From e75a34da7436315f509ed4f660111612750dd3e2 Mon Sep 17 00:00:00 2001 From: Eddy Moulton Date: Wed, 21 Aug 2024 10:04:30 +1000 Subject: [PATCH 1/2] Use static AKS cluster for authentication tests --- ...netesContextScriptWrapperLiveFixtureAks.cs | 53 ++++++++------- ...rapperLiveFixtureAksLocalAccessDisabled.cs | 41 +++++++----- ...etesContextScriptWrapperLiveFixtureBase.cs | 1 + .../aks.kubernetes.tf | 8 +-- .../Clusters/AKS-local-access-disabled/aks.tf | 41 ++---------- .../AKS-local-access-disabled/main.tf | 15 +---- .../AKS-local-access-disabled/outputs.tf | 18 ++--- .../Terraform/Clusters/AKS/aks.kubernetes.tf | 10 +-- .../Terraform/Clusters/AKS/aks.tf | 34 ++-------- .../Terraform/Clusters/AKS/main.tf | 7 +- .../Terraform/Clusters/AKS/outputs.tf | 18 ++--- .../Terraform/StaticClusters/AKS/aks.tf | 65 +++++++++++++++++++ .../Terraform/StaticClusters/AKS/main.tf | 13 ++++ .../Terraform/StaticClusters/AKS/providers.tf | 17 +++++ 14 files changed, 193 insertions(+), 148 deletions(-) create mode 100644 source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/aks.tf create mode 100644 source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/main.tf create mode 100644 source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/providers.tf diff --git a/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureAks.cs b/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureAks.cs index 8a33c6492..ff4a5fe68 100644 --- a/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureAks.cs +++ b/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureAks.cs @@ -21,7 +21,7 @@ namespace Calamari.Tests.KubernetesFixtures { [TestFixture] [Category(TestCategory.RunOnceOnWindowsAndLinux)] - public class KubernetesContextScriptWrapperLiveFixtureAks: KubernetesContextScriptWrapperLiveFixture + public class KubernetesContextScriptWrapperLiveFixtureAks : KubernetesContextScriptWrapperLiveFixture { string aksClusterHost; string aksClusterClientCertificate; @@ -31,7 +31,10 @@ public class KubernetesContextScriptWrapperLiveFixtureAks: KubernetesContextScri string azurermResourceGroup; string aksPodServiceAccountToken; string azureSubscriptionId; - + string azureSubscriptionClientId; + string azureSubscriptionPassword; + string azureSubscriptionTenantId; + static readonly CancellationTokenSource CancellationTokenSource = new CancellationTokenSource(); readonly CancellationToken cancellationToken = CancellationTokenSource.Token; @@ -41,7 +44,7 @@ protected override IEnumerable ToolsToAddToPath(InstallTools tools) { yield return tools.KubeloginExecutable; } - + protected override async Task InstallOptionalTools(InstallTools tools) { await tools.InstallKubelogin(); @@ -61,15 +64,20 @@ protected override void ExtractVariablesFromTerraformOutput(JObject jsonOutput) protected override async Task> GetEnvironmentVars(CancellationToken cancellationToken) { azureSubscriptionId = await ExternalVariables.Get(ExternalVariable.AzureSubscriptionId, cancellationToken); + azureSubscriptionTenantId = await ExternalVariables.Get(ExternalVariable.AzureSubscriptionTenantId, cancellationToken); + azureSubscriptionPassword = await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken); + azureSubscriptionClientId = await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken); + return new Dictionary() { - { "ARM_SUBSCRIPTION_ID", azureSubscriptionId}, - { "ARM_CLIENT_ID", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken) }, - { "ARM_CLIENT_SECRET", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken) }, - { "ARM_TENANT_ID", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionTenantId, cancellationToken) }, - { "TF_VAR_aks_client_id", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken) }, - { "TF_VAR_aks_client_secret", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken) }, + { "ARM_SUBSCRIPTION_ID", azureSubscriptionId }, + { "ARM_CLIENT_ID", azureSubscriptionClientId }, + { "ARM_CLIENT_SECRET", azureSubscriptionPassword }, + { "ARM_TENANT_ID", azureSubscriptionTenantId }, + { "TF_VAR_aks_client_id", azureSubscriptionClientId }, + { "TF_VAR_aks_client_secret", azureSubscriptionPassword }, { "TF_VAR_test_namespace", TestNamespace }, + { "TF_VAR_static_resource_prefix", StaticTestResourcePrefix } }; } @@ -103,16 +111,17 @@ public void AuthorisingWithPodServiceAccountToken(bool runAsScript) [Test] [TestCase(true)] [TestCase(false)] - public async Task AuthorisingWithAzureServicePrincipal(bool runAsScript) + public void AuthorisingWithAzureServicePrincipal(bool runAsScript) { variables.Set(Deployment.SpecialVariables.Account.AccountType, "AzureServicePrincipal"); variables.Set("Octopus.Action.Kubernetes.AksClusterResourceGroup", azurermResourceGroup); variables.Set(SpecialVariables.AksClusterName, aksClusterName); variables.Set("Octopus.Action.Kubernetes.AksAdminLogin", Boolean.FalseString); - variables.Set("Octopus.Action.Azure.SubscriptionId", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionId, cancellationToken)); - variables.Set("Octopus.Action.Azure.TenantId", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionTenantId, cancellationToken)); - variables.Set("Octopus.Action.Azure.Password", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken)); - variables.Set("Octopus.Action.Azure.ClientId", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken)); + variables.Set("Octopus.Action.Azure.SubscriptionId", azureSubscriptionId); + variables.Set("Octopus.Action.Azure.ClientId", azureSubscriptionClientId); + variables.Set("Octopus.Action.Azure.Password", azureSubscriptionPassword); + variables.Set("Octopus.Action.Azure.TenantId", azureSubscriptionTenantId); + if (runAsScript) { DeployWithKubectlTestScriptAndVerifyResult(); @@ -166,7 +175,7 @@ public void UnreachableK8Cluster_ShouldExecuteTargetScript() [Test] [TestCase(false)] [TestCase(true)] - public async Task DiscoverKubernetesClusterWithAzureServicePrincipalAccount(bool setHealthCheckContainer) + public void DiscoverKubernetesClusterWithAzureServicePrincipalAccount(bool setHealthCheckContainer) { var scope = new TargetDiscoveryScope("TestSpace", "Staging", @@ -177,13 +186,13 @@ public async Task DiscoverKubernetesClusterWithAzureServicePrincipalAccount(bool setHealthCheckContainer ? new FeedImage("MyImage:with-tag", "Feeds-123") : null); var account = new AzureServicePrincipalAccount( - await ExternalVariables.Get(ExternalVariable.AzureSubscriptionId, cancellationToken), - await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken), - await ExternalVariables.Get(ExternalVariable.AzureSubscriptionTenantId, cancellationToken), - await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken), - null, - null, - null); + azureSubscriptionId, + azureSubscriptionClientId, + azureSubscriptionTenantId, + azureSubscriptionPassword, + null, + null, + null); var authenticationDetails = new AccountAuthenticationDetails( diff --git a/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureAksLocalAccessDisabled.cs b/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureAksLocalAccessDisabled.cs index a848b56d5..43761cc7e 100644 --- a/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureAksLocalAccessDisabled.cs +++ b/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureAksLocalAccessDisabled.cs @@ -24,7 +24,10 @@ public class KubernetesContextScriptWrapperLiveFixtureAksLocalAccessDisabled : K string aksClusterName; string azurermResourceGroup; string azureSubscriptionId; - + string azureSubscriptionClientId; + string azureSubscriptionPassword; + string azureSubscriptionTenantId; + static readonly CancellationTokenSource CancellationTokenSource = new CancellationTokenSource(); readonly CancellationToken cancellationToken = CancellationTokenSource.Token; @@ -49,31 +52,37 @@ protected override void ExtractVariablesFromTerraformOutput(JObject jsonOutput) protected override async Task> GetEnvironmentVars(CancellationToken cancellationToken) { azureSubscriptionId = await ExternalVariables.Get(ExternalVariable.AzureSubscriptionId, cancellationToken); + azureSubscriptionClientId = await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken); + azureSubscriptionPassword = await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken); + azureSubscriptionTenantId = await ExternalVariables.Get(ExternalVariable.AzureSubscriptionTenantId, cancellationToken); + return new Dictionary() { { "ARM_SUBSCRIPTION_ID", azureSubscriptionId }, - { "ARM_CLIENT_ID", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken) }, - { "ARM_CLIENT_SECRET", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken) }, - { "ARM_TENANT_ID", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionTenantId, cancellationToken) }, - { "TF_VAR_aks_client_id", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken) }, - { "TF_VAR_aks_client_secret", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken) }, + { "ARM_CLIENT_ID", azureSubscriptionClientId }, + { "ARM_CLIENT_SECRET", azureSubscriptionPassword }, + { "ARM_TENANT_ID", azureSubscriptionTenantId }, + { "TF_VAR_aks_client_id", azureSubscriptionClientId }, + { "TF_VAR_aks_client_secret", azureSubscriptionPassword }, { "TF_VAR_test_namespace", TestNamespace }, + { "TF_VAR_static_resource_prefix", StaticTestResourcePrefix } }; } [Test] [TestCase(true)] [TestCase(false)] - public async Task AuthorisingWithAzureServicePrincipal(bool runAsScript) + public void AuthorisingWithAzureServicePrincipal(bool runAsScript) { variables.Set(SpecialVariables.Account.AccountType, "AzureServicePrincipal"); variables.Set("Octopus.Action.Kubernetes.AksClusterResourceGroup", azurermResourceGroup); variables.Set(Kubernetes.SpecialVariables.AksClusterName, aksClusterName); variables.Set("Octopus.Action.Kubernetes.AksAdminLogin", Boolean.FalseString); - variables.Set("Octopus.Action.Azure.SubscriptionId", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionId, cancellationToken)); - variables.Set("Octopus.Action.Azure.TenantId", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionTenantId, cancellationToken)); - variables.Set("Octopus.Action.Azure.Password", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken)); - variables.Set("Octopus.Action.Azure.ClientId", await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken)); + variables.Set("Octopus.Action.Azure.SubscriptionId", azureSubscriptionId); + variables.Set("Octopus.Action.Azure.ClientId", azureSubscriptionClientId); + variables.Set("Octopus.Action.Azure.Password", azureSubscriptionPassword); + variables.Set("Octopus.Action.Azure.TenantId", azureSubscriptionTenantId); + if (runAsScript) { DeployWithKubectlTestScriptAndVerifyResult(); @@ -87,7 +96,7 @@ public async Task AuthorisingWithAzureServicePrincipal(bool runAsScript) [Test] [TestCase(false)] [TestCase(true)] - public async Task DiscoverKubernetesClusterWithAzureServicePrincipalAccount(bool setHealthCheckContainer) + public void DiscoverKubernetesClusterWithAzureServicePrincipalAccount(bool setHealthCheckContainer) { var scope = new TargetDiscoveryScope("TestSpace", "Staging", @@ -98,10 +107,10 @@ public async Task DiscoverKubernetesClusterWithAzureServicePrincipalAccount(bool setHealthCheckContainer ? new FeedImage("MyImage:with-tag", "Feeds-123") : null); var account = new AzureServicePrincipalAccount( - await ExternalVariables.Get(ExternalVariable.AzureSubscriptionId, cancellationToken), - await ExternalVariables.Get(ExternalVariable.AzureSubscriptionClientId, cancellationToken), - await ExternalVariables.Get(ExternalVariable.AzureSubscriptionTenantId, cancellationToken), - await ExternalVariables.Get(ExternalVariable.AzureSubscriptionPassword, cancellationToken), + azureSubscriptionId, + azureSubscriptionClientId, + azureSubscriptionTenantId, + azureSubscriptionPassword, null, null, null); diff --git a/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureBase.cs b/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureBase.cs index f86852bd5..588e34cc4 100644 --- a/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureBase.cs +++ b/source/Calamari.Tests/KubernetesFixtures/KubernetesContextScriptWrapperLiveFixtureBase.cs @@ -27,6 +27,7 @@ namespace Calamari.Tests.KubernetesFixtures public abstract class KubernetesContextScriptWrapperLiveFixtureBase : CalamariFixture { protected const string TestNamespace = "calamari-testing"; + protected const string StaticTestResourcePrefix = "calamari-testing-static"; protected IVariables variables; protected string testFolder; diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/aks.kubernetes.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/aks.kubernetes.tf index 454b11980..19e7a2e61 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/aks.kubernetes.tf +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/aks.kubernetes.tf @@ -1,7 +1,7 @@ provider "kubernetes" { alias = "aks" - host = azurerm_kubernetes_cluster.default.kube_config.0.host - cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) - client_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) - client_key = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key) + host = data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.host + cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.cluster_ca_certificate) + client_certificate = base64decode(data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.client_certificate) + client_key = base64decode(data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.client_key) } \ No newline at end of file diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/aks.