test: add e2e test setup for GCP provider #1701
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
|
Hi @dargudear-google. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
size/S
|
@dargudear-google: Cannot trigger testing until a trusted user reviews the PR and leaves an In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
dargudear-google
force-pushed
the
provider-gcp-test
branch
from
9b14c0b to
942f7d0
Compare
k8s-ci-robot
added
size/S
dargudear-google
force-pushed
the
provider-gcp-test
branch
from
1478bfc to
dc753fd
Compare
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
|
/test pull-secrets-store-csi-driver-e2e-gcp |
2 similar comments
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
k8s-ci-robot
added
size/M
|
/test pull-secrets-store-csi-driver-e2e-gcp |
4 similar comments
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
1 similar comment
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
2 similar comments
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
k8s-ci-robot
added
size/L
dargudear-google
force-pushed
the
provider-gcp-test
branch
from
39d590f to
3145ff1
Compare
k8s-ci-robot
added
needs-rebase
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: dargudear-google The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
4 similar comments
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
dargudear-google
force-pushed
the
provider-gcp-test
branch
3 times, most recently
from
a9f26b6 to
ff90da3
Compare
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
dargudear-google
force-pushed
the
provider-gcp-test
branch
from
84528da to
42e7efe
Compare
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
@dargudear-google: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/test pull-secrets-store-csi-driver-e2e-gcp |
|
/retitle test: add e2e test setup for GCP provider |
k8s-ci-robot
changed the title
| echo -n "secret-b" | gcloud secrets versions add ${SECRET_ID} --data-file=- | ||
|
|
||
| # wait for secret rotation | ||
| sleep 120 |
There was a problem hiding this comment.
How long does it take for rotation to take effect in secret manager? Could you add a comment here?
| @@ -0,0 +1,97 @@ | |||
| #!/usr/bin/env bash | |||
|
|
|||
| # Copyright 2024 The Kubernetes Authors. | |||
There was a problem hiding this comment.
| # Copyright 2024 The Kubernetes Authors. | |
| # Copyright 2025 The Kubernetes Authors. |
| main() { | ||
| echo "starting the secret store csi driver test for gcp provider" | ||
|
|
||
| #install boskosctl |
There was a problem hiding this comment.
| #install boskosctl | |
| # install boskosctl |
| echo "testing boskosctl" | ||
| boskosctl --help | ||
|
|
||
| # Aquire a project from boskos pool, test will use secret created on this aquired project |
There was a problem hiding this comment.
| # Aquire a project from boskos pool, test will use secret created on this aquired project | |
| # Acquire a project from boskos pool, test will use secret created on this acquired project |
| RESOURCE_NAME=$(echo "$BOSKOS_RESOURCE" | jq -r ".name") | ||
| export RESOURCE_NAME | ||
| GCP_PROJECT=$(echo "$BOSKOS_RESOURCE" | jq -r ".name") | ||
| export GCP_PROJECT |
There was a problem hiding this comment.
The RESOURCE_NAME and GCP_PROJECT are the same. Could we just use a single var instead or does this need to be 2 different ones for clarity?
| echo "Using project ${GCP_PROJECT}" | ||
| gcloud config set project "${GCP_PROJECT}" | ||
|
|
||
| # create a secret in the aquired project |
There was a problem hiding this comment.
| # create a secret in the aquired project | |
| # create a secret in the acquired project |
| --role=roles/secretmanager.secretAccessor \ | ||
| --member=principalSet://iam.googleapis.com/projects/773781448124/locations/global/workloadIdentityPools/k8s-infra-prow-build.svc.id.goog/namespace/test-pods | ||
|
|
||
| # wait for permissions to propogate |
There was a problem hiding this comment.
| # wait for permissions to propogate | |
| # wait for permissions to propagate |
What type of PR is this?
/kind failing-test
What this PR does / why we need it: Runs e2e test for driver with gcp provider
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when the PR gets merged):Fixes #1583
Special notes for your reviewer:
Earlier gcp tests were using hardcoded static secrets from google owned project. Now this PR uses secrets freshly created on boskos project.
TODOs: