Add managed cluster to framework tests

ci-operator/config/stolostron/governance-policy-framework/stolostron-governance-policy-framework-main.yaml

@@ -27,8 +27,8 @@ tests:
       IMAGE_REPO: grc-policy-framework-tests
       REGISTRY_ORG: stolostron
     workflow: ocm-ci-image-mirror
-- as: test-e2e-grc-framework
-  run_if_changed: ^test/integration/.*
+- always_run: false
+  as: test-e2e-grc-framework
   steps:
     dependencies:
       COMPONENT_IMAGE_REF: grc-policy-framework-tests
@@ -40,6 +40,7 @@ tests:
       CLUSTERPOOL_LIFETIME: 4h
       CLUSTERPOOL_LIST_EXCLUSION_FILTER: dev\|autoclaims
       CLUSTERPOOL_LIST_INCLUSION_FILTER: prow
+      CLUSTERPOOL_MANAGED_COUNT: "1"
       PIPELINE_STAGE: dev
       SKIP_COMPONENT_INSTALL: "true"
     test:

ci-operator/jobs/stolostron/governance-policy-framework/stolostron-governance-policy-framework-main-presubmits.yaml

@@ -119,7 +119,6 @@ presubmits:
       pj-rehearse.openshift.io/can-be-rehearsed: "true"
     name: pull-ci-stolostron-governance-policy-framework-main-test-e2e-grc-framework
     rerun_command: /test test-e2e-grc-framework
-    run_if_changed: ^test/integration/.*
     spec:
       containers:
       - args:
@@ -159,4 +158,4 @@ presubmits:
       - name: result-aggregator
         secret:
           secretName: result-aggregator
-    trigger: (?m)^/test( | .* )test-e2e-grc-framework,?($|\s.*)
+    trigger: (?m)^/test( | .* )(test-e2e-grc-framework|remaining-required),?($|\s.*)

ci-operator/step-registry/ocm/ci/fastforward/ocm-ci-fastforward-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     name: builder
     namespace: stolostron
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-ci-fastforward-commands.sh
   resources:
     requests:

ci-operator/step-registry/ocm/ci/image-mirror-periodic/ocm-ci-image-mirror-periodic-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     name: builder
     namespace: stolostron
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-ci-image-mirror-periodic-commands.sh
   credentials:
   - mount_path: /secrets/acm-cicd-osci-push
@@ -27,7 +27,7 @@ ref:
   - name: REGISTRY_SECRET_FILE
     default: token
     documentation: |-
-      The name of the file in REGSITRY_SECRET with the contents of
+      The name of the file in REGISTRY_SECRET with the contents of
       the .docker/config.json file encoded in base64.
   - name: REGISTRY_HOST
     default: quay.io

ci-operator/step-registry/ocm/ci/image-mirror/ocm-ci-image-mirror-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     name: builder
     namespace: stolostron
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-ci-image-mirror-commands.sh
   credentials:
   - mount_path: /secrets/acm-cicd-osci-push

ci-operator/step-registry/ocm/ci/manifest-update/ocm-ci-manifest-update-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     name: builder
     namespace: stolostron
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-ci-manifest-update-commands.sh
   credentials:
   - mount_path: /secrets/acm-cicd-github

ci-operator/step-registry/ocm/ci/rbac/ocm-ci-rbac-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     name: builder
     namespace: stolostron
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-ci-rbac-commands.sh
   resources:
     requests:

ci-operator/step-registry/ocm/e2e/clusterpool/checkin/ocm-e2e-clusterpool-checkin-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     namespace: stolostron
     name: builder
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-e2e-clusterpool-checkin-commands.sh
   resources:
     requests:

ci-operator/step-registry/ocm/e2e/clusterpool/checkout/ocm-e2e-clusterpool-checkout-commands.sh

@@ -1,73 +1,101 @@
 #!/bin/bash
 
+log() {
+    echo "$(date --iso-8601=seconds)   ${1}"
+}
+
+checkoutCluster() {
+    local cluster_type="${1}"
+    local cluster_idx="${2}"
+    local pool_filter="${3}"
+
+    local cluster_claim=""
+    local tmp_claim="${cluster_type}-${cluster_idx}-$suffix"
+    local filtered_pools=""
+    filtered_pools="$(echo "${pools}" | grep -e "${pool_filter}")"
+
+    for pool in ${filtered_pools}; do
+        log "Provisioning claim ${tmp_claim} from ClusterPool ${pool} ..."
+        make clusterpool/checkout \
+            CLUSTERPOOL_NAME=${pool} \
+            CLUSTERPOOL_CLUSTER_CLAIM=${tmp_claim} 2>&1 |
+            sed -u "s/^/${tmp_claim}   /" |
+            tee ${ARTIFACT_DIR}/${pool}_${tmp_claim}-.log
+
+        if [[ "${PIPESTATUS[0]}" == 0 ]]; then
+            cluster_claim="${tmp_claim}"
+            break
+        fi
+
+        log "Claim ${tmp_claim} from ClusterPool ${pool} failed."
+    done
+
+    if [[ -z "${cluster_claim}" ]]; then
+        log "No cluster was checked out for ${cluster_type} ${cluster_idx}. Tried these cluster pools:"
+        echo "${filtered_pools}"
+        return 1
+    fi
+
+    echo "${cluster_claim}" >>"${SHARED_DIR}/${CLUSTER_CLAIM_FILE}"
+}
+
 temp=$(mktemp -d -t ocm-XXXXX)
 cd $temp || exit 1
 
 cp "$MAKEFILE" ./Makefile
 
+log "Starting cluster provisioning ..."
+
 pools=""
-if [[ -n "$CLUSTERPOOL_LIST" ]] ; then
+if [[ -n "$CLUSTERPOOL_LIST" ]]; then
     pools=$(echo "$CLUSTERPOOL_LIST" | tr "," "\n")
-elif [[ -f "${SHARED_DIR}/${CLUSTERPOOL_LIST_FILE}" ]] ; then
+elif [[ -f "${SHARED_DIR}/${CLUSTERPOOL_LIST_FILE}" ]]; then
     pools=$(cat "${SHARED_DIR}/${CLUSTERPOOL_LIST_FILE}")
 fi
 
 if [[ -z "$pools" ]]; then
-    echo "No pools specified by CLUSTERPOOL_LIST or CLUSTERPOOL_LIST_FILE"
+    log "No pools specified by CLUSTERPOOL_LIST or CLUSTERPOOL_LIST_FILE"
     exit 1
 fi
 
-suffix=$(cat /dev/urandom | tr -dc "a-z0-9" | head -c 5 )
+pids=()
+suffix=$(cat /dev/urandom | tr -dc "a-z0-9" | head -c 5)
 
 # Checkout hub clusters
-for ((i=1;i<=CLUSTERPOOL_HUB_COUNT;i++)); do
-    cluster_claim=""
-    for pool in $pools; do
-        tmp_claim="hub-$i-$suffix"
-        make clusterpool/checkout \
-            CLUSTERPOOL_NAME=$pool \
-            CLUSTERPOOL_CLUSTER_CLAIM=$tmp_claim
-
-        if [[ "$?" == 0 ]]; then
-            cluster_claim="$tmp_claim"
-            break
-        fi
-    done
-
-    if [[ -z "$cluster_claim" ]]; then
-        echo "No cluster was checked out for hub $i. Tried these cluster pools:"
-        echo "$pools"
-        exit 1
-    fi
-
-    echo "$cluster_claim" >> "${SHARED_DIR}/${CLUSTER_CLAIM_FILE}"
-done
+log "Provisioning ${CLUSTERPOOL_HUB_COUNT} hub clusters ..."
+if [[ -n "${CLUSTERPOOL_HUB_FILTER}" ]]; then
+    log "Filtering ClusterPool list using filter: '${CLUSTERPOOL_HUB_FILTER}' ..."
+fi
 
+for ((i = 1; i <= CLUSTERPOOL_HUB_COUNT; i++)); do
+    checkoutCluster hub ${i} "${CLUSTERPOOL_HUB_FILTER}" &
+    pids+=($!)
+    sleep 60
+done
 
 # Checkout managed clusters
-for ((i=1;i<=CLUSTERPOOL_MANAGED_COUNT;i++)); do
-    cluster_claim=""
-    for pool in $pools; do
-        tmp_claim="managed-$i-$suffix"
-        make clusterpool/checkout \
-            CLUSTERPOOL_NAME=$pool \
-            CLUSTERPOOL_CLUSTER_CLAIM=$tmp_claim
-
-        if [[ "$?" == 0 ]]; then
-            cluster_claim="$tmp_claim"
-            break
-        fi
-    done
-
-    if [[ -z "$cluster_claim" ]]; then
-        echo "No cluster was checked out for managed $i. Tried these cluster pools:"
-        echo "$pools"
-        exit 1
-    fi
-
-    echo "$cluster_claim" >> "${SHARED_DIR}/${CLUSTER_CLAIM_FILE}"
+log "Provisioning ${CLUSTERPOOL_MANAGED_COUNT} managed clusters ..."
+if [[ -n "${CLUSTERPOOL_MANAGED_FILTER}" ]]; then
+    log "Filtering ClusterPool list using filter: '${CLUSTERPOOL_MANAGED_FILTER}' ..."
+fi
+
+for ((i = 1; i <= CLUSTERPOOL_MANAGED_COUNT; i++)); do
+    checkoutCluster managed ${i} "${CLUSTERPOOL_MANAGED_FILTER}" &
+    pids+=($!)
+    sleep 60
 done
 
+# Wait for background processes to complete and collect exit codes
+exit_code=0
+
+for pid in "${pids[@]}"; do
+  wait ${pid} || exit_code=$?
+done
+
+if [[ "${exit_code}" != 0 ]]; then
+    log "error: claim provisioning failed"
+    exit ${exit_code}
+fi
 
-echo "Cluster claims:"
+log "Cluster claims:"
 cat "${SHARED_DIR}/${CLUSTER_CLAIM_FILE}"

ci-operator/step-registry/ocm/e2e/clusterpool/checkout/ocm-e2e-clusterpool-checkout-ref.yaml

