Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| d94cf1b7de | |||
| cc9b0c4042 |
@@ -20,3 +20,4 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
node-version: "22"
|
node-version: "22"
|
||||||
headlamp-version: v0.40.1
|
headlamp-version: v0.40.1
|
||||||
|
e2e-namespace: headlamp-dev
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ For Headlamp running in Kubernetes:
|
|||||||
kubectl create configmap headlamp-sealed-secrets-plugin \
|
kubectl create configmap headlamp-sealed-secrets-plugin \
|
||||||
--from-file=main.js=dist/main.js \
|
--from-file=main.js=dist/main.js \
|
||||||
--from-file=package.json=package.json \
|
--from-file=package.json=package.json \
|
||||||
-n headlamp
|
-n <your-namespace>
|
||||||
```
|
```
|
||||||
|
|
||||||
2. **Update Headlamp deployment**:
|
2. **Update Headlamp deployment**:
|
||||||
@@ -130,7 +130,7 @@ For Headlamp running in Kubernetes:
|
|||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: headlamp
|
name: headlamp
|
||||||
namespace: headlamp
|
namespace: <your-namespace>
|
||||||
spec:
|
spec:
|
||||||
template:
|
template:
|
||||||
spec:
|
spec:
|
||||||
@@ -149,7 +149,7 @@ For Headlamp running in Kubernetes:
|
|||||||
3. **Apply and restart**:
|
3. **Apply and restart**:
|
||||||
```bash
|
```bash
|
||||||
kubectl apply -f headlamp-deployment.yaml
|
kubectl apply -f headlamp-deployment.yaml
|
||||||
kubectl rollout restart deployment/headlamp -n headlamp
|
kubectl rollout restart deployment/headlamp -n <your-namespace>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Verification
|
## Verification
|
||||||
|
|||||||
+15
-26
@@ -1,40 +1,34 @@
|
|||||||
import { test, expect } from '@playwright/test';
|
import { test, expect } from '@playwright/test';
|
||||||
|
|
||||||
async function waitForSidebar(page: import('@playwright/test').Page) {
|
|
||||||
const sidebar = page.getByRole('navigation', { name: 'Navigation' });
|
|
||||||
await expect(sidebar).toBeVisible({ timeout: 15_000 });
|
|
||||||
await page.waitForLoadState('networkidle');
|
|
||||||
return sidebar;
|
|
||||||
}
|
|
||||||
|
|
||||||
test.describe('Sealed Secrets plugin smoke tests', () => {
|
test.describe('Sealed Secrets plugin smoke tests', () => {
|
||||||
test('sidebar contains sealed-secrets entry', async ({ page }) => {
|
test('sidebar contains sealed-secrets entry', async ({ page }) => {
|
||||||
await page.goto('/');
|
await page.goto('/');
|
||||||
const sidebar = await waitForSidebar(page);
|
const sidebar = page.getByRole('navigation', { name: 'Navigation' });
|
||||||
|
await expect(sidebar).toBeVisible({ timeout: 15_000 });
|
||||||
await expect(sidebar.getByRole('button', { name: /sealed.secrets/i })).toBeVisible();
|
await expect(sidebar.getByRole('button', { name: /sealed.secrets/i })).toBeVisible();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('sidebar sealed-secrets entry is clickable and navigates to list view', async ({ page }) => {
|
test('sidebar sealed-secrets entry is clickable and navigates to list view', async ({ page }) => {
|
||||||
await page.goto('/');
|
await page.goto('/');
|
||||||
const sidebar = await waitForSidebar(page);
|
const sidebar = page.getByRole('navigation', { name: 'Navigation' });
|
||||||
|
await expect(sidebar).toBeVisible({ timeout: 15_000 });
|
||||||
|
|
||||||
const sealedSecretsEntry = sidebar.getByRole('button', { name: /sealed.secrets/i });
|
const sealedSecretsEntry = sidebar.getByRole('button', { name: /sealed.secrets/i });
|
||||||
await expect(sealedSecretsEntry).toBeVisible();
|
await expect(sealedSecretsEntry).toBeVisible();
|
||||||
await sealedSecretsEntry.click();
|
await sealedSecretsEntry.click();
|
||||||
|
|
||||||
await page.waitForLoadState('networkidle');
|
|
||||||
await expect(page).toHaveURL(/\/sealedsecrets/);
|
await expect(page).toHaveURL(/\/sealedsecrets/);
|
||||||
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible();
|
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('sealed secrets list page renders table or empty state', async ({ page }) => {
|
test('sealed secrets list page renders table or empty state', async ({ page }) => {
|
||||||
await page.goto('/c/main/sealedsecrets');
|
await page.goto('/c/main/sealedsecrets');
|
||||||
await waitForSidebar(page);
|
|
||||||
|
|
||||||
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible({
|
