test(e2e): add test suite for Azure Key authentication

Signed-off-by: Mateusz Urbanek <[email protected]>

Author: shanduur

test/e2e/azure/key/delete/chainsaw-test.yaml

@@ -0,0 +1,107 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: test-azure-key-delete
+  labels:
+    protocol: "Azure"
+    authenticationType: "Key"
+    deletionPolicy: "Delete"
+spec:
+  template: true
+  steps:
+  - name: Check if COSI Controller exist
+    try:
+    - assert:
+        file: ../../../tests/controller.yaml
+  - name: Create test BucketClass and BucketAccessClass
+    try:
+    - apply:
+        file: ./resources/BucketClass.yaml
+    - apply:
+        file: ./resources/BucketAccessClass.yaml
+  - name: Create BucketClaim
+    try:
+    - apply:
+        file: ./resources/BucketClaim.yaml
+  - name: Check if BucketClaim is ready
+    try:
+    - assert:
+        resource:
+          apiVersion: objectstorage.k8s.io/v1alpha1
+          kind: BucketClaim
+          metadata:
+            name: test-azure-key-delete
+          status:
+            bucketReady: true
+  - name: Create BucketAccess
+    try:
+    - apply:
+        file: ./resources/BucketAccess.yaml
+  - name: Check if BucketAccess is granted
+    try:
+    - assert:
+        resource:
+          apiVersion: objectstorage.k8s.io/v1alpha1
+          kind: BucketAccess
+          metadata:
+            name: test-azure-key-delete
+          status:
+            accessGranted: true
+  - name: Check if Secret exists
+    try:
+    - assert:
+        resource:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: test-azure-key-delete
+  - name: Run ObjectStorage validation tool
+    # TODO: This should be either a standalone test tool developed by us, to run test suite:
+    # - validate Secret format;
+    # - validate connectivity to the Object Storage server;
+    # Right now it is using busybox to check if the secret has correct format.
+    try:
+    - apply:
+        file: ../../../tests/validator.yaml
+    - create:
+        resource:
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: test-azure-key-delete
+          spec:
+            ttlSecondsAfterFinished: 100
+            template:
+              spec:
+                restartPolicy: Never
+                containers:
+                - name: secret-test
+                  image: docker.io/library/python:3.12
+                  command: [ "sh", "/validation/validation.sh" ]
+                  volumeMounts:
+                  - mountPath: /validator
+                    name: validator
+                  - mountPath: /conf
+                    name: secret-vol
+                volumes:
+                - name: validator
+                  configMap:
+                    name: validator  
+                - name: secret-vol
+                  secret:
+                    secretName: test-retain-secret
+                    items:
+                    - key: BucketInfo
+                      path: BucketInfo.json
+  - name: Check if ObjectStorage validation tool completed succesfully
+    try:
+    - assert:
+        resource:
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: test-azure-key-delete
+          status:
+            succeeded: 1

test/e2e/azure/key/delete/resources/BucketAccess.yaml

@@ -0,0 +1,9 @@
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketAccess
+metadata:
+  name: test-azure-key-delete
+spec:
+  bucketClaimName: test-azure-key-delete
+  protocol: azure
+  bucketAccessClassName: test-azure-key-delete
+  credentialsSecretName: test-azure-key-delete

test/e2e/azure/key/delete/resources/BucketAccessClass.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketAccessClass
+metadata:
+  name: test-azure-key-delete
+driverName: sample-driver.objectstorage.k8s.io
+authenticationType: Key
+parameters: {}

test/e2e/azure/key/delete/resources/BucketClaim.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketClaim
+metadata:
+  name: test-azure-key-delete
+spec:
+  bucketClassName: test-azure-key-delete
+  protocols: [ 'azure' ]

test/e2e/azure/key/delete/resources/BucketClass.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketClass
+metadata:
+  name: test-azure-key-delete
+driverName: sample-driver.objectstorage.k8s.io
+deletionPolicy: Delete
+parameters: {}