@@ -3,40 +3,40 @@ ref:
   from_image:
     namespace: stolostron
     name: builder
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-e2e-clusterpool-checkout-commands.sh
   resources:
     requests:
       cpu: 100m
       memory: 100Mi
   credentials:
-  - namespace: test-credentials
-    name: acm-cicd-clusterpool-shared
-    mount_path: /etc/acm-cicd-clusterpool-shared
-  - namespace: test-credentials
-    name: ocm-obs-usa-clusterpool
-    mount_path: /etc/ocm-obs-usa-clusterpool
-  - namespace: test-credentials
-    name: ocm-obs-china-clusterpool
-    mount_path: /etc/ocm-obs-china-clusterpool
-  - namespace: test-credentials
-    name: ocm-console-clusterpool
-    mount_path: /etc/ocm-console-clusterpool
-  - namespace: test-credentials
-    name: ocm-grc-clusterpool
-    mount_path: /etc/ocm-grc-clusterpool
-  - namespace: test-credentials
-    name: ocm-mgdsvcs-clusterpool
-    mount_path: /etc/ocm-mgdsvcs-clusterpool
-  - namespace: test-credentials
-    name: ocm-hub-of-hubs-clusterpool
-    mount_path: /etc/ocm-hub-of-hubs-clusterpool
-  - namespace: test-credentials
-    name: ocm-app-clusterpool
-    mount_path: /etc/ocm-app-clusterpool
-  - namespace: test-credentials
-    name: ocm-sf-clusterpool
-    mount_path: /etc/ocm-sf-clusterpool
+    - namespace: test-credentials
+      name: acm-cicd-clusterpool-shared
+      mount_path: /etc/acm-cicd-clusterpool-shared
+    - namespace: test-credentials
+      name: ocm-obs-usa-clusterpool
+      mount_path: /etc/ocm-obs-usa-clusterpool
+    - namespace: test-credentials
+      name: ocm-obs-china-clusterpool
+      mount_path: /etc/ocm-obs-china-clusterpool
+    - namespace: test-credentials
+      name: ocm-console-clusterpool
+      mount_path: /etc/ocm-console-clusterpool
+    - namespace: test-credentials
+      name: ocm-grc-clusterpool
+      mount_path: /etc/ocm-grc-clusterpool
+    - namespace: test-credentials
+      name: ocm-mgdsvcs-clusterpool
+      mount_path: /etc/ocm-mgdsvcs-clusterpool
+    - namespace: test-credentials
+      name: ocm-hub-of-hubs-clusterpool
+      mount_path: /etc/ocm-hub-of-hubs-clusterpool
+    - namespace: test-credentials
+      name: ocm-app-clusterpool
+      mount_path: /etc/ocm-app-clusterpool
+    - namespace: test-credentials
+      name: ocm-sf-clusterpool
+      mount_path: /etc/ocm-sf-clusterpool
   env:
     - name: MAKEFILE
       default: "/opt/build-harness/Makefile.prow"
@@ -76,10 +76,22 @@ ref:
       default: "1"
       documentation: |-
         The number of hub clusters to checkout.
+    - name: CLUSTERPOOL_HUB_FILTER
+      default: ""
+      documentation: |-
+        A filter used by grep to select a set of cluster pools to use when
+        checking out hub clusters. If the filter is empty, all cluster pools 
+        from the list results will be used.
     - name: CLUSTERPOOL_MANAGED_COUNT
       default: "0"
       documentation: |-
         The number of managed clusters to checkout.
+    - name: CLUSTERPOOL_MANAGED_FILTER
+      default: ""
+      documentation: |-
+        A filter used by grep to select a set of cluster pools to use when
+        checking out managed clusters. If the filter is empty, all cluster 
+        pools from the list results will be used.
     - name: CLUSTER_CLAIM_FILE
       default: "cluster-claims"
       documentation: |-

ci-operator/step-registry/ocm/e2e/clusterpool/cluster/deploy/ocm-e2e-clusterpool-cluster-deploy-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     namespace: stolostron
     name: builder
-    tag: go1.20-linux
+    tag: go1.22-linux
   grace_period: 10m
   commands: ocm-e2e-clusterpool-cluster-deploy-commands.sh
   dependencies:

ci-operator/step-registry/ocm/e2e/clusterpool/cluster/getcreds/ocm-e2e-clusterpool-cluster-getcreds-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     namespace: stolostron
     name: builder
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-e2e-clusterpool-cluster-getcreds-commands.sh
   resources:
     requests:

ci-operator/step-registry/ocm/e2e/clusterpool/list/ocm-e2e-clusterpool-list-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     namespace: stolostron
     name: builder
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-e2e-clusterpool-list-commands.sh
   resources:
     requests:

ci-operator/step-registry/ocm/e2e/kind/create/ocm-e2e-kind-create-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     namespace: stolostron
     name: builder
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-e2e-kind-create-commands.sh
   resources:
     requests:

ci-operator/step-registry/ocm/e2e/kind/destroy/ocm-e2e-kind-destroy-ref.yaml

@@ -3,7 +3,7 @@ ref:
   from_image:
     namespace: stolostron
     name: builder
-    tag: go1.20-linux
+    tag: go1.22-linux
   commands: ocm-e2e-kind-destroy-commands.sh
   resources:
     requests:

core-services/prow/02_config/stolostron/governance-policy-framework/_prowconfig.yaml

@@ -59,6 +59,7 @@ branch-protection:
                 contexts:
                 - Framework KinD / Tests (latest, true)
                 - Framework KinD / Tests (latest, false)
+          require_manually_triggered_jobs: true
 tide:
   merge_method:
     stolostron/governance-policy-framework: rebase