def verify_managed_secrets():
"""
Verify that ocs-converged-pagerduty, ocs-converged-smtp, ocs-converged-deadmanssnitch,
addon-ocs-provider-parameters, alertmanager-managed-ocs-alertmanager-generated,
rook-ceph-mon secrets exist in openshift-storage namespace.
For a provider cluster verify existence of onboarding-ticket-key and ocs-provider-server
secrets.
For a consumer cluster verify existence of 5 rook-ceph-client secrets
"""
secret_ocp_obj = OCP(kind=constants.SECRET,
namespace=constants.OPENSHIFT_STORAGE_NAMESPACE)
for secret_name in {
managedservice.get_pagerduty_secret_name(),
managedservice.get_smtp_secret_name(),
managedservice.get_dms_secret_name(),
managedservice.get_parameters_secret_name(),
constants.MANAGED_ALERTMANAGER_SECRET,
constants.MANAGED_MON_SECRET,
}:
assert secret_ocp_obj.is_exist(
resource_name=secret_name
), f"{secret_name} does not exist in {constants.OPENSHIFT_STORAGE_NAMESPACE} namespace"
if config.ENV_DATA["cluster_type"].lower() == "provider":
for secret_name in {
constants.MANAGED_ONBOARDING_SECRET,
constants.MANAGED_PROVIDER_SERVER_SECRET,
}:
assert secret_ocp_obj.is_exist(
resource_name=secret_name
), f"{secret_name} does not exist in {constants.OPENSHIFT_STORAGE_NAMESPACE} namespace"
else:
secrets = secret_ocp_obj.get().get("items")
client_secrets = []
for secret in secrets:
if secret["metadata"]["name"].startswith("rook-ceph-client"):
client_secrets.append(secret["metadata"]["name"])
log.info(f"rook-ceph-client secrets: {client_secrets}")
assert len(client_secrets) == 5
def verify_managed_service_networkpolicy():
"""
Verify Networkpolicy and EgressNetworkpolicy creation
Temporarily left out for V2 offering
"""
for policy in {
("Networkpolicy", "ceph-ingress-rule"),
("EgressNetworkpolicy", "egress-rule"),
}:
policy_obj = OCP(
kind=policy[0],
namespace=constants.OPENSHIFT_STORAGE_NAMESPACE,
)
assert policy_obj.is_exist(
resource_name=policy[1]
), f"{policy[0]} {policy}[1] does not exist in openshift-storage namespace"
def verify_managed_service_resources():
"""
Verify creation and status of resources specific to OSD and ROSA deployments:
1. ocs-operator, ocs-osd-deployer, ose-prometheus-operator csvs are Succeeded
2. ocs-converged-pagerduty, ocs-converged-smtp, ocs-converged-deadmanssnitch secrets
exist in openshift-storage namespace
3. 1 prometheus pod and 3 alertmanager pods are in Running state
4. Managedocs components alertmanager, prometheus, storageCluster are in Ready state
5. Networkpolicy and EgressNetworkpolicy resources are present
"""
# Verify CSV status
for managed_csv in {
constants.OCS_CSV_PREFIX,
constants.OSD_DEPLOYER,
constants.OSE_PROMETHEUS_OPERATOR,
}:
csvs = csv.get_csvs_start_with_prefix(
managed_csv, constants.OPENSHIFT_STORAGE_NAMESPACE)
assert (
len(csvs) == 1
), f"Unexpected number of CSVs with {managed_csv} prefix: {len(csvs)}"
csv_name = csvs[0]["metadata"]["name"]
csv_obj = csv.CSV(resource_name=csv_name,
namespace=constants.OPENSHIFT_STORAGE_NAMESPACE)
log.info(f"Check if {csv_name} is in Succeeded phase.")
csv_obj.wait_for_phase(phase="Succeeded", timeout=600)
# Verify alerting secrets creation
secret_ocp_obj = OCP(kind="secret",
namespace=constants.OPENSHIFT_STORAGE_NAMESPACE)
for secret_name in {
constants.MANAGED_SMTP_SECRET,
constants.MANAGED_PAGERDUTY_SECRET,
constants.MANAGED_DEADMANSSNITCH_SECRET,
}:
assert secret_ocp_obj.is_exist(
resource_name=secret_name
), f"{secret_name} does not exist in openshift-storage namespace"
# Verify alerting pods are Running
pod_obj = OCP(
kind="pod",
namespace=constants.OPENSHIFT_STORAGE_NAMESPACE,
)
for alert_pod in {
(constants.MANAGED_PROMETHEUS_LABEL, 1),
(constants.MANAGED_ALERTMANAGER_LABEL, 3),
}:
pod_obj.wait_for_resource(condition="Running",
selector=alert_pod[0],
resource_count=alert_pod[1])
# Verify managedocs components are Ready
log.info("Getting managedocs components data")
managedocs_obj = OCP(
kind="managedocs",
resource_name="managedocs",
namespace=constants.OPENSHIFT_STORAGE_NAMESPACE,
)
for component in {"alertmanager", "prometheus", "storageCluster"}:
assert (
managedocs_obj.get()["status"]["components"][component]["state"] ==
"Ready"
), f"{component} status is {managedocs_obj.get()['status']['components'][component]['state']}"
# Verify Networkpolicy and EgressNetworkpolicy creation
for policy in {
("Networkpolicy", "ceph-ingress-rule"),
("EgressNetworkpolicy", "egress-rule"),
}:
policy_obj = OCP(
kind=policy[0],
namespace=constants.OPENSHIFT_STORAGE_NAMESPACE,
)
assert policy_obj.is_exist(
resource_name=policy[1]
), f"{policy[0]} {policy}[1] does not exist in openshift-storage namespace"
