Merge branch 'GONRG-5799-upd-gc-pipeline' into 'master'

GONRG 5799 upd google cloud pipeline

See merge request !297

.gitlab-ci.yml

@@ -52,3 +52,18 @@ include:
 
   - project: "osdu/platform/ci-cd-pipelines"
     file: "publishing/pages.yml"
+
+stages:
+  - review
+  - build
+  - coverage
+  - containerize
+  - scan
+  - deploy
+  - bootstrap
+  - integration
+  - cleanup
+  - verified-deploy
+  - performance-testing
+  - publish
+  - deploy_preship

devops/gcp/deploy/README.md

@@ -103,6 +103,7 @@ First you need to set variables in **values.yaml** file using any code editor. S
 **partitionAdminAccounts** | admin accounts validated by partition service | string | - | yes
 **serviceAccountTail** | ending of Google Cloud service account | string | .iam.gserviceaccount.com | yes
 **partitionName** | partition host | string | partition | yes
+**partitionNamespace** | datastore namespace where partition will store the data | string | partition | yes
 **dataPartitionId** | data partition id | string | - | yes
 **datafierSa** | datafier service account | string | datafier | yes
 **minioExternalEndpoint** | api url for external minio, if external minio is configured - this value will be set for MINIO_ENDPOINT and FILE_MINIO_ENDPOINT in bootstrap configmap | string | - | no
@@ -126,12 +127,10 @@ First you need to set variables in **values.yaml** file using any code editor. S
 | Name | Description | Type | Default |Required |
 |------|-------------|------|---------|---------|
 **appName** | name of the app | string | partition | yes
-**cicdEnabled** | whether CI/CD is enabled | boolean | false | yes
 **configmap** | configmap to be used | string | partition-config | yes
 **domain** | your domain | string | - | yes
 **istioEnabled** | whether to enable istio resources | boolean | true | yes
 **onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**publicAvailable** | public access to /api/partition | boolean | false | yes
 **secret** | secret for postgres | string | partition-postgres-secret | yes
 **mtlsMode** | MTLS mode | string | STRICT | yes
 **realm** | realm in keycloak | string | osdu | yes

devops/gcp/deploy/templates/configmap.yaml

@@ -11,4 +11,5 @@ data:
   {{- if not .Values.conf.onPremEnabled }}
   GOOGLE_CLOUD_PROJECT: {{ .Values.data.projectId | quote }}
   PARTITION_ADMIN_ACCOUNTS: {{ .Values.data.partitionAdminAccounts | quote }}
+  PARTITION_NAMESPACE: {{ .Values.data.partitionNamespace | quote }}
   {{- end }}

devops/gcp/deploy/values.yaml

@@ -8,6 +8,7 @@ data:
   dataPartitionIdList: []
   partitionAdminAccounts: ""
   partitionName: "partition"
+  partitionNamespace: "partition"
   datafierSa: "datafier"
   partitionCleanUpEnabled: "false"
   minioExternalEndpoint: "" # use only if external minio is configured

devops/gcp/pipeline/override-stages.yml

@@ -2,15 +2,301 @@ variables:
   OSDU_GCP_ENABLE_BOOTSTRAP: "true"
   OSDU_GCP_SERVICE: partition
   OSDU_GCP_VENDOR: gcp
+  OSDU_GCP_HELM_ENV_DIR: "devops/gcp/tests/env"
+  ENV_BUILD_PATH: "devops/gcp/tests/build/Dockerfile"
 
