From 3a21bc523cf288f8e0eec48eb04232239f86af59 Mon Sep 17 00:00:00 2001
From: hzrncik <hzrncik@redhat.com>
Date: Wed, 29 Mar 2023 15:48:21 +0200
Subject: [PATCH 1/2] update readme, rename env var to access data plane

---
 README.md                                     | 95 +++++++++++--------
 .../io/managed/services/test/Environment.java |  5 +-
 .../test/billing/BillingMetricsTest.java      |  6 +-
 .../test/cluster/DataPlaneClusterTest.java    |  7 +-
 4 files changed, 61 insertions(+), 52 deletions(-)

diff --git a/README.md b/README.md
index 78b78ac4..9f3fc570 100644
--- a/README.md
+++ b/README.md
@@ -5,8 +5,9 @@ TestNG based Java test suite focused on e2e testing application services running
 ## Requirements
 
 * java jdk 11
-* maven >= 3.3.1
+* maven >= 3.8.1
 * kcat (only to run Kcat tests)
+* python 3
 
 ## Build and check checkstyle
 
@@ -50,37 +51,52 @@ required variables in the test sourcecode javadoc.
 
 Environment variables can also be configured in the [config.json](#config-file) file.
 
-| Name                               | Description                                                                                                                                       | Default value                              |
-|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
-| `CONFIG_FILE`                      | relative or absolute path to the [config.json](#config-file)                                                                                      | $(pwd)/config.json                         |
-| `LOG_DIR`                          | path where the test suite will store additional collected logs and artifacts                                                                      | $(pwd)/target/logs                         |
-| `PRIMARY_USERNAME`                 | ** https://sso.redhat.com username with quota to provision the tested service (See [Create test users](#create-test-users) if you don't have one) |                                            |
-| `PRIMARY_PASSWORD`                 | ** primary user password                                                                                                                          |                                            |
-| `SECONDARY_USERNAME`               | ** https://sso.redhat.com username in the same organization as the primary user                                                                   |                                            |
-| `SECONDARY_PASSWORD`               | ** secondary user password                                                                                                                        |                                            |
-| `ALIEN_USERNAME`                   | ** https://sso.redhat.com username in a different organization respect the primary user with no quota                                             |                                            |
-| `ALIEN_PASSWORD`                   | ** alien user password                                                                                                                            |                                            |
-| `DIFF_ORG_USERNAME`                | ** https://sso.redhat.com username in a different organization respect the primary user and alien user with quota: 1 SKU                          |                                            |
-| `DIFF_ORG_PASSWORD`                | ** diff_org user password                                                                                                                         |                                            |
-| `OPENSHIFT_API_URI`                | the base URI for the application services mgmt APIs (See [Test Environments](#test-environments))                                                 | `https://api.stage.openshift.com`          |
-| `REDHAT_SSO_URI`                   | users authentication endpoint for application services mgmt APIs                                                                                  | `https://sso.redhat.com`                   |
-| `REDHAT_SSO_LOGIN_FORM_ID`         | HTML `id` value of the login `<form>` the SSO application will present after redirect                                                             | `#rh-password-verification-form`           |
-| `OPENSHIFT_IDENTITY_URI`           | users authentication endpoint for application services instances APIs (See [Test Environments](#test-environments))                               | `https://identity.api.stage.openshift.com` |
-| `OPENSHIFT_IDENTITY_LOGIN_FORM_ID` | HTML `id` value of the login `<form>` the SSO application will present after redirect                                                             | `#rh-password-verification-form`           |
-| `DEV_CLUSTER_SERVER`               | ** the API server URI of a OpenShift cluster with the binding operator installed                                                                  |                                            |
-| `DEV_CLUSTER_TOKEN`                | ** the cluster user or service account token                                                                                                      |                                            |
-| `DEV_CLUSTER_NAMESPACE`            | the namespace where to create test resources (See [Create test namespace on the dev cluster](#create-test-namespace-on-the-dev-cluster))          | `mk-e2e-tests`                             |
-| `CLI_VERSION`                      | the CLI version to download from the app-services-cli repo                                                                                        | `latest`                                   |
-| `CLI_PLATFORM`                     | windows/macOS/linux                                                                                                                               | `auto-detect`                              |
-| `CLI_ARCH`                         | the CLI arch and os to download from the app-services-cli repo                                                                                    | `amd64`                                    |
-| `CLI_EXCLUDE_VERSIONS`             | a regex that if match will exclude the the CLI versions matching it while looking for the latest CLI release                                      | `alpha`                                    |
