Azure · SudoBrendan · Jan 18, 2024 · Aug 11, 2023 · Aug 10, 2023 · Aug 11, 2023
@@ -4,8 +4,10 @@ package main
 // Licensed under the Apache License 2.0.
 
 const (
-	DatabaseName        = "DATABASE_NAME"
-	DatabaseAccountName = "DATABASE_ACCOUNT_NAME"
-	KeyVaultPrefix      = "KEYVAULT_PREFIX"
-	DBTokenUrl          = "DBTOKEN_URL"
+	envDatabaseName          = "DATABASE_NAME"
+	envDatabaseAccountName   = "DATABASE_ACCOUNT_NAME"
+	envKeyVaultPrefix        = "KEYVAULT_PREFIX"
+	envDBTokenUrl            = "DBTOKEN_URL"
+	envOpenShiftVersions     = "OPENSHIFT_VERSIONS"
+	envInstallerImageDigests = "INSTALLER_IMAGE_DIGESTS"
 )
@@ -56,11 +56,11 @@ func dbtoken(ctx context.Context, log *logrus.Entry) error {
 
 	go g.Run()
 
-	if err := env.ValidateVars(DatabaseAccountName); err != nil {
+	if err := env.ValidateVars(envDatabaseAccountName); err != nil {
 		return err
 	}
 
-	dbAccountName := os.Getenv(DatabaseAccountName)
+	dbAccountName := os.Getenv(envDatabaseAccountName)
 
 	clientOptions := &policy.ClientOptions{
 		ClientOptions: _env.Environment().ManagedIdentityCredentialOptions().ClientOptions,
@@ -87,10 +87,10 @@ func dbtoken(ctx context.Context, log *logrus.Entry) error {
 		return err
 	}
 
-	if err := env.ValidateVars(KeyVaultPrefix); err != nil {
+	if err := env.ValidateVars(envKeyVaultPrefix); err != nil {
 		return err
 	}
-	keyVaultPrefix := os.Getenv(KeyVaultPrefix)
+	keyVaultPrefix := os.Getenv(envKeyVaultPrefix)
 	dbtokenKeyvaultURI := keyvault.URI(_env, env.DBTokenKeyvaultSuffix, keyVaultPrefix)
 	dbtokenKeyvault := keyvault.NewManager(msiKVAuthorizer, dbtokenKeyvaultURI)
 

@@ -41,10 +41,10 @@ func gateway(ctx context.Context, log *logrus.Entry) error {
 
 	go g.Run()
 
-	if err := env.ValidateVars(DatabaseAccountName); err != nil {
+	if err := env.ValidateVars(envDatabaseAccountName); err != nil {
 		return err
 	}
-	dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, nil, m, nil, os.Getenv(DatabaseAccountName))
+	dbc, err := database.NewDatabaseClient(log.WithField("component", "database"), _env, nil, m, nil, os.Getenv(envDatabaseAccountName))
 	if err != nil {
 		return err
 	}
@@ -136,9 +136,9 @@ func getURL(isLocalDevelopmentMode bool) (string, error) {
 		return "https://localhost:8445", nil
 	}
 
-	if err := env.ValidateVars(DBTokenUrl); err != nil {
+	if err := env.ValidateVars(envDBTokenUrl); err != nil {
 		return "", err
 	}
 
-	return os.Getenv(DBTokenUrl), nil
+	return os.Getenv(envDBTokenUrl), nil
 }
@@ -108,9 +108,9 @@ func DBName(isLocalDevelopmentMode bool) (string, error) {
 		return "ARO", nil
 	}
 
-	if err := env.ValidateVars(DatabaseName); err != nil {
+	if err := env.ValidateVars(envDatabaseName); err != nil {
 		return "", fmt.Errorf("%v (development mode)", err.Error())
 	}
 
-	return os.Getenv(DatabaseName), nil
+	return os.Getenv(envDatabaseName), nil
 }
@@ -70,10 +70,10 @@ func monitor(ctx context.Context, log *logrus.Entry) error {
 		return err
 	}
 
-	if err := env.ValidateVars(KeyVaultPrefix); err != nil {
+	if err := env.ValidateVars(envKeyVaultPrefix); err != nil {
 		return err
 	}
-	keyVaultPrefix := os.Getenv(KeyVaultPrefix)
+	keyVaultPrefix := os.Getenv(envKeyVaultPrefix)
 	// TODO: should not be using the service keyvault here
 	serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix)
 	serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI)
@@ -83,11 +83,11 @@ func monitor(ctx context.Context, log *logrus.Entry) error {
 		return err
 	}
 
-	if err := env.ValidateVars(DatabaseAccountName); err != nil {
+	if err := env.ValidateVars(envDatabaseAccountName); err != nil {
 		return err
 	}
 
