[KRV-24554] Fix proxy e2e test

tests/e2e/go.sum

@@ -139,6 +139,7 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
 github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=

tests/e2e/run-e2e-test.sh

@@ -36,7 +36,7 @@ fi
 cp $CERT_CSI .
 
 # Uncomment for authorization proxy server
-#cp $KARAVICTL /usr/local/bin/
+# cp $DELLCTL /usr/local/bin/
 
 PATH=$PATH:$(go env GOPATH)/bin
 
@@ -54,7 +54,7 @@ ginkgo -mod=mod "${OPTS[@]}"
 rm -f cert-csi
 
 # Uncomment for authorization proxy server
-#rm -f /usr/local/bin/karavictl
+# rm -f /usr/local/bin/dellctl
 
 # Checking for test status
 TEST_PASS=$?

tests/e2e/steps/steps_def.go

@@ -1007,31 +1007,14 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string,
 	var err error
 
 	var (
-		endpoint        = ""
-		sysID           = ""
-		user            = ""
-		password        = ""
 		storageType     = ""
-		pool            = ""
 		driverNamespace = ""
 		proxyHost       = ""
 	)
 
-	//by default, use set defined in env file
-	endpointvar := "END_POINT"
-	systemIdvar := "SYSTEM_ID"
-	uservar := "STORAGE_USER"
-	passvar := "STORAGE_PASSWORD"
-	poolvar := "STORAGE_POOL"
-
 	// if tests are running multiple scenarios that require differently configured auth servers, we will not be able to use one set of vars
 	// this section is for powerflex, other drivers can add their sections as required.
 	if driver == "powerflex" {
-		endpointvar = "PFLEX_ENDPOINT"
-		systemIdvar = "PFLEX_SYSTEMID"
-		uservar = "PFLEX_USER"
-		passvar = "PFLEX_PASS"
-		poolvar = "PFLEX_POOL"
 		os.Setenv("STORAGE_TYPE", "powerflex")
 		os.Setenv("DRIVER_NAMESPACE", "test-vxflexos")
 	}
@@ -1041,21 +1024,6 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string,
 		os.Setenv("DRIVER_NAMESPACE", "isilon")
 	}
 	// get env variables
-	if os.Getenv(endpointvar) != "" {
-		endpoint = os.Getenv(endpointvar)
-	}
-	if os.Getenv(systemIdvar) != "" {
-		sysID = os.Getenv(systemIdvar)
-	}
-	if os.Getenv(uservar) != "" {
-		user = os.Getenv(uservar)
-	}
-	if os.Getenv(passvar) != "" {
-		password = os.Getenv(passvar)
-	}
-	if os.Getenv(poolvar) != "" {
-		pool = os.Getenv(poolvar)
-	}
 	if os.Getenv("STORAGE_TYPE") != "" {
 		storageType = os.Getenv("STORAGE_TYPE")
 	}
@@ -1090,16 +1058,8 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string,
 	}
 
 	fmt.Println("=== Creating Storage ===\n ")
-	cmd := exec.Command("karavictl",
-		"--admin-token", "/tmp/adminToken.yaml",
-		"storage", "create",
-		"--type", storageType,
-		"--endpoint", fmt.Sprintf("https://%s", endpoint),
-		"--system-id", sysID,
-		"--user", user,
-		"--password", password,
-		"--array-insecure",
-		"--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port),
+	cmd := exec.Command("kubectl", "apply",
+		"-f", "testfiles/authorization-templates/csm-authorization_v1_storage.yaml",
 	)
 	fmt.Println("=== Storage === \n", cmd.String())
 	b, err = cmd.CombinedOutput()
@@ -1110,10 +1070,8 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string,
 
 	// Create Tenant
 	fmt.Println("=== Creating Tenant ===\n ")
-	cmd = exec.Command("karavictl",
-		"--admin-token", "/tmp/adminToken.yaml",
-		"tenant", "create",
-		"-n", tenantName, "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port),
+	cmd = exec.Command("kubectl", "apply",
+		"-f", "testfiles/authorization-templates/csm-authorization_v1_csmtenant.yaml",
 	)
 	b, err = cmd.CombinedOutput()
 	fmt.Println("=== Tenant === \n", cmd.String())
@@ -1127,12 +1085,8 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string,
 	if storageType == "powerscale" {
 		quotaLimit = "0"
 	}
-	cmd = exec.Command("karavictl",
-		"--admin-token", "/tmp/adminToken.yaml",
-		"role", "create",
-		fmt.Sprintf("--role=%s=%s=%s=%s=%s",
-			roleName, storageType, sysID, pool, quotaLimit),
-		"--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port),
+	cmd = exec.Command("kubectl", "apply",
+		"-f", "testfiles/authorization-templates/csm-authorization_v1_csmrole.yaml",
 	)
 
 	fmt.Println("=== Role === \n", cmd.String())
@@ -1144,29 +1098,15 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string,
 	// role creation take few seconds
 	time.Sleep(5 * time.Second)
 
