Update 'common.sh' to implement PAT setup flow

2023-05-19 16:07:47 +03:00 · 2023-05-19 16:07:47 +03:00 · 70823d6133
parent 98ead3186b
commit 70823d6133
1 changed files with 109 additions and 34 deletions
--- a/.ci/openshift-ci/common.sh
+++ b/.ci/openshift-ci/common.sh
@ -24,12 +24,13 @@ export CHE_FORWARDED_PORT="8081"
 export OCP_ADMIN_USER_NAME=${OCP_ADMIN_USER_NAME:-"admin"}
 export OCP_NON_ADMIN_USER_NAME=${OCP_NON_ADMIN_USER_NAME:-"user"}
 export OCP_LOGIN_PASSWORD=${OCP_LOGIN_PASSWORD:-"passw"}
-export ADMIN_PROJECT_NAME=${OCP_ADMIN_USER_NAME}"-che"
-export USER_PROJECT_NAME=${OCP_NON_ADMIN_USER_NAME}"-che"
+export ADMIN_CHE_NAMESPACE=${OCP_ADMIN_USER_NAME}"-che"
+export USER_CHE_NAMESPACE=${OCP_NON_ADMIN_USER_NAME}"-che"
+export GIT_PROVIDER_USERNAME=${GIT_PROVIDER_USERNAME:-"chepullreq1"}
 export PUBLIC_REPO_WORKSPACE_NAME=${PUBLIC_REPO_WORKSPACE_NAME:-"public-repo-wksp-testname"}
 export PRIVATE_REPO_WORKSPACE_NAME=${PRIVATE_REPO_WORKSPACE_NAME:-"private-repo-wksp-testname"}
-export PUBLIC_PROJECT_GITLAB_NAME=${PUBLIC_PROJECT_NAME:-"public-repo"}
-export PRIVATE_PROJECT_GITLAB_NAME=${PRIVATE_PROJECT_NAME:-"private-repo"}
+export PUBLIC_PROJECT_NAME=${PUBLIC_PROJECT_NAME:-"public-repo"}
+export PRIVATE_PROJECT_NAME=${PRIVATE_PROJECT_NAME:-"private-repo"}
 export YAML_FILE_NAME=${YAML_FILE_NAME:-"devfile.yaml"}

 provisionOpenShiftOAuthUser() {
@ -44,7 +45,7 @@ provisionOpenShiftOAuthUser() {
  CURRENT_TIME=$(date +%s)
  ENDTIME=$((CURRENT_TIME + 300))
  while [ "$(date +%s)" -lt $ENDTIME ]; do
-      if oc login -u ${OCP_ADMIN_USER_NAME} -p ${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false; then
+      if oc login -u=${OCP_ADMIN_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false; then
          break
      fi
      sleep 10
@ -95,13 +96,12 @@ requestFactoryResolverGitRepoUrl() {
  }'
 }

-# check that factory resolver returns correct value
+# check that factory resolver returns correct value without any PAT/OAuth setup
 testFactoryResolverNoPatOAuth() {
  PUBLIC_REPO_URL=$1
  PRIVATE_REPO_URL=$2

-  echo "[INFO] Check factory resolver with NO PAT/OAuth setup"
-  # for public repo
+  echo "[INFO] Check factory resolver for public repository with NO PAT/OAuth setup"
  if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then
    echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
  else
@ -109,7 +109,7 @@ testFactoryResolverNoPatOAuth() {
    exit 1
  fi

-  # for private repo
+  echo "[INFO] Check factory resolver for private repository with NO PAT/OAuth setup"
  if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 400")" ]; then
    echo "[INFO] Factory resolver returned 'HTTP/1.1 400' status code. Expected client side error."
  else
@ -118,12 +118,12 @@ testFactoryResolverNoPatOAuth() {
  fi
 }

+# check that factory resolver returns correct value with PAT/OAuth setup
 testFactoryResolverWithPatOAuth() {
  PUBLIC_REPO_URL=$1
  PRIVATE_REPO_URL=$2

