def verify_managed_secrets(): """ Verify that ocs-converged-pagerduty, ocs-converged-smtp, ocs-converged-deadmanssnitch, addon-ocs-provider-parameters, alertmanager-managed-ocs-alertmanager-generated, rook-ceph-mon secrets exist in openshift-storage namespace. For a provider cluster verify existence of onboarding-ticket-key and ocs-provider-server secrets. For a consumer cluster verify existence of 5 rook-ceph-client secrets """ secret_ocp_obj = OCP(kind=constants.SECRET, namespace=constants.OPENSHIFT_STORAGE_NAMESPACE) for secret_name in { managedservice.get_pagerduty_secret_name(), managedservice.get_smtp_secret_name(), managedservice.get_dms_secret_name(), managedservice.get_parameters_secret_name(), constants.MANAGED_ALERTMANAGER_SECRET, constants.MANAGED_MON_SECRET, }: assert secret_ocp_obj.is_exist( resource_name=secret_name ), f"{secret_name} does not exist in {constants.OPENSHIFT_STORAGE_NAMESPACE} namespace" if config.ENV_DATA["cluster_type"].lower() == "provider": for secret_name in { constants.MANAGED_ONBOARDING_SECRET, constants.MANAGED_PROVIDER_SERVER_SECRET, }: assert secret_ocp_obj.is_exist( resource_name=secret_name ), f"{secret_name} does not exist in {constants.OPENSHIFT_STORAGE_NAMESPACE} namespace" else: secrets = secret_ocp_obj.get().get("items") client_secrets = [] for secret in secrets: if secret["metadata"]["name"].startswith("rook-ceph-client"): client_secrets.append(secret["metadata"]["name"]) log.info(f"rook-ceph-client secrets: {client_secrets}") assert len(client_secrets) == 5
def verify_managed_service_networkpolicy(): """ Verify Networkpolicy and EgressNetworkpolicy creation Temporarily left out for V2 offering """ for policy in { ("Networkpolicy", "ceph-ingress-rule"), ("EgressNetworkpolicy", "egress-rule"), }: policy_obj = OCP( kind=policy[0], namespace=constants.OPENSHIFT_STORAGE_NAMESPACE, ) assert policy_obj.is_exist( resource_name=policy[1] ), f"{policy[0]} {policy}[1] does not exist in openshift-storage namespace"
def verify_managed_service_resources(): """ Verify creation and status of resources specific to OSD and ROSA deployments: 1. ocs-operator, ocs-osd-deployer, ose-prometheus-operator csvs are Succeeded 2. ocs-converged-pagerduty, ocs-converged-smtp, ocs-converged-deadmanssnitch secrets exist in openshift-storage namespace 3. 1 prometheus pod and 3 alertmanager pods are in Running state 4. Managedocs components alertmanager, prometheus, storageCluster are in Ready state 5. Networkpolicy and EgressNetworkpolicy resources are present """ # Verify CSV status for managed_csv in { constants.OCS_CSV_PREFIX, constants.OSD_DEPLOYER, constants.OSE_PROMETHEUS_OPERATOR, }: csvs = csv.get_csvs_start_with_prefix( managed_csv, constants.OPENSHIFT_STORAGE_NAMESPACE) assert ( len(csvs) == 1 ), f"Unexpected number of CSVs with {managed_csv} prefix: {len(csvs)}" csv_name = csvs[0]["metadata"]["name"] csv_obj = csv.CSV(resource_name=csv_name, namespace=constants.OPENSHIFT_STORAGE_NAMESPACE) log.info(f"Check if {csv_name} is in Succeeded phase.") csv_obj.wait_for_phase(phase="Succeeded", timeout=600) # Verify alerting secrets creation secret_ocp_obj = OCP(kind="secret", namespace=constants.OPENSHIFT_STORAGE_NAMESPACE) for secret_name in { constants.MANAGED_SMTP_SECRET, constants.MANAGED_PAGERDUTY_SECRET, constants.MANAGED_DEADMANSSNITCH_SECRET, }: assert secret_ocp_obj.is_exist( resource_name=secret_name ), f"{secret_name} does not exist in openshift-storage namespace" # Verify alerting pods are Running pod_obj = OCP( kind="pod", namespace=constants.OPENSHIFT_STORAGE_NAMESPACE, ) for alert_pod in { (constants.MANAGED_PROMETHEUS_LABEL, 1), (constants.MANAGED_ALERTMANAGER_LABEL, 3), }: pod_obj.wait_for_resource(condition="Running", selector=alert_pod[0], resource_count=alert_pod[1]) # Verify managedocs components are Ready log.info("Getting managedocs components data") managedocs_obj = OCP( kind="managedocs", resource_name="managedocs", namespace=constants.OPENSHIFT_STORAGE_NAMESPACE, ) for component in {"alertmanager", "prometheus", "storageCluster"}: assert ( managedocs_obj.get()["status"]["components"][component]["state"] == "Ready" ), f"{component} status is {managedocs_obj.get()['status']['components'][component]['state']}" # Verify Networkpolicy and EgressNetworkpolicy creation for policy in { ("Networkpolicy", "ceph-ingress-rule"), ("EgressNetworkpolicy", "egress-rule"), }: policy_obj = OCP( kind=policy[0], namespace=constants.OPENSHIFT_STORAGE_NAMESPACE, ) assert policy_obj.is_exist( resource_name=policy[1] ), f"{policy[0]} {policy}[1] does not exist in openshift-storage namespace"