Merge pull request #2263 from jameszwang/ocm-9299

OCM-9299 | test: Automate ids:57444,75445
openshift · Sep 3, 2024 · c9904e5 · c9904e5
2 parents 0f18c77 + 5fdcc1b
commit c9904e5
Showing 1 changed file with 244 additions and 3 deletions.
diff --git a/tests/e2e/test_rosacli_upgrade.go b/tests/e2e/test_rosacli_upgrade.go
@@ -2,9 +2,11 @@ package e2e
 
 import (
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/Masterminds/semver"
+	"github.com/aws/aws-sdk-go-v2/aws/arn"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/openshift-online/ocm-common/pkg/aws/aws_client"
@@ -29,12 +31,16 @@ var _ = Describe("Cluster Upgrade testing",
 			arbitraryPolicyService   rosacli.PolicyService
 			clusterService           rosacli.ClusterService
 			upgradeService           rosacli.UpgradeService
+			ocmResourceService       rosacli.OCMResourceService
 			versionService           rosacli.VersionService
 			arbitraryPoliciesToClean []string
 			awsClient                *aws_client.AWSClient
 			profile                  *profilehandler.Profile
 			roleUrlPrefix            = "https://console.aws.amazon.com/iam/home?#/roles/"
+			accountRoles             []string
+			operatorRoles            []string
 		)
+		const versionTagName = "rosa_openshift_version"
 
 		BeforeEach(func() {
 			By("Get the cluster")
@@ -46,6 +52,7 @@ var _ = Describe("Cluster Upgrade testing",
 			arbitraryPolicyService = rosaClient.Policy
 			clusterService = rosaClient.Cluster
 			upgradeService = rosaClient.Upgrade
+			ocmResourceService = rosaClient.OCMResource
 			versionService = rosaClient.Version
 
 			By("Load the profile")
@@ -80,7 +87,7 @@ var _ = Describe("Cluster Upgrade testing",
 			Expect(err).To(BeNil())
 			clusterVersion := jsonData.DigString("version", "raw_id")
 
-			if profile.Version != "y-1" {
+			if profile.Version != con.YStreamPreviousVersion {
 				Skip("Skip this case as the version defined in profile is not y-1 for upgrading testing")
 			}
 
@@ -291,7 +298,6 @@ var _ = Describe("Cluster Upgrade testing",
 		})
 
 		It("to upgrade NON-STS rosa cluster across Y stream - [id:37499]", labels.Critical, labels.Runtime.Upgrade, func() {
-
 			By("Check the cluster version and compare with the profile to decide if skip this case")
 			if profile.Version != con.YStreamPreviousVersion || profile.ClusterConfig.STS {
 				Skip("Skip this case as the version defined in profile is not y-1 for non-sts cluster upgrading testing")
@@ -329,7 +335,6 @@ var _ = Describe("Cluster Upgrade testing",
 		})
 
