openshift-knative · ReToCode · Jun 19, 2023 · Jun 28, 2023 · Jun 28, 2023 · Jun 28, 2023
diff --git a/Makefile b/Makefile
@@ -25,6 +25,7 @@ install-serving:
 	INSTALL_EVENTING="false" ./hack/install.sh
 
 install-serving-with-mesh:
+	FULL_MESH="true" UNINSTALL_MESH="false" ./hack/mesh.sh
 	FULL_MESH=true SCALE_UP=4 INSTALL_SERVING=true INSTALL_EVENTING="false" ./hack/install.sh
 
 install-eventing:
@@ -127,8 +128,9 @@ test-e2e-with-mesh-testonly:
 test-e2e-with-mesh:
 	FULL_MESH="true" UNINSTALL_MESH="false" ./hack/mesh.sh
 	./hack/tracing.sh
-	FULL_MESH=true ENABLE_TRACING=true ./hack/install.sh
-	FULL_MESH=true ./test/e2e-tests.sh
+	UNINSTALL_STRIMZI="false" ./hack/strimzi.sh
+	FULL_MESH=true SCALE_UP=4 INSTALL_KAFKA="true" ENABLE_TRACING=true ./hack/install.sh
+	FULL_MESH=true TEST_KNATIVE_KAFKA=true ./test/e2e-tests.sh
 
 # Run both unit and E2E tests from the current repo.
 test-operator: test-unit test-e2e
@@ -252,6 +254,9 @@ release-files:
 	./hack/generate/quickstart.sh \
   	templates/serverless-application-quickstart.yaml \
   	knative-operator/deploy/resources/quickstart/serverless-application-quickstart.yaml
+# TODO: uncomment as soon as chart changes are merged
+#	./hack/generate/mesh-auth-policies.sh \
+#  	tenant-1,tenant-2,serving-tests,serverless-tests
 
 # Generates all files that can be generated, includes release files, code generation
 # and updates vendoring.

diff --git a/hack/generate/mesh-auth-policies.sh b/hack/generate/mesh-auth-policies.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+
+tenants="${1:?Provide tenants as comma-delimited as arg[1]}"
+
+# exit if helm is not installed
+helm > /dev/null || exit 127
+
+# shellcheck disable=SC1091,SC1090
+source "$(dirname "${BASH_SOURCE[0]}")/../lib/metadata.bash"
+
+policies_path="$(dirname "${BASH_SOURCE[0]}")/../lib/mesh_resources/authorization-policies/helm"
+chart_version="$(metadata.get project.version)"
+
+echo "Cleaning up old resources in $policies_path"
+
+rm -rf "$policies_path"
+mkdir -p "$policies_path"
+
+for tenant in ${tenants//,/ }; do
+  echo "Generating AuthorizationPolicies for tenant $tenant"
+
+  helm template oci://quay.io/openshift-knative/knative-istio-authz-onboarding --version "$chart_version" --set "name=$tenant" --set "namespaces={$tenant}" > "$policies_path/$tenant.yaml"
+done
+
+echo "Istio AuthorizationPolicies successfully updated for version $chart_version"
diff --git a/hack/lib/mesh.bash b/hack/lib/mesh.bash
@@ -117,9 +117,9 @@ function deploy_gateways {
   oc apply -f "${resources_dir}"/namespace.yaml || return $?
   oc apply -f "${resources_dir}"/smmr.yaml || return $?
   oc apply -f "${resources_dir}"/gateway.yaml || return $?
-  oc apply -f "${resources_dir}"/peerauthentication.yaml || return $?
+  oc apply -f "${resources_dir}"/authorization-policies/setup || return $?
+  oc apply -f "${resources_dir}"/authorization-policies/helm || return $?
 
-  oc create ns "${EVENTING_NAMESPACE}" --dry-run=client -oyaml | kubectl apply -f -
   oc apply -n "${EVENTING_NAMESPACE}" -f "${resources_dir}"/kafka-service-entry.yaml || return $?
   for ns in serverless-tests eventing-e2e0 eventing-e2e1 eventing-e2e2 eventing-e2e3 eventing-e2e4; do
     oc apply -n "$ns" -f "${resources_dir}"/kafka-service-entry.yaml || return $?
@@ -128,6 +128,13 @@ function deploy_gateways {
 }
 
 function undeploy_gateways {
+  oc delete -n serverless-tests -f "${resources_dir}"/network-policy-monitoring.yaml --ignore-not-found || return $?
+  for ns in serverless-tests eventing-e2e0 eventing-e2e1 eventing-e2e2 eventing-e2e3 eventing-e2e4; do
+    oc delete -n "$ns" -f "${resources_dir}"/kafka-service-entry.yaml --ignore-not-found || return $?
+  done
+  oc delete authorizationpolicy allow-traffic-to-cluster-domain -n istio-system --ignore-not-found || return $?
+  oc delete -f "${resources_dir}"/authorization-policies/helm --ignore-not-found || return $?
+  oc delete -f "${resources_dir}"/authorization-policies/setup --ignore-not-found || return $?
   oc delete -f "${resources_dir}"/peerauthentication.yaml --ignore-not-found || return $?
   oc delete -f "${resources_dir}"/gateway.yaml --ignore-not-found || return $?
   oc delete -f "${resources_dir}"/smmr.yaml --ignore-not-found || return $?