diff --git a/tests/README.md b/tests/README.md index 5860559541..119a9e5f84 100644 --- a/tests/README.md +++ b/tests/README.md @@ -128,6 +128,7 @@ For the test cases, we need `$ make install` to make the rosa command line insta > * **PROVISION_SHARD** if it is set, a provision shard will be specified for cluster provision > * **NAME_PREFIX** if it is set, all resources will be generated based with the name prefix to identify the created cluster created by you. Otherwise _`rosacli-ci`_ will be used. For local testing, we should have it be set with your alias > * **CLUSTER_TIMEOUT** if it is set, the process will exit if cluster cannot be ready in setting time. Unit is minute +> * **USE_LOCAL_CREDENTIALS** if it is set to `true`, then when the cluster is provisioned the `--use-local-credentials` flag will be enabled ### Running a local CI test simulation diff --git a/tests/ci/config/config.go b/tests/ci/config/config.go index 63bc9bf12a..3c6a55c7b1 100644 --- a/tests/ci/config/config.go +++ b/tests/ci/config/config.go @@ -54,6 +54,7 @@ type GlobalENVVariables struct { SVPC_CREDENTIALS_FILE string `env:"SHARED_VPC_AWS_SHARED_CREDENTIALS_FILE" default:""` ComputeMachineType string `env:"COMPUTE_MACHINE_TYPE" default:""` OCM_LOGIN_ENV string `env:"OCM_LOGIN_ENV" default:""` + UseLocalCredentials bool `env:"USE_LOCAL_CREDENTIALS" default:"false"` } func init() { @@ -100,6 +101,7 @@ func init() { panic(fmt.Errorf("env variable CLUSTER_TIMEOUT must be set to an integer")) } waitSetupClusterReady, _ := strconv.ParseBool(helper.ReadENVWithDefaultValue("WAIT_SETUP_CLUSTER_READY", "true")) + useLocalCredentials, _ := strconv.ParseBool(helper.ReadENVWithDefaultValue("USE_LOCAL_CREDENTIALS", "false")) Test.GlobalENV = &GlobalENVVariables{ ChannelGroup: os.Getenv("CHANNEL_GROUP"), Version: os.Getenv("VERSION"), @@ -109,6 +111,7 @@ func init() { SVPC_CREDENTIALS_FILE: os.Getenv("SHARED_VPC_AWS_SHARED_CREDENTIALS_FILE"), ComputeMachineType: os.Getenv("COMPUTE_MACHINE_TYPE"), OCM_LOGIN_ENV: os.Getenv("OCM_LOGIN_ENV"), + UseLocalCredentials: useLocalCredentials, ClusterWaitingTime: waitingTime, WaitSetupClusterReady: waitSetupClusterReady, } diff --git a/tests/ci/data/profiles/rosa-classic.yaml b/tests/ci/data/profiles/rosa-classic.yaml index da2b32e493..91b7101a34 100644 --- a/tests/ci/data/profiles/rosa-classic.yaml +++ b/tests/ci/data/profiles/rosa-classic.yaml @@ -214,4 +214,4 @@ profiles: oidc_config: "" shared_vpc: false imdsv2: "optional" - admin_enabled: false \ No newline at end of file + admin_enabled: false diff --git a/tests/e2e/test_rosacli_cluster.go b/tests/e2e/test_rosacli_cluster.go index 07954160bb..60b00bef00 100644 --- a/tests/e2e/test_rosacli_cluster.go +++ b/tests/e2e/test_rosacli_cluster.go @@ -1294,6 +1294,19 @@ var _ = Describe("Classic cluster creation validation", Expect(errorOutput.String()).To(ContainSubstring("etcd encryption cannot be disabled on clusters with FIPS mode")) }) + It("validate use-local-credentials won't work with sts - [id:76481]", + labels.Medium, labels.Runtime.Day1Negative, + func() { + clusterName := "ocp-76481" + + By("Create cluster with use-local-credentials flag but with sts") + errorOutput, err := clusterService.CreateDryRun( + clusterName, "--use-local-credentials", "--sts", "--mode=auto", "-y", + ) + Expect(err).NotTo(BeNil()) + Expect(errorOutput.String()).To(ContainSubstring("Local credentials are not supported for STS clusters")) + }) + It("Create rosa cluster with additional security groups will validate well via rosacli - [id:68971]", labels.Medium, labels.Runtime.Day1Negative, func() { diff --git a/tests/e2e/test_rosacli_cluster_post.go b/tests/e2e/test_rosacli_cluster_post.go index 227b19b847..7594199931 100644 --- a/tests/e2e/test_rosacli_cluster_post.go +++ b/tests/e2e/test_rosacli_cluster_post.go @@ -585,6 +585,14 @@ var _ = Describe("Healthy check", Expect(jsonData.DigBool("multi_arch_enabled")).To(BeFalse()) } }) + It("with use-local-credentials will work - [id:65900]", labels.Runtime.Day1Post, labels.High, + func() { + By("Check that the cluster was installed with the right profile") + jsonData, err := clusterService.GetJSONClusterDescription(clusterID) + Expect(err).ToNot(HaveOccurred()) + Expect(jsonData.DigBool("properties", "use_local_credentials")). + To(Equal(profile.ClusterConfig.UseLocalCredentials)) + }) It("with policy path will work - [id:75525]", labels.Runtime.Day1Post, labels.High, func() { diff --git a/tests/utils/profilehandler/interface.go b/tests/utils/profilehandler/interface.go index 6484c185f1..3b15ebe768 100644 --- a/tests/utils/profilehandler/interface.go +++ b/tests/utils/profilehandler/interface.go @@ -57,6 +57,7 @@ type ClusterConfig struct { SharedVPC bool `yaml:"shared_vpc,omitempty" json:"shared_vpc,omitempty"` TagEnabled bool `yaml:"tag_enabled,omitempty" json:"tag_enabled,omitempty"` NetworkType string `yaml:"network_type,omitempty" json:"network_type,omitempty"` + UseLocalCredentials bool `yaml:"use_local_credentials,omitempty" json:"use_local_credentials,omitempty"` } // UserData will record the user data prepared for resource clean up diff --git a/tests/utils/profilehandler/profile_handler.go b/tests/utils/profilehandler/profile_handler.go index 8b8ec61e59..08119fd88a 100644 --- a/tests/utils/profilehandler/profile_handler.go +++ b/tests/utils/profilehandler/profile_handler.go @@ -66,11 +66,16 @@ func LoadProfileYamlFileByENV() *Profile { } if config.Test.GlobalENV.ComputeMachineType != "" { - log.Logger.Infof("Got global env settings for INSTANCE_TYPE, overwritten the profile setting with value %s", + log.Logger.Infof("Got global env settings for COMPUTE_MACHINE_TYPE, overwritten the profile setting with value %s", config.Test.GlobalENV.ComputeMachineType) profile.ClusterConfig.InstanceType = config.Test.GlobalENV.ComputeMachineType } + if config.Test.GlobalENV.UseLocalCredentials { + log.Logger.Info("Got global env setting for USE_LOCAL_CREDENTIALS, overwritten the profile setting to true") + profile.ClusterConfig.UseLocalCredentials = true + } + return profile } @@ -180,6 +185,11 @@ func GenerateClusterCreateFlags(profile *Profile, client *rosacli.Client) ([]str "--domain-prefix", helper.TrimNameByLength(clusterName, ocm.MaxClusterDomainPrefixLength), ) } + if profile.ClusterConfig.UseLocalCredentials { + flags = append(flags, + "--use-local-credentials", + ) + } if profile.ClusterConfig.STS { var accRoles *rosacli.AccountRolesUnit var oidcConfigID string