-osdu-gcp-test:
+.common_cleanup:
+  script:
+    - git clone https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-gcp-provisioning.git
+    - cp infra-gcp-provisioning/tools/datastore-cleanup/* devops/gcp/tests/clean_up/
+
+osdu-gcp-containerize-bootstrap-env-gitlab:
+  stage: build
+  image: docker:19.03.15
+  tags: ["osdu-small"]
+  services:
+    - docker:20.10.7-dind
   variables:
-    CLIENT_TENANT: osdu
+    BUILD_BOOTSTRAP_PATH: "devops/gcp/tests/build/Dockerfile"
+  script:
+    - export EXTRA_DOCKER_TAG=""
+    - >
+      if [[ "$CI_COMMIT_TAG" != "" ]];
+      then EXTRA_DOCKER_TAG="-t $CI_REGISTRY_IMAGE/$IMAGE_BOOTSTRAP_NAME-env:$CI_COMMIT_TAG";
+      elif [[ "$CI_COMMIT_REF_NAME" = "$CI_DEFAULT_BRANCH" ]];
+      then EXTRA_DOCKER_TAG="-t $CI_REGISTRY_IMAGE/$IMAGE_BOOTSTRAP_NAME-env:latest"; fi
+    - docker build -t $CI_REGISTRY_IMAGE/$IMAGE_BOOTSTRAP_NAME-env:$CI_COMMIT_SHORT_SHA $EXTRA_DOCKER_TAG -f $BUILD_BOOTSTRAP_PATH .
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - docker push $CI_REGISTRY_IMAGE/$IMAGE_BOOTSTRAP_NAME-env
+  rules:
+    - if: "$OSDU_GCP == '1' && $OSDU_GCP_ENABLE_BOOTSTRAP == 'true'"
+      when: on_success
 
-osdu-gcp-dev2-test:
+osdu-gcp-anthos-deploy-test-env: #infra deploy for on-prem install
+  environment:
+    name: GCP
+  extends: .osdu-gcp-anthos-variables
+  tags: ["osdu-small"]
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  stage: deploy
+  needs: ["osdu-gcp-containerize-bootstrap-env-gitlab", "compile-and-unit-test"]
+  retry: 1
   variables:
-    CLIENT_TENANT: devtwo
+    OSDU_GCP_HELM_NAMESPACE: partition-int-test
+  script:
+    - gcloud auth activate-service-account --key-file $OSDU_GCP_ANTHOS_DEPLOY_FILE
+    - !reference [.common_config, script]
+    - export PASSWORD=$(</dev/urandom tr -dc _A-Z-a-z-0-9 | head -c10)
+    - cd $OSDU_GCP_HELM_ENV_DIR
+    - helm dependency update
+    - >
+      helm upgrade $OSDU_GCP_SERVICE-env .
+      --install
+      --create-namespace
+      --namespace=$OSDU_GCP_HELM_NAMESPACE
+      --wait
+      --history-max=3
+      --set postgresql.global.postgresql.auth.postgresPassword=$PASSWORD
+      --set bootstrap.postgres.image=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-$OSDU_GCP_SERVICE-env:$CI_COMMIT_SHORT_SHA
+      $OSDU_GCP_HELM_TIMEOUT
+  rules:
+    - if: "$CI_COMMIT_BRANCH =~ /^release/"
+      when: never
+    - if: "$CI_COMMIT_TAG"
+      when: never
+    - if: '$OSDU_GCP == "1"'
+      when: on_success
+
+osdu-gcp-anthos-deploy-deployment: # reuse common deploy job for test deployment
+  needs: ["osdu-gcp-anthos-deploy-test-env", "osdu-gcp-containerize-gitlab"]
+  variables:
+    OSDU_GCP_HELM_NAMESPACE: partition-int-test
+    ISTIO_ENABLED: "false"
+    OSDU_GCP_TENANT: test
 
