diff --git a/.github/scripts/end2end/configs/keycloak_config.json b/.github/scripts/end2end/configs/keycloak_config.json index 434319ef60..e0463a7294 100644 --- a/.github/scripts/end2end/configs/keycloak_config.json +++ b/.github/scripts/end2end/configs/keycloak_config.json @@ -2,6 +2,14 @@ "realm" : "${OIDC_REALM}", "enabled" : true, "groups" : [ + { + "name": "AccountTest::DataAccessor", + "path": "/AccountTest::DataAccessor", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [] + }, { "name": "AccountTest::DataConsumer", "path": "/AccountTest::DataConsumer", diff --git a/.github/scripts/end2end/configs/zenko.yaml b/.github/scripts/end2end/configs/zenko.yaml index f18630f075..0f0c08da54 100644 --- a/.github/scripts/end2end/configs/zenko.yaml +++ b/.github/scripts/end2end/configs/zenko.yaml @@ -52,7 +52,7 @@ spec: size: 20Gi storageClassName: "standard" kafkaCleaner: - interval: 30s + interval: 1m minPartitionSizeBytes: 0Mi minBatchSize: 0 keepAtLeast: 0 diff --git a/.github/scripts/end2end/run-e2e-ctst.sh b/.github/scripts/end2end/run-e2e-ctst.sh index 19a89a8fa5..df1b161b21 100755 --- a/.github/scripts/end2end/run-e2e-ctst.sh +++ b/.github/scripts/end2end/run-e2e-ctst.sh @@ -22,6 +22,7 @@ ADMIN_PRA_SECRET_ACCESS_KEY=$(kubectl get secret end2end-pra-management-vault-ad STORAGE_MANAGER_USER_NAME="ctst_storage_manager" STORAGE_ACCOUNT_OWNER_USER_NAME="ctst_storage_account_owner" DATA_CONSUMER_USER_NAME="ctst_data_consumer" +DATA_ACCESSOR_USER_NAME="ctst_data_accessor" VAULT_AUTH_HOST="${ZENKO_NAME}-connector-vault-auth-api.default.svc.cluster.local" ZENKO_PORT="80" KEYCLOAK_TEST_PASSWORD=${OIDC_PASSWORD} @@ -79,6 +80,7 @@ WORLD_PARAMETERS="$(jq -c <('bucketName') }); + this.addCommandParameter({ key: `${Utils.randomString()}` }); + + this.setResult(await S3.putObject(this.getCommandParameters())); + }); + Then('the kafka DR volume exists', { timeout: 60000 }, async function (this: Zenko) { const volumeClaim = await getPVCFromLabel(this, 'kafka_cr', 'end2end-pra-sink-base-queue'); this.logger.debug('kafka volume claim', { volumeClaim }); diff --git a/tests/ctst/world/Zenko.ts b/tests/ctst/world/Zenko.ts index 903be4d802..ddadf64a84 100644 --- a/tests/ctst/world/Zenko.ts +++ b/tests/ctst/world/Zenko.ts @@ -37,6 +37,7 @@ export enum EntityType { STORAGE_MANAGER = 'STORAGE_MANAGER', STORAGE_ACCOUNT_OWNER = 'STORAGE_ACCOUNT_OWNER', DATA_CONSUMER = 'DATA_CONSUMER', + DATA_ACCESSOR = 'DATA_ACCESSOR', ASSUME_ROLE_USER = 'ASSUME_ROLE_USER', ASSUME_ROLE_USER_CROSS_ACCOUNT = 'ASSUME_ROLE_USER_CROSS_ACCOUNT', } @@ -66,6 +67,7 @@ export interface ZenkoWorldParameters extends ClientOptions { StorageManagerUsername: string; StorageAccountOwnerUsername: string; DataConsumerUsername: string; + DataAccessorUsername: string; ServiceUsersCredentials: string; KeycloakTestPassword: string; AzureAccountName: string; @@ -223,7 +225,7 @@ export default class Zenko extends World { * entity provided to let the test run the AWS CLI command using this particular * type of entity. * @param {ScenarioCallerType} entityType - type of entity, can be 'account', 'storage manager', - * 'storage account owner', 'data consumer' or 'iam user' + * 'storage account owner', 'data consumer', 'data accessor' or 'iam user' * @returns {undefined} */ async setupEntity(entityType: string): Promise { @@ -248,6 +250,10 @@ export default class Zenko extends World { await this.prepareARWWI(this.parameters.DataConsumerUsername || 'data_consumer', 'data-consumer-role', this.parameters.KeycloakTestPassword); break; + case EntityType.DATA_ACCESSOR: + await this.prepareARWWI(this.parameters.DataAccessorUsername || 'data_accessor', + 'data-accessor-role', this.parameters.KeycloakTestPassword); + break; case EntityType.ASSUME_ROLE_USER: await this.prepareAssumeRole(false); break; @@ -323,6 +329,7 @@ export default class Zenko extends World { nextMarker = GRFWIResponse.data.IsTruncated ? GRFWIResponse.data.Marker : undefined; callNumber++; + await Utils.sleep(500); } while (callNumber < 100); // Ensure we can assume at least one role