PWX-37884 Refactor px serviceaccount token integration test #1615
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: shsun_pure <shsun@purestorage.com>
| err = testutil.ValidateStorageCluster(ci_utils.PxSpecImages, cluster, ci_utils.DefaultValidateDeployTimeout, ci_utils.DefaultValidateDeployRetryInterval, true, "") | ||
| pxSaSecret, err = coreops.Instance().GetSecret(pxutil.PortworxServiceAccountTokenSecretName, cluster.Namespace) | ||
| require.NoError(t, err) | ||
| recreatedToken := string(pxSaSecret.Data[core.ServiceAccountTokenKey]) | ||
| require.NotEqual(t, refreshedToken, recreatedToken, "the token did not get refreshed") | ||
| } |
There was a problem hiding this comment.
I think we should also delete cluster after this test
// Delete and validate the deletion
ci_utils.UninstallAndValidateStorageCluster(cluster, t)
pureneelesh
approved these changes
Jul 26, 2024
pureneelesh
approved these changes
Jul 29, 2024
nikolaypopov
approved these changes
Jul 29, 2024
ssz1997
added a commit
that referenced
this pull request
Jul 29, 2024
* refactor test Signed-off-by: shsun_pure <shsun@purestorage.com> * uninstall cluster and verify token secret deletion * address comments * fix test --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com>
ssz1997
added a commit
that referenced
this pull request
Jul 30, 2024
#1617) * [PWX-37620] Create/Refresh token and secret and mount to oci-mon pod (#1582) * create and refresh token/secret Signed-off-by: shsun_pure <shsun@purestorage.com> * mount self-managed servceaccount secret to oci-mon pod Signed-off-by: shsun_pure <shsun@purestorage.com> * always use the refreshing token for px Signed-off-by: shsun_pure <shsun@purestorage.com> * fix only modify arr copy Signed-off-by: shsun_pure <shsun@purestorage.com> * move token management to basic; fix keep adding secret vol to spec * merge master * fix and add tests; fix token refresh duration unit * update secret mount path * address comments * address more comments * make token refresh interval a parameter * fix token secret expiration data; address comments * fix failed UT from master branch --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com> * PWX-37620 Vendor in latest sched ops (#1571) * vendor in latest sched ops Signed-off-by: shsun_pure <shsun@purestorage.com> * fix generated mock --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com> * fix compile due to manually resolving conflicts * PWX-37982 Use the expiration time returned by k8s api server for px sa token (#1596) * use the expiration time returned by k8s api server Signed-off-by: shsun_pure <shsun@purestorage.com> * add comment for the change --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com> * Fix PX ServiceAccount token audience (#1602) * fix px sa token audience Signed-off-by: shsun_pure <shsun@purestorage.com> * remove token audience Signed-off-by: shsun_pure <shsun@purestorage.com> --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com> * PWX-38064 Update ca.crt in the PX ServiceAccount Secret if updated (#1606) * update ca.crt in the secret if updated Signed-off-by: shsun_pure <shsun@purestorage.com> * address comments * fix test, add setter for ca cert --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com> * PWX-37884 Add portworx serviceaccount token refresh integration test (#1598) * addPxSaTokenIntegrationTest Signed-off-by: shsun_pure <shsun@purestorage.com> * try see if k8s enforce token minimum expiration time * add testrail id * add manually delete secaret scenario test * add test log lines * change token refresh time to 10min * fix test and address comments * use the token to make an k8s api call * address comment * skip pdb validation for certain versions of operator and px --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com> * PWX-37884 Refactor px serviceaccount token integration test (#1615) * refactor test Signed-off-by: shsun_pure <shsun@purestorage.com> * uninstall cluster and verify token secret deletion * address comments * fix test --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com> * fix tests --------- Signed-off-by: shsun_pure <shsun@purestorage.com> Co-authored-by: shsun_pure <shsun@purestorage.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Move token verification, that the token inside px runc container is the same as in the created secret, to storage cluster verification.
Verify that the token is refreshed stays in the integration test.