feat: add support to testing operator on disconnected env

Signed-off-by: Vibhu Prashar <[email protected]>

ci-operator/config/openshift-power-monitoring/power-monitoring-operator/openshift-power-monitoring-power-monitoring-operator-v1alpha1__ocp-4.17-disconnected.yaml

@@ -0,0 +1,46 @@
+base_images:
+  cli:
+    name: "4.17"
+    namespace: ocp
+    tag: cli
+  tools:
+    name: "4.17"
+    namespace: ocp
+    tag: tools
+  upi-installer:
+    name: "4.17"
+    namespace: ocp
+    tag: upi-installer
+build_root:
+  image_stream_tag:
+    name: release
+    namespace: openshift
+    tag: rhel-8-release-golang-1.21-openshift-4.16
+images:
+- context_dir: .
+  dockerfile_path: tests/Dockerfile
+  to: power-monitoring-operator-tests-runner
+releases:
+  latest:
+    candidate:
+      product: ocp
+      stream: nightly
+      version: "4.17"
+resources:
+  '*':
+    requests:
+      cpu: 100m
+      memory: 200Mi
+tests:
+- always_run: false
+  as: powermonitoring-tests-disconnected
+  steps:
+    cluster_profile: gcp-qe
+    test:
+    - ref: openshift-power-monitoring-install-disconnected
+    workflow: cucushift-installer-rehearse-gcp-ipi-disconnected
+zz_generated_metadata:
+  branch: v1alpha1
+  org: openshift-power-monitoring
+  repo: power-monitoring-operator
+  variant: ocp-4.17-disconnected

ci-operator/jobs/openshift-power-monitoring/power-monitoring-operator/openshift-power-monitoring-power-monitoring-operator-v1alpha1-presubmits.yaml

@@ -112,6 +112,141 @@ presubmits:
         secret:
           secretName: result-aggregator
     trigger: (?m)^/test( | .* )images,?($|\s.*)
+  - agent: kubernetes
+    always_run: true
+    branches:
+    - ^v1alpha1$
+    - ^v1alpha1-
+    cluster: build10
+    context: ci/prow/ocp-4.17-disconnected-images
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci-operator.openshift.io/variant: ocp-4.17-disconnected
+      ci.openshift.io/generator: prowgen
+      job-release: "4.17"
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-power-monitoring-power-monitoring-operator-v1alpha1-ocp-4.17-disconnected-images
+    rerun_command: /test ocp-4.17-disconnected-images
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --report-credentials-file=/etc/report/credentials
+        - --target=[images]
+        - --variant=ocp-4.17-disconnected
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )ocp-4.17-disconnected-images,?($|\s.*)
+  - agent: kubernetes
+    always_run: false
+    branches:
+    - ^v1alpha1$
+    - ^v1alpha1-
+    cluster: build02
+    context: ci/prow/ocp-4.17-disconnected-powermonitoring-tests-disconnected
+    decorate: true
+    decoration_config:
+      skip_cloning: true
+    labels:
+      ci-operator.openshift.io/cloud: gcp
+      ci-operator.openshift.io/cloud-cluster-profile: gcp-qe
+      ci-operator.openshift.io/variant: ocp-4.17-disconnected
+      ci.openshift.io/generator: prowgen
+      job-release: "4.17"
+      pj-rehearse.openshift.io/can-be-rehearsed: "true"
+    name: pull-ci-openshift-power-monitoring-power-monitoring-operator-v1alpha1-ocp-4.17-disconnected-powermonitoring-tests-disconnected
+    rerun_command: /test ocp-4.17-disconnected-powermonitoring-tests-disconnected
+    spec:
+      containers:
+      - args:
+        - --gcs-upload-secret=/secrets/gcs/service-account.json
+        - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+        - --lease-server-credentials-file=/etc/boskos/credentials
+        - --report-credentials-file=/etc/report/credentials
+        - --secret-dir=/secrets/ci-pull-credentials
+        - --target=powermonitoring-tests-disconnected
+        - --variant=ocp-4.17-disconnected
+        command:
+        - ci-operator
+        image: ci-operator:latest
+        imagePullPolicy: Always
+        name: ""
+        resources:
+          requests:
+            cpu: 10m
+        volumeMounts:
+        - mountPath: /etc/boskos
+          name: boskos
+          readOnly: true
+        - mountPath: /secrets/ci-pull-credentials
+          name: ci-pull-credentials
+          readOnly: true
+        - mountPath: /secrets/gcs
+          name: gcs-credentials
+          readOnly: true
+        - mountPath: /secrets/manifest-tool
+          name: manifest-tool-local-pusher
+          readOnly: true
+        - mountPath: /etc/pull-secret
+          name: pull-secret
+          readOnly: true
+        - mountPath: /etc/report
+          name: result-aggregator
+          readOnly: true
+      serviceAccountName: ci-operator
+      volumes:
+      - name: boskos
+        secret:
+          items:
+          - key: credentials
+            path: credentials
+          secretName: boskos-credentials
+      - name: ci-pull-credentials
+        secret:
+          secretName: ci-pull-credentials
+      - name: manifest-tool-local-pusher
+        secret:
+          secretName: manifest-tool-local-pusher
+      - name: pull-secret
+        secret:
+          secretName: registry-pull-credentials
+      - name: result-aggregator
+        secret:
+          secretName: result-aggregator
+    trigger: (?m)^/test( | .* )(ocp-4.17-disconnected-powermonitoring-tests-disconnected|remaining-required),?($|\s.*)
   - agent: kubernetes
     always_run: false
     branches:

ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-commands.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+set -e
+set -u
+set -o pipefail
+
+# Set XDG_RUNTIME_DIR/containers to be used by oc mirror
+export HOME=/tmp/home
+export XDG_RUNTIME_DIR="${HOME}/run"
+export REGISTRY_AUTH_PREFERENCE=podman
+mkdir -p "${XDG_RUNTIME_DIR}/containers"
+cd "$HOME" || exit 1
+
+function run_command() {
+	local CMD="$1"
+	echo "Running Command: ${CMD}"
+	eval "${CMD}"
+}
+
+# Mirror operator and test images to the Mirror registry. Create Catalog sources and Image Content Source Policy.
+function mirror_catalog_icsp() {
+	registry_cred=$(head -n 1 "/var/run/vault/mirror-registry/registry_creds" | base64 -w 0)
+
+	optional_auth_user=$(cat "/var/run/vault/mirror-registry/registry_quay.json" | jq -r '.user')
+	optional_auth_password=$(cat "/var/run/vault/mirror-registry/registry_quay.json" | jq -r '.password')
+	qe_registry_auth=$(echo -n "${optional_auth_user}:${optional_auth_password}" | base64 -w 0)
+
+	openshifttest_auth_user=$(cat "/var/run/vault/mirror-registry/registry_quay_openshifttest.json" | jq -r '.user')
+	openshifttest_auth_password=$(cat "/var/run/vault/mirror-registry/registry_quay_openshifttest.json" | jq -r '.password')
+	openshifttest_registry_auth=$(echo -n "${openshifttest_auth_user}:${openshifttest_auth_password}" | base64 -w 0)
+
+	brew_auth_user=$(cat "/var/run/vault/mirror-registry/registry_brew.json" | jq -r '.user')
+	brew_auth_password=$(cat "/var/run/vault/mirror-registry/registry_brew.json" | jq -r '.password')
+	brew_registry_auth=$(echo -n "${brew_auth_user}:${brew_auth_password}" | base64 -w 0)
+
+	stage_auth_user=$(cat "/var/run/vault/mirror-registry/registry_stage.json" | jq -r '.user')
+	stage_auth_password=$(cat "/var/run/vault/mirror-registry/registry_stage.json" | jq -r '.password')
+	stage_registry_auth=$(echo -n "${stage_auth_user}:${stage_auth_password}" | base64 -w 0)
+
+	redhat_auth_user=$(cat "/var/run/vault/mirror-registry/registry_redhat.json" | jq -r '.user')
+	redhat_auth_password=$(cat "/var/run/vault/mirror-registry/registry_redhat.json" | jq -r '.password')
+	redhat_registry_auth=$(echo -n "${redhat_auth_user}:${redhat_auth_password}" | base64 -w 0)
+
+	# run_command "cat ${CLUSTER_PROFILE_DIR}/pull-secret"
+	# Running Command: cat /tmp/.dockerconfigjson
+	# {"auths":{"ec2-3-92-162-185.compute-1.amazonaws.com:5000":{"auth":"XXXXXXXXXXXXXXXX"}}}
+	run_command "oc extract secret/pull-secret -n openshift-config --confirm --to /tmp"
+	ret=$?