 		It("to upgrade STS rosa cluster across Y stream - [id:55883]", labels.Critical, labels.Runtime.Upgrade, func() {
-
 			By("Check the cluster version and compare with the profile to decide if skip this case")
 			if profile.Version != con.YStreamPreviousVersion || !profile.ClusterConfig.STS {
 				Skip("Skip this case as the version defined in profile is not y-1 for sts cluster upgrading testing")
@@ -382,6 +387,242 @@ var _ = Describe("Cluster Upgrade testing",
 			err = WaitForUpgradeToState(upgradeService, clusterID, con.Started, 70)
 			Expect(err).To(BeNil())
 		})
+
+		It("to upgrade wide AMI roles with the managed policies in auto mode - [id:57444]",
+			labels.Critical, labels.Runtime.Upgrade, func() {
+				By("Check the cluster version and compare with the profile to decide if skip this case")
+				if !profile.ClusterConfig.STS || profile.Version != con.YStreamPreviousVersion {
+					Skip("Skip this case as the version defined in profile is not y-1 or non-sts cluster for " +
+						"upgrading testing")
+				}
+
+				By("Upgrade wide AMI roles in auto mode")
+				jsonData, err := clusterService.GetJSONClusterDescription(clusterID)
+				Expect(err).To(BeNil())
+				clusterVersion := jsonData.DigString("version", "raw_id")
+
+				if profile.ClusterConfig.HCP {
+					By("Find HCP cluster upgrade version")
+					hcpUpgradingVersion, _, err := FindUpperYStreamVersion(versionService,
+						profile.ChannelGroup, clusterVersion)
+					Expect(err).To(BeNil())
+					if hcpUpgradingVersion == "" {
+						Skip("Skip this case as no version available for upgrade")
+					}
+
+					By("upgrade HCP cluster wide AMI roles in auto mode")
+					ud, err := profilehandler.ParseUserData()
+					Expect(err).To(BeNil())
+					Expect(ud).NotTo(BeNil())
+					output1, err := ocmResourceService.UpgradeRoles(
+						"-c", clusterID,
+						"--cluster-version", hcpUpgradingVersion,
+						"--mode", "auto",
+						"-y",
+					)
+					Expect(err).To(BeNil())
+					Expect(output1.String()).To(ContainSubstring("Account roles with the prefix '%s' have attached "+
+						"managed policies.", ud.AccountRolesPrefix))
+					Expect(output1.String()).To(ContainSubstring("Cluster '%s' operator roles have attached managed "+
+						"policies. An upgrade isn't needed", ud.OperatorRolesPrefix))
+				} else {
+					By("Find STS Classic cluster upgrade version")
+					classicUpgradingVersion, classicUpgradingMajorVersion, err := FindUpperYStreamVersion(versionService,
+						profile.ChannelGroup, clusterVersion)
+					Expect(err).To(BeNil())
+					if classicUpgradingVersion == "" || classicUpgradingMajorVersion == "" {
+						Skip("Skip this case as no version available for upgrade")
+					}
+
+					By("get account roles and operator roles from cluster description")
+					description, err := clusterService.DescribeClusterAndReflect(clusterID)
+					Expect(err).ToNot(HaveOccurred())
+
+					_, installerRoleName, err := common.ParseRoleARN(description.STSRoleArn)
+					Expect(err).To(BeNil())
+					_, supportRoleName, err := common.ParseRoleARN(description.SupportRoleARN)
+					Expect(err).To(BeNil())
+
+					accountRoles = append(accountRoles, installerRoleName)
+					accountRoles = append(accountRoles, supportRoleName)
+
+					for _, i := range description.InstanceIAMRoles {
+						for _, v := range i {
+							_, accountRoleName, err := common.ParseRoleARN(v)
+							Expect(err).To(BeNil())
+							accountRoles = append(accountRoles, accountRoleName)
+						}
+					}
+
+					for _, v := range description.OperatorIAMRoles {
+						_, operatorRoleName, err := common.ParseRoleARN(v)
+						Expect(err).To(BeNil())
+						operatorRoles = append(operatorRoles, operatorRoleName)
+					}
+
+					awsClient, err = aws_client.CreateAWSClient("", "")
+					Expect(err).To(BeNil())
+
+					By("upgrade STS Classic cluster wide AMI roles in auto mode")
+					output, err := ocmResourceService.UpgradeRoles(
+						"-c", clusterID,
+						"--cluster-version", classicUpgradingVersion,
+						"--mode", "auto",
+						"-y",
+					)
+					Expect(err).To(BeNil())
+					Expect(output.String()).To(ContainSubstring("Ensuring account role/policies compatibility for " +
+						"upgrade"))
+					Expect(output.String()).To(ContainSubstring("Starting to upgrade the policies"))
+
+					for _, accountRoleName := range accountRoles {
+						accountRolePolicyArns, err := awsClient.ListRoleAttachedPolicies(accountRoleName)
+						Expect(err).To(BeNil())
+						Expect(output.String()).To(ContainSubstring("Upgraded policy with ARN '%s' to version '%s'",
+							*accountRolePolicyArns[0].PolicyArn, classicUpgradingMajorVersion))
+					}
+					Expect(output.String()).To(ContainSubstring("Ensuring operator role/policies compatibility for" +
+						" upgrade"))
+
+					for _, operatorRoleName := range operatorRoles {
+						operatorRolePolicyArns, err := awsClient.ListRoleAttachedPolicies(operatorRoleName)
+						Expect(err).To(BeNil())
+						Expect(output.String()).To(ContainSubstring("Upgraded policy with ARN '%s' to version '%s'",
+							*operatorRolePolicyArns[0].PolicyArn, classicUpgradingMajorVersion))