-	dbAccountName := os.Getenv(DatabaseAccountName)
+	dbAccountName := os.Getenv(envDatabaseAccountName)
 	clientOptions := &policy.ClientOptions{
 		ClientOptions: _env.Environment().ManagedIdentityCredentialOptions().ClientOptions,
 	}

@@ -80,10 +80,10 @@ func portal(ctx context.Context, log *logrus.Entry, audit *logrus.Entry) error {
 
 	go g.Run()
 
-	if err := env.ValidateVars(KeyVaultPrefix); err != nil {
+	if err := env.ValidateVars(envKeyVaultPrefix); err != nil {
 		return err
 	}
-	keyVaultPrefix := os.Getenv(KeyVaultPrefix)
+	keyVaultPrefix := os.Getenv(envKeyVaultPrefix)
 	// TODO: should not be using the service keyvault here
 	serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix)
 	serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI)
@@ -93,11 +93,11 @@ func portal(ctx context.Context, log *logrus.Entry, audit *logrus.Entry) error {
 		return err
 	}
 
-	if err := env.ValidateVars(DatabaseAccountName); err != nil {
+	if err := env.ValidateVars(envDatabaseAccountName); err != nil {
 		return err
 	}
 
-	dbAccountName := os.Getenv(DatabaseAccountName)
+	dbAccountName := os.Getenv(envDatabaseAccountName)
 	clientOptions := &policy.ClientOptions{
 		ClientOptions: _env.Environment().ManagedIdentityCredentialOptions().ClientOptions,
 	}

@@ -103,11 +103,11 @@ func rp(ctx context.Context, log, audit *logrus.Entry) error {
 		return err
 	}
 
-	if err := env.ValidateVars(DatabaseAccountName); err != nil {
+	if err := env.ValidateVars(envDatabaseAccountName); err != nil {
 		return err
 	}
 
-	dbAccountName := os.Getenv(DatabaseAccountName)
+	dbAccountName := os.Getenv(envDatabaseAccountName)
 	clientOptions := &policy.ClientOptions{
 		ClientOptions: _env.Environment().ManagedIdentityCredentialOptions().ClientOptions,
 	}

@@ -22,8 +22,13 @@ import (
 	"github.com/Azure/ARO-RP/pkg/util/version"
 )
 
-func getInstallerImageDigests(envKey string) (map[string]string, error) {
-	var installerImageDigests map[string]string
+// Corresponds to configuration.openShiftVersions in RP-Config
+type OpenShiftVersions struct {
+	DefaultStream  map[string]string
+	InstallStreams map[string]string
+}
+
+func getEnvironmentData(envKey string, envData any) error {
 	var err error
 
 	jsonData := []byte(os.Getenv(envKey))
@@ -34,57 +39,111 @@ func getInstallerImageDigests(envKey string) (map[string]string, error) {
 	if !env.IsLocalDevelopmentMode() {
 		jsonData, err = base64.StdEncoding.DecodeString(string(jsonData))
 		if err != nil {
-			return nil, fmt.Errorf("%s: Failed to decode base64: %v", envKey, err)
+			return fmt.Errorf("%s: Failed to decode base64: %w", envKey, err)
 		}
 	}
 
-	if err = json.Unmarshal(jsonData, &installerImageDigests); err != nil {
-		return nil, fmt.Errorf("%s: Failed to parse JSON: %v", envKey, err)
+	if err = json.Unmarshal(jsonData, envData); err != nil {
+		return fmt.Errorf("%s: Failed to parse JSON: %w", envKey, err)
 	}
 
-	return installerImageDigests, nil
+	return nil
 }
 
-func getLatestOCPVersions(ctx context.Context, log *logrus.Entry) ([]api.OpenShiftVersion, error) {
-	env, err := env.NewCoreForCI(ctx, log)
-	if err != nil {
+func getOpenShiftVersions() (*OpenShiftVersions, error) {
+	const envKey = envOpenShiftVersions
+	var openShiftVersions OpenShiftVersions
+
+	if err := getEnvironmentData(envKey, &openShiftVersions); err != nil {
 		return nil, err
 	}
-	dstAcr := os.Getenv("DST_ACR_NAME")
-	acrDomainSuffix := "." + env.Environment().ContainerRegistryDNSSuffix
 
-	dstRepo := dstAcr + acrDomainSuffix
-	ocpVersions := []api.OpenShiftVersion{}
+	// The DefaultStream map must have exactly one entry.
+	numDefaultStreams := len(openShiftVersions.DefaultStream)
+	if numDefaultStreams != 1 {
+		return nil, fmt.Errorf("%s: DefaultStream must have exactly 1 entry, found %d", envKey, numDefaultStreams)
+	}
+
+	return &openShiftVersions, nil
+}
 
