From 2acdac8e1b77715193de279e84ee30770742c659 Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Wed, 6 Nov 2019 15:45:06 +0100 Subject: [PATCH 01/12] Remove unnecessary global variables Also, declare variables as local when necessary --- test/e2e/12_sync.bats | 12 ++++-------- test/e2e/13_sync_gc.bats | 10 +++------- test/e2e/20_commit_signing.bats | 12 ++++-------- 3 files changed, 11 insertions(+), 23 deletions(-) diff --git a/test/e2e/12_sync.bats b/test/e2e/12_sync.bats index dab85c757..276b66189 100644 --- a/test/e2e/12_sync.bats +++ b/test/e2e/12_sync.bats @@ -5,7 +5,6 @@ load lib/install load lib/poll load lib/defer -git_port_forward_pid="" clone_dir="" function setup() { @@ -13,19 +12,16 @@ function setup() { # Install flux and the git server, allowing external access install_git_srv flux-git-deploy git_srv_result # shellcheck disable=SC2154 - git_ssh_cmd="${git_srv_result[0]}" - export GIT_SSH_COMMAND="$git_ssh_cmd" - # shellcheck disable=SC2154 - git_port_forward_pid="${git_srv_result[1]}" + export GIT_SSH_COMMAND="${git_srv_result[0]}" # Teardown the created port-forward to gitsrv and restore Git settings. - defer kill "$git_port_forward_pid" + defer kill "${git_srv_result[1]}" install_flux_with_fluxctl - # Clone the repo and + # Clone the repo clone_dir="$(mktemp -d)" - git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" defer rm -rf "$clone_dir" + git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" # shellcheck disable=SC2164 cd "$clone_dir" } diff --git a/test/e2e/13_sync_gc.bats b/test/e2e/13_sync_gc.bats index 961551127..fd98232ca 100644 --- a/test/e2e/13_sync_gc.bats +++ b/test/e2e/13_sync_gc.bats @@ -5,18 +5,14 @@ load lib/install load lib/poll load lib/defer -git_port_forward_pid="" - function setup() { kubectl create namespace "$FLUX_NAMESPACE" # Install flux and the git server, allowing external access install_git_srv flux-git-deploy git_srv_result # shellcheck disable=SC2154 - git_ssh_cmd="${git_srv_result[0]}" - export GIT_SSH_COMMAND="$git_ssh_cmd" - # shellcheck disable=SC2154 - git_port_forward_pid="${git_srv_result[1]}" - defer kill "$git_port_forward_pid" + export GIT_SSH_COMMAND="${git_srv_result[0]}" + # Teardown the created port-forward to gitsrv. + defer kill "${git_srv_result[1]}" install_flux_with_fluxctl "13_sync_gc" } diff --git a/test/e2e/20_commit_signing.bats b/test/e2e/20_commit_signing.bats index 7268940d6..cebbf1906 100644 --- a/test/e2e/20_commit_signing.bats +++ b/test/e2e/20_commit_signing.bats @@ -6,28 +6,24 @@ load lib/gpg load lib/install load lib/poll -tmp_gnupghome="" -git_port_forward_pid="" - function setup() { kubectl create namespace "${FLUX_NAMESPACE}" &> /dev/null # Install the git server, allowing external access install_git_srv flux-git-deploy git_srv_result # shellcheck disable=SC2154 - git_ssh_cmd="${git_srv_result[0]}" - export GIT_SSH_COMMAND="$git_ssh_cmd" - # shellcheck disable=SC2154 - git_port_forward_pid="${git_srv_result[1]}" + export GIT_SSH_COMMAND="${git_srv_result[0]}" # Teardown the created port-forward to gitsrv. - defer kill "$git_port_forward_pid" + defer kill "${git_srv_result[1]}" # Create a temporary GNUPGHOME + local tmp_gnupghome tmp_gnupghome=$(mktemp -d) export GNUPGHOME="$tmp_gnupghome" defer rm -rf "$tmp_gnupghome" # Install Flux, with a new GPG key and signing enabled + local gpg_key gpg_key=$(create_gpg_key) create_secret_from_gpg_key "$gpg_key" install_flux_gpg "$gpg_key" From a2f61b280f00f5867b319c660dbf4208ffea1ae4 Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Wed, 6 Nov 2019 16:41:25 +0100 Subject: [PATCH 02/12] Use yaml to describe kustomize patches --- test/e2e/fixtures/kustom/13_sync_gc/gc_patch.json | 3 --- test/e2e/fixtures/kustom/13_sync_gc/gc_patch.yaml | 3 +++ test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml | 2 +- .../fixtures/kustom/base/{e2e_patch.json => e2e_patch.yaml} | 0 test/e2e/fixtures/kustom/base/kustomization.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) delete mode 100644 test/e2e/fixtures/kustom/13_sync_gc/gc_patch.json create mode 100644 test/e2e/fixtures/kustom/13_sync_gc/gc_patch.yaml rename test/e2e/fixtures/kustom/base/{e2e_patch.json => e2e_patch.yaml} (100%) diff --git a/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.json b/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.json deleted file mode 100644 index 8a5b923a4..000000000 --- a/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.json +++ /dev/null @@ -1,3 +0,0 @@ -[ - { "op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--sync-garbage-collection" } -] diff --git a/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.yaml b/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.yaml new file mode 100644 index 000000000..277a5ccc2 --- /dev/null +++ b/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.yaml @@ -0,0 +1,3 @@ +- op: add + path: /spec/template/spec/containers/0/args/- + value: --sync-garbage-collection diff --git a/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml b/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml index fc89e8c81..a24ef5b39 100644 --- a/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml +++ b/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml @@ -9,4 +9,4 @@ patchesJson6902: version: v1 kind: Deployment name: flux - path: gc_patch.json + path: gc_patch.yaml diff --git a/test/e2e/fixtures/kustom/base/e2e_patch.json b/test/e2e/fixtures/kustom/base/e2e_patch.yaml similarity index 100% rename from test/e2e/fixtures/kustom/base/e2e_patch.json rename to test/e2e/fixtures/kustom/base/e2e_patch.yaml diff --git a/test/e2e/fixtures/kustom/base/kustomization.yaml b/test/e2e/fixtures/kustom/base/kustomization.yaml index 129155952..fc1e1c4b3 100644 --- a/test/e2e/fixtures/kustom/base/kustomization.yaml +++ b/test/e2e/fixtures/kustom/base/kustomization.yaml @@ -12,4 +12,4 @@ patchesJson6902: version: v1 kind: Deployment name: flux - path: e2e_patch.json + path: e2e_patch.yaml From 33f5120a327c40b9c95db296ad6c10436229958d Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Wed, 6 Nov 2019 16:51:40 +0100 Subject: [PATCH 03/12] Simplify kustomize directory removal --- test/e2e/lib/install.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/lib/install.bash b/test/e2e/lib/install.bash index 203b59cbe..7351e2e3c 100755 --- a/test/e2e/lib/install.bash +++ b/test/e2e/lib/install.bash @@ -53,7 +53,7 @@ fluxctl_install_cmd="fluxctl install --git-url=ssh://git@gitsrv/git-server/repos function install_flux_with_fluxctl() { local kustomtmp kustomtmp="$(mktemp -d)" - defer "if [ -d \"${kustomtmp}\" ]; then rm -r \"${kustomtmp}\"; fi" + defer "rm -rf \"${kustomtmp}\"" mkdir "${kustomtmp}/base" # This generates the base manifests, which we'll then patch with a kustomization echo ">>> writing base configuration to ${kustomtmp}/base" >&3 From 4214b3daa47c47325132f78df1aeca3c5d281c51 Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Wed, 6 Nov 2019 18:45:50 +0100 Subject: [PATCH 04/12] Use kustomize for installing gitsrv with GPG Also, remove parameterization of secret names (in order to simplify things). We always used the same secret names anyways. --- test/e2e/12_sync.bats | 2 +- test/e2e/13_sync_gc.bats | 2 +- test/e2e/20_commit_signing.bats | 2 +- test/e2e/20_commit_verification.bats | 4 +- test/e2e/fixtures/gitsrv-gpg.yaml | 63 ------------------- .../kustom/13_sync_gc/kustomization.yaml | 2 +- .../kustom/20_gpg/gitsrv/gpg_patch.yaml | 16 +++++ .../kustom/20_gpg/gitsrv/kustomization.yaml | 9 +++ .../kustom/base/{ => flux}/e2e_patch.yaml | 0 .../kustom/base/{ => flux}/kustomization.yaml | 0 .../{ => kustom/base/gitsrv}/gitsrv.yaml | 2 +- .../kustom/base/gitsrv/kustomization.yaml | 2 + test/e2e/lib/install.bash | 36 +++-------- 13 files changed, 43 insertions(+), 97 deletions(-) delete mode 100644 test/e2e/fixtures/gitsrv-gpg.yaml create mode 100644 test/e2e/fixtures/kustom/20_gpg/gitsrv/gpg_patch.yaml create mode 100644 test/e2e/fixtures/kustom/20_gpg/gitsrv/kustomization.yaml rename test/e2e/fixtures/kustom/base/{ => flux}/e2e_patch.yaml (100%) rename test/e2e/fixtures/kustom/base/{ => flux}/kustomization.yaml (100%) rename test/e2e/fixtures/{ => kustom/base/gitsrv}/gitsrv.yaml (96%) create mode 100644 test/e2e/fixtures/kustom/base/gitsrv/kustomization.yaml diff --git a/test/e2e/12_sync.bats b/test/e2e/12_sync.bats index 276b66189..c80edbec3 100644 --- a/test/e2e/12_sync.bats +++ b/test/e2e/12_sync.bats @@ -10,7 +10,7 @@ clone_dir="" function setup() { kubectl create namespace "$FLUX_NAMESPACE" # Install flux and the git server, allowing external access - install_git_srv flux-git-deploy git_srv_result + install_git_srv git_srv_result # shellcheck disable=SC2154 export GIT_SSH_COMMAND="${git_srv_result[0]}" # Teardown the created port-forward to gitsrv and restore Git settings. diff --git a/test/e2e/13_sync_gc.bats b/test/e2e/13_sync_gc.bats index fd98232ca..27167cb92 100644 --- a/test/e2e/13_sync_gc.bats +++ b/test/e2e/13_sync_gc.bats @@ -8,7 +8,7 @@ load lib/defer function setup() { kubectl create namespace "$FLUX_NAMESPACE" # Install flux and the git server, allowing external access - install_git_srv flux-git-deploy git_srv_result + install_git_srv git_srv_result # shellcheck disable=SC2154 export GIT_SSH_COMMAND="${git_srv_result[0]}" # Teardown the created port-forward to gitsrv. diff --git a/test/e2e/20_commit_signing.bats b/test/e2e/20_commit_signing.bats index cebbf1906..a65531583 100644 --- a/test/e2e/20_commit_signing.bats +++ b/test/e2e/20_commit_signing.bats @@ -10,7 +10,7 @@ function setup() { kubectl create namespace "${FLUX_NAMESPACE}" &> /dev/null # Install the git server, allowing external access - install_git_srv flux-git-deploy git_srv_result + install_git_srv git_srv_result # shellcheck disable=SC2154 export GIT_SSH_COMMAND="${git_srv_result[0]}" # Teardown the created port-forward to gitsrv. diff --git a/test/e2e/20_commit_verification.bats b/test/e2e/20_commit_verification.bats index c353c608e..cbbcf6065 100644 --- a/test/e2e/20_commit_verification.bats +++ b/test/e2e/20_commit_verification.bats @@ -24,7 +24,7 @@ function setup() { # Install the git server with signed init commit, # allowing external access - install_git_srv flux-git-deploy git_srv_result true + install_git_srv git_srv_result 20_gpg/gitsrv # Install Flux with the GPG key, and commit verification enabled install_flux_gpg "$gpg_key" true @@ -78,7 +78,7 @@ function setup() { create_secret_from_gpg_key "$gpg_key" # Install the git server with _unsigned_ init commit - install_git_srv flux-git-deploy "" false + install_git_srv # Install Flux with the GPG key, and commit verification enabled install_flux_gpg "$gpg_key" true diff --git a/test/e2e/fixtures/gitsrv-gpg.yaml b/test/e2e/fixtures/gitsrv-gpg.yaml deleted file mode 100644 index aa665a599..000000000 --- a/test/e2e/fixtures/gitsrv-gpg.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - name: gitsrv - name: gitsrv -spec: - replicas: 1 - selector: - matchLabels: - name: gitsrv - template: - metadata: - labels: - name: gitsrv - spec: - containers: - - image: stefanprodan/gitsrv:0.1.3 - name: git - env: - - name: REPO - value: "cluster.git" - - name: TAR_URL - value: "https://github.com/fluxcd/flux-get-started/archive/master.tar.gz" - - name: GPG_KEYFILE - value: /git-server/gpg/flux.asc - ports: - - containerPort: 22 - name: ssh - protocol: TCP - volumeMounts: - - mountPath: /git-server/gpg - name: git-gpg-keys - - mountPath: /git-server/repos - name: git-server-data - - mountPath: /git-server/keys - name: flux-git-deploy - volumes: - - name: flux-git-deploy - secret: - secretName: $GIT_SECRET_NAME - - name: git-server-data - emptyDir: {} - - name: git-gpg-keys - secret: - secretName: $GPG_SECRET_NAME ---- -apiVersion: v1 -kind: Service -metadata: - labels: - name: gitsrv - name: gitsrv -spec: - ports: - - name: ssh - port: 22 - protocol: TCP - targetPort: ssh - selector: - name: gitsrv - type: ClusterIP diff --git a/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml b/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml index a24ef5b39..dc4f1a3d5 100644 --- a/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml +++ b/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml @@ -1,5 +1,5 @@ bases: -- "../base" +- "../base/flux" patchesJson6902: ## this patch is for test-specific patches; supply a filename to ## install_flux_with_fluxctl and it will use that rather than the diff --git a/test/e2e/fixtures/kustom/20_gpg/gitsrv/gpg_patch.yaml b/test/e2e/fixtures/kustom/20_gpg/gitsrv/gpg_patch.yaml new file mode 100644 index 000000000..b161e9645 --- /dev/null +++ b/test/e2e/fixtures/kustom/20_gpg/gitsrv/gpg_patch.yaml @@ -0,0 +1,16 @@ +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: GPG_KEYFILE + value: /git-server/gpg/flux.asc +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + mountPath: /git-server/gpg + name: git-gpg-keys +- op: add + path: /spec/template/spec/volumes/- + value: + name: git-gpg-keys + secret: + secretName: flux-gpg-signing-key diff --git a/test/e2e/fixtures/kustom/20_gpg/gitsrv/kustomization.yaml b/test/e2e/fixtures/kustom/20_gpg/gitsrv/kustomization.yaml new file mode 100644 index 000000000..3383f00d8 --- /dev/null +++ b/test/e2e/fixtures/kustom/20_gpg/gitsrv/kustomization.yaml @@ -0,0 +1,9 @@ +bases: +- "../../base/gitsrv" +patchesJson6902: +- target: + group: apps + version: v1 + kind: Deployment + name: gitsrv + path: gpg_patch.yaml diff --git a/test/e2e/fixtures/kustom/base/e2e_patch.yaml b/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml similarity index 100% rename from test/e2e/fixtures/kustom/base/e2e_patch.yaml rename to test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml diff --git a/test/e2e/fixtures/kustom/base/kustomization.yaml b/test/e2e/fixtures/kustom/base/flux/kustomization.yaml similarity index 100% rename from test/e2e/fixtures/kustom/base/kustomization.yaml rename to test/e2e/fixtures/kustom/base/flux/kustomization.yaml diff --git a/test/e2e/fixtures/gitsrv.yaml b/test/e2e/fixtures/kustom/base/gitsrv/gitsrv.yaml similarity index 96% rename from test/e2e/fixtures/gitsrv.yaml rename to test/e2e/fixtures/kustom/base/gitsrv/gitsrv.yaml index d8730b814..5896b7c4a 100644 --- a/test/e2e/fixtures/gitsrv.yaml +++ b/test/e2e/fixtures/kustom/base/gitsrv/gitsrv.yaml @@ -35,7 +35,7 @@ spec: volumes: - name: flux-git-deploy secret: - secretName: $GIT_SECRET_NAME + secretName: flux-git-deploy - name: git-server-data emptyDir: {} --- diff --git a/test/e2e/fixtures/kustom/base/gitsrv/kustomization.yaml b/test/e2e/fixtures/kustom/base/gitsrv/kustomization.yaml new file mode 100644 index 000000000..5a25aea1f --- /dev/null +++ b/test/e2e/fixtures/kustom/base/gitsrv/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- gitsrv.yaml diff --git a/test/e2e/lib/install.bash b/test/e2e/lib/install.bash index 7351e2e3c..97568b8d8 100755 --- a/test/e2e/lib/install.bash +++ b/test/e2e/lib/install.bash @@ -51,24 +51,18 @@ function uninstall_flux_with_helm() { fluxctl_install_cmd="fluxctl install --git-url=ssh://git@gitsrv/git-server/repos/cluster.git --git-email=foo" function install_flux_with_fluxctl() { + kustomization_dir=${1:-base/flux} local kustomtmp kustomtmp="$(mktemp -d)" defer "rm -rf \"${kustomtmp}\"" - mkdir "${kustomtmp}/base" + mkdir -p "${kustomtmp}/base/flux" # This generates the base manifests, which we'll then patch with a kustomization - echo ">>> writing base configuration to ${kustomtmp}/base" >&3 - $fluxctl_install_cmd --namespace "${FLUX_NAMESPACE}" -o "${kustomtmp}/base/" + echo ">>> writing base configuration to ${kustomtmp}/base/flux" >&3 + $fluxctl_install_cmd --namespace "${FLUX_NAMESPACE}" -o "${kustomtmp}/base/flux" # Everything goes into one directory, but not everything is # necessarily used by the kustomization cp -R "${E2E_DIR}"/fixtures/kustom/* "${kustomtmp}/" - local kustomization - kustomization="base" - if [ -n "$1" ]; then - # use the kustomization given instead; ../base will still be - # there to be used as a base - kustomization="$1" - fi - kubectl apply -k "${kustomtmp}/${kustomization}" >&3 + kubectl apply -k "${kustomtmp}/${kustomization_dir}" >&3 kubectl -n "${FLUX_NAMESPACE}" rollout status -w --timeout=30s deployment/flux # Add the known hosts file manually (it's much easier than editing the manifests to add a volume) local flux_podname @@ -121,33 +115,21 @@ function uninstall_flux_gpg() { } function install_git_srv() { - local git_secret_name=${1:-flux-git-deploy} - local external_access_result_var=${2} - local gpg_enable=${3:-false} - local gpg_secret_name=${4:-flux-gpg-signing-key} + local external_access_result_var=${1} + local kustomization_dir=${2:-base/gitsrv} local gen_dir gen_dir=$(mktemp -d) ssh-keygen -t rsa -N "" -f "$gen_dir/id_rsa" defer rm -rf "$gen_dir" - kubectl create secret generic "$git_secret_name" \ + kubectl create secret generic flux-git-deploy \ --namespace="${FLUX_NAMESPACE}" \ --from-file="${FIXTURES_DIR}/known_hosts" \ --from-file="$gen_dir/id_rsa" \ --from-file=identity="$gen_dir/id_rsa" \ --from-file="$gen_dir/id_rsa.pub" - local template="${E2E_DIR}/fixtures/gitsrv.yaml" - if [ "$gpg_enable" == "true" ]; then - template="${E2E_DIR}/fixtures/gitsrv-gpg.yaml" - fi - - ( - export GIT_SECRET_NAME=$git_secret_name - export GPG_SECRET_NAME=$gpg_secret_name - - envsubst < "$template" | kubectl apply -n "${FLUX_NAMESPACE}" -f - >&3 - ) + kubectl apply -n "${FLUX_NAMESPACE}" -k "${E2E_DIR}/fixtures/kustom/${kustomization_dir}" >&3 # Wait for the git server to be ready kubectl -n "${FLUX_NAMESPACE}" rollout status deployment/gitsrv From a5e8f433a5076ad345ac83c1312017b7bce4c5b8 Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Wed, 6 Nov 2019 19:29:26 +0100 Subject: [PATCH 05/12] Mount known_hosts properly --- test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml | 12 ++++++++++++ .../e2e/fixtures/kustom/base/flux/kustomization.yaml | 2 -- test/e2e/lib/install.bash | 8 +++----- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml b/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml index 0a73a1ebe..e04451575 100644 --- a/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml +++ b/test/e2e/fixtures/kustom/base/flux/e2e_patch.yaml @@ -7,3 +7,15 @@ - op: add path: /spec/template/spec/containers/0/args/- value: --registry-exclude-image=* +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + name: known-hosts + mountPath: /root/.ssh/known_hosts + subPath: known_hosts +- op: add + path: /spec/template/spec/volumes/- + value: + name: known-hosts + configMap: + name: flux-known-hosts diff --git a/test/e2e/fixtures/kustom/base/flux/kustomization.yaml b/test/e2e/fixtures/kustom/base/flux/kustomization.yaml index fc1e1c4b3..dd011f201 100644 --- a/test/e2e/fixtures/kustom/base/flux/kustomization.yaml +++ b/test/e2e/fixtures/kustom/base/flux/kustomization.yaml @@ -5,8 +5,6 @@ resources: - memcache-dep.yaml - memcache-svc.yaml patchesJson6902: -# use a poll interval of 10s (to make tests quicker) and disable -# registry polling (to avoid overloading kind) - target: group: apps version: v1 diff --git a/test/e2e/lib/install.bash b/test/e2e/lib/install.bash index 97568b8d8..a56586730 100755 --- a/test/e2e/lib/install.bash +++ b/test/e2e/lib/install.bash @@ -52,6 +52,7 @@ fluxctl_install_cmd="fluxctl install --git-url=ssh://git@gitsrv/git-server/repos function install_flux_with_fluxctl() { kustomization_dir=${1:-base/flux} + kubectl -n "${FLUX_NAMESPACE}" create configmap flux-known-hosts --from-file="${E2E_DIR}/fixtures/known_hosts" local kustomtmp kustomtmp="$(mktemp -d)" defer "rm -rf \"${kustomtmp}\"" @@ -64,14 +65,11 @@ function install_flux_with_fluxctl() { cp -R "${E2E_DIR}"/fixtures/kustom/* "${kustomtmp}/" kubectl apply -k "${kustomtmp}/${kustomization_dir}" >&3 kubectl -n "${FLUX_NAMESPACE}" rollout status -w --timeout=30s deployment/flux - # Add the known hosts file manually (it's much easier than editing the manifests to add a volume) - local flux_podname - flux_podname=$(kubectl get pod -n "${FLUX_NAMESPACE}" -l name=flux -o jsonpath="{['items'][0].metadata.name}") - kubectl exec -n "${FLUX_NAMESPACE}" "${flux_podname}" -- sh -c "mkdir -p /root/.ssh; echo '${KNOWN_HOSTS}' > /root/.ssh/known_hosts" >&3 } function uninstall_flux_with_fluxctl() { - $fluxctl_install_cmd --namespace "${FLUX_NAMESPACE}" | kubectl delete -f - + kubectl delete -n "${FLUX_NAMESPACE}" configmap flux-known-hosts + $fluxctl_install_cmd -n "${FLUX_NAMESPACE}" | kubectl delete -f - } flux_gpg_helm_template="helm template --name flux-gpg From 6ab0bf246f40e3c72abaefc6d9a37726c01f952f Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Thu, 7 Nov 2019 18:23:42 +0100 Subject: [PATCH 06/12] Install flux with gpg using kustomized --- test/e2e/20_commit_signing.bats | 11 +++-- test/e2e/20_commit_verification.bats | 20 ++++++-- .../kustom/20_gpg/flux/gpg_patch.yaml | 22 +++++++++ .../kustom/20_gpg/flux/kustomization.yaml | 9 ++++ test/e2e/lib/gpg.bash | 3 +- test/e2e/lib/install.bash | 48 +++---------------- test/e2e/lib/template.bash | 18 +++++++ 7 files changed, 80 insertions(+), 51 deletions(-) create mode 100644 test/e2e/fixtures/kustom/20_gpg/flux/gpg_patch.yaml create mode 100644 test/e2e/fixtures/kustom/20_gpg/flux/kustomization.yaml