From 70823d6133cb954d7ad51ba417de2bc01cd60dc0 Mon Sep 17 00:00:00 2001 From: Aleksandr Shmaraiev Date: Fri, 19 May 2023 16:07:47 +0300 Subject: [PATCH] Update 'common.sh' to implement PAT setup flow --- .ci/openshift-ci/common.sh | 143 ++++++++++++++++++++++++++++--------- 1 file changed, 109 insertions(+), 34 deletions(-) diff --git a/.ci/openshift-ci/common.sh b/.ci/openshift-ci/common.sh index df06d46d28..4c6fe9a5f8 100644 --- a/.ci/openshift-ci/common.sh +++ b/.ci/openshift-ci/common.sh @@ -24,12 +24,13 @@ export CHE_FORWARDED_PORT="8081" export OCP_ADMIN_USER_NAME=${OCP_ADMIN_USER_NAME:-"admin"} export OCP_NON_ADMIN_USER_NAME=${OCP_NON_ADMIN_USER_NAME:-"user"} export OCP_LOGIN_PASSWORD=${OCP_LOGIN_PASSWORD:-"passw"} -export ADMIN_PROJECT_NAME=${OCP_ADMIN_USER_NAME}"-che" -export USER_PROJECT_NAME=${OCP_NON_ADMIN_USER_NAME}"-che" +export ADMIN_CHE_NAMESPACE=${OCP_ADMIN_USER_NAME}"-che" +export USER_CHE_NAMESPACE=${OCP_NON_ADMIN_USER_NAME}"-che" +export GIT_PROVIDER_USERNAME=${GIT_PROVIDER_USERNAME:-"chepullreq1"} export PUBLIC_REPO_WORKSPACE_NAME=${PUBLIC_REPO_WORKSPACE_NAME:-"public-repo-wksp-testname"} export PRIVATE_REPO_WORKSPACE_NAME=${PRIVATE_REPO_WORKSPACE_NAME:-"private-repo-wksp-testname"} -export PUBLIC_PROJECT_GITLAB_NAME=${PUBLIC_PROJECT_NAME:-"public-repo"} -export PRIVATE_PROJECT_GITLAB_NAME=${PRIVATE_PROJECT_NAME:-"private-repo"} +export PUBLIC_PROJECT_NAME=${PUBLIC_PROJECT_NAME:-"public-repo"} +export PRIVATE_PROJECT_NAME=${PRIVATE_PROJECT_NAME:-"private-repo"} export YAML_FILE_NAME=${YAML_FILE_NAME:-"devfile.yaml"} provisionOpenShiftOAuthUser() { @@ -44,7 +45,7 @@ provisionOpenShiftOAuthUser() { CURRENT_TIME=$(date +%s) ENDTIME=$((CURRENT_TIME + 300)) while [ "$(date +%s)" -lt $ENDTIME ]; do - if oc login -u ${OCP_ADMIN_USER_NAME} -p ${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false; then + if oc login -u=${OCP_ADMIN_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false; then break fi sleep 10 @@ -95,13 +96,12 @@ requestFactoryResolverGitRepoUrl() { }' } -# check that factory resolver returns correct value +# check that factory resolver returns correct value without any PAT/OAuth setup testFactoryResolverNoPatOAuth() { PUBLIC_REPO_URL=$1 PRIVATE_REPO_URL=$2 - echo "[INFO] Check factory resolver with NO PAT/OAuth setup" - # for public repo + echo "[INFO] Check factory resolver for public repository with NO PAT/OAuth setup" if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code." else @@ -109,7 +109,7 @@ testFactoryResolverNoPatOAuth() { exit 1 fi - # for private repo + echo "[INFO] Check factory resolver for private repository with NO PAT/OAuth setup" if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 400")" ]; then echo "[INFO] Factory resolver returned 'HTTP/1.1 400' status code. Expected client side error." else @@ -118,12 +118,12 @@ testFactoryResolverNoPatOAuth() { fi } +# check that factory resolver returns correct value with PAT/OAuth setup testFactoryResolverWithPatOAuth() { PUBLIC_REPO_URL=$1 PRIVATE_REPO_URL=$2 - echo "[INFO] Check factory resolver with PAT/OAuth setup" - # for public repo + echo "[INFO] Check factory resolver for public repository with PAT/OAuth setup" if [ "$(requestFactoryResolverGitRepoUrl ${PUBLIC_REPO_URL} | grep "HTTP/1.1 200")" ]; then echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code." else @@ -131,7 +131,7 @@ testFactoryResolverWithPatOAuth() { exit 1 fi - # for private repo + echo "[INFO] Check factory resolver for private repository with PAT/OAuth setup" if [ "$(requestFactoryResolverGitRepoUrl ${PRIVATE_REPO_URL} | grep "HTTP/1.1 200")" ]; then echo "[INFO] Factory resolver returned 'HTTP/1.1 200' status code." else @@ -140,13 +140,60 @@ testFactoryResolverWithPatOAuth() { fi } +requestProvisionNamespace() { + CLUSTER_ACCESS_TOKEN=$(oc whoami -t) + + curl -i -X 'POST' \ + http://localhost:${CHE_FORWARDED_PORT}/api/kubernetes/namespace/provision \ + -H 'accept: application/json' \ + -H "Authorization: Bearer ${CLUSTER_ACCESS_TOKEN}" \ + -d '' +} + +initUserNamespace() { + OCP_USER_NAME=$1 + + echo "[INFO] Initialize user namespace" + oc login -u=${OCP_USER_NAME} -p=${OCP_LOGIN_PASSWORD} --insecure-skip-tls-verify=false + if [ "$(requestProvisionNamespace | grep "HTTP/1.1 200")" ]; then + echo "[INFO] Request provision user namespace returned 'HTTP/1.1 200' status code." + else + echo "[ERROR] Request provision user namespace returned wrong status code. Expected: HTTP/1.1 200" + exit 1 + fi +} + +setupPersonalAccessToken() { + GIT_PROVIDER_TYPE=$1 + GIT_PROVIDER_URL=$2 + GIT_PROVIDER_USER_ID=$3 + GIT_PROVIDER_PAT=$4 + + echo "[INFO] Setup Personal Access Token Secret" + oc project ${USER_CHE_NAMESPACE} + CHE_USER_ID=$(oc get secret user-profile -o jsonpath='{.data.id}' | base64 -d) + ENCODED_PAT=$(echo -n ${GIT_PROVIDER_PAT} | base64) + cat .ci/openshift-ci/pat-secret.yaml > pat-secret.yaml + + # patch the pat-secret.yaml file + sed -i "s#che-user-id#${CHE_USER_ID}#g" pat-secret.yaml + sed -i "s#git-provider-name#${GIT_PROVIDER_TYPE}#g" pat-secret.yaml + sed -i "s#git-provider-url#${GIT_PROVIDER_URL}#g" pat-secret.yaml + sed -i "s#git-provider-user-id#${GIT_PROVIDER_USER_ID}#g" pat-secret.yaml + sed -i "s#encoded-access-token#${ENCODED_PAT}#g" pat-secret.yaml + + cat pat-secret.yaml + + oc apply -f pat-secret.yaml -n ${USER_CHE_NAMESPACE} +} + runTestWorkspaceWithGitRepoUrl() { WS_NAME=$1 PROJECT_NAME=$2 GIT_REPO_URL=$3 + OCP_USER_NAMESPACE=$4 - oc new-project ${USER_PROJECT_NAME} || true - oc project ${USER_PROJECT_NAME} + oc project ${OCP_USER_NAMESPACE} cat .ci/openshift-ci/devworkspace-test.yaml > devworkspace-test.yaml # patch the devworkspace-test.yaml file @@ -156,36 +203,44 @@ runTestWorkspaceWithGitRepoUrl() { cat devworkspace-test.yaml - oc apply -f devworkspace-test.yaml -n ${USER_PROJECT_NAME} - oc wait -n ${USER_PROJECT_NAME} --for=condition=Ready dw ${WS_NAME} --timeout=360s + oc apply -f devworkspace-test.yaml -n ${OCP_USER_NAMESPACE} + oc wait -n ${OCP_USER_NAMESPACE} --for=condition=Ready dw ${WS_NAME} --timeout=360s + echo "[INFO] Test workspace is run" } testProjectIsCloned() { PROJECT_NAME=$1 - WORKSPACE_POD_NAME=$(oc get pods -n ${USER_PROJECT_NAME} | grep workspace | awk '{print $1}') - if oc exec -it -n ${USER_PROJECT_NAME} ${WORKSPACE_POD_NAME} -- test -f /projects/${PROJECT_NAME}/${YAML_FILE_NAME}; then + OCP_USER_NAMESPACE=$2 + + WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}') + if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- test -f /projects/${PROJECT_NAME}/${YAML_FILE_NAME}; then echo "[INFO] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} exists." else echo "[ERROR] Project file /projects/${PROJECT_NAME}/${YAML_FILE_NAME} does not exist." - exit 1 + return 1 fi } -# check a project is not cloned for private repo with no OAuth/PAT setup -testProjectIsNotCloned() { - PROJECT_NAME=$1 - WORKSPACE_POD_NAME=$(oc get pods -n ${USER_PROJECT_NAME} | grep workspace | awk '{print $1}') - if oc exec -it -n ${USER_PROJECT_NAME} ${WORKSPACE_POD_NAME} -- test -e /projects/${PROJECT_NAME}; then - echo "[ERROR] Project /projects/${PROJECT_NAME} exists." - exit 1 +testGitCredentials() { + OCP_USER_NAMESPACE=$1 + GIT_PROVIDER_PAT=$2 + + echo "[INFO] Check the 'git credentials' is in a workspace" + gitCredentials="${GIT_PROVIDER_USERNAME}:${GIT_PROVIDER_PAT}" + WORKSPACE_POD_NAME=$(oc get pods -n ${OCP_USER_NAMESPACE} | grep workspace | awk '{print $1}') + if oc exec -it -n ${OCP_USER_NAMESPACE} ${WORKSPACE_POD_NAME} -- cat /.git-credentials/credentials | grep -q ${gitCredentials}; then + echo "[INFO] Git credentials file '/.git-credentials/credentials' exists and has the expected content." else - echo "[INFO] Project /projects/${PROJECT_NAME} does not exist." + echo "[ERROR] Git credentials file '/.git-credentials/credentials' does not exist or has incorrect content." + return 1 fi } deleteTestWorkspace() { WS_NAME=$1 - oc delete dw ${WS_NAME} -n ${USER_PROJECT_NAME} + OCP_USER_NAMESPACE=$2 + + oc delete dw ${WS_NAME} -n ${OCP_USER_NAMESPACE} } # Catch the finish of the job and write logs in artifacts. @@ -214,25 +269,45 @@ testClonePublicRepoNoPatOAuth() { WS_NAME=$1 PROJECT_NAME=$2 GIT_REPO_URL=$3 + OCP_USER_NAMESPACE=$4 - runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} - testProjectIsCloned ${PROJECT_NAME} - deleteTestWorkspace ${WS_NAME} + runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE} + echo "[INFO] Check the public repository is cloned with NO PAT/OAuth setup" + testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1 + deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE} } testClonePrivateRepoNoPatOAuth() { WS_NAME=$1 PROJECT_NAME=$2 GIT_REPO_URL=$3 + OCP_USER_NAMESPACE=$4 - runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} - testProjectIsNotCloned ${PROJECT_NAME} - deleteTestWorkspace ${WS_NAME} + runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE} + echo "[INFO] Check the private repository is NOT cloned with NO PAT/OAuth setup" + testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} && exit 1 + deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE} +} + +testCloneGitRepoWithSetupPat() { + WS_NAME=$1 + PROJECT_NAME=$2 + GIT_REPO_URL=$3 + OCP_USER_NAMESPACE=$4 + GIT_PROVIDER_PATH=$5 + + runTestWorkspaceWithGitRepoUrl ${WS_NAME} ${PROJECT_NAME} ${GIT_REPO_URL} ${OCP_USER_NAMESPACE} + testProjectIsCloned ${PROJECT_NAME} ${OCP_USER_NAMESPACE} || exit 1 + testGitCredentials ${OCP_USER_NAMESPACE} ${GIT_PROVIDER_PAT} + deleteTestWorkspace ${WS_NAME} ${OCP_USER_NAMESPACE} } setupTestEnvironment() { + OCP_USER_NAME=$1 + provisionOpenShiftOAuthUser createCustomResourcesFile deployChe forwardPortToService + initUserNamespace ${OCP_USER_NAME} }