 osdu-gcp-anthos-test:
   variables:
     OSDU_GCP_VENDOR: anthos
+    PARTITION_BASE_URL: https://test.ref.gcp.gnrg-osdu.projects.epam.com/
+
+osdu-gcp-anthos-cleanup-env: # clean-up env after tests
+  environment:
+    name: GCP
+  stage: cleanup
+  extends: .osdu-gcp-anthos-variables
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  needs: [osdu-gcp-anthos-test]
+  tags: ["osdu-small"]
+  variables:
+    PARTITION_NAMESPACE: partition-test
+    OSDU_GCP_HELM_NAMESPACE: partition-int-test
+  script:
+    - gcloud auth activate-service-account --key-file $OSDU_GCP_ANTHOS_DEPLOY_FILE
+    - !reference [.common_config, script]
+    - export GOOGLE_APPLICATION_CREDENTIALS="$OSDU_GCP_ANTHOS_DEPLOY_FILE"
+    - !reference [.common_cleanup, script]
+    - chmod +x devops/gcp/tests/clean_up/clean_up.sh && devops/gcp/tests/clean_up/clean_up.sh --cluster
+  rules:
+    - if: "$CI_COMMIT_BRANCH =~ /^release/"
+      when: never
+    - if: "$CI_COMMIT_TAG"
+      when: never
+    - if: '$OSDU_GCP == "1"'
+      when: always
+
+osdu-gcp-anthos-deploy: # verified deploy after tests
+  environment:
+    name: GCP
+  extends: .osdu-gcp-anthos-variables
+  tags: ["osdu-small"]
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  stage: verified-deploy
+  needs: ["osdu-gcp-anthos-test"]
+  retry: 1
+  script:
+    - gcloud auth activate-service-account --key-file $OSDU_GCP_ANTHOS_DEPLOY_FILE
+    - !reference [.common_config, script]
+    - >
+      helm upgrade $OSDU_GCP_SERVICE-deploy $OSDU_GCP_HELM_DEPLOYMENT_DIR
+      --install
+      --create-namespace
+      --namespace=$OSDU_GCP_HELM_NAMESPACE
+      --wait
+      --history-max=3
+      --set data.bootstrapImage=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-$OSDU_GCP_SERVICE:$CI_COMMIT_SHORT_SHA
+      --set data.bootstrapServiceAccountName=$OSDU_GCP_BOOTSTRAP_SA
+      --set data.image=$CI_REGISTRY_IMAGE/osdu-gcp-$OSDU_GCP_SERVICE:$CI_COMMIT_SHORT_SHA
+      --set data.serviceAccountName=$OSDU_GCP_SERVICE
+      --set data.projectId=osdu-anthos
+      --set data.dataPartitionId=$OSDU_GCP_TENANT
+      --set data.logLevel=INFO
+      --set data.springProfilesActive=anthos
+      --set conf.cicdEnabled=true
+      --set conf.publicAvailable=true
+      --set conf.onPremEnabled=true
+      --set conf.domain=$OSDU_GCP_DOMAIN
+      $OSDU_GCP_HELM_TIMEOUT
+    - !reference [.verify_deploy, script]
+    - !reference [.verify_bootstrap, script]
+  rules:
+    - if: "$CI_COMMIT_BRANCH =~ /^release/"
+      when: never
+    - if: "$CI_COMMIT_TAG"
+      when: never
+    - if: '$OSDU_GCP == "1"'
+      when: on_success
+
+osdu-gcp-deploy-deployment: # reuse common deploy job for test deployment
+  variables:
+    OSDU_GCP_HELM_NAMESPACE: partition-int-test
+    DATA_PARTITION_ID: test
+    OSDU_GCP_PARTITION_NAMESPACE: partition-test
+
+osdu-gcp-test:
+  variables:
+    CLIENT_TENANT: test
+    PARTITION_BASE_URL: https://test.community.gcp.gnrg-osdu.projects.epam.com/
+
+osdu-gcp-cleanup-env: # clean-up env after tests
+  environment:
+    name: GCP
+  stage: cleanup
+  extends: .osdu-gcp-variables
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  needs: [osdu-gcp-test]
+  tags: ["osdu-small"]
+  variables:
+    PARTITION_NAMESPACE: partition-test
+    OSDU_GCP_HELM_NAMESPACE: partition-int-test
+  script:
+    - gcloud auth activate-service-account --key-file $OSDU_GCP_DEPLOY_FILE
+    - !reference [.common_config, script]
+    - export GOOGLE_APPLICATION_CREDENTIALS="$OSDU_GCP_DEPLOY_FILE"
+    - !reference [.common_cleanup, script]
+    - chmod +x devops/gcp/tests/clean_up/clean_up.sh && devops/gcp/tests/clean_up/clean_up.sh --all
+  rules:
+    - if: "$CI_COMMIT_BRANCH =~ /^release/"
+      when: never
+    - if: "$CI_COMMIT_TAG"
+      when: never
+    - if: '$OSDU_GCP == "1"'
+      when: always
+
+osdu-gcp-deploy: # verified deploy after tests
+  environment:
+    name: GCP
+  extends: .osdu-gcp-variables
+  tags: ["osdu-small"]
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  stage: verified-deploy
+  needs: ["osdu-gcp-test"]
+  retry: 1
+  script:
+    - gcloud auth activate-service-account --key-file $OSDU_GCP_DEPLOY_FILE
+    - !reference [.common_config, script]
+    - >
+      helm upgrade $OSDU_GCP_SERVICE-deploy $OSDU_GCP_HELM_DEPLOYMENT_DIR
+      --install
+      --create-namespace
+      --namespace=$OSDU_GCP_HELM_NAMESPACE
+      --wait
+      --history-max=3
+      --set data.bootstrapImage=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-$OSDU_GCP_SERVICE:$CI_COMMIT_SHORT_SHA
+      --set data.bootstrapServiceAccountName=$BOOTSTRAP_SA
+      --set data.image=$CI_REGISTRY_IMAGE/osdu-gcp-$OSDU_GCP_SERVICE:$CI_COMMIT_SHORT_SHA
+      --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s
+      --set data.projectId=$OSDU_GCP_PROJECT
+      --set data.partitionAdminAccounts=$OSDU_GCP_PARTITION_ADMIN_ACCOUNTS
+      --set data.dataPartitionId=$OSDU_GCP_TENANT
+      --set data.logLevel=INFO
+      --set conf.domain=$OSDU_GCP_DOMAIN
+      $OSDU_GCP_HELM_TIMEOUT
+    - !reference [.verify_deploy, script]
+    - !reference [.verify_bootstrap, script]
+  rules:
+    - if: "$CI_COMMIT_BRANCH =~ /^release/"
+      when: never
+    - if: "$CI_COMMIT_TAG"
+      when: never
+    - if: '$OSDU_GCP == "1"'
+      when: on_success
+
+osdu-gcp-dev2-deploy-deployment: # reuse common deploy job for test deployment
+  variables:
+    OSDU_GCP_HELM_NAMESPACE: partition-int-test
+    DATA_PARTITION_ID: test
+    OSDU_GCP_PARTITION_NAMESPACE: partition-test
+
+osdu-gcp-dev2-test:
+  variables:
+    CLIENT_TENANT: test
+    PARTITION_BASE_URL: https://test.dev2.gcp.gnrg-osdu.projects.epam.com/
+
