Fix for new CRD and operator name parameterization

Sanity/DAST_test/runtest.sh

@@ -32,6 +32,10 @@
 
 rlJournalStart
     rlPhaseStartSetup
+        if [ -z "${OPERATOR_NAME}" ];
+        then
+            OPERATOR_NAME=tang-operator
+        fi
         rlRun 'rlImport "common-cloud-orchestration/ocpop-lib"' || rlDie "cannot import ocpop lib"
         rlRun ". ../../TestHelpers/functions.sh" || rlDie "cannot import function script"
         TO_DAST_POD_COMPLETED=300 #seconds (DAST lasts around 120 seconds)
@@ -59,20 +63,25 @@ rlJournalStart
 
         # 3 - download configuration file template
         # WARNING: if tang-operator is changed to OpenShift organization, change this
-        rlRun "curl -o tang_operator.yaml https://raw.githubusercontent.com/latchset/tang-operator/main/tools/scan_tools/tang_operator_template.yaml"
+        if [ -z "${KONFLUX}" ];
+        then
+            rlRun "curl -o tang_operator.yaml https://raw.githubusercontent.com/latchset/tang-operator/main/tools/scan_tools/tang_operator_template.yaml"
+        else
+            rlRun "curl -o tang_operator.yaml https://raw.githubusercontent.com/openshift/nbde-tang-server/main/tools/scan_tools/tang_operator_template.yaml"
+        fi
 
         # 4 - adapt configuration file template (token, machine)
         if [ "${EXECUTION_MODE}" == "MINIKUBE" ];
         then
             API_HOST_PORT=$(minikube ip)
             DEFAULT_TOKEN="TEST_TOKEN_UNREQUIRED_IN_MINIKUBE"
         else
-            API_HOST_PORT=$("${OC_CLIENT}" whoami --show-server | tr -d  ' ')
+            API_HOST_PORT=$("${OC_CLIENT}" whoami --show-server | tr -d  ' ' | sed -e s@https://@@g)
             DEFAULT_TOKEN=$("${OC_CLIENT}" get secret -n "${OPERATOR_NAMESPACE}" "$("${OC_CLIENT}" get secret -n "${OPERATOR_NAMESPACE}"\
-                            | grep ^tang-operator | grep service-account | awk '{print $1}')" -o json | jq -Mr '.data.token' | base64 -d)
+                            | grep ^${OPERATOR_NAME} | grep service-account | awk '{print $1}')" -o json | jq -Mr '.data.token' | base64 -d)
 	    test -z "${DEFAULT_TOKEN}" &&\
 		DEFAULT_TOKEN=$("${OC_CLIENT}" get secret -n  "${OPERATOR_NAMESPACE}" $("${OC_CLIENT}" get secret -n "${OPERATOR_NAMESPACE}"\
-		            | grep ^tang-operator | awk '{print $1}') -o json | jq -M '.data | .[]' | tr -d '"')
+		            | grep ^${OPERATOR_NAME} | awk '{print $1}') -o json | jq -M '.data | .[]' | tr -d '"')
             echo "API_HOST_PORT=${API_HOST_PORT}"
             echo "DEFAULT_TOKEN=${DEFAULT_TOKEN}"
         fi
@@ -88,9 +97,10 @@ rlJournalStart
         pushd rapidast || exit
         sed -i s@"kubectl --kubeconfig=./kubeconfig "@"${OC_CLIENT} "@g helm/results.sh
         sed -i s@"secContext: '{}'"@"secContext: '{\"privileged\": true}'"@ helm/chart/values.yaml
-        sed -i s@'tag: "latest"'@'tag: "2.6.0"'@g helm/chart/values.yaml
+        sed -i s@'tag: "latest"'@'tag: "2.8.0"'@g helm/chart/values.yaml
 
         # 6 - run rapidast on adapted configuration file (via helm)
+        helm uninstall rapidast
         rlRun -c "helm install rapidast ./helm/chart/ --set-file rapidastConfig=${tmpdir}/tang_operator.yaml 2>/dev/null" 0 "Installing rapidast helm chart"
         pod_name=$(ocpopGetPodNameWithPartialName "rapidast" "default" 5 1)
         rlRun "ocpopCheckPodState Completed ${TO_DAST_POD_COMPLETED} default ${pod_name}" 0 "Checking POD ${pod_name} in Completed state [Timeout=${TO_DAST_POD_COMPLETED} secs.]"

