CFE-1108: Use upstream e2e to run using downstream images

Makefile

@@ -160,8 +160,12 @@ test-e2e-teardown: $(KIND)
 $(e2e_targets):: test-e2e-setup
 test-e2e:: $(e2e_tests) ## Run e2e tests
 
-test-e2e-ansible:: image/ansible-operator ## Run Ansible e2e tests
+test-e2e-ansible:: image/ansible-operator test-e2e-ansible-run ## Run Ansible e2e tests
+
+.PHONY: test-e2e-ansible-run
+test-e2e-ansible-run:
 	go test ./test/e2e/ansible -v -ginkgo.v
+
 test-e2e-ansible-molecule:: install dev-install image/ansible-operator ## Run molecule-based Ansible e2e tests
 	go run ./hack/generate/samples/molecule/generate.go
 	./hack/tests/e2e-ansible-molecule.sh

hack/generate/samples/ansible/constants.go

@@ -518,6 +518,25 @@ const rolesForBaseOperator = `
       - watch
 #+kubebuilder:scaffold:rules
 `
+const rolesForProject = `
+  ##
+  ## Apply customize roles related to project.openshift.io
+  ##
+  - apiGroups:
+      - project.openshift.io
+    resources:
+      - projectrequests
+      - projects
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+#+kubebuilder:scaffold:rules
+`
 
 const customMetricsTest = `
 - name: Search for all running pods

hack/generate/samples/ansible/generate.go

@@ -41,6 +41,8 @@ var memcachedGVK = schema.GroupVersionKind{
 	Kind:    "Memcached",
 }
 
+var skipSecretGeneration = ""
+
 func getCli() *cli.CLI {
 	ansibleBundle, _ := plugin.NewBundleWithOptions(
 		plugin.WithName(golang.DefaultNameQualifier),
@@ -127,21 +129,26 @@ func GenerateMoleculeSample(samplesPath string) []sample.Sample {
 	)
 	pkg.CheckError("attempting to create sample cli", err)
 
-	addIgnore, err := samplecli.NewCliSample(
-		samplecli.WithCLI(getCli()),
-		samplecli.WithCommandContext(ansibleMoleculeMemcached.CommandContext()),
-		samplecli.WithGvk(
-			schema.GroupVersionKind{
-				Group:   "ignore",
-				Version: "v1",
-				Kind:    "Secret",
-			},
-		),
-		samplecli.WithPlugins("ansible"),
-		samplecli.WithExtraApiOptions("--generate-role"),
-		samplecli.WithName(ansibleMoleculeMemcached.Name()),
-	)
-	pkg.CheckError("creating ignore samples", err)
+	skipSecretGeneration = os.Getenv("SKIP_SECRET_GENERATION")
+	var addIgnore sample.Sample
+
+	if skipSecretGeneration == "" {
+		addIgnore, err = samplecli.NewCliSample(
+			samplecli.WithCLI(getCli()),
+			samplecli.WithCommandContext(ansibleMoleculeMemcached.CommandContext()),
+			samplecli.WithGvk(
+				schema.GroupVersionKind{
+					Group:   "ignore",
+					Version: "v1",
+					Kind:    "Secret",
+				},
+			),
+			samplecli.WithPlugins("ansible"),
+			samplecli.WithExtraApiOptions("--generate-role"),
+			samplecli.WithName(ansibleMoleculeMemcached.Name()),
+		)
+		pkg.CheckError("creating ignore samples", err)
+	}
 
 	// remove sample directory if it already exists
 	err = os.RemoveAll(ansibleMoleculeMemcached.Dir())
@@ -158,9 +165,11 @@ func GenerateMoleculeSample(samplesPath string) []sample.Sample {
 	err = e2e.AllowProjectBeMultiGroup(ansibleMoleculeMemcached)
 	pkg.CheckError("updating PROJECT file", err)
 
-	ignoreGen := sample.NewGenerator(sample.WithNoInit(), sample.WithNoWebhook())
-	err = ignoreGen.GenerateSamples(addIgnore)
-	pkg.CheckError("generating ansible molecule sample - ignore", err)
+	if skipSecretGeneration == "" {
+		ignoreGen := sample.NewGenerator(sample.WithNoInit(), sample.WithNoWebhook())
+		err = ignoreGen.GenerateSamples(addIgnore)
+		pkg.CheckError("generating ansible molecule sample - ignore", err)
+	}
 
 	ImplementMemcached(ansibleMoleculeMemcached, bundleImage)
 

hack/generate/samples/ansible/memcached_molecule.go

@@ -41,12 +41,14 @@ func ImplementMemcachedMolecule(sample sample.Sample, image string) {
 			err := kbutil.InsertCode(moleculeTaskPath, targetMoleculeCheckDeployment, molecuTaskToCheckConfigMap)
 			pkg.CheckError("replacing memcached task to add config map check", err)
 
-			log.Info("insert molecule task to ensure to check secret")
-			err = kbutil.InsertCode(moleculeTaskPath, memcachedCustomStatusMoleculeTarget, testSecretMoleculeCheck)
-			pkg.CheckError("replacing memcached task to add secret check", err)
+			if skipSecretGeneration == "" {
+				log.Info("insert molecule task to ensure to check secret")
+				err = kbutil.InsertCode(moleculeTaskPath, memcachedCustomStatusMoleculeTarget, testSecretMoleculeCheck)
+				pkg.CheckError("replacing memcached task to add secret check", err)
+			}
 
 			log.Info("insert molecule task to ensure to foo ")
-			err = kbutil.InsertCode(moleculeTaskPath, testSecretMoleculeCheck, testFooMoleculeCheck)
+			err = kbutil.InsertCode(moleculeTaskPath, memcachedCustomStatusMoleculeTarget, testFooMoleculeCheck)
 			pkg.CheckError("replacing memcached task to add foo check", err)
 
 			log.Info("insert molecule task to check custom metrics")
@@ -58,6 +60,11 @@ func ImplementMemcachedMolecule(sample sample.Sample, image string) {
 			err = kbutil.InsertCode(filepath.Join(sample.Dir(), "roles", strings.ToLower(gvk.Kind), "tasks", "main.yml"),
 				roleFragment, memcachedWithBlackListTask)
 			pkg.CheckError("replacing in tasks/main.yml", err)
+
+			log.Info("adding RBAC permissions for project.openshift.io")
+			err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "config", "rbac", "role.yaml"),
+				"#+kubebuilder:scaffold:rules", rolesForProject)
+			pkg.CheckError("replacing in role.yml", err)
 		}
 
 		if gvk.Kind != "Memcached" {
@@ -95,34 +102,36 @@ func ImplementMemcachedMolecule(sample sample.Sample, image string) {
 		"playbook: playbooks/memcached.yml", memcachedWatchCustomizations)
 	pkg.CheckError("replacing in watches", err)
 
-	log.Info("removing ignore group for the secret from watches as an workaround to work with core types")
-	err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "watches.yaml"),
-		"ignore.example.com", "\"\"")
-	pkg.CheckError("replacing the watches file", err)
-
-	log.Info("removing molecule test for the Secret since it is a core type")
-	cmd := exec.Command("rm", "-rf", filepath.Join(sample.Dir(), "molecule", "default", "tasks", "secret_test.yml"))
-	_, err = sample.CommandContext().Run(cmd)
-	pkg.CheckError("removing secret test file", err)
-
-	log.Info("adding Secret task to the role")
-	err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "roles", "secret", "tasks", "main.yml"),
-		originalTaskSecret, taskForSecret)
-	pkg.CheckError("replacing in secret/tasks/main.yml file", err)
-
-	log.Info("adding ManageStatus == false for role secret")
-	err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "watches.yaml"),
-		"role: secret", manageStatusFalseForRoleSecret)
-	pkg.CheckError("replacing in watches.yaml", err)
-
-	// prevent high load of controller caused by watching all the secrets in the cluster
-	watchNamespacePatchFileName := "watch_namespace_patch.yaml"
-	log.Info("adding WATCH_NAMESPACE env patch to watch own namespace")
-	err = os.WriteFile(filepath.Join(sample.Dir(), "config", "testing", watchNamespacePatchFileName), []byte(watchNamespacePatch), 0644)
-	pkg.CheckError("adding watch_namespace_patch.yaml", err)
-
-	log.Info("adding WATCH_NAMESPACE env patch to patch list to be applied")
-	err = kbutil.InsertCode(filepath.Join(sample.Dir(), "config", "testing", "kustomization.yaml"), "patchesStrategicMerge:",
-		fmt.Sprintf("\n- %s", watchNamespacePatchFileName))
-	pkg.CheckError("inserting in kustomization.yaml", err)
+	if skipSecretGeneration == "" {
+		log.Info("removing ignore group for the secret from watches as an workaround to work with core types")
+		err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "watches.yaml"),
+			"ignore.example.com", "\"\"")
+		pkg.CheckError("replacing the watches file", err)
+
+		log.Info("removing molecule test for the Secret since it is a core type")
+		cmd := exec.Command("rm", "-rf", filepath.Join(sample.Dir(), "molecule", "default", "tasks", "secret_test.yml"))
+		_, err = sample.CommandContext().Run(cmd)
+		pkg.CheckError("removing secret test file", err)
+
+		log.Info("adding Secret task to the role")
+		err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "roles", "secret", "tasks", "main.yml"),
+			originalTaskSecret, taskForSecret)
+		pkg.CheckError("replacing in secret/tasks/main.yml file", err)
+
+		log.Info("adding ManageStatus == false for role secret")
+		err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "watches.yaml"),
+			"role: secret", manageStatusFalseForRoleSecret)
+		pkg.CheckError("replacing in watches.yaml", err)
+
+		// prevent high load of controller caused by watching all the secrets in the cluster
+		watchNamespacePatchFileName := "watch_namespace_patch.yaml"
+		log.Info("adding WATCH_NAMESPACE env patch to watch own namespace")
+		err = os.WriteFile(filepath.Join(sample.Dir(), "config", "testing", watchNamespacePatchFileName), []byte(watchNamespacePatch), 0644)
+		pkg.CheckError("adding watch_namespace_patch.yaml", err)
+
+		log.Info("adding WATCH_NAMESPACE env patch to patch list to be applied")
+		err = kbutil.InsertCode(filepath.Join(sample.Dir(), "config", "testing", "kustomization.yaml"), "patchesStrategicMerge:",
+			fmt.Sprintf("\n- %s", watchNamespacePatchFileName))
+		pkg.CheckError("inserting in kustomization.yaml", err)
+	}
 }