+					}
+				}
+			})
+
+		It("to upgrade wide AMI roles with the managed policies in manual mode - [id:75445]",
+			labels.Critical, labels.Runtime.Upgrade, func() {
+				By("Check the cluster version and compare with the profile to decide if skip this case")
+				if !profile.ClusterConfig.STS || profile.Version != con.YStreamPreviousVersion {
+					Skip("Skip this case as the version defined in profile is not y-1 or non-sts cluster for " +
+						"upgrading testing")
+				}
+
+				By("Upgrade wide AMI roles in manual mode")
+				jsonData, err := clusterService.GetJSONClusterDescription(clusterID)
+				Expect(err).To(BeNil())
+				clusterVersion := jsonData.DigString("version", "raw_id")
+
+				if profile.ClusterConfig.HCP {
+					By("Find HCP cluster upgrade version")
+					hcpUpgradingVersion, _, err := FindUpperYStreamVersion(versionService, profile.ChannelGroup,
+						clusterVersion)
+					Expect(err).To(BeNil())
+					if hcpUpgradingVersion == "" {
+						Skip("Skip this case as no version available for upgrade")
+					}
+
+					By("upgrade HCP cluster wide AMI roles in manual mode")
+					ud, err := profilehandler.ParseUserData()
+					Expect(err).To(BeNil())
+					Expect(ud).NotTo(BeNil())
+
+					output1, err := ocmResourceService.UpgradeRoles(
+						"-c", clusterID,
+						"--cluster-version", hcpUpgradingVersion,
+						"--mode", "manual",
+						"-y",
+					)
+					Expect(err).To(BeNil())
+					Expect(output1.String()).To(ContainSubstring("Account roles with the prefix '%s' have attached "+
+						"managed policies.", ud.AccountRolesPrefix))
+					Expect(output1.String()).To(ContainSubstring("Cluster '%s' operator roles have attached managed "+
+						"policies. An upgrade isn't needed", ud.OperatorRolesPrefix))
+				} else {
+					By("Find STS Classic cluster upgrade version")
+					classicUpgradingVersion, upgradingMajorVersion, err := FindUpperYStreamVersion(versionService,
+						profile.ChannelGroup, clusterVersion)
+					Expect(err).To(BeNil())
+					if classicUpgradingVersion == "" {
+						Skip("Skip this case as no version available for upgrade")
+					}
+
+					By("upgrade STS Classic cluster wide AMI roles in manual mode")
+					output2, err := ocmResourceService.UpgradeRoles(
+						"-c", clusterID,
+						"--cluster-version", classicUpgradingVersion,
+						"--mode", "manual",
+						"-y",
+					)
+					Expect(err).To(BeNil())
+					Expect(output2.String()).To(ContainSubstring("Ensuring account role/policies compatibility " +
+						"for upgrade"))
+
+					commands := common.ExtractCommandsToCreateAWSResoueces(output2)
+					for _, command := range commands {
+						info := "INFO: Ensuring operator role/policies compatibility for upgrade"
+						if strings.Contains(command, info) {
+							index := strings.Index(command, info)
+							cmd1 := strings.Fields(command[:index])
+							cmd2 := strings.Fields(command[index+len(info):])
+
+							_, err := rosaClient.Runner.RunCMD(cmd1)
+							Expect(err).To(BeNil())
+
+							_, err = rosaClient.Runner.RunCMD(cmd2)
+							Expect(err).To(BeNil())
+						} else {
+							cmd := strings.Split(command, " ")
+							if len(cmd) > 0 && cmd[len(cmd)-1] == "" {
+								cmd = cmd[:len(cmd)-1]
+							}
+							_, err := rosaClient.Runner.RunCMD(cmd)
+							Expect(err).To(BeNil())
+						}
+					}
+
+					By("Check final result from aws")
+					output, err := clusterService.DescribeCluster(clusterID)
+					Expect(err).To(BeNil())
+					CD, err := clusterService.ReflectClusterDescription(output)
+					Expect(err).To(BeNil())
+
+					var accRoles []string
+					accRoles = append(accRoles, CD.STSRoleArn)
+					accRoles = append(accRoles, CD.SupportRoleARN)
+					accRoles = append(accRoles, CD.InstanceIAMRoles[0]["Control plane"])
+					accRoles = append(accRoles, CD.InstanceIAMRoles[1]["Worker"])
+
+					operatorRoles := CD.OperatorIAMRoles
+
+					awsClient, err = aws_client.CreateAWSClient("", "")
+					Expect(err).To(BeNil())
+
+					By("Check account role version")
+					for _, accArn := range accRoles {
+						parse, err := arn.Parse(accArn)
+						Expect(err).To(BeNil())
+						accRoleName := strings.Split(parse.Resource, "/")[1]
+						accRole, err := awsClient.GetRole(accRoleName)
+						Expect(err).To(BeNil())
+						for _, tag := range accRole.Tags {
+							if *tag.Key == versionTagName {
+								Expect(*tag.Value).To(Equal(upgradingMajorVersion))
+							}
+						}
+					}
+
+					By("Check operator role version")
+					for _, opArn := range operatorRoles {
+						parse, err := arn.Parse(opArn)
+						Expect(err).To(BeNil())
+						opRoleName := strings.Split(parse.Resource, "/")[1]
+						opPolicy, err := awsClient.ListAttachedRolePolicies(opRoleName)
+						Expect(err).To(BeNil())
+						policyArn := *opPolicy[0].PolicyArn
+						policy, err := awsClient.GetIAMPolicy(policyArn)
+						Expect(err).To(BeNil())
+						for _, tag := range policy.Tags {
+							if *tag.Key == versionTagName {
+								Expect(*tag.Value).To(Equal(upgradingMajorVersion))
+							}
+						}
+					}
+				}
+			})
 	})
 
 var _ = Describe("Describe/List rosa upgrade",