Skip to content

Commit

Permalink
Add E2E test to verify roles/bindings are deleted
Browse files Browse the repository at this point in the history
Signed-off-by: Jonathan West <jonwest@redhat.com>
  • Loading branch information
jgwest committed Oct 19, 2024
1 parent d20448a commit 06589e6
Show file tree
Hide file tree
Showing 2 changed files with 99 additions and 4 deletions.
8 changes: 4 additions & 4 deletions controllers/resources_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1170,7 +1170,7 @@ var _ = Describe("Resource creation and cleanup tests", func() {
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).To(Succeed())

By("Verify existing Role is deleted")
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(role), role)).To(HaveOccurred())
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(role), role)).ToNot(Succeed())
})

It("Should delete existing ClusterRole when Role is reconciled", func() {
Expand All @@ -1190,7 +1190,7 @@ var _ = Describe("Resource creation and cleanup tests", func() {
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(role), role)).To(Succeed())

By("Verify existing ClusterRole is deleted")
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).To(HaveOccurred())
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).ToNot(Succeed())
})

It("Should delete existing RoleBinding when ClusterRoleBinding is reconciled", func() {
Expand All @@ -1216,7 +1216,7 @@ var _ = Describe("Resource creation and cleanup tests", func() {
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRoleBinding), clusterRoleBinding)).To(Succeed())

By("Verify RoleBinding is deleted")
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(roleBinding), roleBinding)).To(HaveOccurred())
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(roleBinding), roleBinding)).ToNot(Succeed())
})

It("Should delete existing ClusterRoleBinding when RoleBinding is reconciled", func() {
Expand All @@ -1242,7 +1242,7 @@ var _ = Describe("Resource creation and cleanup tests", func() {
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(roleBinding), roleBinding)).To(Succeed())

By("Verify ClusterRoleBinding is deleted")
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).To(HaveOccurred())
Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).ToNot(Succeed())
})
})
})
Expand Down
95 changes: 95 additions & 0 deletions tests/e2e/rollout_tests_all.go
Original file line number Diff line number Diff line change
Expand Up @@ -689,5 +689,100 @@ func RunRolloutsTests(namespaceScopedParam bool) {
Expect(newPods.Items[0].Name).NotTo(Equal(oldPods.Items[0].Name)) // Ensure the Pod names are different
})

When("a namespace-scoped RolloutManager is installed into a namespace that previously contained a cluster-scoped RolloutManager, or vice versa", func() {

It("should cleanup any cluster/role/rolebinding resources that are present in the namespace, that do not match the current .spec.namespaceScoped value of the RolloutManager CR", func() {

var fakeRole rbacv1.Role
var fakeRoleBinding rbacv1.RoleBinding

var fakeClusterRole rbacv1.ClusterRole
var fakeClusterRoleBinding rbacv1.ClusterRoleBinding

By("creating ClusterRole/Binding in the namespace-scoped case, and Role/Binding in the cluster-scoped case")

if namespaceScopedParam {

fakeClusterRole = rbacv1.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Name: controllers.DefaultArgoRolloutsResourceName,
Namespace: rolloutManager.Namespace,
},
}
Expect(k8sClient.Create(ctx, &fakeClusterRole)).To(Succeed())

fakeClusterRoleBinding = rbacv1.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: controllers.DefaultArgoRolloutsResourceName,
Namespace: rolloutManager.Namespace,
},
RoleRef: rbacv1.RoleRef{
APIGroup: rbacv1.GroupName,
Kind: "ClusterRole",
Name: fakeClusterRole.Name,
},
Subjects: []rbacv1.Subject{
{
Kind: rbacv1.ServiceAccountKind,
Name: controllers.DefaultArgoRolloutsResourceName,
Namespace: rolloutManager.Namespace,
},
},
}
Expect(k8sClient.Create(ctx, &fakeClusterRoleBinding)).To(Succeed())

} else {

fakeRole = rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{
Name: controllers.DefaultArgoRolloutsResourceName,
Namespace: rolloutManager.Namespace,
},
}
Expect(k8sClient.Create(ctx, &fakeRole)).To(Succeed())

fakeRoleBinding = rbacv1.RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: controllers.DefaultArgoRolloutsResourceName,
Namespace: rolloutManager.Namespace,
},
RoleRef: rbacv1.RoleRef{
APIGroup: rbacv1.GroupName,
Kind: "Role",
Name: fakeRole.Name,
},
Subjects: []rbacv1.Subject{
{
Kind: rbacv1.ServiceAccountKind,
Name: controllers.DefaultArgoRolloutsResourceName,
Namespace: rolloutManager.Namespace,
},
},
}
Expect(k8sClient.Create(ctx, &fakeRoleBinding)).To(Succeed())

}

By("creating RolloutManager and waiting for it to be available")
Expect(k8sClient.Create(ctx, &rolloutManager)).To(Succeed())
Eventually(rolloutManager, "1m", "1s").Should(rolloutManagerFixture.HavePhase(rolloutsmanagerv1alpha1.PhaseAvailable))

if namespaceScopedParam {

By("verifying that in the namespace-scoped case, the cluster-scoped resources are deleted after reconciliation")
Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&fakeClusterRole), &fakeClusterRole)).ToNot(Succeed())
Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&fakeClusterRoleBinding), &fakeClusterRoleBinding)).ToNot(Succeed())

} else {

By("verifying that in the cluster-scoped case, the namespace-scoped resources are deleted after reconciliation")
Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&fakeRole), &fakeRole)).ToNot(Succeed())
Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&fakeRoleBinding), &fakeRoleBinding)).ToNot(Succeed())

}

})
})

})
}

0 comments on commit 06589e6

Please sign in to comment.