From 82ff759ee1c254ac09dd4c4def53d06e910aa185 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Tue, 20 Aug 2024 17:03:03 +0200
Subject: [PATCH] Test: test GCE image type on el10 / c10s
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Enable testing of GCE image type on el10 / c10s. The el10 / c10s image
type temporarily uses cloud-init, because there are no GCP guest tools
for el10 / c10s yet and el9 version can't be installed. This implies
that we need to set the SSH key in the instance metadata and use SSH
directly.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 .gitlab-ci.yml        |  3 ++-
 test/cases/api/gcp.sh | 19 ++++++++++++++++++-
 test/cases/gcp.sh     | 24 ++++++++++++++++++------
 3 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ceb2d8804..66ab5dbb0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -488,7 +488,7 @@ gcp.sh:
   extends: .integration_rhel
   rules:
     # Temporarily disabled for RHEL-10 and Centos-10
-    - if: '$CI_PIPELINE_SOURCE != "schedule" && $RUNNER =~ "/^.*(x86_64).*$/" && $RUNNER !~ /[\S]+rhel-[\S]+-(?:(?:ga)|(?:eus))[\S]+/ && $RUNNER !~ "/^.*(rhel-10.0-nightly|centos-stream-10).*$/"'
+    - if: '$CI_PIPELINE_SOURCE != "schedule" && $RUNNER =~ "/^.*(x86_64).*$/" && $RUNNER !~ /[\S]+rhel-[\S]+-(?:(?:ga)|(?:eus))[\S]+/'
     - if: '$CI_PIPELINE_SOURCE == "schedule" && $RUNNER =~ /[\S]+rhel-9.5-[^ga][\S]+/ && $RUNNER =~ "/^.*(x86_64).*$/" && $NIGHTLY == "true" && $RHEL_MAJOR == "9"'
     # - !reference [.upstream_rules_x86_64, rules]
     # - !reference [.nightly_rules_x86_64, rules]
@@ -572,6 +572,7 @@ API:
       - IMAGE_TYPE:
           - aws
           - azure
+          - gcp
         RUNNER:
           - aws/rhel-10.0-nightly-x86_64
         INTERNAL_NETWORK: ["true"]
diff --git a/test/cases/api/gcp.sh b/test/cases/api/gcp.sh
index c1cb43405..a57297345 100644
--- a/test/cases/api/gcp.sh
+++ b/test/cases/api/gcp.sh
@@ -136,6 +136,15 @@ function verify() {
   GCP_SSH_KEY="$WORKDIR/id_google_compute_engine"
   ssh-keygen -t rsa-sha2-512 -f "$GCP_SSH_KEY" -C "$SSH_USER" -N ""
 
+  # TODO: remove this once el10 / c10s image moves to oslogin
+  GCP_METADATA_OPTION=
+  # On el10 / c10s, we need to temporarily set the metadata key to "ssh-keys", because there is no "oslogin" feature
+  if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} == 10 ]]; then
+    GCP_SSH_METADATA_FILE="$WORKDIR/gcp-ssh-keys-metadata"
+    echo "${SSH_USER}:$(cat "$GCP_SSH_KEY".pub)" > "$GCP_SSH_METADATA_FILE"
+    GCP_METADATA_OPTION="--metadata-from-file=ssh-keys=$GCP_SSH_METADATA_FILE"
+  fi
+
   # create the instance
   # resource ID can have max 62 characters, the $GCP_TEST_ID_HASH contains 56 characters
   GCP_INSTANCE_NAME="vm-$GCP_TEST_ID_HASH"
@@ -153,12 +162,13 @@ function verify() {
   local GCP_MACHINE_TYPE
   GCP_MACHINE_TYPE=$($GCP_CMD --format=json compute machine-types list --filter="zone=$GCP_ZONE AND name~^n\d-standard-\d$" | jq -r '.[].name' | sort | head -1)
 
+  # shellcheck disable=SC2086
   $GCP_CMD compute instances create "$GCP_INSTANCE_NAME" \
     --zone="$GCP_ZONE" \
     --image-project="$GCP_PROJECT" \
     --image="$GCP_IMAGE_NAME" \
     --machine-type="$GCP_MACHINE_TYPE" \
-    --labels=gitlab-ci-test=true
+    $GCP_METADATA_OPTION --labels=gitlab-ci-test=true
 
