/
namespace.go
135 lines (118 loc) · 4.14 KB
/
namespace.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package framework
import (
"context"
"fmt"
"strings"
"github.com/hashicorp/go-multierror"
"github.com/onsi/gomega"
"github.com/pkg/errors"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
"github.com/gardener/test-infra/pkg/util"
)
// EnsureTestNamespace creates the namespace specified in the config it does not exist.
// if o.config.TestNamespace is empty a random generated namespace will be created.
// Additionally necessary resources were created and added to the operation state.
func (o *Operation) EnsureTestNamespace(ctx context.Context) error {
if err := o.createNewTestNamespace(ctx); err != nil {
return errors.Wrapf(err, "unable to create new test namespace")
}
if err := o.copyDefaultSecretsToNamespace(ctx, o.testConfig.Namespace); err != nil {
return errors.Wrapf(err, "unable to copy secrets to new namespace")
}
if err := o.setupNamespace(ctx, o.testConfig.Namespace); err != nil {
return errors.Wrapf(err, "unable to setup new namespace")
}
o.log.WithName("framework").Info(fmt.Sprintf("using namespace %s", o.TestNamespace()))
return nil
}
func (o *Operation) createNewTestNamespace(ctx context.Context) error {
var ns *corev1.Namespace
if len(o.testConfig.Namespace) != 0 {
ns = &corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: o.testConfig.Namespace,
},
}
} else {
ns = &corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("%s-%s", TestNamespacePrefix, util.RandomString(3)),
},
}
}
if _, err := controllerutil.CreateOrUpdate(ctx, o.Client(), ns, func() error { return nil }); err != nil {
return errors.Wrapf(err, "unable to create new test namespace")
}
o.State.AppendObject(ns)
o.testConfig.Namespace = ns.Name
return nil
}
func (o *Operation) setupNamespace(ctx context.Context, namespace string) error {
// Create rbac binding for default ServiceAccount in new namespace
rb := &rbacv1.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: namespace,
},
RoleRef: rbacv1.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "ClusterRole",
Name: "argo-workflow-role",
},
Subjects: []rbacv1.Subject{
rbacv1.Subject{
Kind: "ServiceAccount",
Name: "default",
Namespace: namespace,
},
},
}
if _, err := controllerutil.CreateOrUpdate(ctx, o.Client(), rb, func() error { return nil }); err != nil {
return errors.Wrapf(err, "unable to create cluster rolebinding %s", namespace)
}
o.State.AppendObject(rb)
return nil
}
func (o *Operation) copyDefaultSecretsToNamespace(ctx context.Context, namespace string) error {
for _, secretName := range CoreSecrets {
secret := &corev1.Secret{}
if err := o.Client().Get(ctx, client.ObjectKey{Name: secretName, Namespace: o.testConfig.TmNamespace}, secret); err != nil {
return errors.Wrapf(err, "unable to fetch secret %s from namespace %s", secretName, o.testConfig.TmNamespace)
}
newSecret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Namespace: namespace,
},
Data: secret.Data,
}
if _, err := controllerutil.CreateOrUpdate(ctx, o.Client(), newSecret, func() error { return nil }); err != nil {
return errors.Wrapf(err, "unable to create new secret %s in namespace %s", secretName, namespace)
}
o.State.AppendObject(newSecret)
}
return nil
}
// AfterSuite should be registered as ginkgo's after suite.
// It cleans up all previously created resources that are in the operation state.
func (o *Operation) AfterSuite() {
ctx := context.Background()
defer ctx.Done()
o.log.Info("deleting namespace", "namespace", o.TestNamespace())
if !strings.HasPrefix(o.TestNamespace(), TestNamespacePrefix) {
return
}
var res *multierror.Error
for _, obj := range o.State.Objects {
if err := o.Client().Delete(ctx, obj); err != nil {
res = multierror.Append(res, err)
}
}
gomega.Expect(res.ErrorOrNil()).ToNot(gomega.HaveOccurred())
}