From 37b0b2af7359f8ea40659a7679c11ff7ffdb27c9 Mon Sep 17 00:00:00 2001 From: Triona Doyle Date: Thu, 5 Mar 2026 12:32:42 +0000 Subject: [PATCH 1/2] Rerun failed e2e tests from pipeline log Signed-off-by: Triona Doyle --- rerun-operator-e2e-failures.sh | 168 ++++++++++++++++++ .../parallel/1-031_validate_toolchain_test.go | 2 +- 2 files changed, 169 insertions(+), 1 deletion(-) create mode 100755 rerun-operator-e2e-failures.sh diff --git a/rerun-operator-e2e-failures.sh b/rerun-operator-e2e-failures.sh new file mode 100755 index 00000000000..be9c69c4083 --- /dev/null +++ b/rerun-operator-e2e-failures.sh @@ -0,0 +1,168 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi + +LOG_FILE=$1 +if [ ! -f "$LOG_FILE" ]; then + echo "File not found: $LOG_FILE" + exit 1 +fi + +CLEAN_LOG=$(mktemp) +RERUN_LOG=$(mktemp) +CLEAN_RERUN=$(mktemp) +trap 'rm -f "$CLEAN_LOG" "$RERUN_LOG" "$CLEAN_RERUN"' EXIT + +if ! command -v go &> /dev/null; then + echo "Go is required." + exit 1 +fi + +go mod tidy >/dev/null 2>&1 +go mod download >/dev/null 2>&1 +go mod vendor >/dev/null 2>&1 + +# Strip colors for processing +sed 's/\x1b\[[0-9;]*m//g' "$LOG_FILE" > "$CLEAN_LOG" + +PARSE_AWK=' +/\[FAIL\]/ { + s="[Unknown]" + if ($0 ~ /Sequential/) s="[Sequential]" + if ($0 ~ /Parallel/) s="[Parallel]" + match($0, /[0-9]-[0-9]{3}[-_][a-zA-Z0-9_-]+/); + if (RLENGTH > 0) { + val = substr($0, RSTART, RLENGTH); + sub(/_test$/, "", val); + print s " " val; + } +}' + +FAILURES=$(awk "$PARSE_AWK" "$CLEAN_LOG" | sort | uniq) +SUITE_FAILED=$(grep -c "A BeforeSuite node failed" "$CLEAN_LOG" || true) + +if [ -z "$FAILURES" ] && [ "$SUITE_FAILED" -eq 0 ]; then + echo "No test failures found." + exit 0 +fi + +echo "Tests to rerun:" +[ -n "$FAILURES" ] && echo "$FAILURES" | sed 's/^/ /' +echo "" + +GINKGO="./bin/ginkgo" +[ ! -x "$GINKGO" ] && GINKGO="ginkgo" + +export OPERATOR_NAMESPACE="${OPERATOR_NAMESPACE:-openshift-gitops-operator}" +SEQ_DIR="./test/openshift/e2e/ginkgo/sequential" +PAR_DIR="./test/openshift/e2e/ginkgo/parallel" + +echo "⏳ Executing reruns in strict isolation..." +echo "----------------------------------------------------------------" + +> "$RERUN_LOG" + +if [ -n "$FAILURES" ]; then + echo "$FAILURES" | while read -r line; do + SUITE_TYPE=$(echo "$line" | awk '{print $1}') + TEST_ID=$(echo "$line" | awk '{print $2}') + + if [ "$SUITE_TYPE" = "[Sequential]" ]; then + SUITE_DIR="$SEQ_DIR" + else + SUITE_DIR="$PAR_DIR" + fi + + echo -n "🏃 Running $TEST_ID... " + + TEST_OUTPUT=$(mktemp) + "$GINKGO" -v -focus="$TEST_ID" -r "$SUITE_DIR" > "$TEST_OUTPUT" 2>&1 + + sed 's/\x1b\[[0-9;]*m//g' "$TEST_OUTPUT" > "${TEST_OUTPUT}_clean" + cat "${TEST_OUTPUT}_clean" >> "$CLEAN_RERUN" + + if grep -q "^FAIL!" "${TEST_OUTPUT}_clean"; then + echo "❌ FAILED" + elif grep -q "^SUCCESS!" "${TEST_OUTPUT}_clean" || grep -q "0 Failed" "${TEST_OUTPUT}_clean"; then + TIME_TAKEN=$(grep -o "Ran [0-9]* of [0-9]* Specs in .*" "${TEST_OUTPUT}_clean" | sed 's/.* in //') + if [ -z "$TIME_TAKEN" ]; then + echo "⚠️ SKIPPED (Test did not execute)" + else + echo "✅ PASSED (Took: $TIME_TAKEN)" + fi + else + echo "⚠️ UNKNOWN STATE (Check logs)" + fi + + rm -f "$TEST_OUTPUT" "${TEST_OUTPUT}_clean" + done +fi + +STILL_FAILING=$(awk "$PARSE_AWK" "$CLEAN_RERUN" | sort | uniq) + +echo "----------------------------------------------------------------" +echo "Rerun Detailed Error Logs:" +echo "----------------------------------------------------------------" + +if [ -z "$STILL_FAILING" ]; then + echo "All tests passed on rerun." +else + echo "$STILL_FAILING" | while read -r line; do + TEST_ID=$(echo "$line" | awk '{print $2}') + echo "FAILED: $line" + + awk -v tid="$TEST_ID" ' + BEGIN { in_err=0; buf="" } + /^[ \t]*•?[ \t]*\[(FAILED|PANICKED|FAIL)\]/ { + in_err=1 + buf=$0 + next + } + in_err { + buf = buf "\n" $0 + if ($0 ~ /^------------------------------/ || $0 ~ /^SSS/) { + if (buf ~ tid) { + n = split(buf, lines, "\n") + valid_count = 0 + + # First, collect all valid lines + for (i=1; i<=n; i++) { + line = lines[i] + sub(/^[ \t]+/, "", line) + if (line != "" && line !~ /^------------------------------/ && line !~ /^SSS/) { + valid_count++ + cleaned[valid_count] = line + } + } + + # Print logic with truncation + if (valid_count <= 25) { + for (i=1; i<=valid_count; i++) print " > " cleaned[i] + } else { + for (i=1; i<=15; i++) print " > " cleaned[i] + print " >" + print " > ... [TRUNCATED: " (valid_count - 20) " lines omitted for readability] ..." + print " >" + for (i=valid_count-4; i<=valid_count; i++) print " > " cleaned[i] + } + exit + } + in_err=0 + buf="" + } + } + ' "$CLEAN_RERUN" + echo "" + done +fi + +echo "----------------------------------------------------------------" +echo "Summary of tests still failing:" +if [ -z "$STILL_FAILING" ]; then + echo "None." +else + echo "$STILL_FAILING" | sed 's/^/- /' +fi \ No newline at end of file diff --git a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go index bf3f5624f77..f39ba1b9942 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go @@ -85,7 +85,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { It("verifies that toolchain versions have the expected values", func() { // These variables need to be maintained according to the component matrix: https://spaces.redhat.com/display/GITOPS/GitOps+Component+Matrix - expected_kustomizeVersion := "v5.7.0" + expected_kustomizeVersion := "v5.7.1" expected_helmVersion := "v3.18.4" expected_argocdVersion := "v3.1.5" From b82d188d8fc6bb344dcbbf3ee7e0f889742ff42f Mon Sep 17 00:00:00 2001 From: Triona Doyle Date: Mon, 20 Apr 2026 19:20:21 +0100 Subject: [PATCH 2/2] update tests for v1.18.5 release Signed-off-by: Triona Doyle --- rerun-operator-e2e-failures.sh | 168 ----- .../parallel/1-031_validate_toolchain_test.go | 8 +- .../1-090_validate_permissions_test.go | 672 +----------------- .../snapshots/valid_csv_permissions.yaml | 469 ++++++++++++ 4 files changed, 497 insertions(+), 820 deletions(-) delete mode 100755 rerun-operator-e2e-failures.sh create mode 100644 test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml diff --git a/rerun-operator-e2e-failures.sh b/rerun-operator-e2e-failures.sh deleted file mode 100755 index be9c69c4083..00000000000 --- a/rerun-operator-e2e-failures.sh +++ /dev/null @@ -1,168 +0,0 @@ -#!/bin/bash - -if [ -z "$1" ]; then - echo "Usage: $0 " - exit 1 -fi - -LOG_FILE=$1 -if [ ! -f "$LOG_FILE" ]; then - echo "File not found: $LOG_FILE" - exit 1 -fi - -CLEAN_LOG=$(mktemp) -RERUN_LOG=$(mktemp) -CLEAN_RERUN=$(mktemp) -trap 'rm -f "$CLEAN_LOG" "$RERUN_LOG" "$CLEAN_RERUN"' EXIT - -if ! command -v go &> /dev/null; then - echo "Go is required." - exit 1 -fi - -go mod tidy >/dev/null 2>&1 -go mod download >/dev/null 2>&1 -go mod vendor >/dev/null 2>&1 - -# Strip colors for processing -sed 's/\x1b\[[0-9;]*m//g' "$LOG_FILE" > "$CLEAN_LOG" - -PARSE_AWK=' -/\[FAIL\]/ { - s="[Unknown]" - if ($0 ~ /Sequential/) s="[Sequential]" - if ($0 ~ /Parallel/) s="[Parallel]" - match($0, /[0-9]-[0-9]{3}[-_][a-zA-Z0-9_-]+/); - if (RLENGTH > 0) { - val = substr($0, RSTART, RLENGTH); - sub(/_test$/, "", val); - print s " " val; - } -}' - -FAILURES=$(awk "$PARSE_AWK" "$CLEAN_LOG" | sort | uniq) -SUITE_FAILED=$(grep -c "A BeforeSuite node failed" "$CLEAN_LOG" || true) - -if [ -z "$FAILURES" ] && [ "$SUITE_FAILED" -eq 0 ]; then - echo "No test failures found." - exit 0 -fi - -echo "Tests to rerun:" -[ -n "$FAILURES" ] && echo "$FAILURES" | sed 's/^/ /' -echo "" - -GINKGO="./bin/ginkgo" -[ ! -x "$GINKGO" ] && GINKGO="ginkgo" - -export OPERATOR_NAMESPACE="${OPERATOR_NAMESPACE:-openshift-gitops-operator}" -SEQ_DIR="./test/openshift/e2e/ginkgo/sequential" -PAR_DIR="./test/openshift/e2e/ginkgo/parallel" - -echo "⏳ Executing reruns in strict isolation..." -echo "----------------------------------------------------------------" - -> "$RERUN_LOG" - -if [ -n "$FAILURES" ]; then - echo "$FAILURES" | while read -r line; do - SUITE_TYPE=$(echo "$line" | awk '{print $1}') - TEST_ID=$(echo "$line" | awk '{print $2}') - - if [ "$SUITE_TYPE" = "[Sequential]" ]; then - SUITE_DIR="$SEQ_DIR" - else - SUITE_DIR="$PAR_DIR" - fi - - echo -n "🏃 Running $TEST_ID... " - - TEST_OUTPUT=$(mktemp) - "$GINKGO" -v -focus="$TEST_ID" -r "$SUITE_DIR" > "$TEST_OUTPUT" 2>&1 - - sed 's/\x1b\[[0-9;]*m//g' "$TEST_OUTPUT" > "${TEST_OUTPUT}_clean" - cat "${TEST_OUTPUT}_clean" >> "$CLEAN_RERUN" - - if grep -q "^FAIL!" "${TEST_OUTPUT}_clean"; then - echo "❌ FAILED" - elif grep -q "^SUCCESS!" "${TEST_OUTPUT}_clean" || grep -q "0 Failed" "${TEST_OUTPUT}_clean"; then - TIME_TAKEN=$(grep -o "Ran [0-9]* of [0-9]* Specs in .*" "${TEST_OUTPUT}_clean" | sed 's/.* in //') - if [ -z "$TIME_TAKEN" ]; then - echo "⚠️ SKIPPED (Test did not execute)" - else - echo "✅ PASSED (Took: $TIME_TAKEN)" - fi - else - echo "⚠️ UNKNOWN STATE (Check logs)" - fi - - rm -f "$TEST_OUTPUT" "${TEST_OUTPUT}_clean" - done -fi - -STILL_FAILING=$(awk "$PARSE_AWK" "$CLEAN_RERUN" | sort | uniq) - -echo "----------------------------------------------------------------" -echo "Rerun Detailed Error Logs:" -echo "----------------------------------------------------------------" - -if [ -z "$STILL_FAILING" ]; then - echo "All tests passed on rerun." -else - echo "$STILL_FAILING" | while read -r line; do - TEST_ID=$(echo "$line" | awk '{print $2}') - echo "FAILED: $line" - - awk -v tid="$TEST_ID" ' - BEGIN { in_err=0; buf="" } - /^[ \t]*•?[ \t]*\[(FAILED|PANICKED|FAIL)\]/ { - in_err=1 - buf=$0 - next - } - in_err { - buf = buf "\n" $0 - if ($0 ~ /^------------------------------/ || $0 ~ /^SSS/) { - if (buf ~ tid) { - n = split(buf, lines, "\n") - valid_count = 0 - - # First, collect all valid lines - for (i=1; i<=n; i++) { - line = lines[i] - sub(/^[ \t]+/, "", line) - if (line != "" && line !~ /^------------------------------/ && line !~ /^SSS/) { - valid_count++ - cleaned[valid_count] = line - } - } - - # Print logic with truncation - if (valid_count <= 25) { - for (i=1; i<=valid_count; i++) print " > " cleaned[i] - } else { - for (i=1; i<=15; i++) print " > " cleaned[i] - print " >" - print " > ... [TRUNCATED: " (valid_count - 20) " lines omitted for readability] ..." - print " >" - for (i=valid_count-4; i<=valid_count; i++) print " > " cleaned[i] - } - exit - } - in_err=0 - buf="" - } - } - ' "$CLEAN_RERUN" - echo "" - done -fi - -echo "----------------------------------------------------------------" -echo "Summary of tests still failing:" -if [ -z "$STILL_FAILING" ]; then - echo "None." -else - echo "$STILL_FAILING" | sed 's/^/- /' -fi \ No newline at end of file diff --git a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go index f39ba1b9942..fe6313d3a5b 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-031_validate_toolchain_test.go @@ -86,8 +86,8 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { // These variables need to be maintained according to the component matrix: https://spaces.redhat.com/display/GITOPS/GitOps+Component+Matrix expected_kustomizeVersion := "v5.7.1" - expected_helmVersion := "v3.18.4" - expected_argocdVersion := "v3.1.5" + expected_helmVersion := "v3.18.6" + expected_argocdVersion := "v3.1.13" var expected_dexVersion string var expected_redisVersion string @@ -99,8 +99,8 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } else { // when running against RC/ released version of gitops - expected_dexVersion = "v2.43.0" - expected_redisVersion = "7.2.10" + expected_dexVersion = "v2.43.1" + expected_redisVersion = "7.2.11" } By("locating pods containing toolchain in openshift-gitops") diff --git a/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go b/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go index a47de6eb3fa..1c01a21540b 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-090_validate_permissions_test.go @@ -19,6 +19,8 @@ package parallel import ( "context" "fmt" + "os" + "path/filepath" "strings" . "github.com/onsi/ginkgo/v2" @@ -59,652 +61,6 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { return } - By("checking that the expected CSV matches the actual CSV on the cluster") - - csvString := ` -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: openshift-gitops-operator.v1.16.0 - namespace: openshift-operators -spec: - install: - spec: - clusterPermissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - namespaces - - pods - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - persistentvolumeclaims - - pods - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - deployments - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - - resourcequotas - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - apiGroups: - - "" - resources: - - podtemplates - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - apiGroups: - - appmesh.k8s.aws - resources: - - virtualnodes - - virtualrouters - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - appmesh.k8s.aws - resources: - - virtualservices - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - - podtemplates - - replicasets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resourceNames: - - gitops-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - analysisruns - - analysisruns/finalizers - - experiments - - experiments/finalizers - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - analysistemplates - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - applications - - appprojects - - argocds - - argocds/finalizers - - argocds/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - clusteranalysistemplates - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - notificationsconfigurations - - notificationsconfigurations/finalizers - verbs: - - '*' - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers/finalizers - verbs: - - update - - apiGroups: - - argoproj.io - resources: - - rolloutmanagers/status - verbs: - - get - - patch - - update - - apiGroups: - - argoproj.io - resources: - - rollouts - - rollouts/finalizers - - rollouts/scale - - rollouts/status - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - config.openshift.io - resources: - - clusterversions - verbs: - - get - - list - - watch - - apiGroups: - - console.openshift.io - resources: - - consoleclidownloads - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - console.openshift.io - resources: - - consolelinks - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - console.openshift.io - resources: - - consoleplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - update - - apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - get - - list - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - create - - get - - list - - patch - - watch - - apiGroups: - - getambassador.io - resources: - - ambassadormappings - - mappings - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - prometheuses - - prometheusrules - - servicemonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.istio.io - resources: - - destinationrules - - virtualservices - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - - networkpolicies - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - oauth.openshift.io - resources: - - oauthclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - operators.coreos.com - resources: - - clusterserviceversions - - operatorgroups - - subscriptions - verbs: - - create - - get - - list - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices/finalizers - verbs: - - update - - apiGroups: - - pipelines.openshift.io - resources: - - gitopsservices/status - verbs: - - get - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - '*' - verbs: - - bind - - create - - delete - - deletecollection - - escalate - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - verbs: - - bind - - create - - delete - - deletecollection - - escalate - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - route.openshift.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - create - - get - - patch - - update - - watch - - apiGroups: - - template.openshift.io - resources: - - templateconfigs - - templateinstances - - templates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - traefik.containo.us - resources: - - traefikservices - verbs: - - get - - update - - watch - - apiGroups: - - x.getambassador.io - resources: - - ambassadormappings - - mappings - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create` - - expectedCsv := &olmv1alpha1.ClusterServiceVersion{} - - Expect(yaml.UnmarshalStrict([]byte(csvString), expectedCsv)).To(Succeed()) - By("looking for a ClusterServiceVersion for openshift-gitops across all namespaces") gitopsCSVsFound := []olmv1alpha1.ClusterServiceVersion{} var csvList olmv1alpha1.ClusterServiceVersionList @@ -712,6 +68,10 @@ spec: for index := range csvList.Items { csv := csvList.Items[index] if strings.Contains(csv.Name, "openshift-gitops-operator") { + // OLM copies CSVs to other namespaces; skip those copies + if _, copied := csv.Labels["olm.copiedFrom"]; copied { + continue + } gitopsCSVsFound = append(gitopsCSVsFound, csv) } } @@ -730,9 +90,25 @@ spec: Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(HaveLen(1)) actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions[0].ServiceAccountName = "" - Expect(expectedCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(HaveLen(1)) + snapshotPath := "../snapshots/valid_csv_permissions.yaml" + + if os.Getenv("E2E_UPDATE_SNAPSHOTS") == "1" { + By("updating snapshot file with actual CSV cluster permissions") + data, marshalErr := yaml.Marshal(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions) + Expect(marshalErr).NotTo(HaveOccurred()) + Expect(os.MkdirAll(filepath.Dir(snapshotPath), 0755)).To(Succeed()) + Expect(os.WriteFile(snapshotPath, data, 0644)).To(Succeed()) + } + + By("checking that the expected CSV cluster permissions match the actual CSV on the cluster") + + snapshotData, readErr := os.ReadFile(snapshotPath) + Expect(readErr).NotTo(HaveOccurred(), "snapshot file not found at %s; run with E2E_UPDATE_SNAPSHOTS=1 to create it", snapshotPath) + + var snapshotPermissions []olmv1alpha1.StrategyDeploymentPermissions + Expect(yaml.Unmarshal(snapshotData, &snapshotPermissions)).To(Succeed()) - Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(Equal(expectedCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions)) + Expect(actualCsv.Spec.InstallStrategy.StrategySpec.ClusterPermissions).To(Equal(snapshotPermissions)) By("checking that the specific fields in gitopsservices.pipelines.openshift.io CRD that we are looking for are present and have the expected values") diff --git a/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml b/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml new file mode 100644 index 00000000000..c172cd894d3 --- /dev/null +++ b/test/openshift/e2e/ginkgo/snapshots/valid_csv_permissions.yaml @@ -0,0 +1,469 @@ +- rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - deployments + - podtemplates + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - apiGroups: + - appmesh.k8s.aws + resources: + - virtualnodes + - virtualrouters + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - appmesh.k8s.aws + resources: + - virtualservices + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - podtemplates + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + resourceNames: + - gitops-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps.openshift.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - analysisruns + - analysisruns/finalizers + - analysistemplates + - clusteranalysistemplates + - experiments + - experiments/finalizers + - namespacemanagements + - namespacemanagements/status + - rollouts + - rollouts/finalizers + - rollouts/scale + - rollouts/status + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - argocds + - argocds/finalizers + - argocds/status + - rolloutmanagers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - argoproj.io + resources: + - notificationsconfigurations + - notificationsconfigurations/finalizers + verbs: + - '*' + - apiGroups: + - argoproj.io + resources: + - rolloutmanagers/finalizers + verbs: + - update + - apiGroups: + - argoproj.io + resources: + - rolloutmanagers/status + verbs: + - get + - patch + - update + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - clusterversions + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - console.openshift.io + resources: + - consoleclidownloads + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - console.openshift.io + resources: + - consolelinks + - consoleplugins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - apiGroups: + - elbv2.k8s.aws + resources: + - targetgroupbindings + verbs: + - get + - list + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - create + - get + - list + - patch + - watch + - apiGroups: + - getambassador.io + - x.getambassador.io + resources: + - ambassadormappings + - mappings + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + - prometheusrules + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - destinationrules + - virtualservices + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - operatorgroups + - subscriptions + verbs: + - create + - get + - list + - watch + - apiGroups: + - pipelines.openshift.io + resources: + - '*' + - gitopsservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pipelines.openshift.io + resources: + - gitopsservices/finalizers + verbs: + - update + - apiGroups: + - pipelines.openshift.io + resources: + - gitopsservices/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - '*' + - clusterrolebindings + - clusterroles + verbs: + - bind + - create + - delete + - deletecollection + - escalate + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - '*' + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - split.smi-spec.io + resources: + - trafficsplits + verbs: + - create + - get + - patch + - update + - watch + - apiGroups: + - template.openshift.io + resources: + - templateconfigs + - templateinstances + - templates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - traefik.containo.us + resources: + - traefikservices + verbs: + - get + - update + - watch + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: ""