config loader for env variables

Issue: ZENKO-5182

Author: SylvainSenechal

.devcontainer/README.md

@@ -69,8 +69,12 @@ Now you can use aws cli to interact with the S3 service
 
 ### Inspecting Codespace creation logs
 
-You can inspect the logs of the Codespace creation this way:
-1. Press `Ctrl+Shift+P` (or `Cmd+Shift+P` on Mac)
-2. Type "Codespaces: Export Logs" and select it
-3. A zip file will be downloaded to your local machine
-4. In the zip, look at the `creation.log` file
+You can inspect the logs of the Codespace creation in 2 ways way:
+1. When Codespace creation is still running : 
+Use Cmd/Ctrl + Shift + P -> View Creation Log to see full logs 
+
+2. When the setup is finished, dump the logs : 
+a. Press `Ctrl+Shift+P` (or `Cmd+Shift+P` on Mac)
+b. Type "Codespaces: Export Logs" and select it
+c. A zip file will be downloaded to your local machine
+d. In the zip, look at the `creation.log` file

.github/scripts/end2end/load-config.sh

@@ -0,0 +1,240 @@
+#!/bin/bash
+# Unified configuration loader for Zenko end-to-end tests
+#
+# Usage:
+#   source load-config.sh ctst     # Load config for CTST tests
+#   source load-config.sh e2e      # Load config for zenko_tests (e2e)
+#   source load-config.sh common   # Load only common config
+#
+# After sourcing, use the helpers:
+#   kubectl exec pod -- env $(env_for_kubectl_exec) command
+#   kubectl run pod $(env_for_kubectl_run) -- command
+
+set -e +x
+
+SUITE="${1:-common}"
+
+
+# Extract a value from the top-level env block in end2end.yaml.
+# Strips ${{ ... }} expressions (secrets/context refs) leaving an empty string.
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+WORKFLOWS_END2END_YAML="${SCRIPT_DIR}/../../workflows/end2end.yaml"
+get_env_var() {
+    local key="$1"
+    yq eval ".env.${key}" "$WORKFLOWS_END2END_YAML" | sed 's/\${{[^}]*}}//g' | tr -d '"'
+}
+
+# Output helpers – both derived from the same ENV_VARS array.
+# Usage: kubectl exec pod -- env $(env_for_kubectl_exec) command
+env_for_kubectl_exec() { printf '%s ' "${ENV_VARS[@]}"; }
+# Usage: kubectl run pod $(env_for_kubectl_run) -- command
+env_for_kubectl_run()  { printf -- '--env=%s ' "${ENV_VARS[@]}"; }
+
+# =============================================================================
+# COMMON - Used by both CTST and zenko_tests
+# =============================================================================
+load_common() {
+    ENV_VARS=()
+
+    # From end2end.yaml
+    ENV_VARS+=("SUBDOMAIN=$(get_env_var SUBDOMAIN)")
+    ENV_VARS+=("KEYCLOAK_TEST_REALM_NAME=$(get_env_var OIDC_REALM)")
+    ENV_VARS+=("KEYCLOAK_TEST_CLIENT_ID=$(get_env_var OIDC_CLIENT_ID)")
+    ENV_VARS+=("KEYCLOAK_TEST_USER=$(get_env_var OIDC_USERNAME)")
+    ENV_VARS+=("KEYCLOAK_TEST_PASSWORD=$(get_env_var OIDC_PASSWORD)")
