From 1449bbe36e44315fa6e74375e7ab0607dd182344 Mon Sep 17 00:00:00 2001 From: ChenjieXu Date: Wed, 1 Apr 2020 13:26:54 +0800 Subject: Integrate Openness EAA Openness EAA provides application/service registration and authentication. EAA is integrated by running EAA via ONAP4K8S. Issue-ID: MULTICLOUD-1044 Signed-off-by: ChenjieXu Change-Id: I66dffc5bcfc66675f6b62672e32496ec7f71454c --- kud/hosting_providers/containerized/installer.sh | 2 +- kud/hosting_providers/vagrant/installer.sh | 2 +- kud/tests/_common.sh | 24 +++ kud/tests/_functions.sh | 22 +++ kud/tests/openness/eaa/helm/eaa/Chart.yaml | 18 ++ .../eaa/helm/eaa/templates/eaa-deployment.yaml | 56 ++++++ .../eaa/helm/eaa/templates/eaa-service.yaml | 18 ++ .../openness/eaa/helm/eaa/templates/eaa-tls.yaml | 7 + kud/tests/openness/eaa/helm/eaa/values.yaml | 77 ++++++++ kud/tests/openness/eaa/profile/manifest.yaml | 4 + .../openness/eaa/profile/override_values.yaml | 0 .../openness/sample-app/helm/sample-app/Chart.yaml | 18 ++ .../sample-app/templates/consumer-deployment.yaml | 22 +++ .../sample-app/templates/prod-cons-policy.yaml | 18 ++ .../sample-app/templates/producer-deployment.yaml | 22 +++ .../sample-app/helm/sample-app/values.yaml | 42 +++++ .../openness/sample-app/profile/manifest.yaml | 4 + .../sample-app/profile/override_values.yaml | 0 kud/tests/plugin_eaa.sh | 207 +++++++++++++++++++++ 19 files changed, 561 insertions(+), 2 deletions(-) create mode 100644 kud/tests/openness/eaa/helm/eaa/Chart.yaml create mode 100644 kud/tests/openness/eaa/helm/eaa/templates/eaa-deployment.yaml create mode 100644 kud/tests/openness/eaa/helm/eaa/templates/eaa-service.yaml create mode 100644 kud/tests/openness/eaa/helm/eaa/templates/eaa-tls.yaml create mode 100644 kud/tests/openness/eaa/helm/eaa/values.yaml create mode 100644 kud/tests/openness/eaa/profile/manifest.yaml create mode 100644 kud/tests/openness/eaa/profile/override_values.yaml create mode 100644 kud/tests/openness/sample-app/helm/sample-app/Chart.yaml create mode 100644 kud/tests/openness/sample-app/helm/sample-app/templates/consumer-deployment.yaml create mode 100644 kud/tests/openness/sample-app/helm/sample-app/templates/prod-cons-policy.yaml create mode 100644 kud/tests/openness/sample-app/helm/sample-app/templates/producer-deployment.yaml create mode 100644 kud/tests/openness/sample-app/helm/sample-app/values.yaml create mode 100644 kud/tests/openness/sample-app/profile/manifest.yaml create mode 100644 kud/tests/openness/sample-app/profile/override_values.yaml create mode 100755 kud/tests/plugin_eaa.sh (limited to 'kud') diff --git a/kud/hosting_providers/containerized/installer.sh b/kud/hosting_providers/containerized/installer.sh index afea0b5a..11c57b41 100755 --- a/kud/hosting_providers/containerized/installer.sh +++ b/kud/hosting_providers/containerized/installer.sh @@ -145,7 +145,7 @@ function install_plugin { echo "Test the onap4k8s installation" bash onap4k8s.sh echo "Test the onap4k8s plugin installation" - for functional_test in plugin_edgex plugin_fw; do + for functional_test in plugin_edgex plugin_fw plugin_eaa; do bash ${functional_test}.sh --external done popd diff --git a/kud/hosting_providers/vagrant/installer.sh b/kud/hosting_providers/vagrant/installer.sh index 859b49ce..21a05688 100755 --- a/kud/hosting_providers/vagrant/installer.sh +++ b/kud/hosting_providers/vagrant/installer.sh @@ -185,7 +185,7 @@ function install_plugin { if [[ "${testing_enabled}" == "true" ]]; then sudo ./start.sh pushd $kud_tests - for functional_test in plugin plugin_edgex plugin_fw; do + for functional_test in plugin plugin_edgex plugin_fw plugin_eaa; do bash ${functional_test}.sh done popd diff --git a/kud/tests/_common.sh b/kud/tests/_common.sh index cd704c53..8da7471e 100755 --- a/kud/tests/_common.sh +++ b/kud/tests/_common.sh @@ -1158,6 +1158,30 @@ function populate_CSAR_fw_rbdefinition { popd } +# populate_CSAR_eaa_rbdefinition() - Function that populates CSAR folder +# for testing resource bundle definition of openness eaa scenario +function populate_CSAR_eaa_rbdefinition { + _checks_args "$1" + pushd "${CSAR_DIR}/$1" + print_msg "Create Helm