UID2-4243 Change namespace to be separated by UID2 and EUID (#125)

* Change namespace to be separated by UID2 and EUID

* Port forward to different port for UID2 and EUID

* Pass in missing IDENTITY_SCOPE

* Use kcc-UID2-4243-fix-e2e

* Replace namespace

* Remove nitro-enclave namespace

* Delete unused namspace

* Add debugging message

* Add debugging message

* Remove debugging messages

* Add debugging message

* Add ps aux debugging message

* Don't suppress any output

* Wait until pods ready

* Remove unnecessary debugging message

* Change kcc-UID2-4243-fix-e2e to v3

Author: cYKatherine

.github/workflows/shared-run-e2e-tests.yaml

@@ -337,3 +337,4 @@ jobs:
         with:
           eks_test_cluster: ${{ inputs.eks_test_cluster }}
           eks_test_cluster_region: ${{ inputs.eks_test_cluster_region }}
+          identity_scope: ${{ inputs.uid2_e2e_identity_scope }}

actions/start_eks_operator/action.yaml

@@ -56,6 +56,8 @@ runs:
 
     - name: Clean up previous run
       shell: bash
+      env:
+        IDENTITY_SCOPE: ${{ inputs.identity_scope }}
       run: |
         bash uid2-shared-actions/scripts/eks/stop_eks_enclave.sh
     
@@ -66,6 +68,7 @@ runs:
         OPERATOR_KEY: ${{ inputs.operator_key }}
         BORE_URL_CORE: ${{ inputs.bore_url_core }}
         BORE_URL_OPTOUT: ${{ inputs.bore_url_optout }}
+        IDENTITY_SCOPE: ${{ inputs.identity_scope }}
       run: |
         bash uid2-shared-actions/scripts/eks/create_secret_in_k8.sh
 
@@ -84,6 +87,7 @@ runs:
       shell: bash
       env:
         OPERATOR_ROOT: ${{ inputs.operator_root }}
+        IDENTITY_SCOPE: ${{ inputs.identity_scope }}
       run: |
         bash uid2-shared-actions/scripts/eks/start_eks_enclave.sh
 

actions/stop_eks_operator/action.yaml

@@ -7,6 +7,9 @@ inputs:
   eks_test_cluster_region:
     description: The EKS Test Cluster Region
     required: true
+  identity_scope:
+    description: The identity scope [UID2, EUID]
+    required: true
 
 runs:
   using: "composite"
@@ -30,5 +33,7 @@ runs:
     - name: Stop EKS operator
       id: stop_eks
       shell: bash
+      env:
+        IDENTITY_SCOPE: ${{ inputs.identity_scope }}
       run: |
         bash uid2-shared-actions/scripts/eks/stop_eks_enclave.sh

scripts/eks/create_secret_in_k8.sh

@@ -16,6 +16,11 @@ if [ -z "${BORE_URL_OPTOUT}" ]; then
   exit 1
 fi
 
+if [ -z "${IDENTITY_SCOPE}" ]; then
+  echo "IDENTITY_SCOPE can not be empty"
+  exit 1
+fi
+
 source "uid2-shared-actions/scripts/jq_helper.sh"
 
 SECRET_JSON_FILE="uid2-shared-actions/scripts/eks/secret.json"
@@ -26,5 +31,5 @@ jq_string_update ${SECRET_JSON_FILE} api_token "${OPERATOR_KEY}"
 
 cat ${SECRET_JSON_FILE}
 
-kubectl create namespace compute
-kubectl create secret generic github-test-secret --from-file=config=uid2-shared-actions/scripts/eks/secret.json -n compute
+kubectl create namespace ${IDENTITY_SCOPE,,}
+kubectl create secret generic github-test-secret --from-file=config=uid2-shared-actions/scripts/eks/secret.json -n ${IDENTITY_SCOPE,,}

scripts/eks/prepare_eks_deployment_files.sh

@@ -25,6 +25,7 @@ ls -al
 IMAGE="ghcr.io/iabtechlab/uid2-operator-eks-${IDENTITY_SCOPE,,}:${IMAGE_VERSION}"
 
 sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" "${DEPLOYMENT_FILE}"
+sed -i "s#NAMESPACE_PLACEHOLDER#${IDENTITY_SCOPE,,}#g" "${DEPLOYMENT_FILE}"
 if [[ $? -ne 0 ]]; then
   echo "Failed to pre-process deployment file"
   exit 1

scripts/eks/start_eks_enclave.sh

@@ -9,14 +9,30 @@ if [ -z "${OPERATOR_ROOT}" ]; then
   exit 1
 fi
 
+if [ -z "${IDENTITY_SCOPE}" ]; then
+  echo "IDENTITY_SCOPE can not be empty"
+  exit 1
+fi
+
 cat "${OPERATOR_ROOT}/scripts/aws/eks/deployment_files/test-deployment.yaml"
 
 kubectl apply -f "${OPERATOR_ROOT}/scripts/aws/eks/deployment_files/test-deployment.yaml"
 kubectl get pods --all-namespaces
-
-kubectl get services -n compute
-kubectl port-forward svc/operator-service -n compute 27015:80 > /dev/null 2>&1 &
-EKS_OPERATOR_URL="http://localhost:27015"
+kubectl get services -n ${IDENTITY_SCOPE,,}
+
+POD_NAME=$(kubectl get pods -n ${IDENTITY_SCOPE,,} -o name | grep "operator")
+kubectl wait --for=condition=Ready "$POD_NAME" -n ${IDENTITY_SCOPE,,} --timeout=120s
+
+if [ "${IDENTITY_SCOPE}" == "UID2" ]; then
+  kubectl port-forward svc/operator-service -n ${IDENTITY_SCOPE,,} 27777:80 > /dev/null 2>&1 &
+  EKS_OPERATOR_URL="http://localhost:27777"
+elif [ "${IDENTITY_SCOPE}" == "EUID" ]; then
+  kubectl port-forward svc/operator-service -n ${IDENTITY_SCOPE,,} 27778:80 > /dev/null 2>&1 &
+  EKS_OPERATOR_URL="http://localhost:27778"
+else
+  echo "IDENTITY_SCOPE provided with wrong value"
+  exit 1
+fi
 
 kubectl get pods --all-namespaces
 HEALTHCHECK_URL="${EKS_OPERATOR_URL}/ops/healthcheck"

scripts/eks/stop_eks_enclave.sh

@@ -1,2 +1,6 @@
-kubectl delete namespace compute --ignore-not-found=true
-kubectl delete namespace nitro-enclaves --ignore-not-found=true
+if [ -z "${IDENTITY_SCOPE}" ]; then
+  echo "IDENTITY_SCOPE can not be empty"
+  exit 1
+fi
+
+kubectl delete namespace ${IDENTITY_SCOPE,,} --ignore-not-found=true