openshift/Dockerfile.e2e-ansible

@@ -0,0 +1,20 @@
+FROM basebuilder AS builder
+
+COPY . /go/src/github.com/openshift/ansible-operator-plugins
+
+ENV SKIP_SECRET_GENERATION=true
+
+RUN cd /go/src/github.com/openshift/ansible-operator-plugins && \
+  make generate
+
+FROM openshift-ansible-operator-plugins
+
+COPY --from=builder /go/src/github.com/openshift/ansible-operator-plugins/testdata/memcached-molecule-operator/requirements.yml ${HOME}/requirements.yml
+
+RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
+ && chmod -R ug+rwx ${HOME}/.ansible
+
+COPY --from=builder /go/src/github.com/openshift/ansible-operator-plugins/testdata/memcached-molecule-operator/watches.yaml ${HOME}/watches.yaml
+COPY --from=builder /go/src/github.com/openshift/ansible-operator-plugins/testdata/memcached-molecule-operator/roles/ ${HOME}/roles/
+COPY --from=builder /go/src/github.com/openshift/ansible-operator-plugins/testdata/memcached-molecule-operator/playbooks/ ${HOME}/playbooks/
+

pkg/testutils/e2e/metrics/helpers.go

@@ -48,8 +48,25 @@ func GetMetrics(sample sample.Sample, kubectl kubernetes.Kubectl, metricsCluster
 	gomega.Expect(len(token)).To(gomega.BeNumerically(">", 0))
 
 	ginkgo.By("creating a curl pod")
+	securityContext := `
+{
+	"apiVersion": "v1",
+	"spec": {
+		"securityContext": {
+			"runAsNonRoot": true,
+			"runAsUser": 1000,
+			"runAsGroup": 1000,
+			"fsGroup": 1000,
+			"seccompProfile": {
+				"type": "RuntimeDefault"
+			}
+		}
+	}
+}
+`
+	overrides := fmt.Sprintf("--overrides=%s", securityContext)
 	cmdOpts := []string{
-		"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", "--",
+		"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", overrides, "--",
 		"curl", "-v", "-k", "-H", fmt.Sprintf(`Authorization: Bearer %s`, token),
 		fmt.Sprintf("https://%s-controller-manager-metrics-service.%s.svc:8443/metrics", sample.Name(), kubectl.Namespace()),
 	}

test/e2e/ansible/cluster_test.go

@@ -60,7 +60,7 @@ var _ = Describe("Running ansible projects", func() {
 			Expect(metrics.CleanUpMetrics(kctl, metricsClusterRoleBindingName)).To(Succeed())
 
 			By("cleaning up created API objects during test process")
-			Expect(operator.UndeployOperator(ansibleSample)).To(Succeed())
+			testutils.WrapWarnOutput("", operator.UndeployOperator(ansibleSample))
 
 			By("ensuring that the namespace was deleted")
 			testutils.WrapWarnOutput(kctl.Wait(false, "namespace", "foo", "--for", "delete", "--timeout", "2m"))

test/e2e/ansible/local_test.go

@@ -15,6 +15,7 @@
 package e2e_ansible_test
 
 import (
+	"os"
 	"os/exec"
 
