From 6c4e33ec5106990239ca406d9684490c054a487d Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 22 Feb 2024 20:10:51 +1100 Subject: [PATCH] Remove e2e folder from operator --- e2e/.gitignore | 1 - e2e/README.md | 33 ----- e2e/azure/parameters.json | 30 ----- e2e/azure/template.json | 159 ----------------------- e2e/docker/localstack/init-aws.sh | 7 - e2e/docker/localstack/kms/seed.yaml | 36 ----- e2e/e2e.sh | 56 -------- e2e/healthcheck.sh | 26 ---- e2e/jq_helper.sh | 21 --- e2e/ngrok.yml | 12 -- e2e/prepare_azure_cc_artifacts.sh | 66 ---------- e2e/prepare_azure_cc_enclave_metadata.sh | 33 ----- e2e/prepare_conf.sh | 19 --- e2e/prepare_gcp_enclave_metadata.sh | 33 ----- e2e/setup_ngrok.sh | 51 -------- e2e/start_azure_cc_enclave.sh | 91 ------------- e2e/start_docker.sh | 66 ---------- e2e/start_gcp_enclave.sh | 79 ----------- e2e/stop_azure_cc_enclave.sh | 13 -- e2e/stop_gcp_enclave.sh | 27 ---- 20 files changed, 859 deletions(-) delete mode 100644 e2e/.gitignore delete mode 100644 e2e/README.md delete mode 100644 e2e/azure/parameters.json delete mode 100644 e2e/azure/template.json delete mode 100755 e2e/docker/localstack/init-aws.sh delete mode 100644 e2e/docker/localstack/kms/seed.yaml delete mode 100644 e2e/e2e.sh delete mode 100644 e2e/healthcheck.sh delete mode 100644 e2e/jq_helper.sh delete mode 100644 e2e/ngrok.yml delete mode 100644 e2e/prepare_azure_cc_artifacts.sh delete mode 100644 e2e/prepare_azure_cc_enclave_metadata.sh delete mode 100644 e2e/prepare_conf.sh delete mode 100755 e2e/prepare_gcp_enclave_metadata.sh delete mode 100755 e2e/setup_ngrok.sh delete mode 100644 e2e/start_azure_cc_enclave.sh delete mode 100644 e2e/start_docker.sh delete mode 100644 e2e/start_gcp_enclave.sh delete mode 100644 e2e/stop_azure_cc_enclave.sh delete mode 100644 e2e/stop_gcp_enclave.sh diff --git a/e2e/.gitignore b/e2e/.gitignore deleted file mode 100644 index 15df91c4d..000000000 --- a/e2e/.gitignore +++ /dev/null @@ -1 +0,0 @@ -azure-artifacts diff --git a/e2e/README.md b/e2e/README.md deleted file mode 100644 index 6991b9c36..000000000 --- a/e2e/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# Overview - -This folder provides some scripts to be used by github action to run GCP enclave E2E test. - -You could also leverage them to bring up a local docker-compose cluster contains: - - localstack (local S3) - - core (depends on localstack) - - optout (depends on localstack and core) - -and expose public Urls via ngrok, which could be used for private operator test. - -# How to run locally -Set below config in `./e2e/e2e.sh` - - NGROK_TOKEN: register a NGROK account and fetch from https://dashboard.ngrok.com/get-started/your-authtoken - - CORE_VERSION: the core image version - - OPTOUT_VERSION: the optout image version - - IMAGE_HASH: the image hash "sha256:..." for your operator image, this is to generate valid GCP OIDC enclave_id - - AZURE_CC_POLICY_DIGEST: Azure CC policy digest to be used as enclave_id - -and run below command under repo root: - -``` -bash ./e2e/e2e.sh -``` - -It will copy `e2e` folder to `e2e-target` folder and invoke from there. - -Other scripts that may help: - - `start_gcp_enclave.sh`: start a GCP enclave and run basic health check. - - `stop_gcp_enclave.sh`: stop a GCP enclave and delete the VM instance. - -Notes: -If you are running in mac, you may need to install `GNU sed` and `alias sed=gsed` \ No newline at end of file diff --git a/e2e/azure/parameters.json b/e2e/azure/parameters.json deleted file mode 100644 index 96add5d27..000000000 --- a/e2e/azure/parameters.