+	MIRROR_REGISTRY_HOST=$(head -n 1 "${SHARED_DIR}/mirror_registry_url")
+	echo $MIRROR_REGISTRY_HOST
+	if [[ $ret -eq 0 ]]; then
+		jq --argjson a "{\"registry.stage.redhat.io\": {\"auth\": \"$stage_registry_auth\"}, \"brew.registry.redhat.io\": {\"auth\": \"$brew_registry_auth\"}, \"registry.redhat.io\": {\"auth\": \"$redhat_registry_auth\"}, \"${MIRROR_REGISTRY_HOST}\": {\"auth\": \"$registry_cred\"}, \"quay.io/openshift-qe-optional-operators\": {\"auth\": \"${qe_registry_auth}\", \"email\":\"[email protected]\"},\"quay.io/openshifttest\": {\"auth\": \"${openshifttest_registry_auth}\"}}" '.auths |= . + $a' "/tmp/.dockerconfigjson" >${XDG_RUNTIME_DIR}/containers/auth.json
+		export REG_CREDS=${XDG_RUNTIME_DIR}/containers/auth.json
+	else
+		echo "!!! fail to extract the auth of the cluster"
+		return 1
+	fi
+
+	run_command "cd /tmp"
+	# run_command "oc image mirror -a ${REG_CREDS} -f mapping-stage.txt --insecure --filter-by-os='.*'"
+	run_command "podman pull quay.io/redhat-user-workloads/rhpm-tenant/power-monitoring-operator-bundle:v0.4.0"
+	run_command "podman pull quay.io/redhat-user-workloads/rhpm-tenant/power-monitoring-operator:v0.15.0"
+	run_command "podman pull quay.io/redhat-user-workloads/rhpm-tenant/kepler:v0.7.12"
+
+	run_command "oc image mirror quay.io/redhat-user-workloads/rhpm-tenant/power-monitoring-operator-bundle:v0.4.0 $MIRROR_REGISTRY_HOST/rhpm-tenant/power-monitoring-operator-bundle:v0.4.0 -a $REG_CREDS --insecure=true --filter-by-os=amd64"
+
+	while [[ -f /tmp/unsleep ]]; do
+		echo "sleeping for 10 seconds"
+		sleep 10
+	done
+
+}
+
+run_command "oc whoami"
+run_command "oc version -o yaml"
+
+mirror_catalog_icsp

ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.metadata.json

@@ -0,0 +1,4 @@
+{
+	"path": "openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.yaml",
+	"owners": {}
+}

ci-operator/step-registry/openshift-power-monitoring/install/disconnected/openshift-power-monitoring-install-disconnected-ref.yaml

@@ -0,0 +1,18 @@
+ref:
+  as: openshift-power-monitoring-install-disconnected
+  from: upi-installer
+  timeout: 3h0m0s
+  cli: latest
+  grace_period: 10m
+  commands: openshift-power-monitoring-install-disconnected-commands.sh
+  resources:
+    requests:
+      cpu: 100m
+      memory: 100Mi
+  credentials:
+  - namespace: test-credentials
+    name: openshift-custom-mirror-registry
+    mount_path: /var/run/vault/mirror-registry
+  documentation: |-
+    Install Power Monitoring Operator catalog source for running operators in disconnected env.
+