+    ENV_VARS+=("KEYCLOAK_TEST_HOST=$(get_env_var OIDC_HOST)")
+    ENV_VARS+=("KEYCLOAK_TEST_PORT=80")
+    ENV_VARS+=("KEYCLOAK_TEST_GRANT_TYPE=password")
+    ENV_VARS+=("AZURE_ACCOUNT_NAME=$(get_env_var AZURE_ACCOUNT_NAME)")
+    ENV_VARS+=("AZURE_SECRET_KEY=$(get_env_var AZURE_SECRET_KEY)")
+    ENV_VARS+=("CLOUDSERVER_ENDPOINT=http://end2end-connector-s3api.default.svc.cluster.local:80")
+    ENV_VARS+=("VAULT_ENDPOINT=http://end2end-management-vault-iam-admin-api:80")
+
+    # From k8s: Zenko account credentials
+    ENV_VARS+=("ZENKO_ACCESS_KEY=$(kubectl get secret end2end-account-zenko -o jsonpath='{.data.AccessKeyId}' | base64 -d)")
+    ENV_VARS+=("ZENKO_SECRET_KEY=$(kubectl get secret end2end-account-zenko -o jsonpath='{.data.SecretAccessKey}' | base64 -d)")
+
+    # From k8s: Admin vault credentials
+    ENV_VARS+=("ADMIN_ACCESS_KEY_ID=$(kubectl get secret end2end-management-vault-admin-creds.v1 -o jsonpath='{.data.accessKey}' | base64 -d)")
+    ENV_VARS+=("ADMIN_SECRET_ACCESS_KEY=$(kubectl get secret end2end-management-vault-admin-creds.v1 -o jsonpath='{.data.secretKey}' | base64 -d)")
+}
+
+# =============================================================================
+# CTST ONLY - Variables specific to cucumber tests
+# =============================================================================
+load_ctst() {
+    load_common
+
+    # Hardcoded CTST values
+    ENV_VARS+=("ZENKO_ACCOUNT_NAME=zenko-ctst")
+    ENV_VARS+=("STORAGE_MANAGER_USER_NAME=ctst_storage_manager")
+    ENV_VARS+=("STORAGE_ACCOUNT_OWNER_USER_NAME=ctst_storage_account_owner")
+    ENV_VARS+=("DATA_CONSUMER_USER_NAME=ctst_data_consumer")
+    ENV_VARS+=("DATA_ACCESSOR_USER_NAME=ctst_data_accessor")
+    ENV_VARS+=("ZENKO_PORT=80")
+    ENV_VARS+=("UTILIZATION_SERVICE_PORT=80")
+    ENV_VARS+=("AZURE_ARCHIVE_ACCESS_TIER=Hot")
+    ENV_VARS+=("AZURE_ARCHIVE_MANIFEST_ACCESS_TIER=Hot")
+
+    # From end2end.yaml
+    ENV_VARS+=("DR_SUBDOMAIN=$(get_env_var DR_SUBDOMAIN)")
+    ENV_VARS+=("PROMETHEUS_NAME=$(get_env_var PROMETHEUS_NAME)")
+    ENV_VARS+=("AZURE_BACKEND_ENDPOINT=$(get_env_var AZURE_BACKEND_ENDPOINT)")
+    ENV_VARS+=("AZURE_BACKEND_QUEUE_ENDPOINT=$(get_env_var AZURE_BACKEND_QUEUE_ENDPOINT)")
+    ENV_VARS+=("AZURE_ARCHIVE_BUCKET_NAME=$(get_env_var AZURE_ARCHIVE_BUCKET_NAME)")
+    ENV_VARS+=("AZURE_ARCHIVE_BUCKET_NAME_2=$(get_env_var AZURE_ARCHIVE_BUCKET_NAME_2)")
+    ENV_VARS+=("AZURE_ARCHIVE_QUEUE_NAME=$(get_env_var AZURE_ARCHIVE_QUEUE_NAME)")
+    ENV_VARS+=("NOTIF_DEST_NAME=$(get_env_var NOTIF_DEST_NAME)")
+    ENV_VARS+=("NOTIF_DEST_TOPIC=$(get_env_var NOTIF_DEST_TOPIC)")
+    ENV_VARS+=("NOTIF_ALT_DEST_NAME=$(get_env_var NOTIF_ALT_DEST_NAME)")
+    ENV_VARS+=("NOTIF_ALT_DEST_TOPIC=$(get_env_var NOTIF_ALT_DEST_TOPIC)")
+    ENV_VARS+=("NOTIF_AUTH_DEST_NAME=$(get_env_var NOTIF_AUTH_DEST_NAME)")
+    ENV_VARS+=("NOTIF_AUTH_DEST_TOPIC=$(get_env_var NOTIF_AUTH_DEST_TOPIC)")
+    ENV_VARS+=("NOTIF_AUTH_DEST_USERNAME=$(get_env_var NOTIF_AUTH_DEST_USERNAME)")
+    ENV_VARS+=("NOTIF_AUTH_DEST_PASSWORD=$(get_env_var NOTIF_AUTH_DEST_PASSWORD)")
+
+    # From k8s: DR admin credentials (only exists if PRA is deployed)
+    ENV_VARS+=("DR_ADMIN_ACCESS_KEY_ID=$(kubectl get secret end2end-pra-management-vault-admin-creds.v1 -o jsonpath='{.data.accessKey}' 2>/dev/null | base64 -d || true)")
+    ENV_VARS+=("DR_ADMIN_SECRET_ACCESS_KEY=$(kubectl get secret end2end-pra-management-vault-admin-creds.v1 -o jsonpath='{.data.secretKey}' 2>/dev/null | base64 -d || true)")
+
+    # From k8s: Kafka config
+    local kafka_host_port kafka_port
+    kafka_host_port=$(kubectl get secret -l app.kubernetes.io/name=backbeat-config,app.kubernetes.io/instance=end2end \
+        -o jsonpath='{.items[0].data.config\.json}' | base64 -d | jq -r '.kafka.hosts')
+    kafka_port="${kafka_host_port#*:}"
+    ENV_VARS+=("KAFKA_HOST_PORT=${kafka_host_port}")
+    ENV_VARS+=("KAFKA_AUTH_HOST_PORT=end2end-base-queue-auth-0:${kafka_port}")
+
+    # From k8s: Sorbet/kafka topics
+    local sorbet_config
+    sorbet_config=$(kubectl get secret -l "app.kubernetes.io/name=cold-sorbet-config-e2e-azure-archive,app.kubernetes.io/instance=end2end" \
+        -o jsonpath='{.items[0].data.config\.json}' | base64 -d)
+    ENV_VARS+=("KAFKA_DEAD_LETTER_TOPIC=$(echo "${sorbet_config}" | jq -r '."kafka-dead-letter-topic"')")
+    ENV_VARS+=("KAFKA_OBJECT_TASK_TOPIC=$(echo "${sorbet_config}" | jq -r '."kafka-object-task-topic"')")
+    ENV_VARS+=("KAFKA_GC_REQUEST_TOPIC=$(echo "${sorbet_config}" | jq -r '."kafka-gc-request-topic"')")
+
+    # From k8s: Zenko resource values
+    ENV_VARS+=("TIME_PROGRESSION_FACTOR=$(kubectl get zenko end2end -o jsonpath='{.metadata.annotations.zenko\.io/time-progression-factor}')")
+    ENV_VARS+=("INSTANCE_ID=$(kubectl get zenko end2end -o jsonpath='{.status.instanceID}')")
+    ENV_VARS+=("KAFKA_CLEANER_INTERVAL=$(kubectl get zenko end2end -o jsonpath='{.spec.kafkaCleaner.interval}')")
+    ENV_VARS+=("SORBETD_RESTORE_TIMEOUT=$(kubectl get zenko end2end -o jsonpath='{.spec.sorbet.server.azure.restoreTimeout}')")
+    ENV_VARS+=("UTILIZATION_SERVICE_HOST=$(kubectl get zenko end2end -o jsonpath='{.spec.scuba.api.ingress.hostname}')")
+
+    # From k8s: Backbeat API config
+    local cloudserver_config
+    cloudserver_config=$(kubectl get secret -l app.kubernetes.io/name=connector-cloudserver-config,app.kubernetes.io/instance=end2end \
+        -o jsonpath='{.items[0].data.config\.json}' | base64 -d)
+    ENV_VARS+=("BACKBEAT_API_HOST=$(echo "${cloudserver_config}" | jq -r '.backbeat.host')")
