🌱 update skopeo openshift test (#3298)

* update skopeo openshift test

Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com>

* patch subscription e2e flake

Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com>

---------

Signed-off-by: Per Goncalves da Silva <pegoncal@redhat.com>
Co-authored-by: Per Goncalves da Silva <pegoncal@redhat.com>

test/e2e/catalog_e2e_test.go

@@ -820,7 +820,7 @@ var _ = Describe("Starting CatalogSource e2e tests", func() {
 
 		By("Create an image based catalog source from public Quay image using a unique tag as identifier")
 		var registryURL string
-		var registryAuth string
+		var registryAuthSecretName string
 		if local {
 			By("Creating a local registry to use")
 			registryURL, err = createDockerRegistry(c, generatedNamespace.GetName())
@@ -836,7 +836,7 @@ var _ = Describe("Starting CatalogSource e2e tests", func() {
 		} else {
 			registryURL = fmt.Sprintf("%s/%s", openshiftregistryFQDN, generatedNamespace.GetName())
 			By("Using the OpenShift registry at " + registryURL)
-			registryAuth, err = openshiftRegistryAuth(c, generatedNamespace.GetName())
+			registryAuthSecretName, err = getRegistryAuthSecretName(c, generatedNamespace.GetName())
 			Expect(err).NotTo(HaveOccurred(), "error getting openshift registry authentication: %s", err)
 		}
 
@@ -853,8 +853,8 @@ var _ = Describe("Starting CatalogSource e2e tests", func() {
 			Expect(err).NotTo(HaveOccurred(), "error copying old registry file: %s", err)
 		} else {
 			By("creating a skopoeo Pod to do the copying")
-			skopeoArgs := skopeoCopyCmd(testImage, tag, catsrcImage, "old", registryAuth)
-			err = createSkopeoPod(c, skopeoArgs, generatedNamespace.GetName())
+			skopeoArgs := skopeoCopyCmd(testImage, tag, catsrcImage, "old", registryAuthSecretName)
+			err = createSkopeoPod(c, skopeoArgs, generatedNamespace.GetName(), registryAuthSecretName)
 			Expect(err).NotTo(HaveOccurred(), "error creating skopeo pod: %s", err)
 
 			By("waiting for the skopeo pod to exit successfully")
@@ -948,8 +948,8 @@ var _ = Describe("Starting CatalogSource e2e tests", func() {
 			Expect(err).NotTo(HaveOccurred(), "error copying new registry file: %s", err)
 		} else {
 			By("creating a skopoeo Pod to do the copying")
-			skopeoArgs := skopeoCopyCmd(testImage, tag, catsrcImage, "new", registryAuth)
-			err = createSkopeoPod(c, skopeoArgs, generatedNamespace.GetName())
+			skopeoArgs := skopeoCopyCmd(testImage, tag, catsrcImage, "new", registryAuthSecretName)
+			err = createSkopeoPod(c, skopeoArgs, generatedNamespace.GetName(), registryAuthSecretName)
 			Expect(err).NotTo(HaveOccurred(), "error creating skopeo pod: %s", err)
 
 			By("waiting for the skopeo pod to exit successfully")

test/e2e/skopeo.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"os/exec"
+	"path"
 
 	"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/operatorclient"
 	"k8s.io/utils/ptr"
@@ -18,14 +19,15 @@ const (
 	debug                 = "--debug"
 	skipTLS               = "--dest-tls-verify=false"
 	skipCreds             = "--dest-no-creds=true"
-	destCreds             = "--dest-creds="
+	destCreds             = "--dest-authfile="
 	v2format              = "--format=v2s2"
-	skopeoImage           = "quay.io/olmtest/skopeo:0.1.40"
+	skopeoImage           = "quay.io/skopeo/stable:v1.15.0"
 	BuilderServiceAccount = "builder"
+	authPath              = "/mnt/registry-auth"
+	cachePath             = ".local"
 )
 
-func openshiftRegistryAuth(client operatorclient.ClientInterface, namespace string) (string, error) {
-
+func getRegistryAuthSecretName(client operatorclient.ClientInterface, namespace string) (string, error) {
 	var sa *corev1.ServiceAccount
 	var err error
 
@@ -47,15 +49,7 @@ func openshiftRegistryAuth(client operatorclient.ClientInterface, namespace stri
 	if err != nil {
 		return "", err
 	}
-	annotations := secret.Annotations
-	if annotations == nil {
-		return "", fmt.Errorf("annotations not present on builder secret")
-	}
-
-	user := annotations["openshift.io/token-secret.name"]
-	pass := annotations["openshift.io/token-secret.value"]
-
-	return fmt.Sprint(user, ":", pass), nil
+	return secret.GetName(), nil
 }
 
 func skopeoCopyCmd(newImage, newTag, oldImage, oldTag, auth string) []string {
@@ -66,15 +60,15 @@ func skopeoCopyCmd(newImage, newTag, oldImage, oldTag, auth string) []string {
 	if auth == "" {
 		creds = skipCreds
 	} else {
-		creds = fmt.Sprint(destCreds, auth)
+		creds = fmt.Sprint(destCreds, path.Join(cachePath, "auth.json"))
 	}
 
 	cmd := []string{debug, insecure, "copy", skipTLS, v2format, creds, oldImageName, newImageName}
 
 	return cmd
 }
 
-func createSkopeoPod(client operatorclient.ClientInterface, args []string, namespace string) error {
+func createSkopeoPod(client operatorclient.ClientInterface, args []string, namespace string, registrySecret string) error {
 	pod := &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      skopeo,
@@ -93,12 +87,12 @@ func createSkopeoPod(client operatorclient.ClientInterface, args []string, names
 					Image: skopeoImage,
 					Args:  args,
 					SecurityContext: &corev1.SecurityContext{
-						ReadOnlyRootFilesystem:   ptr.To(bool(false)),
-						AllowPrivilegeEscalation: ptr.To(bool(false)),
+						ReadOnlyRootFilesystem:   ptr.To(false),
+						AllowPrivilegeEscalation: ptr.To(false),
 						Capabilities: &corev1.Capabilities{
 							Drop: []corev1.Capability{"ALL"},
 						},
-						RunAsNonRoot: ptr.To(bool(true)),
+						RunAsNonRoot: ptr.To(true),
 						RunAsUser:    ptr.To(int64(1001)),
 					},
 				},
@@ -108,6 +102,43 @@ func createSkopeoPod(client operatorclient.ClientInterface, args []string, names
 		},
 	}
 
+	if registrySecret != "" {
+		// update container command to first convert the dockercfg to an auth.json file that skopeo can use
+		authJsonPath := path.Join(cachePath, "auth.json")
+		authJson := "\"{\\\"auths\\\": $(cat /mnt/registry-auth/.dockercfg)}\""
+		cmd := fmt.Sprintf("echo %s > %s && exec skopeo $@", authJson, authJsonPath)
+
+		pod.Spec.Containers[0].Command = []string{"bash", "-c", cmd}
+
+		pod.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
+			{
+				Name:      "registry-auth",
+				MountPath: authPath,
+				ReadOnly:  true,
+			}, {
+				Name:      "cache",
+				MountPath: cachePath,
+				ReadOnly:  false,
+			},
+		}
+		pod.Spec.Volumes = []corev1.Volume{
+			{
+				Name: "registry-auth",
+				VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName: registrySecret,
+					},
+				},
+			},
+			{
+				Name: "cache",
+				VolumeSource: corev1.VolumeSource{
+					EmptyDir: &corev1.EmptyDirVolumeSource{},
+				},
+			},
+		}
+	}
+
 	_, err := client.KubernetesInterface().CoreV1().Pods(namespace).Create(context.TODO(), pod, metav1.CreateOptions{})
 	if err != nil {
 		return err

test/e2e/subscription_e2e_test.go

@@ -2597,19 +2597,24 @@ var _ = Describe("Subscription", func() {
 				err = magicCatalog.UpdateCatalog(context.Background(), provider)
 				Expect(err).To(BeNil())
 
-				By("waiting for the subscription to have v0.3.0 installed")
+				By("waiting for the subscription to switch to v0.3.0")
 				sub, err = fetchSubscription(crc, generatedNamespace.GetName(), subName, subscriptionHasCurrentCSV("example-operator.v0.3.0"))
 				Expect(err).Should(BeNil())
 
-				By("waiting for the subscription to have v0.3.0 installed with a Package deprecated condition")
+				By("waiting for the subscription to have be at latest known")
+				sub, err = fetchSubscription(crc, generatedNamespace.GetName(), subName, subscriptionStateAtLatestChecker())
+				Expect(err).Should(BeNil())
+
+				By("waiting for the subscription to have v0.3.0 installed without a bundle deprecated condition")
 				sub, err = fetchSubscription(crc, generatedNamespace.GetName(), subName,
 					subscriptionHasCondition(
-						operatorsv1alpha1.SubscriptionPackageDeprecated,
-						corev1.ConditionTrue,
+						operatorsv1alpha1.SubscriptionInstallPlanPending,
+						corev1.ConditionUnknown,
+						"",
 						"",
-						"olm.package/test-package: test-package has been deprecated. Please switch to another-package.",
 					),
 				)
+				Expect(err).Should(BeNil())
 
 				By("checking for the deprecated conditions")
 				By(`Operator is deprecated at only Package and Channel levels`)
@@ -2705,7 +2710,7 @@ var _ = Describe("Subscription", func() {
 				}
 			} else {
 				registryURL = fmt.Sprintf("%s/%s", openshiftregistryFQDN, generatedNamespace.GetName())
-				registryAuth, err := openshiftRegistryAuth(c, generatedNamespace.GetName())
+				registryAuthSecretName, err := getRegistryAuthSecretName(c, generatedNamespace.GetName())
 				Expect(err).NotTo(HaveOccurred(), "error getting openshift registry authentication: %s", err)
 				copyImage = func(dst, dstTag, src, srcTag string) error {
 					if !strings.HasPrefix(src, "docker://") {
@@ -2714,14 +2719,15 @@ var _ = Describe("Subscription", func() {
 					if !strings.HasPrefix(dst, "docker://") {
 						dst = fmt.Sprintf("docker://%s", dst)
 					}
-					skopeoArgs := skopeoCopyCmd(dst, dstTag, src, srcTag, registryAuth)
-					err = createSkopeoPod(c, skopeoArgs, generatedNamespace.GetName())
+					skopeoArgs := skopeoCopyCmd(dst, dstTag, src, srcTag, registryAuthSecretName)
+					err = createSkopeoPod(c, skopeoArgs, generatedNamespace.GetName(), registryAuthSecretName)
 					if err != nil {
 						return fmt.Errorf("error creating skopeo pod: %v", err)
 					}
 
 					By(`wait for skopeo pod to exit successfully`)
 					awaitPod(GinkgoT(), c, generatedNamespace.GetName(), skopeo, func(pod *corev1.Pod) bool {
+						ctx.Ctx().Logf("skopeo pod status: %s (waiting for: %s)", pod.Status.Phase, corev1.PodSucceeded)
 						return pod.Status.Phase == corev1.PodSucceeded
 					})
 
@@ -3627,12 +3633,6 @@ func updateInternalCatalog(t GinkgoTInterface, c operatorclient.ClientInterface,
 	require.NoError(t, err)
 }
 
-func updateCatSrcPriority(crClient versioned.Interface, namespace string, catsrc *operatorsv1alpha1.CatalogSource, priority int) {
-	catsrc.Spec.Priority = priority
-	_, err := crClient.OperatorsV1alpha1().CatalogSources(namespace).Update(context.Background(), catsrc, metav1.UpdateOptions{})
-	Expect(err).Should(BeNil())
-}
-
 func subscriptionCurrentCSVGetter(crclient versioned.Interface, namespace, subName string) func() string {
 	return func() string {
 		subscription, err := crclient.OperatorsV1alpha1().Subscriptions(namespace).Get(context.Background(), subName, metav1.GetOptions{})
@@ -3642,15 +3642,3 @@ func subscriptionCurrentCSVGetter(crclient versioned.Interface, namespace, subNa
 		return subscription.Status.CurrentCSV
 	}
 }
-
-func operatorGroupServiceAccountNameSetter(crclient versioned.Interface, namespace, name, saName string) func() error {
-	return func() error {
-		toUpdate, err := crclient.OperatorsV1().OperatorGroups(namespace).Get(context.Background(), name, metav1.GetOptions{})
-		if err != nil {
-			return err
-		}
-		toUpdate.Spec.ServiceAccountName = saName
-		_, err = crclient.OperatorsV1().OperatorGroups(namespace).Update(context.Background(), toUpdate, metav1.UpdateOptions{})
-		return err
-	}
-}