Merging jenkins plugin test templates into one

[jupierce]

When running locally on a developer's system, the previous Jenkins plugin test would conditionally fork and load:
jenkins-ephemeral-template-test-new-plugin.json
or
jenkins-ephemeral-template-no-oauth.json

depending on whether the developer had built an image using the OpenShift Jenkins plugin PR-Testing instructions.

This implementation required that both templates be maintained -- more importantly, failure to do so was undetectable by CI testing. This problem already manifested once when the new-plugin template was not updated to specify the "jenkins" service account.

Instructing the extended tests to target the local image will also now require an environment variable to be specified before running the tests: USE_SNAPSHOT_JENKINS_IMAGE=1 . This makes explicit the developer's desire to target the local (versus official) jenkins image. A corresponding PR in openshift/jenkins-plugin will be opened to update the README.

@bparees @gabemontero ptal

[gabemontero]

Only 1 idea / potential follow up PR

Generally, IGTM either way

[gabemontero]

Arguably orthogonal to your change, but if we could somehow copy examples/jenkins/jenkins-ephemeral-template.json from the origin source tree to a temporary location (the forcepull.go tests do something similar if I remember correctly), and somehow find this snippet in the template:

                  {
                    "name": "OPENSHIFT_ENABLE_OAUTH",
                    "value": "true"
                  },

and change the value to false, we could in fact use the official example template while still disabling oauth.

Assuming this is sufficiently simple (certainly simpler I think than handling oauth flows in our extended tests) of course.

Perhaps to be done in a separate PR if we want to get this change in quickly.

[bparees]

we can make ENABLE_OAUTH a parameter (with a default of true) in the jenkins-ephemeral(and jenkins-persistent) official templates if we wanted to do this, to make it easier.

[jupierce]

Will do. Definitely the intent of this PR to reduce the templates we need to maintain.

[bparees]

one nit and lgtm pending passing tests.

[bparees]

make the FROM image name a constant and use the same constant on line 418 (the "tag" array).

i don't think there should be any issue with having ":latest" on the image name in both cases.

[jupierce]

Next push.

[gabemontero]

On Tue, Nov 1, 2016 at 3:04 PM, Ben Parees [email protected] wrote:

@bparees commented on this pull request.

In test/extended/image_ecosystem/plugin.go
#11711:

@@ -414,18 +417,46 @@ var _ = g.Describe("[image_ecosystem][jenkins][Slow] openshift pipeline plugin",
g.By("kick off the build for the jenkins ephermeral and application templates")
tag := []string{"openshift/jenkins-plugin-snapshot-test:latest"}
hexIDs, err := exutil.DumpAndReturnTagging(tag)

• var jenkinsEphemeralPath string
  

• var testingSnapshot bool
  

• if len(hexIDs) > 0 && err == nil {
  

•     // found an openshift pipeline plugin test image, must be testing a proposed change to the plugin
  

•     jenkinsEphemeralPath = exutil.FixturePath("testdata", "jenkins-ephemeral-template-test-new-plugin.json")
  

•     testingSnapshot = true
  

• // If the user has expressed an interest in local plugin testing by setting the
  

• // SNAPSHOT_JENKINS_IMAGE environment variable, try to use the local image. Inform them
  

• // either about which image is being used in case their test fails.
  

• snapshotImagePresent := len(hexIDs) > 0 && err == nil
  

• useSnapshotImage := os.Getenv(useLocalPluginSnapshotEnvVarName) != "" && snapshotImagePresent
  

• //TODO disabling oauth until we can update getAdminPassword path to handle oauth (perhaps borrow from oauth integration tests)
  

• newAppArgs := []string{exutil.FixturePath("testdata", "jenkins-ephemeral-template-no-oauth.json")}
  

we can make ENABLE_OAUTH a parameter (with a default of true) in the
jenkins-ephemeral(and jenkins-persistent) official templates if we wanted
to do this, to make it easier.

True, but I thought when discussed in the past we liked the env var
apporach over template parameter for other reasons. Would this scenario be
sufficient to change are thoughts here?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#11711, or mute the thread
https://github.com/notifications/unsubscribe-auth/ADbadDcC7NY0pZK0rwFfPZaKFrK__rLlks5q540ygaJpZM4KmcB0
.

[bparees]

True, but I thought when discussed in the past we liked the env var apporach over template parameter for other reasons. Would this scenario be sufficient to change are thoughts here?

@gabemontero it's still an env var to the container, it's just that now the env var value would be controllable by a template parameter instead of being hardcoded in the template.

