Merge pull request redhat-appstudio#230 from stuartwdouglas/in-repo-registry-based-tests

Move in-repo tests to use container image based storage

Author: stuartwdouglas

deploy/overlays/dev-template/config.yaml

@@ -6,4 +6,4 @@ metadata:
   namespace: test-jvm-namespace
 data:
   registry.owner: QUAY_USERNAME
-  deployer: ContainerRegistryDeployer
+  enable-localstack: false

java-components/sidecar/pom.xml

@@ -41,6 +41,10 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-arc</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-jaxb</artifactId>
+        </dependency>
         <dependency>
             <groupId>io.quarkiverse.amazonservices</groupId>
             <artifactId>quarkus-amazon-s3</artifactId>

java-components/sidecar/src/main/java/com/redhat/hacbs/sidecar/resources/DeployResource.java

@@ -56,11 +56,12 @@ public class DeployResource {
     Set<String> allowedSources;
 
     public DeployResource(BeanManager beanManager,
-            @ConfigProperty(name = "deployer", defaultValue = "S3Deployer") String deployer,
+            @ConfigProperty(name = "deployer") Optional<String> deployer,
+            @ConfigProperty(name = "registry.token") Optional<String> token,
             @ConfigProperty(name = "ignored-artifacts", defaultValue = "") Optional<Set<String>> doNotDeploy,
             @ConfigProperty(name = "allowed-sources", defaultValue = "") Optional<Set<String>> allowedSources) {
         this.beanManager = beanManager;
-        this.deployer = getDeployer(deployer);
+        this.deployer = getDeployer(deployer, token);
         this.doNotDeploy = doNotDeploy.orElse(Set.of());
         this.allowedSources = allowedSources.orElse(Set.of());
         Log.debugf("Using %s deployer", deployer);
@@ -159,10 +160,14 @@ public void deployArchive(InputStream data) throws Exception {
         }
     }
 
-    private Deployer getDeployer(String name) {
-        Bean<Deployer> bean = (Bean<Deployer>) beanManager.getBeans(name).iterator().next();
+    private Deployer getDeployer(Optional<String> name, Optional<String> registryToken) {
+        //if the registry token is defined and not the deployer we default to the container
+        //registry deployer
+        String actualName = name.orElse(registryToken.isPresent() ? "ContainerRegistryDeployer" : "S3Deployer");
+        Bean<Deployer> bean = (Bean<Deployer>) beanManager.getBeans(actualName).iterator().next();
         CreationalContext<Deployer> ctx = beanManager.createCreationalContext(bean);
         return (Deployer) beanManager.getReference(bean, Deployer.class, ctx);
+
     }
 
     private void flushLogs() {

java-components/sidecar/src/main/java/com/redhat/hacbs/sidecar/resources/deploy/containerregistry/ContainerRegistryDeployer.java

@@ -26,6 +26,7 @@
 import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.cloud.tools.jib.api.CacheDirectoryCreationException;
 import com.google.cloud.tools.jib.api.Containerizer;
 import com.google.cloud.tools.jib.api.InvalidImageReferenceException;
@@ -55,6 +56,8 @@ public class ContainerRegistryDeployer implements Deployer {
     private final String username;
     private final String password;
 
