diff --git a/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml deleted file mode 100644 index a3af8c927..000000000 --- a/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml +++ /dev/null @@ -1,249 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - pod-security.kubernetes.io/enforce: baseline ---- -kind: Job -apiVersion: batch/v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/job-name": "oneimage" - "acorn.io/managed": "true" -spec: - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/job-name": "oneimage" - "acorn.io/managed": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - imagePullSecrets: - - name: oneimage-pull-1234567890ab - restartPolicy: Never - serviceAccountName: oneimage - enableServiceLinks: false - terminationGracePeriodSeconds: 5 - containers: - - name: oneimage - image: "image-name" - readinessProbe: - tcpSocket: - port: 81 - ports: - - containerPort: 81 - protocol: "TCP" - terminationMessagePath: "/run/secrets/output" - - name: left - image: "foo" - readinessProbe: - tcpSocket: - port: 91 - ports: - - containerPort: 91 - protocol: "TCP" - terminationMessagePath: "/run/secrets/output" ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" -spec: - selector: - matchLabels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" - "service-name.acorn.io/twoimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - terminationGracePeriodSeconds: 5 - enableServiceLinks: false - serviceAccountName: twoimage - hostname: twoimage - imagePullSecrets: - - name: twoimage-pull-1234567890ab - containers: - - name: twoimage - image: "image-name" - ports: - - containerPort: 81 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 81 - - name: left - image: "foo" - ports: - - containerPort: 91 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 91 ---- -kind: Secret -apiVersion: v1 -metadata: - name: oneimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: Secret -apiVersion: v1 -metadata: - name: twoimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: Service -apiVersion: v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "acorn.io/service-name": "twoimage" - "acorn.io/container-name": "twoimage" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 81 - protocol: "TCP" - appProtocol: "HTTP" - name: "80" - - port: 90 - targetPort: 91 - protocol: "TCP" - name: "90" - selector: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "service-name.acorn.io/twoimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" ---- -kind: AppInstance -apiVersion: internal.acorn.io/v1 -metadata: - name: app-name - namespace: app-namespace - uid: 1234567890abcdef -spec: - image: test - permissions: - - serviceName: oneimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" - - serviceName: twoimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - jobs: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - containers: - twoimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - conditions: - - type: defined - reason: Success - status: "True" - success: true \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/appinstance.yaml b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/appinstance.yaml index 7a3f0c0a6..197e293cd 100644 --- a/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/appinstance.yaml +++ b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/appinstance.yaml @@ -75,4 +75,9 @@ status: image: "image-name" build: dockerfile: "Dockerfile" - context: "." \ No newline at end of file + context: "." + conditions: + - type: defined + reason: Success + status: "True" + success: true \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/deployment.yaml b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/deployment.yaml new file mode 100644 index 000000000..72eb55512 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/deployment.yaml @@ -0,0 +1,53 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: twoimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" +spec: + selector: + matchLabels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" + "service-name.acorn.io/twoimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + terminationGracePeriodSeconds: 5 + enableServiceLinks: false + serviceAccountName: twoimage + hostname: twoimage + imagePullSecrets: + - name: twoimage-pull-1234567890ab + containers: + - name: twoimage + image: "image-name" + ports: + - containerPort: 81 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 81 + - name: left + image: "foo" + ports: + - containerPort: 91 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 91 diff --git a/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/jobs.yaml b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/jobs.yaml new file mode 100644 index 000000000..7c8dc3073 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/jobs.yaml @@ -0,0 +1,46 @@ +kind: Job +apiVersion: batch/v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/job-name": "oneimage" + "acorn.io/managed": "true" +spec: + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/job-name": "oneimage" + "acorn.io/managed": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + imagePullSecrets: + - name: oneimage-pull-1234567890ab + restartPolicy: Never + serviceAccountName: oneimage + enableServiceLinks: false + terminationGracePeriodSeconds: 5 + containers: + - name: oneimage + image: "image-name" + readinessProbe: + tcpSocket: + port: 81 + ports: + - containerPort: 81 + protocol: "TCP" + terminationMessagePath: "/run/secrets/output" + - name: left + image: "foo" + readinessProbe: + tcpSocket: + port: 91 + ports: + - containerPort: 91 + protocol: "TCP" + terminationMessagePath: "/run/secrets/output" diff --git a/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/secret.yaml b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/secret.yaml new file mode 100644 index 000000000..6d9dd446f --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/secret.yaml @@ -0,0 +1,23 @@ +kind: Secret +apiVersion: v1 +metadata: + name: oneimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +--- +kind: Secret +apiVersion: v1 +metadata: + name: twoimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 diff --git a/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/service.yaml b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/service.yaml new file mode 100644 index 000000000..c583cc00d --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/both/expected.yaml.d/service.yaml @@ -0,0 +1,30 @@ +kind: Service +apiVersion: v1 +metadata: + name: twoimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "acorn.io/service-name": "twoimage" + "acorn.io/container-name": "twoimage" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 81 + protocol: "TCP" + appProtocol: "HTTP" + name: "80" + - port: 90 + targetPort: 91 + protocol: "TCP" + name: "90" + selector: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "service-name.acorn.io/twoimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml deleted file mode 100644 index 333ed2f74..000000000 --- a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml +++ /dev/null @@ -1,218 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - pod-security.kubernetes.io/enforce: baseline ---- -kind: Job -apiVersion: batch/v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/job-name": "oneimage" - "acorn.io/managed": "true" -spec: - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/job-name": "oneimage" - "acorn.io/managed": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - imagePullSecrets: - - name: oneimage-pull-1234567890ab - restartPolicy: Never - serviceAccountName: oneimage - enableServiceLinks: false - terminationGracePeriodSeconds: 5 - containers: - - name: oneimage - image: "image-name" - readinessProbe: - tcpSocket: - port: 81 - ports: - - containerPort: 81 - protocol: "TCP" - terminationMessagePath: "/run/secrets/output" - - name: left - image: "foo" - readinessProbe: - tcpSocket: - port: 91 - ports: - - containerPort: 91 - protocol: "TCP" - terminationMessagePath: "/run/secrets/output" ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" -spec: - selector: - matchLabels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" - "service-name.acorn.io/twoimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - terminationGracePeriodSeconds: 5 - enableServiceLinks: false - serviceAccountName: twoimage - hostname: twoimage - imagePullSecrets: - - name: twoimage-pull-1234567890ab - containers: - - name: twoimage - image: "image-name" - ports: - - containerPort: 81 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 81 - - name: left - image: "foo" - ports: - - containerPort: 91 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 91 ---- -kind: Secret -apiVersion: v1 -metadata: - name: oneimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: Secret -apiVersion: v1 -metadata: - name: twoimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: Service -apiVersion: v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "acorn.io/service-name": "twoimage" - "acorn.io/container-name": "twoimage" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 81 - protocol: "TCP" - appProtocol: "HTTP" - name: "80" - - port: 90 - targetPort: 91 - protocol: "TCP" - name: "90" - selector: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "service-name.acorn.io/twoimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" ---- -kind: AppInstance -apiVersion: internal.acorn.io/v1 -metadata: - name: app-name - namespace: app-namespace - uid: 1234567890abcdef -spec: - image: test -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - jobs: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - containers: - twoimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - conditions: - - type: defined - reason: Success - status: "True" - success: true \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/appinstance.yaml b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/appinstance.yaml index 8899b2876..4dbb494e2 100644 --- a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/appinstance.yaml +++ b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/appinstance.yaml @@ -44,4 +44,9 @@ status: image: "image-name" build: dockerfile: "Dockerfile" - context: "." \ No newline at end of file + context: "." + conditions: + - type: defined + reason: Success + status: "True" + success: true \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/deployment.yaml b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/deployment.yaml new file mode 100644 index 000000000..72eb55512 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/deployment.yaml @@ -0,0 +1,53 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: twoimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" +spec: + selector: + matchLabels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" + "service-name.acorn.io/twoimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + terminationGracePeriodSeconds: 5 + enableServiceLinks: false + serviceAccountName: twoimage + hostname: twoimage + imagePullSecrets: + - name: twoimage-pull-1234567890ab + containers: + - name: twoimage + image: "image-name" + ports: + - containerPort: 81 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 81 + - name: left + image: "foo" + ports: + - containerPort: 91 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 91 diff --git a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/job.yaml b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/job.yaml new file mode 100644 index 000000000..7c8dc3073 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/job.yaml @@ -0,0 +1,46 @@ +kind: Job +apiVersion: batch/v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/job-name": "oneimage" + "acorn.io/managed": "true" +spec: + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/job-name": "oneimage" + "acorn.io/managed": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + imagePullSecrets: + - name: oneimage-pull-1234567890ab + restartPolicy: Never + serviceAccountName: oneimage + enableServiceLinks: false + terminationGracePeriodSeconds: 5 + containers: + - name: oneimage + image: "image-name" + readinessProbe: + tcpSocket: + port: 81 + ports: + - containerPort: 81 + protocol: "TCP" + terminationMessagePath: "/run/secrets/output" + - name: left + image: "foo" + readinessProbe: + tcpSocket: + port: 91 + ports: + - containerPort: 91 + protocol: "TCP" + terminationMessagePath: "/run/secrets/output" diff --git a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/secret.yaml b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/secret.yaml new file mode 100644 index 000000000..6d9dd446f --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/secret.yaml @@ -0,0 +1,23 @@ +kind: Secret +apiVersion: v1 +metadata: + name: oneimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +--- +kind: Secret +apiVersion: v1 +metadata: + name: twoimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 diff --git a/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/service.yaml b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/service.yaml new file mode 100644 index 000000000..c583cc00d --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/bothwithnopermissions/expected.yaml.d/service.yaml @@ -0,0 +1,30 @@ +kind: Service +apiVersion: v1 +metadata: + name: twoimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "acorn.io/service-name": "twoimage" + "acorn.io/container-name": "twoimage" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 81 + protocol: "TCP" + appProtocol: "HTTP" + name: "80" + - port: 90 + targetPort: 91 + protocol: "TCP" + name: "90" + selector: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "service-name.acorn.io/twoimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml deleted file mode 100644 index e90f4da7d..000000000 --- a/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml +++ /dev/null @@ -1,182 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "pod-security.kubernetes.io/enforce": baseline ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" -spec: - selector: - matchLabels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" - "service-name.acorn.io/oneimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - terminationGracePeriodSeconds: 5 - enableServiceLinks: false - serviceAccountName: oneimage - hostname: oneimage - imagePullSecrets: - - name: oneimage-pull-1234567890ab - containers: - - name: oneimage - image: "image-name" - ports: - - containerPort: 81 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 81 - - name: left - image: "foo" - ports: - - containerPort: 91 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 91 ---- -kind: Service -apiVersion: v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "acorn.io/service-name": "oneimage" - "acorn.io/container-name": "oneimage" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 81 - protocol: "TCP" - appProtocol: "HTTP" - name: "80" - - port: 90 - targetPort: 91 - protocol: "TCP" - name: "90" - selector: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "service-name.acorn.io/oneimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" ---- -kind: AppInstance -apiVersion: internal.acorn.io/v1 -metadata: - name: app-name - namespace: app-namespace - uid: 1234567890abcdef -spec: - image: test - kind: AppInstance - permissions: - - serviceName: oneimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - containers: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - containers: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - conditions: - - type: defined - reason: Success - status: "True" - success: true ---- -kind: Secret -apiVersion: v1 -metadata: - name: oneimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 diff --git a/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/appinstance.yaml b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/appinstance.yaml index 2510f56be..91ff47c75 100644 --- a/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/appinstance.yaml +++ b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/appinstance.yaml @@ -44,3 +44,8 @@ status: build: dockerfile: "Dockerfile" context: "." + conditions: + - type: defined + reason: Success + status: "True" + success: true diff --git a/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/deployment.yaml b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/deployment.yaml new file mode 100644 index 000000000..b3f24310d --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/deployment.yaml @@ -0,0 +1,53 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" +spec: + selector: + matchLabels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" + "service-name.acorn.io/oneimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + terminationGracePeriodSeconds: 5 + enableServiceLinks: false + serviceAccountName: oneimage + hostname: oneimage + imagePullSecrets: + - name: oneimage-pull-1234567890ab + containers: + - name: oneimage + image: "image-name" + ports: + - containerPort: 81 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 81 + - name: left + image: "foo" + ports: + - containerPort: 91 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 91 diff --git a/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/secret.yaml b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/secret.yaml new file mode 100644 index 000000000..5a09b3cd0 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/secret.yaml @@ -0,0 +1,11 @@ +kind: Secret +apiVersion: v1 +metadata: + name: oneimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 diff --git a/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/service.yaml b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/service.yaml new file mode 100644 index 000000000..57e21d7a7 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/container/expected.yaml.d/service.yaml @@ -0,0 +1,30 @@ +kind: Service +apiVersion: v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "acorn.io/service-name": "oneimage" + "acorn.io/container-name": "oneimage" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 81 + protocol: "TCP" + appProtocol: "HTTP" + name: "80" + - port: 90 + targetPort: 91 + protocol: "TCP" + name: "90" + selector: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "service-name.acorn.io/oneimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" diff --git a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml deleted file mode 100644 index 1b0af93e6..000000000 --- a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml +++ /dev/null @@ -1,326 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "pod-security.kubernetes.io/enforce": baseline ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" -spec: - selector: - matchLabels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" - "service-name.acorn.io/oneimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - terminationGracePeriodSeconds: 5 - enableServiceLinks: false - serviceAccountName: oneimage - hostname: oneimage - imagePullSecrets: - - name: oneimage-pull-1234567890ab - containers: - - name: oneimage - image: "image-name" - ports: - - containerPort: 81 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 81 - - name: left - image: "foo" - ports: - - containerPort: 91 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 91 ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" -spec: - selector: - matchLabels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" - "service-name.acorn.io/twoimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - terminationGracePeriodSeconds: 5 - enableServiceLinks: false - serviceAccountName: twoimage - hostname: twoimage - imagePullSecrets: - - name: twoimage-pull-1234567890ab - containers: - - name: twoimage - image: "image-name" - ports: - - containerPort: 81 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 81 - - name: left - image: "foo" - ports: - - containerPort: 91 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 91 ---- -kind: Service -apiVersion: v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "acorn.io/service-name": "oneimage" - "acorn.io/container-name": "oneimage" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 81 - protocol: "TCP" - appProtocol: "HTTP" - name: "80" - - port: 90 - targetPort: 91 - protocol: "TCP" - name: "90" - selector: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "service-name.acorn.io/oneimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" ---- -kind: Service -apiVersion: v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "acorn.io/service-name": "twoimage" - "acorn.io/container-name": "twoimage" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 81 - protocol: "TCP" - appProtocol: "HTTP" - name: "80" - - port: 90 - targetPort: 91 - protocol: "TCP" - name: "90" - selector: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "service-name.acorn.io/twoimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" ---- -kind: AppInstance -apiVersion: internal.acorn.io/v1 -metadata: - name: app-name - namespace: app-namespace - uid: 1234567890abcdef -spec: - image: test - kind: AppInstance - permissions: - - serviceName: oneimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" - - serviceName: twoimage - clusterRules: - - verbs: - - put - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - delete - apiGroups: - - "bar.io" - resources: - - "foo" -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - containers: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - twoimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - containers: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - twoimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - conditions: - - type: defined - reason: Success - status: "True" - success: true ---- -kind: Secret -apiVersion: v1 -metadata: - name: oneimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: Secret -apiVersion: v1 -metadata: - name: twoimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 diff --git a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/appinstance.yaml b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/appinstance.yaml index 04fd9d73d..f9bda079a 100644 --- a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/appinstance.yaml +++ b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/appinstance.yaml @@ -25,14 +25,14 @@ spec: - serviceName: twoimage clusterRules: - verbs: - - create + - put apiGroups: - "foo.io" resources: - "bar" rules: - verbs: - - patch + - delete apiGroups: - "bar.io" resources: @@ -75,3 +75,8 @@ status: build: dockerfile: "Dockerfile" context: "." + conditions: + - type: defined + reason: Success + status: "True" + success: true diff --git a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/deployment.yaml b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/deployment.yaml new file mode 100644 index 000000000..3c3d43bce --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/deployment.yaml @@ -0,0 +1,107 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" +spec: + selector: + matchLabels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" + "service-name.acorn.io/oneimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + terminationGracePeriodSeconds: 5 + enableServiceLinks: false + serviceAccountName: oneimage + hostname: oneimage + imagePullSecrets: + - name: oneimage-pull-1234567890ab + containers: + - name: oneimage + image: "image-name" + ports: + - containerPort: 81 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 81 + - name: left + image: "foo" + ports: + - containerPort: 91 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 91 +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: twoimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" +spec: + selector: + matchLabels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" + "service-name.acorn.io/twoimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + terminationGracePeriodSeconds: 5 + enableServiceLinks: false + serviceAccountName: twoimage + hostname: twoimage + imagePullSecrets: + - name: twoimage-pull-1234567890ab + containers: + - name: twoimage + image: "image-name" + ports: + - containerPort: 81 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 81 + - name: left + image: "foo" + ports: + - containerPort: 91 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 91 diff --git a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/secret.yaml b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/secret.yaml new file mode 100644 index 000000000..2550a0f3c --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/secret.yaml @@ -0,0 +1,23 @@ +kind: Secret +apiVersion: v1 +metadata: + name: oneimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +--- +kind: Secret +apiVersion: v1 +metadata: + name: twoimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/service.yaml b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/service.yaml new file mode 100644 index 000000000..67051d1cf --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/differentpermissions/expected.yaml.d/service.yaml @@ -0,0 +1,61 @@ +kind: Service +apiVersion: v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "acorn.io/service-name": "oneimage" + "acorn.io/container-name": "oneimage" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 81 + protocol: "TCP" + appProtocol: "HTTP" + name: "80" + - port: 90 + targetPort: 91 + protocol: "TCP" + name: "90" + selector: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "service-name.acorn.io/oneimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" +--- +kind: Service +apiVersion: v1 +metadata: + name: twoimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "acorn.io/service-name": "twoimage" + "acorn.io/container-name": "twoimage" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 81 + protocol: "TCP" + appProtocol: "HTTP" + name: "80" + - port: 90 + targetPort: 91 + protocol: "TCP" + name: "90" + selector: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "service-name.acorn.io/twoimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/appinstance.yaml b/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/appinstance.yaml index 2510f56be..6d24be137 100644 --- a/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/appinstance.yaml +++ b/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/appinstance.yaml @@ -27,7 +27,7 @@ status: appImage: id: test appSpec: - containers: + jobs: oneimage: sidecars: left: @@ -44,3 +44,8 @@ status: build: dockerfile: "Dockerfile" context: "." + conditions: + - type: defined + reason: Success + status: "True" + success: true \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/job.yaml b/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/job.yaml new file mode 100644 index 000000000..7c8dc3073 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/job.yaml @@ -0,0 +1,46 @@ +kind: Job +apiVersion: batch/v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/job-name": "oneimage" + "acorn.io/managed": "true" +spec: + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/job-name": "oneimage" + "acorn.io/managed": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + imagePullSecrets: + - name: oneimage-pull-1234567890ab + restartPolicy: Never + serviceAccountName: oneimage + enableServiceLinks: false + terminationGracePeriodSeconds: 5 + containers: + - name: oneimage + image: "image-name" + readinessProbe: + tcpSocket: + port: 81 + ports: + - containerPort: 81 + protocol: "TCP" + terminationMessagePath: "/run/secrets/output" + - name: left + image: "foo" + readinessProbe: + tcpSocket: + port: 91 + ports: + - containerPort: 91 + protocol: "TCP" + terminationMessagePath: "/run/secrets/output" diff --git a/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/secret.yaml b/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/secret.yaml new file mode 100644 index 000000000..5a09b3cd0 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml.d/secret.yaml @@ -0,0 +1,11 @@ +kind: Secret +apiVersion: v1 +metadata: + name: oneimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml deleted file mode 100644 index af2146ddf..000000000 --- a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml +++ /dev/null @@ -1,326 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "pod-security.kubernetes.io/enforce": baseline ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" -spec: - selector: - matchLabels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "oneimage" - "acorn.io/managed": "true" - "service-name.acorn.io/oneimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - terminationGracePeriodSeconds: 5 - enableServiceLinks: false - serviceAccountName: oneimage - hostname: oneimage - imagePullSecrets: - - name: oneimage-pull-1234567890ab - containers: - - name: oneimage - image: "image-name" - ports: - - containerPort: 81 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 81 - - name: left - image: "foo" - ports: - - containerPort: 91 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 91 ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" -spec: - selector: - matchLabels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/container-name": "twoimage" - "acorn.io/managed": "true" - "service-name.acorn.io/twoimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - terminationGracePeriodSeconds: 5 - enableServiceLinks: false - serviceAccountName: twoimage - hostname: twoimage - imagePullSecrets: - - name: twoimage-pull-1234567890ab - containers: - - name: twoimage - image: "image-name" - ports: - - containerPort: 81 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 81 - - name: left - image: "foo" - ports: - - containerPort: 91 - protocol: "TCP" - readinessProbe: - tcpSocket: - port: 91 ---- -kind: Service -apiVersion: v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "acorn.io/service-name": "oneimage" - "acorn.io/container-name": "oneimage" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 81 - protocol: "TCP" - appProtocol: "HTTP" - name: "80" - - port: 90 - targetPort: 91 - protocol: "TCP" - name: "90" - selector: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "service-name.acorn.io/oneimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" ---- -kind: Service -apiVersion: v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "acorn.io/service-name": "twoimage" - "acorn.io/container-name": "twoimage" -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 81 - protocol: "TCP" - appProtocol: "HTTP" - name: "80" - - port: 90 - targetPort: 91 - protocol: "TCP" - name: "90" - selector: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - "service-name.acorn.io/twoimage": "true" - "port-number.acorn.io/81": "true" - "port-number.acorn.io/91": "true" ---- -kind: AppInstance -apiVersion: internal.acorn.io/v1 -metadata: - name: app-name - namespace: app-namespace - uid: 1234567890abcdef -spec: - image: test - kind: AppInstance - permissions: - - serviceName: oneimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" - - serviceName: twoimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - containers: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - twoimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - containers: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - twoimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - conditions: - - type: defined - reason: Success - status: "True" - success: true ---- -kind: Secret -apiVersion: v1 -metadata: - name: oneimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: Secret -apiVersion: v1 -metadata: - name: twoimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/appinstance.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/appinstance.yaml index 04fd9d73d..42e2f18ad 100644 --- a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/appinstance.yaml +++ b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/appinstance.yaml @@ -6,6 +6,7 @@ metadata: uid: 1234567890abcdef spec: image: test + kind: AppInstance permissions: - serviceName: oneimage clusterRules: @@ -75,3 +76,8 @@ status: build: dockerfile: "Dockerfile" context: "." + conditions: + - type: defined + reason: Success + status: "True" + success: true diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/deployment.