Provisioner-cli: update provisioner files to include profile id support

Uncomment profile id steps in kustomize.yaml Add extra validation for steps which require API key to be set Move PODVM_IMAGE_ID out of the TEST_PROVISION branch Fix syntax errors Fixes: confidential-containers#1243 Signed-off-by: Tia Shah <[email protected]>
bookinabox · Aug 3, 2023 · 22b79cc · 22b79cc
1 parent 5253ce8
commit 22b79cc
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 13 deletions.
diff --git a/install/overlays/ibmcloud/kustomization.yaml b/install/overlays/ibmcloud/kustomization.yaml
@@ -46,7 +46,7 @@ secretGenerator:
   namespace: confidential-containers-system
   literals:
 ##IAM PROFILE SETTINGS
-# - IBMCLOUD_IAM_PROFILE_ID="" # set
+  - IBMCLOUD_IAM_PROFILE_ID="" # set
 ##/IAM PROFILE SETTINGS
   - IBMCLOUD_API_KEY="" # set if not using IAM profile ID
   - IBMCLOUD_IAM_ENDPOINT="" #set
@@ -64,7 +64,7 @@ patchesStrategicMerge:
   - cri_runtime_endpoint.yaml # set (modify host's runtime cri socket path in the file, default is /run/containerd/containerd.sock)
   - kata_direct_volumes_mount.yaml # set (for volumes/csi-wrapper)
 ##IAM PROFILE SETTINGS
-# - cr_token_projection.yaml
+  - cr_token_projection.yaml
 ##/IAM PROFILE SETTINGS
 ##TLS_SETTINGS
 # - tls_certs_volume_mount.yaml # set (for tls)

diff --git a/test/provisioner/provision_ibmcloud.go b/test/provisioner/provision_ibmcloud.go
@@ -803,6 +803,10 @@ func getSha256sum(imagePath string) (string, error) {
 func (p *IBMCloudProvisioner) UploadPodvm(imagePath string, ctx context.Context, cfg *envconf.Config) error {
 	log.Trace("UploadPodvm()")
 
+	if len(IBMCloudProps.ApiKey) <= 0 {
+		return errors.New("APIKEY must be set to upload podvm image")
+	}
+
 	filePath, err := filepath.Abs(imagePath)
 	if err != nil {
 		return err
@@ -941,6 +945,7 @@ func (p *IBMCloudProvisioner) GetProperties(ctx context.Context, cfg *envconf.Co
 		"IBMCLOUD_VPC_ID":                      IBMCloudProps.VpcID,
 		"CRI_RUNTIME_ENDPOINT":                 "/run/cri-runtime/containerd.sock",
 		"IBMCLOUD_API_KEY":                     IBMCloudProps.ApiKey,
+		"IBMCLOUD_IAM_PROFILE_ID":              IBMCloudProps.IamProfileID,
 		"IBMCLOUD_IAM_ENDPOINT":                IBMCloudProps.IamServiceURL,
 	}
 }

diff --git a/test/provisioner/provision_ibmcloud.properties b/test/provisioner/provision_ibmcloud.properties
@@ -1,6 +1,7 @@
 IBMCLOUD_PROVIDER="ibmcloud"
 # Manage -> Access -> API Keys -> My IBM Cloud API Keys
 APIKEY="${MY_VPC_APIKEY}"
+IAM_PROFILE_ID="${MY_IAM_PROFILE_ID}"
 CLUSTER_NAME="e2e-test1"
 # Resource list -> storage -> a cos service ->
 COS_BUCKET="peerpod-cos-bucket"

