Merge pull request #333 from bingosummer/disable-application-security…

…-groups-test Add a flag to enable/disable the azure application security groups tests
cloudfoundry · Nov 15, 2017 · e9b42b0 · e9b42b0
2 parents 35698cc + aef3b9f
commit e9b42b0
Show file tree

Hide file tree

Showing 16 changed files with 83 additions and 33 deletions.
diff --git a/ci/pipeline.yml b/ci/pipeline.yml
@@ -81,9 +81,10 @@ shared:
     file: bosh-cpi-src/ci/tasks/run-integration.yml
     params: &run-integration-params
       <<: *azure-environment-params
-      SSH_PUBLIC_KEY:                        {{ssh_public_key}}
-      AZURE_APPLICATION_GATEWAY_NAME:        {{azure_application_gateway_name}}
-      AZURE_APPLICATION_SECURITY_GROUP_NAME: {{azure_application_security_group_name}}
+      SSH_PUBLIC_KEY:                                 {{ssh_public_key}}
+      AZURE_APPLICATION_GATEWAY_NAME:                 {{azure_application_gateway_name}}
+      AZURE_APPLICATION_SECURITY_GROUP_NAME:          {{azure_application_security_group_name}}
+      AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED: {{azure_application_security_group_tests_enabled}}
 
   - &run-integration-windows
     task: run-integration-windows
@@ -110,15 +111,17 @@ shared:
     file: bosh-cpi-src/ci/tasks/create-application-security-group.yml
     params:
       <<: *azure-environment-params
-      AZURE_LOCATION:                        {{azure_location}}
-      AZURE_APPLICATION_SECURITY_GROUP_NAME: {{azure_application_security_group_name}}
+      AZURE_LOCATION:                                 {{azure_location}}
+      AZURE_APPLICATION_SECURITY_GROUP_NAME:          {{azure_application_security_group_name}}
+      AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED: {{azure_application_security_group_tests_enabled}}
 
   - &delete-application-security-group
     task: delete-application-security-group
     file: bosh-cpi-src/ci/tasks/delete-application-security-group.yml
     params:
       <<: *azure-environment-params
-      AZURE_APPLICATION_SECURITY_GROUP_NAME: {{azure_application_security_group_name}}
+      AZURE_APPLICATION_SECURITY_GROUP_NAME:          {{azure_application_security_group_name}}
+      AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED: {{azure_application_security_group_tests_enabled}}
 
   - &ensure-cleanup
     task: ensure-cleanup

diff --git a/ci/tasks/create-application-gateway.sh b/ci/tasks/create-application-gateway.sh
@@ -3,6 +3,7 @@
 set -e
 
 : ${AZURE_ENVIRONMENT:?}
+: ${AZURE_SUBSCRIPTION_ID:?}
 : ${AZURE_CLIENT_ID:?}
 : ${AZURE_CLIENT_SECRET:?}
 : ${AZURE_TENANT_ID:?}
@@ -14,6 +15,7 @@ metadata=$(cat ${METADATA_FILE})
 
 az cloud set --name ${AZURE_ENVIRONMENT}
 az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
+az account set -s ${AZURE_SUBSCRIPTION_ID}
 
 # Create application gateway
 openssl genrsa -out fake.domain.key 2048

diff --git a/ci/tasks/create-application-gateway.yml b/ci/tasks/create-application-gateway.yml
@@ -13,6 +13,7 @@ run:
 
 params:
   AZURE_ENVIRONMENT:                                 ""
+  AZURE_SUBSCRIPTION_ID:                             ""
   AZURE_CLIENT_ID:                                   ""
   AZURE_CLIENT_SECRET:                               ""
   AZURE_TENANT_ID:                                   ""

diff --git a/ci/tasks/create-application-security-group.sh b/ci/tasks/create-application-security-group.sh
@@ -2,7 +2,15 @@
 
 set -e
 
+: ${AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED:?}
+
+if [ "${AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED}" == "false" ]; then
+  echo "Azure Application Security Group related tests are disabled. Exit 0."
+  exit 0
+fi
+
 : ${AZURE_ENVIRONMENT:?}
+: ${AZURE_SUBSCRIPTION_ID:?}
 : ${AZURE_CLIENT_ID:?}
 : ${AZURE_CLIENT_SECRET:?}
 : ${AZURE_TENANT_ID:?}
@@ -15,6 +23,7 @@ metadata=$(cat ${METADATA_FILE})
 