create mode 100644 test/e2e/lib/template.bash diff --git a/test/e2e/20_commit_signing.bats b/test/e2e/20_commit_signing.bats index a65531583..397175f6c 100644 --- a/test/e2e/20_commit_signing.bats +++ b/test/e2e/20_commit_signing.bats @@ -26,7 +26,12 @@ function setup() { local gpg_key gpg_key=$(create_gpg_key) create_secret_from_gpg_key "$gpg_key" - install_flux_gpg "$gpg_key" + local -A template_values + # shellcheck disable=SC2034 + template_values['FLUX_GPG_KEY_ID']="$gpg_key" + # shellcheck disable=SC2034 + template_values['FLUX_GIT_VERIFY_SIGNATURES']="false" + install_flux_with_fluxctl '20_gpg/flux' 'template_values' } @test "Git sync tag is signed" { @@ -43,7 +48,7 @@ function setup() { # Test that the tag has been signed, this errors if this isn't the case git pull -f --tags - git verify-tag --raw flux-sync >&3 + git verify-tag --raw flux >&3 } @test "Git commits are signed" { @@ -69,7 +74,7 @@ function teardown() { # Kill the agent and remove temporary GNUPGHOME gpgconf --kill gpg-agent # Uninstall Flux and the global resources it installs. - uninstall_flux_gpg + uninstall_flux_with_fluxctl # Removing the namespace also takes care of removing Flux and gitsrv. kubectl delete namespace "$FLUX_NAMESPACE" # Only remove the demo workloads after Flux, so that they cannot be recreated. diff --git a/test/e2e/20_commit_verification.bats b/test/e2e/20_commit_verification.bats index cbbcf6065..20491202b 100644 --- a/test/e2e/20_commit_verification.bats +++ b/test/e2e/20_commit_verification.bats @@ -27,7 +27,12 @@ function setup() { install_git_srv git_srv_result 20_gpg/gitsrv # Install Flux with the GPG key, and commit verification enabled - install_flux_gpg "$gpg_key" true + local -A template_values + # shellcheck disable=SC2034 + template_values['FLUX_GPG_KEY_ID']="$gpg_key" + # shellcheck disable=SC2034 + template_values['FLUX_GIT_VERIFY_SIGNATURES']="true" + install_flux_with_fluxctl '20_gpg/flux' 'template_values' # shellcheck disable=SC2154 git_ssh_cmd="${git_srv_result[0]}" @@ -45,7 +50,7 @@ function setup() { git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" cd "$clone_dir" - local sync_tag="flux-sync" + local sync_tag="flux" local org_head_hash org_head_hash=$(git rev-list -n 1 HEAD) sync_tag_hash=$(git rev-list -n 1 "$sync_tag") @@ -81,10 +86,15 @@ function setup() { install_git_srv # Install Flux with the GPG key, and commit verification enabled - install_flux_gpg "$gpg_key" true + local -A template_values + # shellcheck disable=SC2034 + template_values['FLUX_GPG_KEY_ID']="$gpg_key" + # shellcheck disable=SC2034 + template_values['FLUX_GIT_VERIFY_SIGNATURES']="true" + install_flux_with_fluxctl '20_gpg/flux' 'template_values' # Wait for Flux to report that it sees an invalid commit - poll_until_true 'invalid GPG signature log' "kubectl logs -n ${FLUX_NAMESPACE} deploy/flux-gpg | grep -e 'found invalid GPG signature for commit'" + poll_until_true 'invalid GPG signature log' "kubectl logs -n ${FLUX_NAMESPACE} deploy/flux | grep -e 'found invalid GPG signature for commit'" # Attempt to lock a resource, and confirm it returns an error. run fluxctl --k8s-fwd-ns "${FLUX_NAMESPACE}" lock --workload demo:deployment/podinfo @@ -103,7 +113,7 @@ function teardown() { rm -rf "$tmp_gnupghome" # Although the namespace delete below takes care of removing most Flux # elements, the global resources will not be removed without this. - uninstall_flux_gpg + uninstall_flux_with_fluxctl # Removing the namespace also takes care of removing Flux and gitsrv. kubectl delete namespace "$FLUX_NAMESPACE" # (Maybe) remove the demo namespace diff --git a/test/e2e/fixtures/kustom/20_gpg/flux/gpg_patch.yaml b/test/e2e/fixtures/kustom/20_gpg/flux/gpg_patch.yaml new file mode 100644 index 000000000..5fbda0e19 --- /dev/null +++ b/test/e2e/fixtures/kustom/20_gpg/flux/gpg_patch.yaml @@ -0,0 +1,22 @@ +- op: add + path: /spec/template/spec/containers/0/args/- + value: --git-verify-signatures=$FLUX_GIT_VERIFY_SIGNATURES +- op: add + path: /spec/template/spec/containers/0/args/- + value: --git-signing-key=$FLUX_GPG_KEY_ID +- op: add + path: /spec/template/spec/containers/0/args/- + value: --git-gpg-key-import=/root/gpg-import/private +- op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + name: gpg-keys + mountPath: /root/gpg-import/private + readOnly: true +- op: add + path: /spec/template/spec/volumes/- + value: + name: gpg-keys + secret: + secretName: flux-gpg-signing-key + defaultMode: 0400 diff --git a/test/e2e/fixtures/kustom/20_gpg/flux/kustomization.yaml b/test/e2e/fixtures/kustom/20_gpg/flux/kustomization.yaml new file mode 100644 index 000000000..fbba1269c --- /dev/null +++ b/test/e2e/fixtures/kustom/20_gpg/flux/kustomization.yaml @@ -0,0 +1,9 @@ +bases: +- "../../base/flux" +patchesJson6902: +- target: + group: apps + version: v1 + kind: Deployment + name: flux + path: gpg_patch.yaml diff --git a/test/e2e/lib/gpg.bash b/test/e2e/lib/gpg.bash index 599d5c53a..f3df050bc 100644 --- a/test/e2e/lib/gpg.bash +++ b/test/e2e/lib/gpg.bash @@ -35,7 +35,6 @@ EOF function create_secret_from_gpg_key() { local key_id="${1}" - local secret_name="${2:-flux-gpg-signing-key}" if [ -z "$key_id" ]; then echo "no key ID provided" >&2 @@ -45,6 +44,6 @@ function create_secret_from_gpg_key() { # Export key to secret