public void DiscoverKubernetesClusterWithEc2InstanceCredentialsAndNoIamRole() { var authenticationDetails = new AwsAuthenticationDetails { Type = "Aws", Credentials = new AwsCredentials { Type = "worker" }, Role = new AwsAssumedRole { Type = "noAssumedRole" }, Regions = new [] { region } }; var serviceMessageProperties = new Dictionary <string, string> { { "name", eksClusterArn }, { "clusterName", eksClusterName }, { "clusterUrl", eksClusterEndpoint }, { "skipTlsVerification", bool.TrueString }, { "octopusDefaultWorkerPoolIdOrName", "WorkerPools-1" }, { "octopusRoles", "discovery-role" }, { "updateIfExisting", bool.TrueString }, { "isDynamic", bool.TrueString }, { "awsUseWorkerCredentials", bool.TrueString }, { "awsAssumeRole", bool.FalseString } }; DoDiscoveryAndAssertReceivedServiceMessageWithMatchingProperties(authenticationDetails, serviceMessageProperties); }
public void DiscoverKubernetesClusterWithEnvironmentVariableCredentialsAndIamRole() { const string accessKeyEnvVar = "AWS_ACCESS_KEY_ID"; const string secretKeyEnvVar = "AWS_SECRET_ACCESS_KEY"; var originalAccessKey = Environment.GetEnvironmentVariable(accessKeyEnvVar); var originalSecretKey = Environment.GetEnvironmentVariable(secretKeyEnvVar); try { Environment.SetEnvironmentVariable(accessKeyEnvVar, eksClientID); Environment.SetEnvironmentVariable(secretKeyEnvVar, eksSecretKey); var authenticationDetails = new AwsAuthenticationDetails { Type = "Aws", Credentials = new AwsCredentials { Type = "worker" }, Role = new AwsAssumedRole { Type = "assumeRole", Arn = eksIamRolArn }, Regions = new [] { region } }; var serviceMessageProperties = new Dictionary <string, string> { { "name", eksClusterArn }, { "clusterName", eksClusterName }, { "clusterUrl", eksClusterEndpoint }, { "skipTlsVerification", bool.TrueString }, { "octopusDefaultWorkerPoolIdOrName", "WorkerPools-1" }, { "octopusRoles", "discovery-role" }, { "updateIfExisting", bool.TrueString }, { "isDynamic", bool.TrueString }, { "awsUseWorkerCredentials", bool.TrueString }, { "awsAssumeRole", bool.TrueString }, { "awsAssumeRoleArn", eksIamRolArn }, }; DoDiscoveryAndAssertReceivedServiceMessageWithMatchingProperties(authenticationDetails, serviceMessageProperties); } finally { Environment.SetEnvironmentVariable(accessKeyEnvVar, originalAccessKey); Environment.SetEnvironmentVariable(secretKeyEnvVar, originalSecretKey); } }
public void DiscoverKubernetesClusterWithNoValidCredentials() { const string accessKeyEnvVar = "AWS_ACCESS_KEY_ID"; const string secretKeyEnvVar = "AWS_SECRET_ACCESS_KEY"; var originalAccessKey = Environment.GetEnvironmentVariable(accessKeyEnvVar); var originalSecretKey = Environment.GetEnvironmentVariable(secretKeyEnvVar); try { Environment.SetEnvironmentVariable(accessKeyEnvVar, null); Environment.SetEnvironmentVariable(secretKeyEnvVar, null); var authenticationDetails = new AwsAuthenticationDetails { Type = "Aws", Credentials = new AwsCredentials { Type = "worker" }, Role = new AwsAssumedRole { Type = "noAssumedRole" }, Regions = new [] { region } }; var serviceMessageCollectorLog = new ServiceMessageCollectorLog(); Log = serviceMessageCollectorLog; DoDiscovery(authenticationDetails); serviceMessageCollectorLog.ServiceMessages.Should().BeEmpty(); serviceMessageCollectorLog.Messages.Should().NotContain(m => m.Level == InMemoryLog.Level.Error); serviceMessageCollectorLog.StandardError.Should().BeEmpty(); serviceMessageCollectorLog.Messages.Should() .ContainSingle(m => m.Level == InMemoryLog.Level.Warn && m.FormattedMessage == "Unable to authorise credentials, see verbose log for details."); } finally { Environment.SetEnvironmentVariable(accessKeyEnvVar, originalAccessKey); Environment.SetEnvironmentVariable(secretKeyEnvVar, originalSecretKey); } }
