github.com/percona/percona-xtradb-cluster-operator@v1.14.0/e2e-tests/security-context/run

github.com/percona/percona-xtradb-cluster-operator@v1.14.0/e2e-tests/security-context/run (about)

     1  #!/bin/bash
     2  
     3  set -o errexit
     4  
     5  test_dir=$(realpath $(dirname $0))
     6  . ${test_dir}/../functions
     7  
     8  set_debug
     9  
    10  create_infra $namespace
    11  deploy_cert_manager
    12  
    13  kubectl_bin apply -f "$test_dir/conf/service-account.yml"
    14  if [[ -n ${OPENSHIFT} ]]; then
    15  	oc adm policy add-scc-to-user privileged -z percona-xtradb-cluster-operator-workload
    16  
    17  	if [ -n "$OPERATOR_NS" ]; then
    18  		oc patch clusterrole/percona-xtradb-cluster-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]' ${OPERATOR_NS:+-n $OPERATOR_NS}
    19  	else
    20  		oc patch role/percona-xtradb-cluster-operator --type json -p='[{"op":"add","path": "/rules/-","value":{"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"verbs":["use"],"resourceNames":["privileged"]}}]'
    21  	fi
    22  fi
    23  
    24  desc 'create first PXC cluster'
    25  cluster="sec-context"
    26  spinup_pxc "$cluster" "$test_dir/conf/$cluster.yml" "3" "10" "${conf_dir}/secrets_without_tls.yml"
    27  
    28  desc 'check if service and statefulset created with expected config'
    29  compare_kubectl statefulset/$cluster-pxc
    30  compare_kubectl statefulset/$cluster-proxysql
    31  
    32  desc 'change security context in PXC cluster'
    33  pfx="-changes"
    34  apply_config "$test_dir/conf/$cluster$pfx.yml"
    35  sleep 30
    36  
    37  desc 'check if service and statefulset chenged to expected config'
    38  compare_kubectl statefulset/$cluster-pxc $pfx
    39  compare_kubectl statefulset/$cluster-proxysql $pfx
    40  
    41  wait_cluster_consistency "$cluster" 3 2
    42  
    43  desc 'run pvc backup'
    44  backup="on-demand-backup-pvc"
    45  kubectl_bin apply -f "$test_dir/conf/$cluster-$backup.yml"
    46  wait_backup $backup
    47  compare_kubectl job.batch/xb-$backup
    48  
    49  kubectl_bin config set-context "$(kubectl_bin config current-context)" --namespace="$namespace"
    50  
    51  desc 'run pvc restore'
    52  restore="restore-pvc"
    53  cat "$test_dir/conf/$cluster-$restore.yml" \
    54  	| $sed -e "s~minio-service.#namespace~minio-service.$namespace~" \
    55  	| kubectl_bin apply -f -
    56  wait_pod restore-src-$restore-$cluster
    57  kubectl_bin get -o yaml pod/restore-src-restore-pvc-sec-context
    58  if version_gt "1.21"; then
    59  	compare_kubectl pod/restore-src-$restore-$cluster
    60  else
    61  	compare_kubectl pod/restore-src-$restore-$cluster "-120"
    62  fi
    63  wait_backup_restore $restore
    64  compare_kubectl job.batch/restore-job-$restore-$cluster
    65  
    66  desc 'run s3 backup'
    67  kubectl_bin apply -f $conf_dir/minio-secret.yml
    68  start_minio
    69  
    70  wait_cluster_consistency "$cluster" 3 2
    71  backup="on-demand-backup-s3"
    72  kubectl_bin apply -f "$test_dir/conf/$cluster-$backup.yml"
    73  wait_backup $backup
    74  compare_kubectl job.batch/xb-$backup
    75  
    76  desc 'run s3 restore'
    77  restore="restore-s3"
    78  cat "$test_dir/conf/$cluster-$restore.yml" \
    79  	| $sed -e "s~minio-service.#namespace~minio-service.$namespace~" \
    80  	| kubectl_bin apply -f -
    81  wait_backup_restore $restore
    82  compare_kubectl job.batch/restore-job-$restore-$cluster
    83  
    84  if [[ -n ${OPENSHIFT} ]]; then
    85  	oc adm policy remove-scc-from-user privileged -z percona-xtradb-cluster-operator-workload
    86  fi
    87  destroy $namespace
    88  desc "test passed"