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "containerGroupName": { - "value": "" - }, - "location": { - "value": "" - }, - "identity": { - "value": "" - }, - "vaultName": { - "value": "" - }, - "operatorKeySecretName": { - "value": "" - }, - "deploymentEnvironment": { - "value": "" - }, - "coreBaseUrl": { - "value": "" - }, - "optoutBaseUrl": { - "value": "" - } - } -} diff --git a/e2e/azure/template.json b/e2e/azure/template.json deleted file mode 100644 index e985d38d9..000000000 --- a/e2e/azure/template.json +++ /dev/null @@ -1,159 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "containerGroupName": { - "type": "string", - "metadata": { - "description": "Name for the container group" - } - }, - "location": { - "type": "string", - "metadata": { - "description": "Location for the container group" - } - }, - "identity": { - "type": "string", - "metadata": { - "description": "ManagedIdentity to launch the container" - } - }, - "vaultName": { - "type": "string", - "metadata": { - "description": "Vault name" - } - }, - "operatorKeySecretName": { - "type": "string", - "metadata": { - "description": "Operator key secret name" - } - }, - "deploymentEnvironment": { - "type": "string", - "metadata": { - "description": "Deployment environment" - } - }, - "coreBaseUrl": { - "type": "string", - "metadata": { - "description": "UID2 core base url override" - } - }, - "optoutBaseUrl": { - "type": "string", - "metadata": { - "description": "UID2 optout base url override" - } - } - }, - "resources": [ - { - "type": "Microsoft.ContainerInstance/containerGroups", - "apiVersion": "2023-05-01", - "name": "[parameters('containerGroupName')]", - "location": "[parameters('location')]", - "identity": { - "type": "userAssigned", - "userAssignedIdentities": { - "[resourceID('Microsoft.ManagedIdentity/userAssignedIdentities/',parameters('identity'))]": {} - } - }, - "properties": { - "confidentialComputeProperties": { - "ccePolicy": "" - }, - "containers": [ - { - "name": "skr", - "properties": { - "image": "mcr.microsoft.com/aci/skr:2.3", - "command": [ - "/skr.sh" - ], - "ports": [ - { - "port": 9000 - } - ], - "resources": { - "requests": { - "cpu": 1, - "memoryInGB": 1 - } - }, - "environmentVariables": [ - { - "name": "Port", - "value": "9000" - } - ] - } - }, - { - "name": "uid2-operator", - "properties": { - "image": "IMAGE_PLACEHOLDER", - "ports": [ - { - "port": 8080, - "protocol": "TCP" - } - ], - "resources": { - "requests": { - "cpu": 1, - "memoryInGB": 4 - } - }, - "environmentVariables": [ - { - "name": "VAULT_NAME", - "value": "[parameters('vaultName')]" - }, - { - "name": "OPERATOR_KEY_SECRET_NAME", - "value": "[parameters('operatorKeySecretName')]" - }, - { - "name": "DEPLOYMENT_ENVIRONMENT", - "value": "[parameters('deploymentEnvironment')]" - }, - { - "name": "CORE_BASE_URL", - "value": "[parameters('coreBaseUrl')]" - }, - { - "name": "OPTOUT_BASE_URL", - "value": "[parameters('optoutBaseUrl')]" - } - ] - } - } - ], - "sku": "Confidential", - "osType": "Linux", - "restartPolicy": "Never", - "ipAddress": { - "type": "Public", - "ports": [ - { - "port": "8080", - "protocol": "TCP" - } - ] - } - } - } - ], - "outputs": { - "containerIPv4Address": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ContainerInstance/containerGroups', parameters('containerGroupName'))).ipAddress.ip]" - } - } -} diff --git a/e2e/docker/localstack/init-aws.sh b/e2e/docker/localstack/init-aws.sh deleted file mode 100755 index 848a63983..000000000 --- a/e2e/docker/localstack/init-aws.