From 3c6ab8afd811f97710cfc16874b5e4348778befe Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jeremycline@linux.microsoft.com>
Date: Mon, 17 Mar 2025 16:40:07 -0400
Subject: [PATCH] fedora-image-uploader: add Google Compute Engine support for
 staging

This enables support for uploading images to Google Cloud in staging.

Signed-off-by: Jeremy Cline <jeremycline@linux.microsoft.com>
---
 playbooks/openshift-apps/cloud-image-uploader.yml     |  6 ++++++
 .../cloud-image-uploader/templates/config.toml        | 11 +++++++++++
 .../cloud-image-uploader/templates/deployment.yml.j2  |  8 ++++++++
 3 files changed, 25 insertions(+)

diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml
index 5713177247..7af9fb8f86 100644
--- a/playbooks/openshift-apps/cloud-image-uploader.yml
+++ b/playbooks/openshift-apps/cloud-image-uploader.yml
@@ -106,6 +106,12 @@
     secret_file_key: registry-fedoraproject.key
     secret_file_privatefile: "docker-registry/{{env}}/pki/private/containerstable.key"
 
+  - role: openshift/secret-file
+    secret_file_app: cloud-image-uploader
+    secret_file_secret_name: cloud-image-uploader-google-cloud-key
+    secret_file_key: google_cloud_image_uploader.json
+    secret_file_privatefile: "files/gcp/{{env}}/image_uploader.json"
+
   - role: openshift/object
     object_app: cloud-image-uploader
     object_template: secret.yml.j2
diff --git a/roles/openshift-apps/cloud-image-uploader/templates/config.toml b/roles/openshift-apps/cloud-image-uploader/templates/config.toml
index 50ecd79d20..a2079a225c 100644
--- a/roles/openshift-apps/cloud-image-uploader/templates/config.toml
+++ b/roles/openshift-apps/cloud-image-uploader/templates/config.toml
@@ -140,6 +140,17 @@ credential_prefix = "QUAY_IO_"
 
 {% endif %}
 
+# Google Cloud Engine
+{% if env == "staging" %}
+
+[consumer_config.gcp]
+project = "fedora-cloud-devel"
+bucket_name = "fedora-cloud-image-upload-devel"
+storage_locations = ["us"]
+publish_amqp_messages = true
+
+{% endif %}
+
 [qos]
 prefetch_size = 0
 prefetch_count = 25
diff --git a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml.j2 b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml.j2
index dde9f931af..ce3034f750 100644
--- a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml.j2
+++ b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml.j2
@@ -30,6 +30,9 @@ spec:
         - name: fedora-messaging-cert-volume
           secret:
             secretName: cloud-image-uploader-fedora-messaging-crt
+        - name: google-cloud-key-volume
+          secret:
+            secretName: cloud-image-uploader-google-cloud-key
         # skopeo wants the cert and key in the same directory
         - name: registry-fedoraproject
           projected:
@@ -86,6 +89,8 @@ spec:
                   key: fedoraproject_registry_password
             - name: FEDORA_REGISTRY_CERT_DIR
               value: "/etc/pki/registry-fedoraproject-org/"
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: "/etc/pki/google-cloud/cloud-image-uploader-google-cloud-key"
             - name: QUAY_IO_USER
               valueFrom:
                 secretKeyRef:
@@ -112,3 +117,6 @@ spec:
             - name: registry-fedoraproject
               mountPath: /etc/pki/registry-fedoraproject-org/
               readOnly: true
+            - name: google-cloud-key-volume
+              mountPath: /etc/pki/google-cloud/
+              readOnly: true