+osdu-gcp-dev2-cleanup-env: # clean-up env after tests
+  environment:
+    name: GCP
+  stage: cleanup
+  extends: .osdu-gcp-dev2-variables
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  needs: [osdu-gcp-dev2-test]
+  tags: ["osdu-small"]
+  variables:
+    PARTITION_NAMESPACE: partition-test
+    OSDU_GCP_HELM_NAMESPACE: partition-int-test
+  script:
+    - gcloud auth activate-service-account --key-file $OSDU_GCP_DEPLOY_FILE
+    - !reference [.common_config, script]
+    - export GOOGLE_APPLICATION_CREDENTIALS="$OSDU_GCP_DEPLOY_FILE"
+    - !reference [.common_cleanup, script]
+    - chmod +x devops/gcp/tests/clean_up/clean_up.sh && devops/gcp/tests/clean_up/clean_up.sh --all
+  rules:
+    - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
+      when: always
+    - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
+      when: always
+
+osdu-gcp-dev2-deploy: # verified deploy after tests
+  tags: ["osdu-small"]
+  extends: .osdu-gcp-dev2-variables
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  stage: verified-deploy
+  needs: ["osdu-gcp-containerize-gitlab", "osdu-gcp-dev2-test"]
+  retry: 1
+  script:
+    - gcloud auth activate-service-account --key-file $OSDU_GCP_DEV2_DEPLOY_FILE
+    - !reference [.common_config, script]
+    - !reference [.define_version, script]
+    - helm repo add $OSDU_GCP_SERVICE ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
+    - >
+      helm upgrade $OSDU_GCP_SERVICE-deploy $OSDU_GCP_SERVICE/gcp-$OSDU_GCP_SERVICE-deploy
+      --version $VERSION
+      --install
+      --create-namespace
+      --namespace=$OSDU_GCP_HELM_NAMESPACE
+      --wait
+      --history-max=3
+      --set data.imagePullPolicy=Always
+      --set data.bootstrapImage=$CI_REGISTRY_IMAGE/osdu-gcp-bootstrap-$OSDU_GCP_SERVICE:${CI_COMMIT_TAG:-$CI_COMMIT_SHORT_SHA}
+      --set data.bootstrapServiceAccountName=datafier-k8s
+      --set data.image=$CI_REGISTRY_IMAGE/osdu-gcp-$OSDU_GCP_SERVICE:${CI_COMMIT_TAG:-$CI_COMMIT_SHORT_SHA}
+      --set data.serviceAccountName=$OSDU_GCP_SERVICE-k8s
+      --set data.projectId=osdu-dev2
+      --set data.partitionAdminAccounts=$OSDU_GCP_DEV2_PARTITION_ADMIN_ACCOUNTS
+      --set data.dataPartitionId=$OSDU_GCP_TENANT
+      --set data.logLevel=INFO
+      --set conf.domain=$OSDU_GCP_DOMAIN
+      $OSDU_GCP_HELM_TIMEOUT
+    - !reference [.verify_deploy, script]
+    - !reference [.verify_bootstrap, script]
+  rules:
+    - if: '$OSDU_GCP == "1" && $CI_COMMIT_BRANCH =~ /^release/'
+      when: on_success
+    - if: '$OSDU_GCP == "1" && $CI_COMMIT_TAG'
+      when: on_success
+
+osdu-gcp-preship-deploy-deployment:
+  extends: .osdu-gcp-preship-variables
+  tags: ["osdu-small"]
+  image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+  stage: deploy_preship
+  needs: ["osdu-gcp-dev2-deploy", "osdu-gcp-dev2-test"]

