From 834cb84afd3696b0e5b4ff5b6a8172d3a6b500f1 Mon Sep 17 00:00:00 2001 From: Hasan Turken Date: Tue, 15 Nov 2022 13:23:53 +0300 Subject: [PATCH] Add setup.sh and tweak examples Signed-off-by: Hasan Turken --- cluster/test/setup.sh | 40 ++++++++++++++++++++++++++++++++ examples/providerconfig-aws.yaml | 4 ++-- examples/providerconfig.yaml | 8 +++---- 3 files changed, 46 insertions(+), 6 deletions(-) create mode 100755 cluster/test/setup.sh diff --git a/cluster/test/setup.sh b/cluster/test/setup.sh new file mode 100755 index 00000000..d7bce5f3 --- /dev/null +++ b/cluster/test/setup.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +set -aeuo pipefail + +scriptdir="$( dirname "${BASH_SOURCE[0]}")" + +echo "Running setup.sh" + +if [[ -n "${UPTEST_CLOUD_CREDENTIALS:-}" ]]; then + # NOTE(turkenh): UPTEST_CLOUD_CREDENTIALS may contain more than one cloud credentials that we expect to be provided + # in a single GitHub secret. We expect them provided as key=value pairs separated by newlines. Currently we expect + # AWS and GCP credentials to be provided. For example: + # AWS='[default] + # aws_access_key_id = REDACTED + # aws_secret_access_key = REDACTED' + # GCP='{ + # "type": "service_account", + # "project_id": "REDACTED", + # "private_key_id": "REDACTED", + # "private_key": "-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----\n", + # "client_email": "REDACTED", + # "client_id": "REDACTED", + # "auth_uri": "https://accounts.google.com/o/oauth2/auth", + # "token_uri": "https://oauth2.googleapis.com/token", + # "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + # "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/official-provider-testing%40official-provider-testing.iam.gserviceaccount.com" + # }' + eval "${UPTEST_CLOUD_CREDENTIALS}" + + if [[ -n "${AWS:-}" ]]; then + echo "Creating cloud credentials secret for AWS..." + ${KUBECTL} -n upbound-system create secret generic aws-creds --from-literal=credentials="${AWS}" --dry-run=client -o yaml | ${KUBECTL} apply -f - + ${KUBECTL} apply -f "${scriptdir}/../../examples/providerconfig-aws.yaml" + fi + + if [[ -n "${GCP:-}" ]]; then + echo "Creating cloud credentials secret for GCP..." + ${KUBECTL} -n upbound-system create secret generic gcp-creds --from-literal=credentials="${GCP}" --dry-run=client -o yaml | ${KUBECTL} apply -f - + ${KUBECTL} apply -f "${scriptdir}/../../examples/providerconfig.yaml" + fi +fi \ No newline at end of file diff --git a/examples/providerconfig-aws.yaml b/examples/providerconfig-aws.yaml index a8473d0a..d0af1fa0 100644 --- a/examples/providerconfig-aws.yaml +++ b/examples/providerconfig-aws.yaml @@ -8,14 +8,14 @@ spec: - filename: aws-creds.ini source: Secret secretRef: - namespace: crossplane-system + namespace: upbound-system name: aws-creds key: credentials configuration: | terraform { backend "kubernetes" { secret_suffix = "providerconfig-aws-eu-west-1" - namespace = "crossplane-system" + namespace = "upbound-system" in_cluster_config = true } } diff --git a/examples/providerconfig.yaml b/examples/providerconfig.yaml index 1fbff590..21abc516 100644 --- a/examples/providerconfig.yaml +++ b/examples/providerconfig.yaml @@ -11,15 +11,15 @@ spec: - filename: gcp-credentials.json source: Secret secretRef: - namespace: crossplane-system - name: gcp-credentials + namespace: upbound-system + name: gcp-creds key: credentials # This optional configuration block can be used to inject HCL into any # workspace that uses this provider config, for example to setup Terraform # providers. configuration: | provider "google" { - credentials = "gcp-credentials.json" + credentials = "gcp-creds.json" project = "crossplane-example-project" } @@ -27,7 +27,7 @@ spec: terraform { backend "kubernetes" { secret_suffix = "providerconfig-default" - namespace = "crossplane-system" + namespace = "upbound-system" in_cluster_config = true } }