-| `GITHUB_TOKEN`                     | the github token used to download the CLI if needed                                                                                               |                                            |
-| `LAUNCH_KEY`                       | A string key used to identify the current configuration and owner which is used to generate unique name and identify the launch                   | `change-me`                                |
-| `SKIP_TEARDOWN`                    | Skip the whole test teardown in most tests, although some of them will need top re-enable it to succeed                                           | `false`                                    |
-| `SKIP_KAFKA_TEARDOWN`              | Skip only the Kafka instance cleanup teardown in the tests that don't require a new instance for each run to speed the local development          | `false`                                    |
-| `DEFAULT_KAFKA_REGION`             | Change the default region where kafka instances will be provisioned if the test suite doesn't decide otherwise                                    | `us-east-1`                                |
-| `KAFKA_INSECURE_TLS`               | Boolean value to indicate whether the Kafka and Admin REST API TLS is insecure (for self-signed certificates)                                     | `false`                                    |
-| `KAFKA_INSTANCE_API_TEMPLATE`      | URL template for the Kafka Admin REST API. May be used to specify plain-text HTTP or an alternate port                                            | `https://admin-server-%s/rest`             |
+| Name                                       | Description                                                                                                                                       | Default value                              |
+|--------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
+| `CONFIG_FILE`                              | relative or absolute path to the [config.json](#config-file)                                                                                      | $(pwd)/config.json                         |
+| `LOG_DIR`                                  | path where the test suite will store additional collected logs and artifacts                                                                      | $(pwd)/target/logs                         |
+| `PRIMARY_USERNAME`                         | ** https://sso.redhat.com username with quota to provision the tested service (See [Create test users](#create-test-users) if you don't have one) |                                            |
+| `PRIMARY_PASSWORD`                         | ** primary user password                                                                                                                          |                                            |
+| `<USER>_OFFLINE_TOKEN`                     | ** offline token used to authenticate and authorize user to perform operations against data, control plane. Example user: `PRIMARY_OFFLINE_TOKEN` |                                            |
+| `SECONDARY_USERNAME`                       | ** https://sso.redhat.com username in the same organization as the primary user                                                                   |                                            |
+| `SECONDARY_PASSWORD`                       | ** secondary user password                                                                                                                        |                                            |
+| `ALIEN_USERNAME`                           | ** https://sso.redhat.com username in a different organization respect the primary user with no quota                                             |                                            |
+| `ALIEN_PASSWORD`                           | ** alien user password                                                                                                                            |                                            |
+| `DIFF_ORG_USERNAME`                        | ** https://sso.redhat.com username in a different organization respect the primary user and alien user with quota: 1 SKU                          |                                            |
+| `DIFF_ORG_PASSWORD`                        | ** diff_org user password                                                                                                                         |                                            |
+| `OPENSHIFT_API_URI`                        | the base URI for the application services mgmt APIs (See [Test Environments](#test-environments))                                                 | `https://api.stage.openshift.com`          |
+| `REDHAT_SSO_URI`                           | users authentication endpoint for application services mgmt APIs                                                                                  | `https://sso.redhat.com`                   |
+| `REDHAT_SSO_LOGIN_FORM_ID`                 | HTML `id` value of the login `<form>` the SSO application will present after redirect                                                             | `#rh-password-verification-form`           |
+| `OBSERVATORIUM_CLIENT_ID`                  | client id for Observatorium client (with token refreshing container running in locally)                                                           |                                            |
+| `OBSERVATORIUM_CLIENT_SECRET`              | client secret for Obserevatorium client                                                                                                           |                                            |
+| `OBSERVATORIUM_OIDC_ISSUER_URL`            | sso issue url for observatorium client                                                                                                            |                                            |
+| `OBSERVATORIUM_URL`                        | Observatorium's URL                                                                                                                               |                                            |
