OSSM-6930: Resolve certmanager conflict for IBM Z&P (#726)

maistra · Aug 13, 2024 · cec403a · cec403a
1 parent f3591e5
commit cec403a
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 14 deletions.
diff --git a/pkg/certmanageroperator/install.go b/pkg/certmanageroperator/install.go
@@ -4,6 +4,7 @@ import (
 	_ "embed"
 	"time"
 
+	"github.com/maistra/maistra-test-tool/pkg/util/check/assert"
 	"github.com/maistra/maistra-test-tool/pkg/util/oc"
 	"github.com/maistra/maistra-test-tool/pkg/util/operator"
 	"github.com/maistra/maistra-test-tool/pkg/util/pod"
@@ -43,8 +44,19 @@ func install(t test.TestHelper) {
 
 	t.LogStep("Wait for cert manager control plane")
 	oc.WaitPodReadyWithOptions(t, retry.Options().MaxAttempts(70).DelayBetweenAttempts(5*time.Second), pod.MatchingSelector("app=cert-manager", certManagerNs))
-	// oc.WaitPodReadyWithOptions(t, retry.Options().MaxAttempts(70).DelayBetweenAttempts(5*time.Second), pod.MatchingSelector("app=cainjector", certManagerNs))
-	// oc.WaitPodReadyWithOptions(t, retry.Options().MaxAttempts(70).DelayBetweenAttempts(5*time.Second), pod.MatchingSelector("app=webhook", certManagerNs))
+	oc.WaitPodReadyWithOptions(t, retry.Options().MaxAttempts(70).DelayBetweenAttempts(5*time.Second), pod.MatchingSelector("app=cainjector", certManagerNs))
+	oc.WaitPodReadyWithOptions(t, retry.Options().MaxAttempts(70).DelayBetweenAttempts(5*time.Second), pod.MatchingSelector("app=webhook", certManagerNs))
+
+	t.LogStep("Wait for cert-manager-webhook service available")
+	retry.UntilSuccess(t, func(t test.TestHelper) {
+		oc.Get(t,
+			certManagerNs,
+			"service",
+			"cert-manager-webhook",
+			assert.OutputDoesNotContain("NotFound",
+				"Service \"cert-manager-webhook\" found",
+				"Service \"cert-manager-webhook\" not found"))
+	})
 
 	t.LogStep("Create root ca")
 	oc.ApplyString(t, certManagerNs, rootCA)

diff --git a/pkg/tests/tasks/security/certmanager/istio_csr_test.go b/pkg/tests/tasks/security/certmanager/istio_csr_test.go
@@ -33,9 +33,6 @@ func TestIstioCsr(t *testing.T) {
 		if ocpVersion.LessThan(version.OCP_4_12) {
 			t.Skip("istio-csr is not supported in OCP older than v4.12")
 		}
-		if env.GetArch() == "z" || env.GetArch() == "p" {
-			t.Skip("istio-csr is not supported for IBM Z&P")
-		}
 
 		meshValues := map[string]string{
 			"Name":    smcpName,
@@ -73,7 +70,7 @@ func TestIstioCsr(t *testing.T) {
 		helm.Namespace(meshNamespace).
 			Chart("jetstack/cert-manager-istio-csr").
 			Release("istio-csr").
-			Version("v0.6.0").
+			Version("v0.10.0").
 			ValuesString(template.Run(t, istioCsrTmpl, istioCsrValues)).
 			Install(t)
 		oc.WaitDeploymentRolloutComplete(t, meshNamespace, "cert-manager-istio-csr")
@@ -92,7 +89,7 @@ func TestIstioCsr(t *testing.T) {
 		t.LogStep("Verify that istio-ca-root-cert not created in non-member namespaces")
 		oc.LogsFromPods(t, meshNamespace, "app=cert-manager-istio-csr",
 			assert.OutputDoesNotContain(
-				fmt.Sprintf(`"msg"="creating configmap with root CA data" "configmap"="istio-ca-root-cert" "namespace"="%s"`, ns.Bar),
+				fmt.Sprintf(`creating configmap with root CA data	logger=controller.configmap namespace=%s configmap=istio-ca-root-cert`, ns.Bar),
 				fmt.Sprintf("istio-ca-root-cert not created in %s", ns.Bar),
 				fmt.Sprintf("istio-ca-root-cert created in %s", ns.Bar)))
 
@@ -114,8 +111,8 @@ func TestIstioCsr(t *testing.T) {
 func assertIstioCARootCertCreatedOrUpdated(ns string) common.CheckFunc {
 	return assert.OutputContainsAny(
 		[]string{
-			fmt.Sprintf(`"msg"="creating configmap with root CA data" "configmap"="istio-ca-root-cert" "namespace"="%s"`, ns),
-			fmt.Sprintf(`"msg"="updating ConfigMap data" "configmap"="istio-ca-root-cert" "namespace"="%s"`, ns),
+			fmt.Sprintf(`creating configmap with root CA data	logger=controller.configmap namespace=%s configmap=istio-ca-root-cert`, ns),
+			fmt.Sprintf(`updating ConfigMap data	logger=controller.configmap namespace=%s configmap=istio-ca-root-cert`, ns),
 		},
 		fmt.Sprintf("istio-ca-root-cert created or updated in %s", ns),
 		fmt.Sprintf("istio-ca-root-cert neither created nor updated in %s", ns))

diff --git a/pkg/tests/tasks/security/certmanager/plugin_ca_test.go b/pkg/tests/tasks/security/certmanager/plugin_ca_test.go
@@ -33,9 +33,6 @@ func TestPluginCaCert(t *testing.T) {
 		if ocpVersion.LessThan(version.OCP_4_12) {
 			t.Skip("istio-csr is not supported in OCP older than v4.12")
 		}
-		if env.GetArch() == "z" || env.GetArch() == "p" {
-			t.Skip("istio-csr is not supported for IBM Z&P")
-		}
 
 		meshValues := map[string]interface{}{
 			"Name":    smcpName,

diff --git a/pkg/tests/tasks/security/certmanager/yaml/istio-csr/istio-csr.yaml b/pkg/tests/tasks/security/certmanager/yaml/istio-csr/istio-csr.yaml
@@ -2,8 +2,7 @@ replicaCount: 2
 
 image:
   repository: quay.io/jetstack/cert-manager-istio-csr
-  tag: v0.6.0
-  pullSecretName: ""
+  tag: v0.10.0
 
 app:
   certmanager: