Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,9 @@ SHORTCOMMIT ?= $(shell git rev-parse --short HEAD)
GOBUILD_VERSION_ARGS = -ldflags "-X $(PACKAGE)/pkg/version.SHORTCOMMIT=$(SHORTCOMMIT) -X $(PACKAGE)/pkg/version.COMMIT=$(COMMIT)"

E2E_TIMEOUT ?= 1h
# E2E_GINKGO_LABEL_FILTER is ginkgo label query for selecting tests. See
# https://onsi.github.io/ginkgo/#spec-labels. The default is to run tests on the AWS platform.
E2E_GINKGO_LABEL_FILTER ?= "Platform: isSubsetOf {AWS}"

MANIFEST_SOURCE = https://github.com/cert-manager/cert-manager/releases/download/v1.15.2/cert-manager.yaml

Expand Down Expand Up @@ -246,7 +249,8 @@ test-e2e: test-e2e-wait-for-stable-state
-p 1 \
-tags e2e \
-run "$(TEST)" \
./test/e2e
./test/e2e \
-ginkgo.label-filter=$(E2E_GINKGO_LABEL_FILTER)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does addition of this skip the non-ginkgo tests present in test/e2e/cert_manager_deployment_test.go?
It seems fine to me if it does, because those tests are essentially repetition of what's also in the ginkgo suite so we can skip them during e2e runs moving forward (we have had this behaviour tested for long and it isn't a problem).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This filter only applies to tests in the Ginkgo framework. The test/e2e/cert_manager_deployment_test.go go tests would not be affected.


test-e2e-wait-for-stable-state:
@echo "---- Waiting for stable state ----"
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ require (
github.com/google/go-cmp v0.6.0
github.com/google/go-jsonnet v0.17.0
github.com/mogensen/kubernetes-split-yaml v0.3.0
github.com/onsi/ginkgo/v2 v2.17.2
github.com/onsi/ginkgo/v2 v2.19.0
github.com/onsi/gomega v1.33.1
github.com/openshift/api v0.0.0-20240812094746-86145edb40cf
github.com/openshift/build-machinery-go v0.0.0-20240419090851-af9c868bcf52
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -500,8 +500,8 @@ github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N
github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g=
github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
github.com/openshift/api v0.0.0-20240812094746-86145edb40cf h1:MB0TCPkvxj80Ucj7w6xArL4StOrQBMN7AvGYtsP5t2M=
Expand Down
158 changes: 72 additions & 86 deletions test/e2e/certificates_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import (
v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1"
certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
configv1 "github.com/openshift/api/config/v1"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
Expand Down Expand Up @@ -74,11 +73,8 @@ var _ = Describe("ACME Certificate", Ordered, func() {
Expect(err).NotTo(HaveOccurred(), "Operator is expected to be available")
})

Context("dns-01 challenge using explicit credentials", func() {
It("should obtain a valid LetsEncrypt certificate", func() {
if _, ok := os.LookupEnv(targetPlatformEnvironmentVar); ok {
Skip("skipping, using ibmcloud cis webhook")
}
Context("dns-01 challenge with AWS Route53", Label("Platform:AWS"), func() {
It("should obtain a valid LetsEncrypt certificate using explicit credentials", func() {

By("creating a test namespace")
ns, err := loader.CreateTestingNS("e2e-acme-explicit-dns01")
Expand Down Expand Up @@ -187,66 +183,7 @@ var _ = Describe("ACME Certificate", Ordered, func() {
Expect(err).NotTo(HaveOccurred())
})

// This test uses IBM Cloud Internet Services (CIS) for the DNS-01 test cases.
// These tests work with both UPI / IPI installations by passing in the CRN of your CIS instance on IBM Cloud.
It("should obtain a valid LetsEncrypt certificate on ibm cloud CIS", func() {
cisCRN, isCisCRN := os.LookupEnv(cisCRNEnvironmentVar)
if targetPlatform, ok := os.LookupEnv(targetPlatformEnvironmentVar); ok && targetPlatform == "ibmcloud-upi" {
if !isCisCRN || cisCRN == "" {
Fail("cisCRN is required for IBM Cloud platform")
}
} else {
Skip("skipping as the cluster does not use IBM Cloud CIS")
}

By("creating a test namespace")
ns, err := loader.CreateTestingNS("e2e-acme-explicit-dns01-ibmcloud")
Expect(err).NotTo(HaveOccurred())
defer loader.DeleteTestingNS(ns.Name)

