Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add framework for global role integration tests #45450

Open
wants to merge 4 commits into
base: release/v2.9
Choose a base branch
from
Open

Add framework for global role integration tests #45450

wants to merge 4 commits into from

Conversation

JonCrowther
Copy link
Contributor

@JonCrowther JonCrowther commented May 13, 2024
edited

Summary

This PR adds some initial integration tests to Global Roles. It covers 4 basic create cases

  1. Testing that the cluster role gets created and uses generated name
  2. Testing that the cluster role gets created and uses given name based on annotation
  3. Creating a global role with namespaced rules creates the right roles in the right namespaces
  4. Creating a global role with catalog rules (ie the resource template) creates a role in cattle-global-data

To make it as easy as possible to add new tests, I kept the tests very simple. The test is this structure

struct {
	name        string
	globalRole  v3.GlobalRole
	roles       []rbacv1.Role
	clusterRole rbacv1.ClusterRole
}
  • name: name of the test
  • globalRole: the created global role
  • roles: expected roles to be created
  • clusterRole: expected cluster role to be created

I also moved some logic to tests/controllers/common/common.go because I envision it being re-used by future integration tests.

Limitations

This PR is meant to introduce the integration test framework. It is not comprehensive coverage of global roles. Some additional tests for future work:

  • Testing update functionality
  • Testing that roles with the wrong GlobalRoleOwner label get removed
  • Any testing of failures/conditions

Another limitation is that envtest doesn't run the controllers that monitor OwnerReferences and do garbage collection. So when a global role is deleted, the cluster roles and roles that are owned by it don't get deleted. I added checks to make sure the OwnerReference of these are set to the global role, which indicates that they would get deleted in a full scale kubernetes system.

Finally, in order to run the tests in parallel, each global role needs a unique name. Otherwise there are collisions and it causes the test to fail. Alternatively, the tests could be run sequentially, but the issue might still happen if the delete takes a long time to occur.

@JonCrowther JonCrowther force-pushed the global-roles-integration-tests branch from d0c4442 to 752d0f5 Compare June 5, 2024 16:52
raulcabello
raulcabello reviewed Jun 6, 2024
View reviewed changes
Copy link
Contributor

@raulcabello raulcabello left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks great! I left some small comments.
Thanks Jonathan!

tests/controllers/globalroles/globalrole_test.go Outdated Show resolved Hide resolved
tests/controllers/globalroles/globalrole_test.go Outdated Show resolved Hide resolved
@JonCrowther JonCrowther marked this pull request as ready for review June 7, 2024 15:09
@JonCrowther JonCrowther changed the title [DRAFT] Add framework for global role integration tests Add framework for global role integration tests Jun 7, 2024
@JonCrowther JonCrowther self-assigned this Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raulcabello raulcabello Awaiting requested review from raulcabello

@andreas-kupries andreas-kupries Awaiting requested review from andreas-kupries

@MbolotSuse MbolotSuse Awaiting requested review from MbolotSuse

Assignees

@JonCrowther JonCrowther

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@JonCrowther @raulcabello