Uses create and delete for venafi and vault e2e conformance provisioners

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
2019-09-06 10:25:56 +01:00 · 2019-09-06 10:25:56 +01:00 · 91f2b1c051
commit 91f2b1c051
parent 2c131e94db
5 changed files with 69 additions and 64 deletions
--- a/test/e2e/suite/conformance/certificates/acme/acme.go
+++ b/test/e2e/suite/conformance/certificates/acme/acme.go
@ -39,33 +39,18 @@ var _ = framework.ConformanceDescribe("Certificates", func() {
 		certificates.DurationFeature,
 	)

-	provisioner := &acmeIssuerProvisioner{setGroupName: false}
+	provisioner := new(acmeIssuerProvisioner)
 	(&certificates.Suite{
 		Name:                "ACME HTTP01",
 		CreateIssuerFunc:    provisioner.create,
 		DeleteIssuerFunc:    provisioner.delete,
 		UnsupportedFeatures: unsupportedFeatures,
 	}).Define()
-
-	// crProvisioner sets the issuerRef.group field on Certificates it creates
-	crProvisioner := &acmeIssuerProvisioner{setGroupName: true}
-	(&certificates.Suite{
-		Name:                "ACME HTTP01 (CertificateRequest)",
-		CreateIssuerFunc:    crProvisioner.create,
-		DeleteIssuerFunc:    crProvisioner.delete,
-		UnsupportedFeatures: unsupportedFeatures,
-	}).Define()
 })

 type acmeIssuerProvisioner struct {
 	tiller *tiller.Tiller
 	pebble *pebble.Pebble
-	// if setGroupName is true, the 'group name' field on the IssuerRef will be
-	// set the 'cert-manager.io'.
-	// Setting the group name will cause the new 'certificate requests' based
-	// implementation to be used, however this is not implemented for ACME yet
-	// See: https://github.com/jetstack/cert-manager/pull/1943
-	setGroupName bool
 }

 func (a *acmeIssuerProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) {
@ -128,17 +113,8 @@ func (a *acmeIssuerProvisioner) create(f *framework.Framework) cmmeta.ObjectRefe
 	Expect(err).NotTo(HaveOccurred(), "failed to create acme issuer")

 	return cmmeta.ObjectReference{
-		Group: emptyOrString(a.setGroupName, cmapi.SchemeGroupVersion.Group),
+		Group: cmapi.SchemeGroupVersion.Group,
 		Kind:  cmapi.IssuerKind,
 		Name:  issuer.Name,
 	}
 }
-
-// emptyOrString will return the given string 's' if 'set' is true,
-// otherwise it will return the empty string.
-func emptyOrString(set bool, s string) string {
-	if set {
-		return s
-	}
-	return ""
-}
--- a/test/e2e/suite/conformance/certificates/vault/vault.go
+++ b/test/e2e/suite/conformance/certificates/vault/vault.go
@ -26,35 +26,48 @@ import (
 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
 	"github.com/jetstack/cert-manager/test/e2e/framework"
 	"github.com/jetstack/cert-manager/test/e2e/framework/addon/tiller"
-	vaultaddon "github.com/jetstack/cert-manager/test/e2e/framework/addon/vault"
+	vault "github.com/jetstack/cert-manager/test/e2e/framework/addon/vault"
 	"github.com/jetstack/cert-manager/test/e2e/suite/conformance/certificates"
 )

 var _ = framework.ConformanceDescribe("Certificates", func() {
+	provisioner := new(vaultProvisioner)
+
 	(&certificates.Suite{
 		Name:             "Vault",
-		CreateIssuerFunc: createVaultIssuer,
+		CreateIssuerFunc: provisioner.create,
+		DeleteIssuerFunc: provisioner.delete,
 	}).Define()
 })

