[minor] Add OLM support (#38)

durera · web-flow · commit 2587c1538809 · 2024-11-24T11:38:39.000Z
diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
@@ -6,6 +6,9 @@ on:
 jobs:
   build-package:
     runs-on: ubuntu-latest
+    concurrency:
+      group: tests-on-ocp
+      cancel-in-progress: false
     steps:
       # 1. Initialize the build
       # -------------------------------------------------------------------------------------------
@@ -29,7 +32,15 @@ jobs:
           python-version: 3.11
 
       - name: Build the Python package
+        env:
+          OCP_TOKEN: ${{ secrets.OCP_TOKEN }}
+          OCP_SERVER: ${{ secrets.OCP_SERVER }}
         run: |
+          kubectl config set-cluster my-cluster --server=$OCP_SERVER
+          kubectl config set-credentials my-user --token=$OCP_TOKEN
+          kubectl config set-context my-context --cluster=my-cluster --user=my-user --namespace=default
+          kubectl config use-context my-context
+
           sed -i "s#__version__ = \"100.0.0\"#__version__ = \"${{ env.VERSION_NOPREREL }}\"#g" ${GITHUB_WORKSPACE}/src/mas/devops/__init__.py
           cat ${GITHUB_WORKSPACE}/src/mas/devops/__init__.py
           python -m pip install --upgrade pip
diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml
@@ -5,6 +5,9 @@ on:
 jobs:
   release-package:
     runs-on: ubuntu-latest
+    concurrency:
+      group: tests-on-ocp
+      cancel-in-progress: false
     steps:
       # 1. Initialize the build
       # -------------------------------------------------------------------------------------------
@@ -28,7 +31,15 @@ jobs:
           python-version: 3.11
 
       - name: Build the Python package
+        env:
+          OCP_TOKEN: ${{ secrets.OCP_TOKEN }}
+          OCP_SERVER: ${{ secrets.OCP_SERVER }}
         run: |
+          kubectl config set-cluster my-cluster --server=$OCP_SERVER
+          kubectl config set-credentials my-user --token=$OCP_TOKEN
+          kubectl config set-context my-context --cluster=my-cluster --user=my-user --namespace=default
+          kubectl config use-context my-context
+
           sed -i "s#__version__ = \"100.0.0\"#__version__ = \"${{ env.VERSION_NOPREREL }}\"#g" ${GITHUB_WORKSPACE}/src/mas/devops/__init__.py
           cat ${GITHUB_WORKSPACE}/src/mas/devops/__init__.py
           python -m pip install --upgrade pip
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,6 +1,12 @@
 Developer Guide
 ===============================================================================
 
+Tests
+-------------------------------------------------------------------------------
+```
+pytest -o log_cli=true --log-cli-level=DEBUG test/src/test_olm.py::test_create_subscription
+```
+
 
 Detect Secrets
 -------------------------------------------------------------------------------
diff --git a/src/mas/devops/ocp.py b/src/mas/devops/ocp.py
@@ -82,6 +82,19 @@ def createNamespace(dynClient: DynamicClient, namespace: str) -> bool:
     return True
 
 
+def deleteNamespace(dynClient: DynamicClient, namespace: str) -> bool:
+    """
+    Delete a namespace if it exists
+    """
+    namespaceAPI = dynClient.resources.get(api_version="v1", kind="Namespace")
+    try:
+        namespaceAPI.delete(name=namespace)
+        logger.debug(f"Namespace {namespace} deleted")
+    except NotFoundError:
+        logger.debug(f"Namespace {namespace} can not be deleted because it does not exist")
+    return True
+
+
 def waitForCRD(dynClient: DynamicClient, crdName: str) -> bool:
     crdAPI = dynClient.resources.get(api_version="apiextensions.k8s.io/v1", kind="CustomResourceDefinition")
     maxRetries = 100
@@ -174,10 +187,9 @@ def crdExists(dynClient: DynamicClient, crdName: str) -> bool:
         logger.debug(f"CRD does not exist: {crdName}")
         return False
 
