adding required annotations check and necessary tests

[acornett21]

Adding a new check that checks for newly required annotations. At first we will only warn partners about this, then after sometime we will move to enforce this check.

• Relates: JIRA: EET-3540

Note: There are backend changes being made to support Warning being in the results

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[dcibot]

• FAILURE https://www.distributed-ci.io/jobs/04d95d8e-1033-4ed4-bc74-a7e360657d1c/jobStates
  from adding required annotations check and necessary tests #1086

[tkrishtop]

Hi @acornett21 the DCI job failed because of a new test you've added

TASK [redhatci.ocp.verify_tests : Fail if not all test results are as expected for preflight_operator_simple-demo-operator_results-junit.xml]
0s
task path: /usr/share/ansible/collections/ansible_collections/redhatci/ocp/roles/verify_tests/tasks/parse_junit_file.yml:35
fatal: [jumphost]: FAILED! => 
{"changed": false, "msg": "The following expectations failed: 
[{'failed_expectation': {'testcase': '[a-zA-Z]+', 'passed': True}, 
'actual_result': {'testcase': 'RequiredAnnotations', 'passed': False}}]"}

I'll change the expectations for simple-demo-operator tomorrow - for the moment we simply expect all tests to be green.

[bcrochet]

A few comments.

[acornett21]

I'll change the expectations for simple-demo-operator tomorrow - for the moment we simply expect all tests to be green.

@tkrishtop Are you saying the new check showed up as failed? If so that's incorrect. This is still WIP, and I'll be working to update simple-demo-operator and simple-disconnected-operator accordingly, once this feature is fully hashed out.

[komish]

This is a potentially unrelated question.. but why are these becoming required? Are we installing operators on all providers all at once?

[acornett21]

I'm not sure if a given operator would/could support token auth for all cloud providers or not. My guess would be that is unlikely, just based on our dealings with STS in the ACK project. IMO It's more so for the below:

The current format of the infrastructure annotations is unsuited for robust checks and effective enforcement. We need a new format that allows to cleanly differentiate between mere absence of a data or actual lack of support for a certain infrastructure feature.

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/6fa21747-3eb5-4cbe-acbd-177e128e07c5/jobStates
  from https://github.com/dci-labs/dallas-pipelines/pull/911

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/fc238d3b-40e4-4fc0-9b17-7e4448bec34a/jobStates
  from https://github.com/dci-labs/dallas-pipelines/pull/911

[dcibot]

• FAILURE https://www.distributed-ci.io/jobs/e33a353a-c880-4c82-b0b0-8307748d0771/jobStates
  from adding required annotations check and necessary tests #1086

[dcibot]

• FAILURE https://www.distributed-ci.io/jobs/b5469f1b-c770-4c81-ab7d-28c16a164ef1/jobStates
  from adding required annotations check and necessary tests #1086

[tkrishtop]

I adjusted the pinned tests on our side, to ignore the new test failing for simple-demo. For the future, it would be nice to fix the simple-demo as well.

[tkrishtop]

check workload preflight-green

[tkrishtop]

I'll change the expectations for simple-demo-operator tomorrow - for the moment we simply expect all tests to be green.

@tkrishtop Are you saying the new check showed up as failed? If so that's incorrect. This is still WIP, and I'll be working to update simple-demo-operator and simple-disconnected-operator accordingly, once this feature is fully hashed out.

Sorry @acornett21 , I just saw your comment. Would you prefer me to fallback the fix on our side and pin all the tests for the simple-demo to be green, as before?

With the old setup, the DCI job for your PR will be failing because it automatically auto-discovers all the tests and expects them to be green:

      - filename: 'preflight_operator_simple-demo-operator_results-junit.xml'
        expected_results:
          - testcase: '[a-zA-Z]+'
            passed: True

[dcibot]

• FAILURE https://www.distributed-ci.io/jobs/fbc562fe-75b1-4782-8f58-d65983c4bf91/jobStates
  from adding required annotations check and necessary tests #1086

[acornett21]

@tkrishtop I've updated the the junit code to add another level/tag (not sure what to call this for junit). But the output will look like this for checks that are at a warn level.

<testsuites>
	<testsuite tests="5" failures="0" warnings="1" time="35.215827" name="Red Hat Certification">
		<properties></properties>
		<testcase classname="quay.io/opdev/simple-demo-operator-bundle:v0.0.6" name="ScorecardBasicSpecCheck" time="3.516921">Check to make sure that all CRs have a spec block.</testcase>
		<testcase classname="quay.io/opdev/simple-demo-operator-bundle:v0.0.6" name="ScorecardOlmSuiteCheck" time="3.530103">Operator-sdk scorecard OLM Test Suite Check</testcase>
		<testcase classname="quay.io/opdev/simple-demo-operator-bundle:v0.0.6" name="DeployableByOLM" time="28.148170">Checking if the operator could be deployed by OLM</testcase>
		<testcase classname="quay.io/opdev/simple-demo-operator-bundle:v0.0.6" name="ValidateOperatorBundle" time="0.010793">Validating Bundle image that checks if it can validate the content and format of the operator bundle</testcase>
		<testcase classname="quay.io/opdev/simple-demo-operator-bundle:v0.0.6" name="RequiredAnnotations" time="9.839866ms">
			<warning message="Warn" type="">Check that the CSV has all of the required feature annotations.: Suggested Fix: Add all of the required annotations, and make sure the value is set to either &#39;true&#39; or &#39;false&#39;</warning>
		</testcase>
	</testsuite>
</testsuites>

The idea of introducing a new check at level warn is so that partners can see the check in their results, but not be penalized if it fails. Then at a later date the check will be moved to level best where the check is enforced. I hope this clears up what we are trying to accomplish. Let me know if we need to adjust the XML, or if you see any issue in how the XML works, since I think DCI is the only consumer of this.

[dcibot]

• FAILURE https://www.distributed-ci.io/jobs/084ea93c-3924-40dc-bb99-47becbdc8ec9/jobStates
  from adding required annotations check and necessary tests #1086

[dcibot]

• FAILURE https://www.distributed-ci.io/jobs/c5be0b64-9302-4aae-a700-b30eeb40afb2/jobStates
  from adding required annotations check and necessary tests #1086

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/de9ade0f-5c61-46df-937c-e46f4f2edb6c/jobStates
  from adding required annotations check and necessary tests #1086

[acornett21]

/ok-to-test

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/32501c48-f325-41ff-a794-0868f5d90ed6/jobStates
  from adding required annotations check and necessary tests #1086

[acornett21]

/ok-to-test

[acornett21]

Tested locally as well now that the operators are updated...

{
    "image": "quay.io/opdev/simple-demo-operator-bundle:v0.0.7",
    "passed": true,
    "certification_hash": "d41d8cd98f00b204e9800998ecf8427e",
    "test_library": {
        "name": "github.com/redhat-openshift-ecosystem/openshift-preflight",
        "version": "0.0.0",
        "commit": "ebe3811bfac4353f96a706e9dd30329946b4f07b"
    },
    "results": {
        "passed": [
            {
                "name": "ScorecardBasicSpecCheck",
                "elapsed_time": 2666,
                "description": "Check to make sure that all CRs have a spec block."
            },
            {
                "name": "ScorecardOlmSuiteCheck",
                "elapsed_time": 3548,
                "description": "Operator-sdk scorecard OLM Test Suite Check"
            },
            {
                "name": "DeployableByOLM",
                "elapsed_time": 42394,
                "description": "Checking if the operator could be deployed by OLM"
            },
            {
                "name": "ValidateOperatorBundle",
                "elapsed_time": 51,
                "description": "Validating Bundle image that checks if it can validate the content and format of the operator bundle"
            },
            {
                "name": "RequiredAnnotations",
                "elapsed_time": 12,
                "description": "Checks that the CSV has all of the required feature annotations."
            }
        ],
        "failed": [],
        "errors": []
    }
}

[bcrochet]

A few requests.

[bcrochet]

This is different... You use "warning" on 223, but "warn" here. Perhaps time for a constant for these levels?

[acornett21]

I moved this to a constant, though I'm not sure the package is the ideal place. I put it in check.certification which defines the Check interface.

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/bd700a34-3fe9-46db-a4ab-6494fcfc838c/jobStates
  from adding required annotations check and necessary tests #1086

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/dbba234e-f7f5-4bf1-93ac-3c388d3d22d8/jobStates
  from adding required annotations check and necessary tests #1086

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/2878be73-a4ae-4f29-841e-51c36f03f405/jobStates
  from adding required annotations check and necessary tests #1086

[bcrochet]

Notes about the import name

[bcrochet]

Why not use the Optional const?

[acornett21]

To keep this PR focused on the required annotations, I was planning a follow up PR to switch all other checks to the constants. I assumed that would be preference then introducing here. But maybe it's fine to just introduce for this one line since it is already changing?

[acornett21]

I switched this one line, but as mentioned another pr will follow to update all the things.

[komish]

Barring E2E, LGTM.

/lgtm

[bcrochet]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: acornett21, bcrochet, komish

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [acornett21,bcrochet,komish]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dcibot]

• SUCCESS https://www.distributed-ci.io/jobs/255347a4-36bd-44d0-a75e-746b0ffec0ad/jobStates
  from adding required annotations check and necessary tests #1086