From 2543ce4b52e034be8baceae656711612f9a8a284 Mon Sep 17 00:00:00 2001 From: Jianli Wei Date: Tue, 31 Oct 2023 18:13:37 +0800 Subject: [PATCH] [4.14] gcp userLabels & userTags (#42819) --- ...s-private-release-4.14__multi-nightly.yaml | 32 ++++ ...s-private-release-4.15__multi-nightly.yaml | 32 ++++ ...tests-master__installer-rehearse-4.14.yaml | 23 ++- ...-tests-private-release-4.14-periodics.yaml | 176 ++++++++++++++++++ ...-tests-private-release-4.15-periodics.yaml | 176 ++++++++++++++++++ ...t-verification-tests-master-periodics.yaml | 8 +- .../installer/check/gcp/user-labels/OWNERS | 10 + ...nstaller-check-gcp-user-labels-commands.sh | 127 +++++++++++++ ...er-check-gcp-user-labels-ref.metadata.json | 17 ++ ...t-installer-check-gcp-user-labels-ref.yaml | 20 ++ .../rehearse/gcp/ipi/user-labels-tags/OWNERS | 1 + .../ipi/user-labels-tags/filestore-csi/OWNERS | 8 + ...-tags-filestore-csi-workflow.metadata.json | 15 ++ ...er-labels-tags-filestore-csi-workflow.yaml | 21 +++ .../gcp/ipi/user-labels-tags/provision/OWNERS | 1 + ...-labels-tags-provision-chain.metadata.json | 15 ++ ...-ipi-user-labels-tags-provision-chain.yaml | 100 ++++++++++ .../provision/user-tags-serviceaccount/OWNERS | 1 + ...ision-user-tags-serviceaccount-commands.sh | 8 + ...user-tags-serviceaccount-ref.metadata.json | 10 + ...rovision-user-tags-serviceaccount-ref.yaml | 13 ++ .../ipi/conf/gcp/user-labels-tags/OWNERS | 5 + .../ipi-conf-gcp-user-labels-tags-commands.sh | 36 ++++ ...onf-gcp-user-labels-tags-ref.metadata.json | 11 ++ .../ipi-conf-gcp-user-labels-tags-ref.yaml | 22 +++ .../ipi-deprovision-deprovision-commands.sh | 3 + .../install/ipi-install-install-commands.sh | 3 + 27 files changed, 881 insertions(+), 13 deletions(-) create mode 100644 ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/OWNERS create mode 100755 ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-commands.sh create mode 100644 ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.metadata.json create mode 100644 ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.yaml create mode 120000 ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.metadata.json create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.yaml create mode 120000 ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/OWNERS create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.metadata.json create mode 100644 ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.yaml create mode 120000 ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/OWNERS create mode 100755 ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-commands.sh create mode 100644 ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.metadata.json create mode 100644 ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.yaml create mode 100644 ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/OWNERS create mode 100755 ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-commands.sh create mode 100644 ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.metadata.json create mode 100644 ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.yaml diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__multi-nightly.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__multi-nightly.yaml index 41a1a709858b..ebca89221952 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__multi-nightly.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14__multi-nightly.yaml @@ -527,6 +527,38 @@ tests: - ref: ipi-install-heterogeneous - chain: openshift-e2e-test-qe workflow: cucushift-installer-rehearse-gcp-ipi-ovn-ipsec +- as: gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive + cron: 42 2 19 * * + steps: + cluster_profile: gcp-qe + dependencies: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: release:multi-latest + dependency_overrides: + OO_INDEX: quay.io/openshift-qe-optional-operators/aosqe-index:v4.14 + env: + E2E_RUN_TAGS: '@amd64 and @gcp-ipi and @network-ovnkubernetes and not @fips' + FEATURE_SET: TechPreviewNoUpgrade + TAG_VERSION: '@4.14' + test: + - chain: openshift-e2e-test-qe-destructive + workflow: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi +- as: gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14 + cron: 9 4 11,26 * * + steps: + cluster_profile: gcp-qe + dependencies: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: release:multi-latest + dependency_overrides: + OO_INDEX: quay.io/openshift-qe-optional-operators/aosqe-index:v4.14 + env: + COMPUTE_NODE_TYPE: t2a-standard-4 + E2E_RUN_TAGS: '@arm64 and @gcp-ipi and @network-ovnkubernetes and not @fips' + FEATURE_SET: TechPreviewNoUpgrade + OCP_ARCH: arm64 + TAG_VERSION: '@4.14' + test: + - chain: openshift-e2e-test-qe + workflow: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi zz_generated_metadata: branch: release-4.14 org: openshift diff --git a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.15__multi-nightly.yaml b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.15__multi-nightly.yaml index 6eacfd6da104..8966c01fcaa1 100644 --- a/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.15__multi-nightly.yaml +++ b/ci-operator/config/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.15__multi-nightly.yaml @@ -726,6 +726,38 @@ tests: test: - chain: cucushift-sdn-migration-ovn workflow: cucushift-installer-rehearse-gcp-ipi-sdn +- as: gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive + cron: 28 5 4 * * + steps: + cluster_profile: gcp-qe + dependencies: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: release:multi-latest + dependency_overrides: + OO_INDEX: quay.io/openshift-qe-optional-operators/aosqe-index:v4.15 + env: + E2E_RUN_TAGS: '@amd64 and @gcp-ipi and @network-ovnkubernetes and not @fips' + FEATURE_SET: TechPreviewNoUpgrade + TAG_VERSION: '@4.15' + test: + - chain: openshift-e2e-test-qe-destructive + workflow: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi +- as: gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14 + cron: 4 1 3,18 * * + steps: + cluster_profile: gcp-qe + dependencies: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: release:multi-latest + dependency_overrides: + OO_INDEX: quay.io/openshift-qe-optional-operators/aosqe-index:v4.15 + env: + COMPUTE_NODE_TYPE: t2a-standard-4 + E2E_RUN_TAGS: '@arm64 and @gcp-ipi and @network-ovnkubernetes and not @fips' + FEATURE_SET: TechPreviewNoUpgrade + OCP_ARCH: arm64 + TAG_VERSION: '@4.15' + test: + - chain: openshift-e2e-test-qe + workflow: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi zz_generated_metadata: branch: release-4.15 org: openshift diff --git a/ci-operator/config/openshift/verification-tests/openshift-verification-tests-master__installer-rehearse-4.14.yaml b/ci-operator/config/openshift/verification-tests/openshift-verification-tests-master__installer-rehearse-4.14.yaml index 0e409e42b0e3..78c582bc6cbb 100644 --- a/ci-operator/config/openshift/verification-tests/openshift-verification-tests-master__installer-rehearse-4.14.yaml +++ b/ci-operator/config/openshift/verification-tests/openshift-verification-tests-master__installer-rehearse-4.14.yaml @@ -40,15 +40,20 @@ tests: - as: installer-rehearse-debug cron: '@yearly' steps: - cluster_profile: aws-qe + cluster_profile: gcp-qe + dependency_overrides: + OO_INDEX: quay.io/openshift-qe-optional-operators/aosqe-index:v4.14 env: - BASE_DOMAIN: qe.devcluster.openshift.com - SLEEP_DURATION: 4h + CREDENTIALS_MODE: Passthrough + FEATURE_SET: TechPreviewNoUpgrade + SLEEP_DURATION: 8h post: - ref: cucushift-installer-wait - - chain: cucushift-installer-rehearse-aws-ipi-proxy-deprovision + - ref: storage-destroy-csi-gcp-filestore + - chain: cucushift-installer-rehearse-gcp-ipi-deprovision pre: - - chain: cucushift-installer-rehearse-aws-ipi-proxy-sdn-workers-rhel8-fips-provision + - chain: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision + - chain: storage-conf-csi-optional-gcp-filestore - as: installer-rehearse-aws cron: '@yearly' steps: @@ -74,11 +79,11 @@ tests: cron: '@yearly' steps: cluster_profile: gcp-qe + dependency_overrides: + OO_INDEX: quay.io/openshift-qe-optional-operators/aosqe-index:v4.14 env: - EXTRACT_MANIFEST_INCLUDED: "true" - FIPS_ENABLED: "true" - RT_ENABLED: "true" - workflow: cucushift-installer-rehearse-gcp-ipi-cco-manual-workload-identity + FEATURE_SET: TechPreviewNoUpgrade + workflow: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi - as: installer-rehearse-ibmcloud cron: '@yearly' steps: diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14-periodics.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14-periodics.yaml index 024d929666c2..0a3119fe872b 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14-periodics.