replaces grpcurl job struct with loader file

Author: PillaiManish

test/e2e/config_template.go

@@ -5,6 +5,7 @@ package e2e
 
 import (
 	"bytes"
+	"github.com/openshift/cert-manager-operator/api/operator/v1alpha1"
 	"text/template"
 )
 
@@ -19,6 +20,12 @@ type CertificateConfig struct {
 	DNSName string
 }
 
+// IstioCSRConfig customizes the fields in a job spec
+type IstioCSRGRPCurlJobConfig struct {
+	CertificateSigningRequest string
+	IstioCSRStatus            v1alpha1.IstioCSRStatus
+}
+
 // replaceWithTemplate puts field values from a template struct
 func replaceWithTemplate(sourceFileContents string, templatedValues any) ([]byte, error) {
 	tmpl, err := template.New("template").Parse(sourceFileContents)

test/e2e/istio_csr_test.go

@@ -13,14 +13,12 @@ import (
 	"net/url"
 	"path/filepath"
 
-	batchv1 "k8s.io/api/batch/v1"
+	"github.com/openshift/cert-manager-operator/api/operator/v1alpha1"
+	"github.com/openshift/cert-manager-operator/test/library"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
-	"k8s.io/utils/ptr"
-
-	"github.com/openshift/cert-manager-operator/test/library"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -142,106 +140,16 @@ var _ = Describe("Istio-CSR", Ordered, Label("TechPreview", "Feature:IstioCSR"),
 			Expect(err).Should(BeNil())
 
 			By("creating an grpcurl job")
-			job := &batchv1.Job{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "grpcurl-job",
-				},
-				Spec: batchv1.JobSpec{
-					Completions:  ptr.To(int32(1)),
-					BackoffLimit: ptr.To(backOffLimit),
-					Template: corev1.PodTemplateSpec{
-						ObjectMeta: metav1.ObjectMeta{
-							Name: grpcAppName,
-							Labels: map[string]string{
-								"app": grpcAppName,
-							},
-						},
-						Spec: corev1.PodSpec{
-							ServiceAccountName:           serviceAccountName,
-							AutomountServiceAccountToken: ptr.To(false),
-							RestartPolicy:                corev1.RestartPolicyOnFailure,
-							Containers: []corev1.Container{
-								{
-									Name:  grpcAppName,
-									Image: "registry.redhat.io/rhel9/go-toolset",
-									Command: []string{
-										"/bin/sh",
-										"-c",
-									},
-									Env: []corev1.EnvVar{
-										{
-											Name:  "GOCACHE",
-											Value: "/tmp/go-cache",
-										},
-										{
-											Name:  "GOPATH",
-											Value: "/tmp/go",
-										},
-									},
-									Args: []string{
-										"go install github.com/fullstorydev/grpcurl/cmd/[email protected] >/dev/null 2>&1 && " +
-											"TOKEN=$(cat /var/run/secrets/istio-ca/token) && " +
-											"/tmp/go/bin/grpcurl " +
-											"-import-path /proto " +
-											"-proto /proto/ca.proto " +
-											"-H \"Authorization: Bearer $TOKEN\" " +
-											fmt.Sprintf("-d '{\"csr\": \"%s\", \"validity_duration\": 3600}' ", csr) +
-											"-cacert /etc/root-secret/ca.crt " +
-											"-key /etc/root-secret/tls.key " +
-											"-cert /etc/root-secret/tls.crt " +
-											fmt.Sprintf("%s istio.v1.auth.IstioCertificateService/CreateCertificate", istioCSRGRPCEndpoint),
-									},
-									VolumeMounts: []corev1.VolumeMount{
-										{Name: "root-secret", MountPath: "/etc/root-secret"},
-										{Name: "proto", MountPath: "/proto"},
-										{Name: "sa-token", MountPath: "/var/run/secrets/istio-ca"},
-									},
-								},
-							},
-							Volumes: []corev1.Volume{
-								{
-									Name: "sa-token",
-									VolumeSource: corev1.VolumeSource{
-										Projected: &corev1.ProjectedVolumeSource{
-											DefaultMode: ptr.To(int32(420)),
-											Sources: []corev1.VolumeProjection{
-												{
-													ServiceAccountToken: &corev1.ServiceAccountTokenProjection{
-														Audience:          "istio-ca",
-														ExpirationSeconds: ptr.To(int64(3600)),
-														Path:              "token",
-													},
-												},
-											},
-										},
-									},
-								},
-								{
-									Name: "root-secret",
-									VolumeSource: corev1.VolumeSource{
-										Secret: &corev1.SecretVolumeSource{
-											SecretName: "istiod-tls",
-										},
-									},
-								},
-								{
-									Name: "proto",
-									VolumeSource: corev1.VolumeSource{
-										ConfigMap: &corev1.ConfigMapVolumeSource{
-											LocalObjectReference: corev1.LocalObjectReference{
-												Name: "proto-cm",
-											},
-										},
-									},
-								},
-							},
-						},
+			loader.CreateFromFile(AssetFunc(testassets.ReadFile).WithTemplateValues(
+				IstioCSRGRPCurlJobConfig{
+					CertificateSigningRequest: csr,
+					IstioCSRStatus: v1alpha1.IstioCSRStatus{
+						IstioCSRGRPCEndpoint: istioCSRGRPCEndpoint,
+						ServiceAccount:       serviceAccountName,
 					},
 				},
-			}
-			_, err = clientset.BatchV1().Jobs(ns.Name).Create(context.TODO(), job, metav1.CreateOptions{})
-			Expect(err).Should(BeNil())
-			defer clientset.BatchV1().Jobs(ns.Name).Delete(ctx, job.Name, metav1.DeleteOptions{})
+			), filepath.Join("testdata", "istio", "grpcurl_job.yaml"), ns.Name)
+			defer loader.DeleteFromFile(testassets.ReadFile, filepath.Join("testdata", "istio", "grpcurl_job.yaml"), ns.Name)
 