-	// Bind role
-	cmd = exec.Command("karavictl",
-		"--admin-token", "/tmp/adminToken.yaml",
-		"rolebinding", "create",
-		"--tenant", tenantName,
-		"--role", roleName,
-		"--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port),
-	)
-	fmt.Println("=== Binding Role ===\n", cmd.String())
-	b, err = cmd.CombinedOutput()
-
-	if err != nil {
-		return fmt.Errorf("failed to create rolebinding %s: %v\nErrMessage:\n%s", roleName, err, string(b))
-	}
-
 	// Generate token
 	fmt.Println("=== Generating token ===\n ")
-	cmd = exec.Command("karavictl",
-		"--admin-token", "/tmp/adminToken.yaml",
+	cmd = exec.Command("dellctl",
 		"generate", "token",
-		"--tenant", tenantName,
-		"--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port),
+		"--admin-token", "/tmp/adminToken.yaml",
 		"--access-token-expiration", fmt.Sprint(10*time.Minute),
+		"--refresh-token-expiration", "48h",
+		"--tenant", "csmtenant-sample",
+		"--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port),
 	)
 	fmt.Println("=== Token ===\n", cmd.String())
 	b, err = cmd.CombinedOutput()

tests/e2e/testfiles/authorization-templates/csm-authorization_v1_csmrole.yaml

@@ -0,0 +1,15 @@
+apiVersion: csm-authorization.storage.dell.com/v1alpha1
+kind: CSMRole
+metadata:
+  labels:
+    app.kubernetes.io/name: role
+    app.kubernetes.io/instance: role-sample
+    app.kubernetes.io/part-of: csm-authorization
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: csm-authorization
+  name: csmrole-sample
+spec:
+  quota: 0GB
+  systemID: PIE-IsilonS-24241-Cluster
+  systemType: powerscale
+  pool: /ifs/data/csi

tests/e2e/testfiles/authorization-templates/csm-authorization_v1_csmtenant.yaml

@@ -0,0 +1,18 @@
+apiVersion: csm-authorization.storage.dell.com/v1alpha1
+kind: CSMTenant
+metadata:
+  labels:
+    app.kubernetes.io/name: csmtenant
+    app.kubernetes.io/instance: csmtenant-sample
+    app.kubernetes.io/part-of: csm-authorization
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: csm-authorization
+  name: csmtenant-sample
+spec:
+  # TODO(user): Add fields here
+  roles: csmrole-sample
+  approveSdc: false
+  revoke: false
+  # This prefix is added for each new volume provisioned by the tenant. 
+  # It should not exceed 3 characters. Example: tn1
+  volumePrefix: tn1

tests/e2e/testfiles/authorization-templates/csm-authorization_v1_storage.yaml

@@ -0,0 +1,12 @@
+apiVersion: csm-authorization.storage.dell.com/v1alpha1
+kind: Storage
+metadata:
+  name: powerscale
+spec:
+  type: powerscale
+  endpoint: https://10.230.24.241:8080
+  systemID: PIE-IsilonS-24241-Cluster
+  credentialStore: vault
+  credentialPath: storage/powerscale
+  skipCertificateValidation: true
+  pollInterval: 30s

tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml

@@ -75,14 +75,24 @@ spec:
               annotations: {}
 
         - name: redis
-          redis: redis:6.0.8-alpine
+          redis: redis:7.2.4-alpine
           commander: rediscommander/redis-commander:latest
+          redisName: redis-csm
+          redisCommander: redicommander
+          sentinel: sentinel
+          redisReplicas: 5
           # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis
           # to use a different storage class for redis, specify the name of the storage class
           # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization
           # Default value: None
           storageclass: ""
 
+        - name: vault
+          vaultAddress: https://10.0.0.1:8400
+          vaultRole: csm-authorization
+          skipCertificateValidation: true
+          kvEnginePath: secret
+
 ---
 apiVersion: v1
 kind: ConfigMap

tests/e2e/testfiles/values.yaml

@@ -2,16 +2,19 @@
 - scenario: "Install Authorization Proxy Server"
   paths:
     - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml"
+    - "testfiles/authorization-templates/csm_authorization_crds.yaml"
   modules:
     - "authorizationproxyserver"
   steps:
     - "Given an environment with k8s or openshift, and CSM operator installed"
+    - "Install Authorization CRDs [2]"
     - "Create [authorization-proxy-server] prerequisites from CR [1]"
     - "Apply custom resource [1]"
     - "Validate [authorization-proxy-server] module from CR [1] is installed"
     - "Configure authorization-proxy-server for [powerscale] for CR [1]"
-    - "Configure authorization-proxy-server for [powerflex] for CR [1]"
+    # - "Configure authorization-proxy-server for [powerflex] for CR [1]"
     - "Delete custom resource [1]"
+    - "Delete Authorization CRDs [2]"
 
 - scenario: "Install Authorization CRDs"
   paths: