Unit test install strategy ALM-227

[ecordell]

• refactored install strategy bit to separate concerns and make things more testable
• added a client interface that the install strategy uses
• added tests for install behavior for when things exist in the cluster and when they don't

[ericavonb]

InstallStraegyInvalid reads a little weird to me. Can we reverse the order on it, i.e. InvalidInstallStrategy?

[ericavonb]

The expected behavior of this function isn't very clear from the name. I think simply making it CreateServiceAccount where it's a no-op if it already exists (or EnsureServiceCountExists?) is fine.

[ecordell]

It actually does return the ServiceAccount it finds if it's already there - it's not a no-op if it already exists.

[ericavonb]

It didn't look like anything other than the name, which is set in alm/install/deployment and by necessity the same.

Should this really be an upsert, i.e. CreateOrUpdateServiceAccount? I think what's throwing me off is maybe the service account will match what you gave the function, maybe it won't (if it already exists).

[ericavonb]

Check what? It might be simpler to just have this be the simple GetServiceAccountByName, otherwise maybe CheckServiceAccountExists or something else to clarify what this means.

[ericavonb]

Same here. This function weirdly mixes client and consumer concerns. Doing GetOwnedDeployments and having the compare logic in install/deployment.go makes it much easier to understand what's going on.

[ericavonb]

I'm unclear on how this namespace is used. Are all actions scoped to this namespace? As a consumer of this client, it's very opaque. Either consistently use Namespace and rename this like InstallStrategyDeploymentClientForNamespace or whatever, or (my preference) add namespace string as an argument to each function in the interface that needs it.

[ecordell]

Yeah, all actions are restricted to the namespace. I can make that clear with the name

[ericavonb]

Personal pref, I would prefer to have CheckOwnedDeployments(ownerName, ownerNamespace...) or whatever to clarify what it's matching on.

[ecordell]

We might change this query to user ownerreferences in the future, so I think it makes sense to keep the whole owner

[ericavonb]

I think I have some fear still from experiences where parts of the codebase break unexpectedly when you change something about the object because it relied on some obscure field on the object you didn't even know about.

I'll trust your judgement on where we need flexibility more than guaranteeing future stability. 👍

[ericavonb]

It's a little awkward, but better separation of concerns if the consumer instantiates and passes along the alm/client instead of opClient; means we can remove operator-client from the entire alm/install package and cleanly pass the client from the ALM operator's instantiation (create the alm/client somewhere after here: https://github.com/ecordell/alm/blob/eb2937fb06723562be5d077b860b70a8368ce367/queueinformer/queueinformer_operator.go#L22)

[ecordell]

Moved it up a level but it's hard to move it much higher than the strategy resolver because each install strategy will need a different client:

func (r *StrategyResolver) InstallerForStrategy(strategyName string, opClient opClient.Interface, ownerMeta metav1.ObjectMeta) StrategyInstaller {
	switch strategyName {
	case InstallStrategyNameDeployment:
		strategyClient := client.NewInstallStrategyDeploymentClient(opClient, ownerMeta.Namespace)
		return NewStrategyDeploymentInstaller(strategyClient, ownerMeta)
	}
       //...
}

When we get to the point of having more than one install strategy type we can revisit refactoring

[ericavonb]

I know this isn't from commits in this pr but it looks like ownerType is never used.

[ericavonb]

It might be clearer to do,

if err == nil {
	return foundAccount, nil
}
if !apierrors.IsNotFound(err) {
	return nil, errors.Wrap(err, "checking for existing serviceacccount failed")
}

[ericavonb]

Do you need to re-fetch the serviceaccount if you get a IsAlreadyExists error?

[ecordell]

Nope, we only need the name to create the rolebinding

[ericavonb]

But won't createdAccount be nil? You could return serviceAccount but I still find it unclear about what you're getting back. In the first Get, the return value foundAccount != serviceAccount necessarily. And if the Create is successful, the createdAccount will have additional data on it that serviceAccount does not. I'd rather have consistent behavior, which might mean updating the service account if found.

[ecordell]

It will be nil, but that's the correct value for it for this return. I've changed it explicitly to nil so that it's clear.

[ericavonb]

log.Errorf?

[ecordell]

Changed to debugf, which fits a bit better I think

[ericavonb]

But won't createdAccount be nil? You could return serviceAccount but I still find it unclear about what you're getting back. In the first Get, the return value foundAccount != serviceAccount necessarily. And if the Create is successful, the createdAccount will have additional data on it that serviceAccount does not. I'd rather have consistent behavior, which might mean updating the service account if found.