+    ENV_VARS+=("BACKBEAT_API_PORT=$(echo "${cloudserver_config}" | jq -r '.backbeat.port')")
+
+    # From k8s: Service users credentials (individual components)
+    ENV_VARS+=("BACKBEAT_LCBP_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-lcbp-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-lifecycle-bp-1\.json}' | base64 -d)")
+    ENV_VARS+=("BACKBEAT_LCC_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-lcc-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-lifecycle-conductor-1\.json}' | base64 -d)")
+    ENV_VARS+=("BACKBEAT_LCOP_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-lcop-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-lifecycle-op-1\.json}' | base64 -d)")
+    ENV_VARS+=("BACKBEAT_QP_1_CREDS=$(kubectl get secret -l app.kubernetes.io/name=backbeat-qp-user-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.backbeat-qp-1\.json}' | base64 -d)")
+    ENV_VARS+=("SORBET_FWD_2_ACCESSKEY=$(kubectl get secret -l app.kubernetes.io/name=sorbet-fwd-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.accessKey}' | base64 -d)")
+    ENV_VARS+=("SORBET_FWD_2_SECRETKEY=$(kubectl get secret -l app.kubernetes.io/name=sorbet-fwd-creds,app.kubernetes.io/instance=end2end -o jsonpath='{.items[0].data.secretKey}' | base64 -d)")
+}
+
+# =============================================================================
+# E2E ONLY - Variables specific to zenko_tests (mocha)
+# =============================================================================
+load_e2e() {
+    load_common
+
+    # From end2end.yaml
+    ENV_VARS+=("AWS_BACKEND_SOURCE_LOCATION=$(get_env_var AWS_BACKEND_SOURCE_LOCATION)")
+    ENV_VARS+=("AWS_BACKEND_DESTINATION_LOCATION=$(get_env_var AWS_BACKEND_DESTINATION_LOCATION)")
+    ENV_VARS+=("AWS_BACKEND_DESTINATION_FAIL_LOCATION=$(get_env_var AWS_BACKEND_DESTINATION_FAIL_LOCATION)")
+    ENV_VARS+=("GCP_BACKEND_DESTINATION_LOCATION=$(get_env_var GCP_BACKEND_DESTINATION_LOCATION)")
+    ENV_VARS+=("AZURE_BACKEND_DESTINATION_LOCATION=$(get_env_var AZURE_BACKEND_DESTINATION_LOCATION)")
+    ENV_VARS+=("COLD_BACKEND_DESTINATION_LOCATION=$(get_env_var COLD_BACKEND_DESTINATION_LOCATION)")
+    ENV_VARS+=("AZURE_ARCHIVE_BACKEND_DESTINATION_LOCATION=$(get_env_var AZURE_ARCHIVE_BACKEND_DESTINATION_LOCATION)")
+    ENV_VARS+=("MIRIA_BACKEND_DESTINATION_LOCATION=$(get_env_var MIRIA_BACKEND_DESTINATION_LOCATION)")
+    ENV_VARS+=("LOCATION_QUOTA_BACKEND=$(get_env_var LOCATION_QUOTA_BACKEND)")
+    ENV_VARS+=("AWS_BUCKET_NAME=$(get_env_var AWS_BUCKET_NAME)")
+    ENV_VARS+=("AWS_CRR_BUCKET_NAME=$(get_env_var AWS_CRR_BUCKET_NAME)")
+    ENV_VARS+=("AWS_FAIL_BUCKET_NAME=$(get_env_var AWS_FAIL_BUCKET_NAME)")
+    ENV_VARS+=("AZURE_CRR_BUCKET_NAME=$(get_env_var AZURE_CRR_BUCKET_NAME)")