-  echo "[INFO] Check factory resolver with PAT/OAuth setup"
-  # for public repo
+  echo "[INFO] Check factory resolver for public repository with PAT/OAuth setup"
  if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then
    echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
  else
@ -131,7 +131,7 @@ testFactoryResolverWithPatOAuth() {
    exit 1
  fi

-  # for private repo
+  echo "[INFO] Check factory resolver for private repository with PAT/OAuth setup"
  if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 200")" ]; then
    echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code."
  else
@ -140,13 +140,60 @@ testFactoryResolverWithPatOAuth() {
  fi
 }

+requestProvisionNamespace() {
+  CLUSTER_ACCESS_TOKEN=$(oc whoami -t)
+
+  curl -i -X 'POST' \
+    http://localhost:${CHE_FORWARDED_PORT}/api/kubernetes/namespace/provision \
+    -H 'accept: application/json' \
+    -H "Authorization: Bearer ${CLUSTER_ACCESS_TOKEN}" \
+    -d ''
+}
+
+initUserNamespace() {
+  OCP_USER_NAME=$1
+
+  echo "[INFO] Initialize user namespace"
+  oc login -u=${OCP_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false
+  if [ "$(requestProvisionNamespace | grep "HTTP/1.1 200")" ]; then
+    echo "[INFO] Request provision user namespace returned 'HTTP/1.1 200' status code."
+  else
+    echo "[ERROR] Request provision user namespace returned wrong status code. Expected: HTTP/1.1 200"
+    exit 1
+  fi
+}
+
+setupPersonalAccessToken() {
+  GIT_PROVIDER_TYPE=$1
+  GIT_PROVIDER_URL=$2
+  GIT_PROVIDER_USER_ID=$3
+  GIT_PROVIDER_PAT=$4
+
+  echo "[INFO] Setup Personal Access Token Secret"
+  oc project ${USER_CHE_NAMESPACE}
+  CHE_USER_ID=$(oc get secret user-profile -o jsonpath='{.data.id}' | base64 -d)
+  ENCODED_PAT=$(echo -n ${GIT_PROVIDER_PAT} | base64)
+  cat .ci/openshift-ci/pat-secret.yaml > pat-secret.yaml
+
+  # patch the pat-secret.yaml file
+  sed -i "s#che-user-id#${CHE_USER_ID}#g" pat-secret.yaml
+  sed -i "s#git-provider-name#${GIT_PROVIDER_TYPE}#g" pat-secret.yaml
+  sed -i "s#git-provider-url#${GIT_PROVIDER_URL}#g" pat-secret.yaml
+  sed -i "s#git-provider-user-id#${GIT_PROVIDER_USER_ID}#g" pat-secret.yaml
+  sed -i "s#encoded-access-token#${ENCODED_PAT}#g" pat-secret.yaml
+
+  cat pat-secret.yaml
+
+  oc apply -f pat-secret.yaml -n ${USER_CHE_NAMESPACE}
+}
+
 runTestWorkspaceWithGitRepoUrl() {
  WS_NAME=$1
  PROJECT_NAME=$2
  GIT_REPO_URL=$3
+  OCP_USER_NAMESPACE=$4

-  oc new-project ${USER_PROJECT_NAME} || true
-  oc project ${USER_PROJECT_NAME}
+  oc project ${OCP_USER_NAMESPACE}
  cat .ci/openshift-ci/devworkspace-test.yaml > devworkspace-test.yaml

  # patch the devworkspace-test.yaml file
@ -156,36 +203,44 @@ runTestWorkspaceWithGitRepoUrl() {

  cat devworkspace-test.yaml

-  oc apply -f devworkspace-test.yaml -n ${USER_PROJECT_NAME}
-  oc wait -n ${USER_PROJECT_NAME} --for=condition=Ready dw ${WS_NAME} --timeout=360s
+  oc apply -f devworkspace-test.yaml -n ${OCP_USER_NAMESPACE}
+  oc wait -n ${OCP_USER_NAMESPACE} --for=condition=Ready dw ${WS_NAME} --timeout=360s
+  echo "[INFO] Test workspace is run"
 }