+func getInstallerImageDigests() (map[string]string, error) {
 	// INSTALLER_IMAGE_DIGESTS is the mapping of a minor version to
 	// the aro-installer wrapper digest.  This allows us to utilize
 	// Azure Safe Deployment Practices (SDP) instead of pushing the
 	// version tag and deploying to all regions at once.
-	installerImageDigests, err := getInstallerImageDigests("INSTALLER_IMAGE_DIGESTS")
-	if err != nil {
+	const envKey = envInstallerImageDigests
+	var installerImageDigests map[string]string
+
+	if err := getEnvironmentData(envKey, &installerImageDigests); err != nil {
 		return nil, err
 	}
 
-	for _, vers := range version.AvailableInstallStreams {
-		installerPullSpec := fmt.Sprintf("%s/aro-installer:%s", dstRepo, vers.Version.MinorVersion())
-		digest, ok := installerImageDigests[vers.Version.MinorVersion()]
+	return installerImageDigests, nil
+}
+
+func appendOpenShiftVersions(ocpVersions []api.OpenShiftVersion, installStreams map[string]string, installerImageName string, installerImageDigests map[string]string, isDefault bool) ([]api.OpenShiftVersion, error) {
+	for fullVersion, openShiftPullspec := range installStreams {
+		openShiftVersion, err := version.ParseVersion(fullVersion)
+		if err != nil {
+			return nil, err
+		}
+		fullVersion = openShiftVersion.String() // trimmed of whitespace
+		minorVersion := openShiftVersion.MinorVersion()
+		installerDigest, ok := installerImageDigests[minorVersion]
 		if !ok {
-			return nil, fmt.Errorf("no digest found for version %s", vers.Version.String())
+			return nil, fmt.Errorf("no installer digest for version %s", minorVersion)
 		}
+		installerPullspec := fmt.Sprintf("%s:%s@%s", installerImageName, minorVersion, installerDigest)
 
 		ocpVersions = append(ocpVersions, api.OpenShiftVersion{
 			Properties: api.OpenShiftVersionProperties{
-				Version:           vers.Version.String(),
-				OpenShiftPullspec: vers.PullSpec,
-				InstallerPullspec: installerPullSpec + "@" + digest,
+				Version:           fullVersion,
+				OpenShiftPullspec: openShiftPullspec,
+				InstallerPullspec: installerPullspec,
 				Enabled:           true,
+				Default:           isDefault,
 			},
 		})
 	}
 
 	return ocpVersions, nil
 }
 
+func getLatestOCPVersions(ctx context.Context, log *logrus.Entry) ([]api.OpenShiftVersion, error) {
+	env, err := env.NewCoreForCI(ctx, log)
+	if err != nil {
+		return nil, err
+	}
+	dstAcr := os.Getenv("DST_ACR_NAME")
+	acrDomainSuffix := "." + env.Environment().ContainerRegistryDNSSuffix
+	installerImageName := dstAcr + acrDomainSuffix + "/aro-installer"
+
+	openShiftVersions, err := getOpenShiftVersions()
+	if err != nil {
+		return nil, err
+	}
+
+	installerImageDigests, err := getInstallerImageDigests()
+	if err != nil {
+		return nil, err
+	}
+
+	ocpVersions := make([]api.OpenShiftVersion, 0, len(openShiftVersions.DefaultStream)+len(openShiftVersions.InstallStreams))
+
+	ocpVersions, err = appendOpenShiftVersions(ocpVersions, openShiftVersions.DefaultStream, installerImageName, installerImageDigests, true)
+	if err != nil {
+		return nil, err
+	}
+
+	ocpVersions, err = appendOpenShiftVersions(ocpVersions, openShiftVersions.InstallStreams, installerImageName, installerImageDigests, false)
+	if err != nil {
+		return nil, err
+	}
+
+	return ocpVersions, nil
+}
+
 func getVersionsDatabase(ctx context.Context, log *logrus.Entry) (database.OpenShiftVersions, error) {
 	_env, err := env.NewCore(ctx, log)
 	if err != nil {
@@ -113,10 +172,10 @@ func getVersionsDatabase(ctx context.Context, log *logrus.Entry) (database.OpenS
 
 	m := statsd.New(ctx, log.WithField("component", "update-ocp-versions"), _env, os.Getenv("MDM_ACCOUNT"), os.Getenv("MDM_NAMESPACE"), os.Getenv("MDM_STATSD_SOCKET"))
 
-	if err := env.ValidateVars(KeyVaultPrefix); err != nil {
+	if err := env.ValidateVars(envKeyVaultPrefix); err != nil {
 		return nil, err
 	}
-	keyVaultPrefix := os.Getenv(KeyVaultPrefix)
+	keyVaultPrefix := os.Getenv(envKeyVaultPrefix)
 	serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix)
 	serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI)
 
