fluxcd · 2opremio · Nov 8, 2019 · Nov 6, 2019 · Nov 6, 2019 · Nov 6, 2019
diff --git a/test/e2e/12_sync.bats b/test/e2e/12_sync.bats
@@ -5,27 +5,23 @@ load lib/install
 load lib/poll
 load lib/defer
 
-git_port_forward_pid=""
 clone_dir=""
 
 function setup() {
   kubectl create namespace "$FLUX_NAMESPACE"
   # Install flux and the git server, allowing external access
-  install_git_srv flux-git-deploy git_srv_result
+  install_git_srv git_srv_result
   # shellcheck disable=SC2154
-  git_ssh_cmd="${git_srv_result[0]}"
-  export GIT_SSH_COMMAND="$git_ssh_cmd"
-  # shellcheck disable=SC2154
-  git_port_forward_pid="${git_srv_result[1]}"
+  export GIT_SSH_COMMAND="${git_srv_result[0]}"
   # Teardown the created port-forward to gitsrv and restore Git settings.
-  defer kill "$git_port_forward_pid"
+  defer kill "${git_srv_result[1]}"
 
   install_flux_with_fluxctl
 
-  # Clone the repo and
+  # Clone the repo
   clone_dir="$(mktemp -d)"
+  defer rm -rf "'$clone_dir'"
   git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir"
-  defer rm -rf "$clone_dir"
   # shellcheck disable=SC2164
   cd "$clone_dir"
 }
@@ -74,7 +70,7 @@ function setup() {
   git -c '[email protected]' -c 'user.name=Foo' commit -am "Bump podinfo and duplicate it to cause an error"
   git push
   # Wait until we find the duplicate failure in the logs
-  poll_until_true "duplicate resource in Flux logs" "kubectl logs -n $FLUX_NAMESPACE -l name=flux | grep -q \"duplicate definition of 'demo:deployment/podinfo'\""
+  poll_until_true "duplicate resource in Flux logs" "kubectl logs -n $FLUX_NAMESPACE deploy/flux | grep -q \"duplicate definition of 'demo:deployment/podinfo'\""
   # Make sure that the version of podinfo wasn't bumped
   local podinfo_image_now
   podinfo_image_now=$(kubectl get pod -n demo -l app=podinfo -o"jsonpath={['items'][0]['spec']['containers'][0]['image']}")

diff --git a/test/e2e/13_sync_gc.bats b/test/e2e/13_sync_gc.bats
@@ -5,18 +5,14 @@ load lib/install
 load lib/poll
 load lib/defer
 
-git_port_forward_pid=""
-
 function setup() {
   kubectl create namespace "$FLUX_NAMESPACE"
   # Install flux and the git server, allowing external access
-  install_git_srv flux-git-deploy git_srv_result
-  # shellcheck disable=SC2154
-  git_ssh_cmd="${git_srv_result[0]}"
-  export GIT_SSH_COMMAND="$git_ssh_cmd"
+  install_git_srv git_srv_result
   # shellcheck disable=SC2154
-  git_port_forward_pid="${git_srv_result[1]}"
-  defer kill "$git_port_forward_pid"
+  export GIT_SSH_COMMAND="${git_srv_result[0]}"
+  # Teardown the created port-forward to gitsrv.
+  defer kill "${git_srv_result[1]}"
   install_flux_with_fluxctl "13_sync_gc"
 }
 
@@ -30,7 +26,7 @@ function setup() {
   # Clone the repo and check the sync tag
   local clone_dir
   clone_dir="$(mktemp -d)"
-  defer rm -rf "$clone_dir"
+  defer rm -rf "'$clone_dir'"
   git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir"
   cd "$clone_dir"
   local sync_tag_hash

diff --git a/test/e2e/20_commit_signing.bats b/test/e2e/20_commit_signing.bats
@@ -6,31 +6,32 @@ load lib/gpg
 load lib/install
 load lib/poll
 
-tmp_gnupghome=""
-git_port_forward_pid=""
-
 function setup() {
   kubectl create namespace "${FLUX_NAMESPACE}" &> /dev/null
 
   # Install the git server, allowing external access
-  install_git_srv flux-git-deploy git_srv_result
-  # shellcheck disable=SC2154
-  git_ssh_cmd="${git_srv_result[0]}"
-  export GIT_SSH_COMMAND="$git_ssh_cmd"
+  install_git_srv git_srv_result
   # shellcheck disable=SC2154
-  git_port_forward_pid="${git_srv_result[1]}"
+  export GIT_SSH_COMMAND="${git_srv_result[0]}"
   # Teardown the created port-forward to gitsrv.
-  defer kill "$git_port_forward_pid"
+  defer kill "${git_srv_result[1]}"
 
   # Create a temporary GNUPGHOME
+  local tmp_gnupghome
   tmp_gnupghome=$(mktemp -d)
   export GNUPGHOME="$tmp_gnupghome"
-  defer rm -rf "$tmp_gnupghome"
+  defer rm -rf "'$tmp_gnupghome'"
 