+| `OPENSHIFT_IDENTITY_URI`                   | users authentication endpoint for application services instances APIs (See [Test Environments](#test-environments))                               | `https://identity.api.stage.openshift.com` |
+| `OPENSHIFT_IDENTITY_LOGIN_FORM_ID`         | HTML `id` value of the login `<form>` the SSO application will present after redirect                                                             | `#rh-password-verification-form`           |
+| `DEV_CLUSTER_SERVER`                       | ** the API server URI of a OpenShift cluster with the binding operator installed                                                                  |                                            |
+| `DEV_CLUSTER_TOKEN`                        | ** the cluster user or service account token                                                                                                      |                                            |
+| `DEV_CLUSTER_NAMESPACE`                    | the namespace where to create test resources (See [Create test namespace on the dev cluster](#create-test-namespace-on-the-dev-cluster))          | `mk-e2e-tests`                             |
+| `CLI_VERSION`                              | the CLI version to download from the app-services-cli repo                                                                                        | `latest`                                   |
+| `CLI_PLATFORM`                             | windows/macOS/linux                                                                                                                               | `auto-detect`                              |
+| `CLI_ARCH`                                 | the CLI arch and os to download from the app-services-cli repo                                                                                    | `amd64`                                    |
+| `CLI_EXCLUDE_VERSIONS`                     | a regex that if match will exclude the the CLI versions matching it while looking for the latest CLI release                                      | `alpha`                                    |
+| `LAUNCH_KEY`                               | A string key used to identify the current configuration and owner which is used to generate unique name and identify the launch                   | `change-me`                                |
+| `SKIP_TEARDOWN`                            | Skip the whole test teardown in most tests, although some of them will need top re-enable it to succeed                                           | `false`                                    |
+| `SKIP_KAFKA_TEARDOWN`                      | Skip only the Kafka instance cleanup teardown in the tests that don't require a new instance for each run to speed the local development          | `false`                                    |
+| `DEFAULT_KAFKA_REGION`                     | Change the default region where kafka instances will be provisioned if the test suite doesn't decide otherwise                                    | `us-east-1`                                |
+| `KAFKA_INSECURE_TLS`                       | Boolean value to indicate whether the Kafka and Admin REST API TLS is insecure (for self-signed certificates)                                     | `false`                                    |
+| `KAFKA_INSTANCE_API_TEMPLATE`              | URL template for the Kafka Admin REST API. May be used to specify plain-text HTTP or an alternate port                                            | `https://admin-server-%s/rest`             |
+| `AWS_DATA_PLANE_ACCESS_TOKEN`              | Service account's token with permission t access and manipulate all necessary resources located in AWS data plane cluster                         |                                            |
+| `STRATOSPHERE_PASSWORD`                    | Password used for all of stratosphere users                                                                                                       |                                            |
+| `STRATOSPHERE_SCENARIO_1_AWS_ACCOUNT_ID `  | aws cloud account' id linked to the org where  stratospehere1 user resides                                                                        |                                            |
+| `STRATOSPHERE_SCENARIO_1_USER`             | stratosphere1: user in organization with 1 aws cloud account linked and without standard quota                                                    |                                            |
+| `STRATOSPHERE_SCENARIO_2_AWS_ACCOUNT_ID`   | aws cloud account' id linked to the org where  stratospehere2 user resides                                                                        |                                            |
+| `STRATOSPHERE_SCENARIO_2_USER`             | stratosphere2: user in organization with 1 aws cloud account linked and with standard quota                                                       |                                            |
+| `STRATOSPHERE_SCENARIO_3_AWS_ACCOUNT_ID`   | aws cloud account' id linked to the org where  stratospehere3 user resides                                                                        |                                            |
+| `STRATOSPHERE_SCENARIO_3_RHM_ACCOUNT_ID`   | rhm cloud account' id linked to the org where  stratospehere3 user resides                                                                        |                                            |
+| `STRATOSPHERE_SCENARIO_3_USER`             | stratosphere3: user in organization with 1 aws cloud account linked and 1 rhm cloud account linked                                                |                                            |
+| `STRATOSPHERE_SCENARIO_4_AWS_ACCOUNT_ID`   | aws cloud account' id linked to the org where  stratospehere4 user resides                                                                        |                                            |
+| `STRATOSPHERE_SCENARIO_3_USER`             | stratosphere4: user in organization with 2 aws cloud account linked                                                                               |                                            |
 
