{"id":36753786,"url":"https://github.com/openshift-hyperfleet/adapter-validation-gcp","last_synced_at":"2026-01-12T12:47:39.091Z","repository":{"id":329050101,"uuid":"1108846810","full_name":"openshift-hyperfleet/adapter-validation-gcp","owner":"openshift-hyperfleet","description":"The validation adapter used for GCP HCP preflight validations","archived":false,"fork":false,"pushed_at":"2025-12-31T05:46:39.000Z","size":49,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-02T18:22:14.930Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openshift-hyperfleet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-03T02:04:02.000Z","updated_at":"2025-12-31T05:46:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/openshift-hyperfleet/adapter-validation-gcp","commit_stats":null,"previous_names":["openshift-hyperfleet/adapter-validation-gcp"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/openshift-hyperfleet/adapter-validation-gcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-hyperfleet%2Fadapter-validation-gcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-hyperfleet%2Fadapter-validation-gcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-hyperfleet%2Fadapter-validation-gcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-hyperfleet%2Fadapter-validation-gcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openshift-hyperfleet","download_url":"https://codeload.github.com/openshift-hyperfleet/adapter-validation-gcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift-hyperfleet%2Fadapter-validation-gcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28338983,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T12:22:26.515Z","status":"ssl_error","status_checked_at":"2026-01-12T12:22:10.856Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-12T12:47:39.024Z","updated_at":"2026-01-12T12:47:39.082Z","avatar_url":"https://github.com/openshift-hyperfleet.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HyperFleet GCP Validation Adapter\n\nEvent-driven adapter for HyperFleet GCP cluster validation. Validates GCP cluster configurations and prerequisites before provisioning. Consumes CloudEvents from message brokers (GCP Pub/Sub, RabbitMQ), processes AdapterConfig, manages validation jobs in Kubernetes, and reports status via API.\n\n## Table of Contents\n\n- [Prerequisites](#prerequisites)\n- [Deployment Modes](#deployment-modes)\n- [Local Development](#local-development)\n- [Helm Chart Installation](#helm-chart-installation)\n- [Configuration](#configuration)\n- [Examples](#examples)\n\n## Prerequisites\n\n- Kubernetes 1.19+\n- Helm 3.0+\n- GCP Workload Identity (for Pub/Sub access)\n- `gcloud` CLI configured with appropriate permissions\n\n## Deployment Modes\n\nThis adapter supports two deployment modes via the `deploymentMode` parameter:\n\n### Dummy Mode (Current)\n- **Value**: `deploymentMode: \"dummy\"`\n- **Description**: Simulates GCP validation for testing and development\n- **Config File**: Uses `charts/configs/validation-dummy-adapter.yaml`\n- **Features**:\n  - Configurable simulation results (success, failure, hang, crash, invalid-json, missing-status)\n  - No actual GCP API calls\n  - Fast validation cycles for testing\n\n### Real Mode (Future)\n- **Value**: `deploymentMode: \"real\"`\n- **Description**: Performs actual GCP validation checks\n- **Config File**: Will use `charts/configs/validation-gcp-adapter.yaml` (to be created)\n- **Features**:\n  - Real GCP API validation\n  - Production-ready validation checks\n  - Comprehensive error reporting\n\n## Local Development\n\nRun the adapter locally for development and testing.