From e107c4bc7fe8418142cbe9d0560d8ef0bbb810c0 Mon Sep 17 00:00:00 2001
From: Tomer Figenblat <tfigenbl@redhat.com>
Date: Thu, 11 Apr 2024 21:03:54 -0400
Subject: [PATCH 1/2] feat: added clusterdeployment array per
 managedclustergroup

Co-authored-by: Alejandro Villegas <alex.ansi.c@gmail.com>
Signed-off-by: Tomer Figenblat <tfigenbl@redhat.com>
---
 .../provision/clusterdeployment.yaml          | 161 ++++++++++++++++++
 acm/values.yaml                               |  48 ++++++
 2 files changed, 209 insertions(+)
 create mode 100644 acm/templates/provision/clusterdeployment.yaml

diff --git a/acm/templates/provision/clusterdeployment.yaml b/acm/templates/provision/clusterdeployment.yaml
new file mode 100644
index 00000000..9b59194e
--- /dev/null
+++ b/acm/templates/provision/clusterdeployment.yaml
@@ -0,0 +1,161 @@
+{{- range .Values.clusterGroup.managedClusterGroups }}
+{{- $group := . }}
+
+{{- if $group.clusterDeployments }}
+
+---
+apiVersion: cluster.open-cluster-management.io/v1beta2
+kind: ManagedClusterSet
+metadata:
+  name: {{ $group.name }}
+  annotations:
+    cluster.open-cluster-management.io/submariner-broker-ns: {{ $group.name }}-broker
+
+---
+{{- range $group.clusterDeployments}}
+{{ $cluster := . }}
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ $cluster.name }}
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ $cluster.name }}-cluster-private-key
+  namespace: {{ $cluster.name }}
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: secret/hub/privatekey
+        metadataPolicy: None
+  refreshInterval: 24h0m0s
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: {{ $cluster.name }}-cluster-private-key
+    template:
+      engineVersion: v2
+      mergePolicy: Replace
+      type: Opaque
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ $cluster.name }}-cluster-pull-secret
+  namespace: {{ $cluster.name }}
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: secret/hub/openshiftPullSecret
+        metadataPolicy: None
+  refreshInterval: 24h0m0s
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: {{ $cluster.name }}-cluster-pull-secret
+    template:
+      engineVersion: v2
+      mergePolicy: Replace
+      type: Opaque
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ $cluster.name }}-cluster-aws-creds
+  namespace: {{ $cluster.name }}
+spec:
+  dataFrom:
+    - extract:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: secret/hub/aws
+        metadataPolicy: None
+  refreshInterval: 24h0m0s
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: {{ $cluster.name }}-cluster-aws-creds
+    template:
+      engineVersion: v2
+      mergePolicy: Replace
+      type: Opaque
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $cluster.name }}-cluster-install-config
+  namespace: {{ $cluster.name }}
+type: Opaque
+data:
+  install-config.yaml: {{ toYaml $cluster.install_config | b64enc }}
+
+---
+apiVersion: hive.openshift.io/v1
+kind: ClusterDeployment
+metadata:
+  name: {{ $cluster.name }}
+  namespace: {{ $cluster.name }}
+  labels:
+    vendor: OpenShift
+spec:
+  baseDomain: {{ $cluster.install_config.baseDomain }}
+  clusterName: {{ $cluster.name }}
+  installAttemptsLimit: 1
+  platform:
+{{- if $cluster.install_config.platform.aws }}
+    aws:
+      credentialsSecretRef:
+        name: {{ $cluster.name }}-cluster-aws-creds
+      region: {{ $cluster.install_config.platform.aws.region }}
+{{- end }}
+  provisioning:
+    installConfigSecretRef:
+      name: {{ $cluster.name }}-cluster-install-config
+    sshPrivateKeySecretRef:
+      name: {{ $cluster.name }}-cluster-private-key
+    imageSetRef:
+      name: img{{ $cluster.version }}-multi-appsub
+  pullSecretRef:
+    name: {{ $cluster.name }}-cluster-pull-secret
+
+---
+apiVersion: cluster.open-cluster-management.io/v1
+kind: ManagedCluster
+metadata:
+  labels:
+    cluster.open-cluster-management.io/clusterset: {{ $group.name }}
+  {{- if (not $group.acmlabels) }}
+    clusterGroup: {{ $group.name }}
+  {{- else if eq (len $group.acmlabels) 0 }}
+    clusterGroup: {{ $group.name }}
+  {{- else }}
+    {{- range $group.acmlabels }}
+    {{ .name }}: {{ .value }}
+    {{- end }}
+  {{- end }}
+  name: {{ $cluster.name }}
+spec:
+  hubAcceptsClient: true
+
+{{- end }}{{- /* range $group.clusterDeployments */}}
+{{- end }}{{- /* if $group.clusterDeployments) */}}
+{{- end }}{{- /* range .Values.clusterGroup.managedClusterGroups */}}
\ No newline at end of file
diff --git a/acm/values.yaml b/acm/values.yaml
index fb7cb03a..8080b8d3 100644
--- a/acm/values.yaml
+++ b/acm/values.yaml
@@ -29,6 +29,54 @@ clusterGroup:
 #      labels:
 #      - name: clusterGroup
 #        value: region-one
+#    testRegionTwo:
+#      name: region-two
+#      labels:
+#        - name: clusterGroup
+#          value: region-two
+#      clusterDeployments:
+#        - name: mcluster1
+#          version: 4.14.12
+#          # See OpenShift documentation for install config spec
+#          # https://docs.openshift.com/container-platform/4.14/installing/installing_aws/installing-aws-customizations.html
+#          install_config:
+#            apiVersion: v1
+#            metadata:
+#              name: mcluster1
+#            baseDomain: example-domain.com
+#            controlPlane:
+#              name: master
+#              replicas: 3
+#              platform:
+#                aws:
+#                  type: m5.2xlarge
+#                  zones:
+#                  - ca-central-1a
+#            compute:
+#            - name: worker
+#              replicas: 5
+#              platform:
+#                aws:
+#                  type: m5.2xlarge
+#                  zones:
+#                  - ca-central-1a
+#            networking:
+#              clusterNetwork:
+#              - cidr: 10.128.0.0/14
+#                hostPrefix: 23
+#              machineNetwork:
+#              - cidr: 10.0.0.0/16
+#              networkType: OpenShiftSDN
+#              serviceNetwork:
+#              - 172.30.0.0/16
+#            platform:
+#              aws:
+#                region: ca-central-1
+#                userTags:
+#                  project: ValidatedPatterns
+#            publish: External
+#            sshKey: ""
+#            pullSecret: ""
 