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.14-periodics.yaml @@ -61984,6 +61984,182 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build04 + cron: 42 2 19 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.14 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp-qe + ci-operator.openshift.io/variant: multi-nightly + ci.openshift.io/generator: prowgen + job-release: "4.14" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.14-multi-nightly-gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive-cluster-profile + - --target=gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive + - --variant=multi-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-gcp-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build04 + cron: 9 4 11,26 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.14 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp-qe + ci-operator.openshift.io/variant: multi-nightly + ci.openshift.io/generator: prowgen + job-release: "4.14" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.14-multi-nightly-gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14-cluster-profile + - --target=gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14 + - --variant=multi-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-gcp-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build03 cron: 18 21 5,13,21,28 * * diff --git a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.15-periodics.yaml b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.15-periodics.yaml index eb93ebe5a3af..f2670e9ff8e3 100644 --- a/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.15-periodics.yaml +++ b/ci-operator/jobs/openshift/openshift-tests-private/openshift-openshift-tests-private-release-4.15-periodics.yaml @@ -52392,6 +52392,182 @@ periodics: - name: result-aggregator secret: secretName: result-aggregator +- agent: kubernetes + cluster: build04 + cron: 28 5 4 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.15 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp-qe + ci-operator.openshift.io/variant: multi-nightly + ci.openshift.io/generator: prowgen + job-release: "4.15" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.15-multi-nightly-gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive-cluster-profile + - --target=gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive + - --variant=multi-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/gcp-ipi-user-labels-tags-filestore-csi-tp-amd-f28-destructive-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-gcp-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator +- agent: kubernetes + cluster: build04 + cron: 4 1 3,18 * * + decorate: true + decoration_config: + skip_cloning: true + extra_refs: + - base_ref: release-4.15 + org: openshift + repo: openshift-tests-private + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp-qe + ci-operator.openshift.io/variant: multi-nightly + ci.openshift.io/generator: prowgen + job-release: "4.15" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: periodic-ci-openshift-openshift-tests-private-release-4.15-multi-nightly-gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14 + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --secret-dir=/usr/local/gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14-cluster-profile + - --target=gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14 + - --variant=multi-nightly + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /usr/local/gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14-cluster-profile + name: cluster-profile + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: cluster-profile + secret: + secretName: cluster-secrets-gcp-qe + - name: github-credentials-openshift-ci-robot-private-git-cloner + secret: + secretName: github-credentials-openshift-ci-robot-private-git-cloner + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator - agent: kubernetes cluster: build03 cron: 9 16 5,13,20,27 * * diff --git a/ci-operator/jobs/openshift/verification-tests/openshift-verification-tests-master-periodics.yaml b/ci-operator/jobs/openshift/verification-tests/openshift-verification-tests-master-periodics.yaml index d343449ca178..9e824ed96e7f 100644 --- a/ci-operator/jobs/openshift/verification-tests/openshift-verification-tests-master-periodics.yaml +++ b/ci-operator/jobs/openshift/verification-tests/openshift-verification-tests-master-periodics.yaml @@ -3895,7 +3895,7 @@ periodics: secret: secretName: result-aggregator - agent: kubernetes - cluster: build05 + cluster: build02 cron: '@yearly' decorate: true decoration_config: @@ -3905,8 +3905,8 @@ periodics: org: openshift repo: verification-tests labels: - ci-operator.openshift.io/cloud: aws - ci-operator.openshift.io/cloud-cluster-profile: aws-qe + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp-qe ci-operator.openshift.io/variant: installer-rehearse-4.14 ci.openshift.io/generator: prowgen job-release: "4.14" @@ -3965,7 +3965,7 @@ periodics: secretName: ci-pull-credentials - name: cluster-profile secret: - secretName: cluster-secrets-aws-qe + secretName: cluster-secrets-gcp-qe - name: manifest-tool-local-pusher secret: secretName: manifest-tool-local-pusher diff --git a/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/OWNERS b/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/OWNERS new file mode 100644 index 000000000000..bda2e1db4030 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/OWNERS @@ -0,0 +1,10 @@ +approvers: +- jianlinliu +- yunjiang29 +- gpei +- jianli-wei +reviewers: +- jianlinliu +- yunjiang29 +- gpei +- jianli-wei diff --git a/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-commands.sh b/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-commands.sh new file mode 100755 index 000000000000..61a2e2f2ca6e --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-commands.sh @@ -0,0 +1,127 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +if [ ! -f "${SHARED_DIR}/user_tags_sa.json" ]; then + echo "$(date -u --rfc-3339=seconds) - ERROR: Failed to find the key file of the IAM service-account for userTags testing on GCP." + exit 1 +fi + +if [ -f "${SHARED_DIR}/kubeconfig" ] ; then + export KUBECONFIG=${SHARED_DIR}/kubeconfig +fi + +if [ -f "${SHARED_DIR}/proxy-conf.sh" ] ; then + source "${SHARED_DIR}/proxy-conf.sh" +fi + +CLUSTER_NAME="${NAMESPACE}-${UNIQUE_HASH}" +INFRA_ID="$(oc get infrastructures.config.openshift.io cluster -o jsonpath='{.status.infrastructureName}')" + +GOOGLE_PROJECT_ID="$(< ${CLUSTER_PROFILE_DIR}/openshift_gcp_project)" +export GCP_SHARED_CREDENTIALS_FILE="${SHARED_DIR}/user_tags_sa.json" +sa_email=$(jq -r .client_email ${GCP_SHARED_CREDENTIALS_FILE}) +if ! gcloud auth list | grep -E "\*\s+${sa_email}" +then + gcloud auth activate-service-account --key-file="${GCP_SHARED_CREDENTIALS_FILE}" + gcloud config set project "${GOOGLE_PROJECT_ID}" +fi + +# User-defined labels validation. It will check if each user-defined label is applied. +# Return non-zero is one or more user-defined label absent. +# $1 - the current labels of the resource under question (JSON in compact format) +function validate_user_labels() { + local -r current_labels_str="$1"; shift + + printf '%s' "${USER_LABELS:-}" | while read -r KEY VALUE || [ -n "${KEY}" ] + do + a_key_and_value="\"${KEY}\":\"${VALUE}\"" + if [[ ! ${current_labels_str} =~ ${a_key_and_value} ]]; then + echo "$(date -u --rfc-3339=seconds) - Failed to find label '${a_key_and_value}'." + echo -e "Expected user-defined labels: \n${USER_LABELS}\nCurrent labels: ${current_labels_str}" + return 1 + fi + done +} + +## Try the validation +set +e +ret=0 + +echo "$(date -u --rfc-3339=seconds) - Checking userLabels of machines..." +readarray -t items < <(gcloud compute instances list --filter="name~${CLUSTER_NAME}" --format="table(name,zone)" | grep -v NAME) +for line in "${items[@]}"; do + name="${line%% *}" + zone="${line##* }" + current_labels="$(gcloud compute instances describe ${name} --zone ${zone} --format json | jq -r -c .labels)" + validate_user_labels "${current_labels}" + if [ $? -gt 0 ]; then + echo "$(date -u --rfc-3339=seconds) - Unexpected labels '${current_labels}' for '${name}'." + ret=1 + else + echo "$(date -u --rfc-3339=seconds) - Matched labels '${current_labels}' for '${name}'." + fi +done + +echo "$(date -u --rfc-3339=seconds) - Checking userLabels of disks..." +readarray -t items < <(gcloud compute disks list --filter="name~${CLUSTER_NAME}" --format="table(name,zone)" | grep -v NAME) +for line in "${items[@]}"; do + name="${line%% *}" + zone="${line##* }" + current_labels="$(gcloud compute disks describe ${name} --zone ${zone} --format json | jq -r -c .labels)" + validate_user_labels "${current_labels}" + if [ $? -gt 0 ]; then + echo "$(date -u --rfc-3339=seconds) - Unexpected labels '${current_labels}' for '${name}'." + ret=1 + else + echo "$(date -u --rfc-3339=seconds) - Matched labels '${current_labels}' for '${name}'." + fi +done + +echo "$(date -u --rfc-3339=seconds) - Checking userLabels of forwarding-rules (created by