-func createVaultIssuer(f *framework.Framework) cmapi.ObjectReference {
+type vaultProvisioner struct {
+	tiller *tiller.Tiller
+	vault  *vault.Vault
+}
+
+func (v *vaultProvisioner) delete(f *framework.Framework, ref cmapi.ObjectReference) {
+	Expect(v.vault.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision vault")
+	Expect(v.tiller.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision tiller")
+}
+
+func (v *vaultProvisioner) create(f *framework.Framework) cmapi.ObjectReference {
 	By("Creating a Vault issuer")

-	var (
-		tiller = &tiller.Tiller{
-			Name:               "tiller-deploy",
-			Namespace:          f.Namespace.Name,
-			ClusterPermissions: false,
-		}
-		vault = &vaultaddon.Vault{
-			Tiller:    tiller,
-			Namespace: f.Namespace.Name,
-			Name:      "cm-e2e-create-vault-issuer",
-		}
-	)
+	v.tiller = &tiller.Tiller{
+		Name:               "tiller-deploy",
+		Namespace:          f.Namespace.Name,
+		ClusterPermissions: false,
+	}
+	Expect(v.tiller.Setup(f.Config)).NotTo(HaveOccurred(), "failed to setup tiller")
+	Expect(v.tiller.Provision()).NotTo(HaveOccurred(), "failed to provision tiller")

-	f.RequireAddon(tiller)
-	f.RequireAddon(vault)
+	v.vault = &vault.Vault{
+		Tiller:    v.tiller,
+		Namespace: f.Namespace.Name,
+		Name:      "cm-e2e-create-vault-issuer",
+	}
+	Expect(v.vault.Setup(f.Config)).NotTo(HaveOccurred(), "failed to setup vault")
+	Expect(v.vault.Provision()).NotTo(HaveOccurred(), "failed to provision vault")

 	intermediateMount := "intermediate-ca"
 	role := "kubernetes-vault"
@ -63,22 +76,21 @@ func createVaultIssuer(f *framework.Framework) cmapi.ObjectReference {
 	authPath := "approle"

 	By("Configuring the Vault server")
-	vaultInit := &vaultaddon.VaultInitializer{
-		Details:           *vault.Details(),
+	vaultInit := &vault.VaultInitializer{
+		Details:           *v.vault.Details(),
 		RootMount:         "root-ca",
 		IntermediateMount: intermediateMount,
 		Role:              role,
 		AuthPath:          authPath,
 	}
-	err := vaultInit.Init()
-	Expect(err).NotTo(HaveOccurred())
-	err = vaultInit.Setup()
-	Expect(err).NotTo(HaveOccurred())
-	roleID, secretID, err := vaultInit.CreateAppRole()
-	Expect(err).NotTo(HaveOccurred())
+	Expect(vaultInit.Init()).NotTo(HaveOccurred(), "failed to init vault")
+	Expect(vaultInit.Setup()).NotTo(HaveOccurred(), "fauled to setup vault")

-	_, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(vaultaddon.NewVaultAppRoleSecret(vaultSecretAppRoleName, secretID))
-	Expect(err).NotTo(HaveOccurred())
+	roleID, secretID, err := vaultInit.CreateAppRole()
+	Expect(err).NotTo(HaveOccurred(), "vault to create app role from vault")
+
+	_, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(vault.NewVaultAppRoleSecret(vaultSecretAppRoleName, secretID))
+	Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault")

