From 9607c55d4f553c7e21cc222709871474a958f75c Mon Sep 17 00:00:00 2001 From: Jayendra Parsai Date: Fri, 8 Nov 2024 21:19:37 +0530 Subject: [PATCH] fix: enabled flag of ArgoCD workloads does not remove permissions Signed-off-by: Jayendra Parsai --- controllers/argocd/role.go | 12 ++- controllers/argocd/role_test.go | 99 +++++++++++++++++++ controllers/argocd/rolebinding.go | 7 +- controllers/argocd/util.go | 24 +++++ .../01-assert.yaml | 18 +--- .../01-errors.yaml | 58 ++++++++++- .../01-install.yaml | 1 - .../02-errors.yaml | 46 ++++++++- .../03-assert.yaml | 21 +++- .../03-errors.yaml | 39 ++++++-- .../04-assert.yaml | 33 +++++-- .../04-errors.yaml | 21 +++- .../05-assert.yaml | 44 ++++++++- .../05-errors.yaml | 9 +- .../06-assert.yaml | 41 +++++++- .../01-assert.yaml | 60 +++++++++-- .../02-assert.yaml | 52 ++++++++-- .../02-errors.yaml | 11 +-- .../03-assert.yaml | 28 ++++-- .../03-errors.yaml | 25 ++++- .../04-assert.yaml | 22 +++-- .../04-errors.yaml | 40 ++++++-- .../05-assert.yaml | 16 +-- .../05-errors.yaml | 49 ++++++--- 24 files changed, 646 insertions(+), 130 deletions(-) diff --git a/controllers/argocd/role.go b/controllers/argocd/role.go index 296687edd..3e1a22bd2 100644 --- a/controllers/argocd/role.go +++ b/controllers/argocd/role.go @@ -144,9 +144,9 @@ func (r *ReconcileArgoCD) reconcileRole(name string, policyRules []v1.PolicyRule } roles = append(roles, role) - if name == common.ArgoCDDexServerComponent && !UseDex(cr) { - - continue // Dex installation not requested, do nothing + if (name == common.ArgoCDDexServerComponent && !UseDex(cr)) || + !UseApplicationController(name, cr) || !UseRedis(name, cr) || !UseServer(name, cr) { + continue // Component installation is not requested, do nothing } // Only set ownerReferences for roles in same namespace as ArgoCD CR @@ -161,6 +161,12 @@ func (r *ReconcileArgoCD) reconcileRole(name string, policyRules []v1.PolicyRule return nil, err } continue + } else { + if !UseApplicationController(name, cr) || !UseRedis(name, cr) || !UseServer(name, cr) { + if err := r.Client.Delete(context.TODO(), role); err != nil { + return nil, err + } + } } // Delete the existing default role if custom role is specified diff --git a/controllers/argocd/role_test.go b/controllers/argocd/role_test.go index c5cd665e4..a0ed44c81 100644 --- a/controllers/argocd/role_test.go +++ b/controllers/argocd/role_test.go @@ -1181,3 +1181,102 @@ func enableDefaultClusterRoles(t *testing.T, ctx context.Context, a *argoproj.Ar a.Spec.AggregatedClusterRoles = false assert.NoError(t, cl.Update(ctx, a)) } + +func TestReconcileArgoCD_reconcileRole_enable_controller_role(t *testing.T) { + logf.SetLogger(ZapLogger(true)) + a := makeTestArgoCD() + + resObjs := []client.Object{a} + subresObjs := []client.Object{a} + runtimeObjs := []runtime.Object{} + sch := makeTestReconcilerScheme(argoproj.AddToScheme) + cl := makeTestReconcilerClient(sch, resObjs, subresObjs, runtimeObjs) + r := makeTestReconciler(cl, sch) + + assert.NoError(t, createNamespace(r, a.Namespace, "")) + + componentName := common.ArgoCDApplicationControllerComponent + + _, err := r.reconcileRole(componentName, []v1.PolicyRule{}, a) + assert.NoError(t, err) + + expectedName := fmt.Sprintf("%s-%s", a.Name, componentName) + reconciledRole := &v1.Role{} + assert.NoError(t, r.Client.Get(context.TODO(), types.NamespacedName{Name: expectedName, Namespace: a.Namespace}, reconciledRole)) + + flag := false + a.Spec.Controller.Enabled = &flag + + _, err = r.reconcileRole(componentName, []v1.PolicyRule{}, a) + assert.NoError(t, err) + + err = r.Client.Get(context.TODO(), types.NamespacedName{Name: expectedName, Namespace: a.Namespace}, reconciledRole) + assert.Error(t, err) + assertNotFound(t, err) +} + +func TestReconcileArgoCD_reconcileRole_enable_redis_role(t *testing.T) { + logf.SetLogger(ZapLogger(true)) + a := makeTestArgoCD() + + resObjs := []client.Object{a} + subresObjs := []client.Object{a} + runtimeObjs := []runtime.Object{} + sch := makeTestReconcilerScheme(argoproj.AddToScheme) + cl := makeTestReconcilerClient(sch, resObjs, subresObjs, runtimeObjs) + r := makeTestReconciler(cl, sch) + + assert.NoError(t, createNamespace(r, a.Namespace, "")) + + componentName := common.ArgoCDRedisComponent + + _, err := r.reconcileRole(componentName, []v1.PolicyRule{}, a) + assert.NoError(t, err) + + expectedName := fmt.Sprintf("%s-%s", a.Name, componentName) + reconciledRole := &v1.Role{} + assert.NoError(t, r.Client.Get(context.TODO(), types.NamespacedName{Name: expectedName, Namespace: a.Namespace}, reconciledRole)) + + flag := false + a.Spec.Redis.Enabled = &flag + + _, err = r.reconcileRole(componentName, []v1.PolicyRule{}, a) + assert.NoError(t, err) + + err = r.Client.Get(context.TODO(), types.NamespacedName{Name: expectedName, Namespace: a.Namespace}, reconciledRole) + assert.Error(t, err) + assertNotFound(t, err) +} + +func TestReconcileArgoCD_reconcileRole_enable_server_role(t *testing.T) { + logf.SetLogger(ZapLogger(true)) + a := makeTestArgoCD() + + resObjs := []client.Object{a} + subresObjs := []client.Object{a} + runtimeObjs := []runtime.Object{} + sch := makeTestReconcilerScheme(argoproj.AddToScheme) + cl := makeTestReconcilerClient(sch, resObjs, subresObjs, runtimeObjs) + r := makeTestReconciler(cl, sch) + + assert.NoError(t, createNamespace(r, a.Namespace, "")) + + componentName := common.ArgoCDServerComponent + + _, err := r.reconcileRole(componentName, []v1.PolicyRule{}, a) + assert.NoError(t, err) + + expectedName := fmt.Sprintf("%s-%s", a.Name, componentName) + reconciledRole := &v1.Role{} + assert.NoError(t, r.Client.Get(context.TODO(), types.NamespacedName{Name: expectedName, Namespace: a.Namespace}, reconciledRole)) + + flag := false + a.Spec.Server.Enabled = &flag + + _, err = r.reconcileRole(componentName, []v1.PolicyRule{}, a) + assert.NoError(t, err) + + err = r.Client.Get(context.TODO(), types.NamespacedName{Name: expectedName, Namespace: a.Namespace}, reconciledRole) + assert.Error(t, err) + assertNotFound(t, err) +} diff --git a/controllers/argocd/rolebinding.go b/controllers/argocd/rolebinding.go index