opendatahub-io
diff --git a/‎tests/model_registry/async_job/__init__.py‎ b/‎tests/model_registry/async_job/__init__.py‎
diff --git a/‎tests/model_registry/async_job/conftest.py‎
Lines changed: 131 additions & 0 deletions b/‎tests/model_registry/async_job/conftest.py‎
Lines changed: 131 additions & 0 deletions
diff --git a/‎tests/model_registry/async_job/test_basic_oci_registry.py‎
Lines changed: 66 additions & 0 deletions b/‎tests/model_registry/async_job/test_basic_oci_registry.py‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎tests/model_registry/async_job/utils.py‎
Lines changed: 73 additions & 0 deletions b/‎tests/model_registry/async_job/utils.py‎
Lines changed: 73 additions & 0 deletions
diff --git a/‎tests/model_registry/conftest.py‎
Lines changed: 1 addition & 11 deletions b/‎tests/model_registry/conftest.py‎
Lines changed: 1 addition & 11 deletions
diff --git a/‎tests/model_registry/constants.py‎
Lines changed: 0 additions & 3 deletions b/‎tests/model_registry/constants.py‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎tests/model_registry/image_validation/test_verify_rhoai_images.py‎
Lines changed: 0 additions & 1 deletion b/‎tests/model_registry/image_validation/test_verify_rhoai_images.py‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎tests/model_registry/python_client/test_model_registry_creation.py‎
Lines changed: 0 additions & 1 deletion b/‎tests/model_registry/python_client/test_model_registry_creation.py‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎tests/model_registry/rbac/conftest.py‎
Lines changed: 1 addition & 1 deletion b/‎tests/model_registry/rbac/conftest.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/model_registry/rbac/test_mr_rbac.py‎
Lines changed: 0 additions & 1 deletion b/‎tests/model_registry/rbac/test_mr_rbac.py‎
Lines changed: 0 additions & 1 deletion
@@ -0,0 +1,131 @@
+import pytest
+from typing import Any, Generator
+import shortuuid
+from pytest import FixtureRequest
+
+from ocp_resources.namespace import Namespace
+from ocp_resources.pod import Pod
+from ocp_resources.route import Route
+from ocp_resources.service import Service
+
+from utilities.infra import create_ns
+from utilities.constants import OCIRegistry, MinIo, Protocols, Labels
+
+from kubernetes.dynamic import DynamicClient
+
+
+# OCI Registry
+@pytest.fixture(scope="class")
+def oci_namespace(admin_client: DynamicClient) -> Generator[Namespace, Any, Any]:
+    with create_ns(
+        name=f"{OCIRegistry.Metadata.NAME}-{shortuuid.uuid().lower()}",
+        admin_client=admin_client,
+    ) as ns:
+        yield ns
+
+
+@pytest.fixture(scope="class")
+def oci_registry_pod_with_minio(
+    request: FixtureRequest,
+    admin_client: DynamicClient,
+    oci_namespace: Namespace,
+    minio_service: Service,
+) -> Generator[Pod, Any, Any]:
+    pod_labels = {Labels.Openshift.APP: OCIRegistry.Metadata.NAME}
+
+    if labels := request.param.get("labels"):
+        pod_labels.update(labels)
+
+    minio_fqdn = f"{minio_service.name}.{minio_service.namespace}.svc.cluster.local"
+    minio_endpoint = f"{minio_fqdn}:{MinIo.Metadata.DEFAULT_PORT}"
+
+    with Pod(
+        client=admin_client,
+        name=OCIRegistry.Metadata.NAME,
+        namespace=oci_namespace.name,
+        containers=[
+            {
+                "args": request.param.get("args"),
+                "env": [
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_NAME", "value": OCIRegistry.Storage.STORAGE_DRIVER},
+                    {
+                        "name": "ZOT_STORAGE_STORAGEDRIVER_ROOTDIRECTORY",
+                        "value": OCIRegistry.Storage.STORAGE_DRIVER_ROOT_DIRECTORY,
+                    },
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_BUCKET", "value": MinIo.Buckets.MODELMESH_EXAMPLE_MODELS},
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_REGION", "value": OCIRegistry.Storage.STORAGE_DRIVER_REGION},
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_REGIONENDPOINT", "value": f"http://{minio_endpoint}"},
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_ACCESSKEY", "value": MinIo.Credentials.ACCESS_KEY_VALUE},