 testProjectIsCloned() {
  PROJECT_NAME=$1
-  WORKSPACE_POD_NAME=$(oc get pods -n ${USER_PROJECT_NAME} | grep workspace | awk '{print $1}')
-  if oc exec -it -n ${USER_PROJECT_NAME} ${WORKSPACE_POD_NAME} -- test -f /projects/${PROJECT_NAME}/${YAML_FILE_NAME}; then
+  OCP_USER_NAMESPACE=$2
+
+  WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}')
+  if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- test -f /projects/${PROJECT_NAME}/${YAML_FILE_NAME}; then
    echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} exists."
  else
    echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} does not exist."
-    exit 1
+    return 1
  fi
 }

-# check a project is not cloned for private repo with no OAuth/PAT setup
-testProjectIsNotCloned() {
-  PROJECT_NAME=$1
-  WORKSPACE_POD_NAME=$(oc get pods -n ${USER_PROJECT_NAME} | grep workspace | awk '{print $1}')
-  if oc exec -it -n ${USER_PROJECT_NAME} ${WORKSPACE_POD_NAME} -- test -e /projects/${PROJECT_NAME}; then
-    echo "[ERROR] Project /projects/${PROJECT_NAME} exists."
-    exit 1
+testGitCredentials() {
+  OCP_USER_NAMESPACE=$1
+  GIT_PROVIDER_PAT=$2
+
+  echo "[INFO] Check the 'git credentials' is in a workspace"
+  gitCredentials="${GIT_PROVIDER_USERNAME}:${GIT_PROVIDER_PAT}"
+  WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}')
+  if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- cat /.git-credentials/credentials | grep -q ${gitCredentials}; then
+    echo "[INFO] Git credentials file '/.git-credentials/credentials' exists and has the expected content."
  else
-    echo "[INFO] Project /projects/${PROJECT_NAME} does not exist."
+    echo "[ERROR] Git credentials file '/.git-credentials/credentials' does not exist or has incorrect content."
+    return 1
  fi
 }

 deleteTestWorkspace() {
  WS_NAME=$1
-  oc delete dw ${WS_NAME} -n ${USER_PROJECT_NAME}
+  OCP_USER_NAMESPACE=$2
+
+  oc delete dw ${WS_NAME} -n ${OCP_USER_NAMESPACE}
 }

 # Catch the finish of the job and write logs in artifacts.
@ -214,25 +269,45 @@ testClonePublicRepoNoPatOAuth() {
  WS_NAME=$1
  PROJECT_NAME=$2
  GIT_REPO_URL=$3
+  OCP_USER_NAMESPACE=$4

-  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL}
-  testProjectIsCloned ${PROJECT_NAME}
-  deleteTestWorkspace ${WS_NAME}
+  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
+  echo "[INFO] Check the public repository is cloned with NO PAT/OAuth setup"
+  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1
+  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
 }

 testClonePrivateRepoNoPatOAuth() {
  WS_NAME=$1
  PROJECT_NAME=$2
  GIT_REPO_URL=$3
+  OCP_USER_NAMESPACE=$4

-  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL}
-  testProjectIsNotCloned ${PROJECT_NAME}
-  deleteTestWorkspace ${WS_NAME}
+  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
+  echo "[INFO] Check the private repository is NOT cloned with NO PAT/OAuth setup"
+  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} && exit 1
+  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
+}
+
+testCloneGitRepoWithSetupPat() {
+  WS_NAME=$1
+  PROJECT_NAME=$2
+  GIT_REPO_URL=$3
+  OCP_USER_NAMESPACE=$4
+  GIT_PROVIDER_PATH=$5
+
+  runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE}
+  testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1
+  testGitCredentials ${OCP_USER_NAMESPACE} ${GIT_PROVIDER_PAT}
+  deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE}
 }

 setupTestEnvironment() {
+  OCP_USER_NAME=$1
+
  provisionOpenShiftOAuthUser
  createCustomResourcesFile
  deployChe
  forwardPortToService
+  initUserNamespace ${OCP_USER_NAME}
 }