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -aws s3 --endpoint-url http://localhost:5001 mb s3://test-core-bucket -aws s3 --endpoint-url http://localhost:5001 cp /s3/core/ s3://test-core-bucket/ --recursive - -aws s3 --endpoint-url http://localhost:5001 mb s3://test-optout-bucket -aws s3 --endpoint-url http://localhost:5001 cp /s3/optout/ s3://test-optout-bucket/ --recursive diff --git a/e2e/docker/localstack/kms/seed.yaml b/e2e/docker/localstack/kms/seed.yaml deleted file mode 100644 index 8fe65fe41..000000000 --- a/e2e/docker/localstack/kms/seed.yaml +++ /dev/null @@ -1,36 +0,0 @@ -Keys: - Asymmetric: - Rsa: - - Metadata: - KeyId: ff275b92-0def-4dfc-b0f6-87c96b26c6c7 - KeyUsage: SIGN_VERIFY # or ENCRYPT_DECRYPT - Description: RSA key with 2048 bits - PrivateKeyPem: | - -----BEGIN PRIVATE KEY----- - MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa/AHjWojkV7jU - 8Ntepxfm469K98qHyX1BXQ7cz42wHiUqpAQ/S3WF+iJdOk6ArPUCtjEexDYt5eJ9 - fi7ARtgkWWlUz63JCRNZCME7Dp+wtgrZeThfbKU1dRR/vHdIOI5XHK9OHc5lb2Sq - sME30nFKito0vJ/DSGFbRIel+zr31J6GBtDtBZ6n+BWUpEsjPRcBdpk3Dbizv05F - xCWsITpgPQ+BCakj90rnEwwvzafrLepxOXLCUZpTs4Ygx0P4JNcDcFw6SBd6plNc - 1pfW7qMJNrWW8BzO6fpq+nlVnhMWK4+j7LisncZT7XhzJPk1yQRxpMpK93zpR3Ar - kh322XdtAgMBAAECggEAC+C3Hv7X8Z1szkUMoEXGEIKanfA9AV3Gel/wvP4wfwg7 - E6LbqyN+r58/9aJ7qbjs/iGLGi8yHR+6f/ZPtu9hrpzQ9G2w2ptrdC4Llm8Z0Kfi - +k/Oq4w0DSjFQr+QP2S2OU7lezh656M7NSm0D9x8+kLcqPYGeHzvmS24slZ9anOD - ymADxcicF2V1LHrl1I4CpUJarAO19tX+OXq86bB28fAdC1++33r1ERC2uZrTGIyj - MN6t2DMX98MYg4QHfNBArPP3rwoOvtSa9fssnqOVGhqGysDrVcfycmdfj2PuGisP - BMU0Wk85lRzyjMbzFS9q8BdVwtjGH9htHT28MMWugQKBgQDYaoqH/dm59qOtNvbw - NlPYEiHMdjQpoLFBwrxHQD9hYjXdu9leRjEdR78s0kC23zDQzsQ4rpIj1glO9LwZ - USUlWtRRkLZ/8d1DvJERUQGFlHBLpgB8ikapSnijo4zT1Jw6s348YSEqyh1McTsn - o+zL2Fra8vvI4YwsIUphUtKhiQKBgQC3VP0GYQzxzvLbqSzufc6UMTM7Vk4kluWP - ORxWnk4kKv8owgW0LHHhtiOQjRxMakLFW2nxfI9oWIoOmoRAbJFSQFQKglX4IExV - bHI+3s5Gas3X+AS5ANoUdMBBrUSvAkyamv8LTfRsj8ztVGgXw51JAHhS/uVuaLbe - FdLpOsyhxQKBgQCYIrWGCi8f6sF/SA9qKFbio0R9Tm83AE77sqDW2dR0ai0B1kdl - XaSzN7euE5QIune/oksQqa/0X0el6Ke+iGu7idGOEVQqN2Xbc1jrum1+cS5MD8Nx - yWcJJWAPcS7TzzeQkJPicEl3oiPclBEIudUCK/MazguwWNZIQ5LdPfLyOQKBgF+G - ZSDByODmGBzklYje/Jiy2iL84VKnXY23EFEBw22NCc7O6fHrhps5MGbNYAVhCNGU - xCsT4BVarPTXBjobV80nv6KKLwlOqveHvi+MIKcIV6FElhFfpEIsY1DVW4hlBk04 - ndPiFo3Kj9jJtkNLpdS37fow3pMc9MvbSz5DaQSRAoGATiUvoT5mQB98RtJT3Up4 - 75/7DTBJVpzXPHbxF0BCSYgutKv6aXXgEFO680Lu7TVNKDbBJIJXPIas2y4uYdNJ - LcaqO3kx1JhTHTxRokTBVH3vyiFWKMGXZ0UYXBpeQoWNezxLJea8Cp3sEgbw+jaB - uRm76Xvsh0JZ5MDgy26hFVs= - -----END PRIVATE KEY----- diff --git a/e2e/e2e.sh b/e2e/e2e.sh deleted file mode 100644 index 9c7bee628..000000000 --- a/e2e/e2e.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/usr/bin/env bash -set -x -# to facilitate local test - -# common configs for all enclaves -NGROK_TOKEN= -CORE_VERSION=2.15.0-50d596678a-default -OPTOUT_VERSION=2.6.18-60727cf243-default - -# GCP OIDC enclave configs -TEST_GCP_OIDC=true -# starts with sha256: -IMAGE_HASH=sha256: -GCP_PROJECT=uid2-test -SERVICE_ACCOUNT='github-ci@uid2-test.iam.gserviceaccount.com' - -# Azure CC enclave configs -TEST_AZURE_CC=false -IMAGE_VERSION= - -# replace below with your local repo root of uid2-core and uid2-optout -CORE_ROOT="../../uid2-core" -OPTOUT_ROOT="../../uid2-optout" - -# copy to a different folder in local to avoid data pollution -rm -rf "./e2e-target" -cp -rf "./e2e/" "./e2e-target" - -cd ./e2e-target - -killall ngrok -docker compose down - -source ./prepare_conf.sh -source ./setup_ngrok.sh - -if [ "$TEST_GCP_OIDC" = true ]; then - source ./prepare_gcp_enclave_metadata.sh -fi - -if [ "$TEST_AZURE_CC" = true ]; then - source ./prepare_azure_cc_artifacts.sh - source ./prepare_azure_cc_enclave_metadata.sh -fi - -source ./start_docker.sh - -if [ "$TEST_GCP_OIDC" = true ]; then - source ./start_gcp_enclave.sh - #source ./stop_gcp_enclave.sh -fi - -if [ "$TEST_AZURE_CC" = true ]; then - source ./start_azure_cc_enclave.sh - #source ./stop_azure_cc_enclave.sh -fi diff --git a/e2e/healthcheck.sh b/e2e/healthcheck.sh deleted file mode 100644 index 9e9f383bb..000000000 --- a/e2e/healthcheck.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bash - -healthcheck() { - attempt_counter=0 - max_attempts=5 - if [ -n "$2" ]; then - max_attempts=$2 - fi - echo "Healthcheck $1 for $max_attempts times" - - until (curl -m 5 --output /dev/null --silent --fail "$1"); do - if [ -n "$3" ]; then - docker compose logs --tail 100 - fi - - if [ $attempt_counter -eq $max_attempts ];then - echo "Max attempts reached" - exit 1 - fi - - printf '.' - attempt_counter=$((attempt_counter+1)) - sleep 5 - done - echo "Healthcheck $1 succeed." -} diff --git a/e2e/jq_helper.sh b/e2e/jq_helper.sh deleted file mode 100644 index f7266e8c8..000000000 --- a/e2e/jq_helper.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -# for string -# https://jqlang.github.io/jq/manual/ -# --arg foo 123 will bind $foo to "123". -function jq_inplace_update() { - local file=$1 - local field=$2 - local value=$3 - jq --arg v "$value" ".$field = \$v" "$file" > tmp.json && mv tmp.json "$file" -} - -# for number/boolean -# https://jqlang.github.io/jq/manual/ -# --argjson foo 123 will bind $foo to 123. -function jq_inplace_update_json() { - local file=$1 - local field=$2 - local value=$3 - jq --argjson v "$value" ".$field = \$v" "$file" > tmp.json && mv tmp.json "$file" -} diff --git a/e2e/ngrok.yml b/e2e/ngrok.yml deleted file mode 100644 index 245d29519..000000000 --- a/e2e/ngrok.yml +++ /dev/null @@ -1,12 +0,0 @@ -version: "2" -authtoken: -tunnels: - localstack: - addr: 5001 - proto: http - optout: - addr: 8081 - proto: http - core: - addr: 8088 - proto: http diff --git a/e2e/prepare_azure_cc_artifacts.sh b/e2e/prepare_azure_cc_artifacts.sh deleted file mode 100644 index 3d1c02431..000000000 --- a/e2e/prepare_azure_cc_artifacts.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/env bash -set -ex - -INPUT_DIR="./azure" -OUT_PUT_DIR="./azure-artifacts" - -if [ -z "$IMAGE_VERSION" ]; then - echo "IMAGE_VERSION can not be empty" - exit 1 -fi - -IMAGE="ghcr.io/iabtechlab/uid2-operator:$IMAGE_VERSION" - -if [ -d "$OUT_PUT_DIR" ]; then - echo "$OUT_PUT_DIR exist." -fi - -INPUT_TEMPLATE_FILE="$INPUT_DIR/template.json" -INPUT_PARAMETERS_FILE="$INPUT_DIR/parameters.json" -OUTPUT_TEMPLATE_FILE="$OUT_PUT_DIR/template.json" -OUTPUT_PARAMETERS_FILE="$OUT_PUT_DIR/parameters.json" -OUTPUT_POLICY_DIGEST_FILE="$OUT_PUT_DIR/digest.txt" - -if [[ -d $OUT_PUT_DIR ]]; then - echo "$OUT_PUT_DIR exist. Skip. This only happens during local test." -else - mkdir -p $OUT_PUT_DIR - - # Install confcom extension, az is originally available in GitHub workflow environment - az extension add --name confcom - if [[ $? -ne 0 ]]; then - echo "Failed to install Azure confcom extension" - exit 1 - fi - - # Required by az confcom - sudo usermod -aG docker $USER - if [[ $? -ne 0 ]]; then - echo "Failed to add current user to docker group" - exit 1 - fi - - # Generate deployment template - cp $INPUT_TEMPLATE_FILE $OUTPUT_TEMPLATE_FILE - sed -i "s#IMAGE_PLACEHOLDER#$IMAGE#g" $OUTPUT_TEMPLATE_FILE - if [[ $? -ne 0 ]]; then - echo "Failed to pre-process template file" - exit 1 - fi - - az confcom acipolicygen --approve-wildcards --template-file $OUTPUT_TEMPLATE_FILE > $OUTPUT_POLICY_DIGEST_FILE - if [[ $? -ne 0 ]]; then - echo "Failed to generate template file" - exit 1 - fi - - cp $INPUT_PARAMETERS_FILE $OUTPUT_PARAMETERS_FILE -fi - -if [ -z "$GITHUB_OUTPUT" ]; then - echo "not in github action" -else - echo "OUTPUT_TEMPLATE_FILE=$OUTPUT_TEMPLATE_FILE" >> $GITHUB_OUTPUT - echo "OUTPUT_PARAMETERS_FILE=$OUTPUT_PARAMETERS_FILE" >> $GITHUB_OUTPUT - echo "OUTPUT_POLICY_DIGEST_FILE=$OUTPUT_POLICY_DIGEST_FILE" >> $GITHUB_OUTPUT -fi diff --git a/e2e/prepare_azure_cc_enclave_metadata.sh b/e2e/prepare_azure_cc_enclave_metadata.sh deleted file mode 100644 index 5a3f2fb8e..000000000 --- a/e2e/prepare_azure_cc_enclave_metadata.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env bash -set -ex - -ROOT="." -METADATA_ROOT="$ROOT/docker/localstack/s3/core" -OPERATOR_FILE="$METADATA_ROOT/operators/operators.json" -ENCLAVE_FILE="$METADATA_ROOT/enclaves/enclaves.json" - -if [[ ! -f $OUTPUT_POLICY_DIGEST_FILE ]]; then - echo "OUTPUT_POLICY_DIGEST_FILE does not exist" - exit 1 -fi - -AZURE_CC_POLICY_DIGEST="$(cat $OUTPUT_POLICY_DIGEST_FILE)" - -echo "AZURE_CC_POLICY_DIGEST=$AZURE_CC_POLICY_DIGEST" - -enclave_id=$AZURE_CC_POLICY_DIGEST - -# fetch operator key -OPERATOR_KEY=$(jq -r '.[] | select(.protocol=="azure-cc") | .key' $OPERATOR_FILE) - -# update azure-cc enclave id -cat <<< $(jq '(.[] | select(.protocol=="azure-cc") | .identifier) |='\"$enclave_id\"'' $ENCLAVE_FILE) > $ENCLAVE_FILE - -# export to Github output -echo "OPERATOR_KEY=$OPERATOR_KEY" - -if [ -z "$GITHUB_OUTPUT" ]; then - echo "not in github action" -else - echo "OPERATOR_KEY=$OPERATOR_KEY" >> $GITHUB_OUTPUT -fi diff --git a/e2e/prepare_conf.sh b/e2e/prepare_conf.sh deleted file mode 100644 index cf1489a1a..000000000 --- a/e2e/prepare_conf.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash -set -ex - -ROOT="." -CORE_CONFIG_FILE_DIR="$ROOT/docker/uid2-core/conf" -OPTOUT_CONFIG_FILE_DIR="$ROOT/docker/uid2-optout/conf" - -if [ -z "$CORE_ROOT" ]; then - echo "CORE_ROOT can not be empty" - exit 1 -fi - -if [ -z "$OPTOUT_ROOT" ]; then - echo "$OPTOUT_ROOT can not be empty" - exit 1 -fi - -mkdir -p "$CORE_CONFIG_FILE_DIR" && cp "$CORE_ROOT/conf/local-e2e-docker-config.json" "$CORE_CONFIG_FILE_DIR" -mkdir -p "$OPTOUT_CONFIG_FILE_DIR" && cp "$OPTOUT_ROOT/conf/local-e2e-docker-config.json" "$OPTOUT_CONFIG_FILE_DIR" diff --git a/e2e/prepare_gcp_enclave_metadata.sh b/e2e/prepare_gcp_enclave_metadata.sh deleted file mode 100755 index 96ff3f658..000000000 --- a/e2e/prepare_gcp_enclave_metadata.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env bash -set -ex - -ROOT="." -METADATA_ROOT="$ROOT/docker/localstack/s3/core" -OPERATOR_FILE="$METADATA_ROOT/operators/operators.json" -ENCLAVE_FILE="$METADATA_ROOT/enclaves/enclaves.json" - -if [ -z "$IMAGE_HASH" ]; then - echo "IMAGE_HASH can not be empty" - exit 1 -fi - -# generate enclave id -enclave_str="V1,true,$IMAGE_HASH" -echo "enclave_str=$enclave_str" -enclave_id=$(echo -n $enclave_str | openssl dgst -sha256 -binary | openssl base64) - - -# fetch operator key -OPERATOR_KEY=$(jq -r '.[] | select(.protocol=="gcp-oidc") | .key' $OPERATOR_FILE) - -# update gcp-oidc enclave id -cat <<< $(jq '(.