installer)..." +readarray -t items < <(gcloud compute forwarding-rules list --filter="name~${CLUSTER_NAME}" --format="table(name,region)" | grep -v NAME) +for line in "${items[@]}"; do + name="${line%% *}" + region="${line##* }" + current_labels="$(gcloud compute forwarding-rules describe ${name} --region ${region} --format json | jq -r -c .labels)" + validate_user_labels "${current_labels}" + if [ $? -gt 0 ]; then + echo "$(date -u --rfc-3339=seconds) - Unexpected labels '${current_labels}' for '${name}'." + ret=1 + else + echo "$(date -u --rfc-3339=seconds) - Matched labels '${current_labels}' for '${name}'." + fi +done + +echo "$(date -u --rfc-3339=seconds) - Checking userLabels of dns private zone..." +readarray -t items < <(gcloud dns managed-zones list --filter="name~${CLUSTER_NAME}" --format="table(name)" | grep -v NAME) +for line in "${items[@]}"; do + name="${line}" + current_labels="$(gcloud dns managed-zones describe ${name} --format json | jq -r -c .labels)" + validate_user_labels "${current_labels}" + if [ $? -gt 0 ]; then + echo "$(date -u --rfc-3339=seconds) - Unexpected labels '${current_labels}' for '${name}'." + ret=1 + else + echo "$(date -u --rfc-3339=seconds) - Matched labels '${current_labels}' for '${name}'." + fi +done + +echo "$(date -u --rfc-3339=seconds) - Checking userLabels of image-registry buckets..." +readarray -t items < <(gsutil ls | grep "${INFRA_ID}-image-registry") +for line in "${items[@]}"; do + name="${line}" + current_labels="$(gsutil label get ${name} | jq -r -c .)" + validate_user_labels "${current_labels}" + if [ $? -gt 0 ]; then + echo "$(date -u --rfc-3339=seconds) - Unexpected labels '${current_labels}' for '${name}'." + ret=1 + else + echo "$(date -u --rfc-3339=seconds) - Matched labels '${current_labels}' for '${name}'." + fi +done + +echo "$(date -u --rfc-3339=seconds) - exit code '${ret}'" +exit ${ret} diff --git a/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.metadata.json b/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.metadata.json new file mode 100644 index 000000000000..f9257fd8336e --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.metadata.json @@ -0,0 +1,17 @@ +{ + "path": "cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "jianli-wei" + ], + "reviewers": [ + "jianlinliu", + "yunjiang29", + "gpei", + "jianli-wei" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.yaml b/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.yaml new file mode 100644 index 000000000000..a2d94645f5aa --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/check/gcp/user-labels/cucushift-installer-check-gcp-user-labels-ref.yaml @@ -0,0 +1,20 @@ +ref: + as: cucushift-installer-check-gcp-user-labels + from_image: + namespace: ocp + name: "4.14" + tag: upi-installer + commands: cucushift-installer-check-gcp-user-labels-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + env: + - name: USER_LABELS + default: "" + documentation: |- + Add '${KEY} ${VALUE}\n' lines to declare additional user labels for the cluster. For example 'keyA valueA\nkeyB valueB\n', but with actual newlines. + documentation: >- + The step validates the userLabels of the OCP cluster resources, + including machines, disks, forwarding-rules, dns private zone, + storage bucket. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/OWNERS new file mode 120000 index 000000000000..ec405d65a79d --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/OWNERS @@ -0,0 +1 @@ +../OWNERS \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/OWNERS new file mode 100644 index 000000000000..8c6e11a76df2 --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/OWNERS @@ -0,0 +1,8 @@ +approvers: +- jianlinliu +- gpei +- jianli-wei +reviewers: +- jianlinliu +- gpei +- jianli-wei diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.metadata.json new file mode 100644 index 000000000000..1b60bf5406cf --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "gpei", + "jianli-wei" + ], + "reviewers": [ + "jianlinliu", + "gpei", + "jianli-wei" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.yaml new file mode 100644 index 000000000000..a290c9a4a81c --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/filestore-csi/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi-workflow.yaml @@ -0,0 +1,21 @@ +workflow: + as: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-filestore-csi + steps: + pre: + - chain: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision + - chain: storage-conf-csi-optional-gcp-filestore + post: + - ref: storage-destroy-csi-gcp-filestore + - chain: cucushift-installer-rehearse-gcp-ipi-deprovision + env: + CREDENTIALS_MODE: Passthrough + documentation: |- + The IPI workflow provides provision- and deprovision- steps that provision and + deprovision an OpenShift cluster with userLabels and userTags on GCP, allowing + job authors to inject their own end-to-end test logic. + + All modifications to this workflow should be done by modifying the + `cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision` + and `cucushift-installer-rehearse-gcp-ipi-deprovision` + chains to allow other workflows to mimic and extend this base workflow without + a need to backport changes. diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/OWNERS b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/OWNERS new file mode 120000 index 000000000000..ec405d65a79d --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/OWNERS @@ -0,0 +1 @@ +../OWNERS \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.metadata.json b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.metadata.json new file mode 100644 index 000000000000..f9c3a52d859f --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.metadata.json @@ -0,0 +1,15 @@ +{ + "path": "cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "gpei", + "jianli-wei" + ], + "reviewers": [ + "jianlinliu", + "gpei", + "jianli-wei" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.yaml b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.yaml new file mode 100644 index 000000000000..e75dc468155c --- /dev/null +++ b/ci-operator/step-registry/cucushift/installer/rehearse/gcp/ipi/user-labels-tags/provision/cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision-chain.yaml @@ -0,0 +1,100 @@ +chain: + as: cucushift-installer-rehearse-gcp-ipi-user-labels-tags-provision + steps: + - chain: ipi-conf-gcp + - ref: ipi-conf-gcp-user-labels-tags + - ref: ipi-conf-credentials-mode + - ref: gcp-provision-user-tags-serviceaccount + - chain: ipi-install + - ref: enable-qe-catalogsource + - ref: cucushift-installer-check-gcp-user-labels + - chain: cucushift-installer-check + env: + - name: USER_TAGS + default: | + 54643501348 ocp_tag_dev bar + 54643501348 ServicePhase Development + 54643501348 CostCenter 853 + 54643501348 AppCode GCP-004 + openshift-qe Su.Shi-Jiang_Cheng_Zi SHI NIAN + openshift-qe Su.Shi-Die_Lian_Hua-Chun_Jing Hua Tui Can Hong Qing Xing Xiao + openshift-qe hello a + openshift-qe hello.Ou_Yang_Xiu No. 4 + openshift-qe TEST-KEY03 TEST_VALUE-03 + openshift-qe Du.Fu-Chun_Ye_Xi_Yu HAO-YU-ZHI-SHI-JIE + openshift-qe by_AWS Amazon + openshift-qe hello.Liu_Zong_Yuan No. 1 + openshift-qe Li.Bai-Jiang_Jin_Jiu JUN BU JIAN + openshift-qe TEST-KEY04 TEST_VALUE-04 + openshift-qe Su.Shi-Nian_Nu_Jiao.Chi_Bi Da Jiang Dong Qu + openshift-qe by_Alibaba-Cloud from China + openshift-qe Hua-Mu-Lan Jin Guo Ying Xiong + openshift-qe TEST-KEY01 TEST_VALUE-01.x@2023%redhat=GREAT+COMPANY:a,b*c#D&(e){f}[g]abcZ + openshift-qe b b + openshift-qe Wang.Wei-Jiu_Yue_Jiu_Ri Mei Feng Jia Jie Bei Si Qin + openshift-qe hello.Su_Shi No. 5 + openshift-qe Su.Shi-Ying_Hu_Shang Xi Hu Xi-Zi + openshift-qe hello.Su_Xun No. 7 + openshift-qe hello.Wang_An_Shi No. 3 + openshift-qe Gao.Shi-Bei_Dong_Da Mo Chou Qian Lu Wu Zhi Ji + openshift-qe DU-FU Du Zi-Mei + openshift-qe Li.Bai-Wang_Lu_Shan_Pu_Bu Fei Liu Zhi Xia + openshift-qe numerical_character.2023-in-middle numerical_character 2023-in-middle + openshift-qe Su-Dong-Po.is.so_great ha-ha-ha + openshift-qe end-with.numerical_character-2023 end-with numerical_character 2023 + openshift-qe uppercase_character-IN-middle uppercase_CHARACTER IN-middle + openshift-qe hello.Zeng_Gong No. 2 + openshift-qe department marketing + openshift-qe Su.Shi-Ti_Xi_Lin_Bi Heng Kan Cheng Ling Ce Cheng Feng + openshift-qe a hello + openshift-qe X X + openshift-qe hello.Su_Zhe No. 6 + openshift-qe Su.Shi-Ding_Feng_Bo Mo Ting Chuan Lin Da Ye Sheng + openshift-qe This.is.test-message1234567890.1234567890.1234567890.1234567890 hello_a-b.c@d%e=f+g:h,i*j#k&l(m){n}[o](p){q}[r]@@@@@@@@@@@@@@@z + openshift-qe TEST-KEY02 TEST_VALUE-02 + openshift-qe hello.Han_Yu No. 8 + openshift-qe Li.Bai chuang qian ming yue guang, yi shi di shang shuang + openshift-qe 2023.begin-with-numerical_character 2023 begin-with numerical_character + openshift-qe end-with.uppercase_characteR