OCPQE-28542: Support deploy Quay with unmanaged GCP PostgreSQL Database with Client Key/Certs

[SeanZhao-redhat]

This PR add support for Google Cloud SQL Postgres instance support, including a step to provision/deprovision GCP Cloud SQL and Quay registry deploy with the Unmanaged GCP SQL with Client Key/Certs.

1, New steps added

1, Provision Google Cloud SQL Postgres instance

Usage :

env:    
  DB_VERSION: POSTGRES_17
 test:
 - ref: quay-tests-resource-provisioning-gcp-sql

Database instance "SSL mode" is Managed as: Require trusted client certificates
Output: $SHARED_DIR folder client-cert.pem, client-key.pem, server-ca.pem, gsql_db_public_ip,QUAY_GCP_SQL_TERRAFORM_PACKAGE.tgz for secret bundle and deprovision

2, Deploy Quay registry with Google Cloud SQL PostgreSQL with Client certs

Usage：

 env:    
   QUAYREGISTRY: quay
   QUAYNAMESPACE: quay-enterprise
 test:
 - ref: quay-tests-quay-deploy-registry-gsql

All the 2 env variables can keep default value, the secret bundle must be named postgresql-client-certs which include previous generated client-cert.pem, client-key.pem, server-ca.pem

3, Deprovision GCP SQL Postgres instance

Usage :

 test:
 - ref: quay-tests-resource-deprovisioning-gcp-sql

NOTE: Deprovision GCP SQL Database with Terraform has Known intermittent issue Failed to delete user, Error delete database. the tricky is, this seldom happen in my local terraform test, but very easy happen in Prow, error log1, error log2. The workaround to remove google_sql_user.users/google_sql_database.database state from terraform before destroy, this works passed log.

2, Job reference to several single responsibility steps

Job: quay-e2e-tests-quay313-gcp-sql

    test:
    - ref: quay-tests-enable-quay-catalogsource
    - ref: quay-tests-resource-provisioning-gcp-sql     #Provision DB
    - ref: quay-tests-resource-provisioning-storage-odf
    - ref: quay-tests-quay-deploy-operator
    - ref: quay-tests-quay-deploy-registry-gsql  
    - ref: quay-tests-test-quay-api
    - ref: quay-tests-resource-deprovisioning-gcp-sql

3, Job result

Quay api test passed, Provision/Deprovision GSQL Successful Test Result

4, Miscellaneous

A few polish for previous jobs

[SeanZhao-redhat]

/pj-rehearse periodic-ci-quay-quay-tests-master-ocp-418-quay-quay-e2e-tests-quay313-gcp-sql

[openshift-ci-robot]

@SeanZhao-redhat: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[SeanZhao-redhat]

/pj-rehearse periodic-ci-quay-quay-tests-master-quay-operator-test-quay313-ocp417-operator-test-singlens

[openshift-ci-robot]

@SeanZhao-redhat: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[SeanZhao-redhat]

/pj-rehearse periodic-ci-quay-quay-tests-master-ocp-417-quay-quay-e2e-tests-quay313-ocp417-aws-sts

[openshift-ci-robot]

@SeanZhao-redhat: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[SeanZhao-redhat]

/pj-rehearse periodic-ci-quay-quay-tests-master-ocp-417-quay-quay-e2e-tests-quay313-ocp417-virtual-builder

[openshift-ci-robot]

@SeanZhao-redhat: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[SeanZhao-redhat]

/pj-rehearse periodic-ci-quay-quay-tests-master-ocp-417-quay-quay-acs-violations-check-quay313

[openshift-ci-robot]

@SeanZhao-redhat: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[SeanZhao-redhat]

/pj-rehearse ack

[openshift-ci-robot]

@SeanZhao-redhat: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci-robot]

@SeanZhao-redhat: This pull request references OCPQE-28542 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.19.0" version, but no target version was set.

In response to this:

This PR add support for Google Cloud SQL Postgres instance support, including a step to provision/deprovision GCP Cloud SQL and Quay registry deploy with the Unmanaged GCP SQL with Client Key/Certs.