 ## Config File
 
@@ -132,19 +148,14 @@ The default targeted environment is the application services stage env.
 | Name        | Description                                                      |
 |-------------|------------------------------------------------------------------|
 | default     | run kafka, registry, devexp and quickstarts test suites          |
+| integration | run test which are part of integration pipeline                  |
+| kafka       | run test related to testing managed kafka as such                |
+| pr-check    | run test which are run to check each PR to this repository       |
+| registry    | run test related to testing service registries                   |
 | sandbox     | run the sandbox test suite to test the openshift sandbox cluster |
+| smoke       | run smoke tests, literally making sure basic functions work      |
 | quickstarts | run the cucumber quickstarts test suite                          |
 
-## Report to Prometheus
-
-Tests can report metrics to Prometheus to analyze or monitor behaviours, like the number and frequency of failed API
-requests that are retried automatically. A push gateway is required to send the metrics to prometheus, and it is
-configured with the following ENVs:
-
-| Name                      | Description                 | Default value         |
-|---------------------------|-----------------------------|-----------------------|
-| `PROMETHEUS_PUSH_GATEWAY` | Prometheus Push Gateway URL | `https://example.com` |
-
 ## Short guides
 
 ### Create test users
diff --git a/src/main/java/io/managed/services/test/Environment.java b/src/main/java/io/managed/services/test/Environment.java
index 69c274b5..661cd2f4 100644
--- a/src/main/java/io/managed/services/test/Environment.java
+++ b/src/main/java/io/managed/services/test/Environment.java
@@ -97,8 +97,7 @@ public class Environment {
     private static final String STRATOSPHERE_SCENARIO_3_AWS_ACCOUNT_ID_ENV = "STRATOSPHERE_SCENARIO_3_AWS_ACCOUNT_ID";
     private static final String STRATOSPHERE_SCENARIO_3_RHM_ACCOUNT_ID_ENV = "STRATOSPHERE_SCENARIO_3_RHM_ACCOUNT_ID";
     private static final String STRATOSPHERE_SCENARIO_4_AWS_ACCOUNT_ID_ENV = "STRATOSPHERE_SCENARIO_4_AWS_ACCOUNT_ID";
-
-    private static final String PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN_ENV = "PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN";
+    private static final String AWS_DATA_PLANE_ACCESS_TOKEN_ENV = "AWS_DATA_PLANE_ACCESS_TOKEN";
     private static final String PROMETHEUS_WEB_CLIENT_ROUTE_ENV = "PROMETHEUS_WEB_CLIENT_ROUTE";
 
     private static final String STAGE_DATA_PLANE_ADMIN_CLIENT_ID_ENV = "STAGE_DATA_PLANE_ADMIN_CLIENT_ID";
@@ -198,7 +197,7 @@ public class Environment {
     public static final String STRATOSPHERE_SCENARIO_3_RHM_ACCOUNT_ID = getOrDefault(STRATOSPHERE_SCENARIO_3_RHM_ACCOUNT_ID_ENV, null);
     public static final String STRATOSPHERE_SCENARIO_4_AWS_ACCOUNT_ID = getOrDefault(STRATOSPHERE_SCENARIO_4_AWS_ACCOUNT_ID_ENV, null);
 
-    public static final String PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN = getOrDefault(PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN_ENV, null);
+    public static final String AWS_DATA_PLANE_ACCESS_TOKEN = getOrDefault(AWS_DATA_PLANE_ACCESS_TOKEN_ENV, null);
     public static final String PROMETHEUS_WEB_CLIENT_ROUTE = getOrDefault(PROMETHEUS_WEB_CLIENT_ROUTE_ENV, "https://obs-prometheus-managed-application-services-observability.apps.mk-stage-0622.bd59.p1.openshiftapps.com");
 
 
diff --git a/src/test/java/io/managed/services/test/billing/BillingMetricsTest.java b/src/test/java/io/managed/services/test/billing/BillingMetricsTest.java
index 1b2c8ad1..75db9e5a 100644
--- a/src/test/java/io/managed/services/test/billing/BillingMetricsTest.java
+++ b/src/test/java/io/managed/services/test/billing/BillingMetricsTest.java
@@ -51,7 +51,7 @@
  * <b>Requires:</b>
  * <ul>
  *     <li> PRIMARY_OFFLINE_TOKEN
- *     <li> PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN
+ *     <li> AWS_DATA_PLANE_ACCESS_TOKEN
  * </ul>
  */
 @Log4j2
@@ -89,7 +89,7 @@ public class BillingMetricsTest extends TestBase {
     @SneakyThrows
     public void bootstrap() {
         assertNotNull(Environment.PRIMARY_OFFLINE_TOKEN, "the PRIMARY_OFFLINE_TOKEN env is null");
-        assertNotNull(Environment.PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN, "the PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN env is null");
+        assertNotNull(Environment.AWS_DATA_PLANE_ACCESS_TOKEN, "the AWS_DATA_PLANE_ACCESS_TOKEN env is null");
 
         var apps = ApplicationServicesApi.applicationServicesApi(Environment.PRIMARY_OFFLINE_TOKEN);
 
@@ -106,7 +106,7 @@ public void bootstrap() {
         this.prometheusWebClient = new PrometheusWebClientBuilder()
             .withBaseUrl(Environment.PROMETHEUS_WEB_CLIENT_ROUTE)
             .withUrlResourcePath("/api/v1/query")
-            .addHeaderEntry("Authorization", "Bearer " + Environment.PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN)
+            .addHeaderEntry("Authorization", "Bearer " + Environment.AWS_DATA_PLANE_ACCESS_TOKEN)
             .build();
 
         // Create Kafka Instance
diff --git a/src/test/java/io/managed/services/test/cluster/DataPlaneClusterTest.java b/src/test/java/io/managed/services/test/cluster/DataPlaneClusterTest.java
index 48260fcb..2ccb6c77 100644
--- a/src/test/java/io/managed/services/test/cluster/DataPlaneClusterTest.java
+++ b/src/test/java/io/managed/services/test/cluster/DataPlaneClusterTest.java
@@ -50,7 +50,8 @@
  * <p>
  * <b>Requires:</b>
  * <ul>
- *     <li> PRIMARY_OFFLINE_TOKEN
+ *     <li> PRIMARY_OFFLINE_TOKEN </>
+ *     <li> AWS_DATA_PLANE_ACCESS_TOKEN_ENV </>
  * </ul>
  */
 @Log4j2
@@ -59,8 +60,6 @@ public class DataPlaneClusterTest extends TestBase {
     static final String KAFKA_INSTANCE_NAME = "cl-e2e-" + Environment.LAUNCH_SUFFIX;
 
     private OpenShiftClient oc;
-
-    private static final String KAFKAS_MGMT_120_CODE = "KAFKAS-MGMT-120";
     private static final String KAFKAS_MGMT_21_CODE = "KAFKAS-MGMT-21";
     private static final String KAFKAS_MGMT_24_CODE = "KAFKAS-MGMT-24";
     private static final String PLAN_STANDARD = "standard.x1";
@@ -74,7 +73,7 @@ public void bootstrap() {
         log.info("build config");
         Config config = new ConfigBuilder()
             .withMasterUrl("https://api.mk-stage-0622.bd59.p1.openshiftapps.com:6443")
-            .withOauthToken(Environment.PROMETHEUS_WEB_CLIENT_ACCESS_TOKEN)
+            .withOauthToken(Environment.AWS_DATA_PLANE_ACCESS_TOKEN)
             .withTrustCerts(true)
             .build();
         log.info("init openshift client");

From 0e4646a377f5f2d65be9e43717e15f6b5192ee8d Mon Sep 17 00:00:00 2001
From: hzrncik <hzrncik@redhat.com>
Date: Thu, 30 Mar 2023 09:32:31 +0200
Subject: [PATCH 2/2] README: add steps necssary to set up token refresher
 container

---
 README.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/README.md b/README.md
index 9f3fc570..a3fb9c59 100644
--- a/README.md
+++ b/README.md
@@ -242,6 +242,18 @@ https://github.com/redhat-developer/app-services-operator/tree/main/olm/olm-cata
 
 and update the property `rhoas-model.version` in `pom.xml`.
 
+### start token refresher cotainer to access observatorium
+Class `BillingMetricTest` queries Observatorium. To do so it needs to obtain token which is obtained from local container.
+To start this process locally, you need a container runtime (Docker) and run following scripts with described environment variables: 
+- `OBSERVATORIUM_CLIENT_ID`
+- `OBSERVATORIUM_CLIENT_SECRET`
+- `OBSERVATORIUM_OIDC_ISSUER_URL`
+- `OBSERVATORIUM_URL`
+
+```shell
+./hack/run-token-refresher.sh
+```
+
 ## Maintainers
 
 * David Kornel <kornys@outlook.com>