end-with.uppercase_CHARACTER + openshift-qe Li.Bai-Huang_He_Lou GU-REN_XI_CI + openshift-qe Su.Shi-Chun_Jiang_Wan_Jing Chun Jiang Shui Nuan + openshift-qe by.Azure US + openshift-qe Begin-with.uppercase_character BEGIN-with.uppercase_character + openshift-qe Su.Shi-Shui_Diao_Ge_Tou Ming-Yue-Ji-Shi-You + openshift-qe team installer qe + - name: USER_LABELS + default: | + createdby installer-qe + environment test + aa 8 + a_012345678901234567890123456789012345678901234567890123456789- 012345678901234567890123456789012345678901234567890123456789-a_ + b_012345678901234567890123456789012345678901234567890123456789- 012345678901234567890123456789012345678901234567890123456789-b_ + test-label_key01 test-label_value01 + test-label_key02 test-label_value02 + test-label_key03 test-label_value03 + test-label_key04 test-label_value04 + test-label_key05 test-label_value05 + test-label_key06 test-label_value06 + test-label_key07 test-label_value07 + test-label_key08 test-label_value08 + test-label_key09 test-label_value09 + test-label_key10 test-label_value10 + test-label_key11 test-label_value11 + test-label_key12 test-label_value12 + test-label_key13 test-label_value13 + test-label_key14 test-label_value14 + test-label_key15 test-label_value15 + test-label_key16 test-label_value16 + test-label_key17 test-label_value17 + test-label_key18 test-label_value18 + test-label_key19 test-label_value19 + test-label_key20 test-label_value20 + test-label_key21 test-label_value21 + test-label_key22 test-label_value22 + test-label_key23 test-label_value23 + test-label_key24 test-label_value24 + test-label_key25 test-label_value25 + test-label_key26 test-label_value26 + test--label__key27 test--label__value27 + documentation: |- + Create an IPI cluster with userLabels and userTags on GCP for QE e2e tests. diff --git a/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/OWNERS b/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/OWNERS new file mode 120000 index 000000000000..ec405d65a79d --- /dev/null +++ b/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/OWNERS @@ -0,0 +1 @@ +../OWNERS \ No newline at end of file diff --git a/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-commands.sh b/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-commands.sh new file mode 100755 index 000000000000..6b255594edcc --- /dev/null +++ b/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-commands.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +echo "$(date -u --rfc-3339=seconds) - Enabling the IAM service-account for userTags testing on GCP..." +cp "${CLUSTER_PROFILE_DIR}/user_tags_sa.json" "${SHARED_DIR}/" diff --git a/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.metadata.json b/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.metadata.json new file mode 100644 index 000000000000..d5e00c7f07e2 --- /dev/null +++ b/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.metadata.json @@ -0,0 +1,10 @@ +{ + "path": "gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.yaml", + "owners": { + "approvers": [ + "gpei", + "jianlinliu", + "jianli-wei" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.yaml b/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.yaml new file mode 100644 index 000000000000..62e281d243cd --- /dev/null +++ b/ci-operator/step-registry/gcp/provision/user-tags-serviceaccount/gcp-provision-user-tags-serviceaccount-ref.yaml @@ -0,0 +1,13 @@ +ref: + as: gcp-provision-user-tags-serviceaccount + from_image: + namespace: ocp + name: "4.14" + tag: upi-installer + commands: gcp-provision-user-tags-serviceaccount-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + documentation: |- + The step enables the IAM service account which is for userTags testing on GCP. diff --git a/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/OWNERS b/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/OWNERS new file mode 100644 index 000000000000..4edac5e433e4 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/OWNERS @@ -0,0 +1,5 @@ +approvers: +- jianlinliu +- gpei +- yunjiang29 +- jianli-wei diff --git a/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-commands.sh b/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-commands.sh new file mode 100755 index 000000000000..62455bcfc290 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-commands.