openshift · jerichokeyne · Aug 28, 2024 · radtriste · Oct 17, 2024
diff --git a/tests/README.md b/tests/README.md
@@ -128,6 +128,7 @@ For the test cases, we need `$ make install` to make the rosa command line insta
 > * **PROVISION_SHARD** if it is set, a provision shard will be specified for cluster provision
 > * **NAME_PREFIX** if it is set, all resources will be generated based with the name prefix to identify the created cluster created by you. Otherwise _`rosacli-ci`_ will be used. For local testing, we should have it be set with your alias
 > * **CLUSTER_TIMEOUT** if it is set, the process will exit if cluster cannot be ready in setting time. Unit is minute
+> * **USE_LOCAL_CREDENTIALS** if it is set to `true`, then when the cluster is provisioned the `--use-local-credentials` flag will be enabled
 
 ### Running a local CI test simulation
 

diff --git a/tests/ci/config/config.go b/tests/ci/config/config.go
@@ -54,6 +54,7 @@ type GlobalENVVariables struct {
 	SVPC_CREDENTIALS_FILE string `env:"SHARED_VPC_AWS_SHARED_CREDENTIALS_FILE" default:""`
 	ComputeMachineType    string `env:"COMPUTE_MACHINE_TYPE" default:""`
 	OCM_LOGIN_ENV         string `env:"OCM_LOGIN_ENV" default:""`
+	UseLocalCredentials   bool   `env:"USE_LOCAL_CREDENTIALS" default:"false"`
 }
 
 func init() {
@@ -100,6 +101,7 @@ func init() {
 		panic(fmt.Errorf("env variable CLUSTER_TIMEOUT must be set to an integer"))
 	}
 	waitSetupClusterReady, _ := strconv.ParseBool(helper.ReadENVWithDefaultValue("WAIT_SETUP_CLUSTER_READY", "true"))
+	useLocalCredentials, _ := strconv.ParseBool(helper.ReadENVWithDefaultValue("USE_LOCAL_CREDENTIALS", "false"))
 	Test.GlobalENV = &GlobalENVVariables{
 		ChannelGroup:          os.Getenv("CHANNEL_GROUP"),
 		Version:               os.Getenv("VERSION"),
@@ -109,6 +111,7 @@ func init() {
 		SVPC_CREDENTIALS_FILE: os.Getenv("SHARED_VPC_AWS_SHARED_CREDENTIALS_FILE"),
 		ComputeMachineType:    os.Getenv("COMPUTE_MACHINE_TYPE"),
 		OCM_LOGIN_ENV:         os.Getenv("OCM_LOGIN_ENV"),
+		UseLocalCredentials:   useLocalCredentials,
 		ClusterWaitingTime:    waitingTime,
 		WaitSetupClusterReady: waitSetupClusterReady,
 	}

diff --git a/tests/ci/data/profiles/rosa-classic.yaml b/tests/ci/data/profiles/rosa-classic.yaml
@@ -214,4 +214,4 @@ profiles:
     oidc_config: ""
     shared_vpc: false
     imdsv2: "optional"
-    admin_enabled: false
+    admin_enabled: false
diff --git a/tests/e2e/test_rosacli_cluster.go b/tests/e2e/test_rosacli_cluster.go
@@ -1294,6 +1294,19 @@ var _ = Describe("Classic cluster creation validation",
 				Expect(errorOutput.String()).To(ContainSubstring("etcd encryption cannot be disabled on clusters with FIPS mode"))
 			})
 
+		It("validate use-local-credentials won't work with sts - [id:76481]",
+			labels.Medium, labels.Runtime.Day1Negative,
+			func() {
+				clusterName := "ocp-76481"
+
+				By("Create cluster with use-local-credentials flag but with sts")
+				errorOutput, err := clusterService.CreateDryRun(
+					clusterName, "--use-local-credentials", "--sts", "--mode=auto", "-y",
+				)
+				Expect(err).NotTo(BeNil())
+				Expect(errorOutput.String()).To(ContainSubstring("Local credentials are not supported for STS clusters"))
+			})
+
 		It("Create rosa cluster with additional security groups will validate well via rosacli - [id:68971]",
 			labels.Medium, labels.Runtime.Day1Negative,
 			func() {

diff --git a/tests/e2e/test_rosacli_cluster_post.go b/tests/e2e/test_rosacli_cluster_post.go
@@ -585,6 +585,14 @@ var _ = Describe("Healthy check",
 						Expect(jsonData.DigBool("multi_arch_enabled")).To(BeFalse())
 					}
 				})
+			It("with use-local-credentials will work - [id:65900]", labels.Runtime.Day1Post, labels.High,
+				func() {
+					By("Check that the cluster was installed with the right profile")
+					jsonData, err := clusterService.GetJSONClusterDescription(clusterID)
+					Expect(err).ToNot(HaveOccurred())
+					Expect(jsonData.DigBool("properties", "use_local_credentials")).
+						To(Equal(profile.ClusterConfig.UseLocalCredentials))
+				})
 
 			It("with policy path will work - [id:75525]", labels.Runtime.Day1Post, labels.High,
 				func() {

diff --git a/tests/utils/profilehandler/interface.go b/tests/utils/profilehandler/interface.go
@@ -57,6 +57,7 @@ type ClusterConfig struct {
 	SharedVPC                     bool   `yaml:"shared_vpc,omitempty" json:"shared_vpc,omitempty"`
 	TagEnabled                    bool   `yaml:"tag_enabled,omitempty" json:"tag_enabled,omitempty"`
 	NetworkType                   string `yaml:"network_type,omitempty" json:"network_type,omitempty"`
+	UseLocalCredentials           bool   `yaml:"use_local_credentials,omitempty" json:"use_local_credentials,omitempty"`
 }
 
 // UserData will record the user data prepared for resource clean up

diff --git a/tests/utils/profilehandler/profile_handler.go b/tests/utils/profilehandler/profile_handler.go
@@ -66,11 +66,16 @@ func LoadProfileYamlFileByENV() *Profile {
 	}
 
 	if config.Test.GlobalENV.ComputeMachineType != "" {
-		log.Logger.Infof("Got global env settings for INSTANCE_TYPE, overwritten the profile setting with value %s",
+		log.Logger.Infof("Got global env settings for COMPUTE_MACHINE_TYPE, overwritten the profile setting with value %s",
 			config.Test.GlobalENV.ComputeMachineType)
 		profile.ClusterConfig.InstanceType = config.Test.GlobalENV.ComputeMachineType
 	}
 
+	if config.Test.GlobalENV.UseLocalCredentials {
+		log.Logger.Info("Got global env setting for USE_LOCAL_CREDENTIALS, overwritten the profile setting to true")
+		profile.ClusterConfig.UseLocalCredentials = true
+	}
+
 	return profile
 }
 
@@ -180,6 +185,11 @@ func GenerateClusterCreateFlags(profile *Profile, client *rosacli.Client) ([]str
 			"--domain-prefix", helper.TrimNameByLength(clusterName, ocm.MaxClusterDomainPrefixLength),
 		)
 	}
+	if profile.ClusterConfig.UseLocalCredentials {
+		flags = append(flags,
+			"--use-local-credentials",
+		)
+	}
 	if profile.ClusterConfig.STS {
 		var accRoles *rosacli.AccountRolesUnit
 		var oidcConfigID string