chore(e2e): ocp ephemeral env setup for e2e-tests (#2073)

* ephemeral env setup

.ibm/pipelines/auth/secrets-rhdh-secrets.yaml

@@ -32,4 +32,10 @@ data:
   DH_TARGET_URL: dGVzdC1iYWNrc3RhZ2UtY3VzdG9taXphdGlvbi1wcm92aWRlci1zaG93Y2FzZS1jaS5yaGRoLXByLW9zLWE5ODA1NjUwODMwYjIyYzNhZWUyNDNlNTFkNzk1NjVkLTAwMDAudXMtZWFzdC5jb250YWluZXJzLmFwcGRvbWFpbi5jbG91ZA==
   GOOGLE_CLIENT_ID: dGVtcA==
   GOOGLE_CLIENT_SECRET: dGVtcA==
+  RHDH_BASE_URL: dGVtcA==
+  KEYCLOAK_AUTH_BASE_URL: dGVtcA==
+  KEYCLOAK_AUTH_CLIENTID: dGVtcA==
+  KEYCLOAK_AUTH_CLIENT_SECRET: dGVtcA==
+  KEYCLOAK_AUTH_LOGIN_REALM: dGVtcA==
+  KEYCLOAK_AUTH_REALM: dGVtcA==
 type: Opaque

.ibm/pipelines/cluster/operators/acm/multiclusterhub.yaml

@@ -0,0 +1,6 @@
+apiVersion: operator.open-cluster-management.io/v1
+kind: MultiClusterHub
+metadata:
+  name: multiclusterhub
+  namespace: open-cluster-management
+spec: {}

.ibm/pipelines/cluster/operators/acm/operator-group.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: open-cluster-management
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: open-cluster-management
+  namespace: open-cluster-management
+spec:
+  targetNamespaces:
+  - open-cluster-management

.ibm/pipelines/cluster/operators/acm/subscription-acm.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: advanced-cluster-management
+  namespace: open-cluster-management
+spec:
+  channel: release-2.12
+  installPlanApproval: Automatic
+  name: advanced-cluster-management
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace

.ibm/pipelines/env_variables.sh

@@ -57,6 +57,7 @@ GITLAB_TOKEN=$(cat /tmp/secrets/GITLAB_TOKEN)
 
 RHDH_PR_OS_CLUSTER_URL=$(cat /tmp/secrets/RHDH_PR_OS_CLUSTER_URL)
 RHDH_PR_OS_CLUSTER_TOKEN=$(cat /tmp/secrets/RHDH_PR_OS_CLUSTER_TOKEN)
+ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
 K8S_CLUSTER_API_SERVER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
 K8S_SERVICE_ACCOUNT_TOKEN=$K8S_CLUSTER_TOKEN_ENCODED
 OCM_CLUSTER_URL=$(printf "%s" "$K8S_CLUSTER_URL" | base64 | tr -d '\n')
@@ -136,4 +137,10 @@ AUTH_PROVIDERS_NAMESPACE="showcase-auth-providers"
 STATIC_API_TOKEN="somecicdtoken"
 AUTH_PROVIDERS_CHART="rhdh-chart/backstage"
 
+KEYCLOAK_AUTH_BASE_URL=$(cat /tmp/secrets/KEYCLOAK_AUTH_BASE_URL)
+KEYCLOAK_AUTH_CLIENTID=$(cat /tmp/secrets/KEYCLOAK_AUTH_CLIENTID)
+KEYCLOAK_AUTH_CLIENT_SECRET=$(cat /tmp/secrets/KEYCLOAK_AUTH_CLIENT_SECRET)
+KEYCLOAK_AUTH_LOGIN_REALM=$(cat /tmp/secrets/KEYCLOAK_AUTH_LOGIN_REALM)
+KEYCLOAK_AUTH_REALM=$(cat /tmp/secrets/KEYCLOAK_AUTH_REALM)
+
 set +a  # Stop automatically exporting variables

.ibm/pipelines/jobs/main.sh

@@ -2,39 +2,14 @@
 
 set -x
 
-set_namespace() {
-  # Enable parallel PR testing for main branch by utilizing a pool of namespaces
-  local namespaces_pool=("pr-1" "pr-2" "pr-3")
-  local namespace_found=false
-  # Iterate through namespace pool to find an available set
-  for ns in "${namespaces_pool[@]}"; do
-    if ! oc get namespace "showcase-$ns" >/dev/null 2>&1; then
-      echo "Namespace "showcase-$ns" does not exist, Using NS: showcase-$ns, showcase-rbac-$ns, postgress-external-db-$ns"
-      export NAME_SPACE="showcase-$ns"
-      export NAME_SPACE_RBAC="showcase-rbac-$ns"
-      export NAME_SPACE_POSTGRES_DB="postgress-external-db-$ns"
-      namespace_found=true
-      break
-    fi
-  done
-  if ! $namespace_found; then
-    echo "Error: All namespaces $namespaces_pool already in Use"
-    exit 1
-  fi
-}
-
 handle_main() {
   echo "Configuring namespace: ${NAME_SPACE}"
-  set_github_app_4_credentials
-  set_namespace
   oc_login
-
-  API_SERVER_URL=$(oc whoami --show-server)
-  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
-  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
+  echo "OCP version: $(oc version)"
 
   export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
   local url="https://${RELEASE_NAME}-backstage-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
+  cluster_setup
   initiate_deployments
   deploy_test_backstage_provider "${NAME_SPACE}"
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"

.ibm/pipelines/jobs/operator.sh

@@ -3,10 +3,6 @@
 handle_operator() {
   oc_login
 
-  API_SERVER_URL=$(oc whoami --show-server)
-  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
-  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
-
   apply_yaml_files "${DIR}" "${NAME_SPACE}"
   deploy_test_backstage_provider "${NAME_SPACE}"
 }

.ibm/pipelines/jobs/periodic.sh

@@ -9,19 +9,12 @@ handle_nightly() {
 
   oc_login
 
-  API_SERVER_URL=$(oc whoami --show-server)
-  ENCODED_API_SERVER_URL=$(echo "${API_SERVER_URL}" | base64)
-  ENCODED_CLUSTER_NAME=$(echo "my-cluster" | base64)
-
   export K8S_CLUSTER_ROUTER_BASE=$(oc get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
 
   configure_namespace "${NAME_SPACE}"
   deploy_test_backstage_provider "${NAME_SPACE}"
   local url="https://${RELEASE_NAME}-backstage-${NAME_SPACE}.${K8S_CLUSTER_ROUTER_BASE}"
-  install_pipelines_operator
-  sleep 20 # wait for Pipeline Operator/Tekton pipelines to be ready
-  oc apply -f "$dir/resources/pipeline-run/hello-world-pipeline.yaml"
-  oc apply -f "$dir/resources/pipeline-run/hello-world-pipeline-run.yaml"
+  cluster_setup
   initiate_deployments
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE}" "${url}"
   check_and_test "${RELEASE_NAME_RBAC}" "${NAME_SPACE_RBAC}" "${url}"
@@ -34,7 +27,7 @@ handle_nightly() {
   configure_namespace "${NAME_SPACE_RUNTIME}"
   uninstall_helmchart "${NAME_SPACE_RUNTIME}" "${RELEASE_NAME}"
   oc apply -f "$DIR/resources/redis-cache/redis-deployment.yaml" --namespace="${NAME_SPACE_RUNTIME}"
-  apply_yaml_files "${DIR}" "${NAME_SPACE_RUNTIME}"
+  apply_yaml_files "${DIR}" "${NAME_SPACE_RUNTIME}" "${RELEASE_NAME}"
   helm upgrade -i "${RELEASE_NAME}" -n "${NAME_SPACE_RUNTIME}" "${HELM_REPO_NAME}/${HELM_IMAGE_NAME}" --version "${CHART_VERSION}" -f "${DIR}/value_files/${HELM_CHART_VALUE_FILE_NAME}" --set global.clusterRouterBase="${K8S_CLUSTER_ROUTER_BASE}" --set upstream.backstage.image.repository="${QUAY_REPO}" --set upstream.backstage.image.tag="${TAG_NAME}"
   check_and_test "${RELEASE_NAME}" "${NAME_SPACE_RUNTIME}" "${url}"
 }

.ibm/pipelines/ocp-cluster-claim-login.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# Prompt the user for the prow log url
+read -p "Enter the prow log url: " input_url
+
+id=$(echo "$input_url" | awk -F'/' '{print $NF}')
+job=$(echo "$input_url" | awk -F'/' '{print $(NF-1)}')
+
+build_log_url="https://prow.ci.openshift.org/log?container=test&id=${id}&job=${job}"
+namespace=$(curl -s $build_log_url | grep "The claimed cluster"  | sed -E 's/.*The claimed cluster ([^.]+)\ is ready after.*/\1/')
+
+# Output the constructed URL
+echo "Prow build log URL: $build_log_url"
+echo "hosted-mgmt Namespace: $namespace"
+
+if [[ -z "$namespace" ]]; then
+    echo "Cluster claim not found. Please provide a valid prow url that uses cluster claim."
+    exit 1
+elif [[ ! "$namespace" =~ ^rhdh-4-17-us-east-2 ]]; then
+    echo "Namespace must start with 'rhdh-4-17-us-east-2'."
+    exit 1
+fi
+
+# Log in to the cluster
+oc login --web https://api.hosted-mgmt.ci.devcluster.openshift.com:6443
+
+if ! oc get namespace "$namespace" >/dev/null 2>&1; then
+    echo "Namespace ${namespace} is expired or deleted, exiting..."
+    exit 1
+fi
+
+# Try to retrieve secrets from the namespace
+namespace_secrets=$(oc get secrets -n "$namespace" 2>&1)
+if echo "$namespace_secrets" | grep -q "Forbidden"; then
+    echo "Error: You do not have access to the namespace '$namespace'."
+    echo "check if you are member of 'rhdh-pool-admins' group at: https://rover.redhat.com/groups/search?q=rhdh-pool-admins"
+    echo "Please reach out to the rhdh-qe team for assistance."
+    exit 1
+fi
+
+cluster_secret=$(oc get secrets -n "$namespace" | grep admin-password | awk '{print $1}')
+# Retrieve the kubeadmin password from the specified namespace
+password=$(oc get secret $cluster_secret -n "$namespace" -o jsonpath='{.data.password}' | base64 -d)
+
+# Log out from the current session
+oc logout
+
+# Log in to the namespace-specific cluster
+oc login https://api."$namespace".rhdh-qe.devcluster.openshift.com:6443 --username kubeadmin --password "$password" --insecure-skip-tls-verify=true
+oc project showcase
+
+# Prompt the user to open the web console
+read -p "Do you want to open the OpenShift web console? (y/n): " open_console
+
+if [[ "$open_console" == "y" || "$open_console" == "Y" ]]; then
+
+    console_url="https://console-openshift-console.apps.${namespace}.rhdh-qe.devcluster.openshift.com/dashboards"
+
+    echo "Opening web console at $console_url..."
+    echo "Use bellow user and password to login into web console:"
+    echo "Username: kubeadmin"
+    echo "Password: $password"
+    sleep 3
+
+    # Attempt to open the web console in the default browser
+    if command -v xdg-open &> /dev/null; then
+        xdg-open "$console_url" # For Linux systems
+    elif command -v open &> /dev/null; then
+        open "$console_url" # For macOS
+    else
+        echo "Unable to detect a browser. Please open the following URL manually:"
+        echo "$console_url"
+    fi
+else
+    echo "Web console not opened."
+fi

.ibm/pipelines/openshift-ci-tests.sh

@@ -12,38 +12,27 @@ cleanup() {
   echo "Cleaning up before exiting"
   if [[ "$JOB_NAME" == *aks* ]]; then
     az_aks_stop "${AKS_NIGHTLY_CLUSTER_NAME}" "${AKS_NIGHTLY_CLUSTER_RESOURCEGROUP}"
-  elif [[ "$JOB_NAME" == *pull-*-main-e2e-tests* ]]; then
-    # Cleanup namespaces after main branch PR e2e tests execution.
-    delete_namespace "${NAME_SPACE}"
-    delete_namespace "${NAME_SPACE_POSTGRES_DB}"
-    delete_namespace "${NAME_SPACE_RBAC}"
   fi
   rm -rf ~/tmpbin
 }
 
 trap cleanup EXIT INT ERR
 
-export K8S_CLUSTER_URL=$(cat /tmp/secrets/RHDH_PR_OS_CLUSTER_URL)
-export K8S_CLUSTER_TOKEN=$(cat /tmp/secrets/RHDH_PR_OS_CLUSTER_TOKEN)
+SCRIPTS=(
+    "env_variables.sh"
+    "utils.sh"
+    "jobs/aks.sh"
+    "jobs/gke.sh"
+    "jobs/main.sh"
+    "jobs/operator.sh"
+    "jobs/periodic.sh"
+)
 
-source "${DIR}/env_variables.sh"
-echo "Loaded env_variables.sh"
-source "${DIR}/utils.sh"
-echo "Loaded utils.sh"
-source "${DIR}/jobs/aks.sh"
-echo "Loaded aks.sh"
-source "${DIR}/jobs/gke.sh"
-echo "Loaded gke.sh"
-source "${DIR}/jobs/main.sh"
-echo "Loaded main.sh"
-source "${DIR}/jobs/ocp-v4-15.sh"
-echo "Loaded ocp-v4-15.sh"
-source "${DIR}/jobs/ocp-v4-16.sh"
-echo "Loaded ocp-v4-16.sh"
-source "${DIR}/jobs/operator.sh"
-echo "Loaded operator.sh"
-source "${DIR}/jobs/periodic.sh"
-echo "Loaded periodic.sh"
+# Source each script dynamically
+for SCRIPT in "${SCRIPTS[@]}"; do
+    source "${DIR}/${SCRIPT}"
+    echo "Loaded ${SCRIPT}"
+done
 
 main() {
   echo "Log file: ${LOGFILE}"
@@ -58,26 +47,18 @@ main() {
       echo "Calling handle_gke"
        handle_gke
       ;;
+    *operator*)
+      echo "Calling Operator"
+      handle_operator
+      ;;
     *periodic*)
       echo "Calling handle_periodic"
       handle_nightly
       ;;
-    *pull-*-main-e2e-tests*)
+    *pull*)
       echo "Calling handle_main"
       handle_main
       ;;
-    *ocp-v4-16*)
-      echo "Calling handle_ocp_v4_16"
-      handle_ocp_v4_16
-      ;;
-    *ocp-v4-15*)
-      echo "Calling handle_ocp_v4_15"
-      handle_ocp_v4_15
-      ;;
-    *operator*)
-      echo "Calling Operator"
-      handle_operator
-      ;;
   esac
 
 echo "K8S_CLUSTER_ROUTER_BASE : $K8S_CLUSTER_ROUTER_BASE"