From 844162a7ab2d4f0f2cd18db04bd4118736159233 Mon Sep 17 00:00:00 2001 From: Cesar Celis Hernandez Date: Tue, 22 Feb 2022 00:57:09 -0500 Subject: [PATCH] Add test to list the tenants in Operator UI (#1605) Co-authored-by: Alex <33497058+bexsoft@users.noreply.github.com> --- .github/workflows/operator.yaml | 6 +- portal-ui/tests/operator/list-tenants.ts | 23 ++ .../kustomization/base/kustomization.yaml | 9 + .../kustomization/base/namespace.yaml | 4 + .../kustomization/base/storage-user.yaml | 9 + .../kustomization/base/tenant-config.yaml | 13 + .../tenant-minio-creds-secret_deprecated.yaml | 9 + .../examples/kustomization/base/tenant.yaml | 240 ++++++++++++++++++ .../tenant-env-encryption/kustomization.yaml | 14 + .../tenant-env-encryption/tenant.yaml | 10 + .../tenantNamePatch.yaml | 3 + .../kustomization.yaml | 16 ++ .../tenant-external-idp-ldap/openldap.yaml | 89 +++++++ .../storage-user.yaml | 9 + .../tenant-external-idp-ldap/tenant.yaml | 20 ++ .../tenantNamePatch.yaml | 3 + .../kustomization.yaml | 14 + .../tenant-external-idp-oidc/tenant.yaml | 18 ++ .../tenantNamePatch.yaml | 3 + .../kes-configuration-secret.yaml | 62 +++++ .../tenant-kes-encryption/kustomization.yaml | 15 ++ .../tenant-kes-encryption/tenant.yaml | 57 +++++ .../tenantNamePatch.yaml | 3 + .../tenant-lite/kustomization.yaml | 0 .../kustomization}/tenant-lite/tenant.yaml | 2 +- .../tenant-lite/tenantNamePatch.yaml | 0 .../tenant-tiny/kustomization.yaml | 14 + .../kustomization/tenant-tiny/tenant.yaml | 25 ++ .../tenant-tiny/tenantNamePatch.yaml | 3 + .../scripts/examples/vault/deployment.yaml | 51 ++++ .../scripts/examples/vault/kes-policy.hcl | 3 + portal-ui/tests/scripts/operator.sh | 56 ++-- 32 files changed, 765 insertions(+), 38 deletions(-) create mode 100644 portal-ui/tests/operator/list-tenants.ts create mode 100644 portal-ui/tests/scripts/examples/kustomization/base/kustomization.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/base/namespace.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/base/storage-user.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/base/tenant-config.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/base/tenant-minio-creds-secret_deprecated.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/base/tenant.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/kustomization.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenant.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenantNamePatch.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/kustomization.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/openldap.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/storage-user.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenant.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenantNamePatch.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/kustomization.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenant.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenantNamePatch.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kustomization.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenant.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenantNamePatch.yaml rename portal-ui/tests/scripts/{ => examples/kustomization}/tenant-lite/kustomization.yaml (100%) rename portal-ui/tests/scripts/{ => examples/kustomization}/tenant-lite/tenant.yaml (96%) rename portal-ui/tests/scripts/{ => examples/kustomization}/tenant-lite/tenantNamePatch.yaml (100%) create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-tiny/kustomization.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenant.yaml create mode 100644 portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenantNamePatch.yaml create mode 100644 portal-ui/tests/scripts/examples/vault/deployment.yaml create mode 100644 portal-ui/tests/scripts/examples/vault/kes-policy.hcl mode change 100644 => 100755 portal-ui/tests/scripts/operator.sh diff --git a/.github/workflows/operator.yaml b/.github/workflows/operator.yaml index 04726d6f3..514afd1f7 100644 --- a/.github/workflows/operator.yaml +++ b/.github/workflows/operator.yaml @@ -56,12 +56,12 @@ jobs: run: | make console - - name: Start Console, front-end app + # Runs a set of commands using the runners shell + - name: Start Kind for Operator UI run: | - (./console operator) & (make initialize-operator) + "${GITHUB_WORKSPACE}/portal-ui/tests/scripts/operator.sh" - name: Run TestCafe Tests uses: DevExpress/testcafe-action@latest with: args: '"chrome:headless" portal-ui/tests/operator/ --skip-js-errors -c 3' - diff --git a/portal-ui/tests/operator/list-tenants.ts b/portal-ui/tests/operator/list-tenants.ts new file mode 100644 index 000000000..8665000de --- /dev/null +++ b/portal-ui/tests/operator/list-tenants.ts @@ -0,0 +1,23 @@ +import { diagnosticsElement, supportElement } from "../utils/elements-menu"; +import { Selector } from 'testcafe'; + + +fixture("For user with default permissions").page("http://localhost:9090"); + +test("Create Tenant", async (t) => { + + const osCount = Selector(`#root > div > main > div[class] > div > div > div > div:nth-child(1) > div > div > div`).count; + + await t + .navigateTo("http://localhost:9090/login") + .typeText("#jwt","anyrandompasswordwillwork") + .click("button.MuiButton-root") + .click(Selector('button[tabindex="0"][type="button"]').withText('Create Tenant')) + .typeText("#tenant-name","thufeb1754epm") + .typeText("#namespace","default") + .wait(2000) + .click("button[tabindex=\"0\"]:nth-of-type(2)") + .click(Selector('button[tabindex="0"][type="button"]').withText('Done')) + .expect(osCount).eql(2); + +}); diff --git a/portal-ui/tests/scripts/examples/kustomization/base/kustomization.yaml b/portal-ui/tests/scripts/examples/kustomization/base/kustomization.yaml new file mode 100644 index 000000000..5ffe2cb5e --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/base/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: minio-tenant +resources: + - namespace.yaml + - tenant-config.yaml + - tenant-minio-creds-secret_deprecated.yaml + - storage-user.yaml + - tenant.yaml diff --git a/portal-ui/tests/scripts/examples/kustomization/base/namespace.yaml b/portal-ui/tests/scripts/examples/kustomization/base/namespace.yaml new file mode 100644 index 000000000..f5d0f86c7 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/base/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio-tenant diff --git a/portal-ui/tests/scripts/examples/kustomization/base/storage-user.yaml b/portal-ui/tests/scripts/examples/kustomization/base/storage-user.yaml new file mode 100644 index 000000000..4e1386bff --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/base/storage-user.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + CONSOLE_ACCESS_KEY: Y29uc29sZQ== + CONSOLE_SECRET_KEY: Y29uc29sZTEyMw== +kind: Secret +metadata: + name: storage-user + namespace: default +type: Opaque diff --git a/portal-ui/tests/scripts/examples/kustomization/base/tenant-config.yaml b/portal-ui/tests/scripts/examples/kustomization/base/tenant-config.yaml new file mode 100644 index 000000000..3f1348c78 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/base/tenant-config.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + ## Tenant credentials, base64 encoded (cat config.env | base64) + ## export MINIO_ROOT_USER="minio" + ## export MINIO_ROOT_PASSWORD="minio123" + ## export MINIO_STORAGE_CLASS_STANDARD="EC:2" + ## export MINIO_BROWSER="on" + config.env: ZXhwb3J0IE1JTklPX1JPT1RfVVNFUj0ibWluaW8iCmV4cG9ydCBNSU5JT19ST09UX1BBU1NXT1JEPSJtaW5pbzEyMyIKZXhwb3J0IE1JTklPX1NUT1JBR0VfQ0xBU1NfU1RBTkRBUkQ9IkVDOjIiCmV4cG9ydCBNSU5JT19CUk9XU0VSPSJvbiI= +kind: Secret +metadata: + name: storage-configuration + namespace: minio-tenant +type: Opaque \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/base/tenant-minio-creds-secret_deprecated.yaml b/portal-ui/tests/scripts/examples/kustomization/base/tenant-minio-creds-secret_deprecated.yaml new file mode 100644 index 000000000..aff66339d --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/base/tenant-minio-creds-secret_deprecated.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + accessKey: "" + secretKey: "" +kind: Secret +metadata: + name: storage-creds-secret + namespace: minio-tenant +type: Opaque \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/base/tenant.yaml b/portal-ui/tests/scripts/examples/kustomization/base/tenant.yaml new file mode 100644 index 000000000..fca803fed --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/base/tenant.yaml @@ -0,0 +1,240 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant + ## Optionally pass labels to be applied to the statefulset pods + labels: + app: minio + ## Optionally pass annotations to be applied to the statefulset pods + annotations: + prometheus.io/path: /minio/v2/metrics/cluster + prometheus.io/port: "9000" + prometheus.io/scrape: "true" + +## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. +## If not specified, the Tenant pods will be dispatched by default scheduler. +# scheduler: +# name: my-custom-scheduler + +spec: + ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be + ## accessible as DNS entries of form `.minio.namespace.svc.cluster.local` + s3: + ## This feature is turned off by default + bucketDNS: false + ## Create users in the Tenant using this field. Make sure to create secrets per user added here. + ## Secret should follow the format used in `minio-creds-secret`. + users: + - name: storage-user + ## Create buckets using the console user + # buckets: + # - name: "test-bucket1" + # region: "us-east-1" + # objectLock: true + # - name: "test-bucket2" + # region: "us-east-1" + # objectLock: true + ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName + ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is + ## not provided. DNS name format is *.minio.default.svc.cluster.local + certConfig: { } + ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" + ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## for details. + podManagementPolicy: Parallel + ## Secret with credentials and configurations to be used by MinIO Tenant. + configuration: + name: storage-configuration + ## DEPRECATED: Secret with credentials to be used by MinIO Tenant. + credsSecret: + name: storage-creds-secret + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + env: [ ] + ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific + ## services created by the operator. + serviceMetadata: + minioServiceLabels: { } + minioServiceAnnotations: { } + consoleServiceLabels: { } + consoleServiceAnnotations: { } + ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. + ## This is applied to MinIO pods only. + ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ + priorityClassName: "" + ## Use this field to provide one or more external CA certificates. This is used by MinIO + ## to verify TLS connections with other applications. + ## Certificate secret files will be mounted under /tmp/certs/CAs folder, supported types: + ## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1 + ## + ## ie: + ## + ## externalCaCertSecret: + ## - name: ca-certificate-1 + ## type: Opaque + ## - name: ca-certificate-2 + ## type: Opaque + ## - name: ca-certificate-3 + ## type: Opaque + ## + ## Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + externalCaCertSecret: [ ] + ## Use this field to provide one or more Secrets with external certificates. This can be used to configure + ## TLS for MinIO Tenant pods. + ## Certificate secret files will be mounted under /tmp/certs folder, supported types: + ## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1 + ## + ## ie: + ## + ## externalCertSecret: + ## - name: domain-certificate-1 + ## type: kubernetes.io/tls + ## - name: domain-certificate-2 + ## type: kubernetes.io/tls + ## - name:domain-certificate-3 + ## type: kubernetes.io/tls + ## + ## Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + externalCertSecret: [ ] + ## Use this field to provide client certificates for MinIO & KES. This can be used to configure + ## mTLS for MinIO and your KES server. Files will be mounted under /tmp/certs folder, supported types: + ## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1 + ## ie: + ## + ## externalClientCertSecret: + ## name: mtls-certificates-for-tenant + ## type: Opaque + ## + ## Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + # externalClientCertSecret: {} + ## Registry location and Tag to download MinIO Server image + image: quay.io/minio/minio:RELEASE.2022-01-07T01-53-23Z + imagePullSecret: { } + ## Mount path where PV will be mounted inside container(s). + mountPath: /export + ## Sub path inside Mount path where MinIO stores data. + subPath: "" + ## Service account to be used for all the MinIO Pods + serviceAccountName: "" + ## Specification for MinIO Pool(s) in this Tenant. + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: 4 + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: 4 + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + nodeSelector: { } + ## Used to specify a toleration for a pod + tolerations: [ ] + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + affinity: + nodeAffinity: { } + podAffinity: { } + podAntiAffinity: { } + ## Configure resource requests and limits for MinIO containers + resources: { } + ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this + ## Pool. + volumeClaimTemplate: + apiVersion: v1 + kind: persistentvolumeclaims + metadata: { } + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Ti + storageClassName: standard + status: { } + ## Configure security context + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + fsGroup: 1000 + ## Enable automatic Kubernetes based certificate generation and signing as explained in + ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + requestAutoCert: true + ## Prometheus setup for MinIO Tenant. + prometheus: + image: "" # defaults to quay.io/prometheus/prometheus:latest + sidecarimage: "" # defaults to alpine + initimage: "" # defaults to busybox:1.33.1 + diskCapacityGB: 10 + storageClassName: standard + annotations: { } + labels: { } + nodeSelector: { } + affinity: + nodeAffinity: { } + podAffinity: { } + podAntiAffinity: { } + resources: { } + serviceAccountName: "" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + fsGroup: 1000 + ## Prometheus Operator's Service Monitor for MinIO Tenant Pods. + # prometheusOperator: + # labels: + # app: minio-sm + ## LogSearch API setup for MinIO Tenant. + log: + image: "" # defaults to minio/logsearchapi:v4.4.2 + resources: { } + nodeSelector: { } + affinity: + nodeAffinity: { } + podAffinity: { } + podAntiAffinity: { } + tolerations: [ ] + annotations: { } + labels: { } + audit: + diskCapacityGB: 10 + ## Postgres setup for LogSearch API + db: + image: "" # defaults to library/postgres + initimage: "" # defaults to busybox:1.33.1 + volumeClaimTemplate: + metadata: { } + spec: + storageClassName: standard + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + resources: { } + nodeSelector: { } + affinity: + nodeAffinity: { } + podAffinity: { } + podAntiAffinity: { } + tolerations: [ ] + annotations: { } + labels: { } + serviceAccountName: "" + securityContext: + runAsUser: 999 + runAsGroup: 999 + runAsNonRoot: true + fsGroup: 999 + serviceAccountName: "" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + fsGroup: 1000 diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/kustomization.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/kustomization.yaml new file mode 100644 index 000000000..f31be2acf --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +namespace: tenant-env-encrypted +patchesStrategicMerge: + - tenant.yaml +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage + path: tenantNamePatch.yaml \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenant.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenant.yaml new file mode 100644 index 000000000..26f28aa45 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenant.yaml @@ -0,0 +1,10 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant +spec: + env: + ## Encrypt data using local encryption key from env variables, not recommended for production environments + - name: MINIO_KMS_SECRET_KEY + value: "my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw=" diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenantNamePatch.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenantNamePatch.yaml new file mode 100644 index 000000000..4ba83fcca --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenantNamePatch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: storage-env-encrypted \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/kustomization.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/kustomization.yaml new file mode 100644 index 000000000..ba478f0af --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - openldap.yaml +namespace: tenant-external-idp-ldap +patchesStrategicMerge: + - tenant.yaml + - storage-user.yaml +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage + path: tenantNamePatch.yaml \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/openldap.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/openldap.yaml new file mode 100644 index 000000000..f93ed146b --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/openldap.yaml @@ -0,0 +1,89 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: billy-ldif +data: + billy.ldif: | + # LDIF fragment to create group branch under root + dn: uid=billy,dc=example,dc=org + uid: billy + cn: billy + sn: 3 + objectClass: top + objectClass: posixAccount + objectClass: inetOrgPerson + loginShell: /bin/bash + homeDirectory: /home/billy + uidNumber: 14583102 + gidNumber: 14564100 + userPassword: billy123 + mail: billy@example.org + gecos: Billy User + + # Create base group + dn: ou=groups,dc=example,dc=org + objectclass:organizationalunit + ou: groups + description: generic groups branch + + # create consoleAdmin group (this already exists on minio and have a policy of s3::*) + dn: cn=consoleAdmin,ou=groups,dc=example,dc=org + objectClass: top + objectClass: posixGroup + gidNumber: 678 + + # Assing group to new user + dn: cn=consoleAdmin,ou=groups,dc=example,dc=org + changetype: modify + add: memberuid + memberuid: billy +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openldap +spec: + replicas: 1 + selector: + matchLabels: + app: openldap + template: + metadata: + labels: + app: openldap + spec: + volumes: + - name: billy-configuration + configMap: + name: billy-ldif + containers: + - name: openldap + image: osixia/openldap:1.3.0 + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 389 + name: tcp-ldap + - containerPort: 636 + name: tcp-ldap2 + volumeMounts: + - name: billy-configuration + mountPath: /tmp/billy.ldif + subPath: billy.ldif +--- +apiVersion: v1 +kind: Service +metadata: + name: openldap + labels: + name: openldap +spec: + ports: + - name: tcp-ldap + port: 389 + targetPort: tcp-ldap + - name: tcp-ldap2 + port: 636 + targetPort: tcp-ldap2 + selector: + app: openldap \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/storage-user.