+                    {"name": "ZOT_STORAGE_STORAGEDRIVER_SECRETKEY", "value": MinIo.Credentials.SECRET_KEY_VALUE},
+                    {
+                        "name": "ZOT_STORAGE_STORAGEDRIVER_SECURE",
+                        "value": OCIRegistry.Storage.STORAGE_STORAGEDRIVER_SECURE,
+                    },
+                    {
+                        "name": "ZOT_STORAGE_STORAGEDRIVER_FORCEPATHSTYLE",
+                        "value": OCIRegistry.Storage.STORAGE_STORAGEDRIVER_FORCEPATHSTYLE,
+                    },
+                    {"name": "ZOT_HTTP_ADDRESS", "value": OCIRegistry.Metadata.DEFAULT_HTTP_ADDRESS},
+                    {"name": "ZOT_HTTP_PORT", "value": str(OCIRegistry.Metadata.DEFAULT_PORT)},
+                    {"name": "ZOT_LOG_LEVEL", "value": "info"},
+                ],
+                "image": request.param.get("image", OCIRegistry.PodConfig.REGISTRY_IMAGE),
+                "name": OCIRegistry.Metadata.NAME,
+                "securityContext": {
+                    "allowPrivilegeEscalation": False,
+                    "capabilities": {"drop": ["ALL"]},
+                    "runAsNonRoot": True,
+                    "seccompProfile": {"type": "RuntimeDefault"},
+                },
+                "volumeMounts": [
+                    {
+                        "name": "zot-data",
+                        "mountPath": "/var/lib/registry",
+                    }
+                ],
+            }
+        ],
+        volumes=[
+            {
+                "name": "zot-data",
+                "emptyDir": {},
+            }
+        ],
+        label=pod_labels,
+        annotations=request.param.get("annotations"),
+    ) as oci_pod:
+        oci_pod.wait_for_condition(condition="Ready", status="True")
+        yield oci_pod
+
+
+@pytest.fixture(scope="class")
+def oci_registry_service(admin_client: DynamicClient, oci_namespace: Namespace) -> Generator[Service, Any, Any]:
+    with Service(
+        client=admin_client,
+        name=OCIRegistry.Metadata.NAME,
+        namespace=oci_namespace.name,
+        ports=[
+            {
+                "name": f"{OCIRegistry.Metadata.NAME}-port",
+                "port": OCIRegistry.Metadata.DEFAULT_PORT,
+                "protocol": Protocols.TCP,
+                "targetPort": OCIRegistry.Metadata.DEFAULT_PORT,
+            }
+        ],
+        selector={
+            Labels.Openshift.APP: OCIRegistry.Metadata.NAME,
+        },
+        session_affinity="ClientIP",
+    ) as oci_service:
+        yield oci_service
+
+
+@pytest.fixture(scope="class")
+def oci_registry_route(admin_client: DynamicClient, oci_registry_service: Service) -> Generator[Route, Any, Any]:
+    with Route(
+        client=admin_client,
+        name=OCIRegistry.Metadata.NAME,
+        namespace=oci_registry_service.namespace,
+        service=oci_registry_service.name,
+    ) as oci_route:
+        yield oci_route
@@ -0,0 +1,66 @@
+import pytest
+import json
+
+from ocp_resources.route import Route
+
+from utilities.constants import OCIRegistry, MinIo
+from simple_logger.logger import get_logger
+from tests.model_registry.async_job.utils import (
+    push_blob_to_oci_registry,
+    create_manifest,
+    push_manifest_to_oci_registry,
+    pull_manifest_from_oci_registry,
+)
+
+LOGGER = get_logger(name=__name__)
+
+
+@pytest.mark.parametrize(
+    "minio_pod, oci_registry_pod_with_minio",
+    [
+        pytest.param(
+            MinIo.PodConfig.MODEL_MESH_MINIO_CONFIG,
+            OCIRegistry.PodConfig.REGISTRY_BASE_CONFIG,
+        )
+    ],
+    indirect=True,
+)
+@pytest.mark.usefixtures("minio_pod", "oci_registry_pod_with_minio", "oci_registry_route")
+class TestOciRegistry:
+    """
+    Temporary test for OCI registry deployment functionality using MinIO backend
+    It will be replaced with a more comprehensive e2e test as part of https://issues.redhat.com/browse/RHOAISTRAT-456
+    """
+
+    def test_oci_registry_push_and_pull_operations(
+        self,
+        oci_registry_route: Route,
+    ) -> None:
+        """Test pushing and pulling content to/from the OCI registry with MinIO backend."""