f38a77944..a002e7957 100644 --- a/controllers/argocd/rolebinding.go +++ b/controllers/argocd/rolebinding.go @@ -146,8 +146,9 @@ func (r *ReconcileArgoCD) reconcileRoleBinding(name string, rules []v1.PolicyRul return fmt.Errorf("failed to get the rolebinding associated with %s : %s", name, err) } - if name == common.ArgoCDDexServerComponent && !UseDex(cr) { - continue // Dex installation is not requested, do nothing + if (name == common.ArgoCDDexServerComponent && !UseDex(cr)) || + !UseApplicationController(name, cr) || !UseRedis(name, cr) || !UseServer(name, cr) { + continue // Component installation is not requested, do nothing } roleBindingExists = false @@ -177,7 +178,7 @@ func (r *ReconcileArgoCD) reconcileRoleBinding(name string, rules []v1.PolicyRul } if roleBindingExists { - if name == common.ArgoCDDexServerComponent && !UseDex(cr) { + if (name == common.ArgoCDDexServerComponent && !UseDex(cr)) || !UseApplicationController(name, cr) || !UseRedis(name, cr) || !UseServer(name, cr) { // Delete any existing RoleBinding created for Dex since dex uninstallation is requested log.Info("deleting the existing Dex roleBinding because dex uninstallation is requested") if err = r.Client.Delete(context.TODO(), existingRoleBinding); err != nil { diff --git a/controllers/argocd/util.go b/controllers/argocd/util.go index aa481dc43..d9f08597a 100644 --- a/controllers/argocd/util.go +++ b/controllers/argocd/util.go @@ -1664,3 +1664,27 @@ func getApplicationSetHTTPServerHost(cr *argoproj.ArgoCD) (string, error) { } return host, nil } + +// UseApplicationController determines whether Application Controller resources should be created and configured or not +func UseApplicationController(name string, cr *argoproj.ArgoCD) bool { + if name == common.ArgoCDApplicationControllerComponent && cr.Spec.Controller.Enabled != nil { + return *cr.Spec.Controller.Enabled + } + return true +} + +// UseRedis determines whether Redis resources should be created and configured or not +func UseRedis(name string, cr *argoproj.ArgoCD) bool { + if name == common.ArgoCDRedisComponent && cr.Spec.Redis.Enabled != nil { + return *cr.Spec.Redis.Enabled + } + return true +} + +// UseServer determines whether ArgoCD Server resources should be created and configured or not +func UseServer(name string, cr *argoproj.ArgoCD) bool { + if name == common.ArgoCDServerComponent && cr.Spec.Server.Enabled != nil { + return *cr.Spec.Server.Enabled + } + return true +} diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-assert.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-assert.yaml index aa3ba7ee0..5cce563a5 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-assert.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-assert.yaml @@ -16,28 +16,12 @@ spec: enabled: false status: phase: Available - --- -apiVersion: rbac.authorization.k8s.io/v1 kind: Role -metadata: - name: argocd-test1-argocd-application-controller - namespace: test1 - ---- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding metadata: - name: argocd-test1-argocd-application-controller - namespace: test1 - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: argocd-test1-argocd-server + name: argocd-test1-argocd-redis-ha namespace: test1 - --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-errors.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-errors.yaml index 2558aa16b..ff086b0b1 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-errors.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-errors.yaml @@ -4,19 +4,69 @@ kind: Deployment metadata: name: argocd-test1-redis namespace: test1 - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-repo-server namespace: test1 - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-server namespace: test1 - - +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test1-applicationset-controller + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-argocd-application-controller + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test1-argocd-application-controller + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-argocd-server + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-server + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-redis + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-redis + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-redis-ha + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-redis-ha + namespace: test1 \ No newline at end of file diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-install.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-install.yaml index 1fbc8fa90..a3425cddc 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-install.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/01-install.yaml @@ -3,7 +3,6 @@ kind: Namespace metadata: name: test1 --- - apiVersion: argoproj.io/v1beta1 kind: ArgoCD metadata: diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/02-errors.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/02-errors.yaml index c6ff3ab8e..d5c8a7dac 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/02-errors.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/02-errors.yaml @@ -4,31 +4,69 @@ kind: Deployment metadata: name: argocd-test1-redis namespace: test1 - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-repo-server namespace: test1 - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-server namespace: test1 - +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test1-applicationset-controller + namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: argocd-test1-server namespace: test1 - +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test1-server + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-argocd-redis + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test1-argocd-redis + namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: argocd-test1-repo-server namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test1-repo-server + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-applicationset-controller + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test1-applicationset-controller + namespace: test1 diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/03-assert.