Add various functional options to ActionClientGetter constructor

Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
joelanford · Aug 29, 2022 · 9eca12b · 9eca12b
1 parent 891a88b
commit 9eca12b
Show file tree

Hide file tree

Showing 2 changed files with 182 additions and 9 deletions.
diff --git a/pkg/client/actionconfig.go b/pkg/client/actionconfig.go
@@ -38,25 +38,69 @@ type ActionConfigGetter interface {
 	ActionConfigFor(obj client.Object) (*action.Configuration, error)
 }
 
-func NewActionConfigGetter(cfg *rest.Config, rm meta.RESTMapper, log logr.Logger) ActionConfigGetter {
-	return &actionConfigGetter{
+func NewActionConfigGetter(cfg *rest.Config, rm meta.RESTMapper, log logr.Logger, opts ...ActionConfigGetterOption) ActionConfigGetter {
+	acg := &actionConfigGetter{
 		cfg:        cfg,
 		restMapper: rm,
 		log:        log,
 	}
+	for _, o := range opts {
+		o(acg)
+	}
+	if acg.objectToClientNamespace == nil {
+		acg.objectToClientNamespace = getObjectNamespace
+	}
+	if acg.objectToStorageNamespace == nil {
+		acg.objectToStorageNamespace = getObjectNamespace
+	}
+	return acg
 }
 
 var _ ActionConfigGetter = &actionConfigGetter{}
 
+type ActionConfigGetterOption func(getter *actionConfigGetter)
+
+type ObjectToStringMapper func(client.Object) (string, error)
+
+func ClientNamespaceMapper(m ObjectToStringMapper) ActionConfigGetterOption {
+	return func(getter *actionConfigGetter) {
+		getter.objectToClientNamespace = m
+	}
+}
+
+func StorageNamespaceMapper(m ObjectToStringMapper) ActionConfigGetterOption {
+	return func(getter *actionConfigGetter) {
+		getter.objectToStorageNamespace = m
+	}
+}
+
+func DisableStorageOwnerRefInjection(v bool) ActionConfigGetterOption {
+	return func(getter *actionConfigGetter) {
+		getter.disableStorageOwnerRefInjection = v
+	}
+}
+
+func getObjectNamespace(obj client.Object) (string, error) {
+	return obj.GetNamespace(), nil
+}
+
 type actionConfigGetter struct {
 	cfg        *rest.Config
 	restMapper meta.RESTMapper
 	log        logr.Logger
+
+	objectToClientNamespace         ObjectToStringMapper
+	objectToStorageNamespace        ObjectToStringMapper
+	disableStorageOwnerRefInjection bool
 }
 
 func (acg *actionConfigGetter) ActionConfigFor(obj client.Object) (*action.Configuration, error) {
 	// Create a RESTClientGetter
-	rcg := newRESTClientGetter(acg.cfg, acg.restMapper, obj.GetNamespace())
+	rcgNs, err := acg.objectToClientNamespace(obj)
+	if err != nil {
+		return nil, fmt.Errorf("get client namespace from object: %v", err)
+	}
+	rcg := newRESTClientGetter(acg.cfg, acg.restMapper, rcgNs)
 
 	// Setup the debug log function that Helm will use
 	debugLog := func(format string, v ...interface{}) {
@@ -79,11 +123,20 @@ func (acg *actionConfigGetter) ActionConfigFor(obj client.Object) (*action.Confi
 		return nil, err
 	}
 
-	ownerRef := metav1.NewControllerRef(obj, obj.GetObjectKind().GroupVersionKind())
-	d := driver.NewSecrets(&ownerRefSecretClient{
-		SecretInterface: kcs.CoreV1().Secrets(obj.GetNamespace()),
-		refs:            []metav1.OwnerReference{*ownerRef},
-	})
+	storageNs, err := acg.objectToStorageNamespace(obj)
+	if err != nil {
+		return nil, fmt.Errorf("get storage namespace from object: %v", err)
+	}
+
+	secretClient := kcs.CoreV1().Secrets(storageNs)
+	if !acg.disableStorageOwnerRefInjection {
+		ownerRef := metav1.NewControllerRef(obj, obj.GetObjectKind().GroupVersionKind())
+		secretClient = &ownerRefSecretClient{
+			SecretInterface: secretClient,
+			refs:            []metav1.OwnerReference{*ownerRef},
+		}
+	}
+	d := driver.NewSecrets(secretClient)
 