By("creating new certificate ClusterIssuer with IBM Cloud CIS webhook solver")
randomString := randomStr(3)
clusterIssuerName := "letsencrypt-dns01-explicit-ic"
replaceStrMap := map[string]string{
"CIS_CRN": cisCRN,
}
loadFileAndReplaceStr := func(fileName string) ([]byte, error) {
fileContentsStr, err := replaceStrInFile(replaceStrMap, fileName)
return []byte(fileContentsStr), err
}
loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "clusterissuer_ibmcis.yaml"), "")
defer certmanagerClient.CertmanagerV1().ClusterIssuers().Delete(ctx, clusterIssuerName, metav1.DeleteOptions{})

By("creating new certificate")
// The name is defined by the testdata YAML file certificate_ibmcis.yaml
certDomain := "adwie." + appsDomain // acronym for "ACME dns-01 ibmcloud Webhook Explicit", short naming to pass dns name validation
certName := "letsencrypt-cert-ic"
replaceStrMap = map[string]string{
"RANDOM_STR": randomString,
"DNS_NAME": certDomain,
}
loadFileAndReplaceStr = func(fileName string) ([]byte, error) {
fileContentsStr, err := replaceStrInFile(replaceStrMap, fileName)
return []byte(fileContentsStr), err
}
loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "certificate_ibmcis.yaml"), ns.Name)

By("Waiting for certificate to get ready")
err = waitForCertificateReadiness(ctx, certName, ns.Name)
Expect(err).NotTo(HaveOccurred())

By("checking for certificate validity from secret contents")
err = verifyCertificate(ctx, certName, ns.Name, randomString+"."+certDomain)
Expect(err).NotTo(HaveOccurred())
})

})

Context("dns-01 challenge using ambient credentials", func() {
It("should obtain a valid LetsEncrypt certificate using ClusterIssuer on AWS mint/passthrough cluster", func() {
if _, ok := os.LookupEnv(targetPlatformEnvironmentVar); ok {
Skip("skipping, using ibmcloud cis webhook")
}
It("should obtain a valid LetsEncrypt certificate using ambient credentials with ClusterIssuer", func() {

By("creating a test namespace")
ns, err := loader.CreateTestingNS("e2e-acme-ambient-dns01")
Expand Down Expand Up @@ -343,7 +280,7 @@ var _ = Describe("ACME Certificate", Ordered, func() {
Expect(err).NotTo(HaveOccurred())
})

It("should obtain a valid LetsEncrypt certificate using Issuer on AWS mint/passthrough cluster", func() {
It("should obtain a valid LetsEncrypt certificate using ambient credentials with Issuer", func() {

By("creating a test namespace")
ns, err := loader.CreateTestingNS("e2e-acme-issuer-ambient-dns01-aws")
Expand Down Expand Up @@ -441,21 +378,15 @@ var _ = Describe("ACME Certificate", Ordered, func() {
err = verifyCertificate(ctx, certName, ns.Name, certDomain)
Expect(err).NotTo(HaveOccurred())
})
})

It("should obtain a valid LetsEncrypt certificate using ClusterIssuer on GCP mint/passthrough cluster", func() {
Context("dns-01 challenge with Google CloudDNS", Label("Platform:GCP"), func() {
It("should obtain a valid LetsEncrypt certificate using ambient credentials with ClusterIssuer", func() {

By("Getting Infrastructure object")
infra, err := configClient.Infrastructures().Get(ctx, "cluster", metav1.GetOptions{})
By("Creating a test namespace")
ns, err := loader.CreateTestingNS("e2e-acme-ambient-dns01")
Expect(err).NotTo(HaveOccurred())
if infra.Status.PlatformStatus.Type != configv1.GCPPlatformType {
Skip("Skip this case for current plaform, it's not gcp.")
}

By("Check cloud credential in cluster")
_, err = loader.KubeClient.CoreV1().Secrets("kube-system").Get(ctx, "gcp-credentials", metav1.GetOptions{})
if err != nil {
Skip("Skipping for the cluster without credential in cluster")
}
defer loader.DeleteTestingNS(ns.Name)

By("Creating CredentialsRequest object")
loader.CreateFromFile(testassets.ReadFile, filepath.Join("testdata", "credentials", "credentialsrequest_gcp.yaml"), "")
Expand All @@ -476,11 +407,16 @@ var _ = Describe("ACME Certificate", Ordered, func() {
err = patchSubscriptionWithCloudCredential(ctx, loader, credentialSecret)
Expect(err).NotTo(HaveOccurred())

By("Getting GCP project ID from Infrastructure object")
infra, err := configClient.Infrastructures().Get(ctx, "cluster", metav1.GetOptions{})
Expect(err).NotTo(HaveOccurred())

gcpProjectId := infra.Status.PlatformStatus.GCP.ProjectID
Expect(gcpProjectId).NotTo(Equal(""))

By("Creating new certificate ClusterIssuer")
// The name is defined by the testdata YAML file clusterissuer_gcp.yaml
clusterIssuerName := "acme-dns01-clouddns-ambient"
gcpProjectId := infra.Status.PlatformStatus.GCP.ProjectID
Expect(gcpProjectId).NotTo(Equal(""))
replaceStrMap := map[string]string{
"PROJECT_ID": gcpProjectId,
}
Expand All @@ -491,11 +427,6 @@ var _ = Describe("ACME Certificate", Ordered, func() {
loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "clusterissuer_gcp.yaml"), "")
defer certmanagerClient.CertmanagerV1().ClusterIssuers().Delete(ctx, clusterIssuerName, metav1.DeleteOptions{})

By("Creating a test namespace")
ns, err := loader.CreateTestingNS("e2e-acme-ambient-dns01-65035")
Expect(err).NotTo(HaveOccurred())
defer loader.DeleteTestingNS(ns.Name)

By("Creating new certificate")
randomString := randomStr(3)
replaceStrMap = map[string]string{
Expand All @@ -521,6 +452,61 @@ var _ = Describe("ACME Certificate", Ordered, func() {
})
})

Context("dns-01 challenge with IBM Cloud Internet Service Webhook", Label("Platform:IBM"), func() {
// This test uses IBM Cloud Internet Services (CIS) for the DNS-01 challenge.
// It works with both UPI / IPI installations by passing in the CRN of your CIS instance on IBM Cloud.
It("should obtain a valid LetsEncrypt certificate using explicit credentials", func() {
cisCRN, isCisCRN := os.LookupEnv(cisCRNEnvironmentVar)
if targetPlatform, ok := os.LookupEnv(targetPlatformEnvironmentVar); ok && targetPlatform == "ibmcloud-upi" {
if !isCisCRN || cisCRN == "" {
Fail("cisCRN is required for IBM Cloud platform")
}
} else {
Skip("skipping as the cluster does not use IBM Cloud CIS")
}

By("creating a test namespace")
ns, err := loader.CreateTestingNS("e2e-acme-explicit-dns01-ibmcloud")
Expect(err).NotTo(HaveOccurred())
defer loader.DeleteTestingNS(ns.Name)

By("creating new certificate ClusterIssuer with IBM Cloud CIS webhook solver")
randomString := randomStr(3)
clusterIssuerName := "letsencrypt-dns01-explicit-ic"
replaceStrMap := map[string]string{
"CIS_CRN": cisCRN,
}
loadFileAndReplaceStr := func(fileName string) ([]byte, error) {
fileContentsStr, err := replaceStrInFile(replaceStrMap, fileName)
return []byte(fileContentsStr), err
}
loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "clusterissuer_ibmcis.yaml"), "")
defer certmanagerClient.CertmanagerV1().ClusterIssuers().Delete(ctx, clusterIssuerName, metav1.DeleteOptions{})

By("creating new certificate")
// The name is defined by the testdata YAML file certificate_ibmcis.yaml
certDomain := "adwie." + appsDomain // acronym for "ACME dns-01 ibmcloud Webhook Explicit", short naming to pass dns name validation
certName := "letsencrypt-cert-ic"
replaceStrMap = map[string]string{
"RANDOM_STR": randomString,
"DNS_NAME": certDomain,
}
loadFileAndReplaceStr = func(fileName string) ([]byte, error) {
fileContentsStr, err := replaceStrInFile(replaceStrMap, fileName)
return []byte(fileContentsStr), err
}
loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "certificate_ibmcis.yaml"), ns.Name)

By("waiting for certificate to get ready")
err = waitForCertificateReadiness(ctx, certName, ns.Name)
Expect(err).NotTo(HaveOccurred())

By("checking for certificate validity from secret contents")
err = verifyCertificate(ctx, certName, ns.Name, randomString+"."+certDomain)
Expect(err).NotTo(HaveOccurred())
})
})

Context("http-01 challenge using ingress", func() {
It("should obtain a valid LetsEncrypt certificate", func() {

Expand Down
25 changes: 25 additions & 0 deletions vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 6 additions & 4 deletions vendor/github.com/onsi/ginkgo/v2/CONTRIBUTING.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 11 additions & 0 deletions vendor/github.com/onsi/ginkgo/v2/Makefile

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 6 additions & 1 deletion vendor/github.com/onsi/ginkgo/v2/internal/suite.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 9 additions & 1 deletion vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading