UID2-4147 Fix E2E test (#124)

* Set cluster as variable

* Use branch reference

* Pass cluster as inputs

* Modify deployment file from uid2-operator-deployment repo

* Remove uid2-operator-deployment repo as can't access private repo

* Always cleanup EKS cluster

* Update service and deployment name

* Add `--ignore-not-found=true`

* Fix test typo

* Add get pods debugging message

* Add compute namespace

* Add delete namespace to stop eks

* Fix namespace typo

* Move the part of deciding env var to a separate script

* Pass ini right operator url for EKS

* Add http:// to localhost

* Use a port that is not used

* Add scripts to wait until pods are ready

* Add retry count

* Refactor starting EKS operator

* Test with sleep infinity

* Update logic

* Remove sleep infinity

* Put env var at the right place

* Create secret in secret script

* Delete github-test-secret

* Add condition for uid2 and euid

* Remove unnecessary cleanup

* Port forward if eks cluster

* Add debugging message

* Update debugging message

* Add logs debugging message

* Lower enclave_cpu_count to 12

* Pass in eks_test_cluster_region

* Pass in eks_test_cluster

* source healthcheck.sh

* Remove debugging message

* Use bore to get eks operator url

* Add http:// for eksoperator

* Use network host for e2e test

* Add condition for network

* Add condition to e2e network

* Refactor e2e_network structure

* Remove unnecessary params

* Test removing gh-uid2-docker

* Remove github username and pat

* Change logic for stopping eks operator

* Remove passing in unnecessary input

* Change tjm-UID2-4147-correct-eif-version-number to v3

---------

Co-authored-by: Thomas Manson <[email protected]>

Author: cYKatherine

.github/workflows/shared-run-e2e-tests.yaml

@@ -91,6 +91,14 @@ on:
       eks_pcr0:
         description: The EKS PCR0
         type: string
+      eks_test_cluster:
+        description: The EKS Test Cluster Name
+        type: string
+      eks_test_cluster_region:
+        description: The EKS Test Cluster Region
+        type: string
+
+      
 
 env:
   REGISTRY: ghcr.io
@@ -217,7 +225,7 @@ jobs:
           BORE_URL_LOCALSTACK: ${{ steps.bore.outputs.BORE_URL_LOCALSTACK }}
         run: |
           bash uid2-shared-actions/scripts/prepare_resources_for_e2e_docker_compose.sh
-
+      
       - name: Start GCP private operator
         id: start_gcp_private_operator
         if: ${{ inputs.operator_type == 'gcp' }}
@@ -266,6 +274,8 @@ jobs:
           operator_image_version: ${{ inputs.operator_image_version }}
           operator_root: ${{ inputs.operator_root }}
           operator_key: ${{ steps.prepare_eks_metadata.outputs.operator_key }}
+          eks_test_cluster: ${{ inputs.eks_test_cluster }}
+          eks_test_cluster_region: ${{ inputs.eks_test_cluster_region }}
 
       - name: Decide E2E test environment variables
         id: decide_env_var
@@ -274,50 +284,20 @@ jobs:
           OPERATOR_TYPE: ${{ inputs.operator_type }}
           OPERATOR_URL: ${{ steps.start_gcp_private_operator.outputs.uid2_e2e_pipeline_operator_url }}
           IDENTITY_SCOPE: ${{ inputs.uid2_e2e_identity_scope }}
+          BORE_URL_CORE: ${{ steps.bore.outputs.BORE_URL_CORE }}
+          BORE_URL_OPTOUT: ${{ steps.bore.outputs.BORE_URL_OPTOUT }}
+          GCP_OPERATOR_URL: ${{ steps.start_gcp_private_operator.outputs.uid2_e2e_pipeline_operator_url }}
+          AZURE_OPERATOR_URL: ${{ steps.start_azure_private_operator.outputs.uid2_e2e_pipeline_operator_url }}
+          AWS_OPERATOR_URL: ${{ steps.start_aws_private_operator.outputs.uid2_e2e_pipeline_operator_url }}
+          EKS_OPERATOR_URL: ${{ steps.start_EKS_operator.outputs.uid2_e2e_pipeline_operator_url }}
         run: |
-          if [ -z "${GITHUB_OUTPUT}" ]; then
-            echo "Not in GitHub action"
-            exit 1
-          fi
-
-          if [ -z "${OPERATOR_TYPE}" ]; then
-            echo "OPERATOR_TYPE not set"
-            exit 1
-          elif [ "${OPERATOR_TYPE}" == "public" ]; then
-            echo "uid2_e2e_pipeline_operator_type=PUBLIC" >> ${GITHUB_OUTPUT}
-            echo "uid2_e2e_pipeline_operator_url=http://publicoperator:8080" >> ${GITHUB_OUTPUT}
-            echo "uid2_e2e_pipeline_operator_cloud_provider=PUBLIC" >> ${GITHUB_OUTPUT}
-            echo "uid2_e2e_pipeline_core_url=http://core:8088" >> ${GITHUB_OUTPUT}
-            echo "uid2_e2e_pipeline_optout_url=http://optout:8081" >> ${GITHUB_OUTPUT}
-          else
-            echo "uid2_e2e_pipeline_operator_type=PRIVATE" >> ${GITHUB_OUTPUT}
-            if [ "${OPERATOR_TYPE}" == "gcp" ]; then
-              echo "uid2_e2e_pipeline_operator_cloud_provider=GCP" >> ${GITHUB_OUTPUT}
-              echo "uid2_e2e_pipeline_operator_url=${{ steps.start_gcp_private_operator.outputs.uid2_e2e_pipeline_operator_url }}" >> ${GITHUB_OUTPUT}
-            elif [ "${OPERATOR_TYPE}" == "azure" ]; then
-              echo "uid2_e2e_pipeline_operator_cloud_provider=AZURE" >> ${GITHUB_OUTPUT}
-              echo "uid2_e2e_pipeline_operator_url=${{ steps.start_azure_private_operator.outputs.uid2_e2e_pipeline_operator_url }}" >> ${GITHUB_OUTPUT}
-            elif [ "${OPERATOR_TYPE}" == "aws" ]; then
-              echo "uid2_e2e_pipeline_operator_cloud_provider=AWS" >> ${GITHUB_OUTPUT}
-              echo "uid2_e2e_pipeline_operator_url=${{ steps.start_aws_private_operator.outputs.uid2_e2e_pipeline_operator_url }}" >> ${GITHUB_OUTPUT}
-            fi
-            echo "uid2_e2e_pipeline_core_url=http://${{ steps.bore.outputs.BORE_URL_CORE }}" >> ${GITHUB_OUTPUT}
-            echo "uid2_e2e_pipeline_optout_url=http://${{ steps.bore.outputs.BORE_URL_OPTOUT }}" >> ${GITHUB_OUTPUT}
-          fi
-
-          if [ -z "${IDENTITY_SCOPE}" ]; then
-            echo "IDENTITY_SCOPE not set"
-            exit 1
-          elif [ "${IDENTITY_SCOPE}" == "UID2" ]; then
-            echo "uid2_e2e_phone_support=true" >> ${GITHUB_OUTPUT}
-          elif [ "${IDENTITY_SCOPE}" == "EUID" ]; then
-            echo "uid2_e2e_phone_support=false" >> ${GITHUB_OUTPUT}
-          fi
+          bash uid2-shared-actions/scripts/decide_e2e_env.sh
 
       - name: Run E2E tests
         id: e2e
-        uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v2
+        uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v3
         with:
+          e2e_network: ${{ steps.decide_env_var.outputs.e2e_network }}
           e2e_image_version: ${{ inputs.e2e_image_version }}
           uid2_e2e_identity_scope: ${{ inputs.uid2_e2e_identity_scope }}
           uid2_e2e_pipeline_operator_url: ${{ steps.decide_env_var.outputs.uid2_e2e_pipeline_operator_url }}
@@ -330,8 +310,8 @@ jobs:
       - name: Stop GCP private operator
         if: ${{ inputs.operator_type == 'gcp' }}
         env:
-          GCP_PROJECT: ${{ vars.GCP_PROJECT }}
-          SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
+          GCP_PROJECT: ${{ inputs.gcp_project }}
+          SERVICE_ACCOUNT: ${{ inputs.gcp_service_account }}
           GCP_INSTANCE_NAME: ${{ steps.start_gcp_private_operator.outputs.gcp_instance_name }}
         run: |
           bash uid2-shared-actions/scripts/gcp/stop_gcp_enclave.sh
@@ -354,3 +334,6 @@ jobs:
       - name: Stop EKS operator
         if: ${{ inputs.operator_type == 'eks' }}
         uses: IABTechLab/uid2-shared-actions/actions/stop_eks_operator@v3
+        with:
+          eks_test_cluster: ${{ inputs.eks_test_cluster }}
+          eks_test_cluster_region: ${{ inputs.eks_test_cluster_region }}

