test: add bats tests for csi-secrets-store-provider-alibabacloud

Makefile

@@ -97,6 +97,7 @@ KUBECTL := kubectl
 ENVSUBST := envsubst
 EKSCTL := eksctl
 YQ := yq
+ALIYUNCLI := aliyun
 
 # Test variables
 KIND_VERSION ?= 0.18.0
@@ -221,6 +222,9 @@ $(PROTOC): ## Install protoc
 $(YQ): ## Install yq for running the tests
 	curl -LO https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_linux_amd64 && chmod +x ./yq_linux_amd64 && mv yq_linux_amd64 /usr/local/bin/yq
 
+$(ALIYUNCLI): ## Install aliyun for running the tests
+	curl -LO https://github.com/aliyun/aliyun-cli/releases/download/v3.0.161/aliyun-cli-linux-3.0.161-amd64.tgz && tar xzvf aliyun-cli-linux-3.0.161-amd64.tgz && chmod +x ./aliyun && cp aliyun /usr/local/bin
+
 SHELLCHECK := $(TOOLS_BIN_DIR)/shellcheck-$(SHELLCHECK_VER)
 $(SHELLCHECK): OS := $(shell uname | tr '[:upper:]' '[:lower:]')
 $(SHELLCHECK): ARCH := $(shell uname -m)
@@ -490,6 +494,10 @@ e2e-akeyless:
 e2e-gcp:
 	bats -t test/bats/gcp.bats
 
+.PHONY: e2e-alibabacloud
+e2e-alibabacloud: $(ALIYUNCLI)
+	bats -t test/bats/alibabacloud.bats
+
 .PHONY: e2e-aws
 e2e-aws:
 	bats -t test/bats/aws.bats

test/bats/alibabacloud.bats

@@ -0,0 +1,70 @@
+#!/usr/bin/env bats
+
+load helpers
+
+WAIT_TIME=120
+SLEEP_TIME=1
+NAMESPACE=kube-system
+POD_NAME=alibabacloud-basic-test-mount
+BATS_TEST_DIR=test/bats/tests/alibabacloud
+PROVIDER_YAML=https://raw.githubusercontent.com/AliyunContainerService/secrets-store-csi-driver-provider-alibaba-cloud/main/deployment/provider-alibabacloud-installer.yaml
+
+setup() {
+  if [[ -z "${ALIBABACLOUD_ACCESS_KEY}" ]] || [[ -z "${ALIBABACLOUD_ACCESS_SECRET}" ]]; then
+    echo "Error: ram ak/sk is not provided" >&2
+    return 1
+  fi
+}
+
+setup_file() {
+    #Configure aliyun cli profile
+    aliyun configure set --profile akProfile --mode AK --region us-west-1 --access-key-id ${ALIBABACLOUD_ACCESS_KEY} --access-key-secret ${ALIBABACLOUD_ACCESS_SECRET}
+
+    #Create test secrets
+    aliyun kms CreateSecret --SecretName testBasic --SecretData testValue --VersionId v1
+}
+
+teardown_file() {
+    aliyun kms DeleteSecret --SecretName testBasic --ForceDeleteWithoutRecovery true
+}
+
+@test "install alibabacloud provider" {
+  run kubectl apply -f $PROVIDER_YAML --namespace $NAMESPACE
+  assert_success
+
+  kubectl wait --for=condition=Ready --timeout=120s pod -l app=csi-secrets-store-provider-alibabacloud --namespace $NAMESPACE
+
+  ALIBABACLOUD_PROVIDER_POD=$(kubectl get pod --namespace $NAMESPACE -l app=csi-secrets-store-provider-alibabacloud -o jsonpath="{.items[0].metadata.name}")
+
+  run kubectl get pod/$ALIBABACLOUD_PROVIDER_POD --namespace $NAMESPACE
+  assert_success
+}
+
+@test "secretproviderclasses crd is established" {
+    cmd="kubectl wait --namespace $NAMESPACE --for condition=established --timeout=60s crd/secretproviderclasses.secrets-store.csi.x-k8s.io"
+    wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"
+
+    run kubectl get crd/secretproviderclasses.secrets-store.csi.x-k8s.io
+    assert_success
+}
+
+@test "deploy alibabacloud secretproviderclass crd" {
+    envsubst < $BATS_TEST_DIR/secretproviderclass.yaml | kubectl --namespace $NAMESPACE apply -f -
+
+    cmd="kubectl --namespace $NAMESPACE get secretproviderclasses.secrets-store.csi.x-k8s.io/alibabacloud-basic-test-mount-spc -o yaml | grep alibabacloud"
+    wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"
+}
+
+@test "CSI inline volume test with pod portability" {
+   kubectl --namespace $NAMESPACE  apply -f $BATS_TEST_DIR/pod-inline-volume-secretproviderclass.yaml
+   cmd="kubectl --namespace $NAMESPACE  wait --for=condition=Ready --timeout=60s pod/alibabacloud-basic-test-mount"
+   wait_for_process $WAIT_TIME $SLEEP_TIME "$cmd"
+
+   run kubectl --namespace $NAMESPACE  get pod/$POD_NAME
+   assert_success
+}
+
+@test "CSI inline volume test with pod portability - read secrets manager secrets from pod" {
+    result=$(kubectl --namespace $NAMESPACE exec $POD_NAME -- cat /mnt/secrets-store/testBasic)
+    [[ "${result//$'\r'}" == "testValue" ]]
+}

test/bats/tests/alibabacloud/pod-inline-volume-secretproviderclass.yaml

@@ -0,0 +1,25 @@
+kind: Pod
+apiVersion: v1
+metadata:
+  name: alibabacloud-basic-test-mount
+spec:
+  containers:
+    - image: registry.k8s.io/e2e-test-images/busybox:1.29-4
+      name: busybox
+      imagePullPolicy: IfNotPresent
+      command:
+        - "/bin/sleep"
+        - "10000"
+      volumeMounts:
+        - name: secrets-store-inline
+          mountPath: "/mnt/secrets-store"
+          readOnly: true
+  volumes:
+    - name: secrets-store-inline
+      csi:
+        driver: secrets-store.csi.k8s.io
+        readOnly: true
+        volumeAttributes:
+          secretProviderClass: "alibabacloud-basic-test-mount-spc"
+        nodePublishSecretRef:
+          name: secrets-store-creds

test/bats/tests/alibabacloud/secretproviderclass.yaml

@@ -0,0 +1,9 @@
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: alibabacloud-basic-test-mount-spc
+spec:
+  provider: alibabacloud
+  parameters:
+    objects: |
+      - objectName: testBasic