Chart Archives for Openness EAA" + rm -f *.tar.gz + tar -czf rb_profile.tar.gz -C $test_folder/openness/eaa/profile . + tar -czf rb_definition.tar.gz -C $test_folder/openness/eaa/helm eaa + popd +} + +# populate_CSAR_eaa_sample_app_rbdefinition() - Function that populates CSAR folder +# for testing resource bundle definition of openness sample-app scenario +function populate_CSAR_eaa_sample_app_rbdefinition { + _checks_args "$1" + pushd "${CSAR_DIR}/$1" + print_msg "Create Helm Chart Archives for Openness EAA Sample Apps: producer and consumer" + rm -f *.tar.gz + tar -czf rb_profile.tar.gz -C $test_folder/openness/sample-app/profile . + tar -czf rb_definition.tar.gz -C $test_folder/openness/sample-app/helm sample-app + popd +} + function populate_CSAR_composite_app_helm { _checks_args "$1" pushd "${CSAR_DIR}/$1" diff --git a/kud/tests/_functions.sh b/kud/tests/_functions.sh index d585086b..34c22569 100755 --- a/kud/tests/_functions.sh +++ b/kud/tests/_functions.sh @@ -193,6 +193,28 @@ function wait_for_pod { done } +# wait_for_deployment() - Wait until the deployment is ready +function wait_for_deployment { + #Example usage: + # wait_for_deployment $DEPLOYMENT_NAME $REPLICAS + # wait_for_deployment example_deployment 2 + + status="0/" + + while [[ "$status" != $2* ]]; do + new_status=`kubectl get deployment -A | grep $1 | awk '{print $3}'` + if [[ "$new_status" != "$status" ]]; then + status="$new_status" + fi + + pod_status=`kubectl get pods -A | grep $1 | awk '{print $4}'` + if [[ $pod_status =~ "Err" ]]; then + echo "Deployment $1 error" + exit 1 + fi + done +} + # setup() - Base testing setup shared among functional tests function setup { if ! $(kubectl version &>/dev/null); then diff --git a/kud/tests/openness/eaa/helm/eaa/Chart.yaml b/kud/tests/openness/eaa/helm/eaa/Chart.yaml new file mode 100644 index 00000000..b1875305 --- /dev/null +++ b/kud/tests/openness/eaa/helm/eaa/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Openness EAA Helm Charts for version 19.12 +name: eaa +version: 1.0.0 diff --git a/kud/tests/openness/eaa/helm/eaa/templates/eaa-deployment.yaml b/kud/tests/openness/eaa/helm/eaa/templates/eaa-deployment.yaml new file mode 100644 index 00000000..69f4cb3a --- /dev/null +++ b/kud/tests/openness/eaa/helm/eaa/templates/eaa-deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.deployment.eaa.name }} + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + name: {{ .Values.deployment.eaa.name }} + template: + metadata: + labels: + name: {{ .Values.deployment.eaa.name }} + spec: + initContainers: + - name: {{ .Values.initContainer.name }} + image: {{ .Values.initContainer.image }} + command: ["/bin/sh"] + args: ["-c", "pwd"] + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: {{ .Values.initContainer.resource.requests.cpu }} + limits: + cpu: {{ .Values.initContainer.resource.limits.cpu }} + memory: {{ .Values.initContainer.resource.limits.memory }} + volumeMounts: + - name: {{ .Values.initContainer.volumeMounts.certsSec.name }} + mountPath: {{ .Values.initContainer.volumeMounts.certsSec.mountPath }} + - name: {{ .Values.initContainer.volumeMounts.certs.name }} + mountPath: {{ .Values.initContainer.volumeMounts.certs.mountPath }} + containers: + - name: {{ .Values.container.name }} + image: {{ .Values.container.image }} + imagePullPolicy: IfNotPresent + securityContext: + readOnlyRootFilesystem: true + resources: + requests: + cpu: {{ .Values.container.resource.requests.cpu }} + limits: + cpu: {{ .Values.container.resource.limits.cpu }} + memory: {{ .Values.container.resource.limits.memory }} + volumeMounts: + - name: {{ .Values.container.volumeMounts.certs.name }} + mountPath: {{ .Values.container.volumeMounts.certs.mountPath }} + - name: {{ .Values.container.volumeMounts.certsSec.name }} + mountPath: {{ .Values.container.volumeMounts.certsSec.mountPath }} + volumes: + - name: {{ .Values.volumes.certsSec.name }} + secret: + secretName: {{ .Values.volumes.certsSec.secret.secretName }} + - name: {{ .Values.volumes.certs.name }} + hostPath: + path: {{ .Values.volumes.certs.hostPath.path }} diff --git