sigs.k8s.io/blob-csi-driver@v1.24.1/test/e2e/testsuites/pre_provisioned_sastoken_tester.go (about) 1 /* 2 Copyright 2020 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package testsuites 18 19 import ( 20 "context" 21 "fmt" 22 "net/url" 23 "time" 24 25 "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob" 26 "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/sas" 27 "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/service" 28 "github.com/onsi/ginkgo/v2" 29 v1 "k8s.io/api/core/v1" 30 clientset "k8s.io/client-go/kubernetes" 31 "k8s.io/kubernetes/test/e2e/framework" 32 "sigs.k8s.io/blob-csi-driver/pkg/blob" 33 "sigs.k8s.io/blob-csi-driver/test/e2e/driver" 34 "sigs.k8s.io/blob-csi-driver/test/utils/azure" 35 ) 36 37 // PreProvisionedSASTokenTest will provision required PV(s), PVC(s) and Pod(s) 38 // Testing that the Pod(s) can be created successfully with provided Key Vault 39 // which is used to store storage SAS token 40 type PreProvisionedSASTokenTest struct { 41 CSIDriver driver.PreProvisionedVolumeTestDriver 42 Pods []PodDetails 43 Driver *blob.Driver 44 } 45 46 func (t *PreProvisionedSASTokenTest) Run(ctx context.Context, client clientset.Interface, namespace *v1.Namespace) { 47 keyVaultClient, err := azure.NewKeyVaultClient() 48 framework.ExpectNoError(err) 49 50 for _, pod := range t.Pods { 51 for n, volume := range pod.Volumes { 52 // In the method GetStorageAccountAndContainer, we can get an account key of the blob volume 53 // by calling azure API, but not the sas token... 54 accountName, accountKey, _, containerName, err := t.Driver.GetStorageAccountAndContainer(ctx, volume.VolumeID, nil, nil) 55 framework.ExpectNoError(err, fmt.Sprintf("Error GetStorageAccountAndContainer from volumeID(%s): %v", volume.VolumeID, err)) 56 57 ginkgo.By("creating KeyVault...") 58 vault, err := keyVaultClient.CreateVault(ctx) 59 framework.ExpectNoError(err) 60 defer func() { 61 err := keyVaultClient.CleanVault(ctx) 62 framework.ExpectNoError(err) 63 }() 64 65 ginkgo.By("generating SAS token...") 66 sasToken := GenerateSASToken(accountName, accountKey) 67 68 ginkgo.By("creating secret for SAS token...") 69 accountSASSecret, err := keyVaultClient.CreateSecret(ctx, accountName+"-sas", sasToken) 70 framework.ExpectNoError(err) 71 72 pod.Volumes[n].Attrib["containerName"] = containerName 73 pod.Volumes[n].Attrib["storageAccountName"] = accountName 74 pod.Volumes[n].Attrib["keyVaultURL"] = *vault.Properties.VaultURI 75 pod.Volumes[n].Attrib["keyVaultSecretName"] = *accountSASSecret.Name 76 pod.Volumes[n].Attrib["azurestorageauthtype"] = "SAS" 77 78 tpod, cleanup := pod.SetupWithPreProvisionedVolumes(ctx, client, namespace, t.CSIDriver) 79 // defer must be called here for resources not get removed before using them 80 for i := range cleanup { 81 defer cleanup[i](ctx) 82 } 83 84 ginkgo.By("deploying the pod") 85 tpod.Create(ctx) 86 defer tpod.Cleanup(ctx) 87 88 ginkgo.By("checking that the pods command exits with no error") 89 tpod.WaitForSuccess(ctx) 90 } 91 } 92 } 93 94 func GenerateSASToken(accountName, accountKey string) string { 95 credential, err := azblob.NewSharedKeyCredential(accountName, accountKey) 96 framework.ExpectNoError(err) 97 serviceClient, err := service.NewClientWithSharedKeyCredential(fmt.Sprintf("https://%s.blob.core.windows.net/", accountName), credential, nil) 98 framework.ExpectNoError(err) 99 sasURL, err := serviceClient.GetSASURL( 100 sas.AccountResourceTypes{Object: true, Service: true, Container: true}, 101 sas.AccountPermissions{Read: true, List: true, Write: true, Delete: true, Add: true, Create: true, Update: true}, 102 time.Now().Add(10*time.Hour), nil) 103 framework.ExpectNoError(err) 104 u, err := url.Parse(sasURL) 105 framework.ExpectNoError(err) 106 sasToken := "?" + u.RawQuery 107 return sasToken 108 }