[] | select(.protocol=="gcp-oidc") | .identifier) |='\"$enclave_id\"'' $ENCLAVE_FILE) > $ENCLAVE_FILE - -# export to Github output -echo "OPERATOR_KEY=$OPERATOR_KEY" - -if [ -z "$GITHUB_OUTPUT" ]; then - echo "not in github action" -else - echo "OPERATOR_KEY=$OPERATOR_KEY" >> $GITHUB_OUTPUT -fi diff --git a/e2e/setup_ngrok.sh b/e2e/setup_ngrok.sh deleted file mode 100755 index f614c077b..000000000 --- a/e2e/setup_ngrok.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash -set -ex - -ROOT="." -NGROK_TMPL_PATH="$ROOT/ngrok.yml" -TUNNEL_URL="http://127.0.0.1:4040/api/tunnels" - -if [ -z "$NGROK_TOKEN" ]; then - echo "NGROK_TOKEN can not be empty" - exit 1 -fi - -# install -ngrok_cmd="ngrok" -if ! which ngrok > /dev/null; then - echo "ngrok not found!" - wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz - tar xvzf ngrok-v3-stable-linux-amd64.tgz - ngrok_cmd="./ngrok" -fi - -# update config file -sed -i.bak "s//$NGROK_TOKEN/g" $NGROK_TMPL_PATH - -# start and check endpoint -$ngrok_cmd --config $NGROK_TMPL_PATH start --all > /dev/null & - -source "$ROOT/healthcheck.sh" -healthcheck $TUNNEL_URL - -# parse public url -tunnel_info=$(curl -s $TUNNEL_URL) - -echo $tunnel_info - -NGROK_URL_LOCALSTACK=$(jq -r '.tunnels | .[] | select(.name=="localstack") | .public_url' <<< "$tunnel_info") -NGROK_URL_CORE=$(jq -r '.tunnels | .[] | select(.name=="core") | .public_url' <<< "$tunnel_info") -NGROK_URL_OPTOUT=$(jq -r '.tunnels | .[] | select(.name=="optout") | .public_url' <<< "$tunnel_info") - -# export to Github output -echo "NGROK_URL_LOCALSTACK=$NGROK_URL_LOCALSTACK" -echo "NGROK_URL_CORE=$NGROK_URL_CORE" -echo "NGROK_URL_OPTOUT=$NGROK_URL_OPTOUT" - -if [ -z "$GITHUB_OUTPUT" ]; then - echo "not in github action" -else - echo "NGROK_URL_LOCALSTACK=$NGROK_URL_LOCALSTACK" >> $GITHUB_OUTPUT - echo "NGROK_URL_CORE=$NGROK_URL_CORE" >> $GITHUB_OUTPUT - echo "NGROK_URL_OPTOUT=$NGROK_URL_OPTOUT" >> $GITHUB_OUTPUT -fi diff --git a/e2e/start_azure_cc_enclave.sh b/e2e/start_azure_cc_enclave.sh deleted file mode 100644 index 6343262ef..000000000 --- a/e2e/start_azure_cc_enclave.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/env bash -set -ex - -ROOT="." -# below resources should be prepared ahead -RESOURCE_GROUP=uid-enclave-ci-cd -IDENTITY=uid-operator -VAULT_NAME=uid-operator -OPERATOR_KEY_NAME=operator-key-ci - -LOCATION="East US" -DEPLOYMENT_ENV="integ" -CONTAINER_GROUP_NAME="ci-test-$RANDOM" -DEPLOYMENT_NAME=$CONTAINER_GROUP_NAME - -source "$ROOT/jq_helper.sh" -source "$ROOT/healthcheck.sh" - -if [ -z "$IDENTITY" ]; then - echo "IDENTITY can not be empty" - exit 1 -fi - -if [ -z "$VAULT_NAME" ]; then - echo "VAULT_NAME can not be empty" - exit 1 -fi - -if [ -z "$OPERATOR_KEY_NAME" ]; then - echo "OPERATOR_KEY_NAME can not be empty" - exit 1 -fi - -if [ -z "$NGROK_URL_CORE" ]; then - echo "NGROK_URL_CORE can not be empty" - exit 1 -fi - -if [ -z "$NGROK_URL_OPTOUT" ]; then - echo "NGROK_URL_OPTOUT can not be empty" - exit 1 -fi - -if [[ ! -f $OUTPUT_TEMPLATE_FILE ]]; then - echo "OUTPUT_TEMPLATE_FILE does not exist" - exit 1 -fi - -if [[ ! -f $OUTPUT_PARAMETERS_FILE ]]; then - echo "OUTPUT_PARAMETERS_FILE does not exist" - exit 1 -fi - -jq_inplace_update $OUTPUT_PARAMETERS_FILE parameters.containerGroupName.value "$CONTAINER_GROUP_NAME" -jq_inplace_update $OUTPUT_PARAMETERS_FILE parameters.location.value "$LOCATION" -jq_inplace_update $OUTPUT_PARAMETERS_FILE parameters.identity.value "$IDENTITY" -jq_inplace_update $OUTPUT_PARAMETERS_FILE parameters.vaultName.value "$VAULT_NAME" -jq_inplace_update $OUTPUT_PARAMETERS_FILE