Skip to content

Commit

Permalink
feat(ISV-5130): add Atlas secrets to rh-advisories test
Browse files Browse the repository at this point in the history
Signed-off-by: Martin Jediny <[email protected]>

fix(ISV-5130): add Atlas config to RPA

fix(ISV-5130): remove sneaky tab

fix(ISV-5130): use tabs everywhere

feat(ISV-5130): add atlas secrets to registry push test

feat(ISV-5130): move secret creation to releaseLib

fix(ISV-5130): remove unused imports

fix(ISV-5130): fix undefined error

feat(ISV-5130): also test component SBOM processing

docs(ISV-5130): adjust function docstring

fix(ISV-5130): use tabs to indent

fix(ISV-5130): adjust indentation to fit codestyle

fix(ISV-5130): remove atlas data from wrong pipeline

fix(ISV-5130): remove unused atlas param

Signed-off-by: Martin Jediny <[email protected]>

fix(ISV-5130): disable false positive

Signed-off-by: Martin Jediny <[email protected]>
  • Loading branch information
jedinym committed Nov 26, 2024
1 parent 8ce79e7 commit 5a625cf
Show file tree
Hide file tree
Showing 5 changed files with 69 additions and 76 deletions.
2 changes: 2 additions & 0 deletions integration-tests/scripts/konflux-e2e-runner.sh
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ load_envs() {
[QUAY_OAUTH_TOKEN]="${konflux_ci_secrets_file}/quay-oauth-token"
[PYXIS_STAGE_KEY]="${konflux_ci_secrets_file}/pyxis-stage-key"
[PYXIS_STAGE_CERT]="${konflux_ci_secrets_file}/pyxis-stage-cert"
[ATLAS_STAGE_ACCOUNT]="${konflux_ci_secrets_file}/atlas-stage-account"
[ATLAS_STAGE_TOKEN]="${konflux_ci_secrets_file}/atlas-stage-token"
[OFFLINE_TOKEN]="${konflux_ci_secrets_file}/stage_offline_token"
[TOOLCHAIN_API_URL]="${konflux_ci_secrets_file}/stage_toolchain_api_url"
[KEYLOAK_URL]="${konflux_ci_secrets_file}/stage_keyloak_url"
Expand Down
6 changes: 6 additions & 0 deletions pkg/constants/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,12 @@ const (
// Cert auth for accessing Pyxis stage external registry
PYXIS_STAGE_CERT_ENV string = "PYXIS_STAGE_CERT"

// SSO user for accessing the Atlas stage release instance
ATLAS_STAGE_ACCOUNT_ENV string = "ATLAS_STAGE_ACCOUNT" // #nosec

// SSO token for accessing the Atlas stage release instance
ATLAS_STAGE_TOKEN_ENV string = "ATLAS_STAGE_TOKEN" // #nosec

// Offline/refresh token used for getting Keycloak token in order to authenticate against stage/prod cluster
// More details: https://access.redhat.com/articles/3626371
OFFLINE_TOKEN_ENV = "OFFLINE_TOKEN"
Expand Down
46 changes: 12 additions & 34 deletions tests/release/pipelines/rh_advisories.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
package pipelines

import (
"encoding/base64"
"encoding/json"
"fmt"
"os"
"regexp"
"time"

Expand All @@ -15,15 +13,12 @@ import (
releaseapi "github.com/konflux-ci/release-service/api/v1alpha1"
tektonutils "github.com/konflux-ci/release-service/tekton/utils"
tektonv1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

"github.com/devfile/library/v2/pkg/util"
"github.com/konflux-ci/e2e-tests/pkg/constants"
"github.com/konflux-ci/e2e-tests/pkg/framework"
"github.com/konflux-ci/e2e-tests/pkg/utils"
"github.com/konflux-ci/e2e-tests/pkg/utils/tekton"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime"
"knative.dev/pkg/apis"

Expand All @@ -42,7 +37,6 @@ var advsComponentName = "advs-comp-" + util.GenerateRandomString(4)

var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-advisories pipeline", Label("release-pipelines", "rh-advisories"), func() {
defer GinkgoRecover()
var pyxisKeyDecoded, pyxisCertDecoded []byte

var devWorkspace = utils.GetEnv(constants.RELEASE_DEV_WORKSPACE_ENV, constants.DevReleaseTeam)
var managedWorkspace = utils.GetEnv(constants.RELEASE_MANAGED_WORKSPACE_ENV, constants.ManagedReleaseTeam)
Expand Down Expand Up @@ -70,36 +64,17 @@ var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-advisories pip
managedFw = releasecommon.NewFramework(managedWorkspace)
managedNamespace = managedFw.UserNamespace

keyPyxisStage := os.Getenv(constants.PYXIS_STAGE_KEY_ENV)
Expect(keyPyxisStage).ToNot(BeEmpty())

certPyxisStage := os.Getenv(constants.PYXIS_STAGE_CERT_ENV)
Expect(certPyxisStage).ToNot(BeEmpty())

// Creating k8s secret to access Pyxis stage based on base64 decoded of key and cert
pyxisKeyDecoded, err = base64.StdEncoding.DecodeString(string(keyPyxisStage))
Expect(err).ToNot(HaveOccurred())

pyxisCertDecoded, err = base64.StdEncoding.DecodeString(string(certPyxisStage))
Expect(err).ToNot(HaveOccurred())
pyxisFieldEnvMap := map[string]string{
"key": constants.PYXIS_STAGE_KEY_ENV,
"cert": constants.PYXIS_STAGE_CERT_ENV,
}
releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "pyxis", pyxisFieldEnvMap)

pyxisSecret, err := managedFw.AsKubeAdmin.CommonController.GetSecret(managedNamespace, "pyxis")
if pyxisSecret == nil || errors.IsNotFound(err) {
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "pyxis",
Namespace: managedNamespace,
},
Type: corev1.SecretTypeOpaque,
Data: map[string][]byte{
"cert": pyxisCertDecoded,
"key": pyxisKeyDecoded,
},
}

_, err = managedFw.AsKubeAdmin.CommonController.CreateSecret(managedNamespace, secret)
Expect(err).ToNot(HaveOccurred())
atlasFieldEnvMap := map[string]string{
"sso_account": constants.ATLAS_STAGE_ACCOUNT_ENV,
"sso_token": constants.ATLAS_STAGE_TOKEN_ENV,
}
releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "atlas", atlasFieldEnvMap)

err = managedFw.AsKubeAdmin.CommonController.LinkSecretToServiceAccount(managedNamespace, releasecommon.RedhatAppstudioUserSecret, constants.DefaultPipelineServiceAccount, true)
Expect(err).ToNot(HaveOccurred())
Expand Down Expand Up @@ -254,6 +229,9 @@ func createADVSReleasePlanAdmission(advsRPAName string, managedFw framework.Fram
"server": "stage",
"secret": "pyxis",
},
"atlas": map[string]interface{}{
"server": "stage",
},
"releaseNotes": map[string]interface{}{
"cpe": "cpe:/a:example.com",
"product_id": 555,
Expand Down
39 changes: 4 additions & 35 deletions tests/release/pipelines/rh_push_to_redhat_io.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
package pipelines

import (
"encoding/base64"
"encoding/json"
"fmt"
"os"
"regexp"
"time"

Expand All @@ -15,15 +13,12 @@ import (
releaseapi "github.com/konflux-ci/release-service/api/v1alpha1"
tektonutils "github.com/konflux-ci/release-service/tekton/utils"
tektonv1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

"github.com/devfile/library/v2/pkg/util"
"github.com/konflux-ci/e2e-tests/pkg/constants"
"github.com/konflux-ci/e2e-tests/pkg/framework"
"github.com/konflux-ci/e2e-tests/pkg/utils"
"github.com/konflux-ci/e2e-tests/pkg/utils/tekton"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime"
"knative.dev/pkg/apis"

Expand All @@ -42,7 +37,6 @@ var rhioComponentName = "rhio-comp-" + util.GenerateRandomString(4)

var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-push-to-redhat-io pipeline", Pending, Label("release-pipelines", "rh-push-to-redhat-io"), func() {
defer GinkgoRecover()
var pyxisKeyDecoded, pyxisCertDecoded []byte

var devWorkspace = utils.GetEnv(constants.RELEASE_DEV_WORKSPACE_ENV, constants.DevReleaseTeam)
var managedWorkspace = utils.GetEnv(constants.RELEASE_MANAGED_WORKSPACE_ENV, constants.ManagedReleaseTeam)
Expand Down Expand Up @@ -70,36 +64,11 @@ var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-push-to-redhat
managedFw = releasecommon.NewFramework(managedWorkspace)
managedNamespace = managedFw.UserNamespace

keyPyxisStage := os.Getenv(constants.PYXIS_STAGE_KEY_ENV)
Expect(keyPyxisStage).ToNot(BeEmpty())

certPyxisStage := os.Getenv(constants.PYXIS_STAGE_CERT_ENV)
Expect(certPyxisStage).ToNot(BeEmpty())

// Creating k8s secret to access Pyxis stage based on base64 decoded of key and cert
pyxisKeyDecoded, err = base64.StdEncoding.DecodeString(string(keyPyxisStage))
Expect(err).ToNot(HaveOccurred())

pyxisCertDecoded, err = base64.StdEncoding.DecodeString(string(certPyxisStage))
Expect(err).ToNot(HaveOccurred())

pyxisSecret, err := managedFw.AsKubeAdmin.CommonController.GetSecret(managedNamespace, "pyxis")
if pyxisSecret == nil || errors.IsNotFound(err) {
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "pyxis",
Namespace: managedNamespace,
},
Type: corev1.SecretTypeOpaque,
Data: map[string][]byte{
"cert": pyxisCertDecoded,
"key": pyxisKeyDecoded,
},
}

