Add PowerScale Auth 2.0 E2E Test

tests/e2e/array-info.sh

@@ -40,11 +40,12 @@ export PSCALE_CLUSTER="Isilon-System-Name"
 export PSCALE_USER="username"
 export PSCALE_PASS="password"
 export PSCALE_ENDPOINT="1.1.1.1"
+export PSCALE_PORT="8080"
 export PSCALE_AUTH_ENDPOINT="localhost"
 export PSCALE_AUTH_PORT="9400"
 # The following are Authorization Proxy Server specific for powerscale:
 export PSCALE_POOL_V1="ifs/data/csi"
-export PSCALE_POOL_V2="ifs\/data\/csi" # escape / with \
+export PSCALE_POOL_V2="\/ifs\/data\/csi" # escape / with \
 export PSCALE_STORAGE="powerscale"
 export PSCALE_VAULT_STORAGE_PATH="storage\/powerscale" # escape / with \
 export PSCALE_QUOTA="0GB"

tests/e2e/go.sum

@@ -136,6 +136,7 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4=
 github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag=
 github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8=

tests/e2e/steps/steps_def.go

@@ -53,9 +53,9 @@ var (
 	quotaLimit             = "30000000"
 	pflexSecretMap         = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_PASS": "PFLEX_PASS", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_MDM": "PFLEX_MDM", "REPLACE_POOL": "PFLEX_POOL"}
 	pflexAuthSecretMap     = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_AUTH_ENDPOINT", "REPLACE_MDM": "PFLEX_MDM"}
-	pscaleSecretMap        = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT"}
-	pscaleAuthSecretMap    = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_AUTH_ENDPOINT": "PSCALE_AUTH_ENDPOINT", "REPLACE_PORT": "PSCALE_AUTH_PORT", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT"}
-	pscaleAuthSidecarMap   = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PSCALE_AUTH_ENDPOINT", "REPLACE_PORT": "PSCALE_AUTH_PORT"}
+	pscaleSecretMap        = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_PORT": "PSCALE_PORT"}
+	pscaleAuthSecretMap    = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_AUTH_ENDPOINT": "PSCALE_AUTH_ENDPOINT", "REPLACE_AUTH_PORT": "PSCALE_AUTH_PORT", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_PORT": "PSCALE_PORT"}
+	pscaleAuthSidecarMap   = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PSCALE_AUTH_ENDPOINT", "REPLACE_AUTH_PORT": "PSCALE_AUTH_PORT", "REPLACE_PORT": "PSCALE_PORT"}
 	pflexAuthSidecarMap    = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_PASS": "PFLEX_PASS", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PFLEX_AUTH_ENDPOINT"}
 	pmaxCredMap            = map[string]string{"REPLACE_USER": "PMAX_USER_ENCODED", "REPLACE_PASS": "PMAX_PASS_ENCODED"}
 	pmaxAuthSidecarMap     = map[string]string{"REPLACE_SYSTEMID": "PMAX_SYSTEMID", "REPLACE_ENDPOINT": "PMAX_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PMAX_AUTH_ENDPOINT"}
@@ -67,7 +67,7 @@ var (
 	pflexCrMap = map[string]string{"REPLACE_STORAGE_NAME": "PFLEX_STORAGE", "REPLACE_STORAGE_TYPE": "PFLEX_STORAGE", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_SYSTEM_ID": "PFLEX_SYSTEMID", "REPLACE_VAULT_STORAGE_PATH": "PFLEX_VAULT_STORAGE_PATH", "REPLACE_ROLE_NAME": "PFLEX_ROLE", "REPLACE_QUOTA": "PFLEX_QUOTA", "REPLACE_STORAGE_POOL_PATH": "PFLEX_POOL", "REPLACE_TENANT_NAME": "PFLEX_TENANT", "REPLACE_TENANT_ROLES": "PFLEX_ROLE", "REPLACE_TENANT_VOLUME_PREFIX": "PFLEX_TENANT_PREFIX"}
 
