* add comment to README

* add venctl and step as tools
* reduce log level
* add controls based on MR labels

Author: Mladen Rusev

.github/workflows/tests.yaml

@@ -65,6 +65,7 @@ jobs:
       - run: make -j test-unit test-helm
 
   test-e2e:
+    if: contains(github.event.pull_request.labels.*.name, 'test-e2e')
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -74,6 +75,7 @@ jobs:
       - uses: ./.github/actions/repo_access
         with:
           DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB: ${{ secrets.DEPLOY_KEY_READ_VENAFI_CONNECTION_LIB }}
+
       - name: Authenticate to Google Cloud
         id: auth
         uses: google-github-actions/auth@v2
@@ -84,35 +86,53 @@ jobs:
         id: setup-gcloud
         uses: google-github-actions/setup-gcloud@v2
         with:
+          install_components: "gke-gcloud-auth-plugin"
           project_id: machineidentitysecurity-jsci-e
 
       - name: Configure Docker for Google Artifact Registry
         run: gcloud auth configure-docker europe-west1-docker.pkg.dev
 
-      - name: Install dependencies
-        run: |
-          gcloud components install gke-gcloud-auth-plugin
-          curl -sSfL https://dl.venafi.cloud/venctl/latest/installer.sh | bash
-          echo "/home/runner/.venafi/bin" >> $GITHUB_PATH    
-          curl -LO https://github.com/smallstep/cli/releases/latest/download/step-cli_amd64.deb
-          sudo apt-get install ./step-cli_amd64.deb
-          helm plugin install https://github.com/databus23/helm-diff
-
       - id: go-version
         run: |
           make print-go-version >> "$GITHUB_OUTPUT"
 
       - uses: actions/setup-go@v5
         with:
           go-version: ${{ steps.go-version.outputs.result }}
-      - run: make -j test-e2e-gke
+
+      - name: Generate timestamp for cluster name
+        id: timestamp # Give the step an ID to reference its output
+        run: |
+          # Generate a timestamp in the format YYMMDD-HHMMSS.
+          # Extracting from PR name would require sanitization due to GKE cluster naming constraints        
+          TIMESTAMP=$(date +'%y%m%d-%H%M%S')
+          CLUSTER_NAME="test-secretless-${TIMESTAMP}"
+          echo "Generated cluster name: ${CLUSTER_NAME}"
+          echo "cluster_name=${CLUSTER_NAME}" >> $GITHUB_OUTPUT
+
+      - run: |
+          make helm-plugins
+          make -j test-e2e-gke
+        # The VEN_API_KEY_PULL secret is set to my API key (Mladen) for glow.in.the.dark tenant.
         env:
           VEN_API_KEY: ${{ secrets.VEN_API_KEY_PULL }}
           VEN_API_KEY_PULL: ${{ secrets.VEN_API_KEY_PULL }}
           OCI_BASE: europe-west1-docker.pkg.dev/machineidentitysecurity-jsci-e/js-agent-ci-repo
           VEN_API_HOST: api.venafi.cloud
-          VEN_ZONE: mladen-test\Default
+          VEN_ZONE: k8s-agent-CI\Default
           VEN_VCP_REGION: us
           CLOUDSDK_CORE_PROJECT: machineidentitysecurity-jsci-e
           CLOUDSDK_COMPUTE_ZONE: europe-west1-b
-          CLUSTER_NAME: test-secretless
+          CLUSTER_NAME: ${{ steps.timestamp.outputs.cluster_name }}
+
+      - name: Delete GKE Cluster
+        # 'always()' - Run this step regardless of success or failure.
+        # '!contains(...)' - AND only run if the list of PR labels DOES NOT contain 'keep-e2e-cluster'.
+        # NOTE: You will have to delete the test cluster manually when finished with debugging or incur costs.
+        if: always() && !contains(github.event.pull_request.labels.*.name, 'keep-e2e-cluster')
+        run: |
+          echo "Label 'keep-e2e-cluster' not found. Cleaning up GKE cluster ${{ steps.timestamp.outputs.cluster_name }}"
+          gcloud container clusters delete ${{ steps.timestamp.outputs.cluster_name }} \
+            --project=${{ secrets.GCP_PROJECT_ID }} \
+            --zone=europe-west1-b \
+            --quiet

README.md

@@ -56,3 +56,10 @@ The following metrics are collected:
 - Go collector: via the [default registry](https://github.com/prometheus/client_golang/blob/34e02e282dc4a3cb55ca6441b489ec182e654d59/prometheus/registry.go#L60-L63) in Prometheus `client_golang`.
 - Process collector: via the [default registry](https://github.com/prometheus/client_golang/blob/34e02e282dc4a3cb55ca6441b489ec182e654d59/prometheus/registry.go#L60-L63) in Prometheus `client_golang`.
 - Agent metrics: `data_readings_upload_size`: Data readings upload size (in bytes) sent by the in-cluster agent.
+
+## End to end testing
+
+An end to end test script is available in the [./hack/e2e/test.sh](./hack/e2e/test.sh) directory. It is configured to run in CI
+in the tests.yaml GitHub Actions workflow. To run the script you will need to add the `test-e2e` label to the PR.
+The script creates a cluster in GKE and cleanups after itself unless the `keep-e2e-cluster` label is set on the PR. Adding that 
+label will leave the cluster running for further debugging but it will incur costs so manually delete the cluster when done.

hack/e2e/values.venafi-kubernetes-agent.yaml

@@ -10,4 +10,4 @@ authentication:
 
 extraArgs:
 - --logging-format=json
-- --log-level=6
+- --log-level=4

make/02_mod.mk

@@ -51,8 +51,8 @@ shared_generate_targets += generate-crds-venconn
 ## Wait for it to log a message indicating successful data upload.
 ## See `hack/e2e/test.sh` for the full test script.
 ## @category Testing
-test-e2e-gke:
-	./hack/e2e/test.sh
+test-e2e-gke: | $(NEEDS_HELM) $(NEEDS_STEP) $(NEEDS_VENCTL)
+	PATH="$(bin_dir)/tools:${PATH}" ./hack/e2e/test.sh
 
 .PHONY: test-helm
 ## Run `helm unittest`.
@@ -66,6 +66,15 @@ test-helm: | $(NEEDS_HELM-UNITTEST)
 test-helm-snapshot: | $(NEEDS_HELM-UNITTEST)
 	$(HELM-UNITTEST) ./deploy/charts/venafi-kubernetes-agent/ -u
 
+.PHONY: helm-plugins
+## Install required helm plugins
+helm-plugins: $(NEEDS_HELM)
+	@if ! $(HELM) plugin list | grep -q diff; then \
+		echo ">>> Installing helm-diff plugin"; \
+		$(HELM) plugin install https://github.com/databus23/helm-diff; \
+	else \
+		echo "helm-diff plugin already installed"; \
+	fi
 
 .PHONY: verify-govulncheck
 ## Verify all Go modules for vulnerabilities using govulncheck Copied from makefile-modules

make/_shared/tools/00_mod.mk

@@ -1,16 +1,4 @@
-# Copyright 2023 The cert-manager Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+
 
 ifndef bin_dir
 $(error bin_dir is not set)
@@ -636,6 +624,34 @@ $(DOWNLOAD_DIR)/tools/operator-sdk@$(OPERATOR-SDK_VERSION)_$(HOST_OS)_$(HOST_ARC
 		$(checkhash_script) $(outfile) $(operator-sdk_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
 		chmod +x $(outfile)
 
+# https://docs.venafi.cloud/vaas/venctl/c-venctl-releases/
+venctl_linux_amd64_SHA256SUM=26e7b7a7e134f1cf1f3ffacf4ae53ec6849058db5007ce4088d51f404ededb4a
+venctl_darwin_amd64_SHA256SUM=2e76693901abcb2c018f66d3a10558c66ca09d1a3be912258bcd6c58e89aae80
+venctl_darwin_arm64_SHA256SUM=4350912d67683773302655e2a0151320514d1ccf82ee99c895e6780f86b6f031
+
+.PRECIOUS: $(DOWNLOAD_DIR)/tools/venctl@$(VENCTL_VERSION)_$(HOST_OS)_$(HOST_ARCH)
+$(DOWNLOAD_DIR)/tools/venctl@$(VENCTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
+	@source $(lock_script) $@; \
+		$(CURL) https://dl.venafi.cloud/venctl/$(VENCTL_VERSION)/venctl-$(HOST_OS)-$(HOST_ARCH).zip -o $(outfile).zip; \
+		$(checkhash_script) $(outfile).zip $(venctl_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
+		unzip -p $(outfile).zip venctl > $(outfile); \
+		chmod +x $(outfile); \
+		rm -f $(outfile).zip
+
+# https://github.com/smallstep/cli/releases/
+step_linux_amd64_SHA256SUM=2908f3c7d90181eec430070b231da5c0861e37537bf8e2388d031d3bd6c7b8c6
+step_linux_arm64_SHA256SUM=96636a6cc980d53a98c72aa3b99e04f0b874a733d9ddf43fc6b0f1725f425c37
+step_darwin_amd64_SHA256SUM=f6e9a9078cfc5f559c8213e023df6e8ebf8d9d36ffbd82749a41ee1c40a23623
+step_darwin_arm64_SHA256SUM=b856702ee138a9badbe983e88758c0330907ea4f97e429000334ba038597db5b
+
+.PRECIOUS: $(DOWNLOAD_DIR)/tools/step@$(STEP_VERSION)_$(HOST_OS)_$(HOST_ARCH)
+$(DOWNLOAD_DIR)/tools/step@$(STEP_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools
+	@source $(lock_script) $@; \
+		$(CURL) https://dl.smallstep.com/gh-release/cli/gh-release-header/v$(STEP_VERSION)/step_$(HOST_OS)_$(STEP_VERSION)_$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \
+		$(checkhash_script) $(outfile).tar.gz $(step_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \
+		tar xfO $(outfile).tar.gz step_$(STEP_VERSION)/bin/step > $(outfile); \
+		chmod +x $(outfile); \
+		rm -f $(outfile).tar.gz
 #################
 # Other Targets #
 #################