+
 # Assisted by WCA@IBM
 # Latest GenAI contribution: ibm/granite-8b-code-instruct
-
-
 def execInPod(core_v1_api: client.CoreV1Api, pod_name: str, namespace, command: list, timeout: int = 60) -> str:
     """
     Executes a command in a Kubernetes pod and returns the standard output.
diff --git a/src/mas/devops/olm.py b/src/mas/devops/olm.py
@@ -0,0 +1,171 @@
+# *****************************************************************************
+# Copyright (c) 2024 IBM Corporation and other Contributors.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# *****************************************************************************
+
+import logging
+from time import sleep
+from os import path
+
+from kubernetes.dynamic.exceptions import NotFoundError
+from openshift.dynamic import DynamicClient
+from jinja2 import Environment, FileSystemLoader
+
+import yaml
+
+from .ocp import createNamespace
+
+logger = logging.getLogger(__name__)
+
+
+class OLMException(Exception):
+    pass
+
+
+def getPackageManifest(dynClient: DynamicClient, packageName: str, catalogSourceNamespace: str = "openshift-marketplace"):
+    # Assert that the PackageManifest exists
+    # -----------------------------------------------------------------------------
+    packagemanifestAPI = dynClient.resources.get(api_version="packages.operators.coreos.com/v1", kind="PackageManifest")
+    try:
+        manifestResource = packagemanifestAPI.get(name=packageName, namespace=catalogSourceNamespace)
+        logger.info(f"Package Manifest Details: {catalogSourceNamespace}:{packageName} - Package is available from {manifestResource.status.catalogSource} (default channel is {manifestResource.status.defaultChannel})")
+    except NotFoundError:
+        logger.info(f"Package Manifest Details: {catalogSourceNamespace}:{packageName} - Package is not available")
+        manifestResource = None
+    return manifestResource
+
+
+def ensureOperatorGroupExists(dynClient: DynamicClient, env: Environment, namespace: str):
+    # Create a new OperatorGroup if necessary
+    operatorGroupsAPI = dynClient.resources.get(api_version="operators.coreos.com/v1", kind="OperatorGroup")
+    operatorGroupList = operatorGroupsAPI.get(namespace=namespace)
+    if len(operatorGroupList.items) == 0:
+        logger.debug(f"Creating new OperatorGroup in namespace {namespace}")
+        template = env.get_template("operatorgroup.yml.j2")
+        renderedTemplate = template.render(
+            name="operatorgroup",
+            namespace=namespace
+        )
+        operatorGroup = yaml.safe_load(renderedTemplate)
+        operatorGroupsAPI.apply(body=operatorGroup, namespace=namespace)
+    else:
+        logger.debug(f"An OperatorGroup already exists in namespace {namespace}")
+
+
+def applySubscription(dynClient: DynamicClient, namespace: str, packageName: str, packageChannel: str = None, catalogSource: str = None, catalogSourceNamespace: str = "openshift-marketplace", config: dict = None):
+    """
+    Usage:
+      createSubscription(dynClient, "testns1", "sub1", "ibm-sls")  # use default channel, & auto-detect CatalogSource
+    """
+    labelSelector = f"operators.coreos.com/{packageName}.{namespace}"
+    templateDir = path.join(path.abspath(path.dirname(__file__)), "templates")
+    env = Environment(
+        loader=FileSystemLoader(searchpath=templateDir)
+    )
+
+    if packageChannel is None or catalogSource is None:
+        logger.debug("Getting PackageManifest to determine defaults")
+        manifestResource = getPackageManifest(dynClient, packageName, catalogSourceNamespace)
+        if manifestResource is None:
+            raise OLMException(f"Package {packageName} is not available from any catalog in {catalogSourceNamespace}")
+
+        # Set defaults for optional parameters
+        if packageChannel is None:
+            logger.debug(f"Setting subscription channel based on PackageManifest: {manifestResource.status.defaultChannel}")
+            packageChannel = manifestResource.status.defaultChannel
+        if catalogSource is None:
+            logger.debug(f"Setting subscription catalogSource based on PackageManifest: {manifestResource.status.catalogSource}")
+            catalogSource = manifestResource.status.catalogSource
+
+    # Create the Namespace & OperatorGroup if necessary
+    logger.debug(f"Setting up OperatorGroup in {namespace}")
+    createNamespace(dynClient, namespace)
