diff --git a/tests/e2e/test_rosacli_upgrade.go b/tests/e2e/test_rosacli_upgrade.go index f20fe8da6d..6fa73e33c4 100644 --- a/tests/e2e/test_rosacli_upgrade.go +++ b/tests/e2e/test_rosacli_upgrade.go @@ -2,9 +2,11 @@ package e2e import ( "fmt" + "strings" "time" "github.com/Masterminds/semver" + "github.com/aws/aws-sdk-go-v2/aws/arn" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/openshift-online/ocm-common/pkg/aws/aws_client" @@ -29,12 +31,16 @@ var _ = Describe("Cluster Upgrade testing", arbitraryPolicyService rosacli.PolicyService clusterService rosacli.ClusterService upgradeService rosacli.UpgradeService + ocmResourceService rosacli.OCMResourceService versionService rosacli.VersionService arbitraryPoliciesToClean []string awsClient *aws_client.AWSClient profile *profilehandler.Profile roleUrlPrefix = "https://console.aws.amazon.com/iam/home?#/roles/" + accountRoles []string + operatorRoles []string ) + const versionTagName = "rosa_openshift_version" BeforeEach(func() { By("Get the cluster") @@ -46,6 +52,7 @@ var _ = Describe("Cluster Upgrade testing", arbitraryPolicyService = rosaClient.Policy clusterService = rosaClient.Cluster upgradeService = rosaClient.Upgrade + ocmResourceService = rosaClient.OCMResource versionService = rosaClient.Version By("Load the profile") @@ -80,7 +87,7 @@ var _ = Describe("Cluster Upgrade testing", Expect(err).To(BeNil()) clusterVersion := jsonData.DigString("version", "raw_id") - if profile.Version != "y-1" { + if profile.Version != con.YStreamPreviousVersion { Skip("Skip this case as the version defined in profile is not y-1 for upgrading testing") } @@ -291,7 +298,6 @@ var _ = Describe("Cluster Upgrade testing", }) It("to upgrade NON-STS rosa cluster across Y stream - [id:37499]", labels.Critical, labels.Runtime.Upgrade, func() { - By("Check the cluster version and compare with the profile to decide if skip this case") if profile.Version != con.YStreamPreviousVersion || profile.ClusterConfig.STS { Skip("Skip this case as the version defined in profile is not y-1 for non-sts cluster upgrading testing") @@ -329,7 +335,6 @@ var _ = Describe("Cluster Upgrade testing", }) It("to upgrade STS rosa cluster across Y stream - [id:55883]", labels.Critical, labels.Runtime.Upgrade, func() { - By("Check the cluster version and compare with the profile to decide if skip this case") if profile.Version != con.YStreamPreviousVersion || !profile.ClusterConfig.STS { Skip("Skip this case as the version defined in profile is not y-1 for sts cluster upgrading testing") @@ -382,6 +387,242 @@ var _ = Describe("Cluster Upgrade testing", err = WaitForUpgradeToState(upgradeService, clusterID, con.Started, 70) Expect(err).To(BeNil()) }) + + It("to upgrade wide AMI roles with the managed policies in auto mode - [id:57444]", + labels.Critical, labels.Runtime.Upgrade, func() { + By("Check the cluster version and compare with the profile to decide if skip this case") + if !profile.ClusterConfig.STS || profile.Version != con.YStreamPreviousVersion { + Skip("Skip this case as the version defined in profile is not y-1 or non-sts cluster for " + + "upgrading testing") + } + + By("Upgrade wide AMI roles in auto mode") + jsonData, err := clusterService.GetJSONClusterDescription(clusterID) + Expect(err).To(BeNil()) + clusterVersion := jsonData.DigString("version", "raw_id") + + if profile.ClusterConfig.HCP { + By("Find HCP cluster upgrade version") + hcpUpgradingVersion, _, err := FindUpperYStreamVersion(versionService, + profile.ChannelGroup, clusterVersion) + Expect(err).To(BeNil()) + if hcpUpgradingVersion == "" { + Skip("Skip this case as no version available for upgrade") + } + + By("upgrade HCP cluster wide AMI roles in auto mode") + ud, err := profilehandler.ParseUserData() + Expect(err).To(BeNil()) + Expect(ud).NotTo(BeNil()) + output1, err := ocmResourceService.UpgradeRoles( + "-c", clusterID, + "--cluster-version", hcpUpgradingVersion, + "--mode", "auto", + "-y", + ) + Expect(err).To(BeNil()) + Expect(output1.String()).To(ContainSubstring("Account roles with the prefix '%s' have attached "+ + "managed policies.", ud.AccountRolesPrefix)) + Expect(output1.String()).To(ContainSubstring("Cluster '%s' operator roles have attached managed "+ + "policies. An upgrade isn't needed", ud.OperatorRolesPrefix)) + } else { + By("Find STS Classic cluster upgrade version") + classicUpgradingVersion, classicUpgradingMajorVersion, err := FindUpperYStreamVersion(versionService, + profile.ChannelGroup, clusterVersion) + Expect(err).To(BeNil()) + if classicUpgradingVersion == "" || classicUpgradingMajorVersion == "" { + Skip("Skip this case as no version available for upgrade") + } + + By("get account roles and operator roles from cluster description") + description, err := clusterService.DescribeClusterAndReflect(clusterID) + Expect(err).ToNot(HaveOccurred()) + + _, installerRoleName, err := common.ParseRoleARN(description.STSRoleArn) + Expect(err).To(BeNil()) + _, supportRoleName, err := common.ParseRoleARN(description.SupportRoleARN) + Expect(err).To(BeNil()) + + accountRoles = append(accountRoles, installerRoleName) + accountRoles = append(accountRoles, supportRoleName) + + for _, i := range description.InstanceIAMRoles { + for _, v := range i { + _, accountRoleName, err := common.ParseRoleARN(v) + Expect(err).To(BeNil()) + accountRoles = append(accountRoles, accountRoleName) + } + } + + for _, v := range description.OperatorIAMRoles { + _, operatorRoleName, err := common.ParseRoleARN(v) + Expect(err).To(BeNil()) + operatorRoles = append(operatorRoles, operatorRoleName) + } + + awsClient, err = aws_client.CreateAWSClient("", "") + Expect(err).To(BeNil()) + + By("upgrade STS Classic cluster wide AMI roles in auto mode") + output, err := ocmResourceService.UpgradeRoles( + "-c", clusterID, + "--cluster-version", classicUpgradingVersion, + "--mode", "auto", + "-y", + ) + Expect(err).To(BeNil()) + Expect(output.String()).To(ContainSubstring("Ensuring account role/policies compatibility for " + + "upgrade")) + Expect(output.String()).To(ContainSubstring("Starting to upgrade the policies")) + + for _, accountRoleName := range accountRoles { + accountRolePolicyArns, err := awsClient.ListRoleAttachedPolicies(accountRoleName) + Expect(err).To(BeNil()) + Expect(output.String()).To(ContainSubstring("Upgraded policy with ARN '%s' to version '%s'", + *accountRolePolicyArns[0].PolicyArn, classicUpgradingMajorVersion)) + } + Expect(output.String()).To(ContainSubstring("Ensuring operator role/policies compatibility for" + + " upgrade")) + + for _, operatorRoleName := range operatorRoles { + operatorRolePolicyArns, err := awsClient.ListRoleAttachedPolicies(operatorRoleName) + Expect(err).To(BeNil()) + Expect(output.String()).To(ContainSubstring("Upgraded policy with ARN '%s' to version '%s'", + *operatorRolePolicyArns[0].PolicyArn, classicUpgradingMajorVersion)) + } + } + }) + + It("to upgrade wide AMI roles with the managed policies in manual mode - [id:75445]", + labels.Critical, labels.Runtime.Upgrade, func() { + By("Check the cluster version and compare with the profile to decide if skip this case") + if !profile.ClusterConfig.STS || profile.Version != con.YStreamPreviousVersion { + Skip("Skip this case as the version defined in profile is not y-1 or non-sts cluster for " + + "upgrading testing") + } + + By("Upgrade wide AMI roles in manual mode") + jsonData, err := clusterService.GetJSONClusterDescription(clusterID) + Expect(err).To(BeNil()) + clusterVersion := jsonData.DigString("version", "raw_id") + + if profile.ClusterConfig.HCP { + By("Find HCP cluster upgrade version") + hcpUpgradingVersion, _, err := FindUpperYStreamVersion(versionService, profile.ChannelGroup, + clusterVersion) + Expect(err).To(BeNil()) + if hcpUpgradingVersion == "" { + Skip("Skip this case as no version available for upgrade") + } + + By("upgrade HCP cluster wide AMI roles in manual mode") + ud, err := profilehandler.ParseUserData() + Expect(err).To(BeNil()) + Expect(ud).NotTo(BeNil()) + + output1, err := ocmResourceService.UpgradeRoles( + "-c", clusterID, + "--cluster-version", hcpUpgradingVersion, + "--mode", "manual", + "-y", + ) + Expect(err).To(BeNil()) + Expect(output1.String()).To(ContainSubstring("Account roles with the prefix '%s' have attached "+ + "managed policies.", ud.AccountRolesPrefix)) + Expect(output1.String()).To(ContainSubstring("Cluster '%s' operator roles have attached managed "+ + "policies. An upgrade isn't needed", ud.OperatorRolesPrefix)) + } else { + By("Find STS Classic cluster upgrade version") + classicUpgradingVersion, upgradingMajorVersion, err := FindUpperYStreamVersion(versionService, + profile.ChannelGroup, clusterVersion) + Expect(err).To(BeNil()) + if classicUpgradingVersion == "" { + Skip("Skip this case as no version available for upgrade") + } + + By("upgrade STS Classic cluster wide AMI roles in manual mode") + output2, err := ocmResourceService.UpgradeRoles( + "-c", clusterID, + "--cluster-version", classicUpgradingVersion, + "--mode", "manual", + "-y", + ) + Expect(err).To(BeNil()) + Expect(output2.String()).To(ContainSubstring("Ensuring account role/policies compatibility " + + "for upgrade")) + + commands := common.ExtractCommandsToCreateAWSResoueces(output2) + for _, command := range commands { + info := "INFO: Ensuring operator role/policies compatibility for upgrade" + if strings.Contains(command, info) { + index := strings.Index(command, info) + cmd1 := strings.Fields(command[:index]) + cmd2 := strings.Fields(command[index+len(info):]) + + _, err := rosaClient.Runner.RunCMD(cmd1) + Expect(err).To(BeNil()) + + _, err = rosaClient.Runner.RunCMD(cmd2) + Expect(err).To(BeNil()) + } else { + cmd := strings.Split(command, " ") + if len(cmd) > 0 && cmd[len(cmd)-1] == "" { + cmd = cmd[:len(cmd)-1] + } + _, err := rosaClient.Runner.RunCMD(cmd) + Expect(err).To(BeNil()) + } + } + + By("Check final result from aws") + output, err := clusterService.DescribeCluster(clusterID) + Expect(err).To(BeNil()) + CD, err := clusterService.ReflectClusterDescription(output) + Expect(err).To(BeNil()) + + var accRoles []string + accRoles = append(accRoles, CD.STSRoleArn) + accRoles = append(accRoles, CD.SupportRoleARN) + accRoles = append(accRoles, CD.InstanceIAMRoles[0]["Control plane"]) + accRoles = append(accRoles, CD.InstanceIAMRoles[1]["Worker"]) + + operatorRoles := CD.OperatorIAMRoles + + awsClient, err = aws_client.CreateAWSClient("", "") + Expect(err).To(BeNil()) + + By("Check account role version") + for _, accArn := range accRoles { + parse, err := arn.Parse(accArn) + Expect(err).To(BeNil()) + accRoleName := strings.Split(parse.Resource, "/")[1] + accRole, err := awsClient.GetRole(accRoleName) + Expect(err).To(BeNil()) + for _, tag := range accRole.Tags { + if *tag.Key == versionTagName { + Expect(*tag.Value).To(Equal(upgradingMajorVersion)) + } + } + } + + By("Check operator role version") + for _, opArn := range operatorRoles { + parse, err := arn.Parse(opArn) + Expect(err).To(BeNil()) + opRoleName := strings.Split(parse.Resource, "/")[1] + opPolicy, err := awsClient.ListAttachedRolePolicies(opRoleName) + Expect(err).To(BeNil()) + policyArn := *opPolicy[0].PolicyArn + policy, err := awsClient.GetIAMPolicy(policyArn) + Expect(err).To(BeNil()) + for _, tag := range policy.Tags { + if *tag.Key == versionTagName { + Expect(*tag.Value).To(Equal(upgradingMajorVersion)) + } + } + } + } + }) }) var _ = Describe("Describe/List rosa upgrade",