public void DiscoverKubernetesClusterWithEc2InstanceCredentialsAndNoIamRole()
{
var authenticationDetails = new AwsAuthenticationDetails
{
Type = "Aws",
Credentials = new AwsCredentials {
Type = "worker"
},
Role = new AwsAssumedRole {
Type = "noAssumedRole"
},
Regions = new [] { region }
};
var serviceMessageProperties = new Dictionary <string, string>
{
{ "name", eksClusterArn },
{ "clusterName", eksClusterName },
{ "clusterUrl", eksClusterEndpoint },
{ "skipTlsVerification", bool.TrueString },
{ "octopusDefaultWorkerPoolIdOrName", "WorkerPools-1" },
{ "octopusRoles", "discovery-role" },
{ "updateIfExisting", bool.TrueString },
{ "isDynamic", bool.TrueString },
{ "awsUseWorkerCredentials", bool.TrueString },
{ "awsAssumeRole", bool.FalseString }
};
DoDiscoveryAndAssertReceivedServiceMessageWithMatchingProperties(authenticationDetails,
serviceMessageProperties);
}
public void DiscoverKubernetesClusterWithEnvironmentVariableCredentialsAndIamRole()
{
const string accessKeyEnvVar = "AWS_ACCESS_KEY_ID";
const string secretKeyEnvVar = "AWS_SECRET_ACCESS_KEY";
var originalAccessKey = Environment.GetEnvironmentVariable(accessKeyEnvVar);
var originalSecretKey = Environment.GetEnvironmentVariable(secretKeyEnvVar);
try
{
Environment.SetEnvironmentVariable(accessKeyEnvVar, eksClientID);
Environment.SetEnvironmentVariable(secretKeyEnvVar, eksSecretKey);
var authenticationDetails = new AwsAuthenticationDetails
{
Type = "Aws",
Credentials = new AwsCredentials {
Type = "worker"
},
Role = new AwsAssumedRole
{
Type = "assumeRole",
Arn = eksIamRolArn
},
Regions = new [] { region }
};
var serviceMessageProperties = new Dictionary <string, string>
{
{ "name", eksClusterArn },
{ "clusterName", eksClusterName },
{ "clusterUrl", eksClusterEndpoint },
{ "skipTlsVerification", bool.TrueString },
{ "octopusDefaultWorkerPoolIdOrName", "WorkerPools-1" },
{ "octopusRoles", "discovery-role" },
{ "updateIfExisting", bool.TrueString },
{ "isDynamic", bool.TrueString },
{ "awsUseWorkerCredentials", bool.TrueString },
{ "awsAssumeRole", bool.TrueString },
{ "awsAssumeRoleArn", eksIamRolArn },
};
DoDiscoveryAndAssertReceivedServiceMessageWithMatchingProperties(authenticationDetails,
serviceMessageProperties);
}
finally
{
Environment.SetEnvironmentVariable(accessKeyEnvVar, originalAccessKey);
Environment.SetEnvironmentVariable(secretKeyEnvVar, originalSecretKey);
}
}
public void DiscoverKubernetesClusterWithNoValidCredentials()
{
const string accessKeyEnvVar = "AWS_ACCESS_KEY_ID";
const string secretKeyEnvVar = "AWS_SECRET_ACCESS_KEY";
var originalAccessKey = Environment.GetEnvironmentVariable(accessKeyEnvVar);
var originalSecretKey = Environment.GetEnvironmentVariable(secretKeyEnvVar);
try
{
Environment.SetEnvironmentVariable(accessKeyEnvVar, null);
Environment.SetEnvironmentVariable(secretKeyEnvVar, null);
var authenticationDetails = new AwsAuthenticationDetails
{
Type = "Aws",
Credentials = new AwsCredentials {
Type = "worker"
},
Role = new AwsAssumedRole {
Type = "noAssumedRole"
},
Regions = new [] { region }
};
var serviceMessageCollectorLog = new ServiceMessageCollectorLog();
Log = serviceMessageCollectorLog;
DoDiscovery(authenticationDetails);
serviceMessageCollectorLog.ServiceMessages.Should().BeEmpty();
serviceMessageCollectorLog.Messages.Should().NotContain(m => m.Level == InMemoryLog.Level.Error);
serviceMessageCollectorLog.StandardError.Should().BeEmpty();
serviceMessageCollectorLog.Messages.Should()
.ContainSingle(m =>
m.Level == InMemoryLog.Level.Warn &&
m.FormattedMessage ==
"Unable to authorise credentials, see verbose log for details.");
}
finally
{
Environment.SetEnvironmentVariable(accessKeyEnvVar, originalAccessKey);
Environment.SetEnvironmentVariable(secretKeyEnvVar, originalSecretKey);
}
}
public void DiscoverKubernetesClusterWithAwsAccountCredentialsAndIamRole()
{
const int sessionDuration = 900;
var authenticationDetails = new AwsAuthenticationDetails
{
Type = "Aws",
Credentials = new AwsCredentials
{
Account = new AwsAccount
{
AccessKey = eksClientID,
SecretKey = eksSecretKey
},
AccountId = "Accounts-1",
Type = "account"
},
Role = new AwsAssumedRole
{
Type = "assumeRole",
Arn = eksIamRolArn,
SessionName = "ThisIsASessionName",
SessionDuration = sessionDuration
},
Regions = new [] { region }
};
var serviceMessageProperties = new Dictionary <string, string>
{
{ "name", eksClusterArn },
{ "clusterName", eksClusterName },
{ "clusterUrl", eksClusterEndpoint },
{ "skipTlsVerification", bool.TrueString },
{ "octopusDefaultWorkerPoolIdOrName", "WorkerPools-1" },
{ "octopusAccountIdOrName", "Accounts-1" },
{ "octopusRoles", "discovery-role" },
{ "updateIfExisting", bool.TrueString },
{ "isDynamic", bool.TrueString },
{ "awsUseWorkerCredentials", bool.FalseString },
{ "awsAssumeRole", bool.TrueString },
{ "awsAssumeRoleArn", eksIamRolArn },
{ "awsAssumeRoleSession", "ThisIsASessionName" },
{ "awsAssumeRoleSessionDurationSeconds", sessionDuration.ToString() }
};
DoDiscoveryAndAssertReceivedServiceMessageWithMatchingProperties(authenticationDetails, serviceMessageProperties);
}
protected void DoDiscoveryAndAssertReceivedServiceMessageWithMatchingProperties(
AwsAuthenticationDetails authenticationDetails,
Dictionary <string, string> properties)
{
var serviceMessageCollectorLog = new ServiceMessageCollectorLog();
Log = serviceMessageCollectorLog;
DoDiscovery(authenticationDetails);
var expectedServiceMessage = new ServiceMessage(
KubernetesDiscoveryCommand.CreateKubernetesTargetServiceMessageName,
properties);
serviceMessageCollectorLog.ServiceMessages.Should()
.ContainSingle(s => s.Properties["name"] == properties["name"])
.Which.Should()
.BeEquivalentTo(expectedServiceMessage);
}
protected void DoDiscovery(AwsAuthenticationDetails authenticationDetails)
{
var scope = new TargetDiscoveryScope("TestSpace",
"Staging",
"testProject",
null,
new[] { "discovery-role" },
"WorkerPools-1");
var targetDiscoveryContext =
new TargetDiscoveryContext <AwsAuthenticationDetails>(scope,
authenticationDetails);
var result =
ExecuteDiscoveryCommand(targetDiscoveryContext,
new[] { "Calamari.Aws" }
);
result.AssertSuccess();
}
public void DiscoverKubernetesClusterWithInvalidAccountCredentials()
{
var authenticationDetails = new AwsAuthenticationDetails
{
Type = "Aws",
Credentials = new AwsCredentials
{
Account = new AwsAccount
{
AccessKey = "abcdefg",
SecretKey = null
},
AccountId = "Accounts-1",
Type = "account"
},
Role = new AwsAssumedRole {
Type = "noAssumedRole"
},
Regions = new [] { region }
};
var serviceMessageCollectorLog = new ServiceMessageCollectorLog();
Log = serviceMessageCollectorLog;
DoDiscovery(authenticationDetails);
serviceMessageCollectorLog.ServiceMessages.Should().BeEmpty();
serviceMessageCollectorLog.Messages.Should().NotContain(m => m.Level == InMemoryLog.Level.Error);
serviceMessageCollectorLog.StandardError.Should().BeEmpty();
serviceMessageCollectorLog.Messages.Should()
.ContainSingle(m =>
m.Level == InMemoryLog.Level.Warn &&
m.FormattedMessage ==
"Unable to authorise credentials, see verbose log for details.");
}
