search

redpanda-data / redpanda

Redpanda is a streaming data platform for developers. Kafka API compatible. 10x faster. No ZooKeeper. No JVM!
https://redpanda.com
9.2k stars 563 forks source link

IAM Roles: testing on real infrastructure #5574

Open abhijat opened 1 year ago

abhijat commented 1 year ago

IAM Roles clients are embedded within redpanda code. The current test strategy is:

  1. use the in built c++ mock http server for unit tests
  2. use a mock python server in ducktape tests

both approaches return responses crafted to mock IAM responses.

However to test this comprehensively we can test against calls to real IAM roles APIs by running ducktape tests on infrastructure which is on AWS/GCP and with machines having real roles assigned:

  1. deploy on AWS EC2 vm which has IAM role assigned and call the EC2 instance metadata service for credentials
  2. deploy on gcp vm which has IAM role assigned and call the google metadata service for credentials
  3. deploy on EKS and GKE with pods tagged with specific IAM roles

The ducktape tests with these deployments will exercise the IAM roles code in redpanda without mocking anything.

JIRA Link: CORE-978

jcsp commented 1 year ago

This should be partly resolved by https://github.com/redpanda-data/devprod/issues/591

ivotron commented 1 year ago

related issue for gcp https://github.com/redpanda-data/vtools/issues/1510