+    ensureOperatorGroupExists(dynClient, env, namespace)
+
+    # Create (or update) the subscription
+    subscriptionsAPI = dynClient.resources.get(api_version="operators.coreos.com/v1alpha1", kind="Subscription")
+
+    resources = subscriptionsAPI.get(label_selector=labelSelector, namespace=namespace)
+    if len(resources.items) == 0:
+        name = packageName
+        logger.info(f"Creating new subscription {name} in {namespace}")
+    elif len(resources.items) == 1:
+        name = resources.items[0].metadata.name
+        logger.info(f"Updating existing subscription {name} in {namespace}")
+    else:
+        raise OLMException(f"More than one subscription found in {namespace} for {packageName} ({len(resources.items)} subscriptions found)")
+
+    template = env.get_template("subscription.yml.j2")
+    renderedTemplate = template.render(
+        subscription_name=name,
+        subscription_namespace=namespace,
+        subscription_config=config,
+        package_name=packageName,
+        package_channel=packageChannel,
+        catalog_name=catalogSource,
+        catalog_namespace=catalogSourceNamespace
+    )
+    subscription = yaml.safe_load(renderedTemplate)
+    subscriptionsAPI.apply(body=subscription, namespace=namespace)
+
+    # Wait for InstallPlan to be created
+    logger.debug(f"Waiting for {packageName}.{namespace} InstallPlans")
+    installPlanAPI = dynClient.resources.get(api_version="operators.coreos.com/v1alpha1", kind="InstallPlan")
+
+    installPlanResources = installPlanAPI.get(label_selector=labelSelector, namespace=namespace)
+    while len(installPlanResources.items) == 0:
+        installPlanResources = installPlanAPI.get(label_selector=labelSelector, namespace=namespace)
+        sleep(30)
+
+    if len(installPlanResources.items) == 0:
+        raise OLMException(f"Found 0 InstallPlans for {packageName}")
+    elif len(installPlanResources.items) > 1:
+        logger.warning(f"More than 1 InstallPlan found for {packageName}")
+    else:
+        installPlanName = installPlanResources.items[0].metadata.name
+
+    # Wait for InstallPlan to complete
+    logger.debug(f"Waiting for InstallPlan {installPlanName}")
+    installPlanPhase = installPlanResources.items[0].status.phase
+    while installPlanPhase != "Complete":
+        installPlanResource = installPlanAPI.get(name=installPlanName, namespace=namespace)
+        installPlanPhase = installPlanResource.status.phase
+        sleep(30)
+
+    # Wait for Subscription to complete
+    logger.debug(f"Waiting for Subscription {name} in {namespace}")
+    subscriptionResource = subscriptionsAPI.get(name=name, namespace=namespace)
+    while subscriptionResource.status.state != "AtLatestKnown":
+        subscriptionResource = subscriptionsAPI.get(name=name, namespace=namespace)
+        sleep(30)
+
+    return subscriptionResource
+
+
+def deleteSubscription(dynClient: DynamicClient, namespace: str, packageName: str) -> None:
+    labelSelector = f"operators.coreos.com/{packageName}.{namespace}"
+
+    # Find and delete the Subscription
+    logger.debug(f"Deleting Subscription for {packageName} in {namespace}")
+    subscriptionsAPI = dynClient.resources.get(api_version="operators.coreos.com/v1alpha1", kind="Subscription")
+    _findAndDeleteResources(subscriptionsAPI, "Subscription", labelSelector, namespace)
+
+    # Find and delete the CSV
+    logger.debug(f"Deleting CSV for {packageName}")
+    csvAPI = dynClient.resources.get(api_version="operators.coreos.com/v1alpha1", kind="ClusterServiceVersion")
+    _findAndDeleteResources(csvAPI, "CSV", labelSelector, namespace)
+
+
+def _findAndDeleteResources(api, resourceType: str, labelSelector: str, namespace: str):
+    resources = api.get(label_selector=labelSelector, namespace=namespace)
+    if resources.items == 0:
+        logger.info(f"No matching {resourceType}s to delete")
+    else:
+        for item in resources.items:
+            logger.info(f"Deleting {resourceType} {item.metadata.name}")
+            api.delete(name=item.metadata.name, namespace=namespace)
diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py
@@ -50,9 +50,12 @@ def installOpenShiftPipelines(dynClient: DynamicClient) -> bool:
             )
             template = env.get_template("subscription.yml.j2")
             renderedTemplate = template.render(
-                pipelines_channel=defaultChannel,
-                pipelines_source=catalogSource,
-                pipelines_source_namespace=catalogSourceNamespace
+                subscription_name="openshift-pipelines-operator",
+                subscription_namespace="openshift-operators",
+                package_name="openshift-pipelines-operator-rh",
+                package_channel=defaultChannel,
+                catalog_name=catalogSource,
+                catalog_namespace=catalogSourceNamespace
             )
             subscription = yaml.safe_load(renderedTemplate)
             subscriptionsAPI.apply(body=subscription, namespace="openshift-operators")
diff --git a/src/mas/devops/templates/operatorgroup.yml.j2 b/src/mas/devops/templates/operatorgroup.yml.j2
@@ -0,0 +1,10 @@
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: {{ name }}
+  namespace: {{ namespace }}
+spec:
+  targetNamespaces:
+    - {{ namespace }}
+  upgradeStrategy: Default
diff --git a/src/mas/devops/templates/subscription.yml.j2 b/src/mas/devops/templates/subscription.yml.j2
@@ -2,10 +2,13 @@
 apiVersion: operators.coreos.com/v1alpha1
 kind: Subscription
 metadata:
-    name: openshift-pipelines-operator
-    namespace: openshift-operators
+    name: {{ subscription_name }}
+    namespace: {{ subscription_namespace }}
 spec:
-    channel: {{pipelines_channel}}
-    name: openshift-pipelines-operator-rh
-    source: {{pipelines_source}}
-    sourceNamespace: {{pipelines_source_namespace}}
+    name: {{ package_name }}
+    channel: {{ package_channel }}
+    source: {{ catalog_name }}
+    sourceNamespace: {{ catalog_namespace }}
+    {%- if subscription_config is not none %}
+    config: {{ subscription_config }}
+    {%- endif %}
diff --git a/test/src/test_olm.py b/test/src/test_olm.py
@@ -0,0 +1,67 @@
+# *****************************************************************************
+# Copyright (c) 2024 IBM Corporation and other Contributors.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+# *****************************************************************************
+
+from openshift import dynamic
+from kubernetes import config
+from kubernetes.client import api_client
+
+from mas.devops import olm, ocp
+
+dynClient = dynamic.DynamicClient(
+    api_client.ApiClient(configuration=config.load_kube_config())
+)
+
+
+def test_get_manifest():
+    manifest = olm.getPackageManifest(dynClient, "ibm-sls")
+    assert manifest is not None
+    assert manifest.metadata.name == "ibm-sls"
+    assert manifest.status.catalogSource == "ibm-operator-catalog"
+    assert manifest.status.catalogSourceNamespace == "openshift-marketplace"
+    assert manifest.status.catalogSourcePublisher == "IBM"
+    assert manifest.status.defaultChannel == "3.x-stable"
+    assert manifest.status.packageName == "ibm-sls"
+
+
+def test_get_manifest_none():
+    manifest = olm.getPackageManifest(dynClient, "ibm-sls2")
+    assert manifest is None
+
+
+def test_crud():
+    namespace = "cli-fvt-1"
+    subscription = olm.applySubscription(dynClient, namespace, "ibm-sls", packageChannel="3.x")
+    assert subscription.metadata.name == "ibm-sls"
+    assert subscription.metadata.namespace == namespace
+
+    # When we install the ibm-sls subscription OLM will automatically create the ibm-truststore-mgr
+    # subscription, but when we delete the subscription, OLM will not automatically remove the latter
+    olm.deleteSubscription(dynClient, namespace, "ibm-sls")
+    olm.deleteSubscription(dynClient, namespace, "ibm-truststore-mgr")
+    ocp.deleteNamespace(dynClient, namespace)
+
+
+def test_crud_with_config():
+    namespace = "cli-fvt-2"
+    # We don't need this, just want to test that it works
+    testConfig = {
+        "env": [
+            {"name": "DUMMY_ENV_VAR", "value": "testing"}
+        ]
+    }
+    subscription = olm.applySubscription(dynClient, namespace, "ibm-sls", packageChannel="3.x", config=testConfig)
+    assert subscription.metadata.name == "ibm-sls"
+    assert subscription.metadata.namespace == namespace
+
+    # When we install the ibm-sls subscription OLM will automatically create the ibm-truststore-mgr
+    # subscription, but when we delete the subscription, OLM will not automatically remove the latter
+    olm.deleteSubscription(dynClient, namespace, "ibm-sls")
+    olm.deleteSubscription(dynClient, namespace, "ibm-truststore-mgr")
+    ocp.deleteNamespace(dynClient, namespace)