public void DiscoverKubernetesClusterWithAwsAccountCredentialsAndIamRole() { const int sessionDuration = 900; var authenticationDetails = new AwsAuthenticationDetails { Type = "Aws", Credentials = new AwsCredentials { Account = new AwsAccount { AccessKey = eksClientID, SecretKey = eksSecretKey }, AccountId = "Accounts-1", Type = "account" }, Role = new AwsAssumedRole { Type = "assumeRole", Arn = eksIamRolArn, SessionName = "ThisIsASessionName", SessionDuration = sessionDuration }, Regions = new [] { region } }; var serviceMessageProperties = new Dictionary <string, string> { { "name", eksClusterArn }, { "clusterName", eksClusterName }, { "clusterUrl", eksClusterEndpoint }, { "skipTlsVerification", bool.TrueString }, { "octopusDefaultWorkerPoolIdOrName", "WorkerPools-1" }, { "octopusAccountIdOrName", "Accounts-1" }, { "octopusRoles", "discovery-role" }, { "updateIfExisting", bool.TrueString }, { "isDynamic", bool.TrueString }, { "awsUseWorkerCredentials", bool.FalseString }, { "awsAssumeRole", bool.TrueString }, { "awsAssumeRoleArn", eksIamRolArn }, { "awsAssumeRoleSession", "ThisIsASessionName" }, { "awsAssumeRoleSessionDurationSeconds", sessionDuration.ToString() } }; DoDiscoveryAndAssertReceivedServiceMessageWithMatchingProperties(authenticationDetails, serviceMessageProperties); }
protected void DoDiscoveryAndAssertReceivedServiceMessageWithMatchingProperties( AwsAuthenticationDetails authenticationDetails, Dictionary <string, string> properties) { var serviceMessageCollectorLog = new ServiceMessageCollectorLog(); Log = serviceMessageCollectorLog; DoDiscovery(authenticationDetails); var expectedServiceMessage = new ServiceMessage( KubernetesDiscoveryCommand.CreateKubernetesTargetServiceMessageName, properties); serviceMessageCollectorLog.ServiceMessages.Should() .ContainSingle(s => s.Properties["name"] == properties["name"]) .Which.Should() .BeEquivalentTo(expectedServiceMessage); }
protected void DoDiscovery(AwsAuthenticationDetails authenticationDetails) { var scope = new TargetDiscoveryScope("TestSpace", "Staging", "testProject", null, new[] { "discovery-role" }, "WorkerPools-1"); var targetDiscoveryContext = new TargetDiscoveryContext <AwsAuthenticationDetails>(scope, authenticationDetails); var result = ExecuteDiscoveryCommand(targetDiscoveryContext, new[] { "Calamari.Aws" } ); result.AssertSuccess(); }
public void DiscoverKubernetesClusterWithInvalidAccountCredentials() { var authenticationDetails = new AwsAuthenticationDetails { Type = "Aws", Credentials = new AwsCredentials { Account = new AwsAccount { AccessKey = "abcdefg", SecretKey = null }, AccountId = "Accounts-1", Type = "account" }, Role = new AwsAssumedRole { Type = "noAssumedRole" }, Regions = new [] { region } }; var serviceMessageCollectorLog = new ServiceMessageCollectorLog(); Log = serviceMessageCollectorLog; DoDiscovery(authenticationDetails); serviceMessageCollectorLog.ServiceMessages.Should().BeEmpty(); serviceMessageCollectorLog.Messages.Should().NotContain(m => m.Level == InMemoryLog.Level.Error); serviceMessageCollectorLog.StandardError.Should().BeEmpty(); serviceMessageCollectorLog.Messages.Should() .ContainSingle(m => m.Level == InMemoryLog.Level.Warn && m.FormattedMessage == "Unable to authorise credentials, see verbose log for details."); }