 	// Auth V2
-	pscaleCrMap = map[string]string{"REPLACE_STORAGE_NAME": "PSCALE_STORAGE", "REPLACE_STORAGE_TYPE": "PSCALE_STORAGE", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_SYSTEM_ID": "PSCALE_CLUSTER", "REPLACE_VAULT_STORAGE_PATH": "PSCALE_VAULT_STORAGE_PATH", "REPLACE_ROLE_NAME": "PSCALE_ROLE", "REPLACE_QUOTA": "PSCALE_QUOTA", "REPLACE_STORAGE_POOL_PATH": "PSCALE_POOL_V2", "REPLACE_TENANT_NAME": "PSCALE_TENANT", "REPLACE_TENANT_ROLES": "PSCALE_ROLE", "REPLACE_TENANT_VOLUME_PREFIX": "PSCALE_TENANT_PREFIX"}
+	pscaleCrMap = map[string]string{"REPLACE_STORAGE_NAME": "PSCALE_STORAGE", "REPLACE_STORAGE_TYPE": "PSCALE_STORAGE", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_SYSTEM_ID": "PSCALE_CLUSTER", "REPLACE_VAULT_STORAGE_PATH": "PSCALE_VAULT_STORAGE_PATH", "REPLACE_ROLE_NAME": "PSCALE_ROLE", "REPLACE_QUOTA": "PSCALE_QUOTA", "REPLACE_STORAGE_POOL_PATH": "PSCALE_POOL_V2", "REPLACE_TENANT_NAME": "PSCALE_TENANT", "REPLACE_TENANT_ROLES": "PSCALE_ROLE", "REPLACE_TENANT_VOLUME_PREFIX": "PSCALE_TENANT_PREFIX", "REPLACE_PORT": "PSCALE_PORT"}
 
 	pstoreSecretMap = map[string]string{"REPLACE_USER": "PSTORE_USER", "REPLACE_PASS": "PSTORE_PASS", "REPLACE_GLOBALID": "PSTORE_GLOBALID", "REPLACE_ENDPOINT": "PSTORE_ENDPOINT"}
 	unitySecretMap  = map[string]string{"REPLACE_USER": "UNITY_USER", "REPLACE_PASS": "UNITY_PASS", "REPLACE_ARRAYID": "UNITY_ARRAYID", "REPLACE_ENDPOINT": "UNITY_ENDPOINT", "REPLACE_POOL": "UNITY_POOL", "REPLACE_NAS": "UNITY_NAS"}
@@ -342,7 +342,7 @@ func (step *Step) deleteCustomResource(res Resource, crNumStr string) error {
 func (step *Step) validateCustomResourceStatus(res Resource, crNumStr string) error {
 	crNum, _ := strconv.Atoi(crNumStr)
 	cr := res.CustomResource[crNum-1].(csmv1.ContainerStorageModule)
-	time.Sleep(60 * time.Second)
+	time.Sleep(20 * time.Second)
 	found := new(csmv1.ContainerStorageModule)
 	err := step.ctrlClient.Get(context.TODO(), client.ObjectKey{
 		Namespace: cr.Namespace,
@@ -360,13 +360,13 @@ func (step *Step) validateCustomResourceStatus(res Resource, crNumStr string) er
 
 func (step *Step) validateDriverInstalled(res Resource, driverName string, crNumStr string) error {
 	crNum, _ := strconv.Atoi(crNumStr)
-	time.Sleep(60 * time.Second)
+	time.Sleep(20 * time.Second)
 	return checkAllRunningPods(context.TODO(), res.CustomResource[crNum-1].(csmv1.ContainerStorageModule).Namespace, step.clientSet)
 }
 
 func (step *Step) validateDriverNotInstalled(res Resource, driverName string, crNumStr string) error {
 	crNum, _ := strconv.Atoi(crNumStr)
-	time.Sleep(60 * time.Second)
+	time.Sleep(20 * time.Second)
 	return checkNoRunningPods(context.TODO(), res.CustomResource[crNum-1].(csmv1.ContainerStorageModule).Namespace, step.clientSet)
 }
 