+    static final ObjectMapper MAPPER = new ObjectMapper();
+
     public ContainerRegistryDeployer(
             @ConfigProperty(name = "registry.host", defaultValue = "quay.io") String host,
             @ConfigProperty(name = "registry.port", defaultValue = "443") int port,
@@ -74,13 +77,44 @@ public ContainerRegistryDeployer(
         this.doNotDeploy = doNotDeploy.orElse(Set.of());
         if (token.isPresent()) {
             var decoded = new String(Base64.getDecoder().decode(token.get()), StandardCharsets.UTF_8);
-            int pos = decoded.indexOf(":");
-            username = decoded.substring(0, pos);
-            password = decoded.substring(pos + 1);
+            if (decoded.startsWith("{")) {
+                //we assume this is a .dockerconfig file
+                try (var parser = MAPPER.createParser(decoded)) {
+                    DockerConfig config = parser.readValueAs(DockerConfig.class);
+                    boolean found = false;
+                    String tmpUser = null;
+                    String tmpPw = null;
+                    for (var i : config.getAuths().entrySet()) {
+                        if (host.contains(i.getKey())) { //TODO: is contains enough?
+                            found = true;
+                            var decodedAuth = new String(Base64.getDecoder().decode(i.getValue().getAuth()),
+                                    StandardCharsets.UTF_8);
+                            int pos = decodedAuth.indexOf(":");
+                            tmpUser = decodedAuth.substring(0, pos);
+                            tmpPw = decodedAuth.substring(pos + 1);
+                            break;
+                        }
+                    }
+                    if (!found) {
+                        throw new RuntimeException("Unable to find a host matching " + host
+                                + " in provided dockerconfig, hosts provided: " + config.getAuths().keySet());
+                    }
+                    username = tmpUser;
+                    password = tmpPw;
+                } catch (IOException e) {
+                    throw new RuntimeException(e);
+                }
+            } else {
+                int pos = decoded.indexOf(":");
+                username = decoded.substring(0, pos);
+                password = decoded.substring(pos + 1);
+            }
         } else {
+            Log.errorf("No token configured");
             username = null;
             password = null;
         }
+        Log.infof("Using username %s to publish to %s/%s/%s", username, host, owner, repository);
 
     }
 

java-components/sidecar/src/main/java/com/redhat/hacbs/sidecar/resources/deploy/containerregistry/DockerAuthEntry.java

@@ -0,0 +1,18 @@
+package com.redhat.hacbs.sidecar.resources.deploy.containerregistry;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class DockerAuthEntry {
+
+    private String auth;
+
+    public String getAuth() {
+        return auth;
+    }
+
+    public DockerAuthEntry setAuth(String auth) {
+        this.auth = auth;
+        return this;
+    }
+}

java-components/sidecar/src/main/java/com/redhat/hacbs/sidecar/resources/deploy/containerregistry/DockerConfig.java

@@ -0,0 +1,20 @@
+package com.redhat.hacbs.sidecar.resources.deploy.containerregistry;
+
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class DockerConfig {
+
+    private Map<String, DockerAuthEntry> auths;
+
+    public Map<String, DockerAuthEntry> getAuths() {
+        return auths;
+    }
+
+    public DockerConfig setAuths(Map<String, DockerAuthEntry> auths) {
+        this.auths = auths;
+        return this;
+    }
+}

java-components/sidecar/src/main/java/com/redhat/hacbs/sidecar/resources/deploy/s3/S3Deployer.java

@@ -77,4 +77,4 @@ public void deployArchive(Path tarGzFile) throws Exception {
             }
         }
     }
-}
+}

openshift-with-appstudio-test/e2e/util.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -188,32 +189,42 @@ func setup(t *testing.T, ta *testArgs) *testArgs {
 	if err != nil {
 		debugAndFailTest(ta, err.Error())
 	}
+	owner := os.Getenv("QUAY_E2E_ORGANIZATION")
+	if owner == "" {
+		owner = "redhat-appstudio-qe"
+	}
 	cm := corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "jvm-build-config", Namespace: ta.ns},
 		Data: map[string]string{
 			"enable-rebuilds":                    "true",
+			"enable-localstack":                  "false",
 			"maven-repository-300-jboss":         "https://repository.jboss.org/nexus/content/groups/public/",
 			"maven-repository-301-gradleplugins": "https://plugins.gradle.org/m2",
 			"maven-repository-302-confluent":     "https://packages.confluent.io/maven",
 			"maven-repository-303-gradle":        "https://repo.gradle.org/artifactory/libs-releases",
 			"maven-repository-304-eclipselink":   "https://download.eclipse.org/rt/eclipselink/maven.repo",
 			"maven-repository-305-redhat":        "https://maven.repository.redhat.com/ga",
 			"maven-repository-306-jitpack":       "https://jitpack.io",
-			"maven-repository-307-jsweet":        "https://repository.jsweet.org/artifactory/libs-release-local"}}
+			"maven-repository-307-jsweet":        "https://repository.jsweet.org/artifactory/libs-release-local",
+			"registry.host":                      "quay.io",
+			"registry.prepend-tag":               strconv.FormatInt(time.Now().UnixMilli(), 10),
+			"registry.owner":                     owner,
+			"registry.repository":                "test-images"}}
 	_, err = kubeClient.CoreV1().ConfigMaps(ta.ns).Create(context.TODO(), &cm, metav1.CreateOptions{})
 	if err != nil {
 		debugAndFailTest(ta, err.Error())
 	}
+	secret := corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "jvm-build-secrets", Namespace: ta.ns},
+		StringData: map[string]string{"registry.token": os.Getenv("QUAY_TOKEN")}}
+	_, err = kubeClient.CoreV1().Secrets(ta.ns).Create(context.TODO(), &secret, metav1.CreateOptions{})
+	if err != nil {
+		debugAndFailTest(ta, err.Error())
+	}
 	err = wait.PollImmediate(1*time.Second, 1*time.Minute, func() (done bool, err error) {
 		_, err = kubeClient.AppsV1().Deployments(ta.ns).Get(context.TODO(), configmap.CacheDeploymentName, metav1.GetOptions{})
 		if err != nil {
 			ta.Logf(fmt.Sprintf("get of cache: %s", err.Error()))
 			return false, nil
 		}
-		_, err = kubeClient.AppsV1().Deployments(ta.ns).Get(context.TODO(), configmap.LocalstackDeploymentName, metav1.GetOptions{})
-		if err != nil {
-			ta.Logf(fmt.Sprintf("get of localstack: %s", err.Error()))
-			return false, nil
-		}
 		return true, nil
 	})
 	if err != nil {
@@ -268,7 +279,9 @@ func streamRemoteYamlToTektonObj(url string, obj runtime.Object, ta *testArgs) r
 	if err != nil {
 		debugAndFailTest(ta, err.Error())
 	}
-	defer resp.Body.Close()
+	defer func(Body io.ReadCloser) {
+		_ = Body.Close()
+	}(resp.Body)
 	bytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		debugAndFailTest(ta, err.Error())

pkg/reconciler/configmap/configmap.go

@@ -40,6 +40,7 @@ const (
 	CacheDeploymentName         = "jvm-build-workspace-artifact-cache"
 	LocalstackDeploymentName    = "jvm-build-workspace-localstack"
 	EnableRebuilds              = "enable-rebuilds"
+	EnableLocalstack            = "enable-localstack"
 	SystemConfigMapName         = "jvm-build-system-config"
 	SystemConfigMapNamespace    = "jvm-build-service"
 	SystemCacheImage            = "image.cache"
@@ -117,19 +118,23 @@ func (r *ReconcileConfigMap) Reconcile(ctx context.Context, request reconcile.Re
 		return reconcile.Result{}, nil
 	}
 	enabled := configMap.Data[EnableRebuilds] == "true"
+	//for now we default it to always be created
+	//but allow it to be disabled
+	//our in repo tests don't need it anymore
+	localstack := configMap.Data[EnableLocalstack] != "false"
 
 	systemConfigMap := corev1.ConfigMap{}
 	err = r.client.Get(ctx, types.NamespacedName{Name: SystemConfigMapName, Namespace: SystemConfigMapNamespace}, &systemConfigMap)
 	if err != nil {
 		return reconcile.Result{}, nil
 	}
 	log.Info("Setup Cache %s", "name", request.Name)
-	if err = r.setupCache(ctx, request, enabled, configMap, systemConfigMap); err != nil {
+	if err = r.setupCache(ctx, request, enabled, configMap, systemConfigMap, localstack); err != nil {
 		return reconcile.Result{}, err
 	}
-	if enabled {
+	if enabled && localstack {
 		log.Info("Setup Rebuilds %s", "name", request.Name)
-		err := r.setupRebuilds(ctx, log, request)
+		err := r.setupLocalstack(ctx, log, request)
 		if err != nil {
 			return reconcile.Result{}, err
 		}
@@ -138,7 +143,7 @@ func (r *ReconcileConfigMap) Reconcile(ctx context.Context, request reconcile.Re
 	return reconcile.Result{}, nil
 }
 
-func (r *ReconcileConfigMap) setupCache(ctx context.Context, request reconcile.Request, rebuildsEnabled bool, configMap corev1.ConfigMap, systemConfigMap corev1.ConfigMap) error {
+func (r *ReconcileConfigMap) setupCache(ctx context.Context, request reconcile.Request, rebuildsEnabled bool, configMap corev1.ConfigMap, systemConfigMap corev1.ConfigMap, localstack bool) error {
 	//first setup the storage
 	deploymentName := types.NamespacedName{Namespace: request.Namespace, Name: CacheDeploymentName}
 
@@ -277,26 +282,30 @@ func (r *ReconcileConfigMap) setupCache(ctx context.Context, request reconcile.R
 	if rebuildsEnabled {
 		repos = append(repos, Repo{name: "rebuilt", position: 100})
 
-		cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
-			Name:  "QUARKUS_S3_ENDPOINT_OVERRIDE",
-			Value: "http://" + LocalstackDeploymentName + "." + request.Namespace + ".svc.cluster.local:4572",
-		})
-		cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
-			Name:  "QUARKUS_S3_AWS_REGION",
-			Value: "us-east-1",
-		})
-		cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
-			Name:  "QUARKUS_S3_AWS_CREDENTIALS_TYPE",
-			Value: "static",
-		})
-		cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
-			Name:  "QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_ACCESS_KEY_ID",
-			Value: "accesskey",
-		})
-		cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
-			Name:  "QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY",
-			Value: "secretkey",
-		})
+		if localstack {
+			//TODO: localstack should eventually go away altogether
+			//for now it is convenient for testing
+			cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:  "QUARKUS_S3_ENDPOINT_OVERRIDE",
+				Value: "http://" + LocalstackDeploymentName + "." + request.Namespace + ".svc.cluster.local:4572",
+			})
+			cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:  "QUARKUS_S3_AWS_REGION",
+				Value: "us-east-1",
+			})
+			cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:  "QUARKUS_S3_AWS_CREDENTIALS_TYPE",
+				Value: "static",
+			})
+			cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:  "QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_ACCESS_KEY_ID",
+				Value: "accesskey",
+			})
+			cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:  "QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY",
+				Value: "secretkey",
+			})
+		}
 		if configMap.Data["registry.owner"] != "" {
 			cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
 				Name:      "REGISTRY_OWNER",
@@ -327,6 +336,12 @@ func (r *ReconcileConfigMap) setupCache(ctx context.Context, request reconcile.R
 				ValueFrom: &corev1.EnvVarSource{ConfigMapKeyRef: &corev1.ConfigMapKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: UserConfigMapName}, Key: "registry.insecure"}},
 			})
 		}
+		if configMap.Data["registry.prepend-tag"] != "" {
+			cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:      "REGISTRY_PREPEND_TAG",
+				ValueFrom: &corev1.EnvVarSource{ConfigMapKeyRef: &corev1.ConfigMapKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: UserConfigMapName}, Key: "registry.prepend-tag"}},
+			})
+		}
 		//TODO: ensure this exists
 		cache.Spec.Template.Spec.Containers[0].Env = append(cache.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
 			Name:      "REGISTRY_TOKEN",
@@ -384,7 +399,7 @@ func (r *ReconcileConfigMap) setupCache(ctx context.Context, request reconcile.R
 
 }
 
-func (r *ReconcileConfigMap) setupRebuilds(ctx context.Context, log logr.Logger, request reconcile.Request) error {
+func (r *ReconcileConfigMap) setupLocalstack(ctx context.Context, log logr.Logger, request reconcile.Request) error {
 	//setup localstack
 	//this is 100% temporary and needs to go away ASAP
 	localstack := v1.Deployment{}