Review changes from scripts-dev to scripts-adopter

br-testing-automation/auto-br-oadp.sh

@@ -53,6 +53,10 @@ function main() {
                 #in full e2e BR scenarios where we are restoring to a different cluster
                 #it takes a few minutes for the backup to be present on the new cluster once completed
                 wait_for_backup
+            elif [[ $SETUP_RESTORE == "true" ]]; then
+                #in scenario where backup was already run but the restore needs to be setup and then the restore needs to run
+                #the restore runs before the setup completes and the backup is not present so we need to wait until we can see the backup on the restore cluster
+                wait_for_backup
             fi
         fi
         restore_cpfs
@@ -204,9 +208,9 @@ function prereq() {
                 error "ZENSERVICE_NAME value not set. Make sure it is either set in the parameters file or as an env variable."
             fi
         fi
-
-    else
-        error "Neither Backup nor Restore options were specified."
+    fi
+    if [[ $BACKUP != "true" ]] && [[ $RESTORE != "true" ]] && [[ $SETUP_BACKUP != "true" ]] && [[ $SETUP_RESTORE != "true" ]]; then
+        error "Neither Backup, Restore, or setup options were specified. Please select at least one before rerunning."
     fi
 
     #OADP setup checks
@@ -281,52 +285,90 @@ function restore_cpfs(){
             set_oadp_namespace $file
         fi
     done
+    #start no olm specific
+    if [[ $NO_OLM == "true" ]]; then
+    #update values in no-olm directory for no olm specific restore resources
+        for file in "${BASE_DIR}/templates/restore/no-olm"/*; do
+            sed -i -E "s/__BACKUP_NAME__/$BACKUP_NAME/" $file
+            if [[ $OADP_NS != "velero" ]]; then
+                set_oadp_namespace $file
+            fi
+        done
+    fi
+    #end no olm specific
 
     custom_columns_str="-o custom-columns=NAME:.metadata.name,STATUS:.status.phase,ITEMS_RESTORED:.status.progress.itemsRestored,TOTAL_ITEMS:.status.progress.totalItems,BACKUP:.spec.backupName,WARN:.status.warnings,ERR:.status.errors"
     info "Begin restore process..."
     #Initial restore objects, rarely fail, could theoretically be applied at once   
-    info "Cleanup existing pull secret..."
-    ${OC} delete secret pull-secret -n openshift-config --ignore-not-found
-    info "Restoring namespaces, pull secret and entitlement keys..."
+    info "Restoring namespaces and entitlement keys..."
     ${OC} apply -f ${BASE_DIR}/templates/restore/restore-namespace.yaml -f ${BASE_DIR}/templates/restore/restore-pull-secret.yaml -f ${BASE_DIR}/templates/restore/restore-entitlementkey.yaml
     ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
     wait_for_restore restore-namespace
-    wait_for_restore restore-pull-secret
     wait_for_restore restore-entitlementkey
 
-    ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
-    info "Restoring catalog sources..."
-    ${OC} apply -f ${BASE_DIR}/templates/restore/restore-catalog.yaml
-    wait_for_restore restore-catalog
-    info "Restore operator groups, CRDs, and configmaps..."
-    ${OC} apply -f ${BASE_DIR}/templates/restore/restore-operatorgroup.yaml -f ${BASE_DIR}/templates/restore/restore-crd.yaml -f ${BASE_DIR}/templates/restore/restore-configmap.yaml
-    ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
-    wait_for_restore restore-operatorgroup
+    #start olm specific
+    if [[ $NO_OLM == "false" ]]; then
+        info "Cleanup existing pull secret..."
+        ${OC} delete secret pull-secret -n openshift-config --ignore-not-found
+        info "Restoring pull secret..."
+        ${OC} apply -f ${BASE_DIR}/templates/restore/restore-pull-secret.yaml
+        wait_for_restore restore-pull-secret
+        ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
+        info "Restoring catalog sources..."
+        ${OC} apply -f ${BASE_DIR}/templates/restore/restore-catalog.yaml
+        wait_for_restore restore-catalog
+        info "Restore operator groups..."
+        ${OC} apply -f ${BASE_DIR}/templates/restore/restore-operatorgroup.yaml 
+        ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
+        wait_for_restore restore-operatorgroup
+        wait_for_restore restore-crd
+    fi
+    #end olm specific
+    info "Restore CRDs..."
+    ${OC} apply -f ${BASE_DIR}/templates/restore/restore-crd.yaml 
     wait_for_restore restore-crd
+    info "Restore configmaps..."
+    ${OC} apply -f ${BASE_DIR}/templates/restore/restore-configmap.yaml
     wait_for_restore restore-configmap
 
     #Singleton subscriptions (Cert manager, licensing, LSR)
     if [[ $RESTORE_SINGLETONS == "true" ]]; then
         #we restore licensing before subs because the configmaps need to be there before licensing starts up
         if [[ $ENABLE_LICENSING == "true" ]]; then
             info "Restoring licensing configmaps..."
+            #this will restore the licensing chart in no olm
             ${OC} apply -f ${BASE_DIR}/templates/restore/restore-licensing.yaml
             wait_for_restore restore-licensing
         fi
         # same principle for lsr here as for licensing above
         if [[ $ENABLE_LSR == "true" ]]; then
             info "Restoring License Service Reporter instance..."
+            #this will restore the LSR chart in no olm
             ${OC} apply -f ${BASE_DIR}/templates/restore/restore-lsr.yaml
             wait_for_restore restore-lsr
         fi
-        #this step restores the cert manager and licensing subs
-        info "Restoring Singleton subscriptions..."
-        ${OC} apply -f ${BASE_DIR}/templates/restore/restore-singleton-subscriptions.yaml
-        wait_for_restore restore-singleton-subscription
+
+        #start olm specific
+        if [[ $NO_OLM == "false" ]]; then
+            #this step restores the cert manager and licensing subs
+            info "Restoring Singleton subscriptions..."
+            ${OC} apply -f ${BASE_DIR}/templates/restore/restore-singleton-subscriptions.yaml
+            wait_for_restore restore-singleton-subscription
+        fi
+        #end olm specific
+
+        #start no olm specific
+        if [[ $NO_OLM == "true" ]]; then
+            #restore cert manager chart
+            info "Restoring Cert Manager Operator Chart..."
+            ${OC} apply -f ${BASE_DIR}/templates/restore/no-olm/restore-ibm-cm-chart.yaml
+            wait_for_restore restore-ibm-cm-chart
+        fi
+        #end no olm specific
 
         if [[ $ENABLE_LSR == "true" ]]; then
             info "Restoring License Service Reporter data..."
-            wait_for_deployment $LSR_NAMESPACE "ibm-license-service-reporter-instance"
+            wait_for_deployment $LSR_NAMESPACE "ibm-license-service-reporter-instance" 30
             ${OC} apply -f ${BASE_DIR}/templates/restore/restore-lsr-data.yaml
             wait_for_restore restore-lsr-data
         fi
@@ -342,28 +384,83 @@ function restore_cpfs(){
     info "Restoring common service CR..."
     ${OC} apply -f ${BASE_DIR}/templates/restore/restore-commonservice.yaml
     wait_for_restore restore-commonservice
-    if [[ $NSS_ENABLED == "true" ]]; then 
-        info "Restoring Namespace Scope resources..."
-        ${OC} apply -f ${BASE_DIR}/templates/restore/restore-nss.yaml
-        wait_for_restore restore-nss
-        ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
-        validate_nss $OPERATOR_NS
+
+    #start olm specific
+    if [[ $NO_OLM == "false" ]]; then
+        if [[ $NSS_ENABLED == "true" ]]; then 
+            info "Restoring Namespace Scope resources..."
+            #this will restore nss cluster and chart resources as well in no olm
+            ${OC} apply -f ${BASE_DIR}/templates/restore/restore-nss.yaml
+            wait_for_restore restore-nss
+            ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
+            validate_nss $OPERATOR_NS
+        fi
+        #restore common service subscription and odlm operator
+        info "Restore CS and ODLM Operators..."
+        ${OC} apply -f ${BASE_DIR}/templates/restore/restore-subscriptions.yaml
+        wait_for_restore restore-subscription
+        validate_cs_odlm $OPERATOR_NS
+    fi
+    #end olm specific
+    #start no olm specific
+    if [[ $NO_OLM == "true" ]]; then
+        #restore cluster charts no-olm/restore-cluster-scope.yaml
+        info "Restoring cluster wide operator resources..."
+        ${OC} apply -f ${BASE_DIR}/templates/restore/no-olm/restore-cluster-scope.yaml
+        wait_for_restore restore-cluster-charts
+
+        #restore namespace scope operator chart
+        if [[ $NSS_ENABLED == "true" ]]; then 
+            info "Restoring Namespace Scope resources..."
+            #this will restore nss chart resources as well in no olm
+            ${OC} apply -f ${BASE_DIR}/templates/restore/restore-nss.yaml
+            wait_for_restore restore-nss
+            ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
+            wait_for_deployment $OPERATOR_NS ibm-namespace-scope-operator
+        fi
+
+        #restore cs op/odlm chart no-olm/restore-installer-ns-charts.yaml
+        info "Restoring CS Operator and ODLM charts..."
+        ${OC} apply -f ${BASE_DIR}/templates/restore/no-olm/restore-installer-ns-charts.yaml
+        wait_for_restore restore-installer-charts
+        wait_for_deployment $OPERATOR_NS ibm-common-service-operator
+        wait_for_deployment $OPERATOR_NS operand-deployment-lifecycle-manager
+        #restore im ns chart no-olm/restore-im-ns-charts.yaml
+        #This restore resource is how we restore the EDB chart. 
+        #Technically, zen could be enabled and set IM to false but we would still need to restore the edb chart so we would still need to apply this resource
+        if [[ $IM_ENABLED == "true" ]] || [[ $ZEN_ENABLED == "true" ]]; then
+            info "Restoring IM, Common UI, and EDB charts..."
+            ${OC} apply -f ${BASE_DIR}/templates/restore/no-olm/restore-im-ns-charts.yaml
+            wait_for_restore restore-im-charts
+            #TODO implement check for im so we don't wait for im and ui deployments in case where zen does not enable im since this is where we need to restore and check edb
+            wait_for_deployment $OPERATOR_NS ibm-iam-operator
+            wait_for_deployment $OPERATOR_NS ibm-commonui-operator
+            wait_for_deployment $OPERATOR_NS postgresql-operator-controller-manager-1-25-1
+        fi
     fi
+    #end no olm specific
+
 
-    #restore common service subscription and odlm operator
-    info "Restore CS and ODLM Operators..."
-    ${OC} apply -f ${BASE_DIR}/templates/restore/restore-subscriptions.yaml
-    wait_for_restore restore-subscription
-    validate_cs_odlm $OPERATOR_NS
+    #restore ums has to happen before operand requests are restored so ODLM does not create default values for restore resources
     if [[ $UMS_ENABLED == "true" ]]; then
         info "Restoring UMS resources..."
         ${OC} apply -f ${BASE_DIR}/templates/restore/restore-ums.yaml
         wait_for_restore restore-ums
     fi
+
     ${OC} get restores.velero.io -n $OADP_NS $custom_columns_str
     info "Restoring operands..."
     ${OC} apply -f ${BASE_DIR}/templates/restore/restore-operands.yaml
     wait_for_restore restore-operands
+
+    #start no olm specific
+    if [[ $NO_OLM == "true" ]]; then
+        #restore zen ns chart no-olm/restore-zen-ns-charts.yaml 
+        info "Restoring Zen chart..."
+        ${OC} apply -f ${BASE_DIR}/templates/restore/no-olm/restore-zen-ns-chart.yaml
+        wait_for_restore restore-zen-chart
+    fi
+    #end no olm specific
 
     if [[ $IM_ENABLED == "true" ]]; then
         restore_im
@@ -434,7 +531,7 @@ function restore_im() {
     info "Restoring IM Data..."
     wait_for_im $SERVICES_NS
     if [[ $MCSP_ENABLED == "true" ]]; then
-        wait_for_deployment $SERVICES_NS "account-iam-ui-account-deployment" 
+        wait_for_deployment $SERVICES_NS "account-iam-ui-account-deployment"
     fi
     ${OC} apply -f ${BASE_DIR}/templates/restore/restore-cs-db.yaml
     wait_for_restore restore-cs-db-data
@@ -446,7 +543,7 @@ function wait_for_im() {
     sleep 300
     local namespace=$1
     local name="platform-identity-provider"
-    wait_for_deployment $name $namespace
+    wait_for_deployment $namespace $name 40
 }
 
 function restore_zen() {
@@ -856,4 +953,4 @@ function info() {
     msg "[INFO] ${1}"
 }
 
-main $*
+main $*

cp3pt0-deployment/common/nss-managed-bedrock-core-role.yaml

@@ -182,6 +182,7 @@ rules:
       - patch
       - update
       - watch
+      - list
     apiGroups:
       - postgresql.k8s.enterprisedb.io
     resources:
@@ -1670,3 +1671,11 @@ rules:
       - db2uengines
     apiGroups:
       - db2u.databases.ibm.com
+  - verbs:
+      - get
+      - list
+      - watch
+    resources:
+      - secretproviderclasses
+    apiGroups:
+      - secrets-store.csi.x-k8s.io

cp3pt0-deployment/common/utils.sh

@@ -477,7 +477,11 @@ function wait_for_deployment() {
     local readyReplicas="${OC} -n ${namespace} get deployment ${name} --no-headers --ignore-not-found -o jsonpath='{.status.readyReplicas}' | grep '${needReplicas}'"
     local replicas="${OC} -n ${namespace} get deployment ${name} --no-headers --ignore-not-found -o jsonpath='{.status.replicas}' | grep '${needReplicas}'"
     local condition="(${readyReplicas} && ${replicas})"
-    local retries=10
+    if [[ $3 != "" ]]; then
+        local retries=$3
+    else
+        local retries=10
+    fi
     local sleep_time=30
     local total_time_mins=$(( sleep_time * retries / 60))
     local wait_message="Waiting for Deployment ${name} to be ready"