address ns and common issues shown up during tier1 execution (red-hat…

…-storage#10453)

Signed-off-by: Daniel Osypenko <dosypenk@redhat.com>

ocs_ci/framework/pytest_customization/marks.py

@@ -33,6 +33,7 @@
     HCI_PROVIDER,
     BAREMETAL_PLATFORMS,
     AZURE_KV_PROVIDER_NAME,
+    ROSA_HCP_PLATFORM,
 )
 from ocs_ci.utility import version
 from ocs_ci.utility.aws import update_config_from_s3
@@ -406,6 +407,11 @@
     reason="Test will not run on Managed service cluster",
 )
 
+skipif_rosa_hcp = pytest.mark.skipif(
+    config.ENV_DATA["platform"].lower() == ROSA_HCP_PLATFORM,
+    reason="Test will not run on ROSA HCP cluster",
+)
+
 skipif_openshift_dedicated = pytest.mark.skipif(
     config.ENV_DATA["platform"].lower() == OPENSHIFT_DEDICATED_PLATFORM,
     reason="Test will not run on Openshift dedicated cluster",

ocs_ci/ocs/constants.py

@@ -1447,6 +1447,7 @@
     IBMCLOUD_PLATFORM,
     ROSA_PLATFORM,
     OPENSHIFT_DEDICATED_PLATFORM,
+    ROSA_HCP_PLATFORM,
 ]
 MANAGED_SERVICE_PLATFORMS = [
     OPENSHIFT_DEDICATED_PLATFORM,

ocs_ci/utility/kms.py

@@ -329,6 +329,7 @@ def create_ocs_vault_cert_resources(self):
             config.ENV_DATA, "VAULT_CACERT", defaults.VAULT_DEFAULT_CA_CERT
         )
         ca_data["metadata"]["name"] = self.ca_cert_name
+        ca_data["metadata"]["namespace"] = config.ENV_DATA["cluster_namespace"]
         ca_data["data"]["cert"] = self.ca_cert_base64
         self.create_resource(ca_data, prefix="ca")
 
@@ -344,12 +345,18 @@ def create_ocs_vault_cert_resources(self):
                 constants.EXTERNAL_VAULT_CLIENT_CERT
             )
             client_cert_data["metadata"]["name"] = self.client_cert_name
+            client_cert_data["metadata"]["namespace"] = config.ENV_DATA[
+                "cluster_namespace"
+            ]
             client_cert_data["data"]["cert"] = self.client_cert_base64
             self.create_resource(client_cert_data, prefix="clientcert")
 
             # create client key secert
             client_key_data = templating.load_yaml(constants.EXTERNAL_VAULT_CLIENT_KEY)
             client_key_data["metadata"]["name"] = self.client_key_name
+            client_key_data["metadata"]["namespace"] = config.ENV_DATA[
+                "cluster_namespace"
+            ]
             client_key_data["data"]["key"] = self.client_key_base64
             self.create_resource(client_key_data, prefix="clientkey")
 
@@ -457,7 +464,7 @@ def vault_unseal(self):
         if self.vault_sealed():
             logger.info("Vault is sealed, Unsealing now..")
             for i in range(3):
-                kkey = f"UNSEAL_KEY{i+1}"
+                kkey = f"UNSEAL_KEY{i + 1}"
                 self._vault_unseal(self.vault_conf[kkey])
             # Check if vault is unsealed or not
             if self.vault_sealed():
@@ -1640,6 +1647,7 @@ def create_kmip_secret(self, type="ocs"):
         kmip_kms_secret["metadata"]["name"] = helpers.create_unique_resource_name(
             "thales-kmip", type
         )
+        kmip_kms_secret["metadata"]["namespace"] = config.ENV_DATA["cluster_namespace"]
         self.create_resource(kmip_kms_secret, prefix="thales-kmip-secret")
         logger.info(f"KMIP secret {kmip_kms_secret['metadata']['name']} created")
         return kmip_kms_secret["metadata"]["name"]

tests/conftest.py

@@ -2710,6 +2710,9 @@ def javasdk_pod_fixture(request, scope_name):
     javas3_pod_dict = templating.load_yaml(constants.JAVA_SDK_S3_POD_YAML)
     javas3_pod_name = create_unique_resource_name(constants.JAVAS3_POD_NAME, scope_name)
     javas3_pod_dict["metadata"]["name"] = javas3_pod_name
+    javas3_pod_dict["metadata"]["namespace"] = ocsci_config.ENV_DATA[
+        "cluster_namespace"
+    ]
     update_container_with_mirrored_image(javas3_pod_dict)
     update_container_with_proxy_env(javas3_pod_dict)
     javas3_pod_obj = Pod(**javas3_pod_dict)

tests/cross_functional/kcs/test_selinux_relabel_solution.py

@@ -165,7 +165,7 @@ def get_pod_start_time(self, pod_name):
             # Get the pod conditions
             pod = ocp.OCP(kind="pod", namespace=config.ENV_DATA["cluster_namespace"])
             conditions = pod.exec_oc_cmd(
-                f"get pod {pod_name} -n openshift-storage -o jsonpath='{{.status.conditions}}'"
+                f"get pod {pod_name} -o jsonpath='{{.status.conditions}}'"
             )
             conditions = [
                 {key: None if value == "null" else value for key, value in item.items()}

tests/functional/nfs_feature/test_nfs_feature_enable_for_ODF_clusters.py

@@ -12,7 +12,7 @@
 from ocs_ci.ocs import constants, ocp
 from ocs_ci.utility import templating
 from ocs_ci.helpers import helpers
-from ocs_ci.framework.pytest_customization.marks import brown_squad
+from ocs_ci.framework.pytest_customization.marks import brown_squad, skipif_rosa_hcp
 from ocs_ci.framework.testlib import (
     skipif_ocs_version,
     ManageTest,
@@ -73,6 +73,7 @@ def test_nfs_not_enabled_by_default(self):
 
 
 @brown_squad
+@skipif_rosa_hcp
 @skipif_external_mode
 @skipif_ocs_version("<4.11")
 @skipif_ocp_version("<4.11")

tests/functional/pv/add_metadata_feature/test_metadata.py

@@ -65,7 +65,9 @@ def test_metadata_feature_unavailable_for_previous_versions(
         fs, sc_name = metadata_utils.update_testdata_for_external_modes(
             sc_name, fs, external_mode=external_mode
         )
-        config_map_obj = ocp.OCP(kind="Configmap", namespace="openshift-storage")
+        config_map_obj = ocp.OCP(
+            kind="Configmap", namespace=config.ENV_DATA["cluster_namespace"]
+        )
         pod_obj = ocp.OCP(kind="Pod", namespace="openshift-storage")
         toolbox = pod.get_ceph_tools_pod()
         project_factory_class(project_name="test-metadata")
@@ -254,7 +256,7 @@ def setup(self, request, project_factory):
         log.info("-----Setup-----")
         self.project_name = "metadata"
         project_factory(project_name=self.project_name)
-        self.namespace = "openshift-storage"
+        self.namespace = config.ENV_DATA["cluster_namespace"]
         self.config_map_obj = ocp.OCP(kind="Configmap", namespace=self.namespace)
         self.pod_obj = ocp.OCP(kind="Pod", namespace=self.namespace)
         self.pv_obj = ocp.OCP(kind=constants.PV, namespace=self.namespace)

tests/functional/pv/pv_encryption/test_secrets_on_pods.py

@@ -3,6 +3,7 @@
 
 from ocs_ci.framework.testlib import ManageTest, bugzilla, tier1, green_squad
 from ocs_ci.utility.utils import run_cmd
+from ocs_ci.framework import config
 
 logger = logging.getLogger(__name__)
 # The below expected keys and names are gathered from pods with safe security.
@@ -34,7 +35,7 @@ def test_secrets_in_env_variables(self):
                 pod = output[i + 1]
                 if "rook-ceph-" in pod:
                     data = run_cmd(
-                        f"oc --namespace=openshift-storage get pod {pod} -o yaml"
+                        f"oc --namespace={config.ENV_DATA['cluster_namespace']} get pod {pod} -o yaml"
                     )
                     yaml_data = yaml.safe_load(data)
                     k, n = self.checking_securtiyKeyRef(yaml_data)
@@ -58,11 +59,13 @@ def test_securityContext_in_Crashcollector(self):
         normal cluster
         """
         logger.info("Checking security context on rook-ceph-crashcollector pods")
-        cmd = "oc --namespace=openshift-storage get pods -l app=rook-ceph-crashcollector -o name"
+        cmd = f"oc --namespace={config.ENV_DATA['cluster_namespace']} get pods -l app=rook-ceph-crashcollector -o name"
         output = run_cmd(cmd).strip().split("\n")
         logger.info("Checking securityContext in ceph-crash container")
         for pod in output:
-            data = run_cmd(f"oc --namespace=openshift-storage get {pod} -o yaml")
+            data = run_cmd(
+                f"oc --namespace={config.ENV_DATA['cluster_namespace']} get {pod} -o yaml"
+            )
             yaml_data = yaml.safe_load(data)
             securityContext = self.checking_securtiyContext_of_cephcrash_container(
                 yaml_data