actions/run_e2e_tests/action.yaml

@@ -2,6 +2,10 @@ name: Shared E2E Test
 description: Pull uid2-e2e Docker image and run E2E test suite
 
 inputs:
+  e2e_network:
+    description: The network to use for the E2E test
+    type: string
+    default: e2e_default
   e2e_image_version:
     description: The version of E2E image
     required: false
@@ -69,5 +73,5 @@ runs:
         --env UID2_E2E_OPTOUT_TO_CALL_CORE_API_TOKEN='UID2-O-L-127-pDqphU.6FuXzThQMY8YEsCA8crqvAlzyGrjcF8P6XO84=' \
         --env UID2_E2E_CORE_URL='${{ inputs.uid2_e2e_pipeline_core_url }}' \
         --env UID2_E2E_OPTOUT_URL='${{ inputs.uid2_e2e_pipeline_optout_url }}' \
-        --network e2e_default \
+        --network '${{ inputs.e2e_network }}' \
         ghcr.io/iabtechlab/uid2-e2e:${{ inputs.e2e_image_version }}

actions/start_eks_operator/action.yaml

@@ -23,11 +23,17 @@ inputs:
   operator_key:
     description: The operator key
     required: true
-
-# outputs:
-#   uid2_e2e_pipeline_operator_url:
-#     description: The EKS operator URL
-#     value: ${{ steps.start_aws.outputs.uid2_e2e_pipeline_operator_url }}
+  eks_test_cluster:
+    description: The EKS Test Cluster Name
+    required: true
+  eks_test_cluster_region:
+    description: The EKS Test Cluster Region
+    required: true
+  
+outputs:
+  uid2_e2e_pipeline_operator_url:
+    description: The EKS operator URL
+    value: ${{ steps.start_eks.outputs.uid2_e2e_pipeline_operator_url }}
 
 runs:
   using: "composite"
@@ -36,7 +42,7 @@ runs:
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
-        aws-region: us-east-2
+        aws-region: ${{ inputs.eks_test_cluster_region }}
         role-to-assume: arn:aws:iam::072245134533:role/github-runner-for-uid2-operator
 
     - name: Check AWS caller identity
@@ -46,8 +52,13 @@ runs:
     - name: Set up kubernetes context
       shell: bash
       run: |
-        aws eks --region us-east-2 update-kubeconfig --name uid-test-git-us-east-2
+        aws eks --region ${{ inputs.eks_test_cluster_region }} update-kubeconfig --name ${{ inputs.eks_test_cluster }}
 
+    - name: Clean up previous run
+      shell: bash
+      run: |
+        bash uid2-shared-actions/scripts/eks/stop_eks_enclave.sh
+    
     - name: Create secrets in the kubernetes cluster
       id: create_secrets
       shell: bash
@@ -64,12 +75,15 @@ runs:
       env:
         IMAGE_VERSION: ${{ inputs.operator_image_version }}
         OPERATOR_ROOT: ${{ inputs.operator_root }}
+        IDENTITY_SCOPE: ${{ inputs.identity_scope }}
       run: |
         bash uid2-shared-actions/scripts/eks/prepare_eks_deployment_files.sh
 
     - name: Start EKS operator
       id: start_eks
       shell: bash
+      env:
+        OPERATOR_ROOT: ${{ inputs.operator_root }}
       run: |
-        cat ${{ inputs.operator_root }}/scripts/aws/eks/deployment_files/deployment.yaml
-        kubectl apply -f ${{ inputs.operator_root }}/scripts/aws/eks/deployment_files/deployment.yaml
+        bash uid2-shared-actions/scripts/eks/start_eks_enclave.sh
+

actions/stop_eks_operator/action.yaml

@@ -1,13 +1,21 @@
 name: Stop EKS Operator
 
+inputs:
+  eks_test_cluster:
+    description: The EKS Test Cluster Name
+    required: true
+  eks_test_cluster_region:
+    description: The EKS Test Cluster Region
+    required: true
+
 runs:
   using: "composite"
 
   steps:
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
-        aws-region: us-east-2
+        aws-region: ${{ inputs.eks_test_cluster_region }}
         role-to-assume: arn:aws:iam::072245134533:role/github-runner-for-uid2-operator
 