 az cloud set --name ${AZURE_ENVIRONMENT}
 az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
+az account set -s ${AZURE_SUBSCRIPTION_ID}
 
 default_resource_group_name=$(echo ${metadata} | jq -e --raw-output ".default_resource_group_name")
 az network asg create --resource-group ${default_resource_group_name} --name ${AZURE_APPLICATION_SECURITY_GROUP_NAME} --location "${AZURE_LOCATION}"
diff --git a/ci/tasks/create-application-security-group.yml b/ci/tasks/create-application-security-group.yml
@@ -13,8 +13,10 @@ run:
 
 params:
   AZURE_ENVIRONMENT:                                 ""
+  AZURE_SUBSCRIPTION_ID:                             ""
   AZURE_CLIENT_ID:                                   ""
   AZURE_CLIENT_SECRET:                               ""
   AZURE_TENANT_ID:                                   ""
   AZURE_LOCATION:                                    ""
   AZURE_APPLICATION_SECURITY_GROUP_NAME:             ""
+  AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED:    true
diff --git a/ci/tasks/delete-application-gateway.sh b/ci/tasks/delete-application-gateway.sh
@@ -3,6 +3,7 @@
 set -e
 
 : ${AZURE_ENVIRONMENT:?}
+: ${AZURE_SUBSCRIPTION_ID:?}
 : ${AZURE_CLIENT_ID:?}
 : ${AZURE_CLIENT_SECRET:?}
 : ${AZURE_TENANT_ID:?}
@@ -14,6 +15,7 @@ metadata=$(cat ${METADATA_FILE})
 
 az cloud set --name ${AZURE_ENVIRONMENT}
 az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
+az account set -s ${AZURE_SUBSCRIPTION_ID}
 
 rg_name=$(echo ${metadata} | jq -e --raw-output ".default_resource_group_name")
 az network application-gateway delete  --resource-group ${rg_name} --name ${AZURE_APPLICATION_GATEWAY_NAME}
diff --git a/ci/tasks/delete-application-gateway.yml b/ci/tasks/delete-application-gateway.yml
@@ -13,6 +13,7 @@ run:
 
 params:
   AZURE_ENVIRONMENT:                                 ""
+  AZURE_SUBSCRIPTION_ID:                             ""
   AZURE_CLIENT_ID:                                   ""
   AZURE_CLIENT_SECRET:                               ""
   AZURE_TENANT_ID:                                   ""

diff --git a/ci/tasks/delete-application-security-group.sh b/ci/tasks/delete-application-security-group.sh
@@ -2,7 +2,15 @@
 
 set -e
 
+: ${AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED:?}
+
+if [ "${AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED}" == "false" ]; then
+  echo "Azure Application Security Group related tests are disabled. Exit 0."
+  exit 0
+fi
+
 : ${AZURE_ENVIRONMENT:?}
+: ${AZURE_SUBSCRIPTION_ID:?}
 : ${AZURE_CLIENT_ID:?}
 : ${AZURE_CLIENT_SECRET:?}
 : ${AZURE_TENANT_ID:?}
@@ -14,6 +22,7 @@ metadata=$(cat ${METADATA_FILE})
 
 az cloud set --name ${AZURE_ENVIRONMENT}
 az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
+az account set -s ${AZURE_SUBSCRIPTION_ID}
 
 default_resource_group_name=$(echo ${metadata} | jq -e --raw-output ".default_resource_group_name")
 az network asg delete --resource-group ${default_resource_group_name} --name ${AZURE_APPLICATION_SECURITY_GROUP_NAME}
diff --git a/ci/tasks/delete-application-security-group.yml b/ci/tasks/delete-application-security-group.yml
@@ -13,7 +13,9 @@ run:
 
 params:
   AZURE_ENVIRONMENT:                                 ""
+  AZURE_SUBSCRIPTION_ID:                             ""
   AZURE_CLIENT_ID:                                   ""
   AZURE_CLIENT_SECRET:                               ""
   AZURE_TENANT_ID:                                   ""
   AZURE_APPLICATION_SECURITY_GROUP_NAME:             ""
+  AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED:    true
diff --git a/ci/tasks/ensure-cleanup.sh b/ci/tasks/ensure-cleanup.sh
@@ -3,6 +3,7 @@
 set -e
 