Sanity/key_management_test/runtest.sh

@@ -36,7 +36,10 @@ rlJournalStart
         rlRun ". ../../TestHelpers/functions.sh" || rlDie "cannot import function script"
         TO_ACTIVE_KEYS=60 #seconds
         TO_HIDDEN_KEYS=60 #seconds
-
+        if [ -z "${OPERATOR_NAME}" ];
+        then
+            OPERATOR_NAME=tang-operator
+        fi
         rlRun "${OC_CLIENT} apply -f ${TANG_FUNCTION_DIR}/reg_test/key_management_test/minimal-keyretrieve/daemons_v1alpha1_pv.yaml" 0 "Creating key management test pv"
         rlRun "${OC_CLIENT} apply -f ${TANG_FUNCTION_DIR}/reg_test/key_management_test/minimal-keyretrieve/daemons_v1alpha1_tangserver.yaml" 0 "Creating key management test tangserver"
         rlRun "ocpopCheckPodAmount 1 ${TO_POD_START} ${TEST_NAMESPACE}" 0 "Checking 1 POD is started [Timeout=${TO_POD_START} secs.]"
@@ -75,6 +78,7 @@ rlJournalStart
         rlRun "${OC_CLIENT} apply -f ${TANG_FUNCTION_DIR}/reg_test/key_management_test/multiple-keyretrieve/daemons_v1alpha1_pv.yaml" 0 "Creating multiple key management test pv"
         rlRun "${OC_CLIENT} apply -f ${TANG_FUNCTION_DIR}/reg_test/key_management_test/multiple-keyretrieve/daemons_v1alpha1_tangserver.yaml" 0 "Creating multiple key management test tangserver"
         sed "s/{{OPERATOR_NAMESPACE}}/${OPERATOR_NAMESPACE}/g" < "${TANG_FUNCTION_DIR}/reg_test/key_management_test/multiple-keyretrieve/daemons_v1alpha1_clusterrolebinding.yaml" | ${OC_CLIENT} apply -f -
+        sed "s/{{OPERATOR_NAME}}/${OPERATOR_NAME}/g" < $TANG_FUNCTION_DIR/reg_test/key_management_test/multiple-keyretrieve/daemons_v1alpha1_clusterrolebinding.yaml | ${OC_CLIENT} apply -f -
         rlRun "ocpopCheckPodAmount 3 ${TO_POD_START} ${TEST_NAMESPACE}" 0 "Checking 3 PODs are started [Timeout=${TO_POD_START} secs.]"
         pod1_name=$(ocpopGetPodNameWithPartialName "tang" "${TEST_NAMESPACE}" 5 1)
         pod2_name=$(ocpopGetPodNameWithPartialName "tang" "${TEST_NAMESPACE}" 5 2)
@@ -88,6 +92,7 @@ rlJournalStart
         rlRun "${OC_CLIENT} delete -f ${TANG_FUNCTION_DIR}/reg_test/key_management_test/multiple-keyretrieve/daemons_v1alpha1_tangserver.yaml" 0 "Deleting key management test tangserver"
         rlRun "${OC_CLIENT} delete -f ${TANG_FUNCTION_DIR}/reg_test/key_management_test/multiple-keyretrieve/daemons_v1alpha1_pv.yaml" 0 "Deleting key management test pv"
         sed "s/{{OPERATOR_NAMESPACE}}/${OPERATOR_NAMESPACE}/g" < "${TANG_FUNCTION_DIR}/reg_test/key_management_test/multiple-keyretrieve/daemons_v1alpha1_clusterrolebinding.yaml" | ${OC_CLIENT} delete -f -
+        sed "s/{{OPERATOR_NAME}}/${OPERATOR_NAME}/g" < $TANG_FUNCTION_DIR/reg_test/key_management_test/multiple-keyretrieve/daemons_v1alpha1_clusterrolebinding.yaml | ${OC_CLIENT} delete -f -
         rlRun "ocpopCheckPodAmount 0 ${TO_POD_STOP} ${TEST_NAMESPACE}" 0 "Checking no PODs continue running [Timeout=${TO_POD_STOP} secs.]"
         rlRun "ocpopCheckServiceAmount 0 ${TO_SERVICE_STOP} ${TEST_NAMESPACE}" 0 "Checking no Services continue running [Timeout=${TO_SERVICE_STOP} secs.]"
     rlPhaseEnd