devops/gcp/tests/build/Dockerfile

+FROM alpine:3.16
+
+RUN apk update && \
+    apk -q add jq postgresql-client bash
+
+COPY ./devops/gcp/tests/build/ ./opt
+RUN chmod +x /opt/bootstrap.sh
+
+WORKDIR /opt
+
+CMD ["/bin/bash", "-c", "/opt/bootstrap.sh"]

devops/gcp/tests/build/bootstrap.sh

+#!/usr/bin/env bash
+
+set -ex
+
+substitute_values() {
+    cat << EOF > ./valuesForSubstitution.json
+{
+"<DATA_PARTITION_ID>": "${DATA_PARTITION_ID}",
+"<PARTITION_POSTGRESQL_DB_NAME>": "${PARTITION_POSTGRESQL_DB_NAME}",
+"<PARTITION_POSTGRESQL_USERNAME>": "${PARTITION_POSTGRESQL_USERNAME}",
+"<PARTITION_POSTGRESQL_PASSWORD>": "${PARTITION_POSTGRESQL_PASSWORD}"
+}
+EOF
+
+    # shellcheck disable=SC2207
+    KEYS=( $(jq -r 'keys_unsorted[]' ./valuesForSubstitution.json) )
+    # shellcheck disable=SC2207
+    VALUES=( $(jq -r 'values[]' ./valuesForSubstitution.json) )
+
+    for i in "${!KEYS[@]}"; do
+    find ./ -type f -exec sed -i -e "s/${KEYS[$i]}/${VALUES[$i]}/g" {} \;
+    done
+
+}
+
+execute_sql_scripts() {
+    export PGPASSWORD=${POSTGRESQL_PASSWORD}
+
+    psql -h "${POSTGRESQL_HOST}" -U "${POSTGRESQL_USERNAME}" -p "${POSTGRESQL_PORT}" -f "./bootstrap.sql"
+}
+
+# General connection variables
+source ./validate-env.sh "DATA_PARTITION_ID"
+
+# Service users and passwords
+source ./validate-env.sh "PARTITION_POSTGRESQL_DB_NAME"
+source ./validate-env.sh "PARTITION_POSTGRESQL_USERNAME"
+source ./validate-env.sh "PARTITION_POSTGRESQL_PASSWORD"
+source ./validate-env.sh "POSTGRESQL_HOST"
+source ./validate-env.sh "POSTGRESQL_PORT"
+source ./validate-env.sh "POSTGRESQL_USERNAME"
+source ./validate-env.sh "POSTGRESQL_PASSWORD"
+source ./validate-env.sh "POSTGRESQL_DATABASE"
+substitute_values
+execute_sql_scripts
+touch /tmp/bootstrap_ready
+# sleeping if success
+sleep 365d

devops/gcp/tests/build/bootstrap.sql

+CREATE USER <PARTITION_POSTGRESQL_USERNAME> WITH PASSWORD '<PARTITION_POSTGRESQL_PASSWORD>';
+GRANT <PARTITION_POSTGRESQL_USERNAME> TO postgres;
+CREATE DATABASE <PARTITION_POSTGRESQL_DB_NAME> OWNER <PARTITION_POSTGRESQL_USERNAME>;
+
+\c "<PARTITION_POSTGRESQL_DB_NAME>";
+
+CREATE SCHEMA IF NOT EXISTS partition AUTHORIZATION <PARTITION_POSTGRESQL_USERNAME>;
+
+CREATE TABLE IF NOT EXISTS partition."PartitionProperty"(
+    id text COLLATE pg_catalog."default" NOT NULL,
+    pk bigint NOT NULL GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
+    data jsonb NOT NULL,
+    CONSTRAINT PartitionProperty UNIQUE (id)
+);
+
+ALTER TABLE
+    partition."PartitionProperty" OWNER to <PARTITION_POSTGRESQL_USERNAME>;
+
+CREATE INDEX IF NOT EXISTS PartitionProperty_datagin ON partition."PartitionProperty" USING GIN (data);

devops/gcp/tests/build/validate-env.sh

+#!/bin/bash
+#  Copyright 2020 Google LLC
+#  Copyright 2017-2019, Schlumberger
+#  Copyright 2022 EPAM
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+set -e
+set +x
+
+ENV_VAR_NAME=$1
+
+if [ "${!ENV_VAR_NAME}" = "" ]
+then
+    echo "Missing environment variable '$ENV_VAR_NAME'. Please provide all variables and try again"
+    { set -x ;} 2> /dev/null # enable output
+    exit 1
+fi
+
+set -x

