Setup CTST in BeforeAll

Author: williamlardier

.github/scripts/end2end/configure-e2e-ctst.sh

@@ -1,54 +1,5 @@
 #!/bin/bash
 set -exu
 
-# Setup test environment variables
-export ZENKO_NAME=${1:-"end2end"}
-# Getting kafka host from backbeat's config
-KAFKA_HOST_PORT=$(kubectl get secret -l app.kubernetes.io/name=backbeat-config,app.kubernetes.io/instance=end2end \
-    -o jsonpath='{.items[0].data.config\.json}' | base64 -di | jq .kafka.hosts)
-KAFKA_HOST_PORT=${KAFKA_HOST_PORT:1:-1}
-# Removing the port
-export NOTIF_KAFKA_HOST=${KAFKA_HOST_PORT%:*}
-export NOTIF_KAFKA_PORT=${KAFKA_HOST_PORT#*:}
-
-UUID=$(kubectl get secret -l app.kubernetes.io/name=backbeat-config,app.kubernetes.io/instance=end2end \
-    -o jsonpath='{.items[0].data.config\.json}' | base64 -di | jq .extensions.replication.topic)
-UUID=${UUID%.*}
-UUID=${UUID:1}
-
 echo "127.0.0.1 iam.zenko.local ui.zenko.local s3-local-file.zenko.local keycloak.zenko.local \
     sts.zenko.local management.zenko.local s3.zenko.local website.mywebsite.com utilization.zenko.local" | sudo tee -a /etc/hosts
-
-# Add bucket notification target
-envsubst < ./configs/notification_destinations.yaml | kubectl apply -f -
-# Wait for service stabilization
-kubectl wait --for condition=DeploymentInProgress=true --timeout 10m zenko/${ZENKO_NAME}
-kubectl wait --for condition=DeploymentFailure=false --timeout 10m zenko/${ZENKO_NAME}
-kubectl wait --for condition=DeploymentInProgress=false --timeout 10m zenko/${ZENKO_NAME}
-
-# Get kafka image name and tag
-KAFKA_REGISTRY_NAME=$(yq eval ".kafka.sourceRegistry" ../../../solution/deps.yaml)
-KAFKA_IMAGE_NAME=$(yq eval ".kafka.image" ../../../solution/deps.yaml)
-KAFKA_IMAGE_TAG=$(yq eval ".kafka.tag" ../../../solution/deps.yaml)
-KAFKA_IMAGE=$KAFKA_REGISTRY_NAME/$KAFKA_IMAGE_NAME:$KAFKA_IMAGE_TAG
-
-# Cold location topic
-AZURE_ARCHIVE_STATUS_TOPIC="${UUID}.cold-status-e2e-azure-archive"
-AZURE_ARCHIVE_STATUS_TOPIC_2_NV="${UUID}.cold-status-e2e-azure-archive-2-non-versioned"
-AZURE_ARCHIVE_STATUS_TOPIC_2_V="${UUID}.cold-status-e2e-azure-archive-2-versioned"
-AZURE_ARCHIVE_STATUS_TOPIC_2_S="${UUID}.cold-status-e2e-azure-archive-2-suspended"
-
-# Creating bucket notification topic in kafka
-kubectl run kafka-topics \
-    --image=$KAFKA_IMAGE \
-    --pod-running-timeout=5m \
-    --rm \
-    --restart=Never \
-    --attach=True \
-    --command -- bash -c \
-    "kafka-topics.sh --create --topic $NOTIF_DEST_TOPIC --bootstrap-server $KAFKA_HOST_PORT --if-not-exists ; \
-        kafka-topics.sh --create --topic $NOTIF_ALT_DEST_TOPIC --bootstrap-server $KAFKA_HOST_PORT --if-not-exists ; \
-        kafka-topics.sh --create --topic $AZURE_ARCHIVE_STATUS_TOPIC --partitions 10 --bootstrap-server $KAFKA_HOST_PORT --if-not-exists ; \
-        kafka-topics.sh --create --topic $AZURE_ARCHIVE_STATUS_TOPIC_2_NV --partitions 10 --bootstrap-server $KAFKA_HOST_PORT --if-not-exists ; \
-        kafka-topics.sh --create --topic $AZURE_ARCHIVE_STATUS_TOPIC_2_V --partitions 10 --bootstrap-server $KAFKA_HOST_PORT --if-not-exists ; \
-        kafka-topics.sh --create --topic $AZURE_ARCHIVE_STATUS_TOPIC_2_S --partitions 10 --bootstrap-server $KAFKA_HOST_PORT --if-not-exists"

.github/scripts/end2end/run-e2e-ctst.sh

@@ -13,145 +13,37 @@ JUNIT_REPORT_PATH=${JUNIT_REPORT_PATH:-"ctst-junit.xml"}
 # Zenko Version
 VERSION=$(cat ../../../VERSION | grep -Po 'VERSION="\K[^"]*')
 
-# Zenko Environment
-ZENKO_ACCOUNT_NAME="zenko-ctst"
-ADMIN_ACCESS_KEY_ID=$(kubectl get secret end2end-management-vault-admin-creds.v1 -o jsonpath='{.data.accessKey}' | base64 -d)
-ADMIN_SECRET_ACCESS_KEY=$(kubectl get secret end2end-management-vault-admin-creds.v1  -o jsonpath='{.data.secretKey}' | base64 -d)
-ADMIN_PRA_ACCESS_KEY_ID=$(kubectl get secret end2end-pra-management-vault-admin-creds.v1 -o jsonpath='{.data.accessKey}' | base64 -d)
-ADMIN_PRA_SECRET_ACCESS_KEY=$(kubectl get secret end2end-pra-management-vault-admin-creds.v1  -o jsonpath='{.data.secretKey}' | base64 -d)
-STORAGE_MANAGER_USER_NAME="ctst_storage_manager"
-STORAGE_ACCOUNT_OWNER_USER_NAME="ctst_storage_account_owner"
-DATA_CONSUMER_USER_NAME="ctst_data_consumer"
-DATA_ACCESSOR_USER_NAME="ctst_data_accessor"
-VAULT_AUTH_HOST="${ZENKO_NAME}-connector-vault-auth-api.default.svc.cluster.local"
-ZENKO_PORT="80"
-KEYCLOAK_TEST_USER=${OIDC_USERNAME}
-KEYCLOAK_TEST_PASSWORD=${OIDC_PASSWORD}
-KEYCLOAK_TEST_HOST=${OIDC_HOST}
-KEYCLOAK_TEST_PORT="80"
-KEYCLOAK_TEST_REALM_NAME=${OIDC_REALM}
-KEYCLOAK_TEST_CLIENT_ID=${OIDC_CLIENT_ID}
-KEYCLOAK_TEST_GRANT_TYPE="password"
+# Minimal environment setup - CTST will handle all Kubernetes discovery
 