@@ -125,11 +184,11 @@ func getVersionsDatabase(ctx context.Context, log *logrus.Entry) (database.OpenS
 		return nil, err
 	}
 
-	if err := env.ValidateVars(DatabaseAccountName); err != nil {
+	if err := env.ValidateVars(envDatabaseAccountName); err != nil {
 		return nil, err
 	}
 
-	dbAccountName := os.Getenv(DatabaseAccountName)
+	dbAccountName := os.Getenv(envDatabaseAccountName)
 	clientOptions := &policy.ClientOptions{
 		ClientOptions: _env.Environment().ManagedIdentityCredentialOptions().ClientOptions,
 	}

@@ -13,7 +13,6 @@ import (
 
 	"github.com/Azure/ARO-RP/pkg/api"
 	"github.com/Azure/ARO-RP/pkg/util/uuid"
-	"github.com/Azure/ARO-RP/pkg/util/version"
 	"github.com/Azure/ARO-RP/test/validate"
 )
 
@@ -51,7 +50,7 @@ func validOpenShiftCluster() *OpenShiftCluster {
 			ClusterProfile: ClusterProfile{
 				PullSecret:      `{"auths":{"registry.connect.redhat.com":{"auth":""},"registry.redhat.io":{"auth":""}}}`,
 				Domain:          "cluster.location.aroapp.io",
-				Version:         version.DefaultInstallStream.Version.String(),
+				Version:         "4.10.0",
 				ResourceGroupID: fmt.Sprintf("/subscriptions/%s/resourceGroups/test-cluster", subscriptionID),
 			},
 			ConsoleProfile: ConsoleProfile{

@@ -13,7 +13,6 @@ import (
 
 	"github.com/Azure/ARO-RP/pkg/api"
 	"github.com/Azure/ARO-RP/pkg/util/uuid"
-	"github.com/Azure/ARO-RP/pkg/util/version"
 	"github.com/Azure/ARO-RP/test/validate"
 )
 
@@ -51,7 +50,7 @@ func validOpenShiftCluster() *OpenShiftCluster {
 			ClusterProfile: ClusterProfile{
 				PullSecret:      `{"auths":{"registry.connect.redhat.com":{"auth":""},"registry.redhat.io":{"auth":""}}}`,
 				Domain:          "cluster.location.aroapp.io",
-				Version:         version.DefaultInstallStream.Version.String(),
+				Version:         "4.10.0",
 				ResourceGroupID: fmt.Sprintf("/subscriptions/%s/resourceGroups/test-cluster", subscriptionID),
 			},
 			ConsoleProfile: ConsoleProfile{

@@ -14,7 +14,6 @@ import (
 
 	"github.com/Azure/ARO-RP/pkg/api"
 	"github.com/Azure/ARO-RP/pkg/util/uuid"
-	"github.com/Azure/ARO-RP/pkg/util/version"
 	"github.com/Azure/ARO-RP/test/validate"
 )
 
@@ -65,7 +64,7 @@ func validOpenShiftCluster() *OpenShiftCluster {
 			ClusterProfile: ClusterProfile{
 				PullSecret:      `{"auths":{"registry.connect.redhat.com":{"auth":""},"registry.redhat.io":{"auth":""}}}`,
 				Domain:          "cluster.location.aroapp.io",
-				Version:         version.DefaultInstallStream.Version.String(),
+				Version:         "4.10.0",
 				ResourceGroupID: fmt.Sprintf("/subscriptions/%s/resourceGroups/test-cluster", subscriptionID),
 			},
 			ConsoleProfile: ConsoleProfile{

@@ -15,7 +15,6 @@ import (
 
 	"github.com/Azure/ARO-RP/pkg/api"
 	"github.com/Azure/ARO-RP/pkg/util/uuid"
-	"github.com/Azure/ARO-RP/pkg/util/version"
 	"github.com/Azure/ARO-RP/test/validate"
 )
 
@@ -71,7 +70,7 @@ func validOpenShiftCluster(name, location string) *OpenShiftCluster {
 			ClusterProfile: ClusterProfile{
 				PullSecret:           `{"auths":{"registry.connect.redhat.com":{"auth":""},"registry.redhat.io":{"auth":""}}}`,
 				Domain:               "cluster.location.aroapp.io",
-				Version:              version.DefaultInstallStream.Version.String(),
+				Version:              "4.10.0",
 				ResourceGroupID:      fmt.Sprintf("/subscriptions/%s/resourceGroups/test-cluster", subscriptionID),
 				FipsValidatedModules: FipsValidatedModulesDisabled,
 			},