NE-1324: E2E tests for Assume Role in Shared VPC Cluster

`go.mod`: Bumped openshift/api for DNS PrivateZoneIAMRole field
`go.sum`: Generated
`test/e2e/operator_test.go`: Add TestExternalDNSAssumeRole E2E test
`test/e2e/util.go`: Add getDNSRecordValuesWithAssumeRole to interface
`test/e2e/aws.go`: Add getDNSRecordValuesWithAssumeRole implementation
`test/e2e/azure.go`: Stub out getDNSRecordValuesWithAssumeRole
`test/e2e/gcp.go`: Stub out getDNSRecordValuesWithAssumeRole
`test/e2e/infoblox.go`: Stub out getDNSRecordValuesWithAssumeRole

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/miekg/dns v1.0.14
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.27.7
-	github.com/openshift/api v0.0.0-20220906163444-2df055c101a3
+	github.com/openshift/api v0.0.0-20230712163317-e19a88e10d9c
 	github.com/openshift/cloud-credential-operator v0.0.0-20211118210017-9066dcc747fa
 	github.com/operator-framework/api v0.11.0
 	google.golang.org/api v0.58.0

go.sum

@@ -517,8 +517,8 @@ github.com/onsi/gomega v1.14.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+t
 github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0=
 github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
 github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
-github.com/openshift/api v0.0.0-20220906163444-2df055c101a3 h1:JEFTPLulnOSzBIsZZWitpm0SMJ+TFr7kUumAx7LvvGI=
-github.com/openshift/api v0.0.0-20220906163444-2df055c101a3/go.mod h1:9JWn+H7X8wEPPc9D63krigXl8r3F1Mt6/lC98brUyhQ=
+github.com/openshift/api v0.0.0-20230712163317-e19a88e10d9c h1:CrYt+EyqxuL8EulM5w37YSJ2jAxxChbyA0e4rQWosuI=
+github.com/openshift/api v0.0.0-20230712163317-e19a88e10d9c/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs=
 github.com/openshift/cloud-credential-operator v0.0.0-20211118210017-9066dcc747fa h1:q2NffXPZIu0OfddEsV/6SqSpQAwol1VD9lOIc5JEmvE=
 github.com/openshift/cloud-credential-operator v0.0.0-20211118210017-9066dcc747fa/go.mod h1:2yIM8jdbNwuuHOIWwE8wzE+bxu6XvyAPpNzQPK2azgc=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=

test/e2e/aws.go

@@ -7,10 +7,13 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/route53"
+
 	configv1 "github.com/openshift/api/config/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -21,9 +24,10 @@ import (
 )
 
 type awsTestHelper struct {
-	r53Client *route53.Route53
-	keyID     string
-	secretKey string
+	awsSession *session.Session
+	r53Client  *route53.Route53
+	keyID      string
+	secretKey  string
 }
 
 func newAWSHelper(isOpenShiftCI bool, kubeClient client.Client) (providerTestHelper, error) {
@@ -32,11 +36,12 @@ func newAWSHelper(isOpenShiftCI bool, kubeClient client.Client) (providerTestHel
 		return nil, err
 	}
 
-	awsSession := session.Must(session.NewSession(&aws.Config{
+	provider.awsSession = session.Must(session.NewSession(&aws.Config{
 		Credentials: credentials.NewStaticCredentials(provider.keyID, provider.secretKey, ""),
 	}))
 
-	provider.r53Client = route53.New(awsSession)
+	provider.r53Client = route53.New(provider.awsSession)
+
 	return provider, nil
 }
 
@@ -184,3 +189,37 @@ func (a *awsTestHelper) prepareConfigurations(isOpenShiftCI bool, kubeClient cli
 	}
 	return nil
 }
+
+func (a *awsTestHelper) createAssumeRoleRoute53Client(assumeRoleARN string) *route53.Route53 {
+	sessRoute53 := a.awsSession.Copy()
+	sessRoute53.Config.WithCredentials(stscreds.NewCredentials(sessRoute53, assumeRoleARN))
+	r53AssumeRoleClient := route53.New(sessRoute53)
+	return r53AssumeRoleClient
+}
+
+func (a *awsTestHelper) getDNSRecordValuesWithAssumeRole(assumeRoleARN, zoneId, recordName, recordType string) (map[string]struct{}, error) {
+	r53AssumeRoleClient := a.createAssumeRoleRoute53Client(assumeRoleARN)
+	records, err := r53AssumeRoleClient.ListResourceRecordSets(&route53.ListResourceRecordSetsInput{
+		HostedZoneId:    &zoneId,
+		StartRecordName: &recordName,
+		StartRecordType: &recordType,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to list resource record sets: %w", err)
+	}
+
+	if len(records.ResourceRecordSets) == 0 {
+		return nil, nil
+	}
+
+	recordList := make(map[string]struct{})
+	if records.ResourceRecordSets[0].AliasTarget != nil {
+		recordList[*records.ResourceRecordSets[0].AliasTarget.DNSName] = struct{}{}
+	} else {
+		for _, record := range records.ResourceRecordSets[0].ResourceRecords {
+			recordList[*record.Value] = struct{}{}
+		}
+	}
+
+	return recordList, nil
+}

test/e2e/azure.go

@@ -183,3 +183,7 @@ func getAccessToken(cfg *clusterConfig) (*adal.ServicePrincipalToken, error) {
 	}
 	return nil, fmt.Errorf("no credentials provided for Azure API")
 }
+
+func (a *azureTestHelper) getDNSRecordValuesWithAssumeRole(assumeRoleARN, zoneId, recordName, recordType string) (map[string]struct{}, error) {
+	panic("not implemented")
+}

test/e2e/gcp.go

@@ -194,3 +194,7 @@ func getGCPProjectId(kubeClient client.Client) (string, error) {
 	}
 	return infraConfig.Status.PlatformStatus.GCP.ProjectID, nil
 }
+
+func (g *gcpTestHelper) getDNSRecordValuesWithAssumeRole(assumeRoleARN, zoneId, recordName, recordType string) (map[string]struct{}, error) {
+	panic("not implemented")
+}

test/e2e/infoblox.go

@@ -330,3 +330,7 @@ func (h *infobloxTestHelper) trustGridTLSCert(kubeClient client.Client) error {
 
 	return nil
 }
+
+func (h *infobloxTestHelper) getDNSRecordValuesWithAssumeRole(assumeRoleARN, zoneId, recordName, recordType string) (map[string]struct{}, error) {
+	panic("not implemented")
+}