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/aks.tf index e7b70d77d..71eefd804 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/aks.tf +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/aks.tf @@ -1,37 +1,8 @@ -resource "azurerm_resource_group" "default" { - name = "${random_pet.prefix.id}-rg" - location = "Australia East" +data "azurerm_resource_group" "default" { + name = "${var.static_resource_prefix}-rg" } -resource "azurerm_kubernetes_cluster" "default" { - name = "${random_pet.prefix.id}-aks" - resource_group_name = azurerm_resource_group.default.name - location = "Australia East" - dns_prefix = "${random_pet.prefix.id}-k8s" - kubernetes_version = "1.28" - - tags = { - octopus-environment = "Staging" - octopus-role = "discovery-role" - source = "calamari-e2e-tests" - } - - default_node_pool { - name = "default" - vm_size = "Standard_B2s" - node_count = 1 - os_disk_size_gb = 30 - } - - identity { - type = "SystemAssigned" - } - - role_based_access_control_enabled = true - local_account_disabled = true - - azure_active_directory_role_based_access_control { - managed = true - azure_rbac_enabled = true - } -} +data "azurerm_kubernetes_cluster" "local_access_disabled" { + name = "${var.static_resource_prefix}-aks-no-local" + resource_group_name = data.azurerm_resource_group.default.name +} \ No newline at end of file diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/main.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/main.tf index e2a44c042..1a53e9c95 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/main.tf +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/main.tf @@ -1,14 +1,3 @@ -variable "test_namespace" { +variable "static_resource_prefix" { type = string -} - -variable "aks_client_id" { - type = string -} - -variable "aks_client_secret" { - type = string - sensitive = true -} - -resource "random_pet" "prefix" {} +} \ No newline at end of file diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/outputs.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/outputs.tf index 54e355d67..a16175a13 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/outputs.tf +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS-local-access-disabled/outputs.tf @@ -1,41 +1,41 @@ output "aks_cluster_host" { description = "Endpoint for AKS control plane." - value = azurerm_kubernetes_cluster.default.kube_config.0.host + value = data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.host sensitive = true } output "aks_cluster_username" { - value = azurerm_kubernetes_cluster.default.kube_config.0.username + value = data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.username sensitive = true } output "aks_cluster_password" { - value = azurerm_kubernetes_cluster.default.kube_config.0.password + value = data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.password sensitive = true } output "aks_cluster_client_certificate" { - value = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + value = base64decode(data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.client_certificate) sensitive = true } output "aks_cluster_client_key" { - value = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key) + value = base64decode(data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.client_key) sensitive = true } output "aks_cluster_ca_certificate" { - value = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) + value = base64decode(data.azurerm_kubernetes_cluster.local_access_disabled.kube_config.0.cluster_ca_certificate) sensitive = true } output "aks_cluster_name" { description = "AKS name." - value = azurerm_kubernetes_cluster.default.name + value = data.azurerm_kubernetes_cluster.local_access_disabled.name } output "aks_rg_name" { description = "RG name." - value = azurerm_resource_group.default.name -} + value = data.azurerm_resource_group.default.name +} \ No newline at end of file diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/aks.kubernetes.