diff --git a/Makefile b/Makefile index dd64293d..b8395c45 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ ARCH ?= amd64 OS ?= $(shell uname -s | tr A-Z a-z) K8S_LATEST_VER ?= $(shell curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt) export CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME) -TAG ?= v0.4.0 +TAG ?= v0.4.1 # Get cluster-api version and build ldflags clusterapi := $(shell go list -m sigs.k8s.io/cluster-api) @@ -244,8 +244,8 @@ deploy-projectsveltos: $(KUSTOMIZE) $(MAKE) load-image @echo 'Install libsveltos CRDs' - $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/v0.4.0/config/crd/bases/lib.projectsveltos.io_debuggingconfigurations.yaml - $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/v0.4.0/config/crd/bases/lib.projectsveltos.io_sveltosclusters.yaml + $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/v0.4.1/config/crd/bases/lib.projectsveltos.io_debuggingconfigurations.yaml + $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/v0.4.1/config/crd/bases/lib.projectsveltos.io_sveltosclusters.yaml # Install projectsveltos controller-manager components @echo 'Install projectsveltos controller-manager components' @@ -253,7 +253,7 @@ deploy-projectsveltos: $(KUSTOMIZE) $(KUSTOMIZE) build config/default | $(ENVSUBST) | $(KUBECTL) apply -f- # Install sveltoscluster-manager - $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/sveltoscluster-manager/v0.4.0/manifest/manifest.yaml + $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/sveltoscluster-manager/v0.4.1/manifest/manifest.yaml @echo "Waiting for projectsveltos controller-manager to be available..." $(KUBECTL) wait --for=condition=Available deployment/fm-controller-manager -n projectsveltos --timeout=$(TIMEOUT) @@ -270,7 +270,7 @@ set-manifest-pull-policy: drift-detection-manager: @echo "Downloading drift detection manager yaml" - curl -L https://raw.githubusercontent.com/projectsveltos/drift-detection-manager/v0.4.0/manifest/manifest.yaml -o ./pkg/drift-detection/drift-detection-manager.yaml + curl -L https://raw.githubusercontent.com/projectsveltos/drift-detection-manager/v0.4.1/manifest/manifest.yaml -o ./pkg/drift-detection/drift-detection-manager.yaml cd pkg/drift-detection; go generate .PHONY: build diff --git a/README.md b/README.md index 281919f8..71a7ed93 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,8 @@ To see the full demo, have a look at this [youtube video](https://youtu.be/Ai5Mr If you have questions, noticed any bug or want to get the latest project news, you can connect with us in the following ways: 1. Open a bug/feature enhancement on github; 2. Chat with us on the Slack in the [#projectsveltos](https://join.slack.com/t/projectsveltos/shared_invite/zt-1hraownbr-W8NTs6LTimxLPB8Erj8Q6Q) channel; -3. Submit a pull request. +3. Submit a pull request; +4. [Contact Us](mailto:support@projectsveltos.io) ## License diff --git a/api/v1alpha1/clusterprofile_types.go b/api/v1alpha1/clusterprofile_types.go index c66d64b3..894afc3f 100644 --- a/api/v1alpha1/clusterprofile_types.go +++ b/api/v1alpha1/clusterprofile_types.go @@ -101,11 +101,10 @@ type HelmChart struct { // Values holds the values for this Helm release. // Go templating with the values from the referenced CAPI Cluster. // Currently following can be referenced: - // - Cluster => CAPI Cluster for instance {{ index .Cluster.Spec.ClusterNetwork.Pods.CIDRBlocks 0 }} + // - Cluster => CAPI Cluster for instance // - KubeadmControlPlane => the CAPI Cluster controlPlaneRef // - InfrastructureProvider => the CAPI cluster infrastructure provider // - SecretRef => store any confindetial information in a Secret, set SecretRef then reference it - // for instance password: "{{ printf "%s" .SecretRef.Data.password | b64dec }}" // +optional Values string `json:"values,omitempty"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 3c673f78..63393107 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -22,9 +22,10 @@ limitations under the License. package v1alpha1 import ( - apiv1alpha1 "github.com/projectsveltos/libsveltos/api/v1alpha1" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" + + apiv1alpha1 "github.com/projectsveltos/libsveltos/api/v1alpha1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. diff --git a/config/crd/bases/config.projectsveltos.io_clusterprofiles.yaml b/config/crd/bases/config.projectsveltos.io_clusterprofiles.yaml index 89712878..a3314550 100644 --- a/config/crd/bases/config.projectsveltos.io_clusterprofiles.yaml +++ b/config/crd/bases/config.projectsveltos.io_clusterprofiles.yaml @@ -117,13 +117,10 @@ spec: description: 'Values holds the values for this Helm release. Go templating with the values from the referenced CAPI Cluster. Currently following can be referenced: - Cluster => CAPI Cluster - for instance {{ index .Cluster.Spec.ClusterNetwork.Pods.CIDRBlocks - 0 }} - KubeadmControlPlane => the CAPI Cluster controlPlaneRef + for instance - KubeadmControlPlane => the CAPI Cluster controlPlaneRef - InfrastructureProvider => the CAPI cluster infrastructure provider - SecretRef => store any confindetial information - in a Secret, set SecretRef then reference it for instance - password: "{{ printf "%s" .SecretRef.Data.password | b64dec - }}"' + in a Secret, set SecretRef then reference it' type: string required: - chartName @@ -154,8 +151,9 @@ spec: minLength: 1 type: string namespace: - description: Namespace of the referenced resource. - minLength: 1 + description: Namespace of the referenced resource. Namespace + can be left empty. In such a case, namespace will be implicit + set to cluster's namespace. type: string required: - kind diff --git a/config/crd/bases/config.projectsveltos.io_clustersummaries.yaml b/config/crd/bases/config.projectsveltos.io_clustersummaries.yaml index f87c4bbf..3b8c2fc8 100644 --- a/config/crd/bases/config.projectsveltos.io_clustersummaries.yaml +++ b/config/crd/bases/config.projectsveltos.io_clustersummaries.yaml @@ -131,13 +131,11 @@ spec: description: 'Values holds the values for this Helm release. Go templating with the values from the referenced CAPI Cluster. Currently following can be referenced: - Cluster - => CAPI Cluster for instance {{ index .Cluster.Spec.ClusterNetwork.Pods.CIDRBlocks - 0 }} - KubeadmControlPlane => the CAPI Cluster controlPlaneRef - - InfrastructureProvider => the CAPI cluster infrastructure - provider - SecretRef => store any confindetial information - in a Secret, set SecretRef then reference it for instance - password: "{{ printf "%s" .SecretRef.Data.password | b64dec - }}"' + => CAPI Cluster for instance - KubeadmControlPlane => + the CAPI Cluster controlPlaneRef - InfrastructureProvider + => the CAPI cluster infrastructure provider - SecretRef + => store any confindetial information in a Secret, set + SecretRef then reference it' type: string required: - chartName @@ -168,8 +166,9 @@ spec: minLength: 1 type: string namespace: - description: Namespace of the referenced resource. - minLength: 1 + description: Namespace of the referenced resource. Namespace + can be left empty. In such a case, namespace will be implicit + set to cluster's namespace. type: string required: - kind diff --git a/config/default/manager_image_patch.yaml b/config/default/manager_image_patch.yaml index 757f4fb1..54b38bb4 100644 --- a/config/default/manager_image_patch.yaml +++ b/config/default/manager_image_patch.yaml @@ -8,5 +8,5 @@ spec: spec: containers: # Change the value of image field below to your controller image URL - - image: gianlucam76/sveltos-manager-amd64:v0.4.0 + - image: gianlucam76/sveltos-manager-amd64:v0.4.1 name: manager diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 0c042452..24845441 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -3,7 +3,7 @@ kind: Service metadata: labels: control-plane: controller-manager - name: controller-manager-metrics-service + name: manager-metrics-service namespace: projectsveltos spec: ports: diff --git a/controllers/clustersummary_controller.go b/controllers/clustersummary_controller.go index 703452dc..41d486bd 100644 --- a/controllers/clustersummary_controller.go +++ b/controllers/clustersummary_controller.go @@ -648,10 +648,13 @@ func (r *ClusterSummaryReconciler) getCurrentReferences(clusterSummaryScope *sco for i := range clusterSummaryScope.ClusterSummary.Spec.ClusterProfileSpec.PolicyRefs { referencedNamespace := clusterSummaryScope.ClusterSummary.Spec.ClusterProfileSpec.PolicyRefs[i].Namespace referencedName := clusterSummaryScope.ClusterSummary.Spec.ClusterProfileSpec.PolicyRefs[i].Name + + namespace := getReferenceResourceNamespace(clusterSummaryScope.Namespace(), referencedNamespace) + currentReferences.Insert(&corev1.ObjectReference{ APIVersion: corev1.SchemeGroupVersion.String(), // the only resources that can be referenced are Secret and ConfigMap Kind: clusterSummaryScope.ClusterSummary.Spec.ClusterProfileSpec.PolicyRefs[i].Kind, - Namespace: referencedNamespace, + Namespace: namespace, Name: referencedName, }) } diff --git a/controllers/clustersummary_controller_test.go b/controllers/clustersummary_controller_test.go index 4e980cc9..2a2ddfff 100644 --- a/controllers/clustersummary_controller_test.go +++ b/controllers/clustersummary_controller_test.go @@ -617,6 +617,41 @@ var _ = Describe("ClustersummaryController", func() { // Because CAPI cluster does not exist and ClusterSummary is marked for deletion, finalizer can be removed Expect(controllers.CanRemoveFinalizer(reconciler, context.TODO(), clusterSummaryScope, klogr.New())).To(BeTrue()) }) + + It("getCurrentReferences collects all ClusterSummary referenced objects", func() { + referencedResourceNamespace := randomString() + clusterSummary.Spec.ClusterProfileSpec.PolicyRefs = []libsveltosv1alpha1.PolicyRef{ + { + Namespace: referencedResourceNamespace, + Name: randomString(), + Kind: string(libsveltosv1alpha1.ConfigMapReferencedResourceKind), + }, + } + + c := fake.NewClientBuilder().WithScheme(scheme).Build() + + clusterSummaryScope := getClusterSummaryScope(c, klogr.New(), clusterProfile, clusterSummary) + reconciler := getClusterSummaryReconciler(nil, nil) + set := controllers.GetCurrentReferences(reconciler, clusterSummaryScope) + Expect(set.Len()).To(Equal(1)) + items := set.Items() + Expect(items[0].Namespace).To(Equal(referencedResourceNamespace)) + }) + + It("getCurrentReferences collects all ClusterSummary referenced objects using cluster namespace when not set", func() { + clusterSummary.Spec.ClusterProfileSpec.PolicyRefs = []libsveltosv1alpha1.PolicyRef{ + {Namespace: "", Name: randomString(), Kind: string(libsveltosv1alpha1.ConfigMapReferencedResourceKind)}, + } + + c := fake.NewClientBuilder().WithScheme(scheme).Build() + + clusterSummaryScope := getClusterSummaryScope(c, klogr.New(), clusterProfile, clusterSummary) + reconciler := getClusterSummaryReconciler(nil, nil) + set := controllers.GetCurrentReferences(reconciler, clusterSummaryScope) + Expect(set.Len()).To(Equal(1)) + items := set.Items() + Expect(items[0].Namespace).To(Equal(clusterSummary.Namespace)) + }) }) var _ = Describe("ClusterSummaryReconciler: requeue methods", func() { diff --git a/controllers/clustersummary_deployer.go