     - name: Check AWS caller identity
@@ -17,11 +25,10 @@ runs:
     - name: Set up kubernetes context
       shell: bash
       run: |
-        aws eks --region us-east-2 update-kubeconfig --name uid-test-git-us-east-2
+        aws eks --region ${{ inputs.eks_test_cluster_region }} update-kubeconfig --name ${{ inputs.eks_test_cluster }}
 
     - name: Stop EKS operator
       id: stop_eks
       shell: bash
       run: |
-        kubectl delete deployment uid2-operator
-        kubectl delete secret github-test-secret
+        bash uid2-shared-actions/scripts/eks/stop_eks_enclave.sh

scripts/decide_e2e_env.sh

@@ -0,0 +1,51 @@
+if [ -z "${GITHUB_OUTPUT}" ]; then
+    echo "Not in GitHub action"
+    exit 1
+fi
+
+if [ -z "${OPERATOR_TYPE}" ]; then
+    echo "OPERATOR_TYPE not set"
+    exit 1
+fi
+
+if [ -z "${IDENTITY_SCOPE}" ]; then
+    echo "IDENTITY_SCOPE not set"
+    exit 1
+fi
+
+if [ "${OPERATOR_TYPE}" == "eks" ]; then
+    echo "e2e_network=host" >> ${GITHUB_OUTPUT}
+else
+    echo "e2e_network=e2e_default" >> ${GITHUB_OUTPUT}
+fi
+
+if [ "${OPERATOR_TYPE}" == "public" ]; then
+    echo "uid2_e2e_pipeline_operator_type=PUBLIC" >> ${GITHUB_OUTPUT}
+    echo "uid2_e2e_pipeline_operator_url=http://publicoperator:8080" >> ${GITHUB_OUTPUT}
+    echo "uid2_e2e_pipeline_operator_cloud_provider=PUBLIC" >> ${GITHUB_OUTPUT}
+    echo "uid2_e2e_pipeline_core_url=http://core:8088" >> ${GITHUB_OUTPUT}
+    echo "uid2_e2e_pipeline_optout_url=http://optout:8081" >> ${GITHUB_OUTPUT}
+else
+    echo "uid2_e2e_pipeline_operator_type=PRIVATE" >> ${GITHUB_OUTPUT}
+    if [ "${OPERATOR_TYPE}" == "gcp" ]; then
+        echo "uid2_e2e_pipeline_operator_cloud_provider=GCP" >> ${GITHUB_OUTPUT}
+        echo "uid2_e2e_pipeline_operator_url=${GCP_OPERATOR_URL}" >> ${GITHUB_OUTPUT}
+    elif [ "${OPERATOR_TYPE}" == "azure" ]; then
+        echo "uid2_e2e_pipeline_operator_cloud_provider=AZURE" >> ${GITHUB_OUTPUT}
+        echo "uid2_e2e_pipeline_operator_url=${AZURE_OPERATOR_URL}" >> ${GITHUB_OUTPUT}
+    elif [ "${OPERATOR_TYPE}" == "aws" ]; then
+        echo "uid2_e2e_pipeline_operator_cloud_provider=AWS" >> ${GITHUB_OUTPUT}
+        echo "uid2_e2e_pipeline_operator_url=${AWS_OPERATOR_URL}" >> ${GITHUB_OUTPUT}
+    elif [ "${OPERATOR_TYPE}" == "eks" ]; then
+        echo "uid2_e2e_pipeline_operator_cloud_provider=AWS" >> ${GITHUB_OUTPUT}
+        echo "uid2_e2e_pipeline_operator_url=${EKS_OPERATOR_URL}" >> ${GITHUB_OUTPUT}
+    fi
+    echo "uid2_e2e_pipeline_core_url=http://${BORE_URL_CORE}" >> ${GITHUB_OUTPUT}
+    echo "uid2_e2e_pipeline_optout_url=http://${BORE_URL_OPTOUT}" >> ${GITHUB_OUTPUT}
+fi
+
+if [ "${IDENTITY_SCOPE}" == "UID2" ]; then
+    echo "uid2_e2e_phone_support=true" >> ${GITHUB_OUTPUT}
+elif [ "${IDENTITY_SCOPE}" == "EUID" ]; then
+    echo "uid2_e2e_phone_support=false" >> ${GITHUB_OUTPUT}
+fi