@@ -393,7 +393,7 @@ func (step *Step) removeNodeLabel(res Resource, label string) error {
 func (step *Step) validateModuleInstalled(res Resource, module string, crNumStr string) error {
 	crNum, _ := strconv.Atoi(crNumStr)
 	cr := res.CustomResource[crNum-1].(csmv1.ContainerStorageModule)
-	time.Sleep(60 * time.Second)
+	time.Sleep(10 * time.Second)
 	found := new(csmv1.ContainerStorageModule)
 	if err := step.ctrlClient.Get(context.TODO(), client.ObjectKey{
 		Namespace: cr.Namespace,
@@ -438,7 +438,7 @@ func (step *Step) validateModuleInstalled(res Resource, module string, crNumStr
 func (step *Step) validateModuleNotInstalled(res Resource, module string, crNumStr string) error {
 	crNum, _ := strconv.Atoi(crNumStr)
 	cr := res.CustomResource[crNum-1].(csmv1.ContainerStorageModule)
-	time.Sleep(60 * time.Second)
+	time.Sleep(10 * time.Second)
 	found := new(csmv1.ContainerStorageModule)
 	if err := step.ctrlClient.Get(context.TODO(), client.ObjectKey{
 		Namespace: cr.Namespace,
@@ -905,7 +905,7 @@ func (step *Step) runCustomTest(res Resource) error {
 func (step *Step) enableModule(res Resource, module string, crNumStr string) error {
 	crNum, _ := strconv.Atoi(crNumStr)
 	cr := res.CustomResource[crNum-1].(csmv1.ContainerStorageModule)
-	time.Sleep(60 * time.Second)
+	time.Sleep(15 * time.Second)
 	found := new(csmv1.ContainerStorageModule)
 	if err := step.ctrlClient.Get(context.TODO(), client.ObjectKey{
 		Namespace: cr.Namespace,
@@ -1319,6 +1319,16 @@ func (step *Step) AuthorizationV1Resources(storageType, driver, port, proxyHost,
 	// get env variables
 	if os.Getenv(endpointvar) != "" {
 		endpoint = os.Getenv(endpointvar)
+
+		if driver == "powerscale" {
+			port := os.Getenv("PSCALE_PORT")
+			if port == "" {
+				fmt.Println("=== PSCALE_PORT not set, using default port 8080 ===")
+				port = "8080"
+			}
+
+			endpoint = endpoint + ":" + port
+		}
 	}
 	if os.Getenv(systemIdvar) != "" {
 		sysID = os.Getenv(systemIdvar)
@@ -1430,7 +1440,7 @@ func (step *Step) AuthorizationV1Resources(storageType, driver, port, proxyHost,
 		"generate", "token",
 		"--tenant", tenantName,
 		"--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port),
-		"--access-token-expiration", fmt.Sprint(10*time.Minute),
+		"--access-token-expiration", fmt.Sprint(2*time.Hour),
 	)
 	fmt.Println("=== Token ===\n", cmd.String())
 	b, err = cmd.CombinedOutput()
@@ -1513,7 +1523,19 @@ func (step *Step) AuthorizationV2Resources(storageType, driver, driverNamespace,
 	}
 
 	for key := range mapValues {
-		err := replaceInFile(key, os.Getenv(mapValues[key]), updatedTemplateFile)
+		val := os.Getenv(mapValues[key])
+		if driver == "powerscale" && key == "REPLACE_ENDPOINT" {
+			fmt.Println("Replacing PowerScale Endpoint and adding port...")
+
+			port := os.Getenv(mapValues["REPLACE_PORT"])
+			if port == "" {
+				port = "8080"
+			}
+
+			val = val + ":" + port
+		}
+
+		err := replaceInFile(key, val, updatedTemplateFile)
 		if err != nil {
 			return err
 		}
@@ -1527,6 +1549,9 @@ func (step *Step) AuthorizationV2Resources(storageType, driver, driverNamespace,
 		return fmt.Errorf("failed to create resources for %s: %v\nErrMessage:\n%s", storageType, err, string(b))
 	}
 
+	fmt.Println("Waiting 5 seconds before generating token.")
+	time.Sleep(5 * time.Second)
+
 	// Generate tenant token
 	fmt.Println("=== Generating token ===\n ")
 	cmd = exec.Command("dellctl",

tests/e2e/testfiles/authorization-templates/storage_csm_authorization_template.yaml

@@ -1,18 +1,18 @@
 apiVersion: csm-authorization.storage.dell.com/v1
 kind: Storage
 metadata:
-  name: "REPLACE_STORAGE_NAME"
+  name: REPLACE_STORAGE_NAME
 spec:
-  type: "REPLACE_STORAGE_TYPE"
-  endpoint: "https://REPLACE_ENDPOINT"
-  systemID: "REPLACE_SYSTEM_ID"
+  type: REPLACE_STORAGE_TYPE
+  endpoint: https://REPLACE_ENDPOINT
+  systemID: REPLACE_SYSTEM_ID
   vault:
     identifier: vault0
     kvEngine: secret
-    path: "REPLACE_VAULT_STORAGE_PATH"
+    path: REPLACE_VAULT_STORAGE_PATH
   skipCertificateValidation: true
   pollInterval: 30s
-  isiPath: "REPLACE_STORAGE_POOL_PATH"
+  isiPath: REPLACE_STORAGE_POOL_PATH
 ---
 apiVersion: csm-authorization.storage.dell.com/v1
 kind: CSMRole
@@ -23,12 +23,12 @@ metadata:
     app.kubernetes.io/part-of: csm-authorization
     app.kubernetes.io/managed-by: kustomize
     app.kubernetes.io/created-by: csm-authorization
-  name: "REPLACE_ROLE_NAME"
+  name: REPLACE_ROLE_NAME
 spec:
-  quota: "REPLACE_QUOTA"
-  systemID: "REPLACE_SYSTEM_ID"
-  systemType: "REPLACE_STORAGE_TYPE"
-  pool: "REPLACE_STORAGE_POOL_PATH"
+  quota: REPLACE_QUOTA
+  systemID: REPLACE_SYSTEM_ID
+  systemType: REPLACE_STORAGE_TYPE
+  pool: REPLACE_STORAGE_POOL_PATH
 ---
 apiVersion: csm-authorization.storage.dell.com/v1
 kind: CSMTenant
@@ -39,12 +39,12 @@ metadata:
     app.kubernetes.io/part-of: csm-authorization
     app.kubernetes.io/managed-by: kustomize
     app.kubernetes.io/created-by: csm-authorization
-  name: "REPLACE_TENANT_NAME"
+  name: REPLACE_TENANT_NAME
 spec:
   # TODO(user): Add fields here
-  roles: "REPLACE_TENANT_ROLES"
+  roles: REPLACE_TENANT_ROLES
   approveSdc: false
   revoke: false
   # This prefix is added for each new volume provisioned by the tenant.
   # It should not exceed 3 characters. Example: tn1
-  volumePrefix: "REPLACE_TENANT_VOLUME_PREFIX"
+  volumePrefix: REPLACE_TENANT_VOLUME_PREFIX

tests/e2e/testfiles/powerscale-templates/karavi-authorization-config.json

@@ -1,8 +1,8 @@
 [{
     "username":"-",
     "password":"-",
-    "intendedEndpoint":"https://REPLACE_ENDPOINT",
-    "endpoint":"https://REPLACE_AUTH_ENDPOINT:REPLACE_PORT",
+    "intendedEndpoint":"https://REPLACE_ENDPOINT:REPLACE_PORT",
+    "endpoint":"https://REPLACE_AUTH_ENDPOINT:REPLACE_AUTH_PORT",
     "systemID": "REPLACE_CLUSTERNAME",
     "insecure":true,
     "isDefault":true

tests/e2e/testfiles/powerscale-templates/powerscale-auth-secret-template.yaml

@@ -1,9 +1,11 @@
 isilonClusters:
   - clusterName: "REPLACE_CLUSTERNAME"
-    username: "REPLACE_USER"
-    password: "REPLACE_PASS"
+    username: "ignored"
+    password: "ignored"
     isDefault: true
     endpoint: "REPLACE_AUTH_ENDPOINT"
-    endpointPort: "REPLACE_PORT"
+    endpointPort: "REPLACE_AUTH_PORT"
     skipCertificateValidation: true
     mountEndpoint: "REPLACE_ENDPOINT"
+    isiPath: "/ifs/data/csi"
+    isiVolumePathPermissions: "0777"

tests/e2e/testfiles/powerscale-templates/powerscale-secret-template.yaml

@@ -5,4 +5,4 @@ isilonClusters:
     isDefault: true
     endpoint: "REPLACE_ENDPOINT"
     skipCertificateValidation: true
-    endpointPort: 8080
+    endpointPort: "REPLACE_PORT"