-# get Zenko service users credentials
-BACKBEAT_LCBP_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-lcbp-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-lifecycle-bp-1\.json}' | base64 -d)
-BACKBEAT_LCC_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-lcc-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-lifecycle-conductor-1\.json}' | base64 -d)
-BACKBEAT_LCOP_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-lcop-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-lifecycle-op-1\.json}' | base64 -d)
-BACKBEAT_QP_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-qp-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-qp-1\.json}' | base64 -d)
-SORBET_FWD_2_ACCESSKEY=$(kubectl get secret -l app.kubernetes.io/name=sorbet-fwd-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.accessKey}' | base64 -d)
-SORBET_FWD_2_SECRETKEY=$(kubectl get secret -l app.kubernetes.io/name=sorbet-fwd-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.secretKey}' | base64 -d)
-SERVICE_USERS_CREDENTIALS=$(echo '{"backbeat-lifecycle-bp-1":'${BACKBEAT_LCBP_1_CREDS}',"backbeat-lifecycle-conductor-1":'${BACKBEAT_LCC_1_CREDS}',"backbeat-lifecycle-op-1":'${BACKBEAT_LCOP_1_CREDS}',"backbeat-qp-1":'${BACKBEAT_QP_1_CREDS}',"sorbet-fwd-2":{"accessKey":"'${SORBET_FWD_2_ACCESSKEY}'","secretKey":"'${SORBET_FWD_2_SECRETKEY}'"}}' | jq -R)
-
-# Get KAFKA topics for sorbet
-KAFKA_DEAD_LETTER_TOPIC=$(kubectl get secret -l app.kubernetes.io/name=cold-sorbet-config-e2e-azure-archive,app.kubernetes.io/instance=end2end \
-    -o jsonpath='{.items[0].data.config\.json}' | base64 -di | jq '."kafka-dead-letter-topic"' | cut -d "\"" -f 2)
-
-KAFKA_OBJECT_TASK_TOPIC=$(kubectl get secret -l app.kubernetes.io/name=cold-sorbet-config-e2e-azure-archive,app.kubernetes.io/instance=end2end \
-    -o jsonpath='{.items[0].data.config\.json}' | base64 -di | jq '."kafka-object-task-topic"' | cut -d "\"" -f 2)
-  
-KAFKA_GC_REQUEST_TOPIC=$(kubectl get secret -l app.kubernetes.io/name=cold-sorbet-config-e2e-azure-archive,app.kubernetes.io/instance=end2end \
-    -o jsonpath='{.items[0].data.config\.json}' | base64 -di | jq '."kafka-gc-request-topic"' | cut -d "\"" -f 2)
-
-DR_ADMIN_ACCESS_KEY_ID=$(kubectl get secret end2end-pra-management-vault-admin-creds.v1 -o jsonpath='{.data.accessKey}' | base64 -d)
-DR_ADMIN_SECRET_ACCESS_KEY=$(kubectl get secret end2end-pra-management-vault-admin-creds.v1  -o jsonpath='{.data.secretKey}' | base64 -d)
-
-# Extracting kafka host from bacbeat's config
-KAFKA_HOST_PORT=$(kubectl get secret -l app.kubernetes.io/name=backbeat-config,app.kubernetes.io/instance=end2end \
-    -o jsonpath='{.items[0].data.config\.json}' | base64 -di | jq .kafka.hosts)
-KAFKA_HOST_PORT=${KAFKA_HOST_PORT:1:-1}
-
-TIME_PROGRESSION_FACTOR=$(kubectl get zenko ${ZENKO_NAME} -o jsonpath="{.metadata.annotations.zenko\.io/time-progression-factor}")
-INSTANCE_ID=$(kubectl get zenko ${ZENKO_NAME} -o jsonpath='{.status.instanceID}')
-
-# Azure archive tests
-AZURE_ARCHIVE_ACCESS_TIER="Hot"
-AZURE_ARCHIVE_MANIFEST_ACCESS_TIER="Hot"
-
-BACKBEAT_API_HOST=$(kubectl get secret -l app.kubernetes.io/name=connector-cloudserver-config,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.config\.json}' | base64 -di | jq .backbeat.host)
-BACKBEAT_API_HOST=${BACKBEAT_API_HOST:1:-1}
-BACKBEAT_API_PORT=$(kubectl get secret -l app.kubernetes.io/name=connector-cloudserver-config,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.config\.json}' | base64 -di | jq .backbeat.port)
-
-KAFKA_CLEANER_INTERVAL=$(kubectl get zenko ${ZENKO_NAME} -o jsonpath='{.spec.kafkaCleaner.interval}')
