Add test for namespace sync

Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
open-policy-agent · Dec 30, 2019 · 1c2eed6 · 1c2eed6
1 parent bc2ad08
commit 1c2eed6
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 0 deletions.
diff --git a/config/overlays/dev/manager_image_patch.yaml-e b/config/overlays/dev/manager_image_patch.yaml-e
@@ -0,0 +1,11 @@
+apiVersion: apps/v1 
+kind: Deployment 
+metadata: 
+  name: controller-manager 
+  namespace: system 
+spec: 
+  template: 
+    spec: 
+      containers: 
+      - image: quay.io/open-policy-agent/gatekeeper:latest
+        name: manager
diff --git a/pkg/controller/sync/sync_controller.go b/pkg/controller/sync/sync_controller.go
@@ -99,6 +99,8 @@ func (r *ReconcileSync) Reconcile(request reconcile.Request) (reconcile.Result,
 	if err != nil {
 		if errors.IsNotFound(err) {
 			// This is a deletion; remove the data
+			instance.SetNamespace(request.Namespace)
+			instance.SetName(request.Name)
 			if _, err := r.opa.RemoveData(context.Background(), instance); err != nil {
 				return reconcile.Result{}, err
 			}
@@ -113,6 +115,13 @@ func (r *ReconcileSync) Reconcile(request reconcile.Request) (reconcile.Result,
 		return reconcile.Result{}, nil
 	}
 
+	if !instance.GetDeletionTimestamp().IsZero() {
+		if _, err := r.opa.RemoveData(context.Background(), instance); err != nil {
+			return reconcile.Result{}, err
+		}
+		return reconcile.Result{}, nil
+	}
+
 	log.Info("data will be added", "data", instance)
 	if _, err := r.opa.AddData(context.Background(), instance); err != nil {
 		return reconcile.Result{}, err

diff --git a/test/bats/test.bats b/test/bats/test.bats
@@ -78,6 +78,16 @@ SLEEP_TIME=1
   assert_success
 }
 
+@test "waiting for namespaces to be synced" {
+  run kubectl apply -f ${BATS_TESTS_DIR}/constraints/ns_must_sync.yaml
+  assert_success
+
+  wait_for_process $((2 * $WAIT_TIME)) $SLEEP_TIME "kubectl get k8srequiredlabels.constraints.gatekeeper.sh ns-must-sync -o json | jq -e '.status.totalViolations == 1'"
+
+  run kubectl delete -f ${BATS_TESTS_DIR}/constraints/ns_must_sync.yaml
+  assert_success
+}
+
 @test "unique labels test" {
   run kubectl apply -f ${BATS_TESTS_DIR}/templates/k8suniquelabel_template.yaml
   assert_success

diff --git a/test/bats/tests/constraints/ns_must_sync.yaml b/test/bats/tests/constraints/ns_must_sync.yaml
@@ -0,0 +1,15 @@
+apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: K8sRequiredLabels
+metadata:
+  name: ns-must-sync
+spec:
+  match:
+    kinds:
+      - apiGroups: [""]
+        kinds: ["Namespace"]
+    labelSelector:
+      matchLabels:
+        name: no-dupes
+
+  parameters:
+    labels: ["it-wont-have-this-label"]
diff --git a/test/bats/tests/good/no_dupe_ns.yaml b/test/bats/tests/good/no_dupe_ns.yaml
@@ -4,3 +4,4 @@ metadata:
   name: no-dupes
   labels:
           "gatekeeper": "not_duplicated"
+          name: no-dupes