 	issuer, err := f.CertManagerClientSet.CertmanagerV1alpha1().Issuers(f.Namespace.Name).Create(&cmapi.Issuer{
 		ObjectMeta: metav1.ObjectMeta{
@ -87,9 +99,9 @@ func createVaultIssuer(f *framework.Framework) cmapi.ObjectReference {
 		Spec: cmapi.IssuerSpec{
 			IssuerConfig: cmapi.IssuerConfig{
 				Vault: &cmapi.VaultIssuer{
-					Server:   vault.Details().Host,
+					Server:   v.vault.Details().Host,
 					Path:     vaultPath,
-					CABundle: vault.Details().VaultCA,
+					CABundle: v.vault.Details().VaultCA,
 					Auth: cmapi.VaultAuth{
 						AppRole: cmapi.VaultAppRole{
 							Path:   authPath,
--- a/test/e2e/suite/conformance/certificates/venafi/BUILD.bazel
+++ b/test/e2e/suite/conformance/certificates/venafi/BUILD.bazel
@ -8,6 +8,7 @@ go_library(
    deps = [
        "//pkg/apis/certmanager/v1alpha1:go_default_library",
        "//test/e2e/framework:go_default_library",
+        "//test/e2e/framework/util/errors:go_default_library",
        "//test/e2e/suite/conformance/certificates:go_default_library",
        "//test/e2e/suite/issuers/venafi/addon:go_default_library",
        "//vendor/github.com/onsi/ginkgo:go_default_library",
--- a/test/e2e/suite/conformance/certificates/venafi/venafi.go
+++ b/test/e2e/suite/conformance/certificates/venafi/venafi.go
@ -22,6 +22,7 @@ import (

 	cmapi "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha1"
 	"github.com/jetstack/cert-manager/test/e2e/framework"
+	"github.com/jetstack/cert-manager/test/e2e/framework/util/errors"
 	"github.com/jetstack/cert-manager/test/e2e/suite/conformance/certificates"
 	vaddon "github.com/jetstack/cert-manager/test/e2e/suite/issuers/venafi/addon"
 )
@ -34,25 +35,41 @@ var _ = framework.ConformanceDescribe("Certificates", func() {
 		certificates.DurationFeature,
 	)

+	provisioner := new(venafiProvisioner)
 	(&certificates.Suite{
 		Name:                "Venafi",
-		CreateIssuerFunc:    createVenafiIssuer,
+		CreateIssuerFunc:    provisioner.create,
+		DeleteIssuerFunc:    provisioner.delete,
 		UnsupportedFeatures: unsupportedFeatures,
 	}).Define()
 })

-func createVenafiIssuer(f *framework.Framework) cmapi.ObjectReference {
+type venafiProvisioner struct {
+	tpp *vaddon.VenafiTPP
+}
+
+func (v *venafiProvisioner) delete(f *framework.Framework, ref cmapi.ObjectReference) {
+	Expect(v.tpp.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision tpp venafi")
+}
+
+func (v *venafiProvisioner) create(f *framework.Framework) cmapi.ObjectReference {
 	By("Creating a Venafi issuer")

-	tppAddon := &vaddon.VenafiTPP{
+	v.tpp = &vaddon.VenafiTPP{
 		Namespace: f.Namespace.Name,
 	}

-	f.RequireAddon(tppAddon)
+	err := v.tpp.Setup(f.Config)
+	if errors.IsSkip(err) {
+		framework.Skipf("Skipping test as addon could not be setup: %v", err)
+	}
+	Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi")

-	issuer := tppAddon.Details().BuildIssuer()
-	issuer, err := f.CertManagerClientSet.CertmanagerV1alpha1().Issuers(f.Namespace.Name).Create(issuer)
-	Expect(err).NotTo(HaveOccurred())
+	Expect(v.tpp.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi")
+
+	issuer := v.tpp.Details().BuildIssuer()
+	issuer, err = f.CertManagerClientSet.CertmanagerV1alpha1().Issuers(f.Namespace.Name).Create(issuer)
+	Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi")

 	return cmapi.ObjectReference{
 		Group: cmapi.SchemeGroupVersion.Group,
--- a/test/e2e/suite/issuers/venafi/addon/tpp.go
+++ b/test/e2e/suite/issuers/venafi/addon/tpp.go
@ -107,8 +107,7 @@ func (v *VenafiTPP) Details() *TPPDetails {
 }

 func (v *VenafiTPP) Deprovision() error {
-	v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(v.createdSecret.Name, nil)
-	return nil
+	return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(v.createdSecret.Name, nil)
 }

 func (v *VenafiTPP) SupportsGlobal() bool {