Skip to content

Commit f81c8ec

Browse files
aramasearamase
committed
add namespace to all kubectl commands in azure.bats
Signed-off-by: Anish Ramasekar <[email protected]>
1 parent e1ba223 commit f81c8ec

File tree

1 file changed

+40
-47
lines changed

1 file changed

+40
-47
lines changed

test/bats/azure.bats

Lines changed: 40 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@ load helpers
55
BATS_TESTS_DIR=test/bats/tests/azure
66
WAIT_TIME=60
77
SLEEP_TIME=1
8-
NAMESPACE=kube-system
8+
NAMESPACE=default
9+
PROVIDER_NAMESPACE=kube-system
910
NODE_SELECTOR_OS=linux
1011
BASE64_FLAGS="-w 0"
1112
if [[ "$OSTYPE" == *"darwin"* ]]; then
@@ -38,51 +39,49 @@ setup() {
3839
# install the azure provider using the helm charts
3940
helm repo add csi-provider-azure https://azure.github.io/secrets-store-csi-driver-provider-azure/charts
4041
helm repo update
41-
helm upgrade --install csi csi-provider-azure/csi-secrets-store-provider-azure --namespace $NAMESPACE \
42+
helm upgrade --install csi csi-provider-azure/csi-secrets-store-provider-azure --namespace $PROVIDER_NAMESPACE \
4243
--set "secrets-store-csi-driver.install=false" \
4344
--set "windows.enabled=$TEST_WINDOWS" \
4445
--set "logVerbosity=5" \
4546
--set "logFormatJSON=true" \
4647

4748
# wait for azure-csi-provider pod to be running
48-
kubectl wait --for=condition=Ready --timeout=150s pods -l app=csi-secrets-store-provider-azure --namespace $NAMESPACE
49+
kubectl wait --for=condition=Ready --timeout=150s pods -l app=csi-secrets-store-provider-azure --namespace $PROVIDER_NAMESPACE
4950
}
5051

5152
@test "deploy azure secretproviderclass crd" {
52-
envsubst < $BATS_TESTS_DIR/azure_v1_secretproviderclass.yaml | kubectl apply -f -
53+
envsubst < $BATS_TESTS_DIR/azure_v1_secretproviderclass.yaml | kubectl apply -n $NAMESPACE -f -
5354

54-
kubectl wait --for condition=established --timeout=60s crd/secretproviderclasses.secrets-store.csi.x-k8s.io
55-
56-
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure -o yaml | grep azure"
55+
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure -n $NAMESPACE -o yaml | grep azure"
5756
wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"
5857
}
5958

6059
@test "CSI inline volume test with pod portability" {
61-
envsubst < $BATS_TESTS_DIR/pod-secrets-store-inline-volume-crd.yaml | kubectl apply -f -
60+
envsubst < $BATS_TESTS_DIR/pod-secrets-store-inline-volume-crd.yaml | kubectl apply -n $NAMESPACE -f -
6261

6362
# The wait timeout is set to 300s only for this first pod in test to accomadate for the node-driver-registrar
6463
# registration retries on windows nodes. Based on previous tests on windows nodes, the node-driver-registrar was
6564
# restarted 5 times before succeeding which resulted in a wait timeout of 300s.
66-
kubectl wait --for=condition=Ready --timeout=300s pod/secrets-store-inline-crd
65+
kubectl wait --for=condition=Ready --timeout=300s -n $NAMESPACE pod/secrets-store-inline-crd
6766

68-
run kubectl get pod/secrets-store-inline-crd
67+
run kubectl get pod/secrets-store-inline-crd -n $NAMESPACE
6968
assert_success
7069
}
7170

7271
@test "CSI inline volume test with pod portability - read azure kv secret from pod" {
73-
wait_for_process $WAIT_TIME $SLEEP_TIME "kubectl exec secrets-store-inline-crd -- cat /mnt/secrets-store/$SECRET_NAME | grep '${SECRET_VALUE}'"
72+
wait_for_process $WAIT_TIME $SLEEP_TIME "kubectl exec secrets-store-inline-crd -n $NAMESPACE -- cat /mnt/secrets-store/$SECRET_NAME | grep '${SECRET_VALUE}'"
7473

75-
result=$(kubectl exec secrets-store-inline-crd -- cat /mnt/secrets-store/$SECRET_NAME)
74+
result=$(kubectl exec secrets-store-inline-crd -n $NAMESPACE -- cat /mnt/secrets-store/$SECRET_NAME)
7675
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
7776
}
7877

7978
@test "CSI inline volume test with pod portability - unmount succeeds" {
8079
# On Linux a failure to unmount the tmpfs will block the pod from being
8180
# deleted.
82-
run kubectl delete pod secrets-store-inline-crd
81+
run kubectl delete pod secrets-store-inline-crd -n $NAMESPACE
8382
assert_success
8483