   HOST=$($GCP_CMD --format=json compute instances describe "$GCP_INSTANCE_NAME" --zone="$GCP_ZONE" --format='get(networkInterfaces[0].accessConfigs[0].natIP)')
 
@@ -167,5 +177,12 @@ function verify() {
 
   # Verify image
   _ssh="$GCP_CMD compute ssh --strict-host-key-checking=no --ssh-key-file=$GCP_SSH_KEY --zone=$GCP_ZONE $SSH_USER@$GCP_INSTANCE_NAME --"
+
+  # TODO: remove this once el10 / c10s image moves to oslogin
+  # On el10 / c10s, we need to ssh directly, because there is no "oslogin" feature
+  if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} == 10 ]]; then
+    _ssh="ssh -oStrictHostKeyChecking=no -i $GCP_SSH_KEY $SSH_USER@$HOST"
+  fi
+
   _instanceCheck "$_ssh"
 }
diff --git a/test/cases/gcp.sh b/test/cases/gcp.sh
index 640055d22..56bd460fc 100755
--- a/test/cases/gcp.sh
+++ b/test/cases/gcp.sh
@@ -12,11 +12,6 @@ source /usr/libexec/tests/osbuild-composer/shared_lib.sh
 
 set -euo pipefail
 
-if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} == 10 ]]; then
-    echo "Temporary disabled b/c GCP isn't suported on el10"
-    exit 1
-fi
-
 # Container image used for cloud provider CLI tools
 CONTAINER_IMAGE_CLOUD_TOOLS="quay.io/osbuild/cloud-tools:latest"
 
@@ -117,6 +112,15 @@ function verifyInGCP() {
     GCP_SSH_KEY="$TEMPDIR/id_google_compute_engine"
     ssh-keygen -t rsa-sha2-512 -f "$GCP_SSH_KEY" -C "$SSH_USER" -N ""
 
+    # TODO: remove this once el10 / c10s image moves to oslogin
+    GCP_METADATA_OPTION=
+    # On el10 / c10s, we need to temporarily set the metadata key to "ssh-keys", because there is no "oslogin" feature
+    if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} == 10 ]]; then
+        GCP_SSH_METADATA_FILE="$TEMPDIR/gcp-ssh-keys-metadata"
+        echo "${SSH_USER}:$(cat "$GCP_SSH_KEY".pub)" > "$GCP_SSH_METADATA_FILE"
+        GCP_METADATA_OPTION="--metadata-from-file=ssh-keys=$GCP_SSH_METADATA_FILE"
+    fi
+
     # create the instance
     # resource ID can have max 62 characters, the $GCP_TEST_ID_HASH contains 56 characters
     GCP_INSTANCE_NAME="vm-$GCP_TEST_ID_HASH"
@@ -134,12 +138,13 @@ function verifyInGCP() {
     local GCP_MACHINE_TYPE
     GCP_MACHINE_TYPE=$($GCP_CMD compute machine-types list --filter="zone=$GCP_ZONE AND name~^n\d-standard-\d$" | jq -r '.[].name' | sort | head -1)
 
+    # shellcheck disable=SC2086
     $GCP_CMD compute instances create "$GCP_INSTANCE_NAME" \
         --zone="$GCP_ZONE" \
         --image-project="$GCP_PROJECT" \
         --image="$GCP_IMAGE_NAME" \
         --machine-type="$GCP_MACHINE_TYPE" \
-        --labels=gitlab-ci-test=true
+        $GCP_METADATA_OPTION --labels=gitlab-ci-test=true
 
     HOST=$($GCP_CMD compute instances describe "$GCP_INSTANCE_NAME" --zone="$GCP_ZONE" --format='get(networkInterfaces[0].accessConfigs[0].natIP)')
 
@@ -148,6 +153,13 @@ function verifyInGCP() {
 
     # Verify image
     _ssh="$GCP_CMD compute ssh --strict-host-key-checking=no --ssh-key-file=$GCP_SSH_KEY --zone=$GCP_ZONE --quiet $SSH_USER@$GCP_INSTANCE_NAME --"
+
+    # TODO: remove this once el10 / c10s image moves to oslogin
+    # On el10 / c10s, we need to ssh directly, because there is no "oslogin" feature
+    if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} == 10 ]]; then
+        _ssh="ssh -oStrictHostKeyChecking=no -i $GCP_SSH_KEY $SSH_USER@$HOST"
+    fi
+
     _instanceCheck "$_ssh"
 }