move ci scripts from toolchain-cicd to toolchain-e2e

codeready-toolchain · Nov 14, 2024 · d82b92d · d82b92d
1 parent 0c385c9
commit d82b92d
Show file tree

Hide file tree

Showing 13 changed files with 1,140 additions and 30 deletions.
diff --git a/make/dev.mk b/make/dev.mk
@@ -35,8 +35,7 @@ deploy-e2e-to-dev-namespaces-two-members:
 
 setup-dev-sso:
 	if [[ "${DEV_SSO}" == "true" ]]; then \
-		$(MAKE) download-assets ASSETS_FOLDER=scripts/ci/dev-sso && \
-		$(MAKE) run-cicd-script SCRIPT_PATH=scripts/ci/setup-dev-sso.sh  SCRIPT_PARAMS="--sso-ns $(DEV_SSO_NS)"; \
+		scripts/ci/setup-dev-sso.sh "--sso-ns $(DEV_SSO_NS)"; \
 	fi
 
 .PHONY: dev-deploy-e2e-local

diff --git a/make/run-cicd-script.mk b/make/run-cicd-script.mk
diff --git a/make/test.mk b/make/test.mk
@@ -323,7 +323,7 @@ ifeq ($(DEPLOY_LATEST),true)
    endif
 else
 	@echo "Installing specific version of the member-operator"
-	$(MAKE) run-cicd-script SCRIPT_PATH=scripts/ci/manage-member-operator.sh SCRIPT_PARAMS="-po ${PUBLISH_OPERATOR} -io ${INSTALL_OPERATOR} -mn ${MEMBER_NS} ${MEMBER_REPO_PATH_PARAM} -qn ${QUAY_NAMESPACE} -ds ${DATE_SUFFIX} ${MEMBER_NS_2_PARAM} ${FORCED_TAG_PARAM}"
+	scripts/ci/manage-member-operator.sh "-po ${PUBLISH_OPERATOR} -io ${INSTALL_OPERATOR} -mn ${MEMBER_NS} ${MEMBER_REPO_PATH_PARAM} -qn ${QUAY_NAMESPACE} -ds ${DATE_SUFFIX} ${MEMBER_NS_2_PARAM} ${FORCED_TAG_PARAM}"
 endif
 
 .PHONY: get-and-publish-host-operator
@@ -348,7 +348,7 @@ ifeq ($(DEPLOY_LATEST),true)
 	${KSCTL_BIN_DIR}ksctl adm install-operator host --kubeconfig "$(or ${KUBECONFIG}, ${HOME}/.kube/config)" --namespace ${HOST_NS} ${KSCTL_INSTALL_TIMEOUT_PARAM} -y
 else
 	@echo "Installing specific version of the host-operator"
-	$(MAKE) run-cicd-script SCRIPT_PATH=scripts/ci/manage-host-operator.sh SCRIPT_PARAMS="-po ${PUBLISH_OPERATOR} -io ${INSTALL_OPERATOR} -hn ${HOST_NS} ${HOST_REPO_PATH_PARAM} -ds ${DATE_SUFFIX} -qn ${QUAY_NAMESPACE} ${REG_REPO_PATH_PARAM} ${FORCED_TAG_PARAM}"
+	scripts/ci/manage-host-operator.sh "-po ${PUBLISH_OPERATOR} -io ${INSTALL_OPERATOR} -hn ${HOST_NS} ${HOST_REPO_PATH_PARAM} -ds ${DATE_SUFFIX} -qn ${QUAY_NAMESPACE} ${REG_REPO_PATH_PARAM} ${FORCED_TAG_PARAM}"
 endif
 
 ###########################################################

diff --git a/scripts/ci/collect-logs.sh b/scripts/ci/collect-logs.sh
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+
+user_help () {
+    echo "Collects all logs from the given namespace"
+    echo "options:"
+    echo "-n,   --namespace          The namespace the logs should be collected from."
+    echo "-h,   --help               To show this help text"
+    echo ""
+    exit 0
+}
+
+read_arguments() {
+    if [[ $# -lt 2 ]]
+    then
+        user_help
+    fi
+
+    while test $# -gt 0; do
+           case "$1" in
+                -h|--help)
+                    user_help
+                    ;;
+                -n|--namespace)
+                    shift
+                    NAMESPACE=$1
+                    shift
+                    ;;
+                *)
+                   echo "$1 is not a recognized flag!" >> /dev/stderr
+                   user_help
+                   exit -1
+                   ;;
+          esac
+    done
+}
+
+
+start_collecting_logs() {
+    if [[ -n ${ARTIFACT_DIR} ]]; then
+        if [[ ! -d ${ARTIFACT_DIR} ]]; then
+            echo "ERROR: the ARTIFACT_DIR env var is set to ${ARTIFACT_DIR}, but the directory does not exist"
+            exit 1
+        fi
+        COLLECTING_FILE="${ARTIFACT_DIR}/collecting_${NAMESPACE}"
+
+        if [[ ! -f ${COLLECTING_FILE} ]]; then
+            touch ${COLLECTING_FILE}
+            echo "Collecting logs from namespace ${NAMESPACE}"
+
+            LOGS_DIR=${ARTIFACT_DIR}/logs_${NAMESPACE}
+            mkdir ${LOGS_DIR} || true
+
+            COUNTER=0
+            PROCESSES=""
+            while [[ -n "$(oc whoami 2>/dev/null)" ]] && [[ -f ${COLLECTING_FILE} ]]; do
+                if [[ -z "${CI}" ]] && [[ $((  ${COUNTER} % 20 )) == 0 ]]; then
+                    echo "Collecting logs from namespace ${NAMESPACE} - to stop the process please delete ${COLLECTING_FILE} file or log out from the cluster"
+                fi
+
+                for POD in $(oc get pods -o name -n ${NAMESPACE});
+                do
+
+                    for CONTAINER in $(oc get ${POD} -n ${NAMESPACE} -o jsonpath="{.spec.containers[*].name}");
+                    do
+                        LOG_FILE_NAME=$(echo "${POD}-${CONTAINER}" | sed 's|/|-|g')
+                        LOG_FILE=${LOGS_DIR}/${LOG_FILE_NAME}
+
+                        if [[ ! -f ${LOG_FILE} ]]; then
+                            if [[ -n $(oc logs ${POD} -c ${CONTAINER} -n ${NAMESPACE} 2>/dev/null || true) ]]; then
+                                echo "collecting logs from container ${CONTAINER} in pod ${POD} in namespace ${NAMESPACE} to file ${LOG_FILE}"
+                                oc logs ${POD} -c ${CONTAINER} -n ${NAMESPACE} -f > ${LOG_FILE} &
+                                PROCESSES="${PROCESSES}$! "
+                            fi
+                        fi
+                    done
+                done
+                sleep 1
+                COUNTER=$(( COUNTER + 1 ))
+            done
+            echo "killing the daemon processes ${PROCESSES}"
+            kill ${PROCESSES}
+        fi
+    else
+        if [[ -n "${CI}" ]]; then
+            echo "ARTIFACT_DIR env var is not set - no logs will be collected"
+        fi
+    fi
+}
+
+set -e
+
+read_arguments $@
+start_collecting_logs
diff --git a/scripts/ci/dev-sso/keycloak.yaml b/scripts/ci/dev-sso/keycloak.yaml
@@ -0,0 +1,125 @@
+apiVersion: keycloak.org/v1alpha1
+kind: Keycloak
+metadata:
+  name: kubesaw-dev
+  namespace: ${DEV_SSO_NS}
+  labels:
+    sso-toolchain: kubesaw-dev
+spec:
+  externalAccess:
+    enabled: true
+  instances: 1
+---
+apiVersion: keycloak.org/v1alpha1
+kind: KeycloakRealm
+metadata:
+  name: kubesaw-dev
+  namespace: ${DEV_SSO_NS}
+spec:
+  instanceSelector:
+    matchLabels:
+      sso-toolchain: kubesaw-dev
+  realm:
+    id: kubesaw-dev
+    realm: kubesaw-dev
+    displayName: kubesaw Dev In-cluster Keycloak