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible({
|
||||||
timeout: 15_000,
|
timeout: 15_000,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// Either a populated table or an empty-state indicator must be visible
|
||||||
const hasTable = await page.locator('table').first().isVisible().catch(() => false);
|
const hasTable = await page.locator('table').first().isVisible().catch(() => false);
|
||||||
const hasEmptyState = await page
|
const hasEmptyState = await page
|
||||||
.locator('text=/no.*sealed|no.*secret|0 item|empty/i')
|
.locator('text=/no.*sealed|no.*secret|0 item|empty/i')
|
||||||
@@ -46,7 +40,6 @@ test.describe('Sealed Secrets plugin smoke tests', () => {
|
|||||||
|
|
||||||
test('sealing keys page renders table or empty state', async ({ page }) => {
|
test('sealing keys page renders table or empty state', async ({ page }) => {
|
||||||
await page.goto('/c/main/sealedsecrets/keys');
|
await page.goto('/c/main/sealedsecrets/keys');
|
||||||
await waitForSidebar(page);
|
|
||||||
|
|
||||||
await expect(page.getByRole('heading', { name: /sealing.key/i })).toBeVisible({
|
await expect(page.getByRole('heading', { name: /sealing.key/i })).toBeVisible({
|
||||||
timeout: 15_000,
|
timeout: 15_000,
|
||||||
@@ -63,37 +56,33 @@ test.describe('Sealed Secrets plugin smoke tests', () => {
|
|||||||
|
|
||||||
test('navigation between sealed-secrets views works', async ({ page }) => {
|
test('navigation between sealed-secrets views works', async ({ page }) => {
|
||||||
await page.goto('/c/main/sealedsecrets');
|
await page.goto('/c/main/sealedsecrets');
|
||||||
const sidebar = await waitForSidebar(page);
|
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible({
|
||||||
|
timeout: 15_000,
|
||||||
const sealedBtn = sidebar.getByRole('button', { name: /sealed.secrets/i }).first();
|
});
|
||||||
await sealedBtn.click();
|
|
||||||
await page.waitForLoadState('networkidle');
|
|
||||||
|
|
||||||
await expect(page.getByRole('heading', { name: /sealed.secrets/i }).first()).toBeVisible({ timeout: 15_000 });
|
|
||||||
|
|
||||||
|
// Navigate to Sealing Keys via sidebar
|
||||||
|
const sidebar = page.getByRole('navigation', { name: 'Navigation' });
|
||||||
const keysLink = sidebar.getByRole('link', { name: /sealing.key/i });
|
const keysLink = sidebar.getByRole('link', { name: /sealing.key/i });
|
||||||
await expect(keysLink).toBeVisible();
|
await expect(keysLink).toBeVisible();
|
||||||
await keysLink.click();
|
await keysLink.click();
|
||||||
|
|
||||||
await page.waitForLoadState('networkidle');
|
|
||||||
await expect(page).toHaveURL(/\/sealedsecrets\/keys$/);
|
await expect(page).toHaveURL(/\/sealedsecrets\/keys$/);
|
||||||
await expect(page.getByRole('heading', { name: /sealing.key/i }).first()).toBeVisible();
|
await expect(page.getByRole('heading', { name: /sealing.key/i })).toBeVisible();
|
||||||
|
|
||||||
|
// Navigate back to All Sealed Secrets
|
||||||
const allSecretsLink = sidebar.getByRole('link', { name: /all sealed secrets/i });
|
const allSecretsLink = sidebar.getByRole('link', { name: /all sealed secrets/i });
|
||||||
await expect(allSecretsLink).toBeVisible();
|
await expect(allSecretsLink).toBeVisible();
|
||||||
await allSecretsLink.click();
|
await allSecretsLink.click();
|
||||||
|
|
||||||
await page.waitForLoadState('networkidle');
|
|
||||||
await expect(page).toHaveURL(/\/sealedsecrets(?!\/keys)/);
|
await expect(page).toHaveURL(/\/sealedsecrets(?!\/keys)/);
|
||||||
await expect(page.getByRole('heading', { name: /sealed.secrets/i }).first()).toBeVisible();
|
await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('plugin settings page shows sealed-secrets plugin entry', async ({ page }) => {
|
test('plugin settings page shows sealed-secrets plugin entry', async ({ page }) => {
|
||||||
await page.goto('/settings/plugins');
|
await page.goto('/settings/plugins');
|
||||||
await page.waitForLoadState('networkidle');
|
|
||||||
await page.waitForSelector('table', { timeout: 10_000 }).catch(() => {});
|
|
||||||
|
|
||||||
const pluginEntry = page.locator('text=/sealed.secrets/i').first();
|
// Wait for plugin list to load — plugin scripts load asynchronously
|
||||||
|
const pluginEntry = page.locator('text=sealed-secrets').first();
|
||||||
await expect(pluginEntry).toBeVisible({ timeout: 30_000 });
|
await expect(pluginEntry).toBeVisible({ timeout: 30_000 });
