Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- /lgtm
- task-new-feature

Story Points:
0
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
MGDAPI-1379
Discussed with Team:
Yes
Git Pull Request:
https://github.com/integr8ly/delorean/pull/261, https://github.com/integr8ly/integreatly-operator/pull/2595

Sprint:
Sprint 23, MGDAPI - Sprint 24

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

WHAT
Changes to E2E aws functional test was made to use STS authentication and RHOAM role for permissions (MGDAPI-2656).

However it was noticed that F04 is failing using the RHOAM role:

    F04 - Verify AWS s3 blob storage resources exist [It]
    /home/kevinfan/go/src/github.com/integr8ly/integreatly-operator/test/functional/integreatly_test.go:107

    test s3 blob storage failed with the following errors : [Error getting bucket encryption, bucket :kfccssts2m5p82redhatrhoamoperatorth-j7gz, AccessDenied: Access Denied
        status code: 403, request id: 4QHNZGAP0BXDE58B, host id: 9pzIHYtM6/G3OP7j189w7i7pApcu5ffKK4Y6zwAAZRfSWJU0RqDwBNg6Zz7NtTB7N9vFOm1g80c= Error getting bucket public access block, bucket :kfccssts2m5p82redhatrhoamoperatorth-j7gz, AccessDenied: Access Denied
        status code: 403, request id: 4QHHASA4SHY7WZ94, host id: U+eHGaogaX0kOcnzdTXDY1nfjnbcNn0PTBojw8KD4ek1HPDh40lM1nC3QN29cl880htBRZEgsiU= Error getting bucket tags, bucket :kfccssts2m5p82redhatrhoamoperatorth-j7gz, AccessDenied: Access Denied
        status code: 403, request id: 4QHN7YZV43SQYD0Y, host id: +cy/yWwdxelKKj7TTGFouwEGYP4ofQ0iPwn2CVR4Sz/dcYkvWjnC54Ao2ohCAO81GSNUXxFfa7o= Failed to find appropriate resource names for buckets for managed api install]

This looks to be due to the functional test is using permissions that is not provided by the RHOAM role.

So instead of using the RHOAM role is the functional test, it would be better for the functional test to use it's own role with read only permissions to certain aws resources.

HOW

Update delorean prerequisite script to create a role for use by the test container with read only permissions to certain aws resources
This Role ARN should be passed to the functional test via environment variable
- When creating the pipeline, these environment variables should be set for the test container image
Update functional test get ROLE ARN from environmentn variables instead of using RHOAM role

TESTS
<List of related tests>

DONE

Delorean prerequiste updated to create role for test container use
Functional test updated to get ROLE arn from environment variable for STS clusters
Functional tests passing using the test role

mentioned on

Merge request - Updated US source to: 6c41d2b Merge pull request #2927 from cecobask/mgdapi-3785-sts-images

Assignee:: Kevin Chi Keen Fan (Inactive)

Reporter:: Kevin Chi Keen Fan (Inactive)

Reviewer:: Tsvetoslav Dimov (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/04/07 11:01 AM

Updated:: 2022/09/28 10:23 AM

Resolved:: 2022/04/25 2:45 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates