OCM-9780 | test: automated id:65900,id:76481 install with use-local-credentials will work

Author: jerichokeyne

tests/README.md

@@ -128,6 +128,7 @@ For the test cases, we need `$ make install` to make the rosa command line insta
 > * **PROVISION_SHARD** if it is set, a provision shard will be specified for cluster provision
 > * **NAME_PREFIX** if it is set, all resources will be generated based with the name prefix to identify the created cluster created by you. Otherwise _`rosacli-ci`_ will be used. For local testing, we should have it be set with your alias
 > * **CLUSTER_TIMEOUT** if it is set, the process will exit if cluster cannot be ready in setting time. Unit is minute
+> * **USE_LOCAL_CREDENTIALS** if it is set to `true`, then when the cluster is provisioned the `--use-local-credentials` flag will be enabled
 
 ### Running a local CI test simulation
 

tests/ci/config/config.go

@@ -61,16 +61,17 @@ type GlobalENVVariables struct {
 	OCM_LOGIN_ENV         string `env:"OCM_LOGIN_ENV" default:""`
 }
 type ClusterENVVariables struct {
-	ComputeMachineType string `env:"COMPUTE_MACHINE_TYPE" default:""`
-	BYOVPC             string `env:"BYOVPC" default:""`
-	Private            string `env:"PRIVATE" default:""`
-	Autoscale          string `env:"AUTOSCALE" default:""`
-	ProxyEnabled       string `env:"PROXY_ENABLED" default:""`
-	FipsEnabled        string `env:"FIPS_ENABLED" default:""`
-	VolumeSize         string `env:"VOLUME_SIZE" default:""`
-	Replicas           string `env:"REPLICAS" default:""`
-	MultiAZ            string `env:"MULTI_AZ" default:""`
-	AllowRegistries    string `env:"ALLOW_REGISTRIES" default:""`
+	ComputeMachineType  string `env:"COMPUTE_MACHINE_TYPE" default:""`
+	BYOVPC              string `env:"BYOVPC" default:""`
+	Private             string `env:"PRIVATE" default:""`
+	Autoscale           string `env:"AUTOSCALE" default:""`
+	ProxyEnabled        string `env:"PROXY_ENABLED" default:""`
+	FipsEnabled         string `env:"FIPS_ENABLED" default:""`
+	VolumeSize          string `env:"VOLUME_SIZE" default:""`
+	Replicas            string `env:"REPLICAS" default:""`
+	MultiAZ             string `env:"MULTI_AZ" default:""`
+	AllowRegistries     string `env:"ALLOW_REGISTRIES" default:""`
+	UseLocalCredentials bool   `env:"USE_LOCAL_CREDENTIALS" default:"false"`
 }
 
 func init() {
@@ -120,6 +121,7 @@ func init() {
 		panic(fmt.Errorf("env variable CLUSTER_TIMEOUT must be set to an integer"))
 	}
 	waitSetupClusterReady, _ := strconv.ParseBool(helper.ReadENVWithDefaultValue("WAIT_SETUP_CLUSTER_READY", "true"))
+	useLocalCredentials, _ := strconv.ParseBool(helper.ReadENVWithDefaultValue("USE_LOCAL_CREDENTIALS", "false"))
 	Test.GlobalENV = &GlobalENVVariables{
 		ChannelGroup:          os.Getenv("CHANNEL_GROUP"),
 		Version:               os.Getenv("VERSION"),
@@ -134,16 +136,17 @@ func init() {
 		WaitSetupClusterReady: waitSetupClusterReady,
 	}
 	Test.ClusterENV = &ClusterENVVariables{
-		ComputeMachineType: os.Getenv("COMPUTE_MACHINE_TYPE"),
-		BYOVPC:             os.Getenv("BYOVPC"),
-		Private:            os.Getenv("PRIVATE"),
-		Autoscale:          os.Getenv("AUTOSCALE"),
-		ProxyEnabled:       os.Getenv("PROXY_ENABLED"),
-		FipsEnabled:        os.Getenv("FIPS_ENABLED"),
-		VolumeSize:         os.Getenv("VOLUME_SIZE"),
-		Replicas:           os.Getenv("REPLICAS"),
-		MultiAZ:            os.Getenv("MULTI_AZ"),
-		AllowRegistries:    os.Getenv("ALLOW_REGISTRIES"),
+		ComputeMachineType:  os.Getenv("COMPUTE_MACHINE_TYPE"),
+		BYOVPC:              os.Getenv("BYOVPC"),
+		Private:             os.Getenv("PRIVATE"),
+		Autoscale:           os.Getenv("AUTOSCALE"),
+		ProxyEnabled:        os.Getenv("PROXY_ENABLED"),
+		FipsEnabled:         os.Getenv("FIPS_ENABLED"),
+		VolumeSize:          os.Getenv("VOLUME_SIZE"),
+		Replicas:            os.Getenv("REPLICAS"),
+		MultiAZ:             os.Getenv("MULTI_AZ"),
+		AllowRegistries:     os.Getenv("ALLOW_REGISTRIES"),
+		UseLocalCredentials: useLocalCredentials,
 	}
 
