: Verify CK with AWS IAM
description: |
Verifies that CK with AWS IAM passes integration tests
mkdocs:
destination:
- "validations/ck/aws-iam.md"
matrix:
snap_version:
- 1.18/edge
- 1.17/edge
series:
- focal
- bionic
channel:
- edge
arch:
- amd64
concurrent: no
plan:
env:
- JUJU_DEPLOY_BUNDLE=cs:~containers/charmed-kubernetes
- JUJU_DEPLOY_CHANNEL=$CHANNEL
- JUJU_CLOUD=aws/us-east-2
- JUJU_CONTROLLER=validate-ck-aws-iam
- JUJU_MODEL=validate-aws-iam
pre-execute: |
#!/bin/bash
. $WORKSPACE/cilib.sh
setup_env
juju bootstrap $JUJU_CLOUD $JUJU_CONTROLLER \
-d $JUJU_MODEL \
--bootstrap-series $SERIES \
--force \
--bootstrap-constraints arch=$ARCH \
--model-default test-mode=true \
--model-default resource-tags=owner=k8sci \
--model-default image-stream=daily
tee overlay.yaml <<EOF> /dev/null
series: $SERIES
applications:
kubernetes-master:
options:
channel: $SNAP_VERSION
kubernetes-worker:
options:
channel: $SNAP_VERSION
EOF
juju deploy -m $JUJU_CONTROLLER:$JUJU_MODEL \
--overlay overlay.yaml \
--force \
--channel $JUJU_DEPLOY_CHANNEL $JUJU_DEPLOY_BUNDLE
timeout 45m juju-wait -e $JUJU_CONTROLLER:$JUJU_MODEL -w
execute: |
#!/bin/bash
set -eu
. $WORKSPACE/cilib.sh
inject_env
aws iam delete-role --role-name KubernetesAdmin || true
# get your account ID
# ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')
# define a role trust policy that opens the role to users in your account (limited by IAM policy)
# POLICY=$(echo -n '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::'; echo -n "$ACCOUNT_ID"; echo -n ':root"},"Action":"sts:AssumeRole","Condition":{}}]}')
# create a role named KubernetesAdmin (will print the new role's ARN)
# export TEST_ARN=$(aws iam create-role --role-name KubernetesAdmin --description "Kubernetes administrator role (for AWS IAM Authenticator for Kubernetes)." --assume-role-policy-document "$POLICY" --output text --query 'Role.Arn')
pytest \
$INTEGRATION_TEST_PATH/test_aws_iam.py \
--cloud $JUJU_CLOUD \
--model $JUJU_MODEL \
--controller $JUJU_CONTROLLER
post-execute: |
#!/bin/bash
set -eu
. $WORKSPACE/cilib.sh
inject_env
aws iam delete-role --role-name KubernetesAdmin || true
collect_env
teardown_env