Add setup.sh and tweak examples

Signed-off-by: Hasan Turken <turkenh@gmail.com>
upbound · Nov 15, 2022 · 834cb84 · 834cb84
1 parent 02cab77
commit 834cb84
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 6 deletions.
diff --git a/cluster/test/setup.sh b/cluster/test/setup.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+set -aeuo pipefail
+
+scriptdir="$( dirname "${BASH_SOURCE[0]}")"
+
+echo "Running setup.sh"
+
+if [[ -n "${UPTEST_CLOUD_CREDENTIALS:-}" ]]; then
+  # NOTE(turkenh): UPTEST_CLOUD_CREDENTIALS may contain more than one cloud credentials that we expect to be provided
+  # in a single GitHub secret. We expect them provided as key=value pairs separated by newlines. Currently we expect
+  # AWS and GCP credentials to be provided. For example:
+  # AWS='[default]
+  # aws_access_key_id = REDACTED
+  # aws_secret_access_key = REDACTED'
+  # GCP='{
+  #   "type": "service_account",
+  #   "project_id": "REDACTED",
+  #   "private_key_id": "REDACTED",
+  #   "private_key": "-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----\n",
+  #   "client_email": "REDACTED",
+  #   "client_id": "REDACTED",
+  #   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  #   "token_uri": "https://oauth2.googleapis.com/token",
+  #   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  #   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/official-provider-testing%40official-provider-testing.iam.gserviceaccount.com"
+  # }'
+  eval "${UPTEST_CLOUD_CREDENTIALS}"
+
+  if [[ -n "${AWS:-}" ]]; then
+      echo "Creating cloud credentials secret for AWS..."
+      ${KUBECTL} -n upbound-system create secret generic aws-creds --from-literal=credentials="${AWS}" --dry-run=client -o yaml | ${KUBECTL} apply -f -
+      ${KUBECTL} apply -f "${scriptdir}/../../examples/providerconfig-aws.yaml"
+  fi
+
+  if [[ -n "${GCP:-}" ]]; then
+      echo "Creating cloud credentials secret for GCP..."
+      ${KUBECTL} -n upbound-system create secret generic gcp-creds --from-literal=credentials="${GCP}" --dry-run=client -o yaml | ${KUBECTL} apply -f -
+      ${KUBECTL} apply -f "${scriptdir}/../../examples/providerconfig.yaml"
+  fi
+fi
diff --git a/examples/providerconfig-aws.yaml b/examples/providerconfig-aws.yaml
@@ -8,14 +8,14 @@ spec:
   - filename: aws-creds.ini
     source: Secret
     secretRef:
-      namespace: crossplane-system
+      namespace: upbound-system
       name: aws-creds
       key: credentials
   configuration: |
       terraform {
         backend "kubernetes" {
           secret_suffix     = "providerconfig-aws-eu-west-1"
-          namespace         = "crossplane-system"
+          namespace         = "upbound-system"
           in_cluster_config = true
         }
       }

diff --git a/examples/providerconfig.yaml b/examples/providerconfig.yaml
@@ -11,23 +11,23 @@ spec:
   - filename: gcp-credentials.json
     source: Secret
     secretRef:
-      namespace: crossplane-system
-      name: gcp-credentials
+      namespace: upbound-system
+      name: gcp-creds
       key: credentials
   # This optional configuration block can be used to inject HCL into any
   # workspace that uses this provider config, for example to setup Terraform
   # providers.
   configuration: |
       provider "google" {
-        credentials = "gcp-credentials.json"
+        credentials = "gcp-creds.json"
         project     = "crossplane-example-project"
       }
 
       // Modules _must_ use remote state. The provider does not persist state.
       terraform {
         backend "kubernetes" {
           secret_suffix     = "providerconfig-default"
-          namespace         = "crossplane-system"
+          namespace         = "upbound-system"
           in_cluster_config = true
         }
       }