ci: switch to upstream ado org for e2e (#137)

aramase · web-flow · commit b2c7af722a58 · 2022-04-08T23:10:52.000+05:30
Signed-off-by: Anish Ramasekar &lt;anish.ramasekar@gmail.com&gt;
diff --git a/.pipelines/nightly.yml b/.pipelines/nightly.yml
@@ -8,8 +8,7 @@ schedules:
       include:
         - master
 
-pool:
-  vmImage: ubuntu-latest
+pool: staging-pool
 
 jobs:
   - template: templates/unit-tests-template.yml
diff --git a/.pipelines/pr.yml b/.pipelines/pr.yml
@@ -11,8 +11,7 @@ pr:
     exclude:
       - docs/*
 
-pool:
-  vmImage: ubuntu-latest
+pool: staging-pool
 
 jobs:
   - template: templates/unit-tests-template.yml
diff --git a/.pipelines/templates/e2e-kind-template.yml b/.pipelines/templates/e2e-kind-template.yml
@@ -10,11 +10,18 @@ jobs:
       - name: REGISTRY_PORT
         value: 5000
       - name: KUBERNETES_VERSION
-        value: v1.21.1
+        value: v1.23.5
       - name: KIND_CLUSTER_NAME
         value: kms
       - name: KIND_NETWORK
         value: kind
+      # contains the following environment variables:
+      # - AZURE_CLIENT_ID
+      # - AZURE_CLIENT_SECRET
+      # - AZURE_TENANT_ID
+      # - KEYVAULT_NAME
+      # - KEY_NAME
+      # - KEY_VERSION
       - group: kubernetes-kms
 
     steps:
@@ -26,16 +33,16 @@ jobs:
         displayName: "Install e2e test prerequisites"
 
       - script: |
-          REGISTRY_NAME=$(REGISTRY_NAME) REGISTRY_PORT=$(REGISTRY_PORT) KUBERNETES_VERSION=$(KUBERNETES_VERSION) KIND_CLUSTER_NAME=$(KIND_CLUSTER_NAME) KIND_NETWORK=$(KIND_NETWORK) make e2e-setup-kind
+          make e2e-setup-kind
         displayName: "Setup kind cluster with azure kms plugin"
         env:
           REGISTRY_NAME: $(REGISTRY_NAME)
           REGISTRY_PORT: $(REGISTRY_PORT)
           KUBERNETES_VERSION: $(KUBERNETES_VERSION)
           KIND_CLUSTER_NAME: $(KIND_CLUSTER_NAME)
           KIND_NETWORK: $(KIND_NETWORK)
-          CLIENT_ID: $(AZURE_CLIENT_ID)
-          CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
+          AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
+          AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
 
       - template: cluster-health-template.yml
       - template: kind-debug-template.yml
diff --git a/.pipelines/templates/e2e-upgrade-template.yml b/.pipelines/templates/e2e-upgrade-template.yml
@@ -10,18 +10,21 @@ jobs:
       - name: REGISTRY_PORT
         value: 5000
       - name: KUBERNETES_VERSION
-        value: v1.21.1
+        value: v1.23.5
       - name: KIND_CLUSTER_NAME
         value: kms
       - name: KIND_NETWORK
         value: kind
+      # contains the following environment variables:
+      # - AZURE_CLIENT_ID
+      # - AZURE_CLIENT_SECRET
+      # - AZURE_TENANT_ID
+      # - KEYVAULT_NAME
+      # - KEY_NAME
+      # - KEY_VERSION
       - group: kubernetes-kms
 
     steps:
-      - task: GoTool@0
-        inputs:
-          version: 1.18
-
       - script: make e2e-install-prerequisites
         displayName: "Install e2e test prerequisites"
 
diff --git a/.pipelines/templates/manifest-template.yml b/.pipelines/templates/manifest-template.yml
@@ -18,5 +18,5 @@ steps:
       echo "##vso[task.setvariable variable=IMAGE_NAME]${{ parameters.imageName }}"
     displayName: "Generate Manifests"
     env:
-      CLIENT_ID: $(AZURE_CLIENT_ID)
-      CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
+      AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
+      AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
diff --git a/.pipelines/templates/scan-images-template.yml b/.pipelines/templates/scan-images-template.yml
@@ -5,11 +5,10 @@ steps:
       export OUTPUT_TYPE="type=docker"
       make docker-init-buildx docker-build
 
-      wget https://github.com/aquasecurity/trivy/releases/download/v$(TRIVY_VERSION)/trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
-      tar zxvf trivy_$(TRIVY_VERSION)_Linux-64bit.tar.gz
+      wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION:-0.24.4}/trivy_${TRIVY_VERSION:-0.24.4}_Linux-64bit.tar.gz
+      tar zxvf trivy_${TRIVY_VERSION:-0.24.4}_Linux-64bit.tar.gz
 