a/kud/tests/openness/eaa/helm/eaa/templates/eaa-service.yaml b/kud/tests/openness/eaa/helm/eaa/templates/eaa-service.yaml new file mode 100644 index 00000000..d9ee90dd --- /dev/null +++ b/kud/tests/openness/eaa/helm/eaa/templates/eaa-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.eaa.name }} + namespace: {{ .Release.Namespace }} +spec: + clusterIP: {{ .Values.service.eaa.clusterIP }} + selector: + name: eaa + ports: + - name: {{ .Values.service.eaa.httpPortName}} + protocol: {{ .Values.service.eaa.httpProtocol}} + port: {{ .Values.service.eaa.httpPort }} + targetPort: {{ .Values.service.eaa.httpTargetPort }} + - name: {{ .Values.service.eaa.httpsPortName }} + protocol: {{ .Values.service.eaa.httpsProtocol }} + port: {{ .Values.service.eaa.httpsPort }} + targetPort: {{ .Values.service.eaa.httpsTargetPort }} diff --git a/kud/tests/openness/eaa/helm/eaa/templates/eaa-tls.yaml b/kud/tests/openness/eaa/helm/eaa/templates/eaa-tls.yaml new file mode 100644 index 00000000..52de1ce0 --- /dev/null +++ b/kud/tests/openness/eaa/helm/eaa/templates/eaa-tls.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.eaaTls.name }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: diff --git a/kud/tests/openness/eaa/helm/eaa/values.yaml b/kud/tests/openness/eaa/helm/eaa/values.yaml new file mode 100644 index 00000000..2824c673 --- /dev/null +++ b/kud/tests/openness/eaa/helm/eaa/values.yaml @@ -0,0 +1,77 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +service: + eaa: + name: eaa + clusterIP: None + httpPortName: http + httpProtocol: TCP + httpPort: 80 + httpTargetPort: 80 + httpsPortName: https + httpsProtocol: TCP + httpsPort: 443 + httpsTargetPort: 443 + +deployment: + eaa: + name: eaa + +initContainer: + name: alpine + image: alpine:latest + resource: + requests: + cpu: 0.1 + limits: + cpu: 0.1 + memory: 128Mi + volumeMounts: + certsSec: + name: certs-sec + mountPath: /root/certs-sec + certs: + name: certs + mountPath: /root/certs + +container: + name: eaa + image: integratedcloudnative/eaa:1.0 + resource: + requests: + cpu: 0.1 + limits: + cpu: 1 + memory: 128Mi + volumeMounts: + certs: + name: certs + mountPath: /home/eaa/certs/eaa + certsSec: + name: certs-sec + mountPath: /home/eaa/certs-sec + +volumes: + certsSec: + name: certs-sec + secret: + secretName: eaa-tls + certs: + name: certs + hostPath: + path: /etc/openness/certs/eaa + +eaaTls: + name: eaa-tls diff --git a/kud/tests/openness/eaa/profile/manifest.yaml b/kud/tests/openness/eaa/profile/manifest.yaml new file mode 100644 index 00000000..4d381d02 --- /dev/null +++ b/kud/tests/openness/eaa/profile/manifest.yaml @@ -0,0 +1,4 @@ +--- +version: v1 +type: + values: "override_values.yaml" diff --git a/kud/tests/openness/eaa/profile/override_values.yaml b/kud/tests/openness/eaa/profile/override_values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/kud/tests/openness/sample-app/helm/sample-app/Chart.yaml b/kud/tests/openness/sample-app/helm/sample-app/Chart.yaml new file mode 100644 index 00000000..a2352bca --- /dev/null +++ b/kud/tests/openness/sample-app/helm/sample-app/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Openness EAA Sample App Helm Charts for version 19.12 +name: sample-app +version: 1.0.0 diff --git a/kud/tests/openness/sample-app/helm/sample-app/templates/consumer-deployment.yaml b/kud/tests/openness/sample-app/helm/sample-app/templates/consumer-deployment.yaml new file mode 100644 index 00000000..3bce0de2 --- /dev/null +++ b/kud/tests/openness/sample-app/helm/sample-app/templates/consumer-deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.consumer.name }} + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.consumer.name }} + template: + metadata: + labels: + app: {{ .Values.consumer.name }} + spec: + containers: + - name: {{ .Values.consumer.container.name }} + image: {{ .Values.consumer.container.image }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: {{ .Values.consumer.container.port1 }} + - containerPort: {{ .Values.consumer.container.port2 }} diff --git a/kud/tests/openness/sample-app/helm/sample-app/templates/prod-cons-policy.yaml b/kud/tests/openness/sample-app/helm/sample-app/templates/prod-cons-policy.yaml new file mode 100644 index 00000000..93e20c54 --- /dev/null +++ b/kud/tests/openness/sample-app/helm/sample-app/templates/prod-cons-policy.