Step: optional-operators-cvp-common-apply-secrets

Collect the project information from the supplied Pyxis project URL, decrypt the encrypted kube_objects and apply the kube_objects on the testing cluster before the opereator is installed and tested.

Container image used for this step: ci/cvp-operator-scorecard:v1

ci/cvp-operator-scorecard:v1 resolves to an image imported from the specified imagestream tag on the build farm (documentation).

Environment

In addition to the default environment, the step exposes the following:

Variable Name Type Variable Content
PYXIS_URL Parameter[?] Optional. URL that contains specific cvp product package name for specific ISV with unique pid.

Source Code

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/bin/bash

# Steps for extracting and applying the kube_secrets ISV parameter
# Expects the standard Prow environment variables to be set

REHEARSAL_INSTALL_NAMESPACE="!create"

PYXIS_URL="${PYXIS_URL:-""}"
# The namespace into which the operator and catalog will be
# installed. Special value `!create` means that a new namespace will be created.
OO_INSTALL_NAMESPACE="${OO_INSTALL_NAMESPACE:-$REHEARSAL_INSTALL_NAMESPACE}"

# Check if PYXIS_URL exists, skip the whole step if not.
if [[ -z "$PYXIS_URL" ]]; then
    echo "PYXIS_URL is not defined, skipping step cvp-common-apply-secrets!"
    exit 0
else
    echo "PYXIS_URL is defined, proceeding with cvp-common-apply-secrets step."
fi

echo "Creating a new NAMESPACE"
if [[ "$OO_INSTALL_NAMESPACE" == "!create" ]]; then
    echo "OO_INSTALL_NAMESPACE is '!create': creating new namespace"
    NS_NAMESTANZA="generateName: oo-"
elif ! oc get namespace "$OO_INSTALL_NAMESPACE"; then
    echo "OO_INSTALL_NAMESPACE is '$OO_INSTALL_NAMESPACE' which does not exist: creating"
    NS_NAMESTANZA="name: $OO_INSTALL_NAMESPACE"
else
    echo "OO_INSTALL_NAMESPACE is '$OO_INSTALL_NAMESPACE'"
fi

if [[ -n "${NS_NAMESTANZA:-}" ]]; then
    OO_INSTALL_NAMESPACE=$(
        oc create -f - -o jsonpath='{.metadata.name}' <<EOF
apiVersion: v1
kind: Namespace
metadata:
  $NS_NAMESTANZA
EOF
    )
fi

# Creating file that contains namespace name
echo "$OO_INSTALL_NAMESPACE" > "${SHARED_DIR}"/operator-install-namespace.txt

GPG_KEY='/var/run/cvp-pyxis-gpg-secret/cvp-gpg.key' # Secret file which will be mounted by DPTP
GPG_PASS='/var/run/cvp-pyxis-gpg-secret/cvp-gpg.pass' # Secret file which will be mounted by DPTP
PKCS12_CERT='/var/run/cvp-pyxis-gpg-secret/cvp-dptp.cert' # Secret file which will be mounted by DPTP
PKCS12_KEY='/var/run/cvp-pyxis-gpg-secret/cvp-dptp.key' # Secret file which will be mounted by DPTP

echo "Fetching the kube_objects from Pyxis for ISV pid ${PYXIS_URL}"
touch /tmp/get_kubeObjects.txt
curl --key "${PKCS12_KEY}" --cert "${PKCS12_CERT}" "${PYXIS_URL}" | jq -r ".container.kube_objects" > /tmp/get_kubeObjects.txt

echo "Decrypting the kube_objects fetched from Pyxis"
gpg --batch --yes --quiet --pinentry-mode loopback --import --passphrase-file "${GPG_PASS}" "${GPG_KEY}"
gpg --batch --yes --quiet --pinentry-mode loopback --decrypt --passphrase-file "${GPG_PASS}" /tmp/get_kubeObjects.txt > /tmp/kube_objects.yaml

echo "Applying the kube_objects on the testing OCP cluster"
oc apply -f /tmp/kube_objects.yaml -n "$OO_INSTALL_NAMESPACE"

# Remove the kube objects file just in case
rm -rf /tmp/kube_objects.yaml

Properties

Property Value Description
Resource requests (cpu) 300m Used in .resources.requests of the pod running this step.
Resource requests (memory) 300Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/optional-operators/cvp-common/apply-secrets/optional-operators-cvp-common-apply-secrets-ref.yaml

Owners:

Approvers:

Source code for this page located on GitHub