diff --git a/test/provisioner/provision_ibmcloud_initializer.go b/test/provisioner/provision_ibmcloud_initializer.go
@@ -22,6 +22,7 @@ import (
 type IBMCloudProperties struct {
 	IBMCloudProvider  string
 	ApiKey            string
+	IamProfileID      string
 	Bucket            string
 	CaaImageTag       string
 	ClusterName       string
@@ -63,6 +64,7 @@ func initProperties(properties map[string]string) error {
 	IBMCloudProps = &IBMCloudProperties{
 		IBMCloudProvider:  properties["IBMCLOUD_PROVIDER"],
 		ApiKey:            properties["APIKEY"],
+		IamProfileID:      properties["IAM_PROFILE_ID"],
 		Bucket:            properties["COS_BUCKET"],
 		CaaImageTag:       properties["CAA_IMAGE_TAG"],
 		ClusterName:       properties["CLUSTER_NAME"],
@@ -131,9 +133,10 @@ func initProperties(properties map[string]string) error {
 
 	log.Debugf("%+v", IBMCloudProps)
 
-	if len(IBMCloudProps.ApiKey) <= 0 {
-		return errors.New("APIKEY was not set.")
+	if len(IBMCloudProps.ApiKey) <= 0 && len(IBMCloudProps.IamProfileID) <= 0 {
+		return errors.New("APIKEY or IAM_PROFILE_ID must be set")
 	}
+
 	if len(IBMCloudProps.ResourceGroupID) <= 0 {
 		log.Info("[warning] RESOURCE_GROUP_ID was not set.")
 	}
@@ -159,6 +162,9 @@ func initProperties(properties map[string]string) error {
 
 	needProvisionStr := os.Getenv("TEST_PROVISION")
 	if strings.EqualFold(needProvisionStr, "yes") || strings.EqualFold(needProvisionStr, "true") {
+		if len(IBMCloudProps.ApiKey) <= 0 {
+			return errors.New("APIKEY is required for provisioning")
+		}
 		if len(IBMCloudProps.Region) <= 0 {
 			return errors.New("REGION was not set.")
 		}
@@ -168,14 +174,7 @@ func initProperties(properties map[string]string) error {
 		if len(IBMCloudProps.WorkerOS) <= 0 {
 			return errors.New("WORKER_OPERATION_SYSTEM was not set, set it like: UBUNTU_20_64, UBUNTU_18_S390X")
 		}
-
-		if err := initClustersAPI(); err != nil {
-			return err
-		}
 	} else {
-		if len(IBMCloudProps.PodvmImageID) <= 0 {
-			return errors.New("PODVM_IMAGE_ID was not set, set it with existing custom image id in VPC")
-		}
 		if len(IBMCloudProps.SshKeyID) <= 0 {
 			log.Info("[warning] SSH_KEY_ID was not set.")
 		}
@@ -204,10 +203,18 @@ func initProperties(properties map[string]string) error {
 		if len(IBMCloudProps.CosServiceURL) <= 0 {
 			return errors.New("COS_SERVICE_URL was not set, example: s3.us.cloud-object-storage.appdomain.cloud")
 		}
+	} else if len(IBMCloudProps.PodvmImageID) <= 0 {
+		return errors.New("PODVM_IMAGE_ID was not set, set it with existing custom image id in VPC")
 	}
 
-	if err := initVpcV1(); err != nil {
-		return err
+	if len(IBMCloudProps.ApiKey) > 0 {
+		if err := initClustersAPI(); err != nil {
+			return err
+		}
+
+		if err := initVpcV1(); err != nil {
+			return err
+		}
 	}
 
 	return nil
@@ -227,6 +234,7 @@ func initVpcV1() error {
 		},
 		URL: IBMCloudProps.VpcServiceURL,
 	})
+
 	if err != nil {
 		return err
 	}

diff --git a/test/provisioner/provision_ibmcloud_kustomize.go b/test/provisioner/provision_ibmcloud_kustomize.go
@@ -72,6 +72,8 @@ func isKustomizeSecretKey(key string) bool {
 	switch key {
 	case "IBMCLOUD_API_KEY":
 		return true
+	case "IBMCLOUD_IAM_PROFILE_ID":
+		return true
 	case "IBMCLOUD_IAM_ENDPOINT":
 		return true
 	case "IBMCLOUD_ZONE":