 			By("waiting for the job to be completed")
 			err = pollTillJobCompleted(ctx, clientset, ns.Name, "grpcurl-job")

test/e2e/testdata/istio/grpcurl_job.yaml

@@ -0,0 +1,62 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: grpcurl-istio-csr
+spec:
+  backoffLimit: 10
+  completions: 1
+  template:
+    metadata:
+      labels:
+        app: grpcurl-istio-csr
+      name: grpcurl-istio-csr
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - args:
+            - |
+              go install github.com/fullstorydev/grpcurl/cmd/[email protected] >/dev/null 2>&1 && \
+              TOKEN=$(cat /var/run/secrets/istio-ca/token) && \
+              /tmp/go/bin/grpcurl \
+                -import-path /proto \
+                -proto /proto/ca.proto \
+                -H "Authorization: Bearer $TOKEN" \
+                -d '{"csr": "{{.CertificateSigningRequest}}", "validity_duration": 3600}' \
+                -cacert /etc/root-secret/ca.crt \
+                -key /etc/root-secret/tls.key \
+                -cert /etc/root-secret/tls.crt \
+                {{.IstioCSRStatus.IstioCSRGRPCEndpoint}} istio.v1.auth.IstioCertificateService/CreateCertificate
+          command:
+            - /bin/sh
+            - -c
+          env:
+            - name: GOCACHE
+              value: /tmp/go-cache
+            - name: GOPATH
+              value: /tmp/go
+          image: registry.redhat.io/rhel9/go-toolset
+          name: grpcurl
+          volumeMounts:
+            - mountPath: /etc/root-secret
+              name: root-secret
+            - mountPath: /proto
+              name: proto
+            - mountPath: /var/run/secrets/istio-ca
+              name: sa-token
+      restartPolicy: OnFailure
+      serviceAccountName: '{{.IstioCSRStatus.ServiceAccount}}'
+      volumes:
+        - name: sa-token
+          projected:
+            defaultMode: 420
+            sources:
+              - serviceAccountToken:
+                  audience: istio-ca
+                  expirationSeconds: 3600
+                  path: token
+        - name: root-secret
+          secret:
+            secretName: istiod-tls
+        - configMap:
+            name: proto-cm
+          name: proto