feat(ISV-5130): add Atlas secrets to rh-advisories test

Signed-off-by: Martin Jediny <[email protected]> fix(ISV-5130): add Atlas config to RPA fix(ISV-5130): remove sneaky tab fix(ISV-5130): use tabs everywhere feat(ISV-5130): add atlas secrets to registry push test feat(ISV-5130): move secret creation to releaseLib fix(ISV-5130): remove unused imports fix(ISV-5130): fix undefined error feat(ISV-5130): also test component SBOM processing docs(ISV-5130): adjust function docstring fix(ISV-5130): use tabs to indent fix(ISV-5130): adjust indentation to fit codestyle fix(ISV-5130): remove atlas data from wrong pipeline
konflux-ci · Nov 25, 2024 · 9cbd44e · 9cbd44e
1 parent 8ce79e7
commit 9cbd44e
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 76 deletions.
diff --git a/integration-tests/scripts/konflux-e2e-runner.sh b/integration-tests/scripts/konflux-e2e-runner.sh
@@ -30,6 +30,8 @@ load_envs() {
         [QUAY_OAUTH_TOKEN]="${konflux_ci_secrets_file}/quay-oauth-token"
         [PYXIS_STAGE_KEY]="${konflux_ci_secrets_file}/pyxis-stage-key"
         [PYXIS_STAGE_CERT]="${konflux_ci_secrets_file}/pyxis-stage-cert"
+        [ATLAS_STAGE_ACCOUNT]="${konflux_ci_secrets_file}/atlas-stage-account"
+        [ATLAS_STAGE_TOKEN]="${konflux_ci_secrets_file}/atlas-stage-token"
         [OFFLINE_TOKEN]="${konflux_ci_secrets_file}/stage_offline_token"
         [TOOLCHAIN_API_URL]="${konflux_ci_secrets_file}/stage_toolchain_api_url"
         [KEYLOAK_URL]="${konflux_ci_secrets_file}/stage_keyloak_url"

diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go
@@ -69,6 +69,12 @@ const (
 	// Cert auth for accessing Pyxis stage external registry
 	PYXIS_STAGE_CERT_ENV string = "PYXIS_STAGE_CERT"
 
+	// SSO user for accessing the Atlas stage release instance
+	ATLAS_STAGE_ACCOUNT_ENV string = "ATLAS_STAGE_ACCOUNT"
+
+	// SSO token for accessing the Atlas stage release instance
+	ATLAS_STAGE_TOKEN_ENV string = "ATLAS_STAGE_TOKEN"
+
 	// Offline/refresh token used for getting Keycloak token in order to authenticate against stage/prod cluster
 	// More details: https://access.redhat.com/articles/3626371
 	OFFLINE_TOKEN_ENV = "OFFLINE_TOKEN"

diff --git a/tests/release/pipelines/rh_advisories.go b/tests/release/pipelines/rh_advisories.go
@@ -1,10 +1,8 @@
 package pipelines
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"os"
 	"regexp"
 	"time"
 
@@ -15,15 +13,12 @@ import (
 	releaseapi "github.com/konflux-ci/release-service/api/v1alpha1"
 	tektonutils "github.com/konflux-ci/release-service/tekton/utils"
 	tektonv1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/devfile/library/v2/pkg/util"
 	"github.com/konflux-ci/e2e-tests/pkg/constants"
 	"github.com/konflux-ci/e2e-tests/pkg/framework"
 	"github.com/konflux-ci/e2e-tests/pkg/utils"
 	"github.com/konflux-ci/e2e-tests/pkg/utils/tekton"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"knative.dev/pkg/apis"
 
@@ -42,7 +37,6 @@ var advsComponentName = "advs-comp-" + util.GenerateRandomString(4)
 
 var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-advisories pipeline", Label("release-pipelines", "rh-advisories"), func() {
 	defer GinkgoRecover()
-	var pyxisKeyDecoded, pyxisCertDecoded []byte
 
 	var devWorkspace = utils.GetEnv(constants.RELEASE_DEV_WORKSPACE_ENV, constants.DevReleaseTeam)
 	var managedWorkspace = utils.GetEnv(constants.RELEASE_MANAGED_WORKSPACE_ENV, constants.ManagedReleaseTeam)
@@ -70,36 +64,17 @@ var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-advisories pip
 			managedFw = releasecommon.NewFramework(managedWorkspace)
 			managedNamespace = managedFw.UserNamespace
 
-			keyPyxisStage := os.Getenv(constants.PYXIS_STAGE_KEY_ENV)
-			Expect(keyPyxisStage).ToNot(BeEmpty())
-
-			certPyxisStage := os.Getenv(constants.PYXIS_STAGE_CERT_ENV)
-			Expect(certPyxisStage).ToNot(BeEmpty())
-
-			// Creating k8s secret to access Pyxis stage based on base64 decoded of key and cert
-			pyxisKeyDecoded, err = base64.StdEncoding.DecodeString(string(keyPyxisStage))
-			Expect(err).ToNot(HaveOccurred())
-
-			pyxisCertDecoded, err = base64.StdEncoding.DecodeString(string(certPyxisStage))
-			Expect(err).ToNot(HaveOccurred())
+			pyxisFieldEnvMap := map[string]string{
+				"key":  constants.PYXIS_STAGE_KEY_ENV,
+				"cert": constants.PYXIS_STAGE_CERT_ENV,
+			}
+			releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "pyxis", pyxisFieldEnvMap)
 
-			pyxisSecret, err := managedFw.AsKubeAdmin.CommonController.GetSecret(managedNamespace, "pyxis")
-			if pyxisSecret == nil || errors.IsNotFound(err) {
-				secret := &corev1.Secret{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "pyxis",
-						Namespace: managedNamespace,
-					},
-					Type: corev1.SecretTypeOpaque,
-					Data: map[string][]byte{
-						"cert": pyxisCertDecoded,
-						"key":  pyxisKeyDecoded,
-					},
-				}
-
-				_, err = managedFw.AsKubeAdmin.CommonController.CreateSecret(managedNamespace, secret)
-				Expect(err).ToNot(HaveOccurred())
+			atlasFieldEnvMap := map[string]string{
+				"sso_account": constants.ATLAS_STAGE_ACCOUNT_ENV,
+				"sso_token":   constants.ATLAS_STAGE_TOKEN_ENV,
 			}
+			releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "atlas", atlasFieldEnvMap)
 
 			err = managedFw.AsKubeAdmin.CommonController.LinkSecretToServiceAccount(managedNamespace, releasecommon.RedhatAppstudioUserSecret, constants.DefaultPipelineServiceAccount, true)
 			Expect(err).ToNot(HaveOccurred())
@@ -254,6 +229,10 @@ func createADVSReleasePlanAdmission(advsRPAName string, managedFw framework.Fram
 			"server": "stage",
 			"secret": "pyxis",
 		},
+		"atlas": map[string]interface{}{
+			"server": "stage",
+			"updateComponentSBOM": "true",
+		},
 		"releaseNotes": map[string]interface{}{
 			"cpe":             "cpe:/a:example.com",
 			"product_id":      555,

diff --git a/tests/release/pipelines/rh_push_to_redhat_io.go b/tests/release/pipelines/rh_push_to_redhat_io.go
@@ -1,10 +1,8 @@
 package pipelines
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"os"
 	"regexp"
 	"time"
 
@@ -15,15 +13,12 @@ import (
 	releaseapi "github.com/konflux-ci/release-service/api/v1alpha1"
 	tektonutils "github.com/konflux-ci/release-service/tekton/utils"
 	tektonv1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/devfile/library/v2/pkg/util"
 	"github.com/konflux-ci/e2e-tests/pkg/constants"
 	"github.com/konflux-ci/e2e-tests/pkg/framework"
 	"github.com/konflux-ci/e2e-tests/pkg/utils"
 	"github.com/konflux-ci/e2e-tests/pkg/utils/tekton"
-	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"knative.dev/pkg/apis"
 
@@ -42,7 +37,6 @@ var rhioComponentName = "rhio-comp-" + util.GenerateRandomString(4)
 
 var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-push-to-redhat-io pipeline", Pending, Label("release-pipelines", "rh-push-to-redhat-io"), func() {
 	defer GinkgoRecover()
-	var pyxisKeyDecoded, pyxisCertDecoded []byte
 
 	var devWorkspace = utils.GetEnv(constants.RELEASE_DEV_WORKSPACE_ENV, constants.DevReleaseTeam)
 	var managedWorkspace = utils.GetEnv(constants.RELEASE_MANAGED_WORKSPACE_ENV, constants.ManagedReleaseTeam)
@@ -70,36 +64,11 @@ var _ = framework.ReleasePipelinesSuiteDescribe("e2e tests for rh-push-to-redhat
 			managedFw = releasecommon.NewFramework(managedWorkspace)
 			managedNamespace = managedFw.UserNamespace
 
-			keyPyxisStage := os.Getenv(constants.PYXIS_STAGE_KEY_ENV)
-			Expect(keyPyxisStage).ToNot(BeEmpty())
-
-			certPyxisStage := os.Getenv(constants.PYXIS_STAGE_CERT_ENV)
-			Expect(certPyxisStage).ToNot(BeEmpty())
-
-			// Creating k8s secret to access Pyxis stage based on base64 decoded of key and cert
-			pyxisKeyDecoded, err = base64.StdEncoding.DecodeString(string(keyPyxisStage))
-			Expect(err).ToNot(HaveOccurred())
-
-			pyxisCertDecoded, err = base64.StdEncoding.DecodeString(string(certPyxisStage))
-			Expect(err).ToNot(HaveOccurred())
-
-			pyxisSecret, err := managedFw.AsKubeAdmin.CommonController.GetSecret(managedNamespace, "pyxis")
-			if pyxisSecret == nil || errors.IsNotFound(err) {
-				secret := &corev1.Secret{
-					ObjectMeta: metav1.ObjectMeta{
-						Name:      "pyxis",
-						Namespace: managedNamespace,
-					},
-					Type: corev1.SecretTypeOpaque,
-					Data: map[string][]byte{
-						"cert": pyxisCertDecoded,
-						"key":  pyxisKeyDecoded,
-					},
-				}
-
-				_, err = managedFw.AsKubeAdmin.CommonController.CreateSecret(managedNamespace, secret)
-				Expect(err).ToNot(HaveOccurred())
+			pyxisFieldEnvMap := map[string]string{
+				"key":  constants.PYXIS_STAGE_KEY_ENV,
+				"cert": constants.PYXIS_STAGE_CERT_ENV,
 			}
+			releasecommon.CreateOpaqueSecret(managedFw, managedNamespace, "pyxis", pyxisFieldEnvMap)
 
