A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix service_account and test cleanup

+60 -43
+1 -1
config/rbac/service_account.yaml
··· 4 4 labels: 5 5 app.kubernetes.io/name: hsm-secrets-operator 6 6 app.kubernetes.io/managed-by: kustomize 7 - name: hsm-secrets-operator 7 + name: controller-manager 8 8 namespace: system
+59 -42
test/e2e/e2e_test.go
··· 49 49 // enforce the restricted security policy to the namespace, installing CRDs, 50 50 // and deploying the controller. 51 51 BeforeAll(func() { 52 + // Set up cleanup that runs even if BeforeAll fails partway through 53 + DeferCleanup(func() { 54 + By("cleaning up resources from BeforeAll setup") 55 + 56 + By("undeploying the controller-manager") 57 + cmd := exec.Command("make", "undeploy") 58 + _, _ = utils.Run(cmd) 59 + 60 + By("uninstalling CRDs") 61 + cmd = exec.Command("make", "uninstall") 62 + _, _ = utils.Run(cmd) 63 + 64 + By("removing manager namespace") 65 + cmd = exec.Command("kubectl", "delete", "ns", namespace, "--ignore-not-found=true") 66 + _, _ = utils.Run(cmd) 67 + }) 68 + 52 69 By("creating manager namespace") 53 70 cmd := exec.Command("kubectl", "create", "ns", namespace) 54 71 _, err := utils.Run(cmd) ··· 71 88 Expect(err).NotTo(HaveOccurred(), "Failed to deploy the controller-manager") 72 89 }) 73 90 74 - // After all tests have been executed, clean up by undeploying the controller, uninstalling CRDs, 75 - // and deleting the namespace. 76 - AfterAll(func() { 77 - By("cleaning up the curl pod for metrics") 78 - cmd := exec.Command("kubectl", "delete", "pod", "curl-metrics", "-n", namespace) 79 - _, _ = utils.Run(cmd) 91 + // Note: Main cleanup is handled by DeferCleanup in BeforeAll 80 92 81 - By("cleaning up the metrics ClusterRoleBinding") 82 - cmd = exec.Command("kubectl", "delete", "clusterrolebinding", metricsRoleBindingName) 83 - _, _ = utils.Run(cmd) 93 + // After each test, check for failures and collect logs, events, 94 + // and pod descriptions for debugging, then clean up test-specific resources. 95 + AfterEach(func() { 96 + // Clean up test-specific resources regardless of success/failure 97 + DeferCleanup(func() { 98 + By("cleaning up the curl pod for metrics") 99 + cmd := exec.Command("kubectl", "delete", "pod", "curl-metrics", "-n", namespace, "--ignore-not-found=true") 100 + _, _ = utils.Run(cmd) 84 101 85 - By("undeploying the controller-manager") 86 - cmd = exec.Command("make", "undeploy") 87 - _, _ = utils.Run(cmd) 88 - 89 - By("uninstalling CRDs") 90 - cmd = exec.Command("make", "uninstall") 91 - _, _ = utils.Run(cmd) 92 - 93 - By("removing manager namespace") 94 - cmd = exec.Command("kubectl", "delete", "ns", namespace) 95 - _, _ = utils.Run(cmd) 96 - }) 102 + By("cleaning up the metrics ClusterRoleBinding") 103 + cmd = exec.Command("kubectl", "delete", "clusterrolebinding", metricsRoleBindingName, "--ignore-not-found=true") 104 + _, _ = utils.Run(cmd) 105 + }) 97 106 98 - // After each test, check for failures and collect logs, events, 99 - // and pod descriptions for debugging. 100 - AfterEach(func() { 101 107 specReport := CurrentSpecReport() 102 108 if specReport.Failed() { 103 109 By("Fetching controller manager pod logs") 104 - cmd := exec.Command("kubectl", "logs", controllerPodName, "-n", namespace) 105 - controllerLogs, err := utils.Run(cmd) 106 - if err == nil { 107 - _, _ = fmt.Fprintf(GinkgoWriter, "Controller logs:\n %s", controllerLogs) 110 + if controllerPodName != "" { 111 + cmd := exec.Command("kubectl", "logs", controllerPodName, "-n", namespace) 112 + controllerLogs, err := utils.Run(cmd) 113 + if err == nil { 114 + _, _ = fmt.Fprintf(GinkgoWriter, "Controller logs:\n %s", controllerLogs) 115 + } else { 116 + _, _ = fmt.Fprintf(GinkgoWriter, "Failed to get Controller logs: %s", err) 117 + } 118 + 119 + By("Fetching controller manager pod description") 120 + cmd = exec.Command("kubectl", "describe", "pod", controllerPodName, "-n", namespace) 121 + podDescription, err := utils.Run(cmd) 122 + if err == nil { 123 + fmt.Println("Pod description:\n", podDescription) 124 + } else { 125 + fmt.Println("Failed to describe controller pod") 126 + } 108 127 } else { 109 - _, _ = fmt.Fprintf(GinkgoWriter, "Failed to get Controller logs: %s", err) 128 + _, _ = fmt.Fprintf(GinkgoWriter, "Controller pod name not available for logs\n") 129 + 130 + By("Fetching all pods in namespace for debugging") 131 + cmd := exec.Command("kubectl", "get", "pods", "-n", namespace, "-o", "wide") 132 + podsOutput, err := utils.Run(cmd) 133 + if err == nil { 134 + _, _ = fmt.Fprintf(GinkgoWriter, "All pods in namespace:\n%s", podsOutput) 135 + } 110 136 } 111 137 112 138 By("Fetching Kubernetes events") 113 - cmd = exec.Command("kubectl", "get", "events", "-n", namespace, "--sort-by=.lastTimestamp") 139 + cmd := exec.Command("kubectl", "get", "events", "-n", namespace, "--sort-by=.lastTimestamp") 114 140 eventsOutput, err := utils.Run(cmd) 115 141 if err == nil { 116 142 _, _ = fmt.Fprintf(GinkgoWriter, "Kubernetes events:\n%s", eventsOutput) ··· 119 145 } 120 146 121 147 By("Fetching curl-metrics logs") 122 - cmd = exec.Command("kubectl", "logs", "curl-metrics", "-n", namespace) 148 + cmd = exec.Command("kubectl", "logs", "curl-metrics", "-n", namespace, "--ignore-not-found=true") 123 149 metricsOutput, err := utils.Run(cmd) 124 - if err == nil { 150 + if err == nil && metricsOutput != "" { 125 151 _, _ = fmt.Fprintf(GinkgoWriter, "Metrics logs:\n %s", metricsOutput) 126 - } else { 152 + } else if err != nil { 127 153 _, _ = fmt.Fprintf(GinkgoWriter, "Failed to get curl-metrics logs: %s", err) 128 - } 129 - 130 - By("Fetching controller manager pod description") 131 - cmd = exec.Command("kubectl", "describe", "pod", controllerPodName, "-n", namespace) 132 - podDescription, err := utils.Run(cmd) 133 - if err == nil { 134 - fmt.Println("Pod description:\n", podDescription) 135 - } else { 136 - fmt.Println("Failed to describe controller pod") 137 154 } 138 155 } 139 156 })