 }

tests/e2e/test_rosacli_cluster.go

@@ -1554,6 +1554,18 @@ var _ = Describe("Classic cluster creation validation",
 				Expect(err).NotTo(BeNil())
 				Expect(errorOutput.String()).To(ContainSubstring("etcd encryption cannot be disabled on clusters with FIPS mode"))
 			})
+		It("validate use-local-credentials won't work with sts - [id:76481]",
+			labels.Medium, labels.Runtime.Day1Negative,
+			func() {
+				clusterName := "ocp-76481"
+
+				By("Create cluster with use-local-credentials flag but with sts")
+				errorOutput, err := clusterService.CreateDryRun(
+					clusterName, "--use-local-credentials", "--sts", "--mode=auto", "-y",
+				)
+				Expect(err).NotTo(BeNil())
+				Expect(errorOutput.String()).To(ContainSubstring("Local credentials are not supported for STS clusters"))
+			})
 	})
 
 var _ = Describe("Create cluster with invalid options will",
@@ -4226,3 +4238,112 @@ var _ = Describe("Sts cluster with BYO oidc flow creation supplemental testing",
 				Expect(err).To(BeNil(), "It met error or timeout when waiting cluster to installing status")
 			})
 	})
+var _ = Describe("Non-STS cluster with local credentials",
+	labels.Feature.Cluster,
+	func() {
+		defer GinkgoRecover()
+
+		var (
+			rosaClient     *rosacli.Client
+			clusterService rosacli.ClusterService
+
+			customProfile      *handler.Profile
+			clusterID          string
+			ocmResourceService rosacli.OCMResourceService
+			testingClusterName string
+			clusterHandler     handler.ClusterHandler
+		)
+		BeforeEach(func() {
+			var err error
+
+			By("Init the client")
+			rosaClient = rosacli.NewClient()
+			clusterService = rosaClient.Cluster
+			ocmResourceService = rosaClient.OCMResource
+
+			By("Get AWS account id")
+			rosaClient.Runner.JsonFormat()
+			rosaClient.Runner.UnsetFormat()
+
+			By("Prepare custom profile")
+			customProfile = &handler.Profile{
+				ClusterConfig: &handler.ClusterConfig{
+					HCP:                 false,
+					MultiAZ:             false,
+					STS:                 false,
+					OIDCConfig:          "",
+					NetworkingSet:       false,
+					BYOVPC:              false,
+					UseLocalCredentials: true,
+				},
+				AccountRoleConfig: &handler.AccountRoleConfig{
+					Path:               "/aa/bb/",
+					PermissionBoundary: "",
+				},
+				Version:      "latest",
+				ChannelGroup: "candidate",
+				Region:       "us-east-2",
+			}
+			customProfile.NamePrefix = constants.DefaultNamePrefix
+			clusterHandler, err = handler.NewTempClusterHandler(rosaClient, customProfile)
+			Expect(err).ToNot(HaveOccurred())
+		})
+
+		AfterEach(func() {
+			defer func() {
+				By("Clean resources")
+				clusterHandler.Destroy()
+			}()
+
+			By("Delete cluster")
+			rosaClient.Runner.UnsetArgs()
+			_, err := clusterService.DeleteCluster(clusterID, "-y")
+			Expect(err).To(BeNil())
+
+			rosaClient.Runner.UnsetArgs()
+			err = clusterService.WaitClusterDeleted(clusterID, 3, 30)
+			Expect(err).To(BeNil())
+
+			By("Delete operator-roles")
+			_, err = ocmResourceService.DeleteOperatorRoles(
+				"-c", clusterID,
+				"--mode", "auto",
+				"-y",
+			)
+			Expect(err).To(BeNil())
+		})
+
+		It("Creating cluster with non-sts use-local-credentials should succeed - [id:65900]",
+			labels.Medium, labels.Runtime.Day1Supplemental,
+			func() {
+				By("Create classic cluster in auto mode")
+				testingClusterName = helper.GenerateRandomName("c65900", 2)
+				testOperatorRolePrefix := helper.GenerateRandomName("opp65900", 2)
+				flags, err := clusterHandler.GenerateClusterCreateFlags()
+				Expect(err).ToNot(HaveOccurred())
+
+				command := "rosa create cluster --cluster-name " + testingClusterName + " " + strings.Join(flags, " ")
+				rosalCommand := config.GenerateCommand(command)
+				rosalCommand.ReplaceFlagValue(map[string]string{
+					"--operator-roles-prefix": testOperatorRolePrefix,
+				})
+
+				rosalCommand.AddFlags("--mode", "auto")
+				_, err = rosaClient.Runner.RunCMD(strings.Split(rosalCommand.GetFullCommand(), " "))
+				Expect(err).To(BeNil())
+
+				By("Wait for the cluster to be installing")
+				clusterListout, err := clusterService.List()
+				Expect(err).To(BeNil())
+				clusterList, err := clusterService.ReflectClusterList(clusterListout)
+				Expect(err).To(BeNil())
+				clusterID = clusterList.ClusterByName(testingClusterName).ID
+				err = clusterService.WaitClusterStatus(clusterID, "installing", 3, 20)
+				Expect(err).To(BeNil())
+
+				By("Check the properties of the cluster")
+				jsonData, err := clusterService.GetJSONClusterDescription(clusterID)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(jsonData.DigBool("properties", "use_local_credentials")).To(BeTrue())
+			})
+	})

tests/e2e/test_rosacli_cluster_post.go

@@ -587,6 +587,14 @@ var _ = Describe("Healthy check",
 						Expect(jsonData.DigBool("multi_arch_enabled")).To(BeFalse())
 					}
 				})
+			It("with use-local-credentials will work - [id:65900]", labels.Runtime.Day1Post, labels.High,
+				func() {
+					By("Check that the 'use_local_credentials' property matches the profile")
+					jsonData, err := clusterService.GetJSONClusterDescription(clusterID)
+					Expect(err).ToNot(HaveOccurred())
+					Expect(jsonData.DigBool("properties", "use_local_credentials")).
+						To(Equal(profile.ClusterConfig.UseLocalCredentials))
+				})
 
 			It("with policy path will work - [id:75525]", labels.Runtime.Day1Post, labels.High,
 				func() {

tests/utils/handler/cluster_handler.go

@@ -217,6 +217,11 @@ func (ch *clusterHandler) GenerateClusterCreateFlags() ([]string, error) {
 			"--domain-prefix", helper.TrimNameByLength(clusterName, ocm.MaxClusterDomainPrefixLength),
 		)
 	}
+	if ch.profile.ClusterConfig.UseLocalCredentials {
+		flags = append(flags,
+			"--use-local-credentials",
+		)
+	}
 	if ch.profile.ClusterConfig.STS {
 		var accRoles *rosacli.AccountRolesUnit
 		var oidcConfigID string

tests/utils/handler/interface.go

@@ -62,6 +62,7 @@ type ClusterConfig struct {
 	BlockedRegistries             bool   `yaml:"blocked_registries" json:"blocked_registries,omitempty"`
 	ManualCreationMode            bool   `yaml:"manual_creation_mode" json:"manual_creation_mode,omitempty"`
 	FedRAMP                       bool   `yaml:"fedramp" json:"fedramp,omitempty"`
+	UseLocalCredentials           bool   `yaml:"use_local_credentials,omitempty" json:"use_local_credentials,omitempty"`
 }
 
 // Resources will record the resources prepared

tests/utils/handler/profile.go

@@ -135,6 +135,10 @@ func LoadProfileYamlFileByENV() *Profile {
 			config.Test.ClusterENV.ComputeMachineType)
 		profile.ClusterConfig.InstanceType = config.Test.ClusterENV.ComputeMachineType
 	}
+	if config.Test.ClusterENV.UseLocalCredentials {
+		log.Logger.Info("Got global env setting for USE_LOCAL_CREDENTIALS, overwritten the profile setting to true")
+		profile.ClusterConfig.UseLocalCredentials = true
+	}
 	if config.Test.ClusterENV.BYOVPC != "" {
 		log.Logger.Infof("Got global env settings for BYOVPC, overwritten the profile setting with value %s",
 			config.Test.ClusterENV.BYOVPC)