 	. "github.com/onsi/ginkgo/v2"
@@ -25,18 +26,28 @@ import (
 var _ = Describe("Running Ansible projects", func() {
 	Context("built with operator-sdk", func() {
 		BeforeEach(func() {
-			By("Installing CRD's")
-			err := operator.InstallCRDs(ansibleSample)
-			Expect(err).NotTo(HaveOccurred())
+			skip_local_test := os.Getenv("SKIP_LOCAL_TEST")
+			if skip_local_test == "" {
+				By("Installing CRD's")
+				err := operator.InstallCRDs(ansibleSample)
+				Expect(err).NotTo(HaveOccurred())
+			}
 		})
 
 		AfterEach(func() {
-			By("Uninstalling CRD's")
-			err := operator.UninstallCRDs(ansibleSample)
-			Expect(err).NotTo(HaveOccurred())
+			skip_local_test := os.Getenv("SKIP_LOCAL_TEST")
+			if skip_local_test == "" {
+				By("Uninstalling CRD's")
+				err := operator.UninstallCRDs(ansibleSample)
+				Expect(err).NotTo(HaveOccurred())
+			}
 		})
 
 		It("Should run correctly when run locally", func() {
+			skip_local_test := os.Getenv("SKIP_LOCAL_TEST")
+			if skip_local_test != "" {
+				Skip("Skipping local test")
+			}
 			By("Running the project")
 			cmd := exec.Command("make", "run")
 			cmd.Dir = ansibleSample.Dir()

test/e2e/ansible/suite_test.go

@@ -106,9 +106,13 @@ var _ = BeforeSuite(func() {
 		}, 3*time.Minute, time.Second).Should(Succeed())
 	}
 
-	By("building the project image")
-	err = operator.BuildOperatorImage(ansibleSample, image)
-	Expect(err).NotTo(HaveOccurred())
+	if image_env_var, exists := os.LookupEnv("IMAGE_FORMAT"); exists {
+		image = image_env_var
+	} else {
+		By("building the project image")
+		err = operator.BuildOperatorImage(ansibleSample, image)
+		Expect(err).NotTo(HaveOccurred())
+	}
 
 	onKind, err := kind.IsRunningOnKind(kctl)
 	Expect(err).NotTo(HaveOccurred())
@@ -129,9 +133,11 @@ var _ = AfterSuite(func() {
 	}
 
 	By("destroying container image and work dir")
-	cmd := exec.Command("docker", "rmi", "-f", image)
-	if _, err := ansibleSample.CommandContext().Run(cmd); err != nil {
-		Expect(err).To(BeNil())
+	if _, exists := os.LookupEnv("IMAGE_FORMAT"); !exists {
+		cmd := exec.Command("docker", "rmi", "-f", image)
+		if _, err := ansibleSample.CommandContext().Run(cmd); err != nil {
+			Expect(err).To(BeNil())
+		}
 	}
 	if err := os.RemoveAll(testdir); err != nil {
 		Expect(err).To(BeNil())

testdata/memcached-molecule-operator/config/rbac/role.yaml

@@ -106,6 +106,23 @@ rules:
       - update
       - watch
 
+  ##
+  ## Apply customize roles related to project.openshift.io
+  ##
+  - apiGroups:
+      - project.openshift.io
+    resources:
+      - projectrequests
+      - projects
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+
   ##
   ## Apply customize roles for base operator
   ##
@@ -124,3 +141,4 @@ rules:
       - watch
 #+kubebuilder:scaffold:rules
 
+

testdata/memcached-molecule-operator/molecule/default/tasks/memcached_test.yml

@@ -56,12 +56,6 @@
       resource_name=custom_resource.metadata.name
     )}}'
 
-# This will verify that the secret role was executed
-- name: Verify that test-service was created
-  assert:
-    that: lookup('k8s', kind='Service', api_version='v1', namespace=namespace, resource_name='test-service')
-
-
 - name: Verify that project testing-foo was created
   assert:
     that: lookup('k8s', kind='Namespace', api_version='v1', resource_name='testing-foo')
@@ -116,6 +110,12 @@
 
 
 
+# This will verify that the secret role was executed
+- name: Verify that test-service was created
+  assert:
+    that: lookup('k8s', kind='Service', api_version='v1', namespace=namespace, resource_name='test-service')
+
+
 - when: molecule_yml.scenario.name == "test-local"
   block:
   - name: Restart the operator by killing the pod