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/aks.kubernetes.tf index 1c02de0a3..214a23683 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/aks.kubernetes.tf +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/aks.kubernetes.tf @@ -1,15 +1,15 @@ provider "kubernetes" { alias = "aks" - host = azurerm_kubernetes_cluster.default.kube_config.0.host - cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) - client_certificate = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) - client_key = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key) + host = data.azurerm_kubernetes_cluster.default.kube_config.0.host + cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) + client_certificate = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + client_key = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_key) } resource "kubernetes_namespace" "default" { provider = kubernetes.aks metadata { - name = var.test_namespace + name = "${var.test_namespace}-${random_pet.prefix.id}" } } diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/aks.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/aks.tf index a67b9e852..7a54c37f9 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/aks.tf +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/aks.tf @@ -1,32 +1,8 @@ -resource "azurerm_resource_group" "default" { - name = "${random_pet.prefix.id}-rg" - location = "Australia East" +data "azurerm_resource_group" "default" { + name = "${var.static_resource_prefix}-rg" } -resource "azurerm_kubernetes_cluster" "default" { - name = "${random_pet.prefix.id}-aks" - resource_group_name = azurerm_resource_group.default.name - location = "Australia East" - dns_prefix = "${random_pet.prefix.id}-k8s" - kubernetes_version = "1.28" - - tags = { - octopus-environment = "Staging" - octopus-role = "discovery-role" - source = "calamari-e2e-tests" - } - - default_node_pool { - name = "default" - vm_size = "Standard_B2s" - node_count = 1 - os_disk_size_gb = 30 - } - - role_based_access_control_enabled = true - - service_principal { - client_id = var.aks_client_id - client_secret = var.aks_client_secret - } +data "azurerm_kubernetes_cluster" "default" { + name = "${var.static_resource_prefix}-aks" + resource_group_name = data.azurerm_resource_group.default.name } diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/main.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/main.tf index 51405e279..351bbb625 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/main.tf +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/main.tf @@ -2,13 +2,8 @@ variable "test_namespace" { type = string } -variable "aks_client_id" { +variable "static_resource_prefix" { type = string } -variable "aks_client_secret" { - type = string - sensitive = true -} - resource "random_pet" "prefix" {} diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/outputs.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/outputs.tf index 5546dae29..14253f0ba 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/outputs.tf +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/Clusters/AKS/outputs.tf @@ -1,48 +1,48 @@ output "aks_cluster_host" { description = "Endpoint for AKS control plane." - value = azurerm_kubernetes_cluster.default.kube_config.0.host + value = data.azurerm_kubernetes_cluster.default.kube_config.0.host sensitive = true } output "aks_cluster_username" { - value = azurerm_kubernetes_cluster.default.kube_config.0.username + value = data.azurerm_kubernetes_cluster.default.kube_config.0.username sensitive = true } output "aks_cluster_password" { - value = azurerm_kubernetes_cluster.default.kube_config.0.password + value = data.azurerm_kubernetes_cluster.default.kube_config.0.password sensitive = true } output "aks_cluster_client_certificate" { - value = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) + value = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_certificate) sensitive = true } output "aks_cluster_client_key" { - value = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.client_key) + value = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.client_key) sensitive = true } output "aks_cluster_ca_certificate" { - value = base64decode(azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) + value = base64decode(data.azurerm_kubernetes_cluster.default.kube_config.0.cluster_ca_certificate) sensitive = true } output "aks_cluster_name" { description = "AKS name." - value = azurerm_kubernetes_cluster.default.name + value = data.azurerm_kubernetes_cluster.default.name } output "aks_rg_name" { description = "RG name." - value = azurerm_resource_group.default.name + value = data.azurerm_resource_group.default.name } output "aks_rg_id" { description = "Resource group Id" - value = azurerm_resource_group.default.id + value = data.azurerm_resource_group.default.id } output "aks_service_account_token" { diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/aks.