devops/gcp/tests/clean_up/README.md

+## Cleanup Script for Testing Environment
+
+This is bash script used for cleanup temporary resources in Kubernetes cluster and Datastore.
+It consists of two parts, which can be called separately or together.
+
+#### **Prerequisites**
+
+* gcloud, authorized with account with sufficient permissions (e.g. Cloud Datastore Owner role). For more information on gcloud-sdk look at [Installing the gcloud CLI Documentation](https://cloud.google.com/sdk/docs/install)
+* for cluster part:
+  * installed kubectl and jq tools
+  * active kubeconfig context, collect necessary credentials before starting the script
+* for Datastore part:
+  * Python 3.7 and higher
+  * It's recommended to use `virtualenv` tool for Python. To install virtualenv on Debian-based Linux distributions you can use `apt-get install python3-venv`.
+
+#### **Configuration**
+
+[How to install gcloud CLI](https://cloud.google.com/sdk/docs/install)
+[How to install Python](https://www.python.org/downloads/)
+
+**Common steps:**
+
+Provide credentials for gcloud:
+
+```sh
+# Interactive
+gcloud auth login
+
+# Or using service account
+gcloud auth activate-service-account --key-file <path-to-sa-json>
+
+```
+
+**Cluster cleanup:**
+
+```sh
+# Get cluster credentials
+gcloud container clusters get-credentials <cluster-name> --zone <cluster-zone> OR --region <cluster-region>
+
+```
+
+**Datastore cleanup:**
+
+```sh
+# Setup redentials for script
+gcloud auth application-default login
+# OR
+export GOOGLE_APPLICATION_CREDENTIALS=<path-to-sa-json>
+
+# Install virtualenv via apt-get
+$ apt-get install python3-venv -y -q
+
+# Create virtualenv
+$ python3 -m venv venv
+
+# Activate virtualenv
+$ source venv/bin/activate
+
+# Install all pypi dependencies
+$ pip install -r requirements.txt
+
+```
+
+#### **How to use scenarios**
+
+**Cluster cleanup:**
+
+* Define variable _OSDU_GCP_HELM_NAMESPACE_ and start the script with _--cluster_ key:
+
+```sh
+export OSDU_GCP_HELM_NAMESPACE=<test-namespace> # k8s namespace where test resources deployed
+./clean_up.sh --cluster
+
+```
+
+**Datastore cleanup:**
+
+* Define variables _OSDU_GCP_PROJECT_ and _PARTITION_NAMESPACE_, and start the script with _--datastore_ key:
+
+```sh
+export OSDU_GCP_PROJECT=<project-id> # Google project id where Datastore used
+export PARTITION_NAMESPACE=<test namespace in Datastore> # test namespace in Datastore
+./clean_up.sh --datastore
+
+```
+
+**Cleanup all test resources:**
+
+* Define variables for both cases and start script with _--all_ key:
+
+```sh
+export OSDU_GCP_HELM_NAMESPACE=<test-namespace>
+export OSDU_GCP_PROJECT=<project-id>
+export PARTITION_NAMESPACE=<test namespace in Datastore>
+./clean_up.sh --all
+
+```
+
+> ***NOTE:*** additional documentation for [Datastore cleanup script](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-gcp-provisioning/-/blob/master/tools/README.md).

devops/gcp/tests/clean_up/clean_up.sh

+#!/usr/bin/env bash
+
+cluster_cleanup() {
+  # check variable for namespace
+  if [[ "$OSDU_GCP_HELM_NAMESPACE" == *test ]]
+  then
+    # uninstall partition helm releases
+    LIST=$(helm -n $OSDU_GCP_HELM_NAMESPACE list -o json | jq -r .[].name)
+    for RELEASE in $LIST
+    do
+      helm -n $OSDU_GCP_HELM_NAMESPACE uninstall $RELEASE
+    done
+    echo "Cluster cleanup Finished"
+  else
+    echo "Production namespace, no operations will be perfomed"
+    exit 1
+  fi
+
+}
+
+datastore_cleanup () {
+
+  apk add py3-pip python3-dev libffi-dev
+  pip install --upgrade pip
+  pip install --upgrade setuptools
+  pip install -q -r devops/gcp/tests/clean_up/requirements.txt
+  python3 devops/gcp/tests/clean_up/datastore_clean_up.py -p "$OSDU_GCP_PROJECT" -n $PARTITION_NAMESPACE --delete-all
+
+  echo "Datastore cleanup finished"
+}
+
+set -ex
+
+case "$1" in
+  --cluster)
+    echo "K8s test namespace cleanup will be perfomed"
+    cluster_cleanup;;
+  --datastore)
+    echo "Datastore test namespace cleanup will be perfomed"
+    datastore_cleanup;;
+  --all)
+    echo "Test resources in k8s and Datastore will be deleted "
+    cluster_cleanup
+    datastore_cleanup;;
+  *)
+    echo "You must setup option like --cluster/datastore/all"
+    exit 1;;
+esac