\n\n### Prerequisites\n\n- `hyperfleet-adapter` binary installed and in PATH\n- GCP service account key for Pub/Sub access\n- Access to a GKE cluster (for applying Kubernetes resources)\n- `podman` or `docker` for RabbitMQ (if `BROKER_TYPE=rabbitmq`)\n\n### Setup\n\n1. Copy environment template:\n\n```bash\ncp env.example .env\n```\n\n2. Edit `.env` with your configuration:\n\n```bash\n# Required for Google Pub/Sub (default)\nGCP_PROJECT_ID=\"your-gcp-project-id\"\nBROKER_TOPIC=\"hyperfleet-adapter-topic\"\nBROKER_SUBSCRIPTION_ID=\"hyperfleet-adapter-validation-gcp-subscription\"\n\n# Required for all broker types\nHYPERFLEET_API_BASE_URL=\"https://localhost:8000\"\n\n# Optional (defaults provided)\nSUBSCRIBER_PARALLELISM=\"1\"\nHYPERFLEET_API_VERSION=\"v1\"\n\n# Validation-specific settings\nSTATUS_REPORTER_IMAGE=\"\u003cThe image built by https://github.com/openshift-hyperfleet/status-reporter\u003e\"\nSIMULATE_RESULT=\"success\"  # success, failure, hang, crash, invalid-json, missing-status\nRESULTS_PATH=\"/results/adapter-result.json\"\nMAX_WAIT_TIME_SECONDS=\"300\"\n\n# Required for RabbitMQ (if BROKER_TYPE=rabbitmq)\n# RABBITMQ_URL=\"amqp://guest:guest@localhost:5672/\"\n```\n\n3. Set up GCP authentication:\n\n```bash\n# Create service account key and set in .env\nexport GOOGLE_APPLICATION_CREDENTIALS=\"./sa-key.json\"\n```\n\n4. Connect to your GKE cluster:\n\n```bash\ngcloud container clusters get-credentials \"$GKE_CLUSTER_NAME\" \\\n  --region \"$GKE_CLUSTER_REGION\" \\\n  --project \"$GCP_PROJECT_ID\"\n\nkubectl cluster-info\n```\n\n### Run\n\n```bash\n# For Google Pub/Sub (default)\n./run-local.sh\n\n# For RabbitMQ\nBROKER_TYPE=rabbitmq ./run-local.sh\n```\n\n## Helm Chart Installation\n\n### Installing the Chart\n\n**Dummy Validation Mode (Default):**\n\n```bash\nhelm install validation-gcp ./charts/ \\\n  --set broker.type=googlepubsub \\\n  --set broker.googlepubsub.projectId=my-gcp-project \\\n  --set broker.googlepubsub.topic=my-topic \\\n  --set broker.googlepubsub.subscription=my-subscription \\\n  --set hyperfleetApi.baseUrl=https://api.hyperfleet.example.com\n```\n\n**With Specific Deployment Mode:**\n\n```bash\n# Dummy mode (simulated validation)\nhelm install validation-gcp ./charts/ \\\n  --set deploymentMode=dummy \\\n  --set validation.dummy.simulateResult=success \\\n  --set broker.type=googlepubsub \\\n  --set broker.googlepubsub.projectId=my-gcp-project \\\n  --set broker.googlepubsub.topic=my-topic \\\n  --set broker.googlepubsub.subscription=my-subscription\n\n# Real mode (not yet available; keep commented until implemented — see HYPERFLEET-267)\n# helm install validation-gcp ./charts/ \\\n#   --set deploymentMode=real \\\n#   --set broker.type=googlepubsub \\\n#   ...\n```\n\n### Install to a Specific Namespace\n\n```bash\nhelm install validation-gcp ./charts/ \\\n  --namespace hyperfleet-system \\\n  --create-namespace \\\n  --set broker.type=googlepubsub \\\n  --set broker.googlepubsub.projectId=my-gcp-project \\\n  --set broker.googlepubsub.topic=my-topic \\\n  --set broker.googlepubsub.subscription=my-subscription\n```\n\n### Uninstalling the Chart\n\n```bash\nhelm delete validation-gcp\n\n# Or with namespace\nhelm delete validation-gcp --namespace hyperfleet-system\n```\n\n## Configuration\n\nAll configurable parameters are in `values.yaml`. For advanced customization, modify the templates directly.\n\n### Deployment Mode\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `deploymentMode` | Deployment mode: \"dummy\" or \"real\" | `\"dummy\"` |\n\n### Image \u0026 Replica\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `replicaCount` | Number of replicas | `1` |\n| `image.registry` | Image registry | `registry.ci.openshift.org` |\n| `image.repository` | Image repository | `ci/hyperfleet-adapter` |\n| `image.tag` | Image tag | `latest` |\n| `image.pullPolicy` | Image pull policy | `Always` |\n| `imagePullSecrets` | Image pull secrets | `[]` |\n\n### Naming\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `nameOverride` | Override chart name | `\"\"` |\n| `fullnameOverride` | Override full release name | `\"\"` |\n\n### ServiceAccount \u0026 RBAC\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `serviceAccount.create` | Create ServiceAccount | `true` |\n| `serviceAccount.name` | ServiceAccount name (auto-generated if empty) | `\"\"` |\n| `serviceAccount.annotations` | ServiceAccount annotations (for Workload Identity) | `{}` |\n| `rbac.create` | Create ClusterRole and ClusterRoleBinding | `false` |\n\nWhen `rbac.create=true`, the adapter gets **minimal permissions** needed for validation:\n- **Namespaces**: `get`, `list`, `watch` (read-only, to verify target namespace exists)\n- **ServiceAccounts**: Full management (`create`, `update`, `patch`, `delete`, `get`, `list`, `watch`)\n- **Roles/RoleBindings**: Full management (for validation job RBAC)\n- **Jobs**: Full management (for validation job lifecycle)\n- **Jobs/status**: `get`, `update`, `patch` (for status reporter sidecar)\n- **Pods**: `get`, `list`, `watch` (read-only, to check validation job pod status)\n\n### Logging\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `logging.level` | Log level: `debug`, `info`, `warn`, `error` | `info` |\n| `logging.format` | Log format: `text`, `json` | `text` |\n| `logging.output` | Log output: `stdout`, `stderr` | `stderr` |\n\n### Scheduling\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `nodeSelector` | Node selector | `{}` |\n| `tolerations` | Tolerations | `[]` |\n| `affinity` | Affinity rules | `{}` |\n\n### Broker Configuration\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `broker.type` | Broker type: `googlepubsub` or `rabbitmq` (**required**) | `\"\"` |\n| `broker.subscriber.parallelism` | Number of parallel workers | `1` |\n| `broker.yaml` | Raw YAML override (advanced use) | `\"\"` |\n\n#### Google Pub/Sub (when `broker.type=googlepubsub`)\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `broker.googlepubsub.projectId` | GCP project ID (**required**) | `\"\"` |\n| `broker.googlepubsub.topic` | Pub/Sub topic name (**required**) | `\"\"` |\n| `broker.googlepubsub.subscription` | Pub/Sub subscription ID (**required**) | `\"\"` |\n| `broker.googlepubsub.deadLetterTopic` | Dead letter topic name (optional) | `\"\"` |\n\n#### RabbitMQ (when `broker.type=rabbitmq`)\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `broker.rabbitmq.url` | RabbitMQ connection URL (**required**) | `\"\"` |\n\n### HyperFleet API\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `hyperfleetApi.baseUrl` | HyperFleet API base URL | `\"\"` |\n| `hyperfleetApi.version` | API version | `v1` |\n\n### Validation Configuration\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `validation.statusReporterImage` | Status reporter sidecar image | `\u003cThe image built by https://github.com/openshift-hyperfleet/status-reporter\u003e` |\n\n#### Dummy Validation Mode Settings\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `validation.dummy.simulateResult` | Simulated result (success, failure, hang, crash, invalid-json, missing-status) | `\"success\"` |\n| `validation.dummy.resultsPath` | Path where validation results are written | `\"/results/adapter-result.json\"` |\n| `validation.dummy.maxWaitTimeSeconds` | Maximum time to wait for validation completion | `\"300\"` |\n\n### Environment Variables\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `env` | Additional environment variables | `[]` |\n\nExample:\n```yaml\nenv:\n  - name: MY_VAR\n    value: \"my-value\"\n  - name: MY_SECRET\n    valueFrom:\n      secretKeyRef:\n        name: my-secret\n        key: key\n```\n\n## Examples\n\n### Basic Dummy Validation with Google Pub/Sub\n\n```bash\nhelm install validation-gcp ./charts/ \\\n  --set deploymentMode=dummy \\\n  --set broker.type=googlepubsub \\\n  --set broker.googlepubsub.projectId=my-gcp-project \\\n  --set broker.googlepubsub.topic=my-topic \\\n  --set broker.googlepubsub.subscription=my-subscription \\\n  --set hyperfleetApi.baseUrl=https://api.hyperfleet.example.com\n```\n\n### Dummy Validation with Different Simulation Results\n\n```bash\n# Simulate failure\nhelm install validation-gcp ./charts/ \\\n  --set validation.dummy.simulateResult=failure \\\n  --set broker.type=googlepubsub \\\n  --set broker.googlepubsub.projectId=my-gcp-project \\\n  --set broker.googlepubsub.topic=my-topic \\\n  --set broker.googlepubsub.subscription=my-subscription\n\n# Simulate hang (for timeout testing)\nhelm install validation-gcp ./charts/ \\\n  --set validation.dummy.simulateResult=hang \\\n  --set validation.dummy.maxWaitTimeSeconds=60 \\\n  --set broker.type=googlepubsub \\\n  ...