+
+        registry_host = oci_registry_route.instance.spec.host
+        registry_url = f"http://{registry_host}"
+
+        LOGGER.info(f"Testing OCI registry at: {registry_url}")
+        test_repo = "test/simple-artifact"
+        test_tag = "v1.0"
+        test_data = b"Hello from OCI registry test! This could be model data stored in MinIO."
+
+        blob_digest = push_blob_to_oci_registry(registry_url=registry_url, data=test_data, repo=test_repo)
+
+        config_data = {"architecture": "amd64", "os": "linux"}
+        config_json = json.dumps(config_data, separators=(",", ":")).encode("utf-8")
+        config_digest = push_blob_to_oci_registry(registry_url=registry_url, data=config_json, repo=test_repo)
+
+        manifest = create_manifest(
+            blob_digest=blob_digest, config_json=config_json, config_digest=config_digest, data=test_data
+        )
+
+        push_manifest_to_oci_registry(registry_url=registry_url, manifest=manifest, repo=test_repo, tag=test_tag)
+
+        manifest_get = pull_manifest_from_oci_registry(registry_url=registry_url, repo=test_repo, tag=test_tag)
+
+        assert manifest_get["schemaVersion"] == 2
+        assert manifest_get["config"]["digest"] == config_digest
+        assert len(manifest_get["layers"]) == 1
+        assert manifest_get["layers"][0]["digest"] == blob_digest
@@ -0,0 +1,73 @@
+import hashlib
+import requests
+import json
+
+from simple_logger.logger import get_logger
+
+LOGGER = get_logger(name=__name__)
+
+
+def push_blob_to_oci_registry(registry_url: str, data: bytes, repo: str = "test/simple-artifact") -> str:
+    """
+    Push a blob to an OCI registry.
+    https://specs.opencontainers.org/distribution-spec/?v=v1.0.0#pushing-blobs
+    POST to /v2/<repo>/blobs/uploads/ in order to initiate the upload
+    The response will contain a Location header that contains the upload URL
+    PUT to the Location URL with the data to be uploaded
+    """
+
+    blob_digest = f"sha256:{hashlib.sha256(data).hexdigest()}"
+
+    LOGGER.info(f"Pushing blob with digest: {blob_digest}")
+
+    upload_response = requests.post(f"{registry_url}/v2/{repo}/blobs/uploads/", timeout=10)
+    LOGGER.info(f"Blob upload initiation: {upload_response.status_code}")
+    assert upload_response.status_code == 202, f"Failed to initiate blob upload: {upload_response.status_code}"
+
+    upload_location = upload_response.headers.get("Location")
+    LOGGER.info(f"Upload location: {upload_location}")
+    base_url = f"{registry_url}{upload_location}"
+    upload_url = f"{base_url}?digest={blob_digest}"
+    response = requests.put(url=upload_url, data=data, headers={"Content-Type": "application/octet-stream"}, timeout=10)
+    assert response.status_code == 201, f"Failed to upload blob: {response.status_code}"
+    return blob_digest
+
+
+def create_manifest(blob_digest: str, config_json: str, config_digest: str, data: bytes) -> bytes:
+    """Create a manifest for an OCI registry."""