   # Install Flux, with a new GPG key and signing enabled
+  local gpg_key
   gpg_key=$(create_gpg_key)
   create_secret_from_gpg_key "$gpg_key"
-  install_flux_gpg "$gpg_key"
+  local -A template_values
+  # shellcheck disable=SC2034
+  template_values['FLUX_GPG_KEY_ID']="$gpg_key"
+  # shellcheck disable=SC2034
+  template_values['FLUX_GIT_VERIFY_SIGNATURES']="false"
+  install_flux_with_fluxctl '20_gpg/flux' 'template_values'
 }
 
 @test "Git sync tag is signed" {
@@ -41,13 +42,13 @@ function setup() {
   # Clone the repo
   local clone_dir
   clone_dir="$(mktemp -d)"
-  defer rm -rf "$clone_dir"
+  defer rm -rf "'$clone_dir'"
   git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir"
   cd "$clone_dir"
 
   # Test that the tag has been signed, this errors if this isn't the case
   git pull -f --tags
-  git verify-tag --raw flux-sync >&3
+  git verify-tag --raw flux >&3
 }
 
 @test "Git commits are signed" {
@@ -60,7 +61,7 @@ function setup() {
   # Clone the repo
   local clone_dir
   clone_dir="$(mktemp -d)"
-  defer rm -rf "$clone_dir"
+  defer rm -rf "'$clone_dir'"
   git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir"
   cd "$clone_dir"
 
@@ -73,7 +74,7 @@ function teardown() {
   # Kill the agent and remove temporary GNUPGHOME
   gpgconf --kill gpg-agent
   # Uninstall Flux and the global resources it installs.
-  uninstall_flux_gpg
+  uninstall_flux_with_fluxctl
   # Removing the namespace also takes care of removing Flux and gitsrv.
   kubectl delete namespace "$FLUX_NAMESPACE"
   # Only remove the demo workloads after Flux, so that they cannot be recreated.

diff --git a/test/e2e/20_commit_verification.bats b/test/e2e/20_commit_verification.bats
@@ -4,16 +4,14 @@ load lib/env
 load lib/gpg
 load lib/install
 load lib/poll
-
-tmp_gnupghome=""
-git_port_forward_pid=""
-clone_dir=""
+load lib/defer
 
 function setup() {
   kubectl create namespace "${FLUX_NAMESPACE}"
 
   # Create a temporary GNUPGHOME
   tmp_gnupghome=$(mktemp -d)
+  defer rm -rf "'$tmp_gnupghome'"
   export GNUPGHOME="$tmp_gnupghome"
 }
 
@@ -24,28 +22,34 @@ function setup() {
 
   # Install the git server with signed init commit,
   # allowing external access
-  install_git_srv flux-git-deploy git_srv_result true
+  install_git_srv git_srv_result 20_gpg/gitsrv
 
   # Install Flux with the GPG key, and commit verification enabled
-  install_flux_gpg "$gpg_key" true
+  local -A template_values
+  # shellcheck disable=SC2034
+  template_values['FLUX_GPG_KEY_ID']="$gpg_key"
+  # shellcheck disable=SC2034
+  template_values['FLUX_GIT_VERIFY_SIGNATURES']="true"
+  install_flux_with_fluxctl '20_gpg/flux' 'template_values'
 
   # shellcheck disable=SC2154
   git_ssh_cmd="${git_srv_result[0]}"
   export GIT_SSH_COMMAND="$git_ssh_cmd"
 
   # shellcheck disable=SC2030
-  git_port_forward_pid="${git_srv_result[1]}"
+  defer "kill '${git_srv_result[1]}'"
 
   # Test that the resources from https://github.com/fluxcd/flux-get-started are deployed
   poll_until_true 'namespace demo' 'kubectl describe ns/demo'
 
   # Clone the repo
   # shellcheck disable=SC2030
   clone_dir="$(mktemp -d)"
+  defer "rm -rf '$clone_dir'"
   git clone -b master ssh://git@localhost/git-server/repos/cluster.git "$clone_dir"
   cd "$clone_dir"
 
-  local sync_tag="flux-sync"
+  local sync_tag="flux"
   local org_head_hash
   org_head_hash=$(git rev-list -n 1 HEAD)
   sync_tag_hash=$(git rev-list -n 1 "$sync_tag")
@@ -78,13 +82,18 @@ function setup() {
   create_secret_from_gpg_key "$gpg_key"
 
   # Install the git server with _unsigned_ init commit
-  install_git_srv flux-git-deploy "" false
+  install_git_srv
 
   # Install Flux with the GPG key, and commit verification enabled
-  install_flux_gpg "$gpg_key" true
+  local -A template_values
+  # shellcheck disable=SC2034
+  template_values['FLUX_GPG_KEY_ID']="$gpg_key"
+  # shellcheck disable=SC2034
+  template_values['FLUX_GIT_VERIFY_SIGNATURES']="true"
+  install_flux_with_fluxctl '20_gpg/flux' 'template_values'
 