\n```\n\n### With RabbitMQ\n\n```bash\nhelm install validation-gcp ./charts/ \\\n  --set deploymentMode=dummy \\\n  --set broker.type=rabbitmq \\\n  --set broker.rabbitmq.url=\"amqp://user:password@rabbitmq.svc:5672/\"\n```\n\n### With GCP Workload Identity and RBAC\n\nFirst, grant Pub/Sub permissions to the KSA (Kubernetes Service Account) :\n\n```bash\n# Get project number\nPROJECT_NUMBER=$(gcloud projects describe my-gcp-project --format=\"value(projectNumber)\")\n\n# Grant permissions using direct principal binding\ngcloud projects add-iam-policy-binding my-gcp-project \\\n  --role=\"roles/pubsub.subscriber\" \\\n  --member=\"principal://iam.googleapis.com/projects/${PROJECT_NUMBER}/locations/global/workloadIdentityPools/my-gcp-project.svc.id.goog/subject/ns/hyperfleet-system/sa/validation-gcp\" \\\n  --condition=None\n\ngcloud projects add-iam-policy-binding my-gcp-project \\\n  --role=\"roles/pubsub.viewer\" \\\n  --member=\"principal://iam.googleapis.com/projects/${PROJECT_NUMBER}/locations/global/workloadIdentityPools/my-gcp-project.svc.id.goog/subject/ns/hyperfleet-system/sa/validation-gcp\" \\\n  --condition=None\n```\n\nThen deploy:\n\n```bash\nhelm install validation-gcp ./charts/ \\\n  --namespace hyperfleet-system \\\n  --create-namespace \\\n  --set deploymentMode=dummy \\\n  --set image.registry=us-central1-docker.pkg.dev/my-project/my-repo \\\n  --set image.repository=hyperfleet-adapter \\\n  --set image.tag=v0.1.0 \\\n  --set broker.type=googlepubsub \\\n  --set broker.googlepubsub.projectId=my-gcp-project \\\n  --set broker.googlepubsub.topic=my-topic \\\n  --set broker.googlepubsub.subscription=my-subscription \\\n  --set hyperfleetApi.baseUrl=https://api.hyperfleet.example.com \\\n  --set rbac.create=true\n```\n\n### With Values File\n\n\u003cdetails\u003e\n\u003csummary\u003eExample \u003ccode\u003emy-values.yaml\u003c/code\u003e\u003c/summary\u003e\n\n```yaml\ndeploymentMode: dummy\n\nreplicaCount: 1\n\nimage:\n  registry: registry.ci.openshift.org\n  repository: ci/hyperfleet-adapter\n  tag: latest\n\nserviceAccount:\n  create: true\n\nrbac:\n  create: true\n\nlogging:\n  level: debug\n  format: json\n  output: stderr\n\nhyperfleetApi:\n  baseUrl: https://api.hyperfleet.example.com\n  version: v1\n\nbroker:\n  type: googlepubsub\n  googlepubsub:\n    projectId: my-gcp-project\n    topic: hyperfleet-events\n    subscription: hyperfleet-validation-subscription\n  subscriber:\n    parallelism: 1\n\nvalidation:\n  statusReporterImage: \u003cThe image built by https://github.com/openshift-hyperfleet/status-reporter\u003e\n  dummy:\n    simulateResult: success\n    resultsPath: /results/adapter-result.json\n    maxWaitTimeSeconds: \"300\"\n```\n\n\u003c/details\u003e\n\nInstall with values file\n```bash\nhelm install validation-gcp ./charts/ -f my-values.yaml\n```\n\u003e Note: If you encounter a `PermissionDenied` related subscription error in the Pod, refer to [With GCP Workload Identity and RBAC](#with-gcp-workload-identity-and-rbac) to grant the required permissions first.\n\n## Deployment Environment Variables\n\nThe deployment sets these environment variables automatically:\n\n| Variable | Value | Condition |\n|----------|-------|-----------|\n| `HYPERFLEET_API_BASE_URL` | From `hyperfleetApi.baseUrl` | When set |\n| `HYPERFLEET_API_VERSION` | From `hyperfleetApi.version` | Always (default: v1) |\n| `ADAPTER_CONFIG_PATH` | `/etc/adapter/adapter.yaml` | Always |\n| `BROKER_CONFIG_FILE` | `/etc/broker/broker.yaml` | When `broker.type` is set |\n| `BROKER_SUBSCRIPTION_ID` | From `broker.googlepubsub.subscription` | When `broker.type=googlepubsub` |\n| `BROKER_TOPIC` | From `broker.googlepubsub.topic` | When `broker.type=googlepubsub` |\n| `GCP_PROJECT_ID` | From `broker.googlepubsub.projectId` | When `broker.type=googlepubsub` |\n| `STATUS_REPORTER_IMAGE` | From `validation.statusReporterImage` | When `deploymentMode=dummy` |\n| `SIMULATE_RESULT` | From `validation.dummy.simulateResult` | When `deploymentMode=dummy` |\n| `RESULTS_PATH` | From `validation.dummy.resultsPath` | When `deploymentMode=dummy` |\n| `MAX_WAIT_TIME_SECONDS` | From `validation.dummy.maxWaitTimeSeconds` | When `deploymentMode=dummy` |\n\n## License\n\nSee [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift-hyperfleet%2Fadapter-validation-gcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenshift-hyperfleet%2Fadapter-validation-gcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift-hyperfleet%2Fadapter-validation-gcp/lists"}