Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Check NamespaceMap controller privileges on remote cluster.
When the NamespaceMap controller creates new remote namespace, it must check that right privileges are set to operate in that namespace.
- Loading branch information
1 parent
1c00407
commit 737b138
Showing
7 changed files
with
187 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/liqo-controller-manager/namespaceMap-controller/testUtils/doc.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
// Package namespacemapctrltestutils provides utility function for namespaceMap controller testing. | ||
package namespacemapctrltestutils |
37 changes: 37 additions & 0 deletions
37
...ontroller-manager/namespaceMap-controller/testUtils/namespacemap_controller_test_utils.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package namespacemapctrltestutils | ||
|
||
import ( | ||
"fmt" | ||
|
||
rbacv1 "k8s.io/api/rbac/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
|
||
liqoconst "github.com/liqotech/liqo/pkg/consts" | ||
) | ||
|
||
const ( | ||
roleBindingName = "role-binding" | ||
roleType = "Role" | ||
roleName = "fake" | ||
) | ||
|
||
// The remote namespace must have at least 2 roleBinding with the clastix label. | ||
|
||
// GetRoleBindingForASpecificNamespace provides a roleBinding in the namespace passed as parameter. | ||
// The name of the RoleBinding is associated to the index passed as second parameter. | ||
func GetRoleBindingForASpecificNamespace(namespaceName, localClusterID string, index int) rbacv1.RoleBinding { | ||
return rbacv1.RoleBinding{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: fmt.Sprintf("%s-%d", roleBindingName, index), | ||
Namespace: namespaceName, | ||
Labels: map[string]string{ | ||
liqoconst.RoleBindingLabelKey: fmt.Sprintf("%s-%s", liqoconst.RoleBindingLabelValuePrefix, localClusterID), | ||
}, | ||
}, | ||
RoleRef: rbacv1.RoleRef{ | ||
APIGroup: rbacv1.GroupName, | ||
Kind: roleType, | ||
Name: roleName, | ||
}, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package foreigncluster | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
|
||
"k8s.io/klog/v2" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
) | ||
|
||
// GetLocalTenantNamespaceName gets the name of the local tenant namespace associated with a specific peering (remoteClusterID). | ||
func GetLocalTenantNamespaceName(ctx context.Context, cl client.Client, remoteClusterID string) (string, error) { | ||
fc, err := GetForeignClusterByID(ctx, cl, remoteClusterID) | ||
if err != nil { | ||
klog.Errorf("%s -> unable to get foreignCluster associated with the clusterID '%s'", err, remoteClusterID) | ||
return "", err | ||
} | ||
|
||
if fc.Status.TenantControlNamespace.Local == "" { | ||
err = fmt.Errorf("there is no tenant namespace associated with the peering with the remote cluster '%s'", | ||
remoteClusterID) | ||
klog.Error(err) | ||
return "", err | ||
} | ||
return fc.Status.TenantControlNamespace.Local, nil | ||
} | ||
|
||
// GetRemoteTenantNamespaceName gets the name of the remote tenant namespace associated with a specific peering (remoteClusterID). | ||
func GetRemoteTenantNamespaceName(ctx context.Context, cl client.Client, remoteClusterID string) (string, error) { | ||
fc, err := GetForeignClusterByID(ctx, cl, remoteClusterID) | ||
if err != nil { | ||
klog.Errorf("%s -> unable to get foreignCluster associated with the clusterID '%s'", err, remoteClusterID) | ||
return "", err | ||
} | ||
|
||
if fc.Status.TenantControlNamespace.Remote == "" { | ||
err = fmt.Errorf("there is no tenant namespace associated with the peering with the remote cluster '%s'", | ||
remoteClusterID) | ||
klog.Error(err) | ||
return "", err | ||
} | ||
return fc.Status.TenantControlNamespace.Remote, nil | ||
} |