diff --git a/install/overlays/ibmcloud/kustomization.yaml b/install/overlays/ibmcloud/kustomization.yaml index 319c490b9..e75f50cd4 100644 --- a/install/overlays/ibmcloud/kustomization.yaml +++ b/install/overlays/ibmcloud/kustomization.yaml @@ -46,7 +46,7 @@ secretGenerator: namespace: confidential-containers-system literals: ##IAM PROFILE SETTINGS -# - IBMCLOUD_IAM_PROFILE_ID="" # set + - IBMCLOUD_IAM_PROFILE_ID="" # set ##/IAM PROFILE SETTINGS - IBMCLOUD_API_KEY="" # set if not using IAM profile ID - IBMCLOUD_IAM_ENDPOINT="" #set @@ -64,7 +64,7 @@ patchesStrategicMerge: - cri_runtime_endpoint.yaml # set (modify host's runtime cri socket path in the file, default is /run/containerd/containerd.sock) - kata_direct_volumes_mount.yaml # set (for volumes/csi-wrapper) ##IAM PROFILE SETTINGS -# - cr_token_projection.yaml + - cr_token_projection.yaml ##/IAM PROFILE SETTINGS ##TLS_SETTINGS # - tls_certs_volume_mount.yaml # set (for tls) diff --git a/test/provisioner/provision_ibmcloud.go b/test/provisioner/provision_ibmcloud.go index 8ccf1abc2..1aa430823 100644 --- a/test/provisioner/provision_ibmcloud.go +++ b/test/provisioner/provision_ibmcloud.go @@ -803,6 +803,10 @@ func getSha256sum(imagePath string) (string, error) { func (p *IBMCloudProvisioner) UploadPodvm(imagePath string, ctx context.Context, cfg *envconf.Config) error { log.Trace("UploadPodvm()") + if len(IBMCloudProps.ApiKey) <= 0 { + return errors.New("APIKEY must be set to upload podvm image") + } + filePath, err := filepath.Abs(imagePath) if err != nil { return err @@ -941,6 +945,7 @@ func (p *IBMCloudProvisioner) GetProperties(ctx context.Context, cfg *envconf.Co "IBMCLOUD_VPC_ID": IBMCloudProps.VpcID, "CRI_RUNTIME_ENDPOINT": "/run/cri-runtime/containerd.sock", "IBMCLOUD_API_KEY": IBMCloudProps.ApiKey, + "IBMCLOUD_IAM_PROFILE_ID": IBMCloudProps.IamProfileID, "IBMCLOUD_IAM_ENDPOINT": IBMCloudProps.IamServiceURL, } } diff --git a/test/provisioner/provision_ibmcloud.properties b/test/provisioner/provision_ibmcloud.properties index 43fb4f1a7..d17e52200 100644 --- a/test/provisioner/provision_ibmcloud.properties +++ b/test/provisioner/provision_ibmcloud.properties @@ -1,6 +1,7 @@ IBMCLOUD_PROVIDER="ibmcloud" # Manage -> Access -> API Keys -> My IBM Cloud API Keys APIKEY="${MY_VPC_APIKEY}" +IAM_PROFILE_ID="${MY_IAM_PROFILE_ID}" CLUSTER_NAME="e2e-test1" # Resource list -> storage -> a cos service -> COS_BUCKET="peerpod-cos-bucket" diff --git a/test/provisioner/provision_ibmcloud_initializer.go b/test/provisioner/provision_ibmcloud_initializer.go index e1fcd9233..d585223a2 100644 --- a/test/provisioner/provision_ibmcloud_initializer.go +++ b/test/provisioner/provision_ibmcloud_initializer.go @@ -22,6 +22,7 @@ import ( type IBMCloudProperties struct { IBMCloudProvider string ApiKey string + IamProfileID string Bucket string CaaImageTag string ClusterName string @@ -63,6 +64,7 @@ func initProperties(properties map[string]string) error { IBMCloudProps = &IBMCloudProperties{ IBMCloudProvider: properties["IBMCLOUD_PROVIDER"], ApiKey: properties["APIKEY"], + IamProfileID: properties["IAM_PROFILE_ID"], Bucket: properties["COS_BUCKET"], CaaImageTag: properties["CAA_IMAGE_TAG"], ClusterName: properties["CLUSTER_NAME"], @@ -131,9 +133,10 @@ func initProperties(properties map[string]string) error { log.Debugf("%+v", IBMCloudProps) - if len(IBMCloudProps.ApiKey) <= 0 { - return errors.New("APIKEY was not set.") + if len(IBMCloudProps.ApiKey) <= 0 && len(IBMCloudProps.IamProfileID) <= 0 { + return errors.New("APIKEY or IAM_PROFILE_ID must be set") } + if len(IBMCloudProps.ResourceGroupID) <= 0 { log.Info("[warning] RESOURCE_GROUP_ID was not set.") } @@ -159,6 +162,9 @@ func initProperties(properties map[string]string) error { needProvisionStr := os.Getenv("TEST_PROVISION") if strings.EqualFold(needProvisionStr, "yes") || strings.EqualFold(needProvisionStr, "true") { + if len(IBMCloudProps.ApiKey) <= 0 { + return errors.New("APIKEY is required for provisioning") + } if len(IBMCloudProps.Region) <= 0 { return errors.New("REGION was not set.") } @@ -168,14 +174,7 @@ func initProperties(properties map[string]string) error { if len(IBMCloudProps.WorkerOS) <= 0 { return errors.New("WORKER_OPERATION_SYSTEM was not set, set it like: UBUNTU_20_64, UBUNTU_18_S390X") } - - if err := initClustersAPI(); err != nil { - return err - } } else { - if len(IBMCloudProps.PodvmImageID) <= 0 { - return errors.New("PODVM_IMAGE_ID was not set, set it with existing custom image id in VPC") - } if len(IBMCloudProps.SshKeyID) <= 0 { log.Info("[warning] SSH_KEY_ID was not set.") } @@ -204,10 +203,18 @@ func initProperties(properties map[string]string) error { if len(IBMCloudProps.CosServiceURL) <= 0 { return errors.New("COS_SERVICE_URL was not set, example: s3.us.cloud-object-storage.appdomain.cloud") } + } else if len(IBMCloudProps.PodvmImageID) <= 0 { + return errors.New("PODVM_IMAGE_ID was not set, set it with existing custom image id in VPC") } - if err := initVpcV1(); err != nil { - return err + if len(IBMCloudProps.ApiKey) > 0 { + if err := initClustersAPI(); err != nil { + return err + } + + if err := initVpcV1(); err != nil { + return err + } } return nil @@ -227,6 +234,7 @@ func initVpcV1() error { }, URL: IBMCloudProps.VpcServiceURL, }) + if err != nil { return err } diff --git a/test/provisioner/provision_ibmcloud_kustomize.go b/test/provisioner/provision_ibmcloud_kustomize.go index 4d791621c..1b4293fbb 100644 --- a/test/provisioner/provision_ibmcloud_kustomize.go +++ b/test/provisioner/provision_ibmcloud_kustomize.go @@ -72,6 +72,8 @@ func isKustomizeSecretKey(key string) bool { switch key { case "IBMCLOUD_API_KEY": return true + case "IBMCLOUD_IAM_PROFILE_ID": + return true case "IBMCLOUD_IAM_ENDPOINT": return true case "IBMCLOUD_ZONE":