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/03-assert.yaml index 1ce5b167c..1ad9a0363 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/03-assert.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/03-assert.yaml @@ -11,25 +11,38 @@ metadata: namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: Role metadata: name: argocd-test1-argocd-application-controller namespace: test1 --- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + name: argocd-test1-argocd-application-controller + namespace: test1 +--- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: argocd-test1-argocd-server + name: argocd-test1-argocd-redis namespace: test1 --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: argocd-test1-argocd-redis-ha + name: argocd-test1-argocd-redis namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-test1-argocd-application-controller + name: argocd-test1-argocd-redis-ha + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-redis-ha namespace: test1 + diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/03-errors.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/03-errors.yaml index c554f2c74..8168d54c7 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/03-errors.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/03-errors.yaml @@ -5,22 +5,47 @@ metadata: namespace: test1 status: phase: Available ---- +--- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-repo-server namespace: test1 - +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test1-server + namespace: test1 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test1-applicationset-controller + namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-test1-server + name: argocd-test1-argocd-server + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-server + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-applicationset-controller + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-applicationset-controller namespace: test1 - - - - diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/04-assert.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/04-assert.yaml index fb47f2f73..ebf307aa6 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/04-assert.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/04-assert.yaml @@ -5,38 +5,59 @@ metadata: namespace: test1 status: phase: Available + --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-redis namespace: test1 - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-repo-server namespace: test1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: argocd-test1-application-controller + namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: Role metadata: name: argocd-test1-argocd-application-controller namespace: test1 - --- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + name: argocd-test1-argocd-application-controller + namespace: test1 +--- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: argocd-test1-argocd-server + name: argocd-test1-argocd-redis-ha namespace: test1 - --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: argocd-test1-argocd-redis-ha namespace: test1 - +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-argocd-redis + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-redis + namespace: test1 diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/04-errors.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/04-errors.yaml index b99d19a31..19facbc4f 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/04-errors.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/04-errors.yaml @@ -4,6 +4,12 @@ kind: Deployment metadata: name: argocd-test1-server namespace: test1 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test1-applicationset-controller + namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 @@ -11,10 +17,21 @@ kind: Role metadata: name: argocd-test1-server namespace: test1 - +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-server + namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-test1-application-controller + name: argocd-test1-applicationset-controller namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-applicationset-controller + namespace: test1 \ No newline at end of file diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/05-assert.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/05-assert.yaml index 63f014c27..055ff69fe 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/05-assert.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/05-assert.yaml @@ -5,41 +5,75 @@ metadata: namespace: test1 status: phase: Available + --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-redis - namespace: test1 - + namespace: test1 --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-repo-server namespace: test1 - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-server namespace: test1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: argocd-test1-application-controller + namespace: test1 + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-argocd-application-controller + namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: argocd-test1-argocd-application-controller namespace: test1 - +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-server + namespace: test1 --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: argocd-test1-argocd-server namespace: test1 - +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-redis + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-redis + namespace: test1 +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-redis-ha + namespace: test1 --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/05-errors.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/05-errors.yaml index a22afb8d2..9242a8e6c 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/05-errors.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/05-errors.yaml @@ -2,12 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-test1-server + name: argocd-test1-applicationset-controller namespace: test1 - --- +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 -kind: Role metadata: - name: argocd-test1-application-controller - namespace: test1 + name: argocd-test1-applicationset-controller + namespace: test1 \ No newline at end of file diff --git a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/06-assert.yaml b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/06-assert.yaml index 4affd7054..80ec3d5aa 100644 --- a/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/06-assert.yaml +++ b/tests/k8s/1-034_validate_applicationset_reconcile_enabled_set_false/06-assert.yaml @@ -12,39 +12,70 @@ kind: Deployment metadata: name: argocd-test1-redis namespace: test1 - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-repo-server namespace: test1 - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test1-server namespace: test1 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: argocd-test1-application-controller + namespace: test1 --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test1-argocd-application-controller + namespace: test1 +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: argocd-test1-argocd-application-controller namespace: test1 - +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-server + namespace: test1 --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: argocd-test1-argocd-server namespace: test1 - --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: argocd-test1-argocd-redis-ha namespace: test1 - +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-redis-ha + namespace: test1 +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-redis + namespace: test1 +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test1-argocd-redis + namespace: test1 diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/01-assert.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/01-assert.yaml index 95ce3a642..d5dbf2c7a 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/01-assert.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/01-assert.yaml @@ -12,39 +12,87 @@ kind: Deployment metadata: name: argocd-test-redis namespace: test - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-repo-server namespace: test - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-server namespace: test - +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test-applicationset-controller + namespace: test +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: argocd-test-application-controller + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test-argocd-application-controller + namespace: test --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: argocd-test-argocd-application-controller namespace: test - +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-server + namespace: test --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: argocd-test-argocd-server namespace: test - +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis-ha + namespace: test --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: argocd-test-argocd-redis-ha namespace: test - +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis + namespace: test +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test-applicationset-controller + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test-applicationset-controller + namespace: test \ No newline at end of file diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/02-assert.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/02-assert.yaml index 9804b09ea..d22f0fae3 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/02-assert.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/02-assert.yaml @@ -1,4 +1,3 @@ - apiVersion: argoproj.io/v1beta1 kind: ArgoCD metadata: @@ -6,36 +5,77 @@ metadata: namespace: test status: phase: Available + --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-redis namespace: test - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-repo-server namespace: test - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-server namespace: test - --- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test-applicationset-controller + namespace: test + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-server + namespace: test +--- +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-server + namespace: test +--- kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis-ha + namespace: test +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: argocd-test-argocd-application-controller + name: argocd-test-argocd-redis-ha namespace: test --- +kind: Role apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis + namespace: test +--- kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: argocd-test-argocd-application-controller + name: argocd-test-applicationset-controller namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test-applicationset-controller + namespace: test \ No newline at end of file diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/02-errors.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/02-errors.yaml index db4292f62..b3ff51c73 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/02-errors.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/02-errors.yaml @@ -1,20 +1,19 @@ - apiVersion: apps/v1 kind: StatefulSet metadata: name: argocd-test-application-controller namespace: test ---- +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-test-server + name: argocd-test-application-controller namespace: test - --- +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 -kind: Role metadata: - name: argocd-test-repo-server + name: argocd-test-application-controller namespace: test + \ No newline at end of file diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/03-assert.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/03-assert.yaml index b5b1e6371..08e98d5a3 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/03-assert.