 	// Also, use the debug log for the storage driver
 	d.Log = debugLog

diff --git a/pkg/client/actionconfig_test.go b/pkg/client/actionconfig_test.go
@@ -17,9 +17,21 @@ limitations under the License.
 package client
 
 import (
+	"bytes"
+	"context"
+	"fmt"
+
 	"github.com/go-logr/logr"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"helm.sh/helm/v3/pkg/action"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/rand"
+	"k8s.io/cli-runtime/pkg/resource"
+	"k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 
@@ -28,8 +40,115 @@ import (
 
 var _ = Describe("ActionConfig", func() {
 	var _ = Describe("NewActionConfigGetter", func() {
+		var rm meta.RESTMapper
+
+		BeforeEach(func() {
+			var err error
+			rm, err = apiutil.NewDiscoveryRESTMapper(cfg)
+			Expect(err).To(BeNil())
+		})
+
 		It("should return a valid ActionConfigGetter", func() {
-			Expect(NewActionConfigGetter(nil, nil, logr.Discard())).NotTo(BeNil())
+			Expect(NewActionConfigGetter(cfg, rm, logr.Discard())).NotTo(BeNil())
+		})
+
+		When("passing options", func() {
+			var (
+				obj                             client.Object
+				clientNs, storageNs             *corev1.Namespace
+				clientNsMapper, storageNsMapper ObjectToStringMapper
+				cl                              client.Client
+			)
+
+			BeforeEach(func() {
+				obj = testutil.BuildTestCR(gvk)
+				clientNs = &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("client-%s", rand.String(8))}}
+				storageNs = &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("storage-%s", rand.String(8))}}
+				clientNsMapper = func(_ client.Object) (string, error) { return clientNs.Name, nil }
+				storageNsMapper = func(_ client.Object) (string, error) { return storageNs.Name, nil }
+
+				var err error
+				cl, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
+				Expect(err).To(BeNil())
+
+				Expect(cl.Create(context.Background(), clientNs)).To(Succeed())
+				Expect(cl.Create(context.Background(), storageNs)).To(Succeed())
+			})
+
+			AfterEach(func() {
+				Expect(cl.Delete(context.Background(), clientNs)).To(Succeed())
+				Expect(cl.Delete(context.Background(), storageNs)).To(Succeed())
+			})
+
+			It("should use a custom client namespace", func() {
+				acg := NewActionConfigGetter(cfg, rm, logr.Discard(),
+					ClientNamespaceMapper(clientNsMapper),
+				)
+				ac, err := acg.ActionConfigFor(obj)
+				Expect(err).To(BeNil())
+				Expect(ac.RESTClientGetter.(*restClientGetter).namespaceConfig.Namespace()).To(Equal(clientNs.Name))
+				resources, err := ac.KubeClient.Build(bytes.NewBufferString(`---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa`), false)
+				Expect(err).To(BeNil())
+				Expect(resources.Visit(func(info *resource.Info, err error) error {
+					Expect(err).To(BeNil())
+					Expect(info.Namespace).To(Equal(clientNs.Name))
+					return nil
+				})).To(Succeed())
+			})
+
+			It("should use a custom storage namespace", func() {
+				acg := NewActionConfigGetter(cfg, rm, logr.Discard(),
+					StorageNamespaceMapper(storageNsMapper),
+				)
+				ac, err := acg.ActionConfigFor(obj)
+				Expect(err).To(BeNil())
+
+				By("Installing a release")
+				i := action.NewInstall(ac)
+				i.ReleaseName = fmt.Sprintf("release-name-%s", rand.String(8))
+				i.Namespace = clientNs.Name
+				rel, err := i.Run(&chrt, nil)
+				Expect(err).To(BeNil())
+				Expect(rel.Namespace).To(Equal(clientNs.Name))
+
+				By("Verifying the release secret is created in the storage namespace")
+				secretKey := types.NamespacedName{
+					Namespace: storageNs.Name,
+					Name:      fmt.Sprintf("sh.helm.release.v1.%s.v1", i.ReleaseName),
+				}
+				secret := &corev1.Secret{}
+				Expect(cl.Get(context.Background(), secretKey, secret)).To(Succeed())
+				Expect(secret.OwnerReferences).To(HaveLen(1))
+			})
+
+			It("should disable storage owner ref injection", func() {
+				acg := NewActionConfigGetter(cfg, rm, logr.Discard(),
+					DisableStorageOwnerRefInjection(true),
+				)
+				ac, err := acg.ActionConfigFor(obj)
+				Expect(err).To(BeNil())
+
+				By("Installing a release")
+				i := action.NewInstall(ac)
+				i.ReleaseName = fmt.Sprintf("release-name-%s", rand.String(8))
+				i.Namespace = obj.GetNamespace()
+				rel, err := i.Run(&chrt, nil)
+				Expect(err).To(BeNil())
+				Expect(rel.Namespace).To(Equal(obj.GetNamespace()))
+
+				By("Verifying the release secret has no owner references")
+				secretKey := types.NamespacedName{
+					Namespace: obj.GetNamespace(),
+					Name:      fmt.Sprintf("sh.helm.release.v1.%s.v1", i.ReleaseName),
+				}
+				secret := &corev1.Secret{}
+				Expect(cl.Get(context.Background(), secretKey, secret)).To(Succeed())
+				Expect(secret.OwnerReferences).To(HaveLen(0))
+			})
 		})
 	})
 
@@ -48,4 +167,5 @@ var _ = Describe("ActionConfig", func() {
 			Expect(ac).NotTo(BeNil())
 		})
 	})
+
 })