parameters.operatorKeySecretName.value "$OPERATOR_KEY_NAME" -jq_inplace_update $OUTPUT_PARAMETERS_FILE parameters.deploymentEnvironment.value "$DEPLOYMENT_ENV" -jq_inplace_update $OUTPUT_PARAMETERS_FILE parameters.coreBaseUrl.value "$NGROK_URL_CORE" -jq_inplace_update $OUTPUT_PARAMETERS_FILE parameters.optoutBaseUrl.value "$NGROK_URL_OPTOUT" - -cat $OUTPUT_PARAMETERS_FILE - -az deployment group create \ - -g $RESOURCE_GROUP \ - -n $DEPLOYMENT_NAME \ - --template-file "$OUTPUT_TEMPLATE_FILE" \ - --parameters "$OUTPUT_PARAMETERS_FILE" - -# export to Github output -echo "CONTAINER_GROUP_NAME=$CONTAINER_GROUP_NAME" - -if [ -z "$GITHUB_OUTPUT" ]; then - echo "not in github action" -else - echo "CONTAINER_GROUP_NAME=$CONTAINER_GROUP_NAME" >> $GITHUB_OUTPUT -fi - -# get public IP, need to trim quotes -ip=$(az deployment group show \ - -g $RESOURCE_GROUP \ - -n $DEPLOYMENT_NAME \ - --query properties.outputs.containerIPv4Address.value | tr -d '"') - -echo "instance ip: $ip" - -healthcheck_url="http://$ip:8080/ops/healthcheck" - -# health check - for 5 mins -healthcheck "$healthcheck_url" 60 diff --git a/e2e/start_docker.sh b/e2e/start_docker.sh deleted file mode 100644 index d28eca337..000000000 --- a/e2e/start_docker.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/env bash -set -ex - -ROOT="." -CORE_CONFIG_FILE="$ROOT/docker/uid2-core/conf/local-e2e-docker-config.json" -OPTOUT_CONFIG_FILE="$ROOT/docker/uid2-optout/conf/local-e2e-docker-config.json" -COMPOSE_FILE="$ROOT/docker-compose.yml" -OPTOUT_MOUNT="$ROOT/docker/uid2-optout/mount" -OPTOUT_HEALTHCHECK_URL="$NGROK_URL_OPTOUT/ops/healthcheck" - -source "$ROOT/jq_helper.sh" -source "$ROOT/healthcheck.sh" - -if [ -z "$CORE_VERSION" ]; then - echo "CORE_VERSION can not be empty" - exit 1 -fi - -if [ -z "$OPTOUT_VERSION" ]; then - echo "OPTOUT_VERSION can not be empty" - exit 1 -fi - -if [ -z "$NGROK_URL_LOCALSTACK" ]; then - echo "NGROK_URL_LOCALSTACK can not be empty" - exit 1 -fi - -if [ -z "$NGROK_URL_CORE" ]; then - echo "NGROK_URL_CORE can not be empty" - exit 1 -fi - -if [ -z "$NGROK_URL_OPTOUT" ]; then - echo "NGROK_URL_OPTOUT can not be empty" - exit 1 -fi - -# replace placeholders -sed -i.bak "s##$CORE_VERSION#g" $COMPOSE_FILE -sed -i.bak "s##$OPTOUT_VERSION#g" $COMPOSE_FILE - -# set provide_private_site_data to false to workaround the private site path -jq_inplace_update $CORE_CONFIG_FILE aws_s3_endpoint "$NGROK_URL_LOCALSTACK" -jq_inplace_update $CORE_CONFIG_FILE kms_aws_endpoint "$NGROK_URL_LOCALSTACK" -jq_inplace_update $CORE_CONFIG_FILE core_public_url "$NGROK_URL_CORE" -jq_inplace_update $CORE_CONFIG_FILE optout_url "$NGROK_URL_OPTOUT" -jq_inplace_update_json $CORE_CONFIG_FILE provide_private_site_data false - -jq_inplace_update $OPTOUT_CONFIG_FILE aws_s3_endpoint "$NGROK_URL_LOCALSTACK" -jq_inplace_update $OPTOUT_CONFIG_FILE partners_metadata_path "$NGROK_URL_CORE/partners/refresh" -jq_inplace_update $OPTOUT_CONFIG_FILE operators_metadata_path "$NGROK_URL_CORE/operators/refresh" -jq_inplace_update $OPTOUT_CONFIG_FILE core_attest_url "$NGROK_URL_CORE/attest" -jq_inplace_update $OPTOUT_CONFIG_FILE core_public_url "$NGROK_URL_CORE" -jq_inplace_update $OPTOUT_CONFIG_FILE optout_url "$NGROK_URL_OPTOUT" - -cat $CORE_CONFIG_FILE -cat $OPTOUT_CONFIG_FILE - -mkdir -p "$OPTOUT_MOUNT" && chmod 777 "$OPTOUT_MOUNT" - -docker compose -f "$ROOT/docker-compose.yml" up -d -docker ps -a - -# health check - for 5 mins -healthcheck "$OPTOUT_HEALTHCHECK_URL" 60 1 diff --git a/e2e/start_gcp_enclave.sh b/e2e/start_gcp_enclave.sh deleted file mode 100644 index 1363363d3..000000000 --- a/e2e/start_gcp_enclave.