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/storage-user.yaml new file mode 100644 index 000000000..8bc634b33 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/storage-user.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + CONSOLE_ACCESS_KEY: dWlkPWJpbGx5LGRjPWV4YW1wbGUsZGM9b3Jn # "uid=billy,dc=example,dc=org" + CONSOLE_SECRET_KEY: "" +kind: Secret +metadata: + name: storage-user + namespace: default +type: Opaque diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenant.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenant.yaml new file mode 100644 index 000000000..bb45030e5 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenant.yaml @@ -0,0 +1,20 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant +spec: + users: + - name: storage-user + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + env: + - name: MINIO_IDENTITY_LDAP_SERVER_ADDR + value: "openldap.tenant-external-idp-ldap.svc.cluster.local:389" + - name: MINIO_IDENTITY_LDAP_USERNAME_FORMAT + value: "uid=%s,dc=example,dc=org" + - name: MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER + value: "(|(objectclass=posixAccount)(uid=%s))" + - name: MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY + value: "on" + - name: MINIO_IDENTITY_LDAP_SERVER_INSECURE + value: "on" diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenantNamePatch.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenantNamePatch.yaml new file mode 100644 index 000000000..bbde4bdf5 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenantNamePatch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: storage-external-idp-ldap \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/kustomization.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/kustomization.yaml new file mode 100644 index 000000000..e2dc1564a --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +namespace: tenant-external-idp-oidc +patchesStrategicMerge: + - tenant.yaml +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage + path: tenantNamePatch.yaml \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenant.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenant.yaml new file mode 100644 index 000000000..0b9232b4f --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenant.yaml @@ -0,0 +1,18 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant +spec: + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + env: + - name: MINIO_IDENTITY_OPENID_CONFIG_URL + value: "https://your-extenal-idp.com/.well-known/openid-configuration" # Your external identity provide configuration + - name: MINIO_IDENTITY_OPENID_CLIENT_ID + value: "OPENID CLIENT ID" + - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET + value: "OPENID CLIENT SECRET" + - name: MINIO_IDENTITY_OPENID_SCOPES + value: "openid,profile,email" + - name: MINIO_IDENTITY_OPENID_CLAIM_NAME + value: "https://min.io/policy" diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenantNamePatch.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenantNamePatch.yaml new file mode 100644 index 000000000..13dd71f20 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenantNamePatch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: storage-external-idp-oidc \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml new file mode 100644 index 000000000..3a4b29ab4 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Secret +metadata: + name: kes-configuration +type: Opaque +stringData: + server-config.yaml: |- + address: :7373 + root: _ # Effectively disabled since no root identity necessary. + tls: + key: /tmp/kes/server.key # Path to the TLS private key + cert: /tmp/kes/server.crt # Path to the TLS certificate + proxy: + identities: [] + header: + cert: X-Tls-Client-Cert + policy: + my-policy: + paths: + - /v1/key/create/* + - /v1/key/generate/* + - /v1/key/decrypt/* + identities: + - ${MINIO_KES_IDENTITY} + cache: + expiry: + any: 5m0s + unused: 20s + log: + error: on + audit: off + keys: + ## KES configured with fs (File System mode) doesnt work in Kubernetes environments and it's not recommended + ## use a real KMS + # fs: + # path: "./keys" # Path to directory. Keys will be stored as files. Not Recommended for Production. + vault: + endpoint: "http://vault.default.svc.cluster.local:8200" # The Vault endpoint + namespace: "" # An optional Vault namespace. See: https://www.vaultproject.io/docs/enterprise/namespaces/index.html + prefix: "my-minio" # An optional K/V prefix. The server will store keys under this prefix. + approle: # AppRole credentials. See: https://www.vaultproject.io/docs/auth/approle.html + id: "" # Your AppRole Role ID + secret: "" # Your AppRole Secret ID + retry: 15s # Duration until the server tries to re-authenticate after connection loss. + tls: # The Vault client TLS configuration for mTLS authentication and certificate verification + key: "" # Path to the TLS client private key for mTLS authentication to Vault + cert: "" # Path to the TLS client certificate for mTLS authentication to Vault + ca: "" # Path to one or multiple PEM root CA certificates + status: # Vault status configuration. The server will periodically reach out to Vault to check its status. + ping: 10s # Duration until the server checks Vault's status again. + # aws: + # # The AWS SecretsManager key store. The server will store + # # secret keys at the AWS SecretsManager encrypted with + # # AWS-KMS. See: https://aws.amazon.com/secrets-manager + # secretsmanager: + # endpoint: "" # The AWS SecretsManager endpoint - e.g.: secretsmanager.us-east-2.amazonaws.com + # region: "" # The AWS region of the SecretsManager - e.g.: us-east-2 + # kmskey: "" # The AWS-KMS key ID used to en/decrypt secrets at the SecretsManager. By default (if not set) the default AWS-KMS key will be used. + # credentials: # The AWS credentials for accessing secrets at the AWS SecretsManager. + # accesskey: "" # Your AWS Access Key + # secretkey: "" # Your AWS Secret Key + # token: "" # Your AWS session token (usually optional) diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kustomization.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kustomization.yaml new file mode 100644 index 000000000..909195894 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + - kes-configuration-secret.yaml +namespace: tenant-kms-encrypted +patchesStrategicMerge: + - tenant.yaml +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage + path: tenantNamePatch.yaml \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenant.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenant.yaml new file mode 100644 index 000000000..4ab7939f2 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenant.yaml @@ -0,0 +1,57 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant +spec: + ## Define configuration for KES (stateless and distributed key-management system) + ## Refer https://github.com/minio/kes + kes: + image: "" # minio/kes:v0.17.6 + replicas: 2 + kesSecret: + name: kes-configuration + imagePullPolicy: "IfNotPresent" + ## Use this field to provide external certificates for the KES server. TLS for KES pods will be configured + ## by mounting a Kubernetes secret under /tmp/kes folder, supported types: + ## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1 + ## + ## ie: + ## + ## externalCertSecret: + ## name: tls-certificates-for-kes + ## type: kubernetes.io/tls + ## + ## Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + externalCertSecret: null + ## Use this field to provide client certificates for KES. This can be used to configure + ## mTLS for KES and your KMS. Files will be mounted under /tmp/kes folder, supported types: + ## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1 + ## + ## ie: + ## + ## clientCertSecret: + ## name: mtls-certificates-for-kms + ## type: Opaque + ## + ## Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + clientCertSecret: null + ## Key name to be created on the KMS, default is "my-minio-key" + keyName: "" + resources: { } + nodeSelector: { } + affinity: + nodeAffinity: { } + podAffinity: { } + podAntiAffinity: { } + tolerations: [ ] + annotations: { } + labels: { } + serviceAccountName: "" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + fsGroup: 1000 diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenantNamePatch.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenantNamePatch.yaml new file mode 100644 index 000000000..14fb221a9 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenantNamePatch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: storage-kms-encrypted \ No newline at end of file diff --git a/portal-ui/tests/scripts/tenant-lite/kustomization.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-lite/kustomization.yaml similarity index 100% rename from portal-ui/tests/scripts/tenant-lite/kustomization.yaml rename to portal-ui/tests/scripts/examples/kustomization/tenant-lite/kustomization.yaml diff --git a/portal-ui/tests/scripts/tenant-lite/tenant.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenant.yaml similarity index 96% rename from portal-ui/tests/scripts/tenant-lite/tenant.yaml rename to portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenant.yaml index 22245b413..64bfaeadd 100644 --- a/portal-ui/tests/scripts/tenant-lite/tenant.yaml +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenant.yaml @@ -21,4 +21,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 2Gi + storage: 10Gi diff --git a/portal-ui/tests/scripts/tenant-lite/tenantNamePatch.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenantNamePatch.yaml similarity index 100% rename from portal-ui/tests/scripts/tenant-lite/tenantNamePatch.yaml rename to portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenantNamePatch.yaml diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/kustomization.