gpg --export-secret-keys "$key_id" | kubectl --namespace "${FLUX_NAMESPACE}" \ - create secret generic "$secret_name" \ + create secret generic flux-gpg-signing-key \ --from-file=flux.asc=/dev/stdin } diff --git a/test/e2e/lib/install.bash b/test/e2e/lib/install.bash index a56586730..836515160 100755 --- a/test/e2e/lib/install.bash +++ b/test/e2e/lib/install.bash @@ -2,6 +2,8 @@ # shellcheck disable=SC1090 source "${E2E_DIR}/lib/defer.bash" +# shellcheck disable=SC1090 +source "${E2E_DIR}/lib/template.bash" function install_tiller() { if ! helm version > /dev/null 2>&1; then # only if helm isn't already installed @@ -52,6 +54,7 @@ fluxctl_install_cmd="fluxctl install --git-url=ssh://git@gitsrv/git-server/repos function install_flux_with_fluxctl() { kustomization_dir=${1:-base/flux} + key_values_varname=${2} kubectl -n "${FLUX_NAMESPACE}" create configmap flux-known-hosts --from-file="${E2E_DIR}/fixtures/known_hosts" local kustomtmp kustomtmp="$(mktemp -d)" @@ -63,53 +66,16 @@ function install_flux_with_fluxctl() { # Everything goes into one directory, but not everything is # necessarily used by the kustomization cp -R "${E2E_DIR}"/fixtures/kustom/* "${kustomtmp}/" + if [ -n "$2" ]; then + fill_in_place_recursively "$key_values_varname" "${kustomtmp}" + fi kubectl apply -k "${kustomtmp}/${kustomization_dir}" >&3 kubectl -n "${FLUX_NAMESPACE}" rollout status -w --timeout=30s deployment/flux } function uninstall_flux_with_fluxctl() { kubectl delete -n "${FLUX_NAMESPACE}" configmap flux-known-hosts - $fluxctl_install_cmd -n "${FLUX_NAMESPACE}" | kubectl delete -f - -} - -flux_gpg_helm_template="helm template --name flux-gpg - --set image.repository=docker.io/fluxcd/flux - --set image.tag=latest - --set git.url=ssh://git@gitsrv/git-server/repos/cluster.git - --set git.secretName=flux-git-deploy - --set git.pollInterval=10s - --set git.config.secretName=gitconfig - --set git.config.enabled=true - --set registry.excludeImage=*" - -function install_flux_gpg() { - local key_id=${1} - local git_verify=${2:-false} - local gpg_secret_name=${3:-flux-gpg-signing-key} - - if [ -z "$key_id" ]; then - echo "no key ID provided" >&2 - exit 1 - fi - - $flux_gpg_helm_template \ - --namespace "${FLUX_NAMESPACE}" \ - --set-string git.config.data="${GITCONFIG}" \ - --set-string ssh.known_hosts="${KNOWN_HOSTS}" \ - --set-string git.signingKey="$key_id" \ - --set-string git.verifySignatures="$git_verify" \ - --set-string gpgKeys.secretName="$gpg_secret_name" \ - "${FLUX_ROOT_DIR}/chart/flux" | - kubectl --namespace "${FLUX_NAMESPACE}" apply -f - >&3 -} - -function uninstall_flux_gpg() { - $flux_gpg_helm_template \ - --namespace "${FLUX_NAMESPACE}" \ - --set-string git.config.data="${GITCONFIG}" \ - --set-string ssh.known_hosts="${KNOWN_HOSTS}" \ - "${FLUX_ROOT_DIR}/chart/flux" | - kubectl --namespace "${FLUX_NAMESPACE}" delete -f - >&3 + $fluxctl_install_cmd --namespace "${FLUX_NAMESPACE}" | kubectl delete -f - } function install_git_srv() { diff --git a/test/e2e/lib/template.bash b/test/e2e/lib/template.bash new file mode 100644 index 000000000..e2ebfffba --- /dev/null +++ b/test/e2e/lib/template.bash @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +function fill_in_place_recursively() { + local -n key_values=$1 # pass an associate array as a nameref + local target_directory=${2:-.} + (# use a subshell to expose key-values as variables for envsubst to use + for key in "${!key_values[@]}"; do + export "$key"="${key_values[$key]}" + done + while IFS= read -r -d '' file; do + # shellcheck disable=SC2094 + { + rm "$file" + envsubst > "$file" + } < "$file" + done < <(find "$target_directory" -type f -print0) + ) +} From 534bef29ea19959ad06a2345e1def98b02425dda Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Thu, 7 Nov 2019 18:30:38 +0100 Subject: [PATCH 07/12] Use 'defer' in commit verification test --- test/e2e/20_commit_verification.bats | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/test/e2e/20_commit_verification.bats b/test/e2e/20_commit_verification.bats index 20491202b..0bffb97a1 100644 --- a/test/e2e/20_commit_verification.bats +++ b/test/e2e/20_commit_verification.bats @@ -4,16 +4,14 @@ load lib/env load lib/gpg load lib/install load lib/poll - -tmp_gnupghome="" -git_port_forward_pid="" -clone_dir="" +load lib/defer function setup() { kubectl create namespace "${FLUX_NAMESPACE}" # Create a temporary GNUPGHOME tmp_gnupghome=$(mktemp -d) + defer "rm -rf '$tmp_gnupghome'" export GNUPGHOME="$tmp_gnupghome" } @@ -39,7 +37,7 @@ function setup() { export GIT_SSH_COMMAND="$git_ssh_cmd" # shellcheck disable=SC2030 - git_port_forward_pid="${git_srv_result[1]}" + defer "kill '${git_srv_result[1]}'" # Test that the resources from https://github.com/fluxcd/flux-get-started are deployed poll_until_true 'namespace demo' 'kubectl describe ns/demo' @@ -47,6 +45,7 @@ function setup() { # Clone the repo # shellcheck disable=SC2030 clone_dir="$(mktemp -d)" + defer "rm -rf '$clone_dir'" git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" cd "$clone_dir" @@ -103,14 +102,9 @@ function setup() { } function teardown() { - # shellcheck disable=SC2031 - rm -rf "$clone_dir" - # (Maybe) teardown the created port-forward to gitsrv. - # shellcheck disable=SC2031 - kill "$git_port_forward_pid" || true - # Kill the agent and remove