 secretStore:
   name: vault-backend

From 536119ad07d9f25ed18959cba945725e1647ddc8 Mon Sep 17 00:00:00 2001
From: Tomer Figenblat <tfigenbl@redhat.com>
Date: Thu, 11 Apr 2024 21:05:47 -0400
Subject: [PATCH 2/2] test: updated test files for new clusterdeployment
 feature

Co-authored-by: Alejandro Villegas <alex.ansi.c@gmail.com>
Signed-off-by: Tomer Figenblat <tfigenbl@redhat.com>
---
 tests/hashicorp-vault-industrial-edge-factory.expected.yaml | 2 +-
 tests/hashicorp-vault-industrial-edge-hub.expected.yaml     | 2 +-
 tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml   | 2 +-
 tests/hashicorp-vault-naked.expected.yaml                   | 2 +-
 tests/hashicorp-vault-normal.expected.yaml                  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/hashicorp-vault-industrial-edge-factory.expected.yaml b/tests/hashicorp-vault-industrial-edge-factory.expected.yaml
index 0f2218b0..6b737659 100644
--- a/tests/hashicorp-vault-industrial-edge-factory.expected.yaml
+++ b/tests/hashicorp-vault-industrial-edge-factory.expected.yaml
@@ -351,7 +351,7 @@ metadata:
     app.kubernetes.io/instance: hashicorp-vault
     app.kubernetes.io/managed-by: Helm
 spec:
-  host: 
+  host: chart-example.local
   to:
     kind: Service
     name: hashicorp-vault
diff --git a/tests/hashicorp-vault-industrial-edge-hub.expected.yaml b/tests/hashicorp-vault-industrial-edge-hub.expected.yaml
index 0f2218b0..6b737659 100644
--- a/tests/hashicorp-vault-industrial-edge-hub.expected.yaml
+++ b/tests/hashicorp-vault-industrial-edge-hub.expected.yaml
@@ -351,7 +351,7 @@ metadata:
     app.kubernetes.io/instance: hashicorp-vault
     app.kubernetes.io/managed-by: Helm
 spec:
-  host: 
+  host: chart-example.local
   to:
     kind: Service
     name: hashicorp-vault
diff --git a/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml b/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml
index 0f2218b0..6b737659 100644
--- a/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml
+++ b/tests/hashicorp-vault-medical-diagnosis-hub.expected.yaml
@@ -351,7 +351,7 @@ metadata:
     app.kubernetes.io/instance: hashicorp-vault
     app.kubernetes.io/managed-by: Helm
 spec:
-  host: 
+  host: chart-example.local
   to:
     kind: Service
     name: hashicorp-vault
diff --git a/tests/hashicorp-vault-naked.expected.yaml b/tests/hashicorp-vault-naked.expected.yaml
index 68b5a897..3333b1b4 100644
--- a/tests/hashicorp-vault-naked.expected.yaml
+++ b/tests/hashicorp-vault-naked.expected.yaml
@@ -351,7 +351,7 @@ metadata:
     app.kubernetes.io/instance: hashicorp-vault
     app.kubernetes.io/managed-by: Helm
 spec:
-  host: 
+  host: chart-example.local
   to:
     kind: Service
     name: hashicorp-vault
diff --git a/tests/hashicorp-vault-normal.expected.yaml b/tests/hashicorp-vault-normal.expected.yaml
index 0f2218b0..6b737659 100644
--- a/tests/hashicorp-vault-normal.expected.yaml
+++ b/tests/hashicorp-vault-normal.expected.yaml
@@ -351,7 +351,7 @@ metadata:
     app.kubernetes.io/instance: hashicorp-vault
     app.kubernetes.io/managed-by: Helm
 spec:
-  host: 
+  host: chart-example.local
   to:
     kind: Service
     name: hashicorp-vault