switch back to use of trusted CA, add extra test for mirror registry (#…

…1274) Signed-off-by: Joe Lanford <[email protected]>
operator-framework · Sep 16, 2024 · 33f6abf · 33f6abf
1 parent e9584db
commit 33f6abf
Show file tree

Hide file tree

Showing 5 changed files with 115 additions and 87 deletions.
diff --git a/Makefile b/Makefile
@@ -165,9 +165,8 @@ test-unit: $(SETUP_ENVTEST) #HELP Run the unit tests
                 $(UNIT_TEST_DIRS) \
                 -test.gocoverdir=$(ROOT_DIR)/coverage/unit
 
-E2E_REGISTRY_CERT_REF := ClusterIssuer/olmv1-ca # By default, we'll use a trusted CA for the registry.
 image-registry: ## Setup in-cluster image registry
-	./hack/test/image-registry.sh $(E2E_REGISTRY_NAMESPACE) $(E2E_REGISTRY_NAME) $(E2E_REGISTRY_CERT_REF)
+	./hack/test/image-registry.sh $(E2E_REGISTRY_NAMESPACE) $(E2E_REGISTRY_NAME)
 
 build-push-e2e-catalog: ## Build the testdata catalog used for e2e tests and push it to the image registry
 	./hack/test/build-push-e2e-catalog.sh $(E2E_REGISTRY_NAMESPACE) $(LOCAL_REGISTRY_HOST)/$(E2E_TEST_CATALOG_V1)
@@ -182,7 +181,6 @@ build-push-e2e-catalog: ## Build the testdata catalog used for e2e tests and pus
 test-e2e: KIND_CLUSTER_NAME := operator-controller-e2e
 test-e2e: KUSTOMIZE_BUILD_DIR := config/overlays/e2e
 test-e2e: GO_BUILD_FLAGS := -cover
-test-e2e: E2E_REGISTRY_CERT_REF := Issuer/selfsigned-issuer
 test-e2e: run image-registry build-push-e2e-catalog registry-load-bundles e2e e2e-coverage kind-clean #HELP Run e2e test suite on local kind cluster
 
 .PHONY: extension-developer-e2e

diff --git a/config/components/registries-conf/registries_conf_configmap.yaml b/config/components/registries-conf/registries_conf_configmap.yaml
@@ -6,6 +6,5 @@ metadata:
 data:
   registries.conf: |
     [[registry]]
-    prefix = "docker-registry.operator-controller-e2e.svc.cluster.local:5000"
-    insecure = true
+    prefix = "mirrored-registry.operator-controller-e2e.svc.cluster.local:5000"
     location = "docker-registry.operator-controller-e2e.svc.cluster.local:5000"
diff --git a/hack/test/image-registry.sh b/hack/test/image-registry.sh
@@ -16,31 +16,20 @@ Argument Descriptions:
     format of 'Issuer/<issuer-name>' or 'ClusterIssuer/<cluster-issuer-name>'
 "
 
-if [[ "$#" -ne 3 ]]; then
+if [[ "$#" -ne 2 ]]; then
   echo "Illegal number of arguments passed"
   echo "${help}"
   exit 1
 fi
 
 namespace=$1
 name=$2
-certRef=$3
-
-echo "CERT_REF: ${certRef}"
 
 kubectl apply -f - << EOF
 apiVersion: v1
 kind: Namespace
 metadata:
   name: ${namespace}
----
- apiVersion: cert-manager.io/v1
- kind: Issuer
- metadata:
-   name: selfsigned-issuer
-   namespace: ${namespace}
- spec:
-   selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
@@ -57,8 +46,8 @@ spec:
     algorithm: ECDSA
     size: 256
   issuerRef:
-    name: ${certRef#*/}
-    kind: ${certRef%/*}
+    name: olmv1-ca
+    kind: ClusterIssuer
     group: cert-manager.io
 ---
 apiVersion: apps/v1

diff --git a/test/e2e/cluster_extension_install_test.go b/test/e2e/cluster_extension_install_test.go
@@ -218,77 +218,98 @@ func testCleanup(t *testing.T, cat *catalogd.ClusterCatalog, clusterExtension *o
 }
 
 func TestClusterExtensionInstallRegistry(t *testing.T) {
-	t.Log("When a cluster extension is installed from a catalog")
-	t.Log("When the extension bundle format is registry+v1")
-
-	clusterExtension, extensionCatalog, sa := testInit(t)
-	defer testCleanup(t, extensionCatalog, clusterExtension, sa)
-	defer getArtifactsOutput(t)
-
-	clusterExtension.Spec = ocv1alpha1.ClusterExtensionSpec{
-		Source: ocv1alpha1.SourceConfig{
-			SourceType: "Catalog",
-			Catalog: &ocv1alpha1.CatalogSource{
-				PackageName: "prometheus",
-				Selector: metav1.LabelSelector{
-					MatchLabels: map[string]string{"olm.operatorframework.io/metadata.name": extensionCatalog.Name},
-				},
-			},
+	type testCase struct {
+		name        string
+		packageName string
+	}
+	for _, tc := range []testCase{
+		{
+			name:        "no registry configuration necessary",
+			packageName: "prometheus",
 		},
-		Install: ocv1alpha1.ClusterExtensionInstallConfig{
-			Namespace: "default",
-			ServiceAccount: ocv1alpha1.ServiceAccountReference{
-				Name: sa.Name,
-			},
+		{
+			// NOTE: This test requires an extra configuration in /etc/containers/registries.conf, which is mounted
+			// for this e2e via the ./config/components/registries-conf kustomize component as part of the e2e overlay.
+			// The goal here is to prove that "mirrored-registry.operator-controller-e2e.svc.cluster.local:5000" is
+			// mapped to the "real" registry hostname ("docker-registry.operator-controller-e2e.svc.cluster.local:5000").
+			name:        "package requires mirror registry configuration in /etc/containers/registries.conf",
+			packageName: "prometheus-mirrored",
 		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Log("When a cluster extension is installed from a catalog")
+			t.Log("When the extension bundle format is registry+v1")
+
+			clusterExtension, extensionCatalog, sa := testInit(t)
+			defer testCleanup(t, extensionCatalog, clusterExtension, sa)
+			defer getArtifactsOutput(t)
+
+			clusterExtension.Spec = ocv1alpha1.ClusterExtensionSpec{
+				Source: ocv1alpha1.SourceConfig{
+					SourceType: "Catalog",
+					Catalog: &ocv1alpha1.CatalogSource{
+						PackageName: tc.packageName,
+						Selector: metav1.LabelSelector{
+							MatchLabels: map[string]string{"olm.operatorframework.io/metadata.name": extensionCatalog.Name},
+						},
+					},
+				},
+				Install: ocv1alpha1.ClusterExtensionInstallConfig{
+					Namespace: "default",
+					ServiceAccount: ocv1alpha1.ServiceAccountReference{
+						Name: sa.Name,
+					},
+				},
+			}
+			t.Log("It resolves the specified package with correct bundle path")
+			t.Log("By creating the ClusterExtension resource")
+			require.NoError(t, c.Create(context.Background(), clusterExtension))
+
+			t.Log("By eventually reporting a successful resolution and bundle path")
+			require.EventuallyWithT(t, func(ct *assert.CollectT) {
+				assert.NoError(ct, c.Get(context.Background(), types.NamespacedName{Name: clusterExtension.Name}, clusterExtension))
+				cond := apimeta.FindStatusCondition(clusterExtension.Status.Conditions, ocv1alpha1.TypeResolved)
+				if !assert.NotNil(ct, cond) {
+					return
+				}
+				assert.Equal(ct, metav1.ConditionTrue, cond.Status)
+				assert.Equal(ct, ocv1alpha1.ReasonSuccess, cond.Reason)
+				assert.Contains(ct, cond.Message, "resolved to")
+				assert.Equal(ct,
+					&ocv1alpha1.ClusterExtensionResolutionStatus{Bundle: ocv1alpha1.BundleMetadata{
+						Name:    fmt.Sprintf("%s-operator.1.2.0", tc.packageName),
+						Version: "1.2.0",
+					}},
+					clusterExtension.Status.Resolution,
+				)
+			}, pollDuration, pollInterval)
+
+			t.Log("By eventually reporting a successful unpacked")
+			require.EventuallyWithT(t, func(ct *assert.CollectT) {
+				assert.NoError(ct, c.Get(context.Background(), types.NamespacedName{Name: clusterExtension.Name}, clusterExtension))
+				cond := apimeta.FindStatusCondition(clusterExtension.Status.Conditions, ocv1alpha1.TypeUnpacked)
+				if !assert.NotNil(ct, cond) {
+					return
+				}
+				assert.Equal(ct, metav1.ConditionTrue, cond.Status)
+				assert.Equal(ct, ocv1alpha1.ReasonSuccess, cond.Reason)
+				assert.Regexp(ct, "^unpacked .* successfully", cond.Message)
+			}, pollDuration, pollInterval)
+
+			t.Log("By eventually installing the package successfully")
+			require.EventuallyWithT(t, func(ct *assert.CollectT) {
+				assert.NoError(ct, c.Get(context.Background(), types.NamespacedName{Name: clusterExtension.Name}, clusterExtension))
+				cond := apimeta.FindStatusCondition(clusterExtension.Status.Conditions, ocv1alpha1.TypeInstalled)
+				if !assert.NotNil(ct, cond) {
+					return
+				}
+				assert.Equal(ct, metav1.ConditionTrue, cond.Status)
+				assert.Equal(ct, ocv1alpha1.ReasonSuccess, cond.Reason)
+				assert.Contains(ct, cond.Message, "Installed bundle")
+				assert.NotEmpty(ct, clusterExtension.Status.Install.Bundle)
+			}, pollDuration, pollInterval)
+		})
 	}
-	t.Log("It resolves the specified package with correct bundle path")
-	t.Log("By creating the ClusterExtension resource")
-	require.NoError(t, c.Create(context.Background(), clusterExtension))
-
-	t.Log("By eventually reporting a successful resolution and bundle path")
-	require.EventuallyWithT(t, func(ct *assert.CollectT) {
-		assert.NoError(ct, c.Get(context.Background(), types.NamespacedName{Name: clusterExtension.Name}, clusterExtension))
-		cond := apimeta.FindStatusCondition(clusterExtension.Status.Conditions, ocv1alpha1.TypeResolved)
-		if !assert.NotNil(ct, cond) {
-			return
-		}
-		assert.Equal(ct, metav1.ConditionTrue, cond.Status)
-		assert.Equal(ct, ocv1alpha1.ReasonSuccess, cond.Reason)
-		assert.Contains(ct, cond.Message, "resolved to")
-		assert.Equal(ct,
-			&ocv1alpha1.ClusterExtensionResolutionStatus{Bundle: ocv1alpha1.BundleMetadata{
-				Name:    "prometheus-operator.1.2.0",
-				Version: "1.2.0",
-			}},
-			clusterExtension.Status.Resolution,
-		)
-	}, pollDuration, pollInterval)
-
-	t.Log("By eventually reporting a successful unpacked")
-	require.EventuallyWithT(t, func(ct *assert.CollectT) {
-		assert.NoError(ct, c.Get(context.Background(), types.NamespacedName{Name: clusterExtension.Name}, clusterExtension))
-		cond := apimeta.FindStatusCondition(clusterExtension.Status.Conditions, ocv1alpha1.TypeUnpacked)
-		if !assert.NotNil(ct, cond) {
-			return
-		}
-		assert.Equal(ct, metav1.ConditionTrue, cond.Status)
-		assert.Equal(ct, ocv1alpha1.ReasonSuccess, cond.Reason)
-		assert.Regexp(ct, "^unpacked .* successfully", cond.Message)
-	}, pollDuration, pollInterval)
-
-	t.Log("By eventually installing the package successfully")
-	require.EventuallyWithT(t, func(ct *assert.CollectT) {
-		assert.NoError(ct, c.Get(context.Background(), types.NamespacedName{Name: clusterExtension.Name}, clusterExtension))
-		cond := apimeta.FindStatusCondition(clusterExtension.Status.Conditions, ocv1alpha1.TypeInstalled)
-		if !assert.NotNil(ct, cond) {
-			return
-		}
-		assert.Equal(ct, metav1.ConditionTrue, cond.Status)
-		assert.Equal(ct, ocv1alpha1.ReasonSuccess, cond.Reason)
-		assert.Contains(ct, cond.Message, "Installed bundle")
-		assert.NotEmpty(ct, clusterExtension.Status.Install.Bundle)
-	}, pollDuration, pollInterval)
 }
 
 func TestClusterExtensionInstallRegistryMultipleBundles(t *testing.T) {

diff --git a/testdata/catalogs/test-catalog-v1/catalog.yaml b/testdata/catalogs/test-catalog-v1/catalog.yaml
@@ -48,3 +48,24 @@ properties:
     value:
       packageName: prometheus
       version: 1.2.0
+
+---
+schema: olm.package
+name: prometheus-mirrored
+defaultChannel: beta
+---
+schema: olm.channel
+name: beta
+package: prometheus-mirrored
+entries:
+  - name: prometheus-mirrored-operator.1.2.0
+---
+schema: olm.bundle
+name: prometheus-mirrored-operator.1.2.0
+package: prometheus-mirrored
+image: mirrored-registry.operator-controller-e2e.svc.cluster.local:5000/bundles/registry-v1/prometheus-operator:v1.2.0
+properties:
+  - type: olm.package
+    value:
+      packageName: prometheus-mirrored
+      version: 1.2.0