       # show all vulnerabilities in the logs
-      ./trivy "${REGISTRY}/keyvault:${IMAGE_VERSION}"
-      
-      ./trivy --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL "${REGISTRY}/keyvault:${IMAGE_VERSION}" || exit 1
+      ./trivy image "${REGISTRY}/keyvault:${IMAGE_VERSION}"
+      ./trivy image --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL "${REGISTRY}/keyvault:${IMAGE_VERSION}" || exit 1
     displayName: "Scan images for vulnerability"
diff --git a/.pipelines/templates/unit-tests-template.yml b/.pipelines/templates/unit-tests-template.yml
@@ -5,12 +5,16 @@ jobs:
     workspace:
       clean: all
     variables:
-      - group: kubernetes-kms
+      # contains the following environment variables:
+      # - AZURE_CLIENT_ID
+      # - AZURE_CLIENT_SECRET
+      # - AZURE_TENANT_ID
+      # - KEYVAULT_NAME
+      # - KEY_NAME
+      # - KEY_VERSION
+    - group: kubernetes-kms
 
     steps:
-      - task: GoTool@0
-        inputs:
-          version: 1.18
       - script: make lint
         displayName: Run lint
       - script: make unit-test
@@ -22,14 +26,14 @@ jobs:
         displayName: Check binary version
       - script: |
           sudo mkdir /etc/kubernetes
-          echo -e '{\n    "tenantId": "'$TENANT_ID'",\n    "subscriptionId": "'$SUBSCRIPTION_ID'",\n    "aadClientId": "'$CLIENT_ID'",\n    "aadClientSecret": "'$CLIENT_SECRET'",\n}' | sudo tee --append /etc/kubernetes/azure.json  > /dev/null
+          echo -e '{\n    "tenantId": "'$AZURE_TENANT_ID'",\n    "aadClientId": "'$AZURE_CLIENT_ID'",\n    "aadClientSecret": "'$AZURE_CLIENT_SECRET'",\n}' | sudo tee --append /etc/kubernetes/azure.json  > /dev/null
           sudo chown root:root /etc/kubernetes/azure.json && sudo chmod 600 /etc/kubernetes/azure.json
         displayName: Setup azure.json on host
         env:
-          CLIENT_ID: $(AZURE_CLIENT_ID)
-          CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
+          AZURE_CLIENT_ID: $(AZURE_CLIENT_ID)
+          AZURE_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
       - script: |
-          sudo ./_output/kubernetes-kms --keyvault-name $KV_NAME --key-name $KV_KEY --key-version $KV_KEY_VERSION --listen-addr "unix:///opt/azurekms.sock" > /dev/null &
+          sudo ./_output/kubernetes-kms --keyvault-name $KEYVAULT_NAME --key-name $KEY_NAME --key-version $KEY_VERSION --listen-addr "unix:///opt/azurekms.sock" > /dev/null &
           echo Waiting 2 seconds for the server to start
           sleep 2
           sudo make integration-test
diff --git a/docs/testing.md b/docs/testing.md
@@ -15,14 +15,14 @@ make e2e-install-prerequisites
 ```
 
 The E2E test suite extracts runtime configurations through environment variables. Below is a list of environment variables to set before running the E2E test suite.
-| Variable      | Description                                                                                         |
-| ------------- | --------------------------------------------------------------------------------------------------- |
-| CLIENT_ID     | The client ID of your service principal that has `encrypt, decrypt` access to the keyvault key.     |
-| CLIENT_SECRET | The client secret of your service principal that has `encrypt, decrypt` access to the keyvault key. |
-| TENANT_ID     | The Azure tenant ID.                                                                                |
-| KEYVAULT_NAME | The Azure Keyvault name.                                                                            |
-| KEY_NAME      | The name of Keyvault key that will be used by the kms plugin.                                       |
-| KEY_VERSION   | The version of Keyvault key that will be used by the kms plugin.                                    |
+| Variable            | Description                                                                                         |
+| ------------------- | --------------------------------------------------------------------------------------------------- |
+| AZURE_CLIENT_ID     | The client ID of your service principal that has `encrypt, decrypt` access to the keyvault key.     |
+| AZURE_CLIENT_SECRET | The client secret of your service principal that has `encrypt, decrypt` access to the keyvault key. |
+| AZURE_TENANT_ID     | The Azure tenant ID.                                                                                |
+| KEYVAULT_NAME       | The Azure Keyvault name.                                                                            |
+| KEY_NAME            | The name of Keyvault key that will be used by the kms plugin.                                       |
+| KEY_VERSION         | The version of Keyvault key that will be used by the kms plugin.                                    |
 
 ## Running the tests
 
diff --git a/tests/e2e/azure.json b/tests/e2e/azure.json
@@ -1,6 +1,7 @@
 {
     "cloud": "AzurePublicCloud",
-    "tenantId": "$TENANT_ID",
-    "aadClientId": "$CLIENT_ID",
-    "aadClientSecret": "$CLIENT_SECRET"
+    "tenantId": "$AZURE_TENANT_ID",
+    "aadClientId": "$AZURE_CLIENT_ID",
+    "aadClientSecret": "$AZURE_CLIENT_SECRET"
 }
+

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"cloud": "AzurePublicCloud",`
`3`		`- "tenantId": "$TENANT_ID",`
`4`		`- "aadClientId": "$CLIENT_ID",`
`5`		`- "aadClientSecret": "$CLIENT_SECRET"`
	`3`	`+ "tenantId": "$AZURE_TENANT_ID",`
	`4`	`+ "aadClientId": "$AZURE_CLIENT_ID",`
	`5`	`+ "aadClientSecret": "$AZURE_CLIENT_SECRET"`
`6`	`6`	`}`
	`7`	`+`