Add auth v1 e2e tests using PowerMax mount credentials (#889)

dell · Feb 4, 2025 · e6d958f · e6d958f
1 parent e335d08
commit e6d958f
Show file tree

Hide file tree

Showing 3 changed files with 112 additions and 0 deletions.
diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml
@@ -1875,6 +1875,47 @@
       run:
         - cert-csi test vio --sc op-e2e-pmax --chainLength 1 --chainNumber 1
 
+- scenario: "Install PowerMax Driver with Mount Credentials, Enable Authorization v1"
+  paths:
+    - "testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server.yaml"
+    - "testfiles/storage_csm_powermax_secret.yaml"
+  tags:
+    - "authorizationproxyserver"
+    - "authorization"
+    - "powermax"
+  steps:
+    - "Given an environment with k8s or openshift, and CSM operator installed"
+    - "Create [authorization-proxy-server] prerequisites from CR [1]"
+    - "Apply custom resource [1]"
+    - "Validate [authorization-proxy-server] module from CR [1] is installed"
+    - "Configure authorization-proxy-server for [powermax] for CR [1]"
+    - "Create storageclass with name [op-e2e-pmax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]"
+    - "Set up secret with template [testfiles/powermax-templates/csm-authorization-config.json] name [karavi-authorization-config] in namespace [powermax] for [pmaxAuthSidecar]"
+    - "Set up reverse proxy tls secret namespace [powermax]"
+    - "Set up secret with template [testfiles/powermax-templates/powermax-use-secret-template.yaml] name [powermax-config] in namespace [powermax] for [pmaxUseSecret]"
+    - "Set up creds with template [testfiles/powermax-templates/powermax-array-config.yaml] for [pmaxArrayConfig]"
+    - "Apply custom resource [2]"
+    - "Validate custom resource [2]"
+    - "Validate [powermax] driver from CR [2] is installed"
+    - "Validate [authorization] module from CR [2] is not installed"
+    - "Enable [authorization] module from CR [2]"
+    - "Validate [powermax] driver from CR [2] is installed"
+    - "Validate [authorization] module from CR [2] is installed"
+    - "Run custom test"
+    # cleanup
+    - "Enable forceRemoveDriver on CR [2]"
+    - "Delete custom resource [2]"
+    - "Delete custom resource [1]"
+    - "Validate [powermax] driver from CR [2] is not installed"
+    - "Restore template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]"
+    - "Restore template [testfiles/powermax-templates/csm-authorization-config.json] for [pmaxAuthSidecar]"
+    - "Restore template [testfiles/powermax-templates/powermax-use-secret-template.yaml] for [pmaxUseSecret]"
+    - "Restore template [testfiles/powermax-templates/powermax_reverse_proxy_config_auth.yaml] for [pmaxReverseProxy]"
+  customTest:
+    - name: Cert CSI
+      run:
+        - cert-csi test vio --sc op-e2e-pmax  --chainLength 1 --chainNumber 1
+
 - scenario: "Install PowerMax Driver with Mount Credentials (Sidecar)"
   paths:
     - "testfiles/storage_csm_powermax_secret_sidecar.yaml"
@@ -1931,6 +1972,47 @@
       run:
         - cert-csi test vio --sc op-e2e-pmax --chainLength 1 --chainNumber 1
 
