Skip to content

Commit

Permalink
refactor operator group cluster role name
Browse files Browse the repository at this point in the history 
Signed-off-by: Per Goncalves da Silva <[email protected]>
  • Loading branch information
Per Goncalves da Silva committed Aug 11, 2023
1 parent a7e3f3f commit 1134900
Show file tree
Hide file tree
Showing 5 changed files with 391 additions and 37 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ require (
github.com/go-logr/logr v1.2.4
github.com/golang/mock v1.6.0
github.com/google/go-cmp v0.5.9
github.com/google/uuid v1.3.0
github.com/googleapis/gnostic v0.5.5
github.com/itchyny/gojq v0.11.0
github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2
Expand Down Expand Up @@ -124,7 +125,6 @@ require (
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/gosuri/uitable v0.0.4 // indirect
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
Expand Down
320 changes: 316 additions & 4 deletions pkg/controller/operators/olm/operator_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"errors"
"fmt"
"math"
"math/big"
Expand Down Expand Up @@ -50,6 +51,9 @@ import (

operatorsv1 "github.com/operator-framework/api/pkg/operators/v1"
"github.com/operator-framework/api/pkg/operators/v1alpha1"
opregistry "github.com/operator-framework/operator-registry/pkg/registry"
clienttesting "k8s.io/client-go/testing"

"github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/clientset/versioned"
"github.com/operator-framework/operator-lifecycle-manager/pkg/api/client/clientset/versioned/fake"
"github.com/operator-framework/operator-lifecycle-manager/pkg/controller/certs"
Expand All @@ -64,8 +68,6 @@ import (
"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/ownerutil"
"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/queueinformer"
"github.com/operator-framework/operator-lifecycle-manager/pkg/lib/scoped"
opregistry "github.com/operator-framework/operator-registry/pkg/registry"
clienttesting "k8s.io/client-go/testing"
)

type TestStrategy struct{}
Expand Down Expand Up @@ -4453,6 +4455,306 @@ func TestSyncOperatorGroups(t *testing.T) {
LastUpdated: &now,
},
},
{
name: "MatchingNamespace/NoCSVs/CreatesClusterRoles",
expectedEqual: true,
initial: initial{
operatorGroup: &operatorsv1.OperatorGroup{
ObjectMeta: metav1.ObjectMeta{
Name: "operator-group-1",
Namespace: operatorNamespace,
UID: "1234",
},
Spec: operatorsv1.OperatorGroupSpec{
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{"app": "app-a"},
},
},
},
k8sObjs: []runtime.Object{
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: operatorNamespace,
},
},
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: targetNamespace,
Labels: map[string]string{"app": "app-a"},
},
},
},
},
expectedStatus: operatorsv1.OperatorGroupStatus{
Namespaces: []string{targetNamespace},
LastUpdated: &now,
},
final: final{objects: map[string][]runtime.Object{
"": {
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.admin-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "admin",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.edit-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "edit",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.view-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "view",
},
},
},
},
}},
},
{
// check that even if old cluster roles exist, we create the new ones and leave the old ones unchanged
name: "MatchingNamespace/NoCSVs/UpdatesOldClusterRoles",
expectedEqual: true,
initial: initial{
operatorGroup: &operatorsv1.OperatorGroup{
ObjectMeta: metav1.ObjectMeta{
Name: "operator-group-1",
Namespace: operatorNamespace,
UID: "1234",
},
Spec: operatorsv1.OperatorGroupSpec{
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{"app": "app-a"},
},
},
},
k8sObjs: []runtime.Object{
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: operatorNamespace,
},
},
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: targetNamespace,
Labels: map[string]string{"app": "app-a"},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "operator-group-1-admin",
Labels: map[string]string{
"olm.owner": "operator-group-1",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "operator-group-1-view",
Labels: map[string]string{
"olm.owner": "operator-group-1",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "operator-group-1-edit",
Labels: map[string]string{
"olm.owner": "operator-group-1",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
},
},
},
},
},
expectedStatus: operatorsv1.OperatorGroupStatus{
Namespaces: []string{targetNamespace},
LastUpdated: &now,
},
final: final{objects: map[string][]runtime.Object{
"": {
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.admin-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "admin",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.edit-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "edit",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.view-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "view",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "operator-group-1-admin",
Labels: map[string]string{
"olm.owner": "operator-group-1",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "operator-group-1-view",
Labels: map[string]string{
"olm.owner": "operator-group-1",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "operator-group-1-edit",
Labels: map[string]string{
"olm.owner": "operator-group-1",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
},
},
},
},
}},
},
{
name: "MatchingNamespace/NoCSVs/Updates" +
"" +
"" +
"" +
"" +
"" +
"" +
"" +
"ClusterRoles",
expectedEqual: true,
initial: initial{
operatorGroup: &operatorsv1.OperatorGroup{
ObjectMeta: metav1.ObjectMeta{
Name: "operator-group-1",
Namespace: operatorNamespace,
UID: "1234",
},
Spec: operatorsv1.OperatorGroupSpec{
Selector: &metav1.LabelSelector{
MatchLabels: map[string]string{"app": "app-a"},
},
},
},
k8sObjs: []runtime.Object{
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: operatorNamespace,
},
},
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: targetNamespace,
Labels: map[string]string{"app": "app-a"},
},
},
},
},
expectedStatus: operatorsv1.OperatorGroupStatus{
Namespaces: []string{targetNamespace},
LastUpdated: &now,
},
final: final{objects: map[string][]runtime.Object{
"": {
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.admin-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "admin",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.edit-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "edit",
},
},
},
&rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
ResourceVersion: "",
Name: "olm.operatorgroup.view-aaaaa",
Labels: map[string]string{
"olm.owner": "1234",
"olm.owner.namespace": "operator-ns",
"olm.owner.kind": "OperatorGroup",
"olm.operatorgroup.rolelevel": "view",
},
},
},
},
}},
},
{
name: "MatchingNamespace/CSVPresent/Found",
expectedEqual: true,
Expand Down Expand Up @@ -4900,6 +5202,10 @@ func TestSyncOperatorGroups(t *testing.T) {
return copied
}

// change the genName function to return a predictable value
genName = func(prefix string) string {
return fmt.Sprintf("%saaaaa", prefix)
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
// Pick out Namespaces
Expand Down Expand Up @@ -5022,7 +5328,10 @@ func TestSyncOperatorGroups(t *testing.T) {

for namespace, objects := range tt.final.objects {
if err := RequireObjectsInCache(t, op.lister, namespace, objects, true); err != nil {
return false, nil
if apierrors.IsNotFound(err) {
return false, nil
}
return false, err
}
}

Expand Down Expand Up @@ -5258,7 +5567,10 @@ func RequireObjectsInCache(t *testing.T, lister operatorlister.OperatorLister, n
require.Failf(t, "couldn't find expected object", "%#v", object)
}
if err != nil {
return fmt.Errorf("namespace: %v, error: %v", namespace, err)
if apierrors.IsNotFound(err) {
return err
}
return errors.Join(err, fmt.Errorf("namespace: %v, error: %v", namespace, err))
}
if doCompare {
if !reflect.DeepEqual(object, fetched) {
Expand Down
Loading

0 comments on commit 1134900

Please sign in to comment.