 : ${AZURE_ENVIRONMENT:?}
+: ${AZURE_SUBSCRIPTION_ID:?}
 : ${AZURE_CLIENT_ID:?}
 : ${AZURE_CLIENT_SECRET:?}
 : ${AZURE_TENANT_ID:?}
@@ -11,6 +12,7 @@ set -e
 
 az cloud set --name ${AZURE_ENVIRONMENT}
 az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
+az account set -s ${AZURE_SUBSCRIPTION_ID}
 
 set +e
 metadata=$(cat ${METADATA_FILE})

diff --git a/ci/tasks/ensure-cleanup.yml b/ci/tasks/ensure-cleanup.yml
@@ -13,6 +13,7 @@ run:
 
 params:
   AZURE_ENVIRONMENT:                                 ""
+  AZURE_SUBSCRIPTION_ID:                             ""
   AZURE_CLIENT_ID:                                   ""
   AZURE_CLIENT_SECRET:                               ""
   AZURE_TENANT_ID:                                   ""
diff --git a/ci/tasks/run-integration-windows.sh b/ci/tasks/run-integration-windows.sh
@@ -10,6 +10,7 @@ set -e
 : ${SSH_PUBLIC_KEY:?}
 : ${AZURE_APPLICATION_GATEWAY_NAME:?}
 : ${AZURE_APPLICATION_SECURITY_GROUP_NAME:?}
+: ${AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED:?}
 
 : ${METADATA_FILE:=environment/metadata}
 
@@ -36,6 +37,7 @@ export BOSH_AZURE_APPLICATION_SECURITY_GROUP=${AZURE_APPLICATION_SECURITY_GROUP_
 
 az cloud set --name ${AZURE_ENVIRONMENT}
 az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
+az account set -s ${AZURE_SUBSCRIPTION_ID}
 
 source /etc/profile.d/chruby.sh
 chruby ${RUBY_VERSION}
@@ -65,9 +67,15 @@ az storage blob upload --file /tmp/root.vhd --container-name stemcell --name ${B
 export BOSH_AZURE_USE_MANAGED_DISKS=${AZURE_USE_MANAGED_DISKS}
 pushd bosh-cpi-src/src/bosh_azure_cpi > /dev/null
   bundle install
-  if [ "${AZURE_USE_MANAGED_DISKS}" == "false" ]; then
-    bundle exec rspec spec/integration/lifecycle_spec.rb --tag ~heavy_stemcell
-  else
-    bundle exec rspec spec/integration/lifecycle_spec.rb --tag ~heavy_stemcell --tag ~unmanaged_disks
+
+  tags="--tag ~heavy_stemcell"
+  if [ "${AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED}" == "false" ]; then
+    echo "Azure Application Security Group related tests are disabled."
+    tags+=" --tag ~application_security_group"
+  fi
+  export BOSH_AZURE_USE_MANAGED_DISKS=${AZURE_USE_MANAGED_DISKS}
+  if [ "${AZURE_USE_MANAGED_DISKS}" == "true" ]; then
+    tags+=" --tag ~unmanaged_disks"
   fi
+  bundle exec rspec spec/integration/lifecycle_spec.rb ${tags}
 popd > /dev/null
diff --git a/ci/tasks/run-integration-windows.yml b/ci/tasks/run-integration-windows.yml
@@ -13,12 +13,13 @@ run:
   path: bosh-cpi-src/ci/tasks/run-integration-windows.sh
 
 params:
-  AZURE_ENVIRONMENT:                          ""
-  AZURE_SUBSCRIPTION_ID:                      ""
-  AZURE_CLIENT_ID:                            ""
-  AZURE_CLIENT_SECRET:                        ""
-  AZURE_TENANT_ID:                            ""
-  SSH_PUBLIC_KEY:                             ""
-  AZURE_USE_MANAGED_DISKS:                    false
-  AZURE_APPLICATION_GATEWAY_NAME:             ""
-  AZURE_APPLICATION_SECURITY_GROUP_NAME:      ""
+  AZURE_ENVIRONMENT:                              ""
+  AZURE_SUBSCRIPTION_ID:                          ""
+  AZURE_CLIENT_ID:                                ""
+  AZURE_CLIENT_SECRET:                            ""
+  AZURE_TENANT_ID:                                ""
+  SSH_PUBLIC_KEY:                                 ""
+  AZURE_USE_MANAGED_DISKS:                        false
+  AZURE_APPLICATION_GATEWAY_NAME:                 ""
+  AZURE_APPLICATION_SECURITY_GROUP_NAME:          ""
+  AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED: true
diff --git a/ci/tasks/run-integration.sh b/ci/tasks/run-integration.sh
@@ -10,6 +10,7 @@ set -e
 : ${SSH_PUBLIC_KEY:?}
 : ${AZURE_APPLICATION_GATEWAY_NAME:?}
 : ${AZURE_APPLICATION_SECURITY_GROUP_NAME:?}
+: ${AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED:?}
 
