Merge pull request aws-controllers-k8s#721 from nmvk/tokene2e

ElastiCache Auth Token Test
jaypipes · Mar 19, 2021 · ff951d9 · ff951d9
2 parents 4ac0fd0 + 577bd69
commit ff951d9
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 2 deletions.
diff --git a/test/e2e/common/k8s.py b/test/e2e/common/k8s.py
@@ -15,7 +15,7 @@
 """
 
 import logging
-
+import base64
 from time import sleep
 from typing import Dict, Optional, Union
 from dataclasses import dataclass
@@ -197,6 +197,42 @@ def get_resource_arn(resource: object) -> Union[None, str]:
     return None
 
 
+def create_opaque_secret(namespace: str,
+                         name: str,
+                         key: str,
+                         value: str):
+    """
+    Create new k8 Opaque Secret.
+
+    :param namespace: Namespace of the secret.
+    :param name: Name of the secret
+    :param key: Key of the secret
+    :param value: Value of the secret
+    :return: None
+    """
+    _api_client = _get_k8s_api_client()
+    body = client.V1Secret()
+    body.api_version = 'v1'
+    body.data = {key:base64.b64encode(value.encode('ascii')).decode('utf-8')}
+    body.kind = 'Secret'
+    body.metadata = {'name': name}
+    body.type = 'Opaque'
+    body = _api_client.sanitize_for_serialization(body)
+    client.CoreV1Api(_api_client).create_namespaced_secret(namespace,body)
+
+
+def delete_secret(namespace: str,
+                  name: str):
+    """
+    Delete an existing k8 secret.
+
+    :param namespace: Namespace of the secret.
+    :param name: Name of the secret
+    :return: None
+    """
+    _api_client = _get_k8s_api_client()
+    client.CoreV1Api(_api_client).delete_namespaced_secret(name, namespace)
+
 def wait_on_condition(reference: CustomResourceReference,
                       condition_name: str,
                       desired_condition_status: str,

diff --git a/test/e2e/elasticache/resources/replicationgroup_authtoken.yaml b/test/e2e/elasticache/resources/replicationgroup_authtoken.yaml
@@ -0,0 +1,17 @@
+apiVersion: elasticache.services.k8s.aws/v1alpha1
+kind: ReplicationGroup
+metadata:
+  name: $RG_ID
+spec:
+    engine: redis
+    replicationGroupID: $RG_ID
+    replicationGroupDescription: Auth token test
+    cacheNodeType: cache.t3.micro
+    numNodeGroups: 1
+    replicasPerNodeGroup: 0
+    transitEncryptionEnabled: true
+    cacheSubnetGroupName: default
+    authToken:
+      namespace: default
+      name: $NAME
+      key: $KEY
diff --git a/test/e2e/elasticache/tests/test_replicationgroup.py b/test/e2e/elasticache/tests/test_replicationgroup.py
@@ -80,6 +80,32 @@ def rg_input_coverage(bootstrap_resources, make_rg_name, make_replication_group,
     sleep(DEFAULT_WAIT_SECS)
     rg_deletion_waiter.wait(ReplicationGroupId=input_dict["RG_ID"]) #throws exception if wait fails
 
+@pytest.fixture(scope="module")
+def first_secret():
+    k8s.create_opaque_secret("default", "first", "secret1", "securetoken123456")
+    yield
+    k8s.delete_secret("default", "first")
+
+@pytest.fixture(scope="module")
+def second_secret():
+    k8s.create_opaque_secret("default", "second", "secret2", "newsecuretoken123456")
+    yield
+    k8s.delete_secret("default", "second")
+
+
+@pytest.fixture(scope="module")
+def rg_auth_token(make_rg_name, make_replication_group, rg_deletion_waiter, first_secret, second_secret):
+    input_dict = {
+        "RG_ID": make_rg_name("rg-auth-token"),
+        "NAME": "first",
+        "KEY": "secret1"
+    }
+    (reference, resource) = make_replication_group("replicationgroup_authtoken", input_dict, input_dict["RG_ID"])
+    yield (reference, resource)
+    k8s.delete_custom_resource(reference)
+    sleep(DEFAULT_WAIT_SECS)
+    rg_deletion_waiter.wait(ReplicationGroupId=input_dict["RG_ID"]) #throws exception if wait fails
+
 @pytest.fixture(scope="module")
 def rg_cmd_fromsnapshot(bootstrap_resources, make_rg_name, make_replication_group, rg_deletion_waiter):
     input_dict = {
@@ -105,4 +131,20 @@ def test_rg_input_coverage(self, rg_input_coverage):
 
     def test_rg_cmd_fromsnapshot(self, rg_cmd_fromsnapshot):
         (reference, _) = rg_cmd_fromsnapshot
-        assert k8s.wait_on_condition(reference, "ACK.ResourceSynced", "True", wait_periods=30)
+        assert k8s.wait_on_condition(reference, "ACK.ResourceSynced", "True", wait_periods=30)
+
+    def test_rg_auth_token(self, rg_auth_token):
+        (reference, _) = rg_auth_token
+        assert k8s.wait_on_condition(reference, "ACK.ResourceSynced", "True", wait_periods=30)
+
+        update_dict = {
+            "RG_ID": reference.name,
+            "NAME": "second",
+            "KEY": "secret2"
+        }
+
+        updated_spec = load_resource_file(
+            SERVICE_NAME, "replicationgroup_authtoken", additional_replacements=update_dict)
+
+        k8s.patch_custom_resource(reference, updated_spec)
+        assert k8s.wait_on_condition(reference, "ACK.ResourceSynced", "True", wait_periods=30)