-SORBETD_RESTORE_TIMEOUT=$(kubectl get zenko ${ZENKO_NAME} -o jsonpath='{.spec.sorbet.server.azure.restoreTimeout}')
-
-# Utilization service
-UTILIZATION_SERVICE_HOST=$(kubectl get zenko ${ZENKO_NAME} -o jsonpath='{.spec.scuba.api.ingress.hostname}')
-UTILIZATION_SERVICE_PORT="80"
-
-# Setting CTST world params
+# Minimal CTST world params - CTST handles all Kubernetes discovery
 WORLD_PARAMETERS="$(jq -c <<EOF
 {
+  "Namespace":"default",
   "subdomain":"${SUBDOMAIN}",
   "DRSubdomain":"${DR_SUBDOMAIN}",
-  "ssl":false,
-  "port":"${ZENKO_PORT}",
-  "AccountName":"${ZENKO_ACCOUNT_NAME}",
-  "AdminAccessKey":"${ADMIN_ACCESS_KEY_ID}",
-  "AdminSecretKey":"${ADMIN_SECRET_ACCESS_KEY}",
-  "VaultAuthHost":"${VAULT_AUTH_HOST}",
-  "NotificationDestination":"${NOTIF_DEST_NAME}",
-  "NotificationDestinationTopic":"${NOTIF_DEST_TOPIC}",
-  "NotificationDestinationAlt":"${NOTIF_ALT_DEST_NAME}",
-  "NotificationDestinationTopicAlt":"${NOTIF_ALT_DEST_TOPIC}",
-  "KafkaExternalIps": "${KAFKA_EXTERNAL_IP:-}",
-  "PrometheusService":"${PROMETHEUS_NAME}-operated.default.svc.cluster.local",
-  "KafkaHosts":"${KAFKA_HOST_PORT}",
-  "KeycloakUsername":"${KEYCLOAK_TEST_USER}",
-  "KeycloakPassword":"${KEYCLOAK_TEST_PASSWORD}",
-  "KeycloakHost":"${KEYCLOAK_TEST_HOST}",
-  "KeycloakPort":"${KEYCLOAK_TEST_PORT}",
-  "keycloakRealm":"${KEYCLOAK_TEST_REALM_NAME}",
-  "keycloakClientId":"${KEYCLOAK_TEST_CLIENT_ID}",
-  "keycloakGrantType":"${KEYCLOAK_TEST_GRANT_TYPE}",
-  "StorageManagerUsername":"${STORAGE_MANAGER_USER_NAME}",
-  "StorageAccountOwnerUsername":"${STORAGE_ACCOUNT_OWNER_USER_NAME}",
-  "DataConsumerUsername":"${DATA_CONSUMER_USER_NAME}",
-  "DataAccessorUsername":"${DATA_ACCESSOR_USER_NAME}",
-  "ServiceUsersCredentials":${SERVICE_USERS_CREDENTIALS},
-  "AzureAccountName":"${AZURE_ACCOUNT_NAME}",
-  "AzureAccountKey":"${AZURE_SECRET_KEY}",
-  "AzureArchiveContainer":"${AZURE_ARCHIVE_BUCKET_NAME}",
-  "AzureArchiveContainer2":"${AZURE_ARCHIVE_BUCKET_NAME_2}",
-  "AzureArchiveAccessTier":"${AZURE_ARCHIVE_ACCESS_TIER}",
-  "AzureArchiveManifestTier":"${AZURE_ARCHIVE_MANIFEST_ACCESS_TIER}",
-  "AzureArchiveQueue":"${AZURE_ARCHIVE_QUEUE_NAME}",
-  "TimeProgressionFactor":"${TIME_PROGRESSION_FACTOR}",
-  "KafkaObjectTaskTopic":"${KAFKA_OBJECT_TASK_TOPIC}",
-  "KafkaGCRequestTopic":"${KAFKA_GC_REQUEST_TOPIC}",
-  "KafkaDeadLetterQueueTopic":"${KAFKA_DEAD_LETTER_TOPIC}",
-  "InstanceID":"${INSTANCE_ID}",
-  "BackbeatApiHost":"${BACKBEAT_API_HOST}",
-  "BackbeatApiPort":"${BACKBEAT_API_PORT}",
-  "KafkaCleanerInterval":"${KAFKA_CLEANER_INTERVAL}",
-  "SorbetdRestoreTimeout":"${SORBETD_RESTORE_TIMEOUT}",
-  "TimeProgressionFactor":"${TIME_PROGRESSION_FACTOR}",
-  "DRAdminAccessKey":"${DR_ADMIN_ACCESS_KEY_ID}",
-  "DRAdminSecretKey":"${DR_ADMIN_SECRET_ACCESS_KEY}",
-  "UtilizationServiceHost":"${UTILIZATION_SERVICE_HOST}",
-  "UtilizationServicePort":"${UTILIZATION_SERVICE_PORT}"
+  "KeycloakUsername":"${OIDC_USERNAME:-testuser}",
+  "KeycloakPassword":"${OIDC_PASSWORD:-testpass}",
+  "KeycloakHost":"${OIDC_HOST:-keycloak.zenko.local}",
+  "KeycloakRealm":"${OIDC_REALM:-zenko}",
+  "KeycloakClientId":"${OIDC_CLIENT_ID:-zenko-ui}",
+  "AzureAccountName":"${AZURE_ACCOUNT_NAME:-devstoreaccount1}",
+  "AzureAccountKey":"${AZURE_SECRET_KEY:-Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==}",
+  "AzureArchiveContainer":"${AZURE_ARCHIVE_BUCKET_NAME:-archive-container}",
+  "AzureArchiveContainer2":"${AZURE_ARCHIVE_BUCKET_NAME_2:-archive-container-2}",
+  "AzureArchiveQueue":"${AZURE_ARCHIVE_QUEUE_NAME:-archive-queue}"
 }
 EOF
 )"
 
-# Set up environment variables for testing
-kubectl set env deployment end2end-connector-cloudserver SCUBA_HEALTHCHECK_FREQUENCY=100
-kubectl rollout status deployment end2end-connector-cloudserver
-
 E2E_IMAGE=$E2E_CTST_IMAGE_NAME:$E2E_IMAGE_TAG
 POD_NAME="${ZENKO_NAME}-ctst-tests"
 CTST_VERSION=$(sed 's/.*"cli-testing": ".*#\(.*\)".*/\1/;t;d' ../../../tests/ctst/package.json)
 
-# Configure keycloak
-docker run \
-    --rm \
-    --network=host \
-    "${E2E_IMAGE}" /bin/bash \
-    -c "SUBDOMAIN=${SUBDOMAIN} CONTROL_PLANE_INGRESS_ENDPOINT=${OIDC_ENDPOINT} ACCOUNT=${ZENKO_ACCOUNT_NAME} KEYCLOAK_REALM=${KEYCLOAK_TEST_REALM_NAME} STORAGE_MANAGER=${STORAGE_MANAGER_USER_NAME} STORAGE_ACCOUNT_OWNER=${STORAGE_ACCOUNT_OWNER_USER_NAME} DATA_CONSUMER=${DATA_CONSUMER_USER_NAME} DATA_ACCESSOR=${DATA_ACCESSOR_USER_NAME} /ctst/bin/seedKeycloak.sh"; [[ $? -eq 1 ]] && exit 1 || echo 'Keycloak Configured!'
-
-# Grant access to Kube API (insecure, only for testing)
-kubectl create clusterrolebinding serviceaccounts-cluster-admin \
+# Grant CTST cluster-admin permissions (test environment only)
+kubectl create clusterrolebinding ctst-cluster-admin \
   --clusterrole=cluster-admin \
-  --group=system:serviceaccounts
+  --serviceaccount=default:default \
+  --dry-run=client -o yaml | kubectl apply -f -
 
 # Running end2end ctst tests
 # Using overrides as we need to attach a local folder to the pod

.github/scripts/end2end/setup-ctst-local.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -exu
+
+# CTST Local Development Setup
+# This script sets up minimal prerequisites for running CTST locally
+# In the future, when CTST is the only test suite, this may be integrated into CTST itself
+
+NAMESPACE=${1:-default}
+
+echo "Setting up CTST local development environment..."
+
+# 1. Grant CTST cluster-admin permissions (test environment only)
+echo "Setting up CTST permissions..."
+kubectl create clusterrolebinding ctst-cluster-admin \
+  --clusterrole=cluster-admin \
+  --serviceaccount=default:default \
+  --dry-run=client -o yaml | kubectl apply -f -
+
+# 2. Check if CoreDNS needs patching for mock service resolution
+echo "Checking CoreDNS configuration..."
+if ! kubectl get configmap coredns -n kube-system -o yaml | grep -q "azure-mock.zenko.local" 2>/dev/null; then
+    echo "Patching CoreDNS for mock service resolution..."
+    bash patch-coredns.sh
+else
+    echo "CoreDNS already configured"
+fi
+
+# 3. Setup /etc/hosts for local development (requires sudo)
+echo "Checking /etc/hosts configuration..."
+if ! grep -q "zenko.local" /etc/hosts 2>/dev/null; then
+    echo "Setting up /etc/hosts (requires sudo)..."
+    echo "127.0.0.1 iam.zenko.local ui.zenko.local s3-local-file.zenko.local keycloak.zenko.local \
+        sts.zenko.local management.zenko.local s3.zenko.local website.mywebsite.com utilization.zenko.local" | sudo tee -a /etc/hosts
+else
+    echo "/etc/hosts already configured"
+fi
+
+# 4. Wait for Zenko to be ready
+echo "Waiting for Zenko deployment to be ready..."
+kubectl wait --for condition=DeploymentFailure=false --timeout 10m zenko/end2end -n $NAMESPACE 2>/dev/null || echo "Zenko wait failed or not found"
+kubectl wait --for condition=DeploymentInProgress=false --timeout 10m zenko/end2end -n $NAMESPACE 2>/dev/null || echo "Zenko wait failed or not found"
+
+echo "CTST local environment ready!"
+echo ""
+echo "Usage:"
+echo "  cd tests/ctst"
+echo "  npm test                    # Run all CTST tests"
+echo "  npm run test -- --tags @PRA # Run specific test tags"
+echo ""
+echo "Note: CTST will handle all Kubernetes setup (mocks, topics, deployments, etc.) automatically"