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/03-assert.yaml @@ -6,20 +6,25 @@ metadata: status: phase: Available --- - apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-repo-server namespace: test --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: apps/v1 +kind: Deployment metadata: - name: argocd-test-argocd-application-controller + name: argocd-test-server namespace: test --- -kind: RoleBinding +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test-applicationset-controller + namespace: test +--- +kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: argocd-test-argocd-server @@ -28,14 +33,17 @@ metadata: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: argocd-test-argocd-redis-ha + name: argocd-test-argocd-server namespace: test --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-test-argocd-application-controller + name: argocd-test-applicationset-controller + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test-applicationset-controller namespace: test - - - diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/03-errors.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/03-errors.yaml index 954c88dba..75d6395f2 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/03-errors.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/03-errors.yaml @@ -9,10 +9,33 @@ kind: StatefulSet metadata: name: argocd-test-application-controller namespace: test + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis + namespace: test --- +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis + namespace: test +--- kind: Role +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: argocd-test-server + name: argocd-test-application-controller + namespace: test +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-application-controller namespace: test + + + + diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/04-assert.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/04-assert.yaml index bdbaf6ee8..e023a60aa 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/04-assert.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/04-assert.yaml @@ -11,24 +11,34 @@ kind: Deployment metadata: name: argocd-test-server namespace: test +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test-applicationset-controller + namespace: test --- +kind: Role apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding metadata: - name: argocd-test-argocd-application-controller + name: argocd-test-argocd-server namespace: test - --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: argocd-test-argocd-server namespace: test - --- -kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test-applicationset-controller + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: argocd-test-argocd-redis-ha + name: argocd-test-applicationset-controller namespace: test diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/04-errors.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/04-errors.yaml index d63abb327..982324662 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/04-errors.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/04-errors.yaml @@ -1,29 +1,55 @@ - +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: argocd-test-application-controller + namespace: test --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-redis namespace: test - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-repo-server namespace: test + --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-test-server + name: argocd-test-application-controller namespace: test - --- apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: RoleBinding metadata: name: argocd-test-application-controller namespace: test - - +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test-redis + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test-redis + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argocd-test-repo-server + namespace: test +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test-repo-server + namespace: test diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/05-assert.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/05-assert.yaml index 7d9ceeb5a..06b20202e 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/05-assert.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/05-assert.yaml @@ -5,23 +5,23 @@ metadata: namespace: test status: phase: Available + --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: apps/v1 +kind: Deployment metadata: - name: argocd-test-argocd-application-controller + name: argocd-test-applicationset-controller namespace: test --- -kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: argocd-test-argocd-server + name: argocd-test-applicationset-controller namespace: test - --- -kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: argocd-test-argocd-redis-ha + name: argocd-test-applicationset-controller namespace: test \ No newline at end of file diff --git a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/05-errors.yaml b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/05-errors.yaml index 32a93ab1e..4f709e3e7 100644 --- a/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/05-errors.yaml +++ b/tests/k8s/1-035_validate_applicationset_reconcile_enabled_set_true/05-errors.yaml @@ -1,40 +1,61 @@ - +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argocd-test-server + namespace: test --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-redis namespace: test - --- apiVersion: apps/v1 kind: Deployment metadata: name: argocd-test-repo-server namespace: test - --- apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: - name: argocd-test-server + name: argocd-test-application-controller namespace: test + --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: argocd-test-server + name: argocd-test-argocd-application-controller namespace: test - --- apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argocd-test-argocd-application-controller + namespace: test +--- kind: Role +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: argocd-test-application-controller + name: argocd-test-argocd-server + namespace: test +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-server + namespace: test +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis + namespace: test +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: argocd-test-argocd-redis namespace: test - - - - - -