Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@nithyatsu
nithyatsu committed Nov 23, 2024
1 parent b53d3b5 commit 2ec8e2d
Showing 1 changed file with 4 additions and 110 deletions.
114 changes: 4 additions & 110 deletions .github/workflows/functional-test-cloud.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,7 @@ jobs:
fail-fast: true
matrix:
os: [ubuntu-latest-m]
name: [ucp-cloud]
name: [corerp-cloud, ucp-cloud]
runs-on: ${{ matrix.os }}
env:
UNIQUE_ID: ${{ needs.build.outputs.UNIQUE_ID }}
Expand Down Expand Up @@ -553,13 +553,6 @@ jobs:
with:
version: ${{ env.HELM_VER }}

- name: Install azwi
run: |
wget https://github.com/Azure/azure-workload-identity/releases/download/v1.3.0/azwi-v1.3.0-linux-amd64.tar.gz
tar -xvf azwi-v1.3.0-linux-amd64.tar.gz
sudo mv azwi /usr/local/bin/
sudo chmod +x /usr/local/bin/azwi
# this step is to configure the aws credentials for github actions.
# The role-to-assume is the role that the github action will assume to execute aws commands.
- name: configure aws credentials using assumed role
Expand All @@ -569,102 +562,6 @@ jobs:
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}

- name : create AWS IDP for OIDC and AWS IAM Role for Radius
id: create_aws_idp_and_aws_iam_role
run: |
aws sts get-caller-identity
# Populate the following environment variables for Azure workload identity from secrets.
# AZURE_OIDC_ISSUER_PUBLIC_KEY
# AZURE_OIDC_ISSUER_PRIVATE_KEY
# AZURE_OIDC_ISSUER
eval "export $(echo "${{ secrets.FUNCTEST_AZURE_OIDC_JSON }}" | jq -r 'to_entries | map("\(.key)=\(.value)") | @sh')"
echo "oidc issuer is "
echo $AZURE_OIDC_ISSUER
# FEDERATED_ARN=arn:aws:iam::179022619019:oidc-provider/radiusoidc.blob.core.windows.net/kubeoidc
# cat <<EOF > radius-policy.json
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Effect": "Allow",
# "Action": "*",
# "Resource": "*"
# }
# ]
# }
# EOF
# cat <<EOF > radius-trust-policy.json
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Effect": "Allow",
# "Principal": {
# "Federated": "${FEDERATED_ARN}"
# },
# "Action": "sts:AssumeRoleWithWebIdentity",
# "Condition": {
# "StringEquals": {
# "${FEDERATED_ARN}:sub": "system:serviceaccount:radius-system:ucp",
# "${FEDERATED_ARN}:aud": "sts.amazonaws.com"
# }
# }
# },
# {
# "Sid": "Statement1",
# "Effect": "Allow",
# "Principal": {
# "Federated": "${FEDERATED_ARN}"
# },
# "Action": "sts:AssumeRoleWithWebIdentity",
# "Condition": {
# "StringEquals": {
# "${FEDERATED_ARN}:sub": "system:serviceaccount:radius-system:applications-rp",
# "${FEDERATED_ARN}:aud": "sts.amazonaws.com"
# }
# }
# }
# ]
# }
# EOF
# echo "printing the trust json"
# cat radius-trust-policy.json
# echo "----------------------------"
# echo "printing the policy json"
# cat radius-policy.json
# echo "----------------------------"
# ROLE_NAME="radius-functional-testing-role"
# POLICY_DOCUMENT="file://radius-policy.json"
# TRUST_POLICY_DOCUMENT="file://radius-trust-policy.json"
# if aws iam get-role --role-name $ROLE_NAME > /dev/null 2>&1; then
# echo "Role $ROLE_NAME already exists. Updating the role."
# aws iam update-assume-role-policy --role-name $ROLE_NAME --policy-document $TRUST_POLICY_DOCUMENT
# else
# echo "Role $ROLE_NAME does not exist. Creating the role."
# aws iam create-role --role-name $ROLE_NAME --assume-role-policy-document $TRUST_POLICY_DOCUMENT
# fi
# echo "created AWS IAM role for Radius"
# aws iam put-role-policy --role-name $ROLE_NAME --policy-name YourPolicyName --policy-document $POLICY_DOCUMENT
# echo "attached AWS IAM policy for Radius to the role"
ROLE_ARN=arn:aws:iam::179022619019:role/new-rad-ft-role
echo "Role ARN IS: "
echo $ROLE_ARN
echo "ROLE_ARN=$ROLE_ARN" >> $GITHUB_OUTPUT
# create kind cluster with OIDC provider.
- name: Create KinD cluster
run: |
Expand Down Expand Up @@ -769,7 +666,8 @@ jobs:
--set controller.image=${{ env.CONTAINER_REGISTRY }}/controller,controller.tag=${{ env.REL_VERSION }} \
--set ucp.image=${{ env.CONTAINER_REGISTRY }}/ucpd,ucp.tag=${{ env.REL_VERSION }} \
--set de.image=${{ env.DE_IMAGE }},de.tag=${{ env.DE_TAG }} \
--set global.aws.irsa.enabled=true \
--set global.azureWorkloadIdentity.enabled=true \
--set global.aws.irsa.enabled=true
echo "*** Create workspace, group and environment for test ***"
rad workspace create kubernetes
Expand All @@ -793,12 +691,8 @@ jobs:
rad credential register aws irsa \
--iam-role arn:aws:iam::179022619019:role/radius-test
echo "************************************"
echo ${{ steps.create_aws_idp_and_aws_iam_role.outputs.ROLE_ARN }}
echo "************************************"
kubectl describe pods -n radius-system ucp
echo "************************************"
- uses: marocchino/sticky-pull-request-comment@v2
if: failure() && env.PR_NUMBER != ''
continue-on-error: true
Expand Down

0 comments on commit 2ec8e2d

Please sign in to comment.