CM-261: utilize ginkgo label filter to differentiate cloud platforms

Makefile

@@ -102,6 +102,9 @@ SHORTCOMMIT ?= $(shell git rev-parse --short HEAD)
 GOBUILD_VERSION_ARGS = -ldflags "-X $(PACKAGE)/pkg/version.SHORTCOMMIT=$(SHORTCOMMIT) -X $(PACKAGE)/pkg/version.COMMIT=$(COMMIT)"
 
 E2E_TIMEOUT ?= 1h
+# E2E_GINKGO_LABEL_FILTER is ginkgo label query for selecting tests. See
+# https://onsi.github.io/ginkgo/#spec-labels. The default is to run tests on the AWS platform.
+E2E_GINKGO_LABEL_FILTER ?= "Platform: isSubsetOf {AWS}"
 
 MANIFEST_SOURCE = https://github.com/cert-manager/cert-manager/releases/download/v1.15.2/cert-manager.yaml
 
@@ -246,7 +249,8 @@ test-e2e: test-e2e-wait-for-stable-state
 	-p 1 \
 	-tags e2e \
 	-run "$(TEST)" \
-	./test/e2e
+	./test/e2e \
+	-ginkgo.label-filter=$(E2E_GINKGO_LABEL_FILTER)
 
 test-e2e-wait-for-stable-state:
 	@echo "---- Waiting for stable state ----"

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/go-jsonnet v0.17.0
 	github.com/mogensen/kubernetes-split-yaml v0.3.0
-	github.com/onsi/ginkgo/v2 v2.17.2
+	github.com/onsi/ginkgo/v2 v2.19.0
 	github.com/onsi/gomega v1.33.1
 	github.com/openshift/api v0.0.0-20240812094746-86145edb40cf
 	github.com/openshift/build-machinery-go v0.0.0-20240419090851-af9c868bcf52

go.sum

@@ -500,8 +500,8 @@ github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g=
-github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
 github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
 github.com/openshift/api v0.0.0-20240812094746-86145edb40cf h1:MB0TCPkvxj80Ucj7w6xArL4StOrQBMN7AvGYtsP5t2M=

test/e2e/certificates_test.go

@@ -19,7 +19,6 @@ import (
 	v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1"
 	certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
-	configv1 "github.com/openshift/api/config/v1"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -74,11 +73,8 @@ var _ = Describe("ACME Certificate", Ordered, func() {
 		Expect(err).NotTo(HaveOccurred(), "Operator is expected to be available")
 	})
 
-	Context("dns-01 challenge using explicit credentials", func() {
-		It("should obtain a valid LetsEncrypt certificate", func() {
-			if _, ok := os.LookupEnv(targetPlatformEnvironmentVar); ok {
-				Skip("skipping, using ibmcloud cis webhook")
-			}
+	Context("dns-01 challenge with AWS Route53", Label("Platform:AWS"), func() {
+		It("should obtain a valid LetsEncrypt certificate using explicit credentials", func() {
 
 			By("creating a test namespace")
 			ns, err := loader.CreateTestingNS("e2e-acme-explicit-dns01")
@@ -187,66 +183,7 @@ var _ = Describe("ACME Certificate", Ordered, func() {
 			Expect(err).NotTo(HaveOccurred())
 		})
 
