github.com/percona/percona-xtradb-cluster-operator@v1.14.0/e2e-tests/demand-backup-encrypted-with-tls/run (about)

     1  #!/bin/bash
     2  
     3  set -o errexit
     4  
     5  test_dir=$(realpath $(dirname $0))
     6  . ${test_dir}/../functions
     7  
     8  set_debug
     9  
    10  function jq_filter() {
    11  	local vault_root=$1
    12  	jq -r "[ .[] | .=\"'$vault_root/\"+.+\"'\" ] | join(\", \")"
    13  }
    14  
    15  main() {
    16  	create_infra $namespace
    17  
    18  	vault1="vault-service-1-${RANDOM}"
    19  	protocol="https"
    20  	start_vault $vault1 $protocol
    21  	token1=$(jq -r ".root_token" <"$tmp_dir/$vault1")
    22  	ip1="$protocol://$vault1.$vault1.svc.cluster.local"
    23  
    24  	cluster="some-name"
    25  	spinup_pxc "$cluster" "$conf_dir/$cluster.yml"
    26  	keyring_plugin_must_be_in_use "$cluster"
    27  	table_must_be_encrypted "$cluster" "myApp"
    28  
    29  	run_backup "$cluster" "on-demand-backup-pvc"
    30  	run_recovery_check "$cluster" "on-demand-backup-pvc"
    31  	kubectl_bin delete -f "$test_dir/conf/restore-on-demand-backup-pvc.yaml"
    32  	check_pvc_md5
    33  	table_must_be_encrypted "$cluster" "myApp"
    34  	keyring_plugin_must_be_in_use "$cluster"
    35  
    36  	if [ -z "$SKIP_REMOTE_BACKUPS" ]; then
    37  		run_backup "$cluster" "on-demand-backup-aws-s3"
    38  		run_recovery_check "$cluster" "on-demand-backup-aws-s3"
    39  		kubectl_bin delete -f "$test_dir/conf/restore-on-demand-backup-aws-s3.yaml"
    40  		table_must_be_encrypted "$cluster" "myApp"
    41  		keyring_plugin_must_be_in_use "$cluster"
    42  	fi
    43  
    44  	mountpt=$(kubectl_bin get -f "$conf_dir/vault-secret.yaml" -o json | egrep -o "secret_mount_point = \w+" | awk -F "=[ ]*" '{print $2}')
    45  	transition_keys=$(kubectl_bin exec --namespace="$vault1" -it $vault1-0 -- sh -c "
    46          VAULT_TOKEN=$token1 vault kv list -format=json $mountpt/backup/" \
    47  		| jq_filter "$mountpt/backup/")
    48  
    49  	vault2="vault-service-2-${RANDOM}"
    50  	start_vault $vault2 $protocol
    51  	token2=$(jq -r ".root_token" <"$tmp_dir/$vault2")
    52  	ip2="$protocol://$vault2.$vault2.svc.cluster.local"
    53  
    54  	kubectl_bin run -i --tty vault-cp --image=perconalab/vault-cp:latest --restart=Never -- sh -c "
    55          sed -i 's/token=cfg.old_token)/token=cfg.old_token, verify=False)/' /src/vault-cp.py \
    56          && sed -i 's/token=cfg.new_token)/token=cfg.new_token, verify=False)/' /src/vault-cp.py \
    57          && echo \"
    58  old_url = '$ip1:8200'
    59  old_token = '$token1'
    60  new_url = '$ip2:8200'
    61  new_token = '$token2'
    62  secrets = [ $transition_keys ]
    63  \" > /src/config.py
    64      python3 /src/vault-cp.py
    65      "
    66  
    67  	run_recovery_check "$cluster" "on-demand-backup-pvc"
    68  	table_must_be_encrypted "$cluster" "myApp"
    69  	keyring_plugin_must_be_in_use "$cluster"
    70  
    71  	if [ -z "$SKIP_REMOTE_BACKUPS" ]; then
    72  		run_recovery_check "$cluster" "on-demand-backup-aws-s3"
    73  		table_must_be_encrypted "$cluster" "myApp"
    74  		keyring_plugin_must_be_in_use "$cluster"
    75  	fi
    76  
    77  	for i in $vault1 $vault2; do
    78  		helm uninstall $i || :
    79  		kubectl_bin delete --grace-period=0 --force=true namespace $i &
    80  	done
    81  
    82  	destroy $namespace
    83  	desc "test passed"
    84  }
    85  
    86  main