+    ENV_VARS+=("AZURE_ARCHIVE_BUCKET_NAME=$(get_env_var AZURE_ARCHIVE_BUCKET_NAME)")
+    ENV_VARS+=("GCP_CRR_BUCKET_NAME=$(get_env_var GCP_CRR_BUCKET_NAME)")
+    ENV_VARS+=("GCP_CRR_MPU_BUCKET_NAME=$(get_env_var GCP_CRR_MPU_BUCKET_NAME)")
+    ENV_VARS+=("GCP_ACCESS_KEY=$(get_env_var GCP_ACCESS_KEY)")
+    ENV_VARS+=("GCP_SECRET_KEY=$(get_env_var GCP_SECRET_KEY)")
+    ENV_VARS+=("GCP_BACKEND_SERVICE_KEY=$(get_env_var GCP_BACKEND_SERVICE_KEY)")
+    ENV_VARS+=("GCP_BACKEND_SERVICE_EMAIL=$(get_env_var GCP_BACKEND_SERVICE_EMAIL)")
+    ENV_VARS+=("AZURE_BACKEND_ENDPOINT=$(get_env_var AZURE_BACKEND_ENDPOINT)")
+    ENV_VARS+=("AWS_ENDPOINT=$(get_env_var AWS_ENDPOINT)")
+    ENV_VARS+=("AWS_ACCESS_KEY=$(get_env_var AWS_ACCESS_KEY)")
+    ENV_VARS+=("AWS_SECRET_KEY=$(get_env_var AWS_SECRET_KEY)")
+    ENV_VARS+=("VERIFY_CERTIFICATES=$(get_env_var VERIFY_CERTIFICATES)")
+    ENV_VARS+=("ENABLE_RING_TESTS=$(get_env_var ENABLE_RING_TESTS)")
+    ENV_VARS+=("RING_S3C_ACCESS_KEY=$(get_env_var RING_S3C_ACCESS_KEY)")
+    ENV_VARS+=("RING_S3C_SECRET_KEY=$(get_env_var RING_S3C_SECRET_KEY)")
+    ENV_VARS+=("RING_S3C_ENDPOINT=$(get_env_var RING_S3C_ENDPOINT)")
+    ENV_VARS+=("RING_S3C_BACKEND_SOURCE_LOCATION=$(get_env_var RING_S3C_BACKEND_SOURCE_LOCATION)")
+    ENV_VARS+=("RING_S3C_INGESTION_SRC_BUCKET_NAME=$(get_env_var RING_S3C_INGESTION_SRC_BUCKET_NAME)")
+    ENV_VARS+=("RING_S3C_BACKEND_SOURCE_NON_VERSIONED_LOCATION=$(get_env_var RING_S3C_BACKEND_SOURCE_NON_VERSIONED_LOCATION)")
+    ENV_VARS+=("RING_S3C_INGESTION_SRC_NON_VERSIONED_BUCKET_NAME=$(get_env_var RING_S3C_INGESTION_SRC_NON_VERSIONED_BUCKET_NAME)")
+    ENV_VARS+=("RING_S3C_INGESTION_NON_VERSIONED_OBJECT_COUNT_PER_TYPE=$(get_env_var RING_S3C_INGESTION_NON_VERSIONED_OBJECT_COUNT_PER_TYPE)")
+    ENV_VARS+=("CRR_SOURCE_LOCATION_NAME=$(get_env_var CRR_SOURCE_LOCATION_NAME)")
+    ENV_VARS+=("CRR_DESTINATION_LOCATION_NAME=$(get_env_var CRR_DESTINATION_LOCATION_NAME)")
+    ENV_VARS+=("CRR_ROLE_NAME=$(get_env_var CRR_ROLE_NAME)")
+    ENV_VARS+=("BACKBEAT_BUCKET_CHECK_TIMEOUT_S=$(get_env_var BACKBEAT_BUCKET_CHECK_TIMEOUT_S)")
+    ENV_VARS+=("MOCHA_FILE=$(get_env_var MOCHA_FILE)")
+
+    # Derived endpoints
+    ENV_VARS+=("CLOUDSERVER_HOST=end2end-connector-s3api.default.svc.cluster.local")
+    ENV_VARS+=("VAULT_STS_ENDPOINT=http://end2end-connector-vault-sts-api:80")
+    ENV_VARS+=("BACKBEAT_API_ENDPOINT=http://end2end-management-backbeat-api.default.svc.cluster.local:80")
+
+    # From k8s: MongoDB config
+    local cloudserver_secret
+    cloudserver_secret=$(kubectl get secret -l app.kubernetes.io/name=connector-cloudserver-config,app.kubernetes.io/instance=end2end \
+        -o jsonpath="{.items[0].data.config\.json}" | base64 -d)
+    ENV_VARS+=("MONGO_DATABASE=$(echo "${cloudserver_secret}" | jq -r '.mongodb.database')")
+    ENV_VARS+=("MONGO_READ_PREFERENCE=$(echo "${cloudserver_secret}" | jq -r '.mongodb.readPreference')")
+    ENV_VARS+=("MONGO_REPLICA_SET_HOSTS=$(echo "${cloudserver_secret}" | jq -r '.mongodb.replicaSetHosts')")
+    ENV_VARS+=("MONGO_SHARD_COLLECTION=$(echo "${cloudserver_secret}" | jq -r '.mongodb.shardCollections')")
+    ENV_VARS+=("MONGO_WRITE_CONCERN=$(echo "${cloudserver_secret}" | jq -r '.mongodb.writeConcern')")
+    ENV_VARS+=("MONGO_AUTH_USERNAME=$(echo "${cloudserver_secret}" | jq -r '.mongodb.authCredentials.username')")
+    ENV_VARS+=("MONGO_AUTH_PASSWORD=$(echo "${cloudserver_secret}" | jq -r '.mongodb.authCredentials.password')")
+
+    # From k8s: CRR account credentials
+    local crr_src crr_dst
+    crr_src=$(get_env_var CRR_SOURCE_ACCOUNT_NAME)
+    crr_dst=$(get_env_var CRR_DESTINATION_ACCOUNT_NAME)
+    local src_ak src_sk src_st src_id dst_ak dst_sk dst_st dst_id
+    src_ak=$(kubectl get secret "end2end-account-${crr_src}" -o jsonpath='{.data.AccessKeyId}' | base64 -d)
+    src_sk=$(kubectl get secret "end2end-account-${crr_src}" -o jsonpath='{.data.SecretAccessKey}' | base64 -d)
+    src_st=$(kubectl get secret "end2end-account-${crr_src}" -o jsonpath='{.data.SessionToken}' | base64 -d)
+    src_id=$(kubectl get secret "end2end-account-${crr_src}" -o jsonpath='{.data.AccountId}' | base64 -d)
+    dst_ak=$(kubectl get secret "end2end-account-${crr_dst}" -o jsonpath='{.data.AccessKeyId}' | base64 -d)
+    dst_sk=$(kubectl get secret "end2end-account-${crr_dst}" -o jsonpath='{.data.SecretAccessKey}' | base64 -d)
+    dst_st=$(kubectl get secret "end2end-account-${crr_dst}" -o jsonpath='{.data.SessionToken}' | base64 -d)
+    dst_id=$(kubectl get secret "end2end-account-${crr_dst}" -o jsonpath='{.data.AccountId}' | base64 -d)
+    ENV_VARS+=("CRR_SOURCE_INFO={\"AccessKeyId\":\"${src_ak}\",\"SecretAccessKey\":\"${src_sk}\",\"SessionToken\":\"${src_st}\",\"AccountId\":\"${src_id}\"}")
+    ENV_VARS+=("CRR_DESTINATION_INFO={\"AccessKeyId\":\"${dst_ak}\",\"SecretAccessKey\":\"${dst_sk}\",\"SessionToken\":\"${dst_st}\",\"AccountId\":\"${dst_id}\"}")
+
+    # From k8s: Zenko account session token
+    ENV_VARS+=("ZENKO_SESSION_TOKEN=$(kubectl get secret end2end-account-zenko -o jsonpath='{.data.SessionToken}' | base64 -d)")
+}
+
+# =============================================================================
+# MAIN
+# =============================================================================
+case "$SUITE" in
+    common)
+        load_common
+        ;;
+    ctst)
+        load_ctst
+        ;;
+    e2e)
+        load_e2e
+        ;;
+    *)
+        echo "Usage: source load-config.sh [common|ctst|e2e]" >&2
+        exit 1
+        ;;
+esac

.github/scripts/end2end/run-e2e-ctst.sh

@@ -7,6 +7,10 @@ set -exu
 #   run-e2e-ctst.sh "@PreMerge and not @PRA"
 #   run-e2e-ctst.sh "@PRA"
 
+# Load environment configuration
+DIR=$(dirname "$0")
+source "$DIR/load-config.sh" ctst
+
 TAGS=${1:?'Error: TAGS argument is required (e.g., "@PreMerge", "@PRA")'}
 ZENKO_NAME="end2end"
 PARALLEL_RUNS=${PARALLEL_RUNS:-$(( ( $(nproc) + 1 ) / 2 ))}
@@ -172,6 +176,7 @@ kubectl run $POD_NAME \
         --rm \
         --attach=True \
         --image-pull-policy=IfNotPresent \
+        $(env_for_kubectl_run) \
         --env=TARGET_VERSION=$VERSION  \
         --env=AZURE_BLOB_URL=$AZURE_BACKEND_ENDPOINT  \
         --env=AZURE_QUEUE_URL=$AZURE_BACKEND_QUEUE_ENDPOINT \

.github/scripts/end2end/run-e2e-test.sh

@@ -6,6 +6,9 @@ DIR=$(dirname $0)
 
 . "$DIR/common.sh"
 
+# Load environment configuration
+source "$DIR/load-config.sh" e2e
+
 ZENKO_NAME=${1:-end2end}
 E2E_IMAGE=${2:-ghcr.io/scality/zenko/zenko-e2e:latest}
 STAGE=${3:-end2end}
@@ -66,6 +69,7 @@ run_e2e_test() {
         --attach=True \
         --namespace=${NAMESPACE} \
         --image-pull-policy=Always \
+        $(env_for_kubectl_run) \
         --env=CLOUDSERVER_HOST=${CLOUDSERVER_HOST} \
         --env=CLOUDSERVER_ENDPOINT=${CLOUDSERVER_ENDPOINT} \
         --env=ZENKO_ACCESS_KEY=${ZENKO_ACCESS_KEY} \

tests/config-loader/index.js

@@ -0,0 +1,71 @@
+const { readSecret } = require('./k8sClient');
+const yaml = require('js-yaml');
+const fs = require('fs');
+const path = require('path');
+
+// Shared tests config - values needed by both ctst and zenko_tests
+const sharedTestsConfig = {
+    AdminAccessKey: undefined,
+    AdminSecretKey: undefined,
+    Subdomain: undefined,
+};
+
+// Cucumber specific config
+const ctstConfig = {
+    // DRAdminAccessKey: undefined,
+    // KafkaHosts: undefined,
+};
+
+// Zenko tests specific config
+const zenkoTestsConfig = {
+    // MongoDatabase: undefined,
+};
+
+let _loaded = false;
+
+/**
+ * Load static config from end2end.yaml workflow file
+ */
+function loadYamlConfig() {
+    const configPath = path.join(__dirname, 'end2end.yaml');
+    const fileContents = fs.readFileSync(configPath, 'utf8');
+    const workflowConfig = yaml.load(fileContents);
+    return workflowConfig.env || {};
+}
+
+/**
+ * Load all configuration from k8s secrets and config files.
+ * Called once at startup (e.g., in BeforeAll hook).
+ */
+async function load(zenkoName = 'end2end', namespace = 'default') {
+    if (_loaded) {
+        return;
+    }
+
+    const envConfig = loadYamlConfig();
+    sharedTestsConfig.Subdomain = envConfig.SUBDOMAIN;
+
+    const adminCreds = await readSecret(
+        `${zenkoName}-management-vault-admin-creds.v1`,
+        namespace
+    );
+
+    sharedTestsConfig.AdminAccessKey = adminCreds.accessKey;
+    sharedTestsConfig.AdminSecretKey = adminCreds.secretKey;
+
+    // TODO: Load CTST-specific secrets
+    // const drCreds = await k8sClient.readSecret(...);
+    // ctstConfig.DRAdminAccessKey = drCreds.accessKey;
+
+    // TODO: Load zenko_tests-specific secrets
+    // zenkoTestsConfig.MongoDatabase = ...;
+
+    _loaded = true;
+}
+
+module.exports = {
+    load,
+    sharedTestsConfig: sharedTestsConfig,
+    ctstConfig: ctstConfig,
+    zenkoTestsConfig: zenkoTestsConfig,
+};