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/deployment.yaml new file mode 100644 index 000000000..3c3d43bce --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/deployment.yaml @@ -0,0 +1,107 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" +spec: + selector: + matchLabels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "oneimage" + "acorn.io/managed": "true" + "service-name.acorn.io/oneimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + terminationGracePeriodSeconds: 5 + enableServiceLinks: false + serviceAccountName: oneimage + hostname: oneimage + imagePullSecrets: + - name: oneimage-pull-1234567890ab + containers: + - name: oneimage + image: "image-name" + ports: + - containerPort: 81 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 81 + - name: left + image: "foo" + ports: + - containerPort: 91 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 91 +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: twoimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" +spec: + selector: + matchLabels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/container-name": "twoimage" + "acorn.io/managed": "true" + "service-name.acorn.io/twoimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + terminationGracePeriodSeconds: 5 + enableServiceLinks: false + serviceAccountName: twoimage + hostname: twoimage + imagePullSecrets: + - name: twoimage-pull-1234567890ab + containers: + - name: twoimage + image: "image-name" + ports: + - containerPort: 81 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 81 + - name: left + image: "foo" + ports: + - containerPort: 91 + protocol: "TCP" + readinessProbe: + tcpSocket: + port: 91 diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/secret.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/secret.yaml new file mode 100644 index 000000000..2550a0f3c --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/secret.yaml @@ -0,0 +1,23 @@ +kind: Secret +apiVersion: v1 +metadata: + name: oneimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +--- +kind: Secret +apiVersion: v1 +metadata: + name: twoimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/service.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/service.yaml new file mode 100644 index 000000000..011db3036 --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/multiplecontainers/expected.yaml.d/service.yaml @@ -0,0 +1,61 @@ +kind: Service +apiVersion: v1 +metadata: + name: oneimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "acorn.io/service-name": "oneimage" + "acorn.io/container-name": "oneimage" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 81 + protocol: "TCP" + appProtocol: "HTTP" + name: "80" + - port: 90 + targetPort: 91 + protocol: "TCP" + name: "90" + selector: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "service-name.acorn.io/oneimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" +--- +kind: Service +apiVersion: v1 +metadata: + name: twoimage + namespace: app-created-namespace + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "acorn.io/service-name": "twoimage" + "acorn.io/container-name": "twoimage" +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 81 + protocol: "TCP" + appProtocol: "HTTP" + name: "80" + - port: 90 + targetPort: 91 + protocol: "TCP" + name: "90" + selector: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/managed": "true" + "service-name.acorn.io/twoimage": "true" + "port-number.acorn.io/81": "true" + "port-number.acorn.io/91": "true" diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml deleted file mode 100644 index 76ee7fe04..000000000 --- a/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml +++ /dev/null @@ -1,210 +0,0 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - pod-security.kubernetes.io/enforce: baseline ---- -kind: Job -apiVersion: batch/v1 -metadata: - name: oneimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/job-name": "oneimage" - "acorn.io/managed": "true" -spec: - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/job-name": "oneimage" - "acorn.io/managed": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - imagePullSecrets: - - name: oneimage-pull-1234567890ab - restartPolicy: Never - serviceAccountName: oneimage - enableServiceLinks: false - terminationGracePeriodSeconds: 5 - containers: - - name: oneimage - image: "image-name" - readinessProbe: - tcpSocket: - port: 81 - ports: - - containerPort: 81 - protocol: "TCP" - terminationMessagePath: "/run/secrets/output" - - name: left - image: "foo" - readinessProbe: - tcpSocket: - port: 91 - ports: - - containerPort: 91 - protocol: "TCP" - terminationMessagePath: "/run/secrets/output" ---- -kind: Job -apiVersion: batch/v1 -metadata: - name: twoimage - namespace: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/job-name": "twoimage" - "acorn.io/managed": "true" -spec: - template: - metadata: - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/job-name": "twoimage" - "acorn.io/managed": "true" - annotations: - acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' - spec: - imagePullSecrets: - - name: twoimage-pull-1234567890ab - restartPolicy: Never - serviceAccountName: twoimage - enableServiceLinks: false - terminationGracePeriodSeconds: 5 - containers: - - name: twoimage - image: "image-name" - readinessProbe: - tcpSocket: - port: 81 - ports: - - containerPort: 81 - protocol: "TCP" - terminationMessagePath: "/run/secrets/output" - - name: left - image: "foo" - readinessProbe: - tcpSocket: - port: 91 - ports: - - containerPort: 91 - protocol: "TCP" - terminationMessagePath: "/run/secrets/output" ---- -kind: Secret -apiVersion: v1 -metadata: - name: oneimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: Secret -apiVersion: v1 -metadata: - name: twoimage-pull-1234567890ab - namespace: app-created-namespace - labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: AppInstance -apiVersion: internal.acorn.io/v1 -metadata: - name: app-name - namespace: app-namespace - uid: 1234567890abcdef -spec: - image: test - permissions: - - serviceName: oneimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" - - serviceName: twoimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - jobs: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - twoimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - conditions: - - type: defined - reason: Success - status: "True" - success: true diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/appinstance.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/appinstance.yaml index 5c69f79f5..bc3e634e8 100644 --- a/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/appinstance.yaml +++ b/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/appinstance.yaml @@ -42,7 +42,7 @@ status: appImage: id: test appSpec: - containers: + jobs: oneimage: sidecars: left: @@ -59,7 +59,7 @@ status: build: dockerfile: "Dockerfile" context: "." - twoimage: + twoimage: sidecars: left: image: "foo" @@ -75,3 +75,8 @@ status: build: dockerfile: "Dockerfile" context: "." + conditions: + - type: defined + reason: Success + status: "True" + success: true \ No newline at end of file diff --git a/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/job.yaml similarity index 55% rename from pkg/controller/appdefinition/testdata/permissions/job/expected.yaml rename to pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/job.yaml index 25ea82315..d43bfe38e 100644 --- a/pkg/controller/appdefinition/testdata/permissions/job/expected.yaml +++ b/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/job.yaml @@ -1,13 +1,3 @@ -kind: Namespace -apiVersion: v1 -metadata: - name: app-created-namespace - labels: - "acorn.io/app-namespace": "app-namespace" - "acorn.io/app-name": "app-name" - "acorn.io/managed": "true" - pod-security.kubernetes.io/enforce: baseline ---- kind: Job apiVersion: batch/v1 metadata: @@ -55,66 +45,49 @@ spec: protocol: "TCP" terminationMessagePath: "/run/secrets/output" --- -kind: Secret -apiVersion: v1 +kind: Job +apiVersion: batch/v1 metadata: - name: oneimage-pull-1234567890ab + name: twoimage namespace: app-created-namespace labels: - acorn.io/managed: "true" - acorn.io/pull-secret: "true" -type: "kubernetes.io/dockerconfigjson" -data: - ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 ---- -kind: AppInstance -apiVersion: internal.acorn.io/v1 -metadata: - name: app-name - namespace: app-namespace - uid: 1234567890abcdef + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/job-name": "twoimage" + "acorn.io/managed": "true" spec: - image: test - permissions: - - serviceName: oneimage - clusterRules: - - verbs: - - create - apiGroups: - - "foo.io" - resources: - - "bar" - rules: - - verbs: - - patch - apiGroups: - - "bar.io" - resources: - - "foo" -status: - namespace: app-created-namespace - appImage: - id: test - appSpec: - jobs: - oneimage: - sidecars: - left: - image: "foo" - ports: - - port: 90 - targetPort: 91 - protocol: tcp - ports: - - port: 80 - targetPort: 81 - protocol: http - image: "image-name" - build: - dockerfile: "Dockerfile" - context: "." - conditions: - - type: defined - reason: Success - status: "True" - success: true + template: + metadata: + labels: + "acorn.io/app-namespace": "app-namespace" + "acorn.io/app-name": "app-name" + "acorn.io/job-name": "twoimage" + "acorn.io/managed": "true" + annotations: + acorn.io/container-spec: '{"build":{"context":".","dockerfile":"Dockerfile"},"image":"image-name","ports":[{"port":80,"protocol":"http","targetPort":81}],"probes":null,"sidecars":{"left":{"image":"foo","ports":[{"port":90,"protocol":"tcp","targetPort":91}],"probes":null}}}' + spec: + imagePullSecrets: + - name: twoimage-pull-1234567890ab + restartPolicy: Never + serviceAccountName: twoimage + enableServiceLinks: false + terminationGracePeriodSeconds: 5 + containers: + - name: twoimage + image: "image-name" + readinessProbe: + tcpSocket: + port: 81 + ports: + - containerPort: 81 + protocol: "TCP" + terminationMessagePath: "/run/secrets/output" + - name: left + image: "foo" + readinessProbe: + tcpSocket: + port: 91 + ports: + - containerPort: 91 + protocol: "TCP" + terminationMessagePath: "/run/secrets/output" diff --git a/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/secret.yaml b/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/secret.yaml new file mode 100644 index 000000000..6d9dd446f --- /dev/null +++ b/pkg/controller/appdefinition/testdata/permissions/multiplejobs/expected.yaml.d/secret.yaml @@ -0,0 +1,23 @@ +kind: Secret +apiVersion: v1 +metadata: + name: oneimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19 +--- +kind: Secret +apiVersion: v1 +metadata: + name: twoimage-pull-1234567890ab + namespace: app-created-namespace + labels: + acorn.io/managed: "true" + acorn.io/pull-secret: "true" +type: "kubernetes.io/dockerconfigjson" +data: + ".dockerconfigjson": eyJhdXRocyI6eyJpbmRleC5kb2NrZXIuaW8iOnsiYXV0aCI6Ik9nPT0ifX19