From 5a625cf2dda6f4778ca953c922247d18f539709f Mon Sep 17 00:00:00 2001 From: Martin Jediny Date: Mon, 11 Nov 2024 12:34:19 +0100 Subject: [PATCH] feat(ISV-5130): add Atlas secrets to rh-advisories test Signed-off-by: Martin Jediny fix(ISV-5130): add Atlas config to RPA fix(ISV-5130): remove sneaky tab fix(ISV-5130): use tabs everywhere feat(ISV-5130): add atlas secrets to registry push test feat(ISV-5130): move secret creation to releaseLib fix(ISV-5130): remove unused imports fix(ISV-5130): fix undefined error feat(ISV-5130): also test component SBOM processing docs(ISV-5130): adjust function docstring fix(ISV-5130): use tabs to indent fix(ISV-5130): adjust indentation to fit codestyle fix(ISV-5130): remove atlas data from wrong pipeline fix(ISV-5130): remove unused atlas param Signed-off-by: Martin Jediny fix(ISV-5130): disable false positive Signed-off-by: Martin Jediny --- .../scripts/konflux-e2e-runner.sh | 2 + pkg/constants/constants.go | 6 +++ tests/release/pipelines/rh_advisories.go | 46 +++++----------- .../release/pipelines/rh_push_to_redhat_io.go | 39 ++------------ tests/release/releaseLib.go | 52 ++++++++++++++++--- 5 files changed, 69 insertions(+), 76 deletions(-) diff --git a/integration-tests/scripts/konflux-e2e-runner.sh b/integration-tests/scripts/konflux-e2e-runner.sh index 187a63555..00c508bbb 100755 --- a/integration-tests/scripts/konflux-e2e-runner.sh +++ b/integration-tests/scripts/konflux-e2e-runner.sh @@ -30,6 +30,8 @@ load_envs() { [QUAY_OAUTH_TOKEN]="${konflux_ci_secrets_file}/quay-oauth-token" [PYXIS_STAGE_KEY]="${konflux_ci_secrets_file}/pyxis-stage-key" [PYXIS_STAGE_CERT]="${konflux_ci_secrets_file}/pyxis-stage-cert" + [ATLAS_STAGE_ACCOUNT]="${konflux_ci_secrets_file}/atlas-stage-account" + [ATLAS_STAGE_TOKEN]="${konflux_ci_secrets_file}/atlas-stage-token" [OFFLINE_TOKEN]="${konflux_ci_secrets_file}/stage_offline_token" [TOOLCHAIN_API_URL]="${konflux_ci_secrets_file}/stage_toolchain_api_url" [KEYLOAK_URL]="${konflux_ci_secrets_file}/stage_keyloak_url" diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index b77ff05d3..bba35b488 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -69,6 +69,12 @@ const ( // Cert auth for accessing Pyxis stage external registry PYXIS_STAGE_CERT_ENV string = "PYXIS_STAGE_CERT" + // SSO user for accessing the Atlas stage release instance + ATLAS_STAGE_ACCOUNT_ENV string = "ATLAS_STAGE_ACCOUNT" // #nosec + + // SSO token for accessing the Atlas stage release instance + ATLAS_STAGE_TOKEN_ENV string = "ATLAS_STAGE_TOKEN" // #nosec + // Offline/refresh token used for getting Keycloak token in order to authenticate against stage/prod cluster // More details: https://access.redhat.com/articles/3626371 OFFLINE_TOKEN_ENV = "OFFLINE_TOKEN" diff --git a/tests/release/pipelines/rh_advisories.go b/tests/release/pipelines/rh_advisories.go index 13755213d..f550b091a 100644 --- a/tests/release/pipelines/rh_advisories.go +++ b/tests/release/pipelines/rh_advisories.go @@ -1,10 +1,8 @@ package pipelines import ( - "encoding/base64" "encoding/json" "fmt" - "os" "regexp" "time" @@ -15,15 +13,12 @@ import ( releaseapi "github.com/konflux-ci/release-service/api/v1alpha1" tektonutils "github.com/konflux-ci/release-service/tekton/utils" tektonv1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/devfile/library/v2/pkg/util" "github.com/konflux-ci/e2e-tests/pkg/constants" "github.com/konflux-ci/e2e-tests/pkg/framework" "github.com/konflux-ci/e2e-tests/pkg/utils" "github.com/konflux-ci/e2e-tests/pkg/utils/tekton" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" "knative.dev/pkg/apis" @@ -42,7 +37,6 @@ var advsComponentName = "advs-comp-" + util.GenerateRandomString(4) var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-advisories pipeline", Label("release-pipelines", "rh-advisories"), func() { defer GinkgoRecover() - var pyxisKeyDecoded, pyxisCertDecoded []byte var devWorkspace = utils.GetEnv(constants.RELEASE_DEV_WORKSPACE_ENV, constants.DevReleaseTeam) var managedWorkspace = utils.GetEnv(constants.RELEASE_MANAGED_WORKSPACE_ENV, constants.ManagedReleaseTeam) @@ -70,36 +64,17 @@ var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-advisories pip managedFw = releasecommon.NewFramework(managedWorkspace) managedNamespace = managedFw.UserNamespace - keyPyxisStage := os.Getenv(constants.PYXIS_STAGE_KEY_ENV) - Expect(keyPyxisStage).ToNot(BeEmpty()) - - certPyxisStage := os.Getenv(constants.PYXIS_STAGE_CERT_ENV) - Expect(certPyxisStage).ToNot(BeEmpty()) - - // Creating k8s secret to access Pyxis stage based on base64 decoded of key and cert - pyxisKeyDecoded, err = base64.StdEncoding.DecodeString(string(keyPyxisStage)) - Expect(err).ToNot(HaveOccurred()) - - pyxisCertDecoded, err = base64.StdEncoding.DecodeString(string(certPyxisStage)) - Expect(err).ToNot(HaveOccurred()) + pyxisFieldEnvMap := map[string]string{ + "key": constants.PYXIS_STAGE_KEY_ENV, + "cert": constants.PYXIS_STAGE_CERT_ENV, + } + releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "pyxis", pyxisFieldEnvMap) - pyxisSecret, err := managedFw.AsKubeAdmin.CommonController.GetSecret(managedNamespace, "pyxis") - if pyxisSecret == nil || errors.IsNotFound(err) { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "pyxis", - Namespace: managedNamespace, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{ - "cert": pyxisCertDecoded, - "key": pyxisKeyDecoded, - }, - } - - _, err = managedFw.AsKubeAdmin.CommonController.CreateSecret(managedNamespace, secret) - Expect(err).ToNot(HaveOccurred()) + atlasFieldEnvMap := map[string]string{ + "sso_account": constants.ATLAS_STAGE_ACCOUNT_ENV, + "sso_token": constants.ATLAS_STAGE_TOKEN_ENV, } + releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "atlas", atlasFieldEnvMap) err = managedFw.AsKubeAdmin.CommonController.LinkSecretToServiceAccount(managedNamespace, releasecommon.RedhatAppstudioUserSecret, constants.DefaultPipelineServiceAccount, true) Expect(err).ToNot(HaveOccurred()) @@ -254,6 +229,9 @@ func createADVSReleasePlanAdmission(advsRPAName string, managedFw framework.Fram "server": "stage", "secret": "pyxis", }, + "atlas": map[string]interface{}{ + "server": "stage", + }, "releaseNotes": map[string]interface{}{ "cpe": "cpe:/a:example.com", "product_id": 555, diff --git a/tests/release/pipelines/rh_push_to_redhat_io.go b/tests/release/pipelines/rh_push_to_redhat_io.go index 97349c8ef..3c828423a 100644 --- a/tests/release/pipelines/rh_push_to_redhat_io.go +++ b/tests/release/pipelines/rh_push_to_redhat_io.go @@ -1,10 +1,8 @@ package pipelines import ( - "encoding/base64" "encoding/json" "fmt" - "os" "regexp" "time" @@ -15,15 +13,12 @@ import ( releaseapi "github.com/konflux-ci/release-service/api/v1alpha1" tektonutils "github.com/konflux-ci/release-service/tekton/utils" tektonv1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/devfile/library/v2/pkg/util" "github.com/konflux-ci/e2e-tests/pkg/constants" "github.com/konflux-ci/e2e-tests/pkg/framework" "github.com/konflux-ci/e2e-tests/pkg/utils" "github.com/konflux-ci/e2e-tests/pkg/utils/tekton" - "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" "knative.dev/pkg/apis" @@ -42,7 +37,6 @@ var rhioComponentName = "rhio-comp-" + util.GenerateRandomString(4) var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-push-to-redhat-io pipeline", Pending, Label("release-pipelines", "rh-push-to-redhat-io"), func() { defer GinkgoRecover() - var pyxisKeyDecoded, pyxisCertDecoded []byte var devWorkspace = utils.GetEnv(constants.RELEASE_DEV_WORKSPACE_ENV, constants.DevReleaseTeam) var managedWorkspace = utils.GetEnv(constants.RELEASE_MANAGED_WORKSPACE_ENV, constants.ManagedReleaseTeam) @@ -70,36 +64,11 @@ var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-push-to-redhat managedFw = releasecommon.NewFramework(managedWorkspace) managedNamespace = managedFw.UserNamespace - keyPyxisStage := os.Getenv(constants.PYXIS_STAGE_KEY_ENV) - Expect(keyPyxisStage).ToNot(BeEmpty()) - - certPyxisStage := os.Getenv(constants.PYXIS_STAGE_CERT_ENV) - Expect(certPyxisStage).ToNot(BeEmpty()) - - // Creating k8s secret to access Pyxis stage based on base64 decoded of key and cert - pyxisKeyDecoded, err = base64.StdEncoding.DecodeString(string(keyPyxisStage)) - Expect(err).ToNot(HaveOccurred()) - - pyxisCertDecoded, err = base64.StdEncoding.DecodeString(string(certPyxisStage)) - Expect(err).ToNot(HaveOccurred()) - - pyxisSecret, err := managedFw.AsKubeAdmin.CommonController.GetSecret(managedNamespace, "pyxis") - if pyxisSecret == nil || errors.IsNotFound(err) { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "pyxis", - Namespace: managedNamespace, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{ - "cert": pyxisCertDecoded, - "key": pyxisKeyDecoded, - }, - } - - _, err = managedFw.AsKubeAdmin.CommonController.CreateSecret(managedNamespace, secret) - Expect(err).ToNot(HaveOccurred()) + pyxisFieldEnvMap := map[string]string{ + "key": constants.PYXIS_STAGE_KEY_ENV, + "cert": constants.PYXIS_STAGE_CERT_ENV, } + releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "pyxis", pyxisFieldEnvMap) err = managedFw.AsKubeAdmin.CommonController.LinkSecretToServiceAccount(managedNamespace, releasecommon.RedhatAppstudioUserSecret, constants.DefaultPipelineServiceAccount, true) Expect(err).ToNot(HaveOccurred()) diff --git a/tests/release/releaseLib.go b/tests/release/releaseLib.go index 213a918a6..e2d480bac 100644 --- a/tests/release/releaseLib.go +++ b/tests/release/releaseLib.go @@ -1,24 +1,28 @@ package common import ( + "encoding/base64" "fmt" "os" "time" + "github.com/devfile/library/v2/pkg/util" appservice "github.com/konflux-ci/application-api/api/v1alpha1" appstudioApi "github.com/konflux-ci/application-api/api/v1alpha1" - "github.com/devfile/library/v2/pkg/util" "github.com/konflux-ci/e2e-tests/pkg/constants" "github.com/konflux-ci/e2e-tests/pkg/framework" "github.com/konflux-ci/e2e-tests/pkg/utils" releaseApi "github.com/konflux-ci/release-service/api/v1alpha1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ) func NewFramework(workspace string) *framework.Framework { - var fw *framework.Framework + var fw *framework.Framework var err error stageOptions := utils.Options{ ToolchainApiUrl: os.Getenv(constants.TOOLCHAIN_API_URL_ENV), @@ -79,11 +83,11 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic { Name: componentName, ContainerImage: containerImage, - Source: appstudioApi.ComponentSource{ + Source: appstudioApi.ComponentSource{ appstudioApi.ComponentSourceUnion{ GitSource: &appstudioApi.GitSource{ Revision: gitSourceRevision, - URL: gitSourceURL, + URL: gitSourceURL, }, }, }, @@ -94,11 +98,11 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic newSnapshotComponent := appstudioApi.SnapshotComponent{ Name: componentName2, ContainerImage: containerImage2, - Source: appstudioApi.ComponentSource{ + Source: appstudioApi.ComponentSource{ appstudioApi.ComponentSourceUnion{ GitSource: &appstudioApi.GitSource{ Revision: gitSourceRevision2, - URL: gitSourceURL2, + URL: gitSourceURL2, }, }, }, @@ -111,7 +115,7 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic return fw.AsKubeAdmin.IntegrationController.CreateSnapshotWithComponents(snapshotName, componentName, applicationName, namespace, snapshotComponents) } -func CheckReleaseStatus(releaseCR *releaseApi.Release) (error) { +func CheckReleaseStatus(releaseCR *releaseApi.Release) error { GinkgoWriter.Println("releaseCR: %s", releaseCR.Name) conditions := releaseCR.Status.Conditions GinkgoWriter.Println("len of conditions: %d", len(conditions)) @@ -136,4 +140,38 @@ func CheckReleaseStatus(releaseCR *releaseApi.Release) (error) { return nil } +// CreateOpaqueSecret creates a k8s Secret in a workspace if it doesn't exist. +// It populates the Secret data fields based on the mapping of fields to +// environment variables containing the base64 encoded field data. +func CreateOpaqueSecret( + fw *framework.Framework, + namespace, secretName string, + fieldEnvMap map[string]string, +) { + secretData := make(map[string][]byte) + + for field, envVar := range fieldEnvMap { + envValue := os.Getenv(envVar) + Expect(envValue).ToNot(BeEmpty()) + + decodedValue, err := base64.StdEncoding.DecodeString(envValue) + Expect(err).ToNot(HaveOccurred()) + + secretData[field] = decodedValue + } + secret, err := fw.AsKubeAdmin.CommonController.GetSecret(namespace, secretName) + if secret == nil || errors.IsNotFound(err) { + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: namespace, + }, + Type: corev1.SecretTypeOpaque, + Data: secretData, + } + + _, err = fw.AsKubeAdmin.CommonController.CreateSecret(namespace, secret) + Expect(err).ToNot(HaveOccurred()) + } +}