From b4a6bd0df858e70cd62b9c77fbaa84522545ff8b Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Tue, 6 Jan 2026 17:59:20 +0000 Subject: [PATCH 1/4] Enable CyberArk integration tests in CI Signed-off-by: Richard Wall --- .github/workflows/tests.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 8f64a20f..364005b0 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -67,6 +67,12 @@ jobs: key: downloaded-${{ runner.os }}-${{ hashFiles('klone.yaml') }}-test-unit - run: make -j test-unit test-helm + env: + # These environment variables are required to run the CyberArk client integration tests + ARK_DISCOVERY_API: https://platform-discovery.integration-cyberark.cloud/ + ARK_SUBDOMAIN: ${{ secrets.ARK_SUBDOMAIN }} + ARK_USERNAME: ${{ secrets.ARK_USERNAME }} + ARK_SECRET: ${{ secrets.ARK_SECRET }} test-e2e: if: contains(github.event.pull_request.labels.*.name, 'test-e2e') From 876e60190f03e3246afde4549d85198479322ae9 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Tue, 6 Jan 2026 18:04:17 +0000 Subject: [PATCH 2/4] Use a real UID in integration tests to satisfy real API validation Signed-off-by: Richard Wall --- internal/cyberark/client_test.go | 4 ++-- internal/cyberark/dataupload/dataupload_test.go | 2 +- internal/cyberark/dataupload/mock.go | 2 +- pkg/client/client_cyberark_test.go | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/cyberark/client_test.go b/internal/cyberark/client_test.go index 3c945fc8..874b0142 100644 --- a/internal/cyberark/client_test.go +++ b/internal/cyberark/client_test.go @@ -36,7 +36,7 @@ func TestCyberArkClient_PutSnapshot_MockAPI(t *testing.T) { require.NoError(t, err) err = cl.PutSnapshot(ctx, dataupload.Snapshot{ - ClusterID: "success-cluster-id", + ClusterID: "ffffffff-ffff-ffff-ffff-ffffffffffff", AgentVersion: version.PreflightVersion, }) require.NoError(t, err) @@ -73,7 +73,7 @@ func TestCyberArkClient_PutSnapshot_RealAPI(t *testing.T) { require.NoError(t, err) err = cl.PutSnapshot(ctx, dataupload.Snapshot{ - ClusterID: "bb068932-c80d-460d-88df-34bc7f3f3297", + ClusterID: "ffffffff-ffff-ffff-ffff-ffffffffffff", AgentVersion: version.PreflightVersion, }) require.NoError(t, err) diff --git a/internal/cyberark/dataupload/dataupload_test.go b/internal/cyberark/dataupload/dataupload_test.go index 1f2ff636..f38a0e51 100644 --- a/internal/cyberark/dataupload/dataupload_test.go +++ b/internal/cyberark/dataupload/dataupload_test.go @@ -35,7 +35,7 @@ func TestCyberArkClient_PutSnapshot_MockAPI(t *testing.T) { { name: "successful upload", snapshot: dataupload.Snapshot{ - ClusterID: "success-cluster-id", + ClusterID: "ffffffff-ffff-ffff-ffff-ffffffffffff", AgentVersion: version.PreflightVersion, }, authenticate: setToken("success-token"), diff --git a/internal/cyberark/dataupload/mock.go b/internal/cyberark/dataupload/mock.go index d84ea1d4..80daf395 100644 --- a/internal/cyberark/dataupload/mock.go +++ b/internal/cyberark/dataupload/mock.go @@ -22,7 +22,7 @@ import ( const ( successBearerToken = "success-token" - successClusterID = "success-cluster-id" + successClusterID = "ffffffff-ffff-ffff-ffff-ffffffffffff" ) type mockDataUploadServer struct { diff --git a/pkg/client/client_cyberark_test.go b/pkg/client/client_cyberark_test.go index f0df5c64..61c33764 100644 --- a/pkg/client/client_cyberark_test.go +++ b/pkg/client/client_cyberark_test.go @@ -107,7 +107,7 @@ func fakeReadings() []*api.DataReading { { DataGatherer: "ark/discovery", Data: &api.DiscoveryData{ - ClusterID: "success-cluster-id", + ClusterID: "ffffffff-ffff-ffff-ffff-ffffffffffff", ServerVersion: &k8sversion.Info{ GitVersion: "v1.21.0", }, From b1d7e6aa6f3827bfbf42b8b566e2da3a53094258 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 7 Jan 2026 11:43:09 +0000 Subject: [PATCH 3/4] Work around helm v4 oci bug https://github.com/helm/helm/issues/31600 Signed-off-by: Richard Wall --- hack/ark/test-e2e.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hack/ark/test-e2e.sh b/hack/ark/test-e2e.sh index ddad0899..fa41359d 100755 --- a/hack/ark/test-e2e.sh +++ b/hack/ark/test-e2e.sh @@ -65,8 +65,11 @@ kubectl create secret generic agent-credentials \ --from-literal=ARK_SUBDOMAIN=$ARK_SUBDOMAIN \ --from-literal=ARK_DISCOVERY_API=$ARK_DISCOVERY_API -helm upgrade agent "oci://${ARK_CHART}@${ARK_CHART_DIGEST}" \ - --version "${ARK_CHART_TAG}" \ +# Deploy the disco-agent Helm chart using the image and chart digests. +# +# We use a non-existent tag and omit the `--version` flag, to work around a Helm +# v4 bug. See: https://github.com/helm/helm/issues/31600 +helm upgrade agent "oci://${ARK_CHART}:NON_EXISTENT_TAG@${ARK_CHART_DIGEST}" \ --install \ --wait \ --create-namespace \ From 0dc640b47a8779e04ed1a29cdd1e4fe7cdb55322 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 7 Jan 2026 14:48:32 +0000 Subject: [PATCH 4/4] Add a cluster name, a shorter upload period, and a sample secret Signed-off-by: Richard Wall --- hack/ark/test-e2e.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hack/ark/test-e2e.sh b/hack/ark/test-e2e.sh index fa41359d..43b3907f 100755 --- a/hack/ark/test-e2e.sh +++ b/hack/ark/test-e2e.sh @@ -65,6 +65,11 @@ kubectl create secret generic agent-credentials \ --from-literal=ARK_SUBDOMAIN=$ARK_SUBDOMAIN \ --from-literal=ARK_DISCOVERY_API=$ARK_DISCOVERY_API +# Create sample secrets in the cluster +kubectl create secret generic e2e-sample-secret-$(date '+%s') \ + --namespace default \ + --from-literal=username=${RANDOM} + # Deploy the disco-agent Helm chart using the image and chart digests. # # We use a non-existent tag and omit the `--version` flag, to work around a Helm @@ -78,7 +83,9 @@ helm upgrade agent "oci://${ARK_CHART}:NON_EXISTENT_TAG@${ARK_CHART_DIGEST}" \ --set pprof.enabled=true \ --set fullnameOverride=disco-agent \ --set "image.digest=${ARK_IMAGE_DIGEST}" \ + --set config.clusterName="e2e-test-cluster" \ --set config.clusterDescription="A temporary cluster for E2E testing. Contact @wallrj-cyberark." \ + --set config.period=60s \ --set-json "podLabels={\"disco-agent.cyberark.cloud/test-id\": \"${RANDOM}\"}" kubectl rollout status deployments/disco-agent --namespace "${NAMESPACE}"