[gabemontero]

On Tue, Nov 1, 2016 at 3:26 PM, Ben Parees [email protected] wrote:

True, but I thought when discussed in the past we liked the env var
apporach over template parameter for other reasons. Would this scenario be
sufficient to change are thoughts here?

@gabemontero https://github.com/gabemontero it's still an env var to
the container, it's just that now the env var value would be controllable
by a template parameter instead of being hardcoded in the template.

@bparees I get that, but I thought I remembered during our discussions a
perceived advantage to having the env var hardcoded in this particular
case. Essentially we didn't want to be
"outgoing" in allowing users to override oauth. But perhaps I'm
misremembering.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#11711 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADbadH6XaDSBZyJCcdJi9eWufuZhunwmks5q55J-gaJpZM4KmcB0
.

[bparees]

Essentially we didn't want to be "outgoing" in allowing users to override oauth. But perhaps I'm misremembering.

i think we may have felt it didn't need to be a parameter, but i can't think of a good reason not to allow it to be a parameter, aside from potential user confusion about whether they should be changing it.

if they set it to false, they are going to get admin/password behavior, which i guess is undesirable, but we can note that in the parameter description.

[gabemontero]

On Tue, Nov 1, 2016 at 3:53 PM, Ben Parees [email protected] wrote:

Essentially we didn't want to be "outgoing" in allowing users to override
oauth. But perhaps I'm misremembering.

i think we may have felt it didn't need to be a parameter, but i can't
think of a good reason not to allow it to be a parameter, aside from
potential user confusion about whether they should be changing it.

if they set it to false, they are going to get admin/password behavior,
which i guess is undesirable, but we can note that in the parameter
description.

OK then. I'll jump on board then. And we want @jupierce to make that
change as part of this PR ? If so, don't forget
jenkins-persistent-template.json as well.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#11711 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADbadM_SRZETnlBBovxGjNSV_BqJDCWpks5q55i0gaJpZM4KmcB0
.

[bparees]

OK then. I'll jump on board then. And we want @jupierce to make that
change as part of this PR ?

might as well, if we're consolidating templates let's go all the way.

[jupierce]

• String constants used.
• Removed no-oauth template.
• Parameterized official jenkins ephemeral/persistent templates with ENABLE_OAUTH.
• Changed test to use official ephemeral template.

@bparees @gabemontero ptal

[gabemontero]

IGTM

[bparees]

also needs hack/update-generated-bootstrap run since you're changing packaged templates.

[bparees]

needs ENABLE_OAUTH=false
also split these parameters into multiple -p args, because we're disabling the comma separated key/value pairs behavior: #11539

[bparees]

sorry, i see you're handling OAUTH globally above. still need to use separate -p args instead of comma separated though.

[jupierce]

ENABLE_OAUTH is set to false for all codepaths before this point (https://github.com/openshift/origin/pull/11711/files#diff-e4304911bb619db276427757be12a8c5R431) .
Comma change in next push.

[bparees]

still needs hack/update-generated-bootstrap.sh, otherwise lgtm.

[jupierce]

• Commas no longer used for multiple template parameters.
• Generated boostrap .
• If dev defines USE_SNAPSHOT_JENKINS_IMAGE but does not have local jenkins snapshot, the test will fail.

[bparees]

lgtm

[jupierce]

Flake #11735
[test]

[jupierce]

[testextended][extended:core(openshift pipeline plugin)]

[openshift-bot]

Evaluated for origin test up to d2382ba

[openshift-bot]

Evaluated for origin testextended up to d2382ba

[openshift-bot]

continuous-integration/openshift-jenkins/testextended SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin_extended/725/) (Base Commit: 8e595f4) (Extended Tests: core(openshift pipeline plugin))

[bparees]

[merge]

[openshift-bot]

continuous-integration/openshift-jenkins/test FAILURE (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/11005/) (Base Commit: 8e595f4)

[bparees]

[merge]

Ben Parees | OpenShift

On Nov 3, 2016 12:53 AM, "OpenShift Bot" [email protected] wrote:

continuous-integration/openshift-jenkins/merge FAILURE (
https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/11041/) (Base
Commit: 75ed7e1
75ed7e1
)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#11711 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AEvl3tt3cconXFeyVn9d7M24rjaaB1h9ks5q6WjhgaJpZM4KmcB0
.

[bparees]

flake #11650
[merge]

[openshift-bot]

Evaluated for origin merge up to d2382ba

[openshift-bot]

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/11061/) (Base Commit: 3b6c372) (Image: devenv-rhel7_5306)