_, err = managedFw.AsKubeAdmin.CommonController.CreateSecret(managedNamespace, secret)
Expect(err).ToNot(HaveOccurred())
pyxisFieldEnvMap := map[string]string{
"key": constants.PYXIS_STAGE_KEY_ENV,
"cert": constants.PYXIS_STAGE_CERT_ENV,
}
releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "pyxis", pyxisFieldEnvMap)

err = managedFw.AsKubeAdmin.CommonController.LinkSecretToServiceAccount(managedNamespace, releasecommon.RedhatAppstudioUserSecret, constants.DefaultPipelineServiceAccount, true)
Expect(err).ToNot(HaveOccurred())
Expand Down
52 changes: 45 additions & 7 deletions tests/release/releaseLib.go
Original file line number Diff line number Diff line change
@@ -1,24 +1,28 @@
package common

import (
"encoding/base64"
"fmt"
"os"
"time"

"github.com/devfile/library/v2/pkg/util"
appservice "github.com/konflux-ci/application-api/api/v1alpha1"
appstudioApi "github.com/konflux-ci/application-api/api/v1alpha1"
"github.com/devfile/library/v2/pkg/util"
"github.com/konflux-ci/e2e-tests/pkg/constants"
"github.com/konflux-ci/e2e-tests/pkg/framework"
"github.com/konflux-ci/e2e-tests/pkg/utils"
releaseApi "github.com/konflux-ci/release-service/api/v1alpha1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
)

func NewFramework(workspace string) *framework.Framework {
var fw *framework.Framework
var fw *framework.Framework
var err error
stageOptions := utils.Options{
ToolchainApiUrl: os.Getenv(constants.TOOLCHAIN_API_URL_ENV),
Expand Down Expand Up @@ -79,11 +83,11 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic
{
Name: componentName,
ContainerImage: containerImage,
Source: appstudioApi.ComponentSource{
Source: appstudioApi.ComponentSource{
appstudioApi.ComponentSourceUnion{
GitSource: &appstudioApi.GitSource{
Revision: gitSourceRevision,
URL: gitSourceURL,
URL: gitSourceURL,
},
},
},
Expand All @@ -94,11 +98,11 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic
newSnapshotComponent := appstudioApi.SnapshotComponent{
Name: componentName2,
ContainerImage: containerImage2,
Source: appstudioApi.ComponentSource{
Source: appstudioApi.ComponentSource{
appstudioApi.ComponentSourceUnion{
GitSource: &appstudioApi.GitSource{
Revision: gitSourceRevision2,
URL: gitSourceURL2,
URL: gitSourceURL2,
},
},
},
Expand All @@ -111,7 +115,7 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic
return fw.AsKubeAdmin.IntegrationController.CreateSnapshotWithComponents(snapshotName, componentName, applicationName, namespace, snapshotComponents)
}

func CheckReleaseStatus(releaseCR *releaseApi.Release) (error) {
func CheckReleaseStatus(releaseCR *releaseApi.Release) error {
GinkgoWriter.Println("releaseCR: %s", releaseCR.Name)
conditions := releaseCR.Status.Conditions
GinkgoWriter.Println("len of conditions: %d", len(conditions))
Expand All @@ -136,4 +140,38 @@ func CheckReleaseStatus(releaseCR *releaseApi.Release) (error) {
return nil
}

// CreateOpaqueSecret creates a k8s Secret in a workspace if it doesn't exist.
// It populates the Secret data fields based on the mapping of fields to
// environment variables containing the base64 encoded field data.
func CreateOpaqueSecret(
fw *framework.Framework,
namespace, secretName string,
fieldEnvMap map[string]string,
) {
secretData := make(map[string][]byte)

for field, envVar := range fieldEnvMap {
envValue := os.Getenv(envVar)
Expect(envValue).ToNot(BeEmpty())

decodedValue, err := base64.StdEncoding.DecodeString(envValue)
Expect(err).ToNot(HaveOccurred())

secretData[field] = decodedValue
}

secret, err := fw.AsKubeAdmin.CommonController.GetSecret(namespace, secretName)
if secret == nil || errors.IsNotFound(err) {
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Namespace: namespace,
},
Type: corev1.SecretTypeOpaque,
Data: secretData,
}

_, err = fw.AsKubeAdmin.CommonController.CreateSecret(namespace, secret)
Expect(err).ToNot(HaveOccurred())
}
}

0 comments on commit 5a625cf

Please sign in to comment.