[bug-1581]: Offline bundle contains Authorization v2 server images

[atye]

Description

bundle/manifests/dell-csm-operator.clusterserviceversion.yaml, used to build an image manifest when building the offline bundle, is updated with the Authorization Server images.

• Authorization v2 sample is created under config/samples for make bundle to generate an Authorization section in alm-examples in the bundle CSV.
• bundle/manifests/csm-config-params_v1_configmap.yaml is created because the Authorization v2 sample file contains this
• csm-authorization-sidecar images tags in the driver config/samples now use v2.0.0 to point to the latest release
• RELATED_IMAGE environment variables and fields are updated with Authorization v2

GitHub Issues

List the GitHub issues impacted by this PR:

GitHub Issue #
dell/csm#1581

Checklist:

• I have performed a self-review of my own code to ensure there are no formatting, vetting, linting, or security issues
• I have verified that new and existing unit tests pass locally with my changes
• I have not allowed coverage numbers to degenerate
• I have maintained at least 90% code coverage
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I have maintained backward compatibility

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

Built the offline bundle, prepared it, and successfully installed Authorization v2.

e2e with Authorization v2 without the bundle:

 # ./run-e2e-test.sh --auth-proxy
Checking for dellctl - AUTHORIZATIONPROXYSERVER
/root/csm-operator/tests/e2e
  W1119 16:59:47.359073   23554 test_context.go:538] Unable to find in-cluster config, using default host : https://127.0.0.1:6443
  I1119 16:59:47.359310 23554 test_context.go:561] The --provider flag is not set. Continuing as if --provider=skeleton had been used.
Running Suite: CSM Operator End-to-End Tests - /root/csm-operator/tests/e2e
===========================================================================
Random Seed: 1732035575

Will run 1 of 1 specs
------------------------------
[BeforeSuite]
/root/csm-operator/tests/e2e/e2e_test.go:98
  STEP: Getting test environment variables @ 11/19/24 16:59:47.359
  STEP: [authorization authorizationproxyserver] @ 11/19/24 16:59:47.359
  STEP: Reading values file @ 11/19/24 16:59:47.359
  STEP: Getting a k8s client @ 11/19/24 16:59:47.362
[BeforeSuite] PASSED [0.007 seconds]
------------------------------
[run-e2e-test] E2E Testing Running all test Given Test Scenarios
/root/csm-operator/tests/e2e/e2e_test.go:139
  STEP: Starting: Install Authorization Proxy Server V2  @ 11/19/24 16:59:47.366
  STEP: Returning false here @ 11/19/24 16:59:47.366
  STEP:      Executing  Given an environment with k8s or openshift, and CSM operator installed @ 11/19/24 16:59:47.366
  STEP:      Executing  Install Authorization CRDs [2] @ 11/19/24 16:59:47.459
  STEP:      Executing  Create [authorization-proxy-server] prerequisites from CR [1] @ 11/19/24 16:59:47.892
=== Creating Authorization Proxy Server Prerequisites ===

Deleting all CSM from namespace: authorization
  STEP:      Executing  Apply custom resource [1] @ 11/19/24 16:59:57.563
  I1119 16:59:57.568131 23554 builder.go:121] Running '/usr/local/bin/kubectl --namespace=authorization apply --validate=true -f -'
  I1119 16:59:58.113379 23554 builder.go:146] stderr: ""
  I1119 16:59:58.113462 23554 builder.go:147] stdout: "containerstoragemodule.storage.dell.com/authorization created\nconfigmap/csm-config-params created\n"
  STEP:      Executing  Validate [authorization-proxy-server] module from CR [1] is installed @ 11/19/24 16:59:58.113

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The pod(proxy-server-57b5bd9699-lmbvc) is Pending
The pod(role-service-5967bcbbf-fg4w9) is Pending
The pod(tenant-service-86dc6649bf-26kpd) is Pending

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 10s restarting failed container=proxy-server pod=proxy-server-57b5bd9699-lmbvc_authorization(1ed6deed-8e5d-4aa5-b55e-b859d5bffb88),} nil nil}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 10s restarting failed container=tenant-service pod=tenant-service-86dc6649bf-26kpd_authorization(e2dc9774-8169-4031-a801-2ed3aa064cd5),} nil nil}

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 20s restarting failed container=proxy-server pod=proxy-server-57b5bd9699-lmbvc_authorization(1ed6deed-8e5d-4aa5-b55e-b859d5bffb88),} nil nil}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 20s restarting failed container=tenant-service pod=tenant-service-86dc6649bf-26kpd_authorization(e2dc9774-8169-4031-a801-2ed3aa064cd5),} nil nil}

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {nil nil &ContainerStateTerminated{ExitCode:1,Signal:0,Reason:Error,Message:,StartedAt:2024-11-19 17:01:04 +0000 UTC,FinishedAt:2024-11-19 17:01:04 +0000 UTC,ContainerID:containerd://115da6a4aaa8233742c870287e02ea8277d5e431e7ea2807db77179a9523003c,}}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {nil nil &ContainerStateTerminated{ExitCode:1,Signal:0,Reason:Error,Message:,StartedAt:2024-11-19 17:01:06 +0000 UTC,FinishedAt:2024-11-19 17:01:06 +0000 UTC,ContainerID:containerd://b44ffe90c4c4739ac1f7ed0ff9d30c07c5aba648d5de52400747084ecbaf09dc,}}

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 40s restarting failed container=proxy-server pod=proxy-server-57b5bd9699-lmbvc_authorization(1ed6deed-8e5d-4aa5-b55e-b859d5bffb88),} nil nil}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 40s restarting failed container=tenant-service pod=tenant-service-86dc6649bf-26kpd_authorization(e2dc9774-8169-4031-a801-2ed3aa064cd5),} nil nil}

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {nil nil &ContainerStateTerminated{ExitCode:1,Signal:0,Reason:Error,Message:,StartedAt:2024-11-19 17:01:46 +0000 UTC,FinishedAt:2024-11-19 17:01:46 +0000 UTC,ContainerID:containerd://64c9c490949854fd33f448404b777ea706874f931ade1c4fc922a28b78e699b8,}}
The pod(sentinel-1) is Pending
The container(storage-service) in pod(storage-service-79f4b85947-nw22f) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 10s restarting failed container=storage-service pod=storage-service-79f4b85947-nw22f_authorization(c5c21c8a-e3b1-4cf9-8f29-37c3ed419ee3),} nil nil}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 40s restarting failed container=tenant-service pod=tenant-service-86dc6649bf-26kpd_authorization(e2dc9774-8169-4031-a801-2ed3aa064cd5),} nil nil}

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 1m20s restarting failed container=proxy-server pod=proxy-server-57b5bd9699-lmbvc_authorization(1ed6deed-8e5d-4aa5-b55e-b859d5bffb88),} nil nil}
The container(storage-service) in pod(storage-service-79f4b85947-nw22f) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 20s restarting failed container=storage-service pod=storage-service-79f4b85947-nw22f_authorization(c5c21c8a-e3b1-4cf9-8f29-37c3ed419ee3),} nil nil}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {nil nil &ContainerStateTerminated{ExitCode:1,Signal:0,Reason:Error,Message:,StartedAt:2024-11-19 17:01:58 +0000 UTC,FinishedAt:2024-11-19 17:01:58 +0000 UTC,ContainerID:containerd://360fcad4110c64fe48d65fcf59192469c58c40da62c2ba8dda16a3daf0465885,}}

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 1m20s restarting failed container=proxy-server pod=proxy-server-57b5bd9699-lmbvc_authorization(1ed6deed-8e5d-4aa5-b55e-b859d5bffb88),} nil nil}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 1m20s restarting failed container=tenant-service pod=tenant-service-86dc6649bf-26kpd_authorization(e2dc9774-8169-4031-a801-2ed3aa064cd5),} nil nil}