+- scenario: "Install PowerMax Driver with Mount Credentials (Sidecar), Enable Authorization v1"
+  paths:
+    - "testfiles/authorization-templates/storage_csm_authorization_v1_proxy_server.yaml"
+    - "testfiles/storage_csm_powermax_secret_sidecar.yaml"
+  tags:
+    - "authorizationproxyserver"
+    - "authorization"
+    - "powermax"
+  steps:
+    - "Given an environment with k8s or openshift, and CSM operator installed"
+    - "Create [authorization-proxy-server] prerequisites from CR [1]"
+    - "Apply custom resource [1]"
+    - "Validate [authorization-proxy-server] module from CR [1] is installed"
+    - "Configure authorization-proxy-server for [powermax] for CR [1]"
+    - "Create storageclass with name [op-e2e-pmax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]"
+    - "Set up secret with template [testfiles/powermax-templates/csm-authorization-config.json] name [karavi-authorization-config] in namespace [powermax] for [pmaxAuthSidecar]"
+    - "Set up reverse proxy tls secret namespace [powermax]"
+    - "Set up secret with template [testfiles/powermax-templates/powermax-use-secret-template.yaml] name [powermax-config] in namespace [powermax] for [pmaxUseSecret]"
+    - "Set up creds with template [testfiles/powermax-templates/powermax-array-config.yaml] for [pmaxArrayConfig]"
+    - "Apply custom resource [2]"
+    - "Validate custom resource [2]"
+    - "Validate [powermax] driver from CR [2] is installed"
+    - "Validate [authorization] module from CR [2] is not installed"
+    - "Enable [authorization] module from CR [2]"
+    - "Validate [powermax] driver from CR [2] is installed"
+    - "Validate [authorization] module from CR [2] is installed"
+    - "Run custom test"
+    # cleanup
+    - "Enable forceRemoveDriver on CR [2]"
+    - "Delete custom resource [2]"
+    - "Delete custom resource [1]"
+    - "Validate [powermax] driver from CR [2] is not installed"
+    - "Restore template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]"
+    - "Restore template [testfiles/powermax-templates/csm-authorization-config.json] for [pmaxAuthSidecar]"
+    - "Restore template [testfiles/powermax-templates/powermax-use-secret-template.yaml] for [pmaxUseSecret]"
+    - "Restore template [testfiles/powermax-templates/powermax_reverse_proxy_config_auth.yaml] for [pmaxReverseProxy]"
+  customTest:
+    - name: Cert CSI
+      run:
+        - cert-csi test vio --sc op-e2e-pmax  --chainLength 1 --chainNumber 1
+
 - scenario: "Install PowerMax Driver with TLS (Standalone)"
   paths:
     - "testfiles/storage_csm_powermax_tls.yaml"

diff --git a/tests/e2e/testfiles/storage_csm_powermax_secret.yaml b/tests/e2e/testfiles/storage_csm_powermax_secret.yaml
@@ -359,3 +359,18 @@ spec:
             # configMap name which has all array/endpoint related info
             - name: "X_CSI_CONFIG_MAP_NAME"
               value: "powermax-reverseproxy-config"
+    # Authorization: enable csm-authorization for RBAC
+    - name: authorization
+      # enable: Enable/Disable csm-authorization
+      enabled: false
+      configVersion: v1.12.0
+      components:
+        - name: karavi-authorization-proxy
+          image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+          envs:
+            # proxyHost: hostname of the csm-authorization server
+            - name: "PROXY_HOST"
+              value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local"
+            # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server
+            - name: "SKIP_CERTIFICATE_VALIDATION"
+              value: "true"
diff --git a/tests/e2e/testfiles/storage_csm_powermax_secret_sidecar.yaml b/tests/e2e/testfiles/storage_csm_powermax_secret_sidecar.yaml
@@ -359,3 +359,18 @@ spec:
             # configMap name which has all array/endpoint related info
             - name: "X_CSI_CONFIG_MAP_NAME"
               value: "powermax-reverseproxy-config"
+    # Authorization: enable csm-authorization for RBAC
+    - name: authorization
+      # enable: Enable/Disable csm-authorization
+      enabled: false
+      configVersion: v1.12.0
+      components:
+        - name: karavi-authorization-proxy
+          image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+          envs:
+            # proxyHost: hostname of the csm-authorization server
+            - name: "PROXY_HOST"
+              value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local"
+            # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server
+            - name: "SKIP_CERTIFICATE_VALIDATION"
+              value: "true"