+
+    manifest = {
+        "schemaVersion": 2,
+        "mediaType": "application/vnd.oci.image.manifest.v1+json",
+        "config": {
+            "mediaType": "application/vnd.oci.image.config.v1+json",
+            "size": len(config_json),
+            "digest": config_digest,
+        },
+        "layers": [{"mediaType": "application/vnd.oci.image.layer.v1.tar", "size": len(data), "digest": blob_digest}],
+    }
+
+    return json.dumps(manifest, separators=(",", ":")).encode("utf-8")
+
+
+def push_manifest_to_oci_registry(registry_url: str, manifest: bytes, repo: str, tag: str) -> None:
+    """Push a manifest to an OCI registry."""
+    response = requests.put(
+        f"{registry_url}/v2/{repo}/manifests/{tag}",
+        data=manifest,
+        headers={"Content-Type": "application/vnd.oci.image.manifest.v1+json"},
+        timeout=10,
+    )
+    assert response.status_code == 201, f"Failed to push manifest: {response.status_code}"
+
+
+def pull_manifest_from_oci_registry(registry_url: str, repo: str, tag: str) -> dict:
+    """Pull a manifest from an OCI registry."""
+    response = requests.get(
+        f"{registry_url}/v2/{repo}/manifests/{tag}",
+        headers={"Accept": "application/vnd.oci.image.manifest.v1+json"},
+        timeout=10,
+    )
+    LOGGER.info(f"Manifest pull: {response.status_code}")
+    assert response.status_code == 200, f"Failed to pull manifest: {response.status_code}"
+    return response.json()
@@ -62,7 +62,6 @@ def model_registry_db_service(
     admin_client: DynamicClient,
     teardown_resources: bool,
     model_registry_namespace: str,
-    is_model_registry_oauth: bool,
 ) -> Generator[list[Service], Any, Any]:
     num_resources = getattr(request, "param", {}).get("num_resources", 1)
     if pytestconfig.option.post_upgrade:
@@ -89,7 +88,6 @@ def model_registry_db_pvc(
     admin_client: DynamicClient,
     teardown_resources: bool,
     model_registry_namespace: str,
-    is_model_registry_oauth: bool,
 ) -> Generator[list[PersistentVolumeClaim], Any, Any]:
     num_resources = getattr(request, "param", {}).get("num_resources", 1)
     if pytestconfig.option.post_upgrade:
@@ -116,7 +114,6 @@ def model_registry_db_secret(
     admin_client: DynamicClient,
     teardown_resources: bool,
     model_registry_namespace: str,
-    is_model_registry_oauth: bool,
 ) -> Generator[list[Secret], Any, Any]:
     num_resources = getattr(request, "param", {}).get("num_resources", 1)
     if pytestconfig.option.post_upgrade:
@@ -143,7 +140,6 @@ def model_registry_db_deployment(
     admin_client: DynamicClient,
     teardown_resources: bool,
     model_registry_namespace: str,
-    is_model_registry_oauth: bool,
 ) -> Generator[list[Deployment], Any, Any]:
     num_resources = getattr(request, "param", {}).get("num_resources", 1)
     if pytestconfig.option.post_upgrade:
@@ -182,7 +178,6 @@ def model_registry_instance_mysql(
     admin_client: DynamicClient,
     teardown_resources: bool,
     model_registry_namespace: str,
-    is_model_registry_oauth: bool,
 ) -> Generator[list[Any], Any, Any]:
     """Creates a model registry instance with oauth proxy configuration."""