test/e2e/azure/key/retain/chainsaw-test.yaml

@@ -0,0 +1,107 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: test-azure-key-retain
+  labels:
+    protocol: "Azure"
+    authenticationType: "Key"
+    deletionPolicy: "Retain"
+spec:
+  template: true
+  steps:
+  - name: Check if COSI Controller exist
+    try:
+    - assert:
+        file: ../../../tests/controller.yaml
+  - name: Create test BucketClass and BucketAccessClass
+    try:
+    - apply:
+        file: ./resources/BucketClass.yaml
+    - apply:
+        file: ./resources/BucketAccessClass.yaml
+  - name: Create BucketClaim
+    try:
+    - apply:
+        file: ./resources/BucketClaim.yaml
+  - name: Check if BucketClaim is ready
+    try:
+    - assert:
+        resource:
+          apiVersion: objectstorage.k8s.io/v1alpha1
+          kind: BucketClaim
+          metadata:
+            name: test-azure-key-retain
+          status:
+            bucketReady: true
+  - name: Create BucketAccess
+    try:
+    - apply:
+        file: ./resources/BucketAccess.yaml
+  - name: Check if BucketAccess is granted
+    try:
+    - assert:
+        resource:
+          apiVersion: objectstorage.k8s.io/v1alpha1
+          kind: BucketAccess
+          metadata:
+            name: test-azure-key-retain
+          status:
+            accessGranted: true
+  - name: Check if Secret exists
+    try:
+    - assert:
+        resource:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: test-azure-key-retain
+  - name: Run ObjectStorage validation tool
+    # TODO: This should be either a standalone test tool developed by us, to run test suite:
+    # - validate Secret format;
+    # - validate connectivity to the Object Storage server;
+    # Right now it is using busybox to check if the secret has correct format.
+    try:
+    - apply:
+        file: ../../../tests/validator.yaml
+    - create:
+        resource:
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: test-azure-key-retain
+          spec:
+            ttlSecondsAfterFinished: 100
+            template:
+              spec:
+                restartPolicy: Never
+                containers:
+                - name: secret-test
+                  image: docker.io/library/python:3.12
+                  command: [ "sh", "/validation/validation.sh" ]
+                  volumeMounts:
+                  - mountPath: /validator
+                    name: validator
+                  - mountPath: /conf
+                    name: secret-vol
+                volumes:
+                - name: validator
+                  configMap:
+                    name: validator
+                - name: secret-vol
+                  secret:
+                    secretName: test-azure-key-retain
+                    items:
+                    - key: BucketInfo
+                      path: BucketInfo.json
+  - name: Check if ObjectStorage validation tool completed succesfully
+    try:
+    - assert:
+        resource:
+          apiVersion: batch/v1
+          kind: Job
+          metadata:
+            name: test-azure-key-retain
+          status:
+            succeeded: 1

test/e2e/azure/key/retain/resources/BucketAccess.yaml

@@ -0,0 +1,9 @@
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketAccess
+metadata:
+  name: test-azure-key-retain
+spec:
+  bucketClaimName: test-azure-key-retain
+  protocol: azure
+  bucketAccessClassName: test-azure-key-retain
+  credentialsSecretName: test-azure-key-retain

test/e2e/azure/key/retain/resources/BucketAccessClass.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketAccessClass
+metadata:
+  name: test-azure-key-retain
+driverName: sample-driver.objectstorage.k8s.io
+authenticationType: Key
+parameters: {}

test/e2e/azure/key/retain/resources/BucketClaim.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketClaim
+metadata:
+  name: test-azure-key-retain
+spec:
+  bucketClassName: test-azure-key-retain
+  protocols: [ 'azure' ]

test/e2e/azure/key/retain/resources/BucketClass.yaml

@@ -0,0 +1,7 @@
+apiVersion: objectstorage.k8s.io/v1alpha1
+kind: BucketClass
+metadata:
+  name: test-azure-key-retain
+driverName: sample-driver.objectstorage.k8s.io
+deletionPolicy: Retain
+parameters: {}