Azure · bitoku · Sep 24, 2024 · Sep 24, 2024 · Sep 25, 2024 · Sep 30, 2024
@@ -7,144 +7,39 @@ resources:
       source: \Public Cloud ARO pipelines\CI\CI
       trigger: true
   containers:
-    - container: container
-      image: registry.access.redhat.com/ubi8/toolbox:8.8
-      options: --user=0 --privileged -v /dev/shm:/dev/shm --device /dev/net/tun --name vpn
+    - container: golang
+      image: mcr.microsoft.com/onebranch/cbl-mariner/build:2.0
+      options: --user=0
 
 # Azure DevOps Pipeline running e2e tests
 variables:
   - template: vars.yml
 
 # Run the test suite and collect must-gather
 jobs:
-  - job: E2E
-    timeoutInMinutes: 180
-    variables:
-      ARO_PODMAN_SOCKET: "tcp://localhost:8888"
-      ARO_SELENIUM_HOSTNAME: "localhost"
+  - job:
+    timeoutInMinutes: 30
     pool:
       name: 1es-aro-ci-pool
     steps:
       - template: ./templates/template-checkout.yml
 
-      - script: |
-          set -xe
-          sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
-          sudo dnf install -y openvpn make podman jq conmon containers-common crun iptables netavark nftables slirp4netns
-        displayName: Setup (Container)
-        target: container
-
       - template: ./templates/template-az-cli-login.yml
         parameters:
           azureDevOpsJSONSPN: $(aro-v4-e2e-devops-spn)
-      - template: ./templates/template-push-images-to-acr.yml
-        parameters:
-          rpImageACR: $(RP_IMAGE_ACR)
-          acrCredentialsJSON: $(acr-credentials)
-      - script: |
-          make extract-aro-docker
-        displayName: Extract ARO binaries from build
 
       - script: |
           az account set -s $AZURE_SUBSCRIPTION_ID
           SECRET_SA_ACCOUNT_NAME=$(SECRET_SA_ACCOUNT_NAME) make secrets
-          . secrets/env
-
-          export CI=true
-          . ./hack/e2e/run-rp-and-e2e.sh
-          deploy_e2e_db
         displayName: Setup (Azure)
 
       - script: |
-          export CI=true
+          set -e
           . secrets/env
-          . ./hack/e2e/run-rp-and-e2e.sh
-
-          run_vpn
-
-          run_podman
-          validate_podman_running
-
-          run_portal
-          validate_portal_running
-
-          run_selenium
-          validate_selenium_running
-
-          run_rp
-          validate_rp_running
-
-          register_sub
-
-          make test-e2e -o e2e.test
-        displayName: Execute Tests
-        target: container
-
-      - script: |
-          export CI=true
-          . ./hack/e2e/run-rp-and-e2e.sh
-          set -x
-
-          # retrieve the kubeconfig
-          hack/get-admin-kubeconfig.sh /subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/$CLUSTER/providers/Microsoft.RedHatOpenShift/openShiftClusters/$CLUSTER >admin.kubeconfig
-        displayName: Get admin kubeconfig for must-gather
-        condition: failed()
-      # must-gather collection must be run inside the container so it can access the VPN
-      - script: |
-          export CI=true
-          . ./hack/e2e/run-rp-and-e2e.sh
-
-          export KUBECONFIG=admin.kubeconfig
-
           # retrieve the oc cli
           wget -nv https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/$(OpenShiftCLIVersion)/openshift-client-linux-$(OpenShiftCLIVersion).tar.gz
           tar xf openshift-client-linux-$(OpenShiftCLIVersion).tar.gz
-          ./oc adm must-gather --image quay.io/cmarches/aro-must-gather:20231030.00
-          tar cf must-gather.tar.gz must-gather.local.*
-        displayName: Collect must-gather
-        target: container
-        condition: failed()
-      - publish: must-gather.tar.gz
-        artifact: must-gather
-        displayName: Append must-gather to Pipeline
-        condition: failed()
-
-      - script: |
-          export CI=true
-          . ./hack/e2e/run-rp-and-e2e.sh
-
-          delete_e2e_cluster
-          kill_rp
-          kill_selenium
-          kill_podman
-          kill_vpn
-        displayName: Cleanup
-        condition: always()
-        target: container
-      - script: |
-          export CI=true
-          . ./hack/e2e/run-rp-and-e2e.sh
-          clean_e2e_db
-        displayName: Cleanup (Azure)
-        condition: always()
-      - template: ./templates/template-az-cli-logout.yml
-
-      - task: PublishTestResults@2
-        displayName: 📊 Publish tests results
-        inputs:
-          testResultsFiles: $(System.DefaultWorkingDirectory)/**/e2e-report.xml
-        condition: succeededOrFailed()
-
-      - task: CopyFiles@2
-        condition: succeededOrFailed()
-        inputs:
-          contents: |
-            $(Build.SourcesDirectory)/*.png
-            $(Build.SourcesDirectory)/*.html
-          targetFolder: $(Build.ArtifactStagingDirectory)
 
-      - task: PublishBuildArtifacts@1
-        condition: succeededOrFailed()
-        inputs:
-          pathToPublish: $(Build.ArtifactStagingDirectory)
-          artifactName: Screenshots
+          OCP_VERSION=4.14.37 OC=./oc make validate-roledef
+        displayName: Run check
+        target: golang
@@ -0,0 +1,39 @@
+trigger: none
+pr: none
+
+resources:
+  pipelines:
+    - pipeline: role-definition
+      source: \Public Cloud ARO pipelines\CI\CI
+      trigger: true
+  containers:
+    - container: container
+      image: registry.access.redhat.com/ubi8/toolbox:8.8
+      options: --user=0 --privileged -v /dev/shm:/dev/shm --device /dev/net/tun --name vpn
+
+# Azure DevOps Pipeline running e2e tests
+variables:
+  - template: vars.yml
+
+# Run the test suite and collect must-gather
+jobs:
+  - job:
+    timeoutInMinutes: 30
+    pool:
+      name: 1es-aro-ci-pool
+    steps:
+      - template: ./templates/template-checkout.yml
+
+      - template: ./templates/template-az-cli-login.yml
+        parameters:
+          azureDevOpsJSONSPN: $(aro-v4-e2e-devops-spn)
+
+      - script: |
+          set -e
+          # retrieve the oc cli
+          wget -nv https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/$(OpenShiftCLIVersion)/openshift-client-linux-$(OpenShiftCLIVersion).tar.gz
+          tar xf openshift-client-linux-$(OpenShiftCLIVersion).tar.gz
+
+          OCP_VERSION=4.14.37 OC=./oc make validate-roledef
+        displayName: Run check
+        target: container
@@ -5,6 +5,7 @@ ARO_IMAGE_BASE = ${RP_IMAGE_ACR}.azurecr.io/aro
 E2E_FLAGS ?= -test.v --ginkgo.v --ginkgo.timeout 180m --ginkgo.flake-attempts=2 --ginkgo.junit-report=e2e-report.xml
 E2E_LABEL ?= !smoke
 GO_FLAGS ?= -tags=containers_image_openpgp,exclude_graphdriver_btrfs,exclude_graphdriver_devicemapper
+OC ?= oc
 
 export GOFLAGS=$(GO_FLAGS)
 
@@ -539,3 +540,7 @@ run-rp: ci-rp podman-secrets
 		--secret proxy-client.crt,target=/app/secrets/proxy-client.crt \
 		--secret proxy.crt,target=/app/secrets/proxy.crt \
 		$(LOCAL_ARO_RP_IMAGE):$(VERSION) rp
+
+.PHONY: validate-roledef
+validate-roledef:
+	go run ./hack/role -verified-version $(OCP_VERSION) -oc-bin=$(OC)
@@ -37,6 +37,7 @@ require (
 	github.com/go-test/deep v1.1.0
 	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/golang/mock v1.6.0
 	github.com/google/gnostic v0.5.7-v3refs
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.6.0
@@ -59,9 +60,9 @@ require (
 	github.com/opencontainers/runtime-spec v1.2.0
 	github.com/openshift/api v0.0.0-20240103200955-7ca3a4634e46
 	github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c
-	github.com/openshift/cloud-credential-operator v0.0.0-00010101000000-000000000000
+	github.com/openshift/cloud-credential-operator v0.0.0-20240910012137-a0245d57d1e6
 	github.com/openshift/hive/apis v0.0.0-20240812130639-bdf9d08a060a
-	github.com/openshift/library-go v0.0.0-20220525173854-9b950a41acdc
+	github.com/openshift/library-go v0.0.0-20230620084201-504ca4bd5a83
 	github.com/openshift/machine-config-operator v0.0.1-0.20230519222939-1abc13efbb0d
 	github.com/pires/go-proxyproto v0.6.2
 	github.com/pkg/errors v0.9.1
@@ -78,20 +79,20 @@ require (
 	go.uber.org/mock v0.4.0
 	golang.org/x/crypto v0.26.0
 	golang.org/x/net v0.28.0
-	golang.org/x/oauth2 v0.18.0
+	golang.org/x/oauth2 v0.21.0
 	golang.org/x/sync v0.8.0
 	golang.org/x/text v0.17.0
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
 	gopkg.in/go-jose/go-jose.v2 v2.6.3
 	k8s.io/api v0.30.3
-	k8s.io/apiextensions-apiserver v0.25.0
+	k8s.io/apiextensions-apiserver v0.27.2
 	k8s.io/apimachinery v0.30.3
 	k8s.io/cli-runtime v0.25.16
-	k8s.io/client-go v0.26.2
+	k8s.io/client-go v0.27.3
 	k8s.io/kubectl v0.24.17
 	k8s.io/kubernetes v1.28.4
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
-	sigs.k8s.io/controller-runtime v0.13.1
+	sigs.k8s.io/controller-runtime v0.15.0
 	sigs.k8s.io/yaml v1.4.0
 )
 
@@ -115,7 +116,7 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
 	github.com/cilium/ebpf v0.11.0 // indirect
@@ -170,7 +171,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/cel-go v0.12.6 // indirect
 	github.com/google/go-containerregistry v0.19.0 // indirect
@@ -255,32 +256,31 @@ require (
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
-	go.opentelemetry.io/otel v1.22.0 // indirect
-	go.opentelemetry.io/otel/metric v1.22.0 // indirect
-	go.opentelemetry.io/otel/trace v1.22.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sys v0.23.0 // indirect
 	golang.org/x/term v0.23.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
-	google.golang.org/grpc v1.61.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect
+	google.golang.org/grpc v1.65.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiserver v0.26.2 // indirect
-	k8s.io/component-base v0.26.2 // indirect
+	k8s.io/component-base v0.27.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-aggregator v0.24.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
+	k8s.io/kube-aggregator v0.27.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
@@ -1595,7 +1595,6 @@ replace (
 	github.com/googleapis/gnostic => github.com/google/gnostic v0.5.5
 	github.com/openshift/api => github.com/openshift/api v0.0.0-20240103200955-7ca3a4634e46
 	github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c
-	github.com/openshift/cloud-credential-operator => github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e
 	github.com/openshift/hive/apis => github.com/openshift/hive/apis v0.0.0-20231116161336-9dd47f8bfa1f
 	github.com/openshift/library-go => github.com/openshift/library-go v0.0.0-20230222114049-eac44a078a6e
 	github.com/openshift/machine-config-operator => github.com/openshift/machine-config-operator v0.0.1-0.20220319215057-e6ba00b88555