scripts/eks/create_secret_in_k8.sh

@@ -26,4 +26,5 @@ jq_string_update ${SECRET_JSON_FILE} api_token "${OPERATOR_KEY}"
 
 cat ${SECRET_JSON_FILE}
 
-kubectl create secret generic github-test-secret --from-file=config=uid2-shared-actions/scripts/eks/secret.json
+kubectl create namespace compute
+kubectl create secret generic github-test-secret --from-file=config=uid2-shared-actions/scripts/eks/secret.json -n compute

scripts/eks/prepare_eks_deployment_files.sh

@@ -11,15 +11,22 @@ if [ -z "${IMAGE_VERSION}" ]; then
   exit 1
 fi
 
+if [ -z "${IDENTITY_SCOPE}" ]; then
+  echo "IDENTITY_SCOPE can not be empty"
+  exit 1
+fi
+
 ROOT="."
 DEPLOYMENT_FILES_ROOT="${OPERATOR_ROOT}/scripts/aws/eks/deployment_files"
+DEPLOYMENT_FILE="${DEPLOYMENT_FILES_ROOT}/test-deployment.yaml"
 
 ls -al
 
-IMAGE="ghcr.io/iabtechlab/uid2-operator-eks-uid2:${IMAGE_VERSION}"
+IMAGE="ghcr.io/iabtechlab/uid2-operator-eks-${IDENTITY_SCOPE,,}:${IMAGE_VERSION}"
 
-sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" "${DEPLOYMENT_FILES_ROOT}/deployment.yaml"
+sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" "${DEPLOYMENT_FILE}"
 if [[ $? -ne 0 ]]; then
   echo "Failed to pre-process deployment file"
   exit 1
 fi
+cat ${DEPLOYMENT_FILE}

scripts/eks/secret.json

@@ -1,10 +1,10 @@
 {
     "api_token": "fake-operator-key",
-    "service_instances": 6,
-    "enclave_cpu_count": 6,
-    "enclave_memory_mb": 24576,
+    "enclave_cpu_count": "12",
+    "enclave_memory_mb": "40152",
     "environment": "integ",
-    "customize_enclave": "false",
+    "customize_enclave": "true",
     "core_base_url": "https://core-integ.uidapi.com",
-    "optout_base_url": "https://optout-integ.uidapi.com"
-}
+    "optout_base_url": "https://optout-integ.uidapi.com",
+    "operator_type": "private"
+}

scripts/eks/start_eks_enclave.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -ex
+
+ROOT="uid2-shared-actions/scripts"
+source "${ROOT}/healthcheck.sh"
+
+if [ -z "${OPERATOR_ROOT}" ]; then
+  echo "OPERATOR_ROOT can not be empty"
+  exit 1
+fi
+
+cat "${OPERATOR_ROOT}/scripts/aws/eks/deployment_files/test-deployment.yaml"
+
+kubectl apply -f "${OPERATOR_ROOT}/scripts/aws/eks/deployment_files/test-deployment.yaml"
+kubectl get pods --all-namespaces
+
+kubectl get services -n compute
+kubectl port-forward svc/operator-service -n compute 27015:80 > /dev/null 2>&1 &
+EKS_OPERATOR_URL="http://localhost:27015"
+
+kubectl get pods --all-namespaces
+HEALTHCHECK_URL="${EKS_OPERATOR_URL}/ops/healthcheck"
+
+# Health check - for 5 mins
+healthcheck "${HEALTHCHECK_URL}" 60
+
+echo "uid2_e2e_pipeline_operator_url=${EKS_OPERATOR_URL}" >> ${GITHUB_OUTPUT}

scripts/eks/stop_eks_enclave.sh

@@ -0,0 +1,2 @@
+kubectl delete namespace compute --ignore-not-found=true
+kubectl delete namespace nitro-enclaves --ignore-not-found=true