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/aks.tf new file mode 100644 index 000000000..3463bff6f --- /dev/null +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/aks.tf @@ -0,0 +1,65 @@ +resource "azurerm_resource_group" "default" { + name = "${var.static_resource_prefix}-rg" + location = "Australia East" +} + +resource "azurerm_kubernetes_cluster" "default" { + name = "${var.static_resource_prefix}-aks" + resource_group_name = azurerm_resource_group.default.name + location = "Australia East" + dns_prefix = "${var.static_resource_prefix}-k8s" + kubernetes_version = "1.28" + + tags = { + octopus-environment = "Staging" + octopus-role = "discovery-role" + source = "calamari-e2e-tests" + } + + default_node_pool { + name = "default" + vm_size = "Standard_B2s" + node_count = 1 + os_disk_size_gb = 30 + } + + role_based_access_control_enabled = true + + service_principal { + client_id = var.aks_client_id + client_secret = var.aks_client_secret + } +} + +resource "azurerm_kubernetes_cluster" "local_access_disabled" { + name = "${var.static_resource_prefix}-aks-no-local" + resource_group_name = azurerm_resource_group.default.name + location = "Australia East" + dns_prefix = "${var.static_resource_prefix}-k8s-no-local" + kubernetes_version = "1.28" + + tags = { + octopus-environment = "Staging" + octopus-role = "discovery-role" + source = "calamari-e2e-tests" + } + + default_node_pool { + name = "default" + vm_size = "Standard_B2s" + node_count = 1 + os_disk_size_gb = 30 + } + + identity { + type = "SystemAssigned" + } + + role_based_access_control_enabled = true + local_account_disabled = true + + azure_active_directory_role_based_access_control { + managed = true + azure_rbac_enabled = true + } +} \ No newline at end of file diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/main.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/main.tf new file mode 100644 index 000000000..4dbdb7df3 --- /dev/null +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/main.tf @@ -0,0 +1,13 @@ +variable "static_resource_prefix" { + type = string + default = null +} + +variable "aks_client_id" { + type = string +} + +variable "aks_client_secret" { + type = string + sensitive = true +} \ No newline at end of file diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/providers.tf b/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/providers.tf new file mode 100644 index 000000000..4a4e47b60 --- /dev/null +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/AKS/providers.tf @@ -0,0 +1,17 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "3.99.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.3.2" + } + } + required_version = ">= 0.15" +} + +provider "azurerm" { + features {} +} \ No newline at end of file From e123523c1c133eecce62befa18477fced942306a Mon Sep 17 00:00:00 2001 From: Eddy Moulton Date: Thu, 5 Sep 2024 09:16:38 +1000 Subject: [PATCH 2/2] Update readme --- .../KubernetesFixtures/Terraform/StaticClusters/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/readme.md b/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/readme.md index db5c76841..fc550af50 100644 --- a/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/readme.md +++ b/source/Calamari.Tests/KubernetesFixtures/Terraform/StaticClusters/readme.md @@ -3,7 +3,7 @@ Static clusters for cloud provider specific authentication tests are provisioned using Terraform Cloud. - [EKS configuration](https://app.terraform.io/app/octopus-deploy/workspaces/calamari-testing-kubernetes-static-infrastructure-eks) -- [AKS configuration (In progress)](https://app.terraform.io/app/octopus-deploy/workspaces/calamari-testing-kubernetes-static-infrastructure-sks) +- [AKS configuration](https://app.terraform.io/app/octopus-deploy/workspaces/calamari-testing-kubernetes-static-infrastructure-sks) - [GKE configuration](https://app.terraform.io/app/octopus-deploy/workspaces/calamari-testing-kubernetes-static-infrastructure-gke) Ensure all the tests that are written against these clusters do not interact with each other.