e2e: use backstage backend secret when interacting backstage

- revert the fake notification after the orchestrator-k8s chart is
  functional with rhdh 1.2 with notification plugin
- use the backend secret value to configure the workflow
- use the backend secret value to perform call from e2e tests

Signed-off-by: Roy Golan <[email protected]>

.github/workflows/move2kube-e2e.yaml

@@ -82,39 +82,32 @@ jobs:
           helm repo add orchestrator https://parodos-dev.github.io/orchestrator-helm-chart
           helm install orchestrator orchestrator/orchestrator-k8s
 
-          echo "sleep bit long till the PV for data index and kaniko cache is ready. its a bit slow. TODO fixit"
-          kubectl get pv
-          sleep 3m
           kubectl get sfp -A
-          kubectl wait --for=condition=Ready=true pods -l "app.kubernetes.io/name=backstage" --timeout=180s
+          kubectl wait --for=condition=Ready=true pods -l "app.kubernetes.io/name=backstage" --timeout=10m
           kubectl get pods -o wide
           kubectl wait --for=condition=Ready=true pods -l "app=sonataflow-platform" --timeout=180s
 
-      - name: Deploy fake notifications service
-        run: |
-          source e2e/helper-functions.sh
-          create-fake-notifications-service
-
       - name: Deploy Move2kube serverless workflow
         run: |
           kubectl patch configmap/config-features \
             -n knative-serving \
             --type merge \
             -p '{"data":{"kubernetes.podspec-init-containers": "enabled", "kubernetes.podspec-securitycontext": "enabled"}}'
           
-          yq  --inplace '.spec.podTemplate.container |= ( . +  {"env": [{"name": "K_SINK", "value": "http://broker-ingress.knative-eventing.svc.cluster.local/sonataflow-infra/default"}]} )' manifests/01-sonataflow_m2k.yaml
+          yq  --inplace '.spec.podTemplate.container |= ( . +  {"env": [{"name": "K_SINK", "value": "http://broker-ingress.knative-eventing.svc.cluster.local/sonataflow-infra/default"}]} )' manifests/0?-sonataflow_m2k.yaml
 
           # Disable persistence for e2e tests
-          yq  --inplace 'del(.spec.persistence)' manifests/01-sonataflow_m2k.yaml
+          yq  --inplace 'del(.spec.persistence)' manifests/0?-sonataflow_m2k.yaml
           # The 'for loop' added due to inconsistency of the generated numbers of the configmaps
           for file in manifests/*-configmap_m2k-props.yaml; do
             sed -i '/quarkus\.flyway\.migrate-at-start=true/d' "$file"
           done
 
           # Set notification external access token
           echo " Set notification external access token"
-          yq --inplace '.data."NOTIFICATIONS_BEARER_TOKEN" = "ZTJldG9rZW4="' manifests/01-secret_m2k.yaml # notsecret
-          cat manifests/01-secret_m2k.yaml
+          BACKEND_SECRET=$(kubectl get secret orchestrator-auth -o jsonpath={.data.backend-secret})
+          yq --inplace ".data.NOTIFICATIONS_BEARER_TOKEN=\"$BACKEND_SECRET\"" manifests/0?-secret_m2k.yaml # notsecret
+          cat manifests/0?-secret_m2k.yaml
 
           # deploy the manifests created by the  ${{ steps.build-image.outputs.image }}"                                                                    
           kubectl apply -f manifests
@@ -127,7 +120,7 @@ jobs:
           
           kubectl patch configmap/m2k-props \
             --type merge \
-            -p '{"data": {"application.properties" :"move2kube_url=http://move2kube-instance-svc.default.svc.cluster.local:8080\nquarkus.rest-client.move2kube_yaml.url=http://move2kube-instance-svc.default.svc.cluster.local:8080\nquarkus.rest-client.notifications.url=http://fake-notifications-service.default.svc.cluster.local:8080/api/notifications/"}}'
+            -p '{"data": {"application.properties" :"move2kube_url=http://move2kube-instance-svc.default.svc.cluster.local:8080\nquarkus.rest-client.move2kube_yaml.url=http://move2kube-instance-svc.default.svc.cluster.local:8080\nquarkus.rest-client.notifications.url=http://orchestrator-backstage.default.svc.cluster.local:8080/api/notifications/"}}'
           kubectl delete pod -l "app=m2k"
           kubectl get pods -o wide
           kubectl wait --for=condition=Ready=true pods -l "app=m2k" --timeout=1m
@@ -142,6 +135,7 @@ jobs:
 
       - name: Run e2e script
         run: |
+          export BACKEND_SECRET=$(kubectl get secret orchestrator-auth -o jsonpath={.data.backend-secret} | base64 -d)
           e2e/move2kube.sh
 
       - name: Export kind Logs

.github/workflows/mta-e2e.yaml

@@ -74,21 +74,14 @@ jobs:
           helm repo add orchestrator https://parodos-dev.github.io/orchestrator-helm-chart
           helm install orchestrator orchestrator/orchestrator-k8s
 
-          echo "sleep bit long till the PV for data index and kaniko cache is ready. its a bit slow. TODO fixit"
-          kubectl get pv
-          sleep 3m
           kubectl get sfp -A
-          kubectl wait --for=condition=Ready=true pods -l "app.kubernetes.io/name=backstage" --timeout=120s
+          kubectl wait --for=condition=Ready=true pods -l "app.kubernetes.io/name=backstage" --timeout=10m
           kubectl get pods -o wide
           kubectl wait --for=condition=Ready=true pods -l "app=sonataflow-platform" --timeout=120s
           #give the data-index time to register and start.
           sleep 1m
           kubectl get pods
           kubectl get svc
-      - name: Deploy fake notifications service
-        run: |
-          source e2e/helper-functions.sh
-          create-fake-notifications-service
 
       - name: Download sonataflow artifacts generated manifests
         uses: actions/download-artifact@v4
@@ -109,24 +102,25 @@ jobs:
       - name: Deploy MTA serverless workflow
         run: |
           # Set the endpoint to the tackle-ui service
-          yq --inplace '.spec.podTemplate.container.env |= ( . + [{"name": "QUARKUS_REST_CLIENT_MTA_JSON_URL", "value": "http://tackle-ui.my-konveyor-operator.svc:8080/hub"}, {"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "http://fake-notifications-service.default.svc.cluster.local:8080/api/notifications/"}] )' manifests/01-sonataflow_mtaanalysis.yaml
+          yq --inplace '.spec.podTemplate.container.env |= ( . + [{"name": "QUARKUS_REST_CLIENT_MTA_JSON_URL", "value": "http://tackle-ui.my-konveyor-operator.svc:8080/hub"}, {"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "http://orchestrator-backstage.default.svc.cluster.local:8080/api/notifications/"}] )' manifests/0?-sonataflow_mtaanalysis.yaml
           
           # Disable persistence for e2e tests
-          yq e '.spec.persistence = {}' -i manifests/01-sonataflow_mtaanalysis.yaml
-          sed -i '/quarkus\.flyway\.migrate-at-start=true/d' manifests/02-configmap_mtaanalysis-props.yaml
+          yq e '.spec.persistence = {}' -i manifests/0?-sonataflow_mtaanalysis.yaml
+          sed -i '/quarkus\.flyway\.migrate-at-start=true/d' manifests/0?-configmap_mtaanalysis-props.yaml
 
           echo "manifests/02-configmap_mtaanalysis-props.yaml"
-          cat manifests/02-configmap_mtaanalysis-props.yaml
+          cat manifests/0?-configmap_mtaanalysis-props.yaml
           echo "---"
 
-          echo "manifests/01-sonataflow_mtaanalysis.yaml"
-          cat manifests/01-sonataflow_mtaanalysis.yaml
+          echo "manifests/0?-sonataflow_mtaanalysis.yaml"
+          cat manifests/0?-sonataflow_mtaanalysis.yaml
           echo "---"
 
           # Set notification external access token
           echo " Set notification external access token"
-          yq --inplace '.data."NOTIFICATIONS_BEARER_TOKEN" = "ZTJldG9rZW4="' manifests/01-secret_mtaanalysis.yaml # notsecret
-          cat manifests/01-secret_mtaanalysis.yaml
+          BACKEND_SECRET=$(kubectl get secret orchestrator-auth -o jsonpath={.data.backend-secret})
+          yq --inplace ".data.NOTIFICATIONS_BEARER_TOKEN=\"$BACKEND_SECRET\"" manifests/0?-secret_mtaanalysis.yaml # notsecret
+          cat manifests/0?-secret_mtaanalysis.yaml
 
           # deploy the manifests created by the ${{ steps.build-image.outputs.image }} image
           kubectl apply -f manifests/
@@ -139,6 +133,7 @@ jobs:
 
       - name: Run e2e script
         run: |
+          export BACKEND_SECRET=$(kubectl get secret orchestrator-auth -o jsonpath={.data.backend-secret} | base64 -d)
           e2e/mta.sh
 