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .Values.policy.name }} + namespace: {{ .Release.Namespace }} +spec: + podSelector: {{ .Values.policy.podSelector }} + policyTypes: + - Ingress + ingress: + - from: + - ipBlock: + cidr: {{ .Values.policy.ingress.cidr }} + ports: + - protocol: {{ .Values.policy.ingress.ports.port1.protocol }} + port: {{ .Values.policy.ingress.ports.port1.port }} + - protocol: {{ .Values.policy.ingress.ports.port2.protocol }} + port: {{ .Values.policy.ingress.ports.port2.port }} diff --git a/kud/tests/openness/sample-app/helm/sample-app/templates/producer-deployment.yaml b/kud/tests/openness/sample-app/helm/sample-app/templates/producer-deployment.yaml new file mode 100644 index 00000000..6554f851 --- /dev/null +++ b/kud/tests/openness/sample-app/helm/sample-app/templates/producer-deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.producer.name }} + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.producer.name }} + template: + metadata: + labels: + app: {{ .Values.producer.name }} + spec: + containers: + - name: {{ .Values.producer.container.name }} + image: {{ .Values.producer.container.image }} + imagePullPolicy: IfNotPresent + ports: + - containerPort: {{ .Values.producer.container.port1 }} + - containerPort: {{ .Values.producer.container.port2 }} diff --git a/kud/tests/openness/sample-app/helm/sample-app/values.yaml b/kud/tests/openness/sample-app/helm/sample-app/values.yaml new file mode 100644 index 00000000..65af7161 --- /dev/null +++ b/kud/tests/openness/sample-app/helm/sample-app/values.yaml @@ -0,0 +1,42 @@ +# Copyright 2018 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +consumer: + name: consumer + container: + name: consumer + image: integratedcloudnative/consumer:1.0 + port1: 80 + port2: 443 + +producer: + name: producer + container: + name: producer + image: integratedcloudnative/producer:1.0 + port1: 80 + port2: 443 + +policy: + name: eaa-prod-cons-policy + podSelector: "{}" + ingress: + cidr: 10.16.0.0/16 + ports: + port1: + protocol: TCP + port: 80 + port2: + protocol: TCP + port: 443 diff --git a/kud/tests/openness/sample-app/profile/manifest.yaml b/kud/tests/openness/sample-app/profile/manifest.yaml new file mode 100644 index 00000000..4d381d02 --- /dev/null +++ b/kud/tests/openness/sample-app/profile/manifest.yaml @@ -0,0 +1,4 @@ +--- +version: v1 +type: + values: "override_values.yaml" diff --git a/kud/tests/openness/sample-app/profile/override_values.yaml b/kud/tests/openness/sample-app/profile/override_values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/kud/tests/plugin_eaa.sh b/kud/tests/plugin_eaa.sh new file mode 100755 index 00000000..5cf44e02 --- /dev/null +++ b/kud/tests/plugin_eaa.sh @@ -0,0 +1,207 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o errexit +set -o nounset +set -o pipefail +#set -o xtrace + +source _common_test.sh +source _functions.sh +source _common.sh + +if [ ${1:+1} ]; then + if [ "$1" == "--external" ]; then + master_ip=$(kubectl cluster-info | grep "Kubernetes master" | \ + awk -F ":" '{print $2}' | awk -F "//" '{print $2}') + onap_svc_node_port=30498 + base_url="http://$master_ip:$onap_svc_node_port/v1" + fi +fi + +base_url=${base_url:-"http://localhost:9015/v1"} +kubeconfig_path="$HOME/.kube/config" +csar_eaa_id=8030a02a-7253-11ea-bc55-0242ac130003 +csar_sample_app_id=150da0b3-aa8c-481e-b661-2620b810765e +rb_eaa_name="eaa" +rb_sample_app_name="sample_app" +rb_version="plugin_test" +chart_eaa_name="eaa" +chart_sample_app_name="sample-app" +profile_eaa_name="test_eaa_profile" +profile_sample_app_name="test_sample_app_profile" +release_name="test-release" +namespace_eaa="openness" +namespace_sample_app="default" +cloud_region_id="kud" +cloud_region_owner="localhost" + +# Setup +install_deps +populate_CSAR_eaa_rbdefinition "$csar_eaa_id" + +print_msg "Registering resource bundle for EAA" +payload="$(cat </dev/null #massive output + +print_msg "Creating EAA" +payload="$(cat <