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/kustomization.yaml new file mode 100644 index 000000000..4c1e7e628 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +namespace: tenant-tiny +patchesStrategicMerge: + - tenant.yaml +patchesJson6902: + - target: + group: minio.min.io + version: v2 + kind: Tenant + name: storage + path: tenantNamePatch.yaml \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenant.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenant.yaml new file mode 100644 index 000000000..0d41c8f10 --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenant.yaml @@ -0,0 +1,25 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: storage + namespace: minio-tenant +spec: + ## Specification for MinIO Pool(s) in this Tenant. + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: 1 + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: 4 + ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this + ## Pool. + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenantNamePatch.yaml b/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenantNamePatch.yaml new file mode 100644 index 000000000..e6862061e --- /dev/null +++ b/portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenantNamePatch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: storage-tiny \ No newline at end of file diff --git a/portal-ui/tests/scripts/examples/vault/deployment.yaml b/portal-ui/tests/scripts/examples/vault/deployment.yaml new file mode 100644 index 000000000..7209bed3c --- /dev/null +++ b/portal-ui/tests/scripts/examples/vault/deployment.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: vault + namespace: default + labels: + name: vault +spec: + ports: + - port: 8200 + name: http + selector: + app: vault +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vault + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: vault + template: + metadata: + labels: + app: vault + spec: + containers: + - name: vault + image: vault:latest + imagePullPolicy: "IfNotPresent" + env: + - name: SECRET_SHARES + value: "5" + - name: SECRET_THRESHOLD + value: "3" + - name: SELF_SIGNED_CERT + value: "true" + - name: TOTAL_INIT_RETRIES + value: "5" + ports: + - containerPort: 8200 + name: http + securityContext: + capabilities: + add: + - IPC_LOCK + diff --git a/portal-ui/tests/scripts/examples/vault/kes-policy.hcl b/portal-ui/tests/scripts/examples/vault/kes-policy.hcl new file mode 100644 index 000000000..5152ea88a --- /dev/null +++ b/portal-ui/tests/scripts/examples/vault/kes-policy.hcl @@ -0,0 +1,3 @@ +path "kv/my-minio/*" { + capabilities = [ "create", "read", "delete" ] +} diff --git a/portal-ui/tests/scripts/operator.sh b/portal-ui/tests/scripts/operator.sh old mode 100644 new mode 100755 index 9e20e837f..8efeb94ad --- a/portal-ui/tests/scripts/operator.sh +++ b/portal-ui/tests/scripts/operator.sh @@ -137,21 +137,12 @@ function check_tenant_status() { # Install tenant function is being used by deploy-tenant and check-prometheus function install_tenant() { - echo "Check if helm will install the Tenant" - if [ "$1" = "helm" ]; then - namespace=default - key=app - value=minio - helm install --namespace tenant-ns \ - --create-namespace tenant minio/tenant - else - namespace=tenant-lite - key=v1.min.io/tenant - value=storage-lite - echo "Installing lite tenant" + namespace=tenant-lite + key=v1.min.io/tenant + value=storage-lite + echo "Installing lite tenant" - try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/tenant-lite" - fi + try kubectl apply -k "${SCRIPT_DIR}/examples/kustomization/tenant-lite" echo "Waiting for the tenant statefulset, this indicates the tenant is being fulfilled" echo $namespace @@ -170,25 +161,22 @@ function install_tenant() { } __init__() { - export TIMESTAMP=$(date "+%s") - echo $TIMESTAMP > portal-ui/tests/constants/timestamp.txt - export GOPATH=/tmp/gopath - export PATH=${PATH}:${GOPATH}/bin - - destroy_kind - - setup_kind - - install_operator - - install_tenant - - kubectl proxy - + export TIMESTAMP=$(date "+%s") + echo $TIMESTAMP > portal-ui/tests/constants/timestamp.txt + export GOPATH=/tmp/gopath + export PATH=${PATH}:${GOPATH}/bin + destroy_kind + setup_kind + install_operator + install_tenant + echo "kubectl proxy" + kubectl proxy & + echo "yarn start" + yarn start & + echo "console operator" + ./console operator & + echo "DONE with kind, yarn and console, next is testcafe" + exit 0 } -main() { - (yarn start &> /dev/null) & (./console operator &> /dev/null) & (testcafe "chrome:headless" portal-ui/tests/operator/ -q --skip-js-errors -c 3) -} - -( __init__ "$@" && main "$@" ) \ No newline at end of file +( __init__ "$@")