-		// This test uses IBM Cloud Internet Services (CIS) for the DNS-01 test cases.
-		// These tests work with both UPI / IPI installations by passing in the CRN of your CIS instance on IBM Cloud.
-		It("should obtain a valid LetsEncrypt certificate on ibm cloud CIS", func() {
-			cisCRN, isCisCRN := os.LookupEnv(cisCRNEnvironmentVar)
-			if targetPlatform, ok := os.LookupEnv(targetPlatformEnvironmentVar); ok && targetPlatform == "ibmcloud-upi" {
-				if !isCisCRN || cisCRN == "" {
-					Fail("cisCRN is required for IBM Cloud platform")
-				}
-			} else {
-				Skip("skipping as the cluster does not use IBM Cloud CIS")
-			}
-
-			By("creating a test namespace")
-			ns, err := loader.CreateTestingNS("e2e-acme-explicit-dns01-ibmcloud")
-			Expect(err).NotTo(HaveOccurred())
-			defer loader.DeleteTestingNS(ns.Name)
-
-			By("creating new certificate ClusterIssuer with IBM Cloud CIS webhook solver")
-			randomString := randomStr(3)
-			clusterIssuerName := "letsencrypt-dns01-explicit-ic"
-			replaceStrMap := map[string]string{
-				"CIS_CRN": cisCRN,
-			}
-			loadFileAndReplaceStr := func(fileName string) ([]byte, error) {
-				fileContentsStr, err := replaceStrInFile(replaceStrMap, fileName)
-				return []byte(fileContentsStr), err
-			}
-			loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "clusterissuer_ibmcis.yaml"), "")
-			defer certmanagerClient.CertmanagerV1().ClusterIssuers().Delete(ctx, clusterIssuerName, metav1.DeleteOptions{})
-
-			By("creating new certificate")
-			// The name is defined by the testdata YAML file certificate_ibmcis.yaml
-			certDomain := "adwie." + appsDomain // acronym for "ACME dns-01 ibmcloud Webhook Explicit", short naming to pass dns name validation
-			certName := "letsencrypt-cert-ic"
-			replaceStrMap = map[string]string{
-				"RANDOM_STR": randomString,
-				"DNS_NAME":   certDomain,
-			}
-			loadFileAndReplaceStr = func(fileName string) ([]byte, error) {
-				fileContentsStr, err := replaceStrInFile(replaceStrMap, fileName)
-				return []byte(fileContentsStr), err
-			}
-			loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "certificate_ibmcis.yaml"), ns.Name)
-
-			By("Waiting for certificate to get ready")
-			err = waitForCertificateReadiness(ctx, certName, ns.Name)
-			Expect(err).NotTo(HaveOccurred())
-
-			By("checking for certificate validity from secret contents")
-			err = verifyCertificate(ctx, certName, ns.Name, randomString+"."+certDomain)
-			Expect(err).NotTo(HaveOccurred())
-		})
-
-	})
-
-	Context("dns-01 challenge using ambient credentials", func() {
-		It("should obtain a valid LetsEncrypt certificate using ClusterIssuer on AWS mint/passthrough cluster", func() {
-			if _, ok := os.LookupEnv(targetPlatformEnvironmentVar); ok {
-				Skip("skipping, using ibmcloud cis webhook")
-			}
+		It("should obtain a valid LetsEncrypt certificate using ambient credentials with ClusterIssuer", func() {
 
 			By("creating a test namespace")
 			ns, err := loader.CreateTestingNS("e2e-acme-ambient-dns01")
@@ -343,7 +280,7 @@ var _ = Describe("ACME Certificate", Ordered, func() {
 			Expect(err).NotTo(HaveOccurred())
 		})
 
-		It("should obtain a valid LetsEncrypt certificate using Issuer on AWS mint/passthrough cluster", func() {
+		It("should obtain a valid LetsEncrypt certificate using ambient credentials with Issuer", func() {
 
 			By("creating a test namespace")
 			ns, err := loader.CreateTestingNS("e2e-acme-issuer-ambient-dns01-aws")
@@ -441,21 +378,15 @@ var _ = Describe("ACME Certificate", Ordered, func() {
 			err = verifyCertificate(ctx, certName, ns.Name, certDomain)
 			Expect(err).NotTo(HaveOccurred())
 		})
+	})
 
-		It("should obtain a valid LetsEncrypt certificate using ClusterIssuer on GCP mint/passthrough cluster", func() {
+	Context("dns-01 challenge with Google CloudDNS", Label("Platform:GCP"), func() {
+		It("should obtain a valid LetsEncrypt certificate using ambient credentials with ClusterIssuer", func() {
 
-			By("Getting Infrastructure object")
-			infra, err := configClient.Infrastructures().Get(ctx, "cluster", metav1.GetOptions{})
+			By("Creating a test namespace")
+			ns, err := loader.CreateTestingNS("e2e-acme-ambient-dns01")
 			Expect(err).NotTo(HaveOccurred())
-			if infra.Status.PlatformStatus.Type != configv1.GCPPlatformType {
-				Skip("Skip this case for current plaform, it's not gcp.")
-			}
-
-			By("Check cloud credential in cluster")
-			_, err = loader.KubeClient.CoreV1().Secrets("kube-system").Get(ctx, "gcp-credentials", metav1.GetOptions{})
-			if err != nil {
-				Skip("Skipping for the cluster without credential in cluster")
-			}
+			defer loader.DeleteTestingNS(ns.Name)
 
 			By("Creating CredentialsRequest object")
 			loader.CreateFromFile(testassets.ReadFile, filepath.Join("testdata", "credentials", "credentialsrequest_gcp.yaml"), "")
@@ -476,11 +407,16 @@ var _ = Describe("ACME Certificate", Ordered, func() {
 			err = patchSubscriptionWithCloudCredential(ctx, loader, credentialSecret)
 			Expect(err).NotTo(HaveOccurred())
 
+			By("Getting GCP project ID from Infrastructure object")
+			infra, err := configClient.Infrastructures().Get(ctx, "cluster", metav1.GetOptions{})
+			Expect(err).NotTo(HaveOccurred())
+
+			gcpProjectId := infra.Status.PlatformStatus.GCP.ProjectID
+			Expect(gcpProjectId).NotTo(Equal(""))
+
 			By("Creating new certificate ClusterIssuer")
 			// The name is defined by the testdata YAML file clusterissuer_gcp.yaml
 			clusterIssuerName := "acme-dns01-clouddns-ambient"
-			gcpProjectId := infra.Status.PlatformStatus.GCP.ProjectID
-			Expect(gcpProjectId).NotTo(Equal(""))
 			replaceStrMap := map[string]string{
 				"PROJECT_ID": gcpProjectId,
 			}
@@ -491,11 +427,6 @@ var _ = Describe("ACME Certificate", Ordered, func() {
 			loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "clusterissuer_gcp.yaml"), "")
 			defer certmanagerClient.CertmanagerV1().ClusterIssuers().Delete(ctx, clusterIssuerName, metav1.DeleteOptions{})
 
-			By("Creating a test namespace")
-			ns, err := loader.CreateTestingNS("e2e-acme-ambient-dns01-65035")
-			Expect(err).NotTo(HaveOccurred())
-			defer loader.DeleteTestingNS(ns.Name)
-
 			By("Creating new certificate")
 			randomString := randomStr(3)
 			replaceStrMap = map[string]string{
@@ -521,6 +452,61 @@ var _ = Describe("ACME Certificate", Ordered, func() {
 		})
 	})
 
+	Context("dns-01 challenge with IBM Cloud Internet Service Webhook", Label("Platform:IBM"), func() {
+		// This test uses IBM Cloud Internet Services (CIS) for the DNS-01 challenge.
+		// It works with both UPI / IPI installations by passing in the CRN of your CIS instance on IBM Cloud.
+		It("should obtain a valid LetsEncrypt certificate using explicit credentials", func() {
+			cisCRN, isCisCRN := os.LookupEnv(cisCRNEnvironmentVar)
+			if targetPlatform, ok := os.LookupEnv(targetPlatformEnvironmentVar); ok && targetPlatform == "ibmcloud-upi" {
+				if !isCisCRN || cisCRN == "" {
+					Fail("cisCRN is required for IBM Cloud platform")
+				}
+			} else {
+				Skip("skipping as the cluster does not use IBM Cloud CIS")
+			}
+
+			By("creating a test namespace")
+			ns, err := loader.CreateTestingNS("e2e-acme-explicit-dns01-ibmcloud")
+			Expect(err).NotTo(HaveOccurred())
+			defer loader.DeleteTestingNS(ns.Name)
+
+			By("creating new certificate ClusterIssuer with IBM Cloud CIS webhook solver")
+			randomString := randomStr(3)
+			clusterIssuerName := "letsencrypt-dns01-explicit-ic"
+			replaceStrMap := map[string]string{
+				"CIS_CRN": cisCRN,
+			}
+			loadFileAndReplaceStr := func(fileName string) ([]byte, error) {
+				fileContentsStr, err := replaceStrInFile(replaceStrMap, fileName)
+				return []byte(fileContentsStr), err
+			}
+			loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "clusterissuer_ibmcis.yaml"), "")
+			defer certmanagerClient.CertmanagerV1().ClusterIssuers().Delete(ctx, clusterIssuerName, metav1.DeleteOptions{})
+
+			By("creating new certificate")
+			// The name is defined by the testdata YAML file certificate_ibmcis.yaml
+			certDomain := "adwie." + appsDomain // acronym for "ACME dns-01 ibmcloud Webhook Explicit", short naming to pass dns name validation
+			certName := "letsencrypt-cert-ic"
+			replaceStrMap = map[string]string{
+				"RANDOM_STR": randomString,
+				"DNS_NAME":   certDomain,
+			}
+			loadFileAndReplaceStr = func(fileName string) ([]byte, error) {
+				fileContentsStr, err := replaceStrInFile(replaceStrMap, fileName)
+				return []byte(fileContentsStr), err
+			}
+			loader.CreateFromFile(loadFileAndReplaceStr, filepath.Join("testdata", "acme", "certificate_ibmcis.yaml"), ns.Name)
+
+			By("waiting for certificate to get ready")
+			err = waitForCertificateReadiness(ctx, certName, ns.Name)
+			Expect(err).NotTo(HaveOccurred())
+
+			By("checking for certificate validity from secret contents")
+			err = verifyCertificate(ctx, certName, ns.Name, randomString+"."+certDomain)
+			Expect(err).NotTo(HaveOccurred())
+		})
+	})
+
 	Context("http-01 challenge using ingress", func() {
 		It("should obtain a valid LetsEncrypt certificate", func() {