 : ${METADATA_FILE:=environment/metadata}
 
@@ -36,6 +37,7 @@ export BOSH_AZURE_APPLICATION_SECURITY_GROUP=${AZURE_APPLICATION_SECURITY_GROUP_
 
 az cloud set --name ${AZURE_ENVIRONMENT}
 az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
+az account set -s ${AZURE_SUBSCRIPTION_ID}
 
 export BOSH_AZURE_STEMCELL_ID="bosh-stemcell-00000000-0000-0000-0000-0AZURECPICI0"
 export BOSH_AZURE_STEMCELL_PATH="/tmp/image"
@@ -52,12 +54,16 @@ chruby ${RUBY_VERSION}
 pushd bosh-cpi-src/src/bosh_azure_cpi > /dev/null
   bundle install
 
+  tags="--tag ~light_stemcell"
+  if [ "${AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED}" == "false" ]; then
+    echo "Azure Application Security Group related tests are disabled."
+    tags+=" --tag ~application_security_group"
+  fi
   export BOSH_AZURE_USE_MANAGED_DISKS=${AZURE_USE_MANAGED_DISKS}
-  if [ "${AZURE_USE_MANAGED_DISKS}" == "false" ]; then
-    bundle exec rspec spec/integration/lifecycle_spec.rb --tag ~light_stemcell
-  else
-    bundle exec rspec spec/integration/lifecycle_spec.rb --tag ~light_stemcell --tag ~unmanaged_disks
+  if [ "${AZURE_USE_MANAGED_DISKS}" == "true" ]; then
+    tags+=" --tag ~unmanaged_disks"
   fi
+  bundle exec rspec spec/integration/lifecycle_spec.rb ${tags}
 
   # Only run migration test when AZURE_USE_MANAGED_DISKS is set to false initially
   if [ "${AZURE_USE_MANAGED_DISKS}" == "false" ]; then

diff --git a/ci/tasks/run-integration.yml b/ci/tasks/run-integration.yml
@@ -13,12 +13,13 @@ run:
   path: bosh-cpi-src/ci/tasks/run-integration.sh
 
 params:
-  AZURE_ENVIRONMENT:                          ""
-  AZURE_SUBSCRIPTION_ID:                      ""
-  AZURE_CLIENT_ID:                            ""
-  AZURE_CLIENT_SECRET:                        ""
-  AZURE_TENANT_ID:                            ""
-  SSH_PUBLIC_KEY:                             ""
-  AZURE_USE_MANAGED_DISKS:                    false
-  AZURE_APPLICATION_GATEWAY_NAME:             ""
-  AZURE_APPLICATION_SECURITY_GROUP_NAME:      ""
+  AZURE_ENVIRONMENT:                              ""
+  AZURE_SUBSCRIPTION_ID:                          ""
+  AZURE_CLIENT_ID:                                ""
+  AZURE_CLIENT_SECRET:                            ""
+  AZURE_TENANT_ID:                                ""
+  SSH_PUBLIC_KEY:                                 ""
+  AZURE_USE_MANAGED_DISKS:                        false
+  AZURE_APPLICATION_GATEWAY_NAME:                 ""
+  AZURE_APPLICATION_SECURITY_GROUP_NAME:          ""
+  AZURE_APPLICATION_SECURITY_GROUP_TESTS_ENABLED: true
diff --git a/src/bosh_azure_cpi/spec/integration/lifecycle_spec.rb b/src/bosh_azure_cpi/spec/integration/lifecycle_spec.rb
@@ -564,7 +564,7 @@
     end
   end
 
-  context 'when assigning application security groups to VM NIC' do
+  context 'when assigning application security groups to VM NIC', application_security_group: true do
     let(:network_spec) {
       {
         'network_a' => {