devops/gcp/tests/env/Chart.yaml

+apiVersion: v2
+name: gc-partition-test
+description: A Helm chart for Kubernetes
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 1.16.0
+
+dependencies:
+- name: postgresql
+  version: 11.9.2
+  repository: https://charts.bitnami.com/bitnami
\ No newline at end of file

devops/gcp/tests/env/templates/db-bootstrap-deployment.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "postgres-bootstrap-deployment"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    rollme: {{ randAlphaNum 5 | quote }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      job: postgresql-bootstrap
+  template:
+    metadata:
+      labels:
+        job: postgresql-bootstrap
+    spec:
+      containers:
+      - name: "postgres-bootstrap"
+        image: "{{ .Values.bootstrap.postgres.image }}"
+        readinessProbe:
+          exec:
+            command:
+            - cat
+            - /tmp/bootstrap_ready
+        envFrom:
+        - secretRef:
+            name: "postgres-bootstrap-secret"
+        env:
+          - name: PARTITION_POSTGRESQL_DB_NAME
+            valueFrom:
+              secretKeyRef:
+                name: "partition-postgres-secret"
+                key: PARTITION_POSTGRES_DB_NAME
+          - name: PARTITION_POSTGRESQL_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: "partition-postgres-secret"
+                key: OSM_POSTGRES_USERNAME
+          - name: PARTITION_POSTGRESQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: "partition-postgres-secret"
+                key: OSM_POSTGRES_PASSWORD
+      serviceAccountName: {{ .Values.bootstrap.postgres.serviceAccount }}

devops/gcp/tests/env/templates/secrets.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  name: "partition-postgres-secret"
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  {{- with .Values.bootstrap.postgres.partition }}
+  OSM_POSTGRES_USERNAME: {{ .user | b64enc | quote }}
+  PARTITION_POSTGRES_DB_NAME: {{ .name | b64enc | quote }}
+  OSM_POSTGRES_URL: {{ printf "jdbc:postgresql://%s:%s/%s" $.Values.postgresql.fullnameOverride .port .name | b64enc | quote }}
+  OSM_POSTGRES_PASSWORD: {{ randAlphaNum 16 | b64enc | quote }}
+  {{- end }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "postgres-bootstrap-secret"
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  DATA_PARTITION_ID: {{ .Values.bootstrap.infra.secret.dataPartitionId | b64enc | quote }}
+  POSTGRESQL_HOST: {{ .Values.postgresql.fullnameOverride | b64enc | quote }}
+  POSTGRESQL_PORT: {{ .Values.bootstrap.postgres.secret.postgresqlPort | b64enc | quote }}
+  POSTGRESQL_USERNAME: {{ .Values.bootstrap.postgres.secret.postgresqlUser | b64enc | quote }}
+  POSTGRESQL_PASSWORD: {{ .Values.postgresql.global.postgresql.auth.postgresPassword | b64enc | quote }}
+  POSTGRESQL_DATABASE: {{ .Values.postgresql.global.postgresql.auth.database | b64enc | quote }}
\ No newline at end of file

devops/gcp/tests/env/values.yaml

+postgresql:
+  enabled: true
+  fullnameOverride: "postgresql-db"
+  global:
+    postgresql:
+      auth:
+        postgresPassword: ""
+        database: "postgres"
+  primary:
+    persistence:
+      enabled: false
+
+bootstrap:
+  infra:
+    secret:
+      dataPartitionId: test
+  postgres:
+    serviceAccount: datafier
+    image: ""
+    external: false
+    partition:
+      port: "5432"
+      name: "partition"
+      user: "partition"
+    secret:
+      postgresqlUser: "postgres"
+      postgresqlPort: "5432"