EKS Stuffz (#78)

* adds basic eks workflow structure * * Added EKS functional test set up + teardown. (#79) - Adding EKS test set up * creates GenericImageBuilderTestSuite for use by multiple cloud implementations * * Updated EKS functional test set up to use the shared functions. * * Split the repo URL to access the registry and repo in ECR. * * Added parsing of the repository URL. * * Updated testenv to include kubeconfig changes. * Added filename to EKS set up. * updates testenv dep and adds aws-sdk so we can pull ecr credentials * changes cert-manager default webhook port to avoid collision with eks' default kubelet port...hurumph * fixes GenericImageBuilderTestSuite so that a new CloudAuthTest func can encapsulate the details of each cloud enviornment also makes some changes to the LoadBalancer service lookup checking for the Hostname first, then defaulting to the IP when that's blank * updates functional test workflow with complete EKS Co-authored-by: Jade <[email protected]> Co-authored-by: Jade Hayes <[email protected]>
dominodatalab · Nov 10, 2022 · 1e126f4 · 1e126f4
1 parent f3cbeb1
commit 1e126f4
Show file tree

Hide file tree

Showing 7 changed files with 712 additions and 460 deletions.
diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml
@@ -5,6 +5,85 @@ on:
     types: [created]
 
 jobs:
+  eks:
+    if: ${{ github.event.issue.pull_request && github.event.comment.body == '/functional-test' }}
+    name: EKS image building
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Checkout pull request
+        run: hub pr checkout ${{ github.event.issue.number }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Update PR Comment
+        uses: peter-evans/create-or-update-comment@v2
+        with:
+          comment-id: ${{ github.event.comment.id }}
+          body: |
+
+            **Launched workflow:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          reactions: rocket
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Install Go
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: test/functional/go.mod
+
+      - id: go-cache-paths
+        name: Gather Go cache paths
+        run: |
+          echo "::set-output name=go-build::$(go env GOCACHE)"
+          echo "::set-output name=go-mod::$(go env GOMODCACHE)"
+
+      - name: Go build cache
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.go-cache-paths.outputs.go-build }}
+          key: ${{ runner.os }}-go-build-${{ hashFiles('test/functional/**/*.go') }}
+
+      - name: Go mod cache
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.go-cache-paths.outputs.go-mod }}
+          key: ${{ runner.os }}-go-mod-${{ hashFiles('test/functional/go.sum') }}
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.10.1
+
+      - name: Run tests
+        env:
+          VERBOSE_TESTING: true
+          GCP_REGION: ${{ secrets.GCP_REGION }}
+          GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
+          MANAGER_IMAGE_TAG: pr-${{ github.event.issue.number }}
+        run: |
+          cd test/functional
+          go test -timeout 0 -tags functional,eks
+
+      - name: Save testenv files
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: testenv-eks
+          path: |
+            test/functional/testenv
+            !test/functional/testenv/**/.terraform/
+
   gke:
     if: ${{ github.event.issue.pull_request && github.event.comment.body == '/functional-test' }}
     name: GKE image building
@@ -84,6 +163,7 @@ jobs:
             test/functional/testenv
             !test/functional/testenv/**/.terraform/
 
+
   aks:
     name: AKS image building
     runs-on: ubuntu-latest

diff --git a/test/functional/eks_test.go b/test/functional/eks_test.go
@@ -1 +1,86 @@
+//go:build functional && eks
+
 package functional
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/ecr"
+	hephv1 "github.com/dominodatalab/hephaestus/pkg/api/hephaestus/v1"
+	"github.com/dominodatalab/testenv"
+	"github.com/heroku/docker-registry-client/registry"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/stretchr/testify/suite"
+	"k8s.io/utils/pointer"
+)
+
+func TestEKSFunctionality(t *testing.T) {
+	suite.Run(t, new(EKSTestSuite))
+}
+
+type EKSTestSuite struct {
+	GenericImageBuilderTestSuite
+
+	region string
+}
+
+func (suite *EKSTestSuite) SetupSuite() {
+	suite.region = os.Getenv("AWS_REGION")
+	suite.CloudAuthTest = suite.testCloudAuth
+	suite.CloudConfigFunc = func() testenv.CloudConfig {
+		return testenv.EKSConfig{
+			Region:            suite.region,
+			KubernetesVersion: os.Getenv("KUBERNETES_VERSION"),
+		}
+	}
+
+	suite.GenericImageBuilderTestSuite.SetupSuite()
+}
+
+func (suite *EKSTestSuite) testCloudAuth(ctx context.Context, t *testing.T) {
+	fullRepo, err := suite.manager.OutputVar(ctx, "repository")
+	require.NoError(t, err)
+
+	canonicalImage := string(fullRepo)
+	cloudRegistry := strings.SplitN(canonicalImage, "/", 2)[0]
+	cloudRepository := strings.SplitN(canonicalImage, "/", 2)[1]
+
+	build := newImageBuild(
+		python39JupyterBuildContext,
+		canonicalImage,
+		&hephv1.RegistryCredentials{
+			Server:        cloudRegistry,
+			CloudProvided: pointer.Bool(true),
+		},
+	)
+	ib := createBuild(t, ctx, suite.hephClient, build)
+
+	conf, err := config.LoadDefaultConfig(ctx, config.WithEC2IMDSRegion())
+	require.NoError(t, err)
+
+	client := ecr.NewFromConfig(conf)
+	input := &ecr.GetAuthorizationTokenInput{}
+	resp, err := client.GetAuthorizationToken(ctx, input)
+	require.NoError(t, err)
+
+	authToken := aws.ToString(resp.AuthorizationData[0].AuthorizationToken)
+	decoded, err := base64.StdEncoding.DecodeString(authToken)
+	require.NoError(t, err)
+
+	credentials := strings.SplitN(string(decoded), ":", 2)
+
+	hub, err := registry.New(fmt.Sprintf("https://%s", cloudRegistry), credentials[0], credentials[1])
+	require.NoError(t, err)
+
+	tags, err := hub.Tags(cloudRepository)
+	require.NoError(t, err)
+	assert.Contains(t, tags, ib.Spec.LogKey)
+}