From 00bff29fdd79d2365af58d9adb0cd3c44f0090a4 Mon Sep 17 00:00:00 2001
From: pratikmahajan <pratik@mahajan.xyz>
Date: Fri, 5 Aug 2022 11:55:32 -0400
Subject: [PATCH 1/4] fix missing prometheus token in ocp 4.11 and above

the prometheus secret based token will no longer exist from
OCP 4.11 onwards. To get the prometheus token, we need to
create the secret manually to get the token. this commit
creates the prometheus robot secret which we then use to
get the prometheus token.
---
 hack/e2e.sh | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/hack/e2e.sh b/hack/e2e.sh
index d1af2103a..c59d01467 100755
--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -139,12 +139,27 @@ PROM_ROUTE=$(oc -n openshift-monitoring get route thanos-querier -o jsonpath="{.
 export PROM_ENDPOINT="https://${PROM_ROUTE}"
 echo "Using Prometheus endpoint ${PROM_ENDPOINT}"
 
-export PROM_TOKEN=$(oc -n openshift-monitoring get secret \
-  $(oc -n openshift-monitoring get serviceaccount prometheus-k8s \
-    -o jsonpath='{range .secrets[*]}{.name}{"\n"}{end}' | grep prometheus-k8s-token) \
-  -o go-template='{{.data.token | base64decode}}')
+
+# create a prometheus secret based token manually. this is required for clusters >= OCP 4.11
+oc apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prometheus-robot-secret
+  namespace: openshift-monitoring
+  annotations:
+    kubernetes.io/service-account.name: prometheus-k8s
+type: kubernetes.io/service-account-token
+EOF
 
 DELAY=30
+for i in $(seq 1 10); do
+  # extract the prometheus token
+  export PROM_TOKEN=$(oc extract secret/prometheus-robot-secret --to=- --keys=token -n openshift-monitoring) || continue
+  grep "waiting for prometheus token" <<< "${PROM_TOKEN}" || continue && break
+  sleep ${DELAY}
+done
+
 for i in $(seq 1 10); do
   PROM_OUTPUT=$(curl -kLs -H "Authorization: Bearer ${PROM_TOKEN}" "${PROM_ENDPOINT}/api/v1/query?query=cincinnati_gb_build_info") || continue
   grep "metric" <<< "${PROM_OUTPUT}" || continue && break

From 85e004f8cf25a0352534bf9bdc9ffa75d1cb1742 Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Fri, 12 Aug 2022 07:49:14 -0400
Subject: [PATCH 2/4] dist/openshift/cincinnati-e2e: Set targetNamespaces

In the OperatorGroup, as seen in [1,2], to catch up with the operator
moving AllNamespaces support from true to false in installModes [3].
This avoids [4]:

  + oc get events
  LAST SEEN   TYPE      REASON                     OBJECT                                                 MESSAGE
  10m         Warning   UnsupportedOperatorGroup   clusterserviceversion/update-service-operator.v5.0.0   AllNamespaces InstallModeType not supported, cannot configure to watch all namespaces

[1]: https://github.com/openshift/cincinnati-operator/blob/eed7a92a5efda96545e9be90a6ec65b427026d11/docs/disconnected-updateservice-operator.md#deploy-the-updateservice-operator
[2]: https://github.com/openshift/cincinnati-operator/blob/eed7a92a5efda96545e9be90a6ec65b427026d11/tools/create-sub-group.sh#L23-L25
[3]: https://github.com/openshift/cincinnati-operator/pull/134/commits/1137a5c057902faa0936d16239b0240553509699#diff-ef93a20b4f66d5fb3e6d84caf1169c43d4f750684fabd1a7c27065312dbb7fcdL73-R73
[4]: https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_release/31237/rehearse-31237-pull-ci-openshift-cincinnati-master-e2e/1557865068975099904#1:build-log.txt%3A897-899
---
 dist/openshift/cincinnati-e2e.yaml | 6 +++++-
 hack/e2e.sh                        | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/dist/openshift/cincinnati-e2e.yaml b/dist/openshift/cincinnati-e2e.yaml
index 5471fc2b0..df4ff7fe3 100644
--- a/dist/openshift/cincinnati-e2e.yaml
+++ b/dist/openshift/cincinnati-e2e.yaml
@@ -10,7 +10,9 @@ objects:
       name: openshift-update-service
       annotations:
         olm.providedAPIs: ''
-    spec: {}
+    spec:
+      targetNamespaces:
+        - "${NAMESPACE}"
   - apiVersion: operators.coreos.com/v1alpha1
     kind: Subscription
     metadata:
@@ -36,6 +38,8 @@ objects:
       releases: quay.io/openshift-release-dev/ocp-release
       replicas: ${{REPLICAS}}
 parameters:
+  - name: NAMESPACE
+    value: "openshift-update-service"
   - name: IMAGE
     value: "quay.io/app-sre/cincinnati"
     displayName: cincinnati image
diff --git a/hack/e2e.sh b/hack/e2e.sh
index c59d01467..da06c9f48 100755
--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -104,6 +104,7 @@ echo "GRAPHDATA_IMAGE=${GRAPH_SOURCE}"
 
 # Render the template and apply subscription/operand
 oc process -f dist/openshift/cincinnati-e2e.yaml \
+  -p NAMESPACE="openshift-update-service" \
   -p IMAGE="${IMAGE}" \
   -p IMAGE_TAG="${IMAGE_TAG}" \
   -p GRAPHDATA_IMAGE="${GRAPH_SOURCE}" \

From 7b1b9af9508da8c7963b3f0d423e76e79f952600 Mon Sep 17 00:00:00 2001
From: pratikmahajan <pratik@mahajan.xyz>
Date: Thu, 18 Aug 2022 11:10:09 -0400
Subject: [PATCH 3/4] fetch policy engine URI using .status.policyEngineURI

update service operator had a breaking change where the policy engine
URI was changed. this resulted in two different URIs for tests on
4.10 and 4.11 clusters.
this changes makes sure we're getting the URI set by the operator,
so same script can work for different versions of Update Service
Operator
---
 hack/e2e.sh | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hack/e2e.sh b/hack/e2e.sh
index da06c9f48..ce5522474 100755
--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -102,9 +102,11 @@ export GRAPH_SOURCE="${GRAPHDATA_IMAGE:-quay.io/openshift-ota/cincinnati-graph-d
 
 echo "GRAPHDATA_IMAGE=${GRAPH_SOURCE}"
 
+NAMESPACE="openshift-update-service"
+
 # Render the template and apply subscription/operand
 oc process -f dist/openshift/cincinnati-e2e.yaml \
-  -p NAMESPACE="openshift-update-service" \
+  -p NAMESPACE="${NAMESPACE}" \
   -p IMAGE="${IMAGE}" \
   -p IMAGE_TAG="${IMAGE_TAG}" \
   -p GRAPHDATA_IMAGE="${GRAPH_SOURCE}" \
@@ -127,8 +129,8 @@ backoff oc -n openshift-update-service wait --for=condition=Ready pod -l app=e2e
 }
 
 # Expose services
-PE_URL=$(oc get route e2e-policy-engine-route -o jsonpath='{.spec.host}')
-export GRAPH_URL="https://${PE_URL}/api/upgrades_info/graph"
+PE_URL=$(oc -n "${NAMESPACE}" get -o jsonpath='{.status.policyEngineURI}' updateservice "e2e")
+export GRAPH_URL="${PE_URL}/api/upgrades_info/graph"
 
 # Wait for route to become available
 backoff test "$(curl -ks -o /dev/null -w "%{http_code}" --header 'Accept:application/json' "${GRAPH_URL}?channel=a")" = "200"

From 178d6efafe66e3b03dab1e787ca3261d5960093c Mon Sep 17 00:00:00 2001
From: pratikmahajan <pratik@mahajan.xyz>
Date: Fri, 19 Aug 2022 16:05:02 -0400
Subject: [PATCH 4/4] address comments

---
 hack/e2e.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hack/e2e.sh b/hack/e2e.sh
index ce5522474..f3fec55c2 100755
--- a/hack/e2e.sh
+++ b/hack/e2e.sh
@@ -129,7 +129,12 @@ backoff oc -n openshift-update-service wait --for=condition=Ready pod -l app=e2e
 }
 
 # Expose services
-PE_URL=$(oc -n "${NAMESPACE}" get -o jsonpath='{.status.policyEngineURI}' updateservice "e2e")
+while sleep 1;
+do
+  PE_URL=$(oc -n "${NAMESPACE}" get -o jsonpath='{.status.policyEngineURI}' updateservice "e2e");
+  SCHEME="${PE_URL%%:*}";
+  if test "${SCHEME}" = http -o "${SCHEME}" = https; then break; fi;
+done
 export GRAPH_URL="${PE_URL}/api/upgrades_info/graph"
 
 # Wait for route to become available