feat: Add validation for OCP AI add-ons

[zikra-iqbal]

Description

Added validation for OCP AI add-ons by retrieving the openshift-ai version and its supported OpenShift range via the API used by the CLI command ibmcloud oc cluster addon versions --output json, using the external data block.

data "ibm_iam_auth_token" "tokendata" {}

data "external" "ocp_addon_versions" {
  program = ["python3", "${path.module}/scripts/get_ocp_addon_versions.py"]
  query = {
    IAM_TOKEN = sensitive(data.ibm_iam_auth_token.tokendata.iam_access_token)
    region    = var.region
  }
}

Added a Python script scripts/get_ocp_addon_versions.py that retrieves the available OpenShift add-on versions. It is a generic script that can be used for add-on validations in the future and is not restricted to the OCP AI Add-on.

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Add validation for OCP AI add-ons.

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[ocofaigh]

@zikra-iqbal several times I mentioned not to use the CLI, but use the api the CLI calls - please re-check the issue details. Infact a python script might be better to use here if we are working directly with json (just don't use the requests pip package - use the inbuilt python http library)

[zikra-iqbal]

@zikra-iqbal several times I mentioned not to use the CLI, but use the api the CLI calls - please re-check the issue details. Infact a python script might be better to use here if we are working directly with json (just don't use the requests pip package - use the inbuilt python http library)

@ocofaigh, I’m working on a Python script. I added this validation at the root level and to run the script ibmcloud_api_key is required . But there is no ibmcloud_api_key defined at the root level.
Should I add ibmcloud_api_key in the variables.tf file or create a submodule? Please suggest.

[ocofaigh]

@zikra-iqbal You don't need to add a ibmcloud_api_key input. Instead you can generate a bearer token in terraform using the ibm_iam_auth_token data resource and pass the token to the script as an environment variable.

[zikra-iqbal]

• OCP AI add-on version: 417 and OCP version: 416

• OCP AI add-on version: 419 and OCP version: 418

• OCP AI add-on version: 416 and OCP version: 418

• OCP AI add-on version: 417 and OCP version: 417

[ocofaigh]

This looks promising - I left some comments. Please show in todays playback.
I'm also wondering if it could be extended to validate any of the addons, not just AI? We can discuss later.

[ocofaigh]

We need an environment variable override here to support other environments such as test.cloud.ibm.com. So you should refactor this to allow the user to pass an enviornmeent variable named IBMCLOUD_CS_API_ENDPOINT. If user does not specify the enviornment variable, the default value should be https://containers.test.cloud.ibm.com/global as per the provider docs:

[zikra-iqbal]

Done.