From df262fe66d25638de47ee98130dcebe016c8fae5 Mon Sep 17 00:00:00 2001 From: Jonathan West Date: Fri, 18 Oct 2024 16:58:27 -0400 Subject: [PATCH] Add E2E test to verify roles/bindings are deleted Signed-off-by: Jonathan West --- controllers/resources_test.go | 8 +-- tests/e2e/rollout_tests_all.go | 96 ++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+), 4 deletions(-) diff --git a/controllers/resources_test.go b/controllers/resources_test.go index e35e8af..33280aa 100644 --- a/controllers/resources_test.go +++ b/controllers/resources_test.go @@ -1141,7 +1141,7 @@ var _ = Describe("Resource creation and cleanup tests", func() { Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).To(Succeed()) By("Verify existing Role is deleted") - Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(role), role)).To(HaveOccurred()) + Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(role), role)).ToNot(Succeed()) }) It("Should delete existing ClusterRole when Role is reconciled", func() { @@ -1161,7 +1161,7 @@ var _ = Describe("Resource creation and cleanup tests", func() { Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(role), role)).To(Succeed()) By("Verify existing ClusterRole is deleted") - Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).To(HaveOccurred()) + Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).ToNot(Succeed()) }) It("Should delete existing RoleBinding when ClusterRoleBinding is reconciled", func() { @@ -1187,7 +1187,7 @@ var _ = Describe("Resource creation and cleanup tests", func() { Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRoleBinding), clusterRoleBinding)).To(Succeed()) By("Verify RoleBinding is deleted") - Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(roleBinding), roleBinding)).To(HaveOccurred()) + Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(roleBinding), roleBinding)).ToNot(Succeed()) }) It("Should delete existing ClusterRoleBinding when RoleBinding is reconciled", func() { @@ -1213,7 +1213,7 @@ var _ = Describe("Resource creation and cleanup tests", func() { Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(roleBinding), roleBinding)).To(Succeed()) By("Verify ClusterRoleBinding is deleted") - Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).To(HaveOccurred()) + Expect(r.Client.Get(ctx, client.ObjectKeyFromObject(clusterRole), clusterRole)).ToNot(Succeed()) }) }) }) diff --git a/tests/e2e/rollout_tests_all.go b/tests/e2e/rollout_tests_all.go index 8b985db..6feaf55 100644 --- a/tests/e2e/rollout_tests_all.go +++ b/tests/e2e/rollout_tests_all.go @@ -595,5 +595,101 @@ func RunRolloutsTests(namespaceScopedParam bool) { }) }) + + When("a namespace-scoped RolloutManager is installed into a namespace that previously contained a cluster-scoped RolloutManager, or vice versa", func() { + + It("should cleanup any cluster/role/rolebinding resources that are present in the namespace, that do not match the current .spec.namespaceScoped value of the RolloutManager CR", func() { + + var fakeRole rbacv1.Role + var fakeRoleBinding rbacv1.RoleBinding + + var fakeClusterRole rbacv1.ClusterRole + var fakeClusterRoleBinding rbacv1.ClusterRoleBinding + + By("creating ClusterRole/Binding in the namespace-scoped case, and Role/Binding in the cluster-scoped case") + + if namespaceScopedParam { + + fakeClusterRole = rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: controllers.DefaultArgoRolloutsResourceName, + Namespace: rolloutManager.Namespace, + }, + } + Expect(k8sClient.Create(ctx, &fakeClusterRole)).To(Succeed()) + + fakeClusterRoleBinding = rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: controllers.DefaultArgoRolloutsResourceName, + Namespace: rolloutManager.Namespace, + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: rbacv1.GroupName, + Kind: "ClusterRole", + Name: fakeClusterRole.Name, + }, + Subjects: []rbacv1.Subject{ + { + Kind: rbacv1.ServiceAccountKind, + Name: controllers.DefaultArgoRolloutsResourceName, + Namespace: rolloutManager.Namespace, + }, + }, + } + Expect(k8sClient.Create(ctx, &fakeClusterRoleBinding)).To(Succeed()) + + } else { + + fakeRole = rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: controllers.DefaultArgoRolloutsResourceName, + Namespace: rolloutManager.Namespace, + }, + } + Expect(k8sClient.Create(ctx, &fakeRole)).To(Succeed()) + + fakeRoleBinding = rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: controllers.DefaultArgoRolloutsResourceName, + Namespace: rolloutManager.Namespace, + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: rbacv1.GroupName, + Kind: "Role", + Name: fakeRole.Name, + }, + Subjects: []rbacv1.Subject{ + { + Kind: rbacv1.ServiceAccountKind, + Name: controllers.DefaultArgoRolloutsResourceName, + Namespace: rolloutManager.Namespace, + }, + }, + } + Expect(k8sClient.Create(ctx, &fakeRoleBinding)).To(Succeed()) + + } + + By("creating RolloutManager and waiting for it to be available") + Expect(k8sClient.Create(ctx, &rolloutManager)).To(Succeed()) + Eventually(rolloutManager, "1m", "1s").Should(rolloutManagerFixture.HavePhase(rolloutsmanagerv1alpha1.PhaseAvailable)) + + if namespaceScopedParam { + + By("verifying that in the namespace-scoped case, the cluster-scoped resources are deleted after reconciliation") + Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&fakeClusterRole), &fakeClusterRole)).ToNot(Succeed()) + Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&fakeClusterRoleBinding), &fakeClusterRoleBinding)).ToNot(Succeed()) + + } else { + + By("verifying that in the cluster-scoped case, the namespace-scoped resources are deleted after reconciliation") + Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&fakeRole), &fakeRole)).ToNot(Succeed()) + Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&fakeRoleBinding), &fakeRoleBinding)).ToNot(Succeed()) + + } + + }) + }) + }) }