     param = getattr(request, "param", {})
@@ -257,7 +252,7 @@ def updated_dsc_component_state_scope_class(
                 dsc_resource.wait_for_condition(
                     condition=DscComponents.COMPONENT_MAPPING[component_name], status="True"
                 )
-            namespace = Namespace(name=py_config["model_registry_namespace"], ensure_exists=True)
+            namespace = Namespace(name=py_config["model_registry_namespace"], wait_for_resource=True)
             namespace.wait_for_status(status=Namespace.Status.ACTIVE)
             wait_for_pods_running(
                 admin_client=admin_client,
@@ -455,11 +450,6 @@ def delete_mr_deployment() -> None:
     mr_deployment.delete(wait=True)
 
 
-@pytest.fixture(scope="class")
-def is_model_registry_oauth(request: FixtureRequest) -> bool:
-    return getattr(request, "param", {}).get("use_oauth_proxy", True)
-
-
 @pytest.fixture(scope="session")
 def api_server_url(admin_client: DynamicClient) -> str:
     infrastructure = Infrastructure(client=admin_client, name="cluster", ensure_exists=True)
 
@@ -28,9 +28,6 @@ class ModelRegistryEndpoints:
 MR_INSTANCE_BASE_NAME: str = "model-registry"
 MR_INSTANCE_NAME: str = f"{MR_INSTANCE_BASE_NAME}0"
 SECURE_MR_NAME: str = "secure-db-mr"
-ISTIO_CONFIG_DICT: dict[str, Any] = {
-    "gateway": {"grpc": {"tls": {}}, "rest": {"tls": {}}},
-}
 OAUTH_PROXY_CONFIG_DICT: dict[str, Any] = {
     "port": 8443,
     "routePort": 443,
 
@@ -13,7 +13,6 @@
 
 @pytest.mark.usefixtures(
     "updated_dsc_component_state_scope_class",
-    "is_model_registry_oauth",
     "mysql_metadata_resources",
     "model_registry_instance_mysql",
 )
 
@@ -31,7 +31,6 @@
 )
 @pytest.mark.usefixtures(
     "updated_dsc_component_state_scope_class",
-    "is_model_registry_oauth",
     "model_registry_namespace",
     "model_registry_db_secret",
     "model_registry_db_pvc",
 
@@ -451,7 +451,7 @@ def updated_dsc_component_state_parametrized(
         dsc_resource.wait_for_condition(
             condition=DscComponents.COMPONENT_MAPPING[DscComponents.MODELREGISTRY], status="True"
         )
-        namespace = Namespace(name=namespace_name, ensure_exists=True)
+        namespace = Namespace(name=namespace_name, wait_for_resource=True)
         namespace.wait_for_status(status=Namespace.Status.ACTIVE)
         wait_for_pods_running(
             admin_client=admin_client,
 
@@ -40,7 +40,6 @@
 
 @pytest.mark.usefixtures(
     "updated_dsc_component_state_scope_class",
-    "is_model_registry_oauth",
     "mysql_metadata_resources",
     "model_registry_instance_mysql",
 )
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,6 @@`
`13`	`13`
`14`	`14`	`@pytest.mark.usefixtures(`
`15`	`15`	`"updated_dsc_component_state_scope_class",`
`16`		`- "is_model_registry_oauth",`
`17`	`16`	`"mysql_metadata_resources",`
`18`	`17`	`"model_registry_instance_mysql",`
`19`	`18`	`)`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,6 @@`
`31`	`31`	`)`
`32`	`32`	`@pytest.mark.usefixtures(`
`33`	`33`	`"updated_dsc_component_state_scope_class",`
`34`		`- "is_model_registry_oauth",`
`35`	`34`	`"model_registry_namespace",`
`36`	`35`	`"model_registry_db_secret",`
`37`	`36`	`"model_registry_db_pvc",`
Original file line number	Diff line number	Diff line change
`@@ -451,7 +451,7 @@ def updated_dsc_component_state_parametrized(`
`451`	`451`	`dsc_resource.wait_for_condition(`
`452`	`452`	`condition=DscComponents.COMPONENT_MAPPING[DscComponents.MODELREGISTRY], status="True"`
`453`	`453`	`)`
`454`		`- namespace = Namespace(name=namespace_name, ensure_exists=True)`
	`454`	`+ namespace = Namespace(name=namespace_name, wait_for_resource=True)`
`455`	`455`	`namespace.wait_for_status(status=Namespace.Status.ACTIVE)`
`456`	`456`	`wait_for_pods_running(`
`457`	`457`	`admin_client=admin_client,`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,6 @@`
`40`	`40`
`41`	`41`	`@pytest.mark.usefixtures(`
`42`	`42`	`"updated_dsc_component_state_scope_class",`
`43`		`- "is_model_registry_oauth",`
`44`	`43`	`"mysql_metadata_resources",`
`45`	`44`	`"model_registry_instance_mysql",`
`46`	`45`	`)`