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -o nounset +set -o errexit +set -o pipefail + +CONFIG="${SHARED_DIR}/install-config.yaml" +PATCH="${SHARED_DIR}/user-labels-tags.yaml.patch" +cat > "${PATCH}" << EOF +platform: + gcp: +EOF + +# user labels +i=0 +printf '%s' "${USER_LABELS:-}" | while read -r KEY VALUE || [ -n "${KEY}" ] +do + yq-go write -i "${PATCH}" "platform.gcp.userLabels[$i].key" "${KEY}" + yq-go write -i "${PATCH}" "platform.gcp.userLabels[$i].value" "${VALUE}" + i=$(( $i + 1)) +done + +# user tags +i=0 +printf '%s' "${USER_TAGS:-}" | while read -r PARENT KEY VALUE || [ -n "${PARENT}" ] +do + yq-go write -i "${PATCH}" "platform.gcp.userTags[$i].parentID" "${PARENT}" + yq-go write -i "${PATCH}" "platform.gcp.userTags[$i].key" "${KEY}" + yq-go write -i "${PATCH}" "platform.gcp.userTags[$i].value" "${VALUE}" + i=$(( $i + 1)) +done + +yq-go m -x -i "${CONFIG}" "${PATCH}" +yq-go r "${CONFIG}" platform + +rm "${PATCH}" diff --git a/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.metadata.json b/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.metadata.json new file mode 100644 index 000000000000..457c27d813d6 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.metadata.json @@ -0,0 +1,11 @@ +{ + "path": "ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.yaml", + "owners": { + "approvers": [ + "jianlinliu", + "gpei", + "yunjiang29", + "jianli-wei" + ] + } +} \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.yaml b/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.yaml new file mode 100644 index 000000000000..3df762cf0353 --- /dev/null +++ b/ci-operator/step-registry/ipi/conf/gcp/user-labels-tags/ipi-conf-gcp-user-labels-tags-ref.yaml @@ -0,0 +1,22 @@ +ref: + as: ipi-conf-gcp-user-labels-tags + from_image: + namespace: ocp + name: "4.12" + tag: upi-installer + commands: ipi-conf-gcp-user-labels-tags-commands.sh + resources: + requests: + cpu: 10m + memory: 100Mi + env: + - name: USER_TAGS + default: "" + documentation: |- + Add '${PARENT_ID} ${KEY} ${VALUE}\n' lines to declare additional user tags for the cluster. For example 'organizationID keyA valueA\nprojectID keyB valueB\n', but with actual newlines. + - name: USER_LABELS + default: "" + documentation: |- + Add '${KEY} ${VALUE}\n' lines to declare additional user labels for the cluster. For example 'keyA valueA\nkeyB valueB\n', but with actual newlines. + documentation: |- + The IPI configuration step inserts userLabels and userTags into install-config.yaml. \ No newline at end of file diff --git a/ci-operator/step-registry/ipi/deprovision/deprovision/ipi-deprovision-deprovision-commands.sh b/ci-operator/step-registry/ipi/deprovision/deprovision/ipi-deprovision-deprovision-commands.sh index 0e5d7c4cdaf7..c873f6a8a8fd 100644 --- a/ci-operator/step-registry/ipi/deprovision/deprovision/ipi-deprovision-deprovision-commands.sh +++ b/ci-operator/step-registry/ipi/deprovision/deprovision/ipi-deprovision-deprovision-commands.sh @@ -26,6 +26,9 @@ export GOOGLE_CLOUD_KEYFILE_JSON=$CLUSTER_PROFILE_DIR/gce.json if [ -f "${SHARED_DIR}/gcp_min_permissions.json" ]; then echo "$(date -u --rfc-3339=seconds) - Using the IAM service account for the minimum permissions testing on GCP..." export GOOGLE_CLOUD_KEYFILE_JSON="${SHARED_DIR}/gcp_min_permissions.json" +elif [ -f "${SHARED_DIR}/user_tags_sa.json" ]; then + echo "$(date -u --rfc-3339=seconds) - Using the IAM service account for the userTags testing on GCP..." + export GOOGLE_CLOUD_KEYFILE_JSON="${SHARED_DIR}/user_tags_sa.json" fi export OS_CLIENT_CONFIG_FILE=${SHARED_DIR}/clouds.yaml export OVIRT_CONFIG=${SHARED_DIR}/ovirt-config.yaml diff --git a/ci-operator/step-registry/ipi/install/install/ipi-install-install-commands.sh b/ci-operator/step-registry/ipi/install/install/ipi-install-install-commands.sh index 62ca38c4abe8..d4f43d591a0b 100755 --- a/ci-operator/step-registry/ipi/install/install/ipi-install-install-commands.sh +++ b/ci-operator/step-registry/ipi/install/install/ipi-install-install-commands.sh @@ -532,6 +532,9 @@ gcp) if [ -f "${SHARED_DIR}/gcp_min_permissions.json" ]; then echo "$(date -u --rfc-3339=seconds) - Using the IAM service account for the minimum permissions testing on GCP..." export GOOGLE_CLOUD_KEYFILE_JSON="${SHARED_DIR}/gcp_min_permissions.json" + elif [ -f "${SHARED_DIR}/user_tags_sa.json" ]; then + echo "$(date -u --rfc-3339=seconds) - Using the IAM service account for the userTags testing on GCP..." + export GOOGLE_CLOUD_KEYFILE_JSON="${SHARED_DIR}/user_tags_sa.json" fi ;; ibmcloud*)