-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CORE-178] Fix integration tests #184
Changes from all commits
d21f793
81d5892
c826cc7
43e0c15
10e5299
afd1ac7
9a6b607
539efe3
6eedcde
12a4082
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,14 +16,13 @@ env: | |
VAULT_ADDR: https://clotho.broadinstitute.org:8200 | ||
VAULT_SERVICE_ACCOUNT_ADMIN_PATH: secret/dsde/terra/crl-test/default/service-account-admin.json | ||
VAULT_SERVICE_ACCOUNT_USER_PATH: secret/dsde/terra/crl-test/default/service-account-user.json | ||
VAULT_SERVICE_ACCOUNT_JANITOR_CLIENT_PATH: secret/dsde/terra/kernel/integration/tools/crl_janitor/client-sa | ||
VAULT_AZURE_MANAGED_APP_CLIENT_PATH: secret/dsde/terra/azure/common/managed-app-publisher | ||
# Where to store the retrieved service accounts credentials for Google integration tests. | ||
SERVICE_ACCOUNT_ADMIN_FILE: src/testFixtures/resources/integration_service_account_admin.json | ||
SERVICE_ACCOUNT_USER_FILE: src/testFixtures/resources/integration_service_account_user.json | ||
SERVICE_ACCOUNT_JANITOR_CLIENT_FILE: src/testFixtures/resources/integration_service_account_janitor_client.json | ||
AZURE_MANAGED_APP_CLIENT_FILE: src/testFixtures/resources/integration_azure_managed_app_client.json | ||
AZURE_PROPERTIES_FILE: src/testFixtures/resources/integration_azure_env.properties | ||
AZURE_MANAGED_APP_FILE: src/testFixtures/resources/integration_azure_managed_app_client.json | ||
AZURE_CREDENTIALS_FILE: src/testFixtures/resources/integration_azure_env.properties | ||
|
||
jobs: | ||
build-and-test: | ||
|
@@ -59,24 +58,23 @@ jobs: | |
vault:1.1.0 \ | ||
vault read -format json $VAULT_SERVICE_ACCOUNT_USER_PATH \ | ||
| jq .data > $SERVICE_ACCOUNT_USER_FILE &&# | ||
docker run --rm --cap-add IPC_LOCK \ | ||
-e "VAULT_TOKEN=${{ steps.vault-token-step.outputs.vault-token }}" \ | ||
-e "VAULT_ADDR=${VAULT_ADDR}" \ | ||
vault:1.1.0 \ | ||
vault read -format json $VAULT_SERVICE_ACCOUNT_JANITOR_CLIENT_PATH \ | ||
| jq -r .data.key | base64 -d > $SERVICE_ACCOUNT_JANITOR_CLIENT_FILE &&# | ||
docker run --rm --cap-add IPC_LOCK \ | ||
-e "VAULT_TOKEN=${{ steps.vault-token-step.outputs.vault-token }}" \ | ||
-e "VAULT_ADDR=${VAULT_ADDR}" \ | ||
vault:1.1.0 \ | ||
vault read -format json $VAULT_AZURE_MANAGED_APP_CLIENT_PATH \ | ||
| jq .data > $AZURE_MANAGED_APP_CLIENT_FILE | ||
| jq .data > $AZURE_MANAGED_APP_FILE | ||
- name: Write Janitor Client SA file | ||
run: | | ||
JANITOR_SA_B64=${{ secrets.CRL_JANITOR_CLIENT_SA_B64 }} | ||
echo ::add-mask::$JANITOR_SA_B64 | ||
echo $JANITOR_SA_B64 | base64 --decode > ${SERVICE_ACCOUNT_JANITOR_CLIENT_FILE} | ||
- name: Write Azure properties file | ||
run: | | ||
AZURE_MANAGED_APP_CLIENT_ID=$(jq -r '."client-id"' ${AZURE_MANAGED_APP_CLIENT_FILE}) | ||
AZURE_MANAGED_APP_CLIENT_SECRET=$(jq -r '."client-secret"' ${AZURE_MANAGED_APP_CLIENT_FILE}) | ||
AZURE_MANAGED_APP_TENANT_ID=$(jq -r '."tenant-id"' ${AZURE_MANAGED_APP_CLIENT_FILE}) | ||
cat > ${AZURE_PROPERTIES_FILE} <<EOF | ||
AZURE_MANAGED_APP_CLIENT_ID=$(jq -r '."client-id"' ${AZURE_MANAGED_APP_FILE}) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This step was getting cached by github actions, but I needed it to re-run after updating the client secret so I just renamed some of the env variables. |
||
AZURE_MANAGED_APP_CLIENT_SECRET=$(jq -r '."client-secret"' ${AZURE_MANAGED_APP_FILE}) | ||
AZURE_MANAGED_APP_TENANT_ID=$(jq -r '."tenant-id"' ${AZURE_MANAGED_APP_FILE}) | ||
cat > ${AZURE_CREDENTIALS_FILE} <<EOF | ||
integration.azure.admin.clientId=${AZURE_MANAGED_APP_CLIENT_ID} | ||
integration.azure.admin.clientSecret=${AZURE_MANAGED_APP_CLIENT_SECRET} | ||
integration.azure.admin.tenantId=${AZURE_MANAGED_APP_TENANT_ID} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,7 +24,7 @@ public class AzureIntegrationUtils { | |
"f557c728-871d-408c-a28b-eb6b2141a087", | ||
AzureEnvironment.AZURE); | ||
|
||
public static final String DEFAULT_AZURE_RESOURCE_GROUP = "e2e-xmx74y"; | ||
public static final String DEFAULT_AZURE_RESOURCE_GROUP = "DefaultResourceGroup-EUS2"; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The "e2e-xmx74y" test resource group no longer exists and was causing |
||
|
||
/** | ||
* Gets an Azure TokenCredential object for an Azure admin account. This account has the roles | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This secret is no longer in vault so it gets handled separately