Sanity/malware_detection_test/runtest.sh

@@ -33,6 +33,10 @@ rlJournalStart
     ############# MALWARE DETECTION TESTS ############
     ### Only execute if podman and clamscan commands exist ...
         rlPhaseStartTest "Malware Detection Testing"
+            if [ -z "${OPERATOR_NAME}" ];
+            then
+                OPERATOR_NAME=tang-operator
+            fi
             rlRun 'rlImport "common-cloud-orchestration/ocpop-lib"' || rlDie "cannot import ocpop lib"
             rlRun ". ../../TestHelpers/functions.sh" || rlDie "cannot import function script"
             installed_version=$(ocpopGetVersion)
@@ -42,7 +46,7 @@ rlJournalStart
             ### Bundle Image
             analyzeVersion "${installed_version}"
             ### Container Image
-            controller_name=$(ocpopGetPodNameWithPartialName "tang-operator-controller" "${OPERATOR_NAMESPACE}" 1)
+            controller_name=$(ocpopGetPodNameWithPartialName "${OPERATOR_NAME}-controller" "${OPERATOR_NAMESPACE}" 1)
             rlAssertNotEquals "Checking controller_name is not empty" "${controller_name}" ""
             container_image=$("${OC_CLIENT}" -n "${OPERATOR_NAMESPACE}" describe pod "${controller_name}" | grep tang | tr -d ' ' | grep "^Image:" | awk -F "Image:" '{print $2}' | tail -1)
             if [[ $container_image == *"registry.redhat.io"* ]];then

Setup/clean_cluster/runtest.sh

@@ -31,18 +31,22 @@
 
 rlJournalStart
     rlPhaseStartCleanup
+        if [ -z "${OPERATOR_NAME}" ];
+        then
+            OPERATOR_NAME=tang-operator
+        fi
         rlRun 'rlImport "common-cloud-orchestration/ocpop-lib"' || rlDie "cannot import ocpop lib"
         rlRun ". ../../TestHelpers/functions.sh" || rlDie "cannot import function script"
         TO_POD_CONTROLLER_TERMINATE=180 #seconds (for controller to end must wait longer)
 
         rlRun "ocpopCheckClusterStatus" 0 "Checking cluster status"
-        controller_name=$(ocpopGetPodNameWithPartialName "tang-operator-controller" "${OPERATOR_NAMESPACE}" 1)
+        controller_name=$(ocpopGetPodNameWithPartialName "${OPERATOR_NAME}-controller" "${OPERATOR_NAMESPACE}" 1)
         ocpopLogVerbose "Controller name:[${controller_name}]"
         if [ -n "${DOWNSTREAM_IMAGE_VERSION}" ] && [ "${DISABLE_BUNDLE_INSTALL_TESTS}" != "1" ];
         then
             rlRun "uninstallDownstreamVersion" 0 "Uninstalling downstream version"
         fi
-        rlRun "bundleStop" 0 "Cleaning installed tang-operator"
+        rlRun "ocpopBundleStop" 0 "Cleaning installed operator"
         if [ "${DISABLE_BUNDLE_INSTALL_TESTS}" != "1" ] && [ "${DISABLE_BUNDLE_UNINSTALL_TESTS}" != "1" ];
         then
           test -z "${controller_name}" ||

Setup/creating_test_namespace/runtest.sh

@@ -30,19 +30,25 @@
 . /usr/share/beakerlib/beakerlib.sh || exit 1
 
 TIMEOUT_CONTROLLER_KEEPS_RUNNING=10
+if [ -z "${OPERATOR_NAME}" ];
+then
+    export OPERATOR_NAME=tang-operator
+fi
 
 rlJournalStart
     rlPhaseStartSetup
+        rlLog "OPERATOR_NAME=${OPERATOR_NAME}"
         rlRun 'rlImport "common-cloud-orchestration/ocpop-lib"' || rlDie "cannot import ocpop lib"
         rlRun ". ../../TestHelpers/functions.sh" || rlDie "cannot import function script"
         ocpopDumpDate
         ocpopDumpInfo
+        checkKonflux
         rlRun "ocpopDumpOpenShiftClientStatus" 0 "Checking OpenshiftClient installation"
         rlRun "operator-sdk version > /dev/null" 0 "Checking operator-sdk installation"
         rlRun "ocpopCheckClusterStatus" 0 "Checking cluster status"
         # In case previous execution was abruptelly stopped:
-        rlRun "bundleInitialStop" 0 "Cleaning already installed tang-operator (if any)"
-        rlRun "bundleStart" 0 "Installing tang-operator-bundle version:${VERSION}"
+        rlRun "ocpopBundleInitialStop" 0 "Cleaning already installed operator (if any)"
+        rlRun "bundleStart" 0 "Installing ${OPERATOR_NAME}-bundle version:${VERSION}"
         rlRun "${OC_CLIENT} apply -f ${TEST_NAMESPACE_FILE}" 0 "Creating test namespace:${TEST_NAMESPACE}"
         rlRun "${OC_CLIENT} get namespace ${TEST_NAMESPACE}" 0 "Checking test namespace:${TEST_NAMESPACE}"
         #go through all the files and set substition for TANG_IMAGE keyword
@@ -53,7 +59,8 @@ rlJournalStart
 
     rlPhaseStartTest "Controller runs appropriately"
         ########## CHECK CONTROLLER RUNS WITH NO ERRORS #########
-        controller_name=$(ocpopGetPodNameWithPartialName "tang-operator-controller" "${OPERATOR_NAMESPACE}" "${TO_POD_START}")
+        rlLog "OPERATOR_NAME=${OPERATOR_NAME}"
+        controller_name=$(ocpopGetPodNameWithPartialName "${OPERATOR_NAME}-controller" "${OPERATOR_NAMESPACE}" "${TO_POD_START}")
         rlRun "ocpopCheckPodState Running ${TO_POD_START} ${OPERATOR_NAMESPACE} ${controller_name} Error" 0 \
               "Checking controller POD in Running [Timeout=${TO_POD_START} secs.] and not in Error state"
         rlRun "ocpopCheckPodStateAndContinues Running ${TIMEOUT_CONTROLLER_KEEPS_RUNNING} ${OPERATOR_NAMESPACE} ${controller_name}" 0 \

TestHelpers/functions.sh

@@ -27,7 +27,6 @@
 ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
 ### Global Test Variables
-TANG_FUNCTION_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 TO_BUNDLE="15m"
 TANG_FUNCTION_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 TEST_NAMESPACE_PATH="${TANG_FUNCTION_DIR}/reg_test/all_test_namespace"
@@ -52,9 +51,13 @@ TO_ALL_POD_CONTROLLER_TERMINATE=120 #seconds
 TO_KEY_ROTATION=1 #seconds
 [ -n "$TANG_IMAGE" ] || TANG_IMAGE="registry.redhat.io/rhel9/tang"
 
+if [ -z "${OPERATOR_NAME}" ];
+then
+    OPERATOR_NAME=tang-operator
+fi
 test -z "${DISABLE_BUNDLE_INSTALL_TESTS}" && DISABLE_BUNDLE_INSTALL_TESTS="0"
 test -z "${DISABLE_BUNDLE_UNINSTALL_TESTS}" && DISABLE_BUNDLE_UNINSTALL_TESTS="0"
-test -z "${IMAGE_VERSION}" && IMAGE_VERSION="quay.io/sec-eng-special/tang-operator-bundle:${VERSION}"
+test -z "${IMAGE_VERSION}" && IMAGE_VERSION="quay.io/sec-eng-special/${OPERATOR_NAME}-bundle:${VERSION}"
 test -z "${CONTAINER_MGR}" && CONTAINER_MGR="podman"
 
 checkActiveKeysAmount() {
@@ -290,8 +293,12 @@ analyzeVersion() {
 }
 
 useUpstreamImages(){
-    for yaml_file in `find ${TANG_FUNCTION_DIR}/reg_test \( -iname "*.yaml" -o -iname "*.sh" \) -type f -print`
+    for yaml_file in `find ${TANG_FUNCTION_DIR}/reg_test* \( -iname "*.yaml" -o -iname "*.sh" \) -type f -print`
     do
         sed -i "s~\"registry.redhat.io/rhel9/tang\"~\"${TANG_IMAGE}\"~g" $yaml_file
     done
 }
+
+checkKonflux() {
+    pushd ${TANG_FUNCTION_DIR}; rm -v reg_test; test -z "${KONFLUX}" && ln -s reg_test_ori reg_test || ln -s reg_test_openshift_konflux reg_test; popd
+}

TestHelpers/reg_test

@@ -0,0 +1 @@
+./reg_test_ori/

TestHelpers/reg_test_openshift_konflux/conf_test/main/daemons_v1alpha1_tangserver.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-main
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  # Add fields here
+  replicas: 3
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  persistentVolumeClaim: "tangserver-pvc-main"
+  serviceListenPort: 9999

TestHelpers/reg_test_openshift_konflux/conf_test/minimal/daemons_v1alpha1_tangserver.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  replicas: 1

TestHelpers/reg_test_openshift_konflux/conf_test/multi_deployment/daemons_v1alpha1_tangserver.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-multi1
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  replicas: 2
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  persistentVolumeClaim: "tangserver-pvc-multi1"
+  serviceListenPort: 9998
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-multi2
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  replicas: 3
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  persistentVolumeClaim: "tangserver-pvc-multi2"
+  serviceListenPort: 9999

TestHelpers/reg_test_openshift_konflux/func_test/key_rotation/daemons_v1alpha1_tangserver.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-key-rotation
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  # Add fields here
+  replicas: 1
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"

TestHelpers/reg_test_openshift_konflux/func_test/multiple_deployment_test/daemons_v1alpha1_tangserver.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-functional1
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  replicas: 1
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  persistentVolumeClaim: "tangserver-pvc-functional1"
+  serviceListenPort: 3333
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-functional2
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  replicas: 1
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  persistentVolumeClaim: "tangserver-pvc-functional2"
+  serviceListenPort: 4444

TestHelpers/reg_test_openshift_konflux/func_test/none_cluster_ip/daemons_v1alpha1_tangserver.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-none-cluster-ip
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  replicas: 1
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  clusterIP: "None"
+  serviceType: "ClusterIP"

TestHelpers/reg_test_openshift_konflux/func_test/unique_deployment_test/daemons_v1alpha1_tangserver.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-functional
+  namespace: nbde
+  finalizers:
+    - finalizer.nbde.tangserver.openshift.io
+spec:
+  # Add fields here
+  replicas: 1
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  persistentVolumeClaim: "tangserver-pvc-main"
+  serviceListenPort: 2222

TestHelpers/reg_test_openshift_konflux/key_management_test/api_key_rotate.sh

@@ -0,0 +1,54 @@
+#!/bin/bash -e
+
+namespace=""
+
+usage() {
+  echo
+  echo "Usage:"
+  echo
+  echo "$1 -n namespace -c openshift_client"
+  echo
+  exit "$2"
+}
+
+while getopts "n:c:hv" arg
+do
+case "${arg}" in
+  n) namespace=${OPTARG}
+  ;;
+  c) oc_client=${OPTARG}
+  ;;
+  h) usage "$0" 0
+  ;;
+  v) set -x
+  ;;
+  *) usage "$0" 1
+  ;;
+esac
+done
+
+test -z "${namespace}" && namespace="default"
+test -z "${oc_client}" && oc_client="oc"
+
+sha1_1=$("${oc_client}" -n nbde get tangservers.nbde.openshift.io  -o json | jq '.items[0].status.activeKeys[0].sha1')
+replicas=$("${oc_client}" -n nbde get tangservers.nbde.openshift.io  -o json | jq '.items[0].spec.replicas')
+
+ftemp=$(mktemp)
+cat<<EOF>"${ftemp}"
+apiVersion: nbde.openshift.io/v1alpha1
+kind: TangServer
+metadata:
+  name: tangserver-mini
+  namespace: nbde
+  finalizers:
+  - finalizer.daemons.tangserver.redhat.com
+spec:
+  replicas: ${replicas}
+  image: "registry.redhat.io/rhel9/tang"
+  version: "latest"
+  hiddenKeys:
+  - sha1: ${sha1_1}
+EOF
+
+"${oc_client}" apply -f "${ftemp}" -n "${namespace}"
+rm "${ftemp}"