test/api.sh: run cloud CLI tools from a container

The 'google-cloud-sdk' RPM built by Google for RHEL, which provides the 'gcloud' command, is built only with Python 2. Since Python 2.7 is already EOL in upstream and not available in CentOS Stream 9, we can not use 'gcloud' from the 'google-cloud-sdk' RPM. The 'awscli' is not available in RHEL-9 repositories. The Azure CLI 'az' available in official upstream repositories has broken dependencies on RHEL-9 and can not be successfully installed. To workaround the issue, run the tool from the official container image provided by Microsoft. Use the `quay.io/osbuild/cloud-tools` F34-based container image instead of locally installed cloud CLI tools. Signed-off-by: Tomas Hozza <thozza@redhat.com>
2021-08-26 14:27:45 +02:00 · 2021-08-26 14:27:45 +02:00 · 1e2b9e3982
commit 1e2b9e3982
parent 03127ded43
1 changed files with 51 additions and 43 deletions
--- a/test/cases/api.sh
+++ b/test/cases/api.sh
@ -20,6 +20,9 @@ mkdir -p "${ARTIFACTS}"
 source /etc/os-release
 DISTRO_CODE="${DISTRO_CODE:-${ID}_${VERSION_ID//./}}"

+# Container image used for cloud provider CLI tools
+CONTAINER_IMAGE_CLOUD_TOOLS="quay.io/osbuild/cloud-tools:latest"
+
 #
 # Provision the software under test.
 #
@ -222,12 +225,12 @@ function cleanupAzure() {
  if [[ -n "$AZURE_CMD" && -n "$AZURE_IMAGE_NAME" ]]; then
    set +e
    # Re-get the vm_details in case the VM creation is failed.
-    [ -f "$WORKDIR/vm_details.json" ] || "$AZURE_CMD" vm show --name "$AZURE_INSTANCE_NAME" --resource-group "$AZURE_RESOURCE_GROUP" --show-details > "$WORKDIR/vm_details.json"
+    [ -f "$WORKDIR/vm_details.json" ] || $AZURE_CMD vm show --name "$AZURE_INSTANCE_NAME" --resource-group "$AZURE_RESOURCE_GROUP" --show-details > "$WORKDIR/vm_details.json"
    # Get all the resources ids
    VM_ID=$(jq -r '.id' "$WORKDIR"/vm_details.json)
    OSDISK_ID=$(jq -r '.storageProfile.osDisk.managedDisk.id' "$WORKDIR"/vm_details.json)
    NIC_ID=$(jq -r '.networkProfile.networkInterfaces[0].id' "$WORKDIR"/vm_details.json)
-    "$AZURE_CMD" network nic show --ids "$NIC_ID" > "$WORKDIR"/nic_details.json
+    $AZURE_CMD network nic show --ids "$NIC_ID" > "$WORKDIR"/nic_details.json
    NSG_ID=$(jq -r '.networkSecurityGroup.id' "$WORKDIR"/nic_details.json)
    PUBLICIP_ID=$(jq -r '.ipConfigurations[0].publicIpAddress.id' "$WORKDIR"/nic_details.json)

@ -237,15 +240,15 @@ function cleanupAzure() {
    # Left Virtual Network and Storage Account there because other tests in the same resource group will reuse them
    for id in "$VM_ID" "$OSDISK_ID" "$NIC_ID" "$NSG_ID" "$PUBLICIP_ID"; do
      echo "Deleting $id..."
-      "$AZURE_CMD" resource delete --ids "$id"
+      $AZURE_CMD resource delete --ids "$id"
    done

    # Delete image after VM deleting.
    $AZURE_CMD image delete --resource-group "$AZURE_RESOURCE_GROUP" --name "$AZURE_IMAGE_NAME"
    # find a storage account by its tag
-    AZURE_STORAGE_ACCOUNT=$("$AZURE_CMD" resource list --tag imageBuilderStorageAccount=location="$AZURE_LOCATION" | jq -r .[0].name)
-    AZURE_CONNECTION_STRING=$("$AZURE_CMD" storage account show-connection-string --name "$AZURE_STORAGE_ACCOUNT" | jq -r .connectionString)
-    "$AZURE_CMD" storage blob delete --container-name imagebuilder --name "$AZURE_IMAGE_NAME".vhd --account-name "$AZURE_STORAGE_ACCOUNT" --connection-string "$AZURE_CONNECTION_STRING"
+    AZURE_STORAGE_ACCOUNT=$($AZURE_CMD resource list --tag imageBuilderStorageAccount=location="$AZURE_LOCATION" | jq -r .[0].name)
+    AZURE_CONNECTION_STRING=$($AZURE_CMD storage account show-connection-string --name "$AZURE_STORAGE_ACCOUNT" | jq -r .connectionString)
+    $AZURE_CMD storage blob delete --container-name imagebuilder --name "$AZURE_IMAGE_NAME".vhd --account-name "$AZURE_STORAGE_ACCOUNT" --connection-string "$AZURE_CONNECTION_STRING"
    set -e
  fi
 }
@ -267,7 +270,7 @@ function cleanup() {
      ;;
  esac

-  rm -rf "$WORKDIR"
+  sudo rm -rf "$WORKDIR"
 }
 trap cleanup EXIT

@ -275,56 +278,61 @@ trap cleanup EXIT
 # Install the necessary cloud provider client tools
 #

-#
-# Install the aws client from the upstream release, because it doesn't seem to
-# be available as a RHEL package.
-#
 function installClientAWS() {
  if ! hash aws; then
-    sudo dnf install -y awscli
-    aws --version
-  fi
+    echo "Using 'awscli' from a container"
+    sudo ${CONTAINER_RUNTIME} pull ${CONTAINER_IMAGE_CLOUD_TOOLS}

-  AWS_CMD="aws --region $AWS_REGION --output json --color on"
+    AWS_CMD="sudo ${CONTAINER_RUNTIME} run --rm \
+      -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
+      -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
+      -v ${WORKDIR}:${WORKDIR}:Z \
+      ${CONTAINER_IMAGE_CLOUD_TOOLS} aws --region $AWS_REGION --output json --color on"
+  else
+    echo "Using pre-installed 'aws' from the system"
+    AWS_CMD="aws --region $AWS_REGION --output json --color on"
+  fi
+  $AWS_CMD --version
 }

-#
-# Install the gcp clients from the upstream release
-#
 function installClientGCP() {
  if ! hash gcloud; then
-    sudo tee -a /etc/yum.repos.d/google-cloud-sdk.repo << EOM
-[google-cloud-sdk]
-name=Google Cloud SDK
-baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64
-enabled=1
-gpgcheck=1
-repo_gpgcheck=1
-gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
-       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
-EOM
-  fi
+    echo "Using 'gcloud' from a container"
+    sudo ${CONTAINER_RUNTIME} pull ${CONTAINER_IMAGE_CLOUD_TOOLS}

-  sudo dnf -y install google-cloud-sdk
-  GCP_CMD="gcloud --format=json --quiet"
+    # directory mounted to the container, in which gcloud stores the credentials after logging in
+    GCP_CMD_CREDS_DIR="${WORKDIR}/gcloud_credentials"
+    mkdir "${GCP_CMD_CREDS_DIR}"
+
+    GCP_CMD="sudo ${CONTAINER_RUNTIME} run --rm \
+      -v ${GCP_CMD_CREDS_DIR}:/root/.config/gcloud:Z \
+      -v ${GOOGLE_APPLICATION_CREDENTIALS}:${GOOGLE_APPLICATION_CREDENTIALS}:Z \
+      -v ${WORKDIR}:${WORKDIR}:Z \
+      ${CONTAINER_IMAGE_CLOUD_TOOLS} gcloud --format=json"
+  else
+    echo "Using pre-installed 'gcloud' from the system"
+    GCP_CMD="gcloud --format=json --quiet"
+  fi
  $GCP_CMD --version
 }

 function installClientAzure() {
  if ! hash az; then
-    # this installation method is taken from the official docs:
-    # https://docs.microsoft.com/cs-cz/cli/azure/install-azure-cli-linux?pivots=dnf
-    sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
-    echo -e "[azure-cli]
-name=Azure CLI
-baseurl=https://packages.microsoft.com/yumrepos/azure-cli
-enabled=1
-gpgcheck=1
-gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/azure-cli.repo
-  fi
+    echo "Using 'azure-cli' from a container"
+    sudo ${CONTAINER_RUNTIME} pull ${CONTAINER_IMAGE_CLOUD_TOOLS}

-  sudo dnf install -y azure-cli
-  AZURE_CMD="az"
+    # directory mounted to the container, in which azure-cli stores the credentials after logging in
+    AZURE_CMD_CREDS_DIR="${WORKDIR}/azure-cli_credentials"
+    mkdir "${AZURE_CMD_CREDS_DIR}"
+
+    AZURE_CMD="sudo ${CONTAINER_RUNTIME} run --rm \
+      -v ${AZURE_CMD_CREDS_DIR}:/root/.azure:Z \
+      -v ${WORKDIR}:${WORKDIR}:Z \
+      ${CONTAINER_IMAGE_CLOUD_TOOLS} az"
+  else
+    echo "Using pre-installed 'azure-cli' from the system"
+    AZURE_CMD="az"
+  fi
  $AZURE_CMD version
 }