Update tests after common rebase

Author: mbaldessari

tests/common-acm-industrial-edge-factory.expected.yaml

@@ -5,6 +5,15 @@
 # Source: acm/templates/policies/application-policies.yaml
 # TODO: Also create a GitOpsCluster.apps.open-cluster-management.io
 ---
+# Source: acm/templates/policies/private-repo-policies.yaml
+# We copy the vp-private-repo-credentials from the "openshift-gitops" namespace
+# to the "open-cluster-management" via the "private-hub-policy"
+#
+# Then we copy the secret from the "open-cluster-management" namespace to the
+# managed clusters "openshift-gitops" instance
+#
+# And we also copy the same secret to the namespaced argo's namespace
+---
 # Source: acm/templates/multiclusterhub.yaml
 apiVersion: operator.open-cluster-management.io/v1
 kind: MultiClusterHub

tests/common-acm-industrial-edge-hub.expected.yaml

@@ -2,6 +2,15 @@
 # Source: acm/templates/policies/acm-hub-ca-policy.yaml
 # This pushes out the HUB's Certificate Authorities on to the imported clusters
 ---
+# Source: acm/templates/policies/private-repo-policies.yaml
+# We copy the vp-private-repo-credentials from the "openshift-gitops" namespace
+# to the "open-cluster-management" via the "private-hub-policy"
+#
+# Then we copy the secret from the "open-cluster-management" namespace to the
+# managed clusters "openshift-gitops" instance
+#
+# And we also copy the same secret to the namespaced argo's namespace
+---
 # Source: acm/templates/multiclusterhub.yaml
 apiVersion: operator.open-cluster-management.io/v1
 kind: MultiClusterHub

tests/common-acm-medical-diagnosis-hub.expected.yaml

@@ -2,6 +2,15 @@
 # Source: acm/templates/policies/acm-hub-ca-policy.yaml
 # This pushes out the HUB's Certificate Authorities on to the imported clusters
 ---
+# Source: acm/templates/policies/private-repo-policies.yaml
+# We copy the vp-private-repo-credentials from the "openshift-gitops" namespace
+# to the "open-cluster-management" via the "private-hub-policy"
+#
+# Then we copy the secret from the "open-cluster-management" namespace to the
+# managed clusters "openshift-gitops" instance
+#
+# And we also copy the same secret to the namespaced argo's namespace
+---
 # Source: acm/templates/multiclusterhub.yaml
 apiVersion: operator.open-cluster-management.io/v1
 kind: MultiClusterHub

tests/common-acm-naked.expected.yaml

@@ -5,6 +5,15 @@
 # Source: acm/templates/policies/application-policies.yaml
 # TODO: Also create a GitOpsCluster.apps.open-cluster-management.io
 ---
+# Source: acm/templates/policies/private-repo-policies.yaml
+# We copy the vp-private-repo-credentials from the "openshift-gitops" namespace
+# to the "open-cluster-management" via the "private-hub-policy"
+#
+# Then we copy the secret from the "open-cluster-management" namespace to the
+# managed clusters "openshift-gitops" instance
+#
+# And we also copy the same secret to the namespaced argo's namespace
+---
 # Source: acm/templates/multiclusterhub.yaml
 apiVersion: operator.open-cluster-management.io/v1
 kind: MultiClusterHub

tests/common-acm-normal.expected.yaml

@@ -22,6 +22,15 @@ type: Opaque
 # Source: acm/templates/policies/acm-hub-ca-policy.yaml
 # This pushes out the HUB's Certificate Authorities on to the imported clusters
 ---
+# Source: acm/templates/policies/private-repo-policies.yaml
+# We copy the vp-private-repo-credentials from the "openshift-gitops" namespace
+# to the "open-cluster-management" via the "private-hub-policy"
+#
+# Then we copy the secret from the "open-cluster-management" namespace to the
+# managed clusters "openshift-gitops" instance
+#
+# And we also copy the same secret to the namespaced argo's namespace
+---
 # Source: acm/templates/provision/clusterpool.yaml
 apiVersion: hive.openshift.io/v1
 kind: ClusterClaim

tests/common-clustergroup-industrial-edge-factory.expected.yaml

@@ -83,12 +83,43 @@ data:
         namespace: manuela-factory-ml-workspace
         path: charts/datacenter/opendatahub
         project: factory
+      argoCD:
+        configManagementPlugins:
+        - image: quay.io/hybridcloudpatterns/utility-container:latest
+          name: helm-with-kustomize
+          pluginArgs:
+          - --loglevel=debug
+          pluginConfig: |
+            apiVersion: argoproj.io/v1alpha1
+            kind: ConfigManagementPlugin
+            metadata:
+              name: helm-with-kustomize
+            spec:
+              preserveFileMode: true
+              init:
+                command: ["/bin/sh", "-c"]
+                args: ["helm dependency build"]
+              generate:
+                command: ["/bin/bash", "-c"]
+                args: ["helm template . --name-template ${ARGOCD_APP_NAME:0:52}
+                  -f $(git rev-parse --show-toplevel)/values-global.yaml
+                  -f $(git rev-parse --show-toplevel)/values-factory.yaml
+                  --set global.repoURL=$ARGOCD_APP_SOURCE_REPO_URL
+                  --set global.targetRevision=$ARGOCD_APP_SOURCE_TARGET_REVISION
+                  --set global.namespace=$ARGOCD_APP_NAMESPACE
+                  --set global.pattern=mypattern
+                  --set global.clusterDomain=region.example.com
+                  --set global.hubClusterDomain=apps.hub.example.com
+                  --set global.localClusterDomain=apps.region.example.com
+                  --set clusterGroup.name=factory
+                  --post-renderer ./kustomize"]
+        initContainers: []
       imperative:
         activeDeadlineSeconds: 3600
         clusterRoleName: imperative-cluster-role
         clusterRoleYaml: ""
         cronJobName: imperative-cronjob
-        image: registry.redhat.io/ansible-automation-platform-23/ee-supported-rhel8:latest
+        image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest
         imagePullPolicy: Always
         insecureUnsealVaultInsideClusterSchedule: '*/5 * * * *'
         jobName: imperative-job
@@ -180,6 +211,38 @@ data:
       kind: ClusterSecretStore
       name: vault-backend
 ---
+# Source: clustergroup/templates/plumbing/argocd-cmp-plugin-cms.yaml
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: "argocd-cmp-helm-with-kustomize"
+  namespace: mypattern-factory
+data:
+  "plugin.yaml": | 
+    apiVersion: argoproj.io/v1alpha1
+    kind: ConfigManagementPlugin
+    metadata:
+      name: helm-with-kustomize
+    spec:
+      preserveFileMode: true
+      init:
+        command: ["/bin/sh", "-c"]
+        args: ["helm dependency build"]
+      generate:
+        command: ["/bin/bash", "-c"]
+        args: ["helm template . --name-template ${ARGOCD_APP_NAME:0:52}
+          -f $(git rev-parse --show-toplevel)/values-global.yaml
+          -f $(git rev-parse --show-toplevel)/values-factory.yaml
+          --set global.repoURL=$ARGOCD_APP_SOURCE_REPO_URL
+          --set global.targetRevision=$ARGOCD_APP_SOURCE_TARGET_REVISION
+          --set global.namespace=$ARGOCD_APP_NAMESPACE
+          --set global.pattern=mypattern
+          --set global.clusterDomain=region.example.com
+          --set global.hubClusterDomain=apps.hub.example.com
+          --set global.localClusterDomain=apps.region.example.com
+          --set clusterGroup.name=factory
+          --post-renderer ./kustomize"]
+---
 # Source: clustergroup/templates/imperative/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -304,20 +367,41 @@ spec:
             # git init happens in /git/repo so that we can set the folder to 0770 permissions
             # reason for that is ansible refuses to create temporary folders in there            
             - name: git-init
-              image: registry.redhat.io/ansible-automation-platform-23/ee-supported-rhel8:latest
+              image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest
               imagePullPolicy: Always
               env:
                 - name: HOME
                   value: /git/home
               command:
               - 'sh'
               - '-c'
-              - "mkdir /git/{repo,home};git clone --single-branch --branch main --depth 1 -- https://github.com/pattern-clone/mypattern /git/repo;chmod 0770 /git/{repo,home}"
+              - >-
+                if ! oc get secrets -n openshift-gitops vp-private-repo-credentials &> /dev/null; then
+                  URL="https://github.com/pattern-clone/mypattern";
+                else
+                  if ! oc get secrets -n openshift-gitops vp-private-repo-credentials -o go-template='{{index .data.sshPrivateKey | base64decode}}' &>/dev/null; then
+                    U="$(oc get secret -n openshift-gitops vp-private-repo-credentials -o go-template='{{index .data.username | base64decode }}')";
+                    P="$(oc get secret -n openshift-gitops vp-private-repo-credentials -o go-template='{{index .data.password | base64decode }}')";
+                    URL=$(echo https://github.com/pattern-clone/mypattern | sed -E "s/(https?:\/\/)/\1${U}:${P}@/");
+                    echo "USER/PASS: ${URL}";
+                  else
+                    S="$(oc get secret -n openshift-gitops vp-private-repo-credentials -o go-template='{{index .data.sshPrivateKey | base64decode }}')";
+                    mkdir -p --mode 0700 "${HOME}/.ssh";
+                    echo "${S}" > "${HOME}/.ssh/id_rsa";
+                    chmod 0600 "${HOME}/.ssh/id_rsa";
+                    URL=$(echo https://github.com/pattern-clone/mypattern | sed -E "s/(https?:\/\/)/\1git@/");
+                    git config --global core.sshCommand "ssh -i "${HOME}/.ssh/id_rsa" -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no";
+                    echo "SSH: ${URL}";
+                  fi;
+                fi;
+                mkdir /git/{repo,home};
+                git clone --single-branch --branch main --depth 1 -- "${URL}" /git/repo;
+                chmod 0770 /git/{repo,home};
               volumeMounts:
               - name: git
                 mountPath: "/git"
             - name: test
-              image: registry.redhat.io/ansible-automation-platform-23/ee-supported-rhel8:latest
+              image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest
               imagePullPolicy: Always
               env:
                 - name: HOME
@@ -340,7 +424,7 @@ spec:
                   subPath: values.yaml
           containers:            
             - name: "done"
-              image: registry.redhat.io/ansible-automation-platform-23/ee-supported-rhel8:latest
+              image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest
               imagePullPolicy: Always
               command:
                 - 'sh'
@@ -454,6 +538,8 @@ spec:
           value: apps.hub.example.com
         - name: global.localClusterDomain
           value: apps.region.example.com
+        - name: global.privateRepo
+          value: 
   syncPolicy:
     automated: {}
     retry:
@@ -496,36 +582,6 @@ spec:
       return hs
 
   applicationInstanceLabelKey: argocd.argoproj.io/instance
-  # Not the greatest way to pass git/quay info to sub-applications, but it will do until
-  # we can support helmChart with kustomize
-  # The other option is to pass them in as environment variables eg. BLUEPRINT_VERSION
-  configManagementPlugins: |
-    - name: kustomize-version
-      generate:
-        command: ["sh", "-c"]
-        args: ["kustomize version 1>&2 && exit 1"]
-    - name: kustomize-with-helm
-      generate:
-        command: ["kustomize"]
-        args: ["build", "--enable-helm"]
-    - name: helm-with-kustomize
-      init:
-        command: ["/bin/sh", "-c"]
-        args: ["helm dependency build"]
-      generate:
-        command: ["/bin/bash", "-c"]
-        args: ["helm template . --name-template ${ARGOCD_APP_NAME:0:52}
-            -f $(git rev-parse --show-toplevel)/values-global.yaml
-            -f $(git rev-parse --show-toplevel)/values-factory.yaml
-            --set global.repoURL=$ARGOCD_APP_SOURCE_REPO_URL
-            --set global.targetRevision=$ARGOCD_APP_SOURCE_TARGET_REVISION
-            --set global.namespace=$ARGOCD_APP_NAMESPACE
-            --set global.pattern=mypattern
-            --set global.clusterDomain=region.example.com
-            --set global.hubClusterDomain=apps.hub.example.com
-            --set global.localClusterDomain=apps.region.example.com
-            --set clusterGroup.name=factory
-            --post-renderer ./kustomize"]
   applicationSet:
     resources:
       limits:
@@ -558,6 +614,32 @@ spec:
   rbac:
     defaultPolicy: role:admin
   repo:
+    sidecarContainers:
+      - name: helm-with-kustomize
+        command: [/var/run/argocd/argocd-cmp-server]
+        args: [
+  "--loglevel=debug"
+]
+        image: quay.io/hybridcloudpatterns/utility-container:latest
+        imagePullPolicy: Always
+        securityContext:
+          runAsNonRoot: true
+        volumeMounts:
+          - mountPath: /var/run/argocd
+            name: var-files
+          - mountPath: /home/argocd/cmp-server/plugins
+            name: plugins
+          - mountPath: /tmp
+            name: cmp-tmp
+          - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+            subPath: plugin.yaml
+            name: helm-with-kustomize
+    volumes:
+      - emptyDir: {}
+        name: cmp-tmp
+      - configMap:
+          name: "argocd-cmp-helm-with-kustomize"
+        name: helm-with-kustomize
     resources:
       limits:
         cpu: "1"