       - name: Export kind Logs

.github/workflows/mta-v6.x-e2e.yaml

@@ -82,11 +82,6 @@ jobs:
           kubectl get pods -o wide
           kubectl wait --for=condition=Ready=true pods -l "app=sonataflow-platform" --timeout=600s
 
-      - name: Deploy fake notifications service
-        run: |
-          source e2e/helper-functions.sh
-          create-fake-notifications-service
-
       - name: Download sonataflow artifacts generated manifests
         uses: actions/download-artifact@v4
         with:
@@ -106,24 +101,25 @@ jobs:
       - name: Deploy MTA serverless workflow
         run: |
           # Set the endpoint to the tackle-ui service
-          yq --inplace '.spec.podTemplate.container.env |= ( . + [{"name": "QUARKUS_REST_CLIENT_MTA_JSON_URL", "value": "http://tackle-ui.my-konveyor-operator.svc:8080"}, {"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "http://fake-notifications-service.default.svc.cluster.local:8080/api/notifications/"}] )' manifests/01-sonataflow_mta-analysis-v6.yaml
+          yq --inplace '.spec.podTemplate.container.env |= ( . + [{"name": "QUARKUS_REST_CLIENT_MTA_JSON_URL", "value": "http://tackle-ui.my-konveyor-operator.svc:8080"}, {"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "http://orchestrator-backstage.default.svc.cluster.local:8080/api/notifications/"}] )' manifests/0?-sonataflow_mta-analysis-v6.yaml
           
           # Disable persistence for e2e tests
-          yq e '.spec.persistence = {}' -i manifests/01-sonataflow_mta-analysis-v6.yaml
-          sed -i '/quarkus\.flyway\.migrate-at-start=true/d' manifests/03-configmap_mta-analysis-v6-props.yaml
+          yq e '.spec.persistence = {}' -i manifests/0?-sonataflow_mta-analysis-v6.yaml
+          sed -i '/quarkus\.flyway\.migrate-at-start=true/d' manifests/0?-configmap_mta-analysis-v6-props.yaml
 
-          echo "manifests/03-configmap_mta-analysis-v6-props.yaml"
-          cat manifests/03-configmap_mta-analysis-v6-props.yaml
+          echo "manifests/0?-configmap_mta-analysis-v6-props.yaml"
+          cat manifests/0?-configmap_mta-analysis-v6-props.yaml
           echo "---"
 
-          echo "manifests/01-sonataflow_mta-analysis-v6.yaml"
-          cat manifests/01-sonataflow_mta-analysis-v6.yaml
+          echo "manifests/0?-sonataflow_mta-analysis-v6.yaml"
+          cat manifests/0?-sonataflow_mta-analysis-v6.yaml
           echo "---"
 
           # Set notification external access token
           echo " Set notification external access token"
-          yq --inplace '.data."NOTIFICATIONS_BEARER_TOKEN" = "ZTJldG9rZW4="' manifests/01-secret_mta-analysis-v6.yaml # notsecret
-          cat manifests/01-secret_mta-analysis-v6.yaml
+          BACKEND_SECRET=$(kubectl get secret orchestrator-auth -o jsonpath={.data.backend-secret})
+          yq --inplace ".data.NOTIFICATIONS_BEARER_TOKEN=\"$BACKEND_SECRET\"" manifests/0?-secret_mta-analysis-v6.yaml # notsecret
+          cat manifests/0?-secret_mta-analysis-v6.yaml
 
           # deploy the manifests created by the ${{ steps.build-image.outputs.image }} image
           kubectl apply -f manifests/
@@ -136,6 +132,7 @@ jobs:
 
       - name: Run e2e script
         run: |
+          export BACKEND_SECRET=$(kubectl get secret orchestrator-auth -o jsonpath={.data.backend-secret} | base64 -d)
           e2e/mta-v6.x.sh
 
       - name: Export kind Logs

e2e/move2kube.sh

@@ -15,7 +15,8 @@ function cleanup() {
 function workflowDone() {
     if [[ -n "${1}" ]]; then
         id=$1
-        curl -s -H "Content-Type: application/json" localhost:9080/api/orchestrator/instances/"${id}" | jq -e '.state == "COMPLETED"'
+        curl -s -H "Content-Type: application/json" -H "Authorization: Bearer ${BACKEND_SECRET}" \
+            localhost:9080/api/orchestrator/instances/"${id}" | jq -e '.state == "COMPLETED"'
     fi
 }
 
@@ -55,7 +56,9 @@ M2K_STATUS=$(curl -XGET -s -o /dev/null -w "%{http_code}" ${BACKSTAGE_URL}/api/o
 done
 
 echo "M2K is available in backstage, sending execution request"
-out=$(curl -XPOST -H "Content-Type: application/json"  ${BACKSTAGE_URL}/api/orchestrator/workflows/m2k/execute -d "{\"repositoryURL\": \"ssh://${GIT_REPO}\", \"recipients\": [\"user:default/guest\"], \"sourceBranch\": \"${GIT_SOURCE_BRANCH}\", \"targetBranch\": \"${GIT_TARGET_BRANCH}\", \"workspaceId\": \"${WORKSPACE_ID}\", \"projectId\": \"${PROJECT_ID}\"}")
+out=$(curl -XPOST -H "Content-Type: application/json" -H "Authorization: Bearer ${BACKEND_SECRET}" \
+    ${BACKSTAGE_URL}/api/orchestrator/workflows/m2k/execute \
+    -d "{\"repositoryURL\": \"ssh://${GIT_REPO}\", \"recipients\": [\"user:default/guest\"], \"sourceBranch\": \"${GIT_SOURCE_BRANCH}\", \"targetBranch\": \"${GIT_TARGET_BRANCH}\", \"workspaceId\": \"${WORKSPACE_ID}\", \"projectId\": \"${PROJECT_ID}\"}")
 id=$(echo "$out" | jq -e .id)
 
 if [ -z "$id" ] || [ "$id" == "null" ]; then

e2e/mta-v6.x.sh

@@ -14,7 +14,8 @@ function cleanup() {
 function workflowDone() {
     if [[ -n "${1}" ]]; then 
         id=$1
-        curl -s -H "Content-Type: application/json" localhost:9080/api/orchestrator/instances/"${id}" | jq -e '.state == "COMPLETED"'
+        curl -s -H "Content-Type: application/json" -H "Authorization: Bearer ${BACKEND_SECRET}" \
+            localhost:9080/api/orchestrator/instances/"${id}" | jq -e '.state == "COMPLETED"'
     fi
 }
 
@@ -28,7 +29,8 @@ echo "Proxy Janus-idp port ✅"
 
 echo "End to end tests start ⏳"
 
-out=$(curl -XPOST -H "Content-Type: application/json"  http://localhost:9080/api/orchestrator/workflows/mta-analysis-v6/execute -d '{"repositoryURL": "https://github.com/spring-projects/spring-petclinic", "recipients": ["user:default/guest"], "exportToIssueManager": "false", "migrationStartDatetime" : "2024-07-01T00:00:00Z", "migrationEndDatetime" : "2024-07-31T00:00:00Z"}')
+out=$(curl -XPOST -H "Content-Type: application/json" -H "Authorization: Bearer ${BACKEND_SECRET}" \
+    http://localhost:9080/api/orchestrator/workflows/mta-analysis-v6/execute -d '{"repositoryURL": "https://github.com/spring-projects/spring-petclinic", "recipients": ["user:default/guest"], "exportToIssueManager": "false", "migrationStartDatetime" : "2024-07-01T00:00:00Z", "migrationEndDatetime" : "2024-07-31T00:00:00Z"}')
 id=$(echo "$out" | jq -e .id)
 
 if [ -z "$id" ] || [ "$id" == "null" ]; then

e2e/mta.sh

@@ -14,7 +14,8 @@ function cleanup() {
 function workflowDone() {
     if [[ -n "${1}" ]]; then 
         id=$1
-        curl -s -H "Content-Type: application/json" localhost:9080/api/orchestrator/instances/"${id}" | jq -e '.state == "COMPLETED"'
+        curl -s -H "Content-Type: application/json" -H "Authorization: Bearer ${BACKEND_SECRET}" \
+            localhost:9080/api/orchestrator/instances/"${id}" | jq -e '.state == "COMPLETED"'
     fi
 }
 
@@ -28,7 +29,10 @@ echo "Proxy Janus-idp port ✅"
 
 echo "End to end tests start ⏳"
 
-out=$(curl -XPOST -H "Content-Type: application/json"  http://localhost:9080/api/orchestrator/workflows/MTAAnalysis/execute -d '{"repositoryURL": "https://github.com/spring-projects/spring-petclinic", "recipients": ["user:default/guest"]}')
+out=$(curl -XPOST -H "Content-Type: application/json"  -H "Authorization: Bearer ${BACKEND_SECRET}" \
+    http://localhost:9080/api/orchestrator/workflows/MTAAnalysis/execute \
+    -d '{"repositoryURL": "https://github.com/spring-projects/spring-petclinic", "recipients": ["user:default/guest"]}')
+
 id=$(echo "$out" | jq -e .id)
 
 if [ -z "$id" ] || [ "$id" == "null" ]; then