temporary GNUPGHOME + run_deferred + # Kill the agent gpgconf --kill gpg-agent - rm -rf "$tmp_gnupghome" # Although the namespace delete below takes care of removing most Flux # elements, the global resources will not be removed without this. uninstall_flux_with_fluxctl From ffd898f8d067908f0756eed7e635b663f032d735 Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Thu, 7 Nov 2019 18:31:38 +0100 Subject: [PATCH 08/12] Clean up log grepping tests --- test/e2e/12_sync.bats | 2 +- test/e2e/20_commit_verification.bats | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/e2e/12_sync.bats b/test/e2e/12_sync.bats index c80edbec3..ac49a217d 100644 --- a/test/e2e/12_sync.bats +++ b/test/e2e/12_sync.bats @@ -70,7 +70,7 @@ function setup() { git -c 'user.email=foo@bar.com' -c 'user.name=Foo' commit -am "Bump podinfo and duplicate it to cause an error" git push # Wait until we find the duplicate failure in the logs - poll_until_true "duplicate resource in Flux logs" "kubectl logs -n $FLUX_NAMESPACE -l name=flux | grep -q \"duplicate definition of 'demo:deployment/podinfo'\"" + poll_until_true "duplicate resource in Flux logs" "kubectl logs -n $FLUX_NAMESPACE deploy/flux | grep -q \"duplicate definition of 'demo:deployment/podinfo'\"" # Make sure that the version of podinfo wasn't bumped local podinfo_image_now podinfo_image_now=$(kubectl get pod -n demo -l app=podinfo -o"jsonpath={['items'][0]['spec']['containers'][0]['image']}") diff --git a/test/e2e/20_commit_verification.bats b/test/e2e/20_commit_verification.bats index 0bffb97a1..e938ac2be 100644 --- a/test/e2e/20_commit_verification.bats +++ b/test/e2e/20_commit_verification.bats @@ -93,7 +93,7 @@ function setup() { install_flux_with_fluxctl '20_gpg/flux' 'template_values' # Wait for Flux to report that it sees an invalid commit - poll_until_true 'invalid GPG signature log' "kubectl logs -n ${FLUX_NAMESPACE} deploy/flux | grep -e 'found invalid GPG signature for commit'" + poll_until_true 'invalid GPG signature log' "kubectl logs -n ${FLUX_NAMESPACE} deploy/flux | grep -q -e 'found invalid GPG signature for commit'" # Attempt to lock a resource, and confirm it returns an error. run fluxctl --k8s-fwd-ns "${FLUX_NAMESPACE}" lock --workload demo:deployment/podinfo From 6d793e7e1347d67a067b689f36cdb6aaf045327e Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Thu, 7 Nov 2019 18:47:18 +0100 Subject: [PATCH 09/12] Remove file which shouldn't have been commited --- test/e2e/fixtures/test_patch.yaml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 test/e2e/fixtures/test_patch.yaml diff --git a/test/e2e/fixtures/test_patch.yaml b/test/e2e/fixtures/test_patch.yaml deleted file mode 100644 index fe51488c7..000000000 --- a/test/e2e/fixtures/test_patch.yaml +++ /dev/null @@ -1 +0,0 @@ -[] From df1cde1a9a4889d35be0aec2d0132a9986f3b04a Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Thu, 7 Nov 2019 18:56:22 +0100 Subject: [PATCH 10/12] Call defer uniformly and avoid spacing problems --- test/e2e/12_sync.bats | 2 +- test/e2e/13_sync_gc.bats | 2 +- test/e2e/20_commit_signing.bats | 6 +++--- test/e2e/20_commit_verification.bats | 2 +- test/e2e/lib/install.bash | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/test/e2e/12_sync.bats b/test/e2e/12_sync.bats index ac49a217d..feeb68f0f 100644 --- a/test/e2e/12_sync.bats +++ b/test/e2e/12_sync.bats @@ -20,7 +20,7 @@ function setup() { # Clone the repo clone_dir="$(mktemp -d)" - defer rm -rf "$clone_dir" + defer rm -rf "'$clone_dir'" git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" # shellcheck disable=SC2164 cd "$clone_dir" diff --git a/test/e2e/13_sync_gc.bats b/test/e2e/13_sync_gc.bats index 27167cb92..7faed36a4 100644 --- a/test/e2e/13_sync_gc.bats +++ b/test/e2e/13_sync_gc.bats @@ -26,7 +26,7 @@ function setup() { # Clone the repo and check the sync tag local clone_dir clone_dir="$(mktemp -d)" - defer rm -rf "$clone_dir" + defer rm -rf "'$clone_dir'" git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" cd "$clone_dir" local sync_tag_hash diff --git a/test/e2e/20_commit_signing.bats b/test/e2e/20_commit_signing.bats index 397175f6c..a2f353241 100644 --- a/test/e2e/20_commit_signing.bats +++ b/test/e2e/20_commit_signing.bats @@ -20,7 +20,7 @@ function setup() { local tmp_gnupghome tmp_gnupghome=$(mktemp -d) export GNUPGHOME="$tmp_gnupghome" - defer rm -rf "$tmp_gnupghome" + defer rm -rf "'$tmp_gnupghome'" # Install Flux, with a new GPG key and signing enabled local gpg_key @@ -42,7 +42,7 @@ function setup() { # Clone the repo local clone_dir clone_dir="$(mktemp -d)" - defer rm -rf "$clone_dir" + defer rm -rf "'$clone_dir'" git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" cd "$clone_dir" @@ -61,7 +61,7 @@ function setup() { # Clone the repo local clone_dir clone_dir="$(mktemp -d)" - defer rm -rf "$clone_dir" + defer rm -rf "'$clone_dir'" git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" cd "$clone_dir" diff --git a/test/e2e/20_commit_verification.bats b/test/e2e/20_commit_verification.bats index e938ac2be..f6b1748f5 100644 --- a/test/e2e/20_commit_verification.bats +++ b/test/e2e/20_commit_verification.bats @@ -11,7 +11,7 @@ function setup() { # Create a temporary GNUPGHOME tmp_gnupghome=$(mktemp -d) - defer "rm -rf '$tmp_gnupghome'" + defer rm -rf "'$tmp_gnupghome'" export GNUPGHOME="$tmp_gnupghome" } diff --git a/test/e2e/lib/install.bash b/test/e2e/lib/install.bash index 836515160..a6d4ab6aa 100755 --- a/test/e2e/lib/install.bash +++ b/test/e2e/lib/install.bash @@ -58,7 +58,7 @@ function install_flux_with_fluxctl() { kubectl -n "${FLUX_NAMESPACE}" create configmap flux-known-hosts --from-file="${E2E_DIR}/fixtures/known_hosts" local kustomtmp kustomtmp="$(mktemp -d)" - defer "rm -rf \"${kustomtmp}\"" + defer rm -rf "'${kustomtmp}'" mkdir -p "${kustomtmp}/base/flux" # This generates the base manifests, which we'll then patch with a kustomization echo ">>> writing base configuration to ${kustomtmp}/base/flux" >&3 @@ -85,7 +85,7 @@ function install_git_srv() { gen_dir=$(mktemp -d) ssh-keygen -t rsa -N "" -f "$gen_dir/id_rsa" - defer rm -rf "$gen_dir" + defer rm -rf "'$gen_dir'" kubectl create secret generic flux-git-deploy \ --namespace="${FLUX_NAMESPACE}" \ --from-file="${FIXTURES_DIR}/known_hosts" \ From 6095242e5027c8f8ca933853d79c103b91a4eb0c Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Fri, 8 Nov 2019 13:05:50 +0100 Subject: [PATCH 11/12] Address review comments --- test/e2e/20_commit_verification.bats | 4 ++-- test/e2e/lib/install.bash | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/e2e/20_commit_verification.bats b/test/e2e/20_commit_verification.bats index f6b1748f5..4927b7a00 100644 --- a/test/e2e/20_commit_verification.bats +++ b/test/e2e/20_commit_verification.bats @@ -37,7 +37,7 @@ function setup() { export GIT_SSH_COMMAND="$git_ssh_cmd" # shellcheck disable=SC2030 - defer "kill '${git_srv_result[1]}'" + defer kill "${git_srv_result[1]}" # Test that the resources from https://github.com/fluxcd/flux-get-started are deployed poll_until_true 'namespace demo' 'kubectl describe ns/demo' @@ -45,7 +45,7 @@ function setup() { # Clone the repo # shellcheck disable=SC2030 clone_dir="$(mktemp -d)" - defer "rm -rf '$clone_dir'" + defer rm -rf "'$clone_dir'" git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir" cd "$clone_dir" diff --git a/test/e2e/lib/install.bash b/test/e2e/lib/install.bash index a6d4ab6aa..580103e0e 100755 --- a/test/e2e/lib/install.bash +++ b/test/e2e/lib/install.bash @@ -66,7 +66,7 @@ function install_flux_with_fluxctl() { # Everything goes into one directory, but not everything is # necessarily used by the kustomization cp -R "${E2E_DIR}"/fixtures/kustom/* "${kustomtmp}/" - if [ -n "$2" ]; then + if [ -n "$key_values_varname" ]; then fill_in_place_recursively "$key_values_varname" "${kustomtmp}" fi kubectl apply -k "${kustomtmp}/${kustomization_dir}" >&3 From a2298fa959d6cf7fcfa67ff4b756804624ad95c6 Mon Sep 17 00:00:00 2001 From: Alfonso Acosta Date: Fri, 8 Nov 2019 13:26:54 +0100 Subject: [PATCH 12/12] Improve comments Also, make sure we call uninstall_flux_with_fluxctl in the garbage collection test --- test/e2e/11_fluxctl_install.bats | 3 ++- test/e2e/12_sync.bats | 3 ++- test/e2e/13_sync_gc.bats | 3 +++ test/e2e/lib/template.bash | 4 ++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/test/e2e/11_fluxctl_install.bats b/test/e2e/11_fluxctl_install.bats index 78787f3cf..454f3c87f 100644 --- a/test/e2e/11_fluxctl_install.bats +++ b/test/e2e/11_fluxctl_install.bats @@ -17,7 +17,8 @@ function setup() { } function teardown() { - # Removing Flux also takes care of the global resources it installs. + # Although the namespace delete below takes care of removing most Flux + # elements, the global resources will not be removed without this. uninstall_flux_with_fluxctl # Removing the namespace also takes care of removing Flux and gitsrv. kubectl delete namespace "$FLUX_NAMESPACE" diff --git a/test/e2e/12_sync.bats b/test/e2e/12_sync.bats index feeb68f0f..91bbe9102 100644 --- a/test/e2e/12_sync.bats +++ b/test/e2e/12_sync.bats @@ -83,7 +83,8 @@ function setup() { function teardown() { run_deferred - # Uninstall Flux and the global resources it installs. + # Although the namespace delete below takes care of removing most Flux + # elements, the global resources will not be removed without this. uninstall_flux_with_fluxctl # Removing the namespace also takes care of removing gitsrv. kubectl delete namespace "$FLUX_NAMESPACE" diff --git a/test/e2e/13_sync_gc.bats b/test/e2e/13_sync_gc.bats index 7faed36a4..459b79101 100644 --- a/test/e2e/13_sync_gc.bats +++ b/test/e2e/13_sync_gc.bats @@ -50,6 +50,9 @@ function setup() { function teardown() { run_deferred + # Although the namespace delete below takes care of removing most Flux + # elements, the global resources will not be removed without this. + uninstall_flux_with_fluxctl # Removing the namespace also takes care of removing Flux and gitsrv. kubectl delete namespace "$FLUX_NAMESPACE" # Only remove the demo workloads after Flux, so that they cannot be recreated. diff --git a/test/e2e/lib/template.bash b/test/e2e/lib/template.bash index e2ebfffba..618761e1e 100644 --- a/test/e2e/lib/template.bash +++ b/test/e2e/lib/template.bash @@ -7,7 +7,11 @@ function fill_in_place_recursively() { for key in "${!key_values[@]}"; do export "$key"="${key_values[$key]}" done + # Use find with zero-ended strings and read to avoid problems + # with spaces in paths while IFS= read -r -d '' file; do + # Use a command group to ensure "$file" is not + # deleted before being written to. # shellcheck disable=SC2094 { rm "$file"