sigs.k8s.io/blob-csi-driver@v1.24.1/test/e2e/testsuites/pre_provisioned_sastoken_tester.go

sigs.k8s.io/blob-csi-driver@v1.24.1/test/e2e/testsuites/pre_provisioned_sastoken_tester.go (about)

     1  /*
     2  Copyright 2020 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package testsuites
    18  
    19  import (
    20  	"context"
    21  	"fmt"
    22  	"net/url"
    23  	"time"
    24  
    25  	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
    26  	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/sas"
    27  	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/service"
    28  	"github.com/onsi/ginkgo/v2"
    29  	v1 "k8s.io/api/core/v1"
    30  	clientset "k8s.io/client-go/kubernetes"
    31  	"k8s.io/kubernetes/test/e2e/framework"
    32  	"sigs.k8s.io/blob-csi-driver/pkg/blob"
    33  	"sigs.k8s.io/blob-csi-driver/test/e2e/driver"
    34  	"sigs.k8s.io/blob-csi-driver/test/utils/azure"
    35  )
    36  
    37  // PreProvisionedSASTokenTest will provision required PV(s), PVC(s) and Pod(s)
    38  // Testing that the Pod(s) can be created successfully with provided Key Vault
    39  // which is used to store storage SAS token
    40  type PreProvisionedSASTokenTest struct {
    41  	CSIDriver driver.PreProvisionedVolumeTestDriver
    42  	Pods      []PodDetails
    43  	Driver    *blob.Driver
    44  }
    45  
    46  func (t *PreProvisionedSASTokenTest) Run(ctx context.Context, client clientset.Interface, namespace *v1.Namespace) {
    47  	keyVaultClient, err := azure.NewKeyVaultClient()
    48  	framework.ExpectNoError(err)
    49  
    50  	for _, pod := range t.Pods {
    51  		for n, volume := range pod.Volumes {
    52  			// In the method GetStorageAccountAndContainer, we can get an account key of the blob volume
    53  			// by calling azure API, but not the sas token...
    54  			accountName, accountKey, _, containerName, err := t.Driver.GetStorageAccountAndContainer(ctx, volume.VolumeID, nil, nil)
    55  			framework.ExpectNoError(err, fmt.Sprintf("Error GetStorageAccountAndContainer from volumeID(%s): %v", volume.VolumeID, err))
    56  
    57  			ginkgo.By("creating KeyVault...")
    58  			vault, err := keyVaultClient.CreateVault(ctx)
    59  			framework.ExpectNoError(err)
    60  			defer func() {
    61  				err := keyVaultClient.CleanVault(ctx)
    62  				framework.ExpectNoError(err)
    63  			}()
    64  
    65  			ginkgo.By("generating SAS token...")
    66  			sasToken := GenerateSASToken(accountName, accountKey)
    67  
    68  			ginkgo.By("creating secret for SAS token...")
    69  			accountSASSecret, err := keyVaultClient.CreateSecret(ctx, accountName+"-sas", sasToken)
    70  			framework.ExpectNoError(err)
    71  
    72  			pod.Volumes[n].Attrib["containerName"] = containerName
    73  			pod.Volumes[n].Attrib["storageAccountName"] = accountName
    74  			pod.Volumes[n].Attrib["keyVaultURL"] = *vault.Properties.VaultURI
    75  			pod.Volumes[n].Attrib["keyVaultSecretName"] = *accountSASSecret.Name
    76  			pod.Volumes[n].Attrib["azurestorageauthtype"] = "SAS"
    77  
    78  			tpod, cleanup := pod.SetupWithPreProvisionedVolumes(ctx, client, namespace, t.CSIDriver)
    79  			// defer must be called here for resources not get removed before using them
    80  			for i := range cleanup {
    81  				defer cleanup[i](ctx)
    82  			}
    83  
    84  			ginkgo.By("deploying the pod")
    85  			tpod.Create(ctx)
    86  			defer tpod.Cleanup(ctx)
    87  
    88  			ginkgo.By("checking that the pods command exits with no error")
    89  			tpod.WaitForSuccess(ctx)
    90  		}
    91  	}
    92  }
    93  
    94  func GenerateSASToken(accountName, accountKey string) string {
    95  	credential, err := azblob.NewSharedKeyCredential(accountName, accountKey)
    96  	framework.ExpectNoError(err)
    97  	serviceClient, err := service.NewClientWithSharedKeyCredential(fmt.Sprintf("https://%s.blob.core.windows.net/", accountName), credential, nil)
    98  	framework.ExpectNoError(err)
    99  	sasURL, err := serviceClient.GetSASURL(
   100  		sas.AccountResourceTypes{Object: true, Service: true, Container: true},
   101  		sas.AccountPermissions{Read: true, List: true, Write: true, Delete: true, Add: true, Create: true, Update: true},
   102  		time.Now().Add(10*time.Hour), nil)
   103  	framework.ExpectNoError(err)
   104  	u, err := url.Parse(sasURL)
   105  	framework.ExpectNoError(err)
   106  	sasToken := "?" + u.RawQuery
   107  	return sasToken
   108  }