   # Wait for Flux to report that it sees an invalid commit
-  poll_until_true 'invalid GPG signature log' "kubectl logs -n ${FLUX_NAMESPACE} deploy/flux-gpg | grep -e 'found invalid GPG signature for commit'"
+  poll_until_true 'invalid GPG signature log' "kubectl logs -n ${FLUX_NAMESPACE} deploy/flux | grep -q -e 'found invalid GPG signature for commit'"
 
   # Attempt to lock a resource, and confirm it returns an error.
   run fluxctl --k8s-fwd-ns "${FLUX_NAMESPACE}" lock --workload demo:deployment/podinfo
@@ -93,17 +102,12 @@ function setup() {
 }
 
 function teardown() {
-  # shellcheck disable=SC2031
-  rm -rf "$clone_dir"
-  # (Maybe) teardown the created port-forward to gitsrv.
-  # shellcheck disable=SC2031
-  kill "$git_port_forward_pid" || true
-  # Kill the agent and remove temporary GNUPGHOME
+  run_deferred
+  # Kill the agent
   gpgconf --kill gpg-agent
-  rm -rf "$tmp_gnupghome"
   # Although the namespace delete below takes care of removing most Flux
   # elements, the global resources will not be removed without this.
-  uninstall_flux_gpg
+  uninstall_flux_with_fluxctl
   # Removing the namespace also takes care of removing Flux and gitsrv.
   kubectl delete namespace "$FLUX_NAMESPACE"
   # (Maybe) remove the demo namespace

diff --git a/test/e2e/fixtures/gitsrv-gpg.yaml b/test/e2e/fixtures/gitsrv-gpg.yaml
diff --git a/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.json b/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.json
diff --git a/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.yaml b/test/e2e/fixtures/kustom/13_sync_gc/gc_patch.yaml
@@ -0,0 +1,3 @@
+- op: add
+  path: /spec/template/spec/containers/0/args/-
+  value: --sync-garbage-collection
diff --git a/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml b/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml
@@ -1,5 +1,5 @@
 bases:
-- "../base"
+- "../base/flux"
 patchesJson6902:
 ## this patch is for test-specific patches; supply a filename to
 ## install_flux_with_fluxctl and it will use that rather than the
@@ -9,4 +9,4 @@ patchesJson6902:
     version: v1
     kind: Deployment
     name: flux
-  path: gc_patch.json
+  path: gc_patch.yaml
diff --git a/test/e2e/fixtures/kustom/20_gpg/flux/gpg_patch.yaml b/test/e2e/fixtures/kustom/20_gpg/flux/gpg_patch.yaml
@@ -0,0 +1,22 @@
+- op: add
+  path: /spec/template/spec/containers/0/args/-
+  value: --git-verify-signatures=$FLUX_GIT_VERIFY_SIGNATURES
+- op: add
+  path: /spec/template/spec/containers/0/args/-
+  value: --git-signing-key=$FLUX_GPG_KEY_ID
+- op: add
+  path: /spec/template/spec/containers/0/args/-
+  value: --git-gpg-key-import=/root/gpg-import/private
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value:
+    name: gpg-keys
+    mountPath: /root/gpg-import/private
+    readOnly: true
+- op: add
+  path: /spec/template/spec/volumes/-
+  value:
+    name: gpg-keys
+    secret:
+      secretName: flux-gpg-signing-key
+      defaultMode: 0400
diff --git a/test/e2e/fixtures/kustom/20_gpg/flux/kustomization.yaml b/test/e2e/fixtures/kustom/20_gpg/flux/kustomization.yaml
@@ -0,0 +1,9 @@
+bases:
+- "../../base/flux"
+patchesJson6902:
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: flux
+  path: gpg_patch.yaml
diff --git a/test/e2e/fixtures/kustom/20_gpg/gitsrv/gpg_patch.yaml b/test/e2e/fixtures/kustom/20_gpg/gitsrv/gpg_patch.yaml
@@ -0,0 +1,16 @@
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GPG_KEYFILE
+    value: /git-server/gpg/flux.asc
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value:
+    mountPath: /git-server/gpg
+    name: git-gpg-keys
+- op: add
+  path: /spec/template/spec/volumes/-
+  value:
+    name: git-gpg-keys
+    secret:
+      secretName: flux-gpg-signing-key
diff --git a/test/e2e/fixtures/kustom/20_gpg/gitsrv/kustomization.yaml b/test/e2e/fixtures/kustom/20_gpg/gitsrv/kustomization.yaml
@@ -0,0 +1,9 @@
+bases:
+- "../../base/gitsrv"
+patchesJson6902:
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: gitsrv
+  path: gpg_patch.yaml