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 1m20s restarting failed container=proxy-server pod=proxy-server-57b5bd9699-lmbvc_authorization(1ed6deed-8e5d-4aa5-b55e-b859d5bffb88),} nil nil}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 1m20s restarting failed container=tenant-service pod=tenant-service-86dc6649bf-26kpd_authorization(e2dc9774-8169-4031-a801-2ed3aa064cd5),} nil nil}

err: failed to check for AuthorizationProxyServer installation in default-source-cluster:
The container(proxy-server) in pod(proxy-server-57b5bd9699-lmbvc) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 1m20s restarting failed container=proxy-server pod=proxy-server-57b5bd9699-lmbvc_authorization(1ed6deed-8e5d-4aa5-b55e-b859d5bffb88),} nil nil}
The container(tenant-service) in pod(tenant-service-86dc6649bf-26kpd) is {&ContainerStateWaiting{Reason:CrashLoopBackOff,Message:back-off 1m20s restarting failed container=tenant-service pod=tenant-service-86dc6649bf-26kpd_authorization(e2dc9774-8169-4031-a801-2ed3aa064cd5),} nil nil}
  STEP:      Executing  Configure authorization-proxy-server for [powerflex] for CR [1] @ 11/19/24 17:03:49.3
=== Configuring Authorization Proxy Server ===
Address: csm-authorization.com
=== Generating Admin Token ===
=== Writing Admin Token to Tmp File ===

=== Creating Storage, Role, and Tenant ===

=== Storage, Role, and Tenant ===
 /usr/local/bin/kubectl apply -f testfiles/authorization-templates/storage_csm_authorization_crs_powerflex.yaml
Waiting 5 seconds before generating token.
=== Generating token ===

=== Token ===
 /usr/local/bin/dellctl generate token --admin-token /tmp/adminToken.yaml --access-token-expiration 10m0s --refresh-token-expiration 48h --tenant csmtenant-powerflex --insecure --addr csm-authorization.com:31963
=== Applying token ===


err: failed to apply token: exit status 1
ErrMessage:
Error from server (NotFound): error when creating "/tmp/token.yaml": namespaces "test-vxflexos" not found

=== Configuring Authorization Proxy Server ===
Address: csm-authorization.com
=== Generating Admin Token ===
=== Writing Admin Token to Tmp File ===

=== Creating Storage, Role, and Tenant ===

=== Storage, Role, and Tenant ===
 /usr/local/bin/kubectl apply -f testfiles/authorization-templates/storage_csm_authorization_crs_powerflex.yaml
Waiting 5 seconds before generating token.
=== Generating token ===

=== Token ===
 /usr/local/bin/dellctl generate token --admin-token /tmp/adminToken.yaml --access-token-expiration 10m0s --refresh-token-expiration 48h --tenant csmtenant-powerflex --insecure --addr csm-authorization.com:31963
=== Applying token ===

=== Token Applied ===

  STEP:      Executing  Delete Authorization CRs for [powerflex] @ 11/19/24 17:04:11.613
  STEP:      Executing  Delete custom resource [1] @ 11/19/24 17:04:12.327
  STEP:      Executing  Delete Authorization CRDs [2] @ 11/19/24 17:04:12.376
  STEP: Ending: Install Authorization Proxy Server V2
   @ 11/19/24 17:04:12.658
• [270.293 seconds]
------------------------------

Ran 1 of 1 Specs in 270.300 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 0 Skipped
PASS

Ginkgo ran 1 suite in 4m41.804184588s
Test Suite Passed

[ChristianAtDell]

Were any E2E scenarios run for this PR? Should they have been? It looks like pretty much everything here is changes to the baseline YAML configurations.

[atye]

Were any E2E scenarios run for this PR? Should they have been? It looks like pretty much everything here is changes to the baseline YAML configurations.

Not initially because I tested the offline bundle manually. I updated the description with an e2e run for Authorization v2 using this scenario:

- scenario: "Install Authorization Proxy Server V2"
  paths:
    - "testfiles/authorization-templates/storage_csm_authorization_v2_proxy_server.yaml"
    - "testfiles/authorization-templates/storage_csm_authorization_v2_crds.yaml"
  tags:
    - "authorizationproxyserver"
  steps:
    - "Given an environment with k8s or openshift, and CSM operator installed"
    - "Install Authorization CRDs [2]"
    - "Create [authorization-proxy-server] prerequisites from CR [1]"
    - "Apply custom resource [1]"
    - "Validate [authorization-proxy-server] module from CR [1] is installed"
    - "Configure authorization-proxy-server for [powerflex] for CR [1]"
    - "Delete Authorization CRs for [powerflex]"
    - "Delete custom resource [1]"
    - "Delete Authorization CRDs [2]"