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env bash -set -ex - -ROOT="." -GCP_INSTANCE_NAME="ci-test-$RANDOM" -OPERATOR_KEY_SECRET_NAME=$GCP_INSTANCE_NAME - -source "$ROOT/healthcheck.sh" - -if [ -z "$GCP_PROJECT" ]; then - echo "GCP_PROJECT can not be empty" - exit 1 -fi - -if [ -z "$SERVICE_ACCOUNT" ]; then - echo "SERVICE_ACCOUNT can not be empty" - exit 1 -fi - -if [ -z "$IMAGE_HASH" ]; then - echo "IMAGE_HASH can not be empty" - exit 1 -fi - -if [ -z "$OPERATOR_KEY" ]; then - echo "OPERATOR_KEY can not be empty" - exit 1 -fi - -if [ -z "$NGROK_URL_CORE" ]; then - echo "NGROK_URL_CORE can not be empty" - exit 1 -fi - -if [ -z "$NGROK_URL_OPTOUT" ]; then - echo "NGROK_URL_OPTOUT can not be empty" - exit 1 -fi - -gcloud config set project $GCP_PROJECT - -gcloud config set compute/zone asia-southeast1-a - -# create secret -echo -n "$OPERATOR_KEY" | gcloud secrets create $OPERATOR_KEY_SECRET_NAME \ - --replication-policy="automatic" \ - --data-file=- - -OPERATOR_KEY_SECRET_VERSION=$(gcloud secrets versions describe latest --secret $OPERATOR_KEY_SECRET_NAME --format 'value(name)') - -gcloud compute instances create $GCP_INSTANCE_NAME \ - --confidential-compute \ - --shielded-secure-boot \ - --maintenance-policy Terminate \ - --scopes cloud-platform \ - --image-project confidential-space-images \ - --image-family confidential-space-debug \ - --service-account $SERVICE_ACCOUNT \ - --metadata ^~^tee-image-reference=us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator@$IMAGE_HASH~tee-restart-policy=Never~tee-container-log-redirect=true~tee-env-DEPLOYMENT_ENVIRONMENT=integ~tee-env-API_TOKEN_SECRET_NAME=$OPERATOR_KEY_SECRET_VERSION~tee-env-CORE_BASE_URL=$NGROK_URL_CORE~tee-env-OPTOUT_BASE_URL=$NGROK_URL_OPTOUT - -# export to Github output -echo "GCP_INSTANCE_NAME=$GCP_INSTANCE_NAME" - -if [ -z "$GITHUB_OUTPUT" ]; then - echo "not in github action" -else - echo "GCP_INSTANCE_NAME=$GCP_INSTANCE_NAME" >> $GITHUB_OUTPUT -fi - -# get public IP -ip=$(gcloud compute instances describe $GCP_INSTANCE_NAME \ - --format='get(networkInterfaces[0].accessConfigs[0].natIP)') - -echo "instance ip: $ip" - -healthcheck_url="http://$ip:8080/ops/healthcheck" - -# health check - for 5 mins -healthcheck "$healthcheck_url" 60 diff --git a/e2e/stop_azure_cc_enclave.sh b/e2e/stop_azure_cc_enclave.sh deleted file mode 100644 index 4dfdc1ad2..000000000 --- a/e2e/stop_azure_cc_enclave.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash -set -ex - -RESOURCE_GROUP=uid-enclave-ci-cd - -if [ -z "$CONTAINER_GROUP_NAME" ]; then - echo "CONTAINER_GROUP_NAME can not be empty" - exit 1 -fi - -az container delete \ - -g $RESOURCE_GROUP \ - -n $CONTAINER_GROUP_NAME -y diff --git a/e2e/stop_gcp_enclave.sh b/e2e/stop_gcp_enclave.sh deleted file mode 100644 index dc82d6cf3..000000000 --- a/e2e/stop_gcp_enclave.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -set -ex - -if [ -z "$GCP_PROJECT" ]; then - echo "GCP_PROJECT can not be empty" - exit 1 -fi - -if [ -z "$SERVICE_ACCOUNT" ]; then - echo "SERVICE_ACCOUNT can not be empty" - exit 1 -fi - -if [ -z "$GCP_INSTANCE_NAME" ]; then - echo "GCP_INSTANCE_NAME can not be empty" - exit 1 -fi - -OPERATOR_KEY_SECRET_NAME=$GCP_INSTANCE_NAME - -gcloud config set project $GCP_PROJECT - -gcloud config set compute/zone asia-southeast1-a - -gcloud compute instances delete $GCP_INSTANCE_NAME --quiet - -gcloud secrets delete $OPERATOR_KEY_SECRET_NAME --quiet