 			err = managedFw.AsKubeAdmin.CommonController.LinkSecretToServiceAccount(managedNamespace, releasecommon.RedhatAppstudioUserSecret, constants.DefaultPipelineServiceAccount, true)
 			Expect(err).ToNot(HaveOccurred())

diff --git a/tests/release/releaseLib.go b/tests/release/releaseLib.go
@@ -1,24 +1,28 @@
 package common
 
 import (
+	"encoding/base64"
 	"fmt"
 	"os"
 	"time"
 
+	"github.com/devfile/library/v2/pkg/util"
 	appservice "github.com/konflux-ci/application-api/api/v1alpha1"
 	appstudioApi "github.com/konflux-ci/application-api/api/v1alpha1"
-	"github.com/devfile/library/v2/pkg/util"
 	"github.com/konflux-ci/e2e-tests/pkg/constants"
 	"github.com/konflux-ci/e2e-tests/pkg/framework"
 	"github.com/konflux-ci/e2e-tests/pkg/utils"
 	releaseApi "github.com/konflux-ci/release-service/api/v1alpha1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
 func NewFramework(workspace string) *framework.Framework {
-	var fw  *framework.Framework
+	var fw *framework.Framework
 	var err error
 	stageOptions := utils.Options{
 		ToolchainApiUrl: os.Getenv(constants.TOOLCHAIN_API_URL_ENV),
@@ -79,11 +83,11 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic
 		{
 			Name:           componentName,
 			ContainerImage: containerImage,
-			Source:         appstudioApi.ComponentSource{
+			Source: appstudioApi.ComponentSource{
 				appstudioApi.ComponentSourceUnion{
 					GitSource: &appstudioApi.GitSource{
 						Revision: gitSourceRevision,
-						URL: gitSourceURL,
+						URL:      gitSourceURL,
 					},
 				},
 			},
@@ -94,11 +98,11 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic
 		newSnapshotComponent := appstudioApi.SnapshotComponent{
 			Name:           componentName2,
 			ContainerImage: containerImage2,
-			Source:         appstudioApi.ComponentSource{
+			Source: appstudioApi.ComponentSource{
 				appstudioApi.ComponentSourceUnion{
 					GitSource: &appstudioApi.GitSource{
 						Revision: gitSourceRevision2,
-						URL: gitSourceURL2,
+						URL:      gitSourceURL2,
 					},
 				},
 			},
@@ -111,7 +115,7 @@ func CreateSnapshotWithImageSource(fw framework.Framework, componentName, applic
 	return fw.AsKubeAdmin.IntegrationController.CreateSnapshotWithComponents(snapshotName, componentName, applicationName, namespace, snapshotComponents)
 }
 
-func CheckReleaseStatus(releaseCR *releaseApi.Release) (error) {
+func CheckReleaseStatus(releaseCR *releaseApi.Release) error {
 	GinkgoWriter.Println("releaseCR: %s", releaseCR.Name)
 	conditions := releaseCR.Status.Conditions
 	GinkgoWriter.Println("len of conditions: %d", len(conditions))
@@ -136,4 +140,38 @@ func CheckReleaseStatus(releaseCR *releaseApi.Release) (error) {
 	return nil
 }
 
+// CreateOpaqueSecret creates a k8s Secret in a workspace if it doesn't exist.
+// It populates the Secret data fields based on the mapping of fields to
+// environment variables containing the base64 encoded field data.
+func CreateOpaqueSecret(
+	fw *framework.Framework,
+	namespace, secretName string,
+	fieldEnvMap map[string]string,
+) {
+	secretData := make(map[string][]byte)
+
+	for field, envVar := range fieldEnvMap {
+		envValue := os.Getenv(envVar)
+		Expect(envValue).ToNot(BeEmpty())
+
+		decodedValue, err := base64.StdEncoding.DecodeString(envValue)
+		Expect(err).ToNot(HaveOccurred())
+
+		secretData[field] = decodedValue
+	}
 
+	secret, err := fw.AsKubeAdmin.CommonController.GetSecret(namespace, secretName)
+	if secret == nil || errors.IsNotFound(err) {
+		secret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      secretName,
+				Namespace: namespace,
+			},
+			Type: corev1.SecretTypeOpaque,
+			Data: secretData,
+		}
+
+		_, err = fw.AsKubeAdmin.CommonController.CreateSecret(namespace, secret)
+		Expect(err).ToNot(HaveOccurred())
+	}
+}