+    accessTokenLifespan: 7200
+    accessTokenLifespanForImplicitFlow: 900
+    enabled: true
+    sslRequired: none
+    registrationAllowed: false
+    registrationEmailAsUsername: false
+    rememberMe: false
+    verifyEmail: false
+    loginWithEmailAllowed: true
+    duplicateEmailsAllowed: false
+    resetPasswordAllowed: false
+    editUsernameAllowed: false
+    bruteForceProtected: false
+    permanentLockout: false
+    maxFailureWaitSeconds: 900
+    minimumQuickLoginWaitSeconds: 60
+    waitIncrementSeconds: 60
+    quickLoginCheckMilliSeconds: 1000
+    maxDeltaTimeSeconds: 43200
+    failureFactor: 30
+    clients:
+      - id: 86427c2e-8736-4ce4-8da5-11f0fbf4d2f2
+        clientId: kubesaw
+        surrogateAuthRequired: false
+        enabled: true
+        clientAuthenticatorType: client-secret
+        redirectUris:
+          - '*'
+        webOrigins: []
+        notBefore: 0
+        bearerOnly: false
+        consentRequired: false
+        standardFlowEnabled: true
+        implicitFlowEnabled: false
+        directAccessGrantsEnabled: true
+        serviceAccountsEnabled: false
+        publicClient: false
+        frontchannelLogout: false
+        protocol: openid-connect
+        secret: "${KEYCLOAK_SECRET}"
+        attributes: {}
+        authenticationFlowBindingOverrides: {}
+        fullScopeAllowed: true
+        nodeReRegistrationTimeout: -1
+        defaultClientScopes: []
+        optionalClientScopes: []
+      - id: 9a5018a7-5f92-40c9-b8f1-63f53bc32a68
+        clientId: kubesaw-public
+        surrogateAuthRequired: false
+        enabled: true
+        clientAuthenticatorType: client-secret
+        redirectUris:
+          - '*'
+        webOrigins:
+          - '*'
+        notBefore: 0
+        bearerOnly: false
+        consentRequired: false
+        standardFlowEnabled: true
+        implicitFlowEnabled: false
+        directAccessGrantsEnabled: true
+        serviceAccountsEnabled: false
+        publicClient: true
+        frontchannelLogout: false
+        protocol: openid-connect
+        protocolMappers: []
+        attributes: {}
+        authenticationFlowBindingOverrides: {}
+        fullScopeAllowed: true
+        nodeReRegistrationTimeout: -1
+        defaultClientScopes: []
+        optionalClientScopes: []
+    clientScopes: []
+    defaultDefaultClientScopes: []
+    smtpServer: {}
+    loginTheme: rh-sso
+    eventsEnabled: false
+    eventsListeners:
+      - jboss-logging
+    enabledEventTypes: []
+    adminEventsEnabled: false
+    adminEventsDetailsEnabled: false
+    identityProviders: []
+    identityProviderMappers: []
+    internationalizationEnabled: false
+    supportedLocales: []
+    authenticationFlows: []
+    authenticatorConfig: []
+    userManagedAccessAllowed: false
+    users:
+      - credentials:
+          - type: password
+            value: user1
+        email: [email protected]
+        emailVerified: true
+        enabled: true
+        firstName: user1
+        id: user1
+        username: user1
+        clientRoles: {}
diff --git a/scripts/ci/dev-sso/namespace.yaml b/scripts/ci/dev-sso/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${DEV_SSO_NS}
diff --git a/scripts/ci/dev-sso/openid-secret.yaml b/scripts/ci/dev-sso/openid-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: openid-client-secret-kubesaw
+  namespace: openshift-config
+stringData:
+  clientSecret: ${KEYCLOAK_SECRET}
+type: Opaque
diff --git a/scripts/ci/dev-sso/rhsso-operator.yaml b/scripts/ci/dev-sso/rhsso-operator.yaml
@@ -0,0 +1,20 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: og-rhsso
+  namespace: ${DEV_SSO_NS}
+spec:
+  targetNamespaces:
+  - ${DEV_SSO_NS}
+---
+ apiVersion: operators.coreos.com/v1alpha1
+ kind: Subscription
+ metadata:
+   name: ${SUBSCRIPTION_NAME}
+   namespace: ${DEV_SSO_NS}
+ spec:
+   channel: stable
+   name: rhsso-operator
+   source: redhat-operators
+   sourceNamespace: openshift-marketplace
+   installPlanApproval: Automatic