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -5,18 +5,17 @@
|
|||||||
# a ConfigMap volume mount. No custom Docker images — the plugin is built
|
# a ConfigMap volume mount. No custom Docker images — the plugin is built
|
||||||
# in CI and injected as a ConfigMap.
|
# in CI and injected as a ConfigMap.
|
||||||
#
|
#
|
||||||
# E2E resources are deployed to the `privilegedescalation-dev` namespace. Nothing
|
# E2E resources are deployed to the `headlamp-dev` namespace. Nothing
|
||||||
# persists beyond the test run — teardown cleans up all created resources.
|
# persists beyond the test run — teardown cleans up all created resources.
|
||||||
#
|
#
|
||||||
# Prerequisites:
|
# Prerequisites:
|
||||||
# - Plugin built (dist/ exists with plugin-main.js + package.json)
|
# - Plugin built (dist/ exists with plugin-main.js + package.json)
|
||||||
# - kubectl configured with cluster access
|
# - kubectl configured with cluster access
|
||||||
# RBAC is managed via Flux from privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml.
|
# RBAC is managed via Flux from privilegedescalation/infra/apps/base/e2e-ci-runner-rbac.yaml.
|
||||||
# The infra repo is the source of truth — do not apply this file directly.
|
# The infra repo is the source of truth — do not apply this file directly.
|
||||||
# Apply RBAC first: kubectl apply -f privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml
|
|
||||||
#
|
#
|
||||||
# Environment:
|
# Environment:
|
||||||
# E2E_NAMESPACE — namespace for E2E Headlamp (default: privilegedescalation-dev)
|
# E2E_NAMESPACE — namespace for E2E Headlamp (default: headlamp-dev)
|
||||||
# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e)
|
# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e)
|
||||||
# HEADLAMP_VERSION — Headlamp image tag (default: latest)
|
# HEADLAMP_VERSION — Headlamp image tag (default: latest)
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
@@ -24,7 +23,7 @@ set -euo pipefail
|
|||||||
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
||||||
DIST_DIR="$REPO_ROOT/dist"
|
DIST_DIR="$REPO_ROOT/dist"
|
||||||
|
|
||||||
E2E_NAMESPACE="${E2E_NAMESPACE:-privilegedescalation-dev}"
|
E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-dev}"
|
||||||
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
||||||
HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"
|
HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"
|
||||||
|
|
||||||
@@ -37,7 +36,7 @@ fi
|
|||||||
echo "Checking RBAC permissions in namespace '${E2E_NAMESPACE}'..."
|
echo "Checking RBAC permissions in namespace '${E2E_NAMESPACE}'..."
|
||||||
if ! kubectl auth can-i delete configmaps -n "$E2E_NAMESPACE" --quiet 2>/dev/null; then
|
if ! kubectl auth can-i delete configmaps -n "$E2E_NAMESPACE" --quiet 2>/dev/null; then
|
||||||
echo "ERROR: Missing RBAC — cannot delete configmaps in namespace '${E2E_NAMESPACE}'." >&2
|
echo "ERROR: Missing RBAC — cannot delete configmaps in namespace '${E2E_NAMESPACE}'." >&2
|
||||||
echo " Apply RBAC first: kubectl apply -f privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml" >&2
|
echo " RBAC is managed via Flux from privilegedescalation/infra/apps/base/e2e-ci-runner-rbac.yaml" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user