tests/int: Separate ssh key names for Azure & GCP

- Also update IAM setup docs to include github terraform provider configuration with github owner so that it can be used with a repository under an organization. Signed-off-by: Sunny <darkowlzz@protonmail.com>
2 years ago · 3b637a5125
parent cdc1c98a11
commit 3b637a5125
3 changed files with 31 additions and 15 deletions
--- a/.github/workflows/e2e-azure.yaml
+++ b/.github/workflows/e2e-azure.yaml
@ -110,8 +110,8 @@ jobs:
          TF_VAR_azuredevops_org: ${{ secrets.TF_VAR_azuredevops_org }}
          TF_VAR_azuredevops_pat: ${{ secrets.TF_VAR_azuredevops_pat }}
          TF_VAR_location: ${{ vars.TF_VAR_azure_location }}
-          GITREPO_SSH_CONTENTS: ${{ secrets.GITREPO_SSH_CONTENTS }}
-          GITREPO_SSH_PUB_CONTENTS: ${{ secrets.GITREPO_SSH_PUB_CONTENTS }}
+          GITREPO_SSH_CONTENTS: ${{ secrets.AZURE_GITREPO_SSH_CONTENTS }}
+          GITREPO_SSH_PUB_CONTENTS: ${{ secrets.AZURE_GITREPO_SSH_PUB_CONTENTS }}
        run: |
          source .env
          mkdir -p ./build/ssh
--- a/.github/workflows/e2e-gcp.yaml
+++ b/.github/workflows/e2e-gcp.yaml
@ -78,8 +78,8 @@ jobs:
          TF_VAR_gcp_email: ${{ secrets.TF_VAR_gcp_email }}
          TF_VAR_gcp_keyring: ${{ secret.TF_VAR_gcp_keyring }}
          TF_VAR_gcp_crypto_key: ${{ secret.TF_VAR_gcp_crypto_key }}
-          GITREPO_SSH_CONTENTS: ${{ secrets.GITREPO_SSH_CONTENTS }}
-          GITREPO_SSH_PUB_CONTENTS: ${{ secrets.GITREPO_SSH_PUB_CONTENTS }}
+          GITREPO_SSH_CONTENTS: ${{ secrets.GCP_GITREPO_SSH_CONTENTS }}
+          GITREPO_SSH_PUB_CONTENTS: ${{ secrets.GCP_GITREPO_SSH_PUB_CONTENTS }}
        run: |
          source .env
          mkdir -p ./build/ssh
--- a/tests/integration/README.md
+++ b/tests/integration/README.md
@ -60,9 +60,14 @@ the tests:
 To create the necessary IAM role with all the permissions, set up CI secrets and
 variables using
 [azure-gh-actions](https://github.com/fluxcd/test-infra/tree/main/tf-modules/azure/github-actions)
-use:
+use the terraform configuration below. Please make sure all the requirements of
+azure-gh-actions are followed before running it.

 ```hcl
+provider "github" {
+  owner = "fluxcd"
+}
+
 resource "tls_private_key" "privatekey" {
  algorithm = "RSA"
  rsa_bits  = 4096
@ -96,10 +101,10 @@ module "azure_gh_actions" {
  github_secret_tenant_id_name       = "AZ_ARM_TENANT_ID"

  github_secret_custom = {
-    "TF_VAR_azuredevops_org"   = "<org-name>",
-    "TF_VAR_azuredevops_pat"   = "<pat>",
-    "GITREPO_SSH_CONTENTS"     = base64encode(tls_private_key.privatekey.private_key_openssh),
-    "GITREPO_SSH_PUB_CONTENTS" = base64encode(tls_private_key.privatekey.public_key_openssh)
+    "TF_VAR_azuredevops_org"         = "<azuredevops-org-name>",
+    "TF_VAR_azuredevops_pat"         = "<azuredevops-pat>",
+    "AZURE_GITREPO_SSH_CONTENTS"     = base64encode(tls_private_key.privatekey.private_key_openssh),
+    "AZURE_GITREPO_SSH_PUB_CONTENTS" = base64encode(tls_private_key.privatekey.public_key_openssh)
  }
 }

@ -112,6 +117,9 @@ Copy the `publickey` output printed after applying, or run `terraform output` to
 print it again, and add it in the Azure DevOps SSH public keys under the user
 account that'll be used by flux in the tests.

+**NOTE:** The environment variables used above are for the GitHub workflow that
+runs the tests. Change the variable names if needed accordingly.
+
 ## GCP

 ### Architecture
@ -188,11 +196,16 @@ Following roles are needed for provisioning the infrastructure and running the t
 To create the necessary IAM role with all the permissions, set up CI secrets and
 variables using
 [gcp-gh-actions](https://github.com/fluxcd/test-infra/tree/main/tf-modules/gcp/github-actions)
-use:
+use the terraform configuration below. Please make sure all the requirements of
+gcp-gh-actions are followed before running it.

 ```hcl
 provider "google" {}

+provider "github" {
+  owner = "fluxcd"
+}
+
 resource "tls_private_key" "privatekey" {
  algorithm = "RSA"
  rsa_bits  = 4096
@ -221,11 +234,11 @@ module "gcp_gh_actions" {
  github_secret_credentials_name = "FLUX2_E2E_GOOGLE_CREDENTIALS"

  github_secret_custom = {
-    "TF_VAR_gcp_keyring"       = "<keyring-name>",
-    "TF_VAR_gcp_crypto_key"    = "<key-name>",
-    "TF_VAR_gcp_email"         = "<email>",
-    "GITREPO_SSH_CONTENTS"     = base64encode(tls_private_key.privatekey.private_key_openssh),
-    "GITREPO_SSH_PUB_CONTENTS" = base64encode(tls_private_key.privatekey.public_key_openssh)
+    "TF_VAR_gcp_keyring"           = "<keyring-name>",
+    "TF_VAR_gcp_crypto_key"        = "<key-name>",
+    "TF_VAR_gcp_email"             = "<email>",
+    "GCP_GITREPO_SSH_CONTENTS"     = base64encode(tls_private_key.privatekey.private_key_openssh),
+    "GCP_GITREPO_SSH_PUB_CONTENTS" = base64encode(tls_private_key.privatekey.public_key_openssh)
  }
 }

@ -238,6 +251,9 @@ Copy the `publickey` output printed after applying, or run `terraform output` to
 print it again, and add it in the Google Source Repository SSH public keys under
 the user account with email address referred in `TF_VAR_gcp_email` above.

+**NOTE:** The environment variables used above are for the GitHub workflow that
+runs the tests. Change the variable names if needed accordingly.
+
 ## Tests

 Each test run is initiated by running `terraform apply` in the provider's terraform directory e.g terraform apply,