1, New steps added

1, Provision Google Cloud SQL Postgres instance

Usage :

env:    
  DB_VERSION: POSTGRES_17
 test:
 - ref: quay-tests-resource-provisioning-gcp-sql

Database instance "SSL mode" is Managed as: Require trusted client certificates
Output: $SHARED_DIR folder client-cert.pem, client-key.pem, server-ca.pem, gsql_db_public_ip,QUAY_GCP_SQL_TERRAFORM_PACKAGE.tgz for secret bundle and deprovision

2, Deploy Quay registry with Google Cloud SQL PostgreSQL with Client certs

Usage：

env:    
  QUAYREGISTRY: quay
  QUAYNAMESPACE: quay-enterprise
test:
- ref: quay-tests-quay-deploy-registry-gsql

All the 2 env variables can keep default value, the secret bundle must be named postgresql-client-certs which include previous generated client-cert.pem, client-key.pem, server-ca.pem

3, Deprovision GCP SQL Postgres instance

Usage :

 test:
 - ref: quay-tests-resource-deprovisioning-gcp-sql

NOTE: Deprovision GCP SQL Database with Terraform has Known intermittent issue Failed to delete user, Error delete database. the tricky is, this seldom happen in my local terraform test, but very easy happen in Prow, error log1, error log2. The workaround to remove google_sql_user.users/google_sql_database.database state from terraform before destroy, this works passed log.

2, Job reference to several single responsibility steps

Job: quay-e2e-tests-quay313-gcp-sql

   test:
   - ref: quay-tests-enable-quay-catalogsource
   - ref: quay-tests-resource-provisioning-gcp-sql     #Provision DB
   - ref: quay-tests-resource-provisioning-storage-odf
   - ref: quay-tests-quay-deploy-operator
   - ref: quay-tests-quay-deploy-registry-gsql  
   - ref: quay-tests-test-quay-api
   - ref: quay-tests-resource-deprovisioning-gcp-sql

3, Job result

Quay api test passed, Provision/Deprovision GSQL Successful Test Result

4, Miscellaneous

A few polish for previous jobs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

[REHEARSALNOTIFIER]
@SeanZhao-redhat: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
periodic-ci-quay-quay-tests-master-ocp-417-quay-quay-acs-violations-check-quay313	N/A	periodic	Registry content changed
periodic-ci-quay-quay-tests-master-ocp-418-quay-quay-e2e-tests-quay313-gcp-sql	N/A	periodic	Periodic changed
periodic-ci-quay-quay-tests-master-quay-upgrade-quay313-ocp417-upgrade	N/A	periodic	Ci-operator config changed
periodic-ci-quay-quay-tests-master-quay-operator-test-quay313-ocp417-operator-test-singlens	N/A	periodic	Registry content changed
periodic-ci-quay-quay-tests-master-ocp-417-quay-quay-e2e-tests-quay313-ocp417-aws-sts	N/A	periodic	Registry content changed
periodic-ci-quay-quay-tests-master-ocp-417-quay-quay-e2e-tests-quay313-ocp417-virtual-builder	N/A	periodic	Registry content changed

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[SeanZhao-redhat]

/pj-rehearse ack

[openshift-ci-robot]

@SeanZhao-redhat: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[SeanZhao-redhat]

/pj-rehearse periodic-ci-quay-quay-tests-master-ocp-418-quay-quay-e2e-tests-quay313-gcp-sql

[openshift-ci-robot]

@SeanZhao-redhat: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[LiZhang19817]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: LiZhang19817, SeanZhao-redhat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ci-operator/config/quay/quay-tests/OWNERS [LiZhang19817]
• ci-operator/jobs/quay/quay-tests/OWNERS [LiZhang19817]
• ci-operator/step-registry/quay-tests/quay/OWNERS [LiZhang19817]
• ci-operator/step-registry/quay-tests/resource/deprovisioning/OWNERS [LiZhang19817]
• ci-operator/step-registry/quay-tests/resource/provisioning/OWNERS [LiZhang19817]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment