feature(docker): run docker artifact test ontop of FIPS

in this change we introduce a new AWS ASG for testing
docker artifacts on top of FIPS machines,
it has a separated SCT runner, and ASG and labels in jenkins.

so it would be completely separate from the regular SCT runner images,
and can be updated separately

jenkins-pipelines/enterprise/artifacts/artifacts-docker-fips.jenkinsfile

@@ -0,0 +1,13 @@
+#! groovy
+
+// trick from https://github.com/jenkinsci/workflow-cps-global-lib-plugin/pull/43
+def lib = library identifier: 'sct@snapshot', retriever: legacySCM(scm)
+
+artifactsPipeline(
+    test_config: 'test-cases/artifacts/docker.yaml',
+    backend: 'docker',
+    region: 'fips',
+
+    timeout: [time: 30, unit: 'MINUTES'],
+    post_behavior_db_nodes: 'destroy'
+)

sdcm/sct_runner.py

@@ -49,7 +49,7 @@
     gce_meta_to_dict,
     list_instances_aws,
     list_instances_gce,
-    str_to_bool,
+    str_to_bool, convert_name_to_ami_if_needed,
 )
 from sdcm.utils.aws_utils import ec2_instance_wait_public_ip, ec2_ami_get_root_device_name, tags_as_ec2_tags, EC2NetworkConfiguration
 from sdcm.utils.aws_region import AwsRegion
@@ -548,6 +548,9 @@ def _create_instance(self,
                 interfaces[-1]["AssociatePublicIpAddress"] = not address_pool
 
         LOGGER.info("Creating instance...")
+        base_image = convert_name_to_ami_if_needed(
+            ami_id_param=base_image, region_names=tuple([aws_region.region_name]))
+
         result = aws_region.resource.create_instances(
             ImageId=base_image,
             InstanceType=instance_type,
@@ -1349,3 +1352,8 @@ def clean_sct_runners(test_status: str,
             end_message = "No runners have been terminated"
 
     LOGGER.info(end_message)
+
+
+class AwsFipsSctRunner(AwsSctRunner):
+    VERSION = f"{SctRunner.VERSION}-fips"
+    BASE_IMAGE = 'resolve:ssm:/aws/service/marketplace/prod-k6fgbnayirmrc/latest'

sdcm/utils/aws_builder.py

@@ -21,8 +21,9 @@
 import requests
 
 from sdcm.utils.aws_region import AwsRegion
-from sdcm.sct_runner import AwsSctRunner
+from sdcm.sct_runner import AwsSctRunner, AwsFipsSctRunner
 from sdcm.keystore import KeyStore
+from sdcm.utils.common import wait_ami_available
 
 LOGGER = logging.getLogger(__name__)
 
@@ -123,6 +124,7 @@ def get_root_ebs_info_from_ami(self, ami_id: str) -> str:
         return res.block_device_mappings[0].get('Ebs', {})
 
     def get_launch_template_data(self, runner: AwsSctRunner) -> dict:
+        wait_ami_available(self.region.client, runner.image.id)
         return dict(
             LaunchTemplateData={
                 'BlockDeviceMappings': [
@@ -168,9 +170,13 @@ def update_launch_template_if_needed(self, runner):
                 if not error.response['Error']['Code'] == 'InvalidLaunchTemplateName.AlreadyExistsException':
                     raise
 
+    @property
+    def sct_runner(self):
+        return AwsSctRunner(region_name=self.region.region_name, availability_zone='a', params=None)
+
     def create_launch_template(self):
         click.secho(f"{self.region.region_name}: create_launch_template")
-        runner = AwsSctRunner(region_name=self.region.region_name, availability_zone='a', params=None)
+        runner = self.sct_runner
         if not runner.image:
             runner.create_image()
         try:
@@ -300,3 +306,22 @@ def name(self):
     @cached_property
     def jenkins_labels(self):
         return f"aws-sct-builders-{self.region.region_name}-{self.VERSION}-CI"
+
+
+class AwsFipsCiBuilder(AwsBuilder):
+    NUM_CPUS = 2
+    NUM_EXECUTORS = 1
+    VERSION = 'v3-fibs'
+
+    @cached_property
+    def name(self):
+        # example: aws-eu-central-1-qa-builder-v2-1
+        return f"aws-{self.region.region_name}-qa-builder-{self.VERSION}-{self.number}-CI-FIPS"
+
+    @cached_property
+    def jenkins_labels(self):
+        return f"aws-sct-builders-{self.region.region_name}-{self.VERSION}-CI-FIPS"
+
+    @property
+    def sct_runner(self):
+        return AwsFipsSctRunner(region_name=self.region.region_name, availability_zone='a', params=None)

vars/getCloudProviderFromBackend.groovy

@@ -9,7 +9,8 @@ def call(String backend) {
         'gce-siren': 'gce',
         'azure': 'azure',
         'docker': 'aws',
-        'baremetal': 'aws'
+        'baremetal': 'aws',
+        'docker-fips': 'aws-fips',
         ]
     if (!backend) {
         return backend

vars/getJenkinsLabels.groovy

@@ -29,11 +29,13 @@ def call(String backend, String region=null, String datacenter=null, String loca
                           'gce-us-central1': "${gcp_project}-builders-us-central1-template-v2",
                           'gce': "${gcp_project}-builders-us-east1-template-v2",
                           'aws': 'aws-sct-builders-eu-west-1-v3-asg',
-                          'azure-eastus': 'aws-sct-builders-us-east-1-v3-asg']
+                          'azure-eastus': 'aws-sct-builders-us-east-1-v3-asg',
+                          'aws-fips': 'aws-sct-builders-us-east-1-v3-fibs-CI-FIPS',
+                          ]
 
     def cloud_provider = getCloudProviderFromBackend(backend)
 
-    if ((cloud_provider == 'aws' && region) || (cloud_provider == 'gce' && datacenter) || (cloud_provider == 'azure' && location)) {
+    if ((cloud_provider == 'aws' && region) || (cloud_provider == 'gce' && datacenter) || (cloud_provider == 'azure' && location) || (cloud_provider == 'aws-fibs' && region)) {
         def supported_regions = []
 
         if (cloud_provider == 'aws') {
@@ -62,6 +64,8 @@ def call(String backend, String region=null, String datacenter=null, String loca
         } else {
             throw new Exception("=================== ${cloud_provider} region ${region} not supported ! ===================")
         }
+    } else if (region == 'fips') {
+        return [ "label": jenkins_labels['aws-fips'], "region": '' ]
     } else {
         return [ "label": jenkins_labels[cloud_provider], "region": region ]
     }