85-
run kubectl wait --for=delete --timeout=${WAIT_TIME}s pod/secrets-store-inline-crd
84+
run kubectl wait --for=delete --timeout=${WAIT_TIME}s pod/secrets-store-inline-crd -n $NAMESPACE
8685
assert_success
8786

8887
# Sleep to allow time for logs to propagate.
@@ -99,55 +98,53 @@ setup() {
9998
}
10099

101100
@test "Sync with K8s secrets - create deployment" {
102-
envsubst < $BATS_TESTS_DIR/azure_synck8s_v1_secretproviderclass.yaml | kubectl apply -f -
103-
104-
kubectl wait --for condition=established --timeout=60s crd/secretproviderclasses.secrets-store.csi.x-k8s.io
101+
envsubst < $BATS_TESTS_DIR/azure_synck8s_v1_secretproviderclass.yaml | kubectl apply -n $NAMESPACE -f -
105102

106-
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-sync -o yaml | grep azure"
103+
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-sync -n $NAMESPACE -o yaml | grep azure"
107104
wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"
108105

109-
envsubst < $BATS_TESTS_DIR/deployment-synck8s-azure.yaml | kubectl apply -f -
110-
envsubst < $BATS_TESTS_DIR/deployment-two-synck8s-azure.yaml | kubectl apply -f -
106+
envsubst < $BATS_TESTS_DIR/deployment-synck8s-azure.yaml | kubectl apply -n $NAMESPACE -f -
107+
envsubst < $BATS_TESTS_DIR/deployment-two-synck8s-azure.yaml | kubectl apply -n $NAMESPACE -f -
111108

112-
kubectl wait --for=condition=Ready --timeout=90s pod -l app=busybox
109+
kubectl wait --for=condition=Ready --timeout=90s -n $NAMESPACE pod -l app=busybox
113110
}
114111

115112
@test "Sync with K8s secrets - read secret from pod, read K8s secret, read env var, check secret ownerReferences with multiple owners" {
116-
POD=$(kubectl get pod -l app=busybox -o jsonpath="{.items[0].metadata.name}")
113+
POD=$(kubectl get pod -l app=busybox -n $NAMESPACE -o jsonpath="{.items[0].metadata.name}")
117114

118-
result=$(kubectl exec $POD -- cat /mnt/secrets-store/secretalias)
115+
result=$(kubectl exec $POD -n $NAMESPACE -- cat /mnt/secrets-store/secretalias)
119116
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
120117

121-
result=$(kubectl get secret foosecret -o jsonpath="{.data.username}" | base64 -d)
118+
result=$(kubectl get secret foosecret -n $NAMESPACE -o jsonpath="{.data.username}" | base64 -d)
122119
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
123120

124-
result=$(kubectl exec $POD -- printenv | grep SECRET_USERNAME) | awk -F"=" '{ print $2}'
121+
result=$(kubectl exec $POD -n $NAMESPACE -- printenv | grep SECRET_USERNAME) | awk -F"=" '{ print $2}'
125122
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
126123

127-
result=$(kubectl get secret foosecret -o jsonpath="{.metadata.labels.environment}")
124+
result=$(kubectl get secret foosecret -n $NAMESPACE -o jsonpath="{.metadata.labels.environment}")
128125
[[ "${result//$'\r'}" == "${LABEL_VALUE}" ]]
129126

130-
result=$(kubectl get secret foosecret -o jsonpath="{.metadata.labels.secrets-store\.csi\.k8s\.io/managed}")
127+
result=$(kubectl get secret foosecret -n $NAMESPACE -o jsonpath="{.metadata.labels.secrets-store\.csi\.k8s\.io/managed}")
131128
[[ "${result//$'\r'}" == "true" ]]
132129

133130
run wait_for_process $WAIT_TIME $SLEEP_TIME "compare_owner_count foosecret default 2"
134131
assert_success
135132
}
136133

137134
@test "Sync with K8s secrets - delete deployment, check owner ref updated, check secret deleted" {
138-
run kubectl delete -f $BATS_TESTS_DIR/deployment-synck8s-azure.yaml
135+
run kubectl delete -n $NAMESPACE -f $BATS_TESTS_DIR/deployment-synck8s-azure.yaml
139136
assert_success
140137

141138
run wait_for_process $WAIT_TIME $SLEEP_TIME "compare_owner_count foosecret default 1"
142139
assert_success
143140

144-
run kubectl delete -f $BATS_TESTS_DIR/deployment-two-synck8s-azure.yaml
141+
run kubectl delete -n $NAMESPACE -f $BATS_TESTS_DIR/deployment-two-synck8s-azure.yaml
145142
assert_success
146143

147144
run wait_for_process $WAIT_TIME $SLEEP_TIME "check_secret_deleted foosecret default"
148145
assert_success
149146

150-
envsubst < $BATS_TESTS_DIR/azure_synck8s_v1_secretproviderclass.yaml | kubectl delete -f -
147+
envsubst < $BATS_TESTS_DIR/azure_synck8s_v1_secretproviderclass.yaml | kubectl delete -n $NAMESPACE -f -
151148
}
152149

153150
@test "Test Namespaced scope SecretProviderClass - create deployment" {
@@ -156,9 +153,7 @@ setup() {
156153

157154
envsubst < $BATS_TESTS_DIR/azure_v1_secretproviderclass_ns.yaml | kubectl apply -f -
158155

159-
kubectl wait --for condition=established --timeout=60s crd/secretproviderclasses.secrets-store.csi.x-k8s.io
160-
161-
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-sync -o yaml | grep azure"
156+
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-sync -n $NAMESPACE -o yaml | grep azure"
162157
wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"
163158

164159
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-sync -n test-ns -o yaml | grep azure"
@@ -212,46 +207,44 @@ setup() {
212207
}
213208

214209
@test "deploy multiple azure secretproviderclass crd" {
215-
envsubst < $BATS_TESTS_DIR/azure_v1_multiple_secretproviderclass.yaml | kubectl apply -f -
216-
217-
kubectl wait --for condition=established --timeout=60s crd/secretproviderclasses.secrets-store.csi.x-k8s.io
210+
envsubst < $BATS_TESTS_DIR/azure_v1_multiple_secretproviderclass.yaml | kubectl apply -n $NAMESPACE -f -
218211

219-
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-spc-0 -o yaml | grep azure-spc-0"
212+
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-spc-0 -n $NAMESPACE -o yaml | grep azure-spc-0"
220213
wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"
221214

222-
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-spc-1 -o yaml | grep azure-spc-1"
215+
cmd="kubectl get secretproviderclasses.secrets-store.csi.x-k8s.io/azure-spc-1 -n $NAMESPACE -o yaml | grep azure-spc-1"
223216
wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"
224217
}
225218

226219
@test "deploy pod with multiple secret provider class" {
227-
envsubst < $BATS_TESTS_DIR/pod-azure-inline-volume-multiple-spc.yaml | kubectl apply -f -
220+
envsubst < $BATS_TESTS_DIR/pod-azure-inline-volume-multiple-spc.yaml | kubectl apply -n $NAMESPACE -f -
228221

229-
kubectl wait --for=condition=Ready --timeout=60s pod/secrets-store-inline-multiple-crd
222+
kubectl wait --for=condition=Ready --timeout=60s pod/secrets-store-inline-multiple-crd -n $NAMESPACE
230223

231-
run kubectl get pod/secrets-store-inline-multiple-crd
224+
run kubectl get pod/secrets-store-inline-multiple-crd -n $NAMESPACE
232225
assert_success
233226
}
234227

235228
@test "CSI inline volume test with multiple secret provider class" {
236-
result=$(kubectl exec secrets-store-inline-multiple-crd -- cat /mnt/secrets-store-0/secretalias)
229+
result=$(kubectl exec secrets-store-inline-multiple-crd -n $NAMESPACE -- cat /mnt/secrets-store-0/secretalias)
237230
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
238231

239-
result=$(kubectl exec secrets-store-inline-multiple-crd -- cat /mnt/secrets-store-1/secretalias)
232+
result=$(kubectl exec secrets-store-inline-multiple-crd -n $NAMESPACE -- cat /mnt/secrets-store-1/secretalias)
240233
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
241234

242-
result=$(kubectl get secret foosecret-0 -o jsonpath="{.data.username}" | base64 -d)
235+
result=$(kubectl get secret foosecret-0 -n $NAMESPACE -o jsonpath="{.data.username}" | base64 -d)
243236
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
244237

245-
result=$(kubectl exec secrets-store-inline-multiple-crd -- printenv | grep SECRET_USERNAME_0) | awk -F"=" '{ print $2}'
238+
result=$(kubectl exec secrets-store-inline-multiple-crd -n $NAMESPACE -- printenv | grep SECRET_USERNAME_0) | awk -F"=" '{ print $2}'
246239
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
247240

248241
run wait_for_process $WAIT_TIME $SLEEP_TIME "compare_owner_count foosecret-0 default 1"
249242
assert_success
250243

251-
result=$(kubectl get secret foosecret-1 -o jsonpath="{.data.username}" | base64 -d)
244+
result=$(kubectl get secret foosecret-1 -n $NAMESPACE -o jsonpath="{.data.username}" | base64 -d)
252245
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
253246

254-
result=$(kubectl exec secrets-store-inline-multiple-crd -- printenv | grep SECRET_USERNAME_1) | awk -F"=" '{ print $2}'
247+
result=$(kubectl exec secrets-store-inline-multiple-crd -n $NAMESPACE -- printenv | grep SECRET_USERNAME_1) | awk -F"=" '{ print $2}'
255248
[[ "${result//$'\r'}" == "${SECRET_VALUE}" ]]
256249

257250
run wait_for_process $WAIT_TIME $SLEEP_TIME "compare_owner_count foosecret-1 default 1"

0 commit comments

Comments
 (0)