b/controllers/clustersummary_deployer.go index 88f24bd0..3e8fa2e4 100644 --- a/controllers/clustersummary_deployer.go +++ b/controllers/clustersummary_deployer.go @@ -392,7 +392,8 @@ func (r *ClusterSummaryReconciler) updateDeployedGroupVersionKind(ctx context.Co logger.V(logs.LogDebug).Info("update status with deployed GroupVersionKinds") // Collect all referenced configMaps/secrets. - referencedObjects, err := collectReferencedObjects(ctx, r.Client, references, logger) + referencedObjects, err := collectReferencedObjects(ctx, r.Client, clusterSummaryScope.Namespace(), + references, logger) if err != nil { logger.V(logs.LogDebug).Info(fmt.Sprintf("failed to collect referenced configMaps/secrets. Err: %v", err)) return err @@ -409,12 +410,9 @@ func (r *ClusterSummaryReconciler) updateDeployedGroupVersionKind(ctx context.Co data = cm.Data } else { secret := referencedObjects[i].(*corev1.Secret) - data = make(map[string]string) + data = map[string]string{} for key, value := range secret.Data { - data[key], err = decode(value) - if err != nil { - return err - } + data[key] = string(value) } } policies, err := collectContent(ctx, clusterSummaryScope.ClusterSummary, data, logger) diff --git a/controllers/clustersummary_deployer_test.go b/controllers/clustersummary_deployer_test.go index 3cfcc990..61b88380 100644 --- a/controllers/clustersummary_deployer_test.go +++ b/controllers/clustersummary_deployer_test.go @@ -573,20 +573,6 @@ var _ = Describe("ClustersummaryDeployer", func() { Expect(cs.Status.FeatureSummaries[0].FeatureID).To(Equal(configv1alpha1.FeatureResources)) Expect(cs.Status.FeatureSummaries[0].DeployedGroupVersionKind).To(ContainElement("ClusterRole.v1.rbac.authorization.k8s.io")) }) - - It("getCurrentReferences collects all ClusterSummary referenced objects", func() { - clusterSummary.Spec.ClusterProfileSpec.PolicyRefs = []libsveltosv1alpha1.PolicyRef{ - {Namespace: randomString(), Name: randomString(), Kind: string(libsveltosv1alpha1.ConfigMapReferencedResourceKind)}, - } - - c := fake.NewClientBuilder().WithScheme(scheme).Build() - - clusterSummaryScope := getClusterSummaryScope(c, logger, clusterProfile, clusterSummary) - reconciler := getClusterSummaryReconciler(nil, nil) - set := controllers.GetCurrentReferences(reconciler, clusterSummaryScope) - expectedLength := len(clusterSummary.Spec.ClusterProfileSpec.PolicyRefs) - Expect(set.Len()).To(Equal(expectedLength)) - }) }) var _ = Describe("Convert result", func() { diff --git a/controllers/export_test.go b/controllers/export_test.go index 5fc874ff..09cad2a4 100644 --- a/controllers/export_test.go +++ b/controllers/export_test.go @@ -57,21 +57,23 @@ var ( GenericDeploy = genericDeploy GenericUndeploy = genericUndeploy - GetClusterSummary = getClusterSummary - AddLabel = addLabel - CreateNamespace = createNamespace - GetEntryKey = getEntryKey - DeployContentOfConfigMap = deployContentOfConfigMap - DeployContentOfSecret = deployContentOfSecret - DeployContent = deployContent - GetClusterSummaryAdmin = getClusterSummaryAdmin - AddAnnotation = addAnnotation - ComputePolicyHash = computePolicyHash - GetPolicyInfo = getPolicyInfo - UndeployStaleResources = undeployStaleResources - GetDeployedGroupVersionKinds = getDeployedGroupVersionKinds - CanDelete = canDelete - HandleResourceDelete = handleResourceDelete + GetClusterSummary = getClusterSummary + AddLabel = addLabel + CreateNamespace = createNamespace + GetEntryKey = getEntryKey + DeployContentOfConfigMap = deployContentOfConfigMap + DeployContentOfSecret = deployContentOfSecret + DeployContent = deployContent + GetClusterSummaryAdmin = getClusterSummaryAdmin + AddAnnotation = addAnnotation + ComputePolicyHash = computePolicyHash + GetPolicyInfo = getPolicyInfo + UndeployStaleResources = undeployStaleResources + GetDeployedGroupVersionKinds = getDeployedGroupVersionKinds + CanDelete = canDelete + HandleResourceDelete = handleResourceDelete + GetSecret = getSecret + GetReferenceResourceNamespace = getReferenceResourceNamespace ResourcesHash = resourcesHash GetResourceRefs = getResourceRefs diff --git a/controllers/handlers_resources.go b/controllers/handlers_resources.go index f482c86e..d36ac351 100644 --- a/controllers/handlers_resources.go +++ b/controllers/handlers_resources.go @@ -194,16 +194,17 @@ func resourcesHash(ctx context.Context, c client.Client, clusterSummaryScope *sc clusterSummary := clusterSummaryScope.ClusterSummary for i := range clusterSummary.Spec.ClusterProfileSpec.PolicyRefs { reference := &clusterSummary.Spec.ClusterProfileSpec.PolicyRefs[i] + namespace := getReferenceResourceNamespace(clusterSummaryScope.Namespace(), reference.Namespace) var err error if reference.Kind == string(libsveltosv1alpha1.ConfigMapReferencedResourceKind) { configmap := &corev1.ConfigMap{} - err = c.Get(ctx, types.NamespacedName{Namespace: reference.Namespace, Name: reference.Name}, configmap) + err = c.Get(ctx, types.NamespacedName{Namespace: namespace, Name: reference.Name}, configmap) if err == nil { config += render.AsCode(configmap.Data) } } else { secret := &corev1.Secret{} - err = c.Get(ctx, types.NamespacedName{Namespace: reference.Namespace, Name: reference.Name}, secret) + err = c.Get(ctx, types.NamespacedName{Namespace: namespace, Name: reference.Name}, secret) if err == nil { config += render.AsCode(secret.Data) } diff --git a/controllers/handlers_utils.go b/controllers/handlers_utils.go index a82ea7a5..3a12668b 100644 --- a/controllers/handlers_utils.go +++ b/controllers/handlers_utils.go @@ -19,7 +19,6 @@ package controllers import ( "context" "crypto/sha256" - "encoding/base64" "errors" "fmt" "strings" @@ -105,10 +104,7 @@ func deployContentOfSecret(ctx context.Context, remoteConfig *rest.Config, c, re data := make(map[string]string) for key, value := range secret.Data { - data[key], err = decode(value) - if err != nil { - return nil, err - } + data[key] = string(value) } reports, err = @@ -362,8 +358,19 @@ func getClusterSummaryAndClusterClient(ctx context.Context, clusterNamespace, cl return clusterSummary, clusterClient, nil } +// getReferenceResourceNamespace returns the namespace to use for a referenced resource. +// If namespace is set on referencedResource, that namespace will be used. +// If namespace is not set, cluster namespace will be used +func getReferenceResourceNamespace(clusterNamespace, referencedResourceNamespace string) string { + if referencedResourceNamespace != "" { + return referencedResourceNamespace + } + + return clusterNamespace +} + // collectReferencedObjects collects all referenced configMaps/secrets in control cluster -func collectReferencedObjects(ctx context.Context, controlClusterClient client.Client, +func collectReferencedObjects(ctx context.Context, controlClusterClient client.Client, clusterNamespace string, references []libsveltosv1alpha1.PolicyRef, logger logr.Logger) ([]client.Object, error) { objects := make([]client.Object, 0) @@ -371,12 +378,15 @@ func collectReferencedObjects(ctx context.Context, controlClusterClient client.C var err error var object client.Object reference := &references[i] + + namespace := getReferenceResourceNamespace(clusterNamespace, references[i].Namespace) + if reference.Kind == string(libsveltosv1alpha1.ConfigMapReferencedResourceKind) { object, err = getConfigMap(ctx, controlClusterClient, - types.NamespacedName{Namespace: reference.Namespace, Name: reference.Name}) + types.NamespacedName{Namespace: namespace, Name: reference.Name}) } else { object, err = getSecret(ctx, controlClusterClient, - types.NamespacedName{Namespace: reference.Namespace, Name: reference.Name}) + types.NamespacedName{Namespace: namespace, Name: reference.Name}) } if err != nil { if apierrors.IsNotFound(err) { @@ -400,7 +410,7 @@ func deployReferencedObjects(ctx context.Context, c client.Client, remoteConfig refs := featureHandler.getRefs(clusterSummary) var referencedObjects []client.Object - referencedObjects, err = collectReferencedObjects(ctx, c, refs, logger) + referencedObjects, err = collectReferencedObjects(ctx, c, clusterSummary.Namespace, refs, logger) if err != nil { return nil, err } @@ -680,15 +690,6 @@ func updateClusterConfiguration(ctx context.Context, c client.Client, return err } -func decode(encoded []byte) (string, error) { - decoded, err := base64.StdEncoding.DecodeString(string(encoded)) - if err != nil { - return "", err - } - - return string(decoded), nil -} - // computePolicyHash compute policy hash. func computePolicyHash(policy *unstructured.Unstructured) (string, error) { b, err := policy.MarshalJSON() @@ -728,6 +729,10 @@ func getSecret(ctx context.Context, c client.Client, secretName types.Namespaced return nil, err } + if secret.Type != libsveltosv1alpha1.ClusterProfileSecretType { + return nil, libsveltosv1alpha1.ErrSecretTypeNotSupported + } + return secret, nil } diff --git a/controllers/handlers_utils_test.go b/controllers/handlers_utils_test.go index f2d68b64..a6545cf6 100644 --- a/controllers/handlers_utils_test.go +++ b/controllers/handlers_utils_test.go @@ -226,6 +226,38 @@ var _ = Describe("HandlersUtils", func() { Expect(c.Get(context.TODO(), types.NamespacedName{Name: namespace}, currentNs)).To(Succeed()) }) + It("getSecret returns an error when type is different than ClusterProfileSecretType", func() { + wrongSecretType := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace, + Name: randomString(), + }, + Data: map[string][]byte{ + randomString(): []byte(randomString()), + }, + } + + Expect(testEnv.Client.Create(context.TODO(), wrongSecretType)).To(Succeed()) + Expect(waitForObject(context.TODO(), testEnv.Client, wrongSecretType)).To(Succeed()) + + secretName := types.NamespacedName{Namespace: wrongSecretType.Namespace, Name: wrongSecretType.Name} + _, err := controllers.GetSecret(context.TODO(), testEnv.Client, secretName) + Expect(err).ToNot(BeNil()) + Expect(err.Error()).To(Equal(libsveltosv1alpha1.ErrSecretTypeNotSupported.Error())) + + services := fmt.Sprintf(serviceTemplate, namespace, namespace) + depl := fmt.Sprintf(deplTemplate, namespace) + + // Create a secret containing two services. + secret := createSecretWithPolicy(namespace, randomString(), depl, services) + Expect(testEnv.Client.Create(context.TODO(), secret)).To(Succeed()) + Expect(waitForObject(context.TODO(), testEnv.Client, secret)).To(Succeed()) + + secretName = types.NamespacedName{Namespace: secret.Namespace, Name: secret.Name} + _, err = controllers.GetSecret(context.TODO(), testEnv.Client, secretName) + Expect(err).To(BeNil()) + }) + It("deployContent in DryRun mode returns policies which will be created, updated, no action", func() { services := fmt.Sprintf(serviceTemplate, namespace, namespace) depl := fmt.Sprintf(deplTemplate, namespace) @@ -324,6 +356,22 @@ var _ = Describe("HandlersUtils", func() { } }) + It("getReferenceResourceNamespace returns the referenced resource namespace when set. cluster namespace otherwise.", func() { + referecedResource := libsveltosv1alpha1.PolicyRef{ + Namespace: "", + Name: randomString(), + Kind: string(libsveltosv1alpha1.ConfigMapReferencedResourceKind), + } + + clusterNamespace := randomString() + Expect(controllers.GetReferenceResourceNamespace(clusterNamespace, referecedResource.Namespace)).To( + Equal(clusterNamespace)) + + referecedResource.Namespace = randomString() + Expect(controllers.GetReferenceResourceNamespace(clusterNamespace, referecedResource.Namespace)).To( + Equal(referecedResource.Namespace)) + }) + It("deployContentOfSecret deploys all policies contained in a ConfigMap", func() { services := fmt.Sprintf(serviceTemplate, namespace, namespace) depl := fmt.Sprintf(deplTemplate, namespace) diff --git a/controllers/suite_helpers_test.go b/controllers/suite_helpers_test.go index bdc3e75d..d580ca04 100644 --- a/controllers/suite_helpers_test.go +++ b/controllers/suite_helpers_test.go @@ -18,7 +18,6 @@ package controllers_test import ( "context" - "encoding/base64" "fmt" "unicode/utf8" @@ -115,11 +114,12 @@ func createSecretWithPolicy(namespace, configMapName string, policyStrs ...strin Namespace: namespace, Name: configMapName, }, + Type: libsveltosv1alpha1.ClusterProfileSecretType, Data: map[string][]byte{}, } for i := range policyStrs { key := fmt.Sprintf("policy%d.yaml", i) - secret.Data[key] = []byte(base64.StdEncoding.EncodeToString([]byte(policyStrs[i]))) + secret.Data[key] = []byte(policyStrs[i]) } Expect(addTypeInformationToObject(scheme, secret)).To(Succeed()) diff --git a/go.mod b/go.mod index 4d9ad624..520dfb53 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/onsi/ginkgo/v2 v2.6.0 github.com/onsi/gomega v1.24.1 github.com/pkg/errors v0.9.1 - github.com/projectsveltos/libsveltos v0.4.0 + github.com/projectsveltos/libsveltos v0.4.1 github.com/prometheus/client_golang v1.13.0 github.com/spf13/pflag v1.0.5 golang.org/x/text v0.5.0 diff --git a/go.sum b/go.sum index 59b75002..e1ff450d 100644 --- a/go.sum +++ b/go.sum @@ -790,8 +790,8 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1 h1:oL4IBbcqwhhNWh31bjOX8C/OCy0zs9906d/VUru+bqg= github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU= -github.com/projectsveltos/libsveltos v0.4.0 h1:9Z+GtfNTyQ4MB3npHL7grUyokMumDTme/qWkfZkfbtI= -github.com/projectsveltos/libsveltos v0.4.0/go.mod h1:smYCt3DQSZpQqsaoM2mJAIP6RAMXcxw5Af0mzkncCs4= +github.com/projectsveltos/libsveltos v0.4.1 h1:icU0MkB12xlbbPGWyFL9X6h0n1Wcce+eclXR1Q7WjfU= +github.com/projectsveltos/libsveltos v0.4.1/go.mod h1:smYCt3DQSZpQqsaoM2mJAIP6RAMXcxw5Af0mzkncCs4= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= diff --git a/manifest/manifest.yaml b/manifest/manifest.yaml index 7f652ad8..166609b2 100644 --- a/manifest/manifest.yaml +++ b/manifest/manifest.yaml @@ -332,13 +332,10 @@ spec: description: 'Values holds the values for this Helm release. Go templating with the values from the referenced CAPI Cluster. Currently following can be referenced: - Cluster => CAPI Cluster - for instance {{ index .Cluster.Spec.ClusterNetwork.Pods.CIDRBlocks - 0 }} - KubeadmControlPlane => the CAPI Cluster controlPlaneRef + for instance - KubeadmControlPlane => the CAPI Cluster controlPlaneRef - InfrastructureProvider => the CAPI cluster infrastructure provider - SecretRef => store any confindetial information - in a Secret, set SecretRef then reference it for instance - password: "{{ printf "%s" .SecretRef.Data.password | b64dec - }}"' + in a Secret, set SecretRef then reference it' type: string required: - chartName @@ -369,8 +366,9 @@ spec: minLength: 1 type: string namespace: - description: Namespace of the referenced resource. - minLength: 1 + description: Namespace of the referenced resource. Namespace + can be left empty. In such a case, namespace will be implicit + set to cluster's namespace. type: string required: - kind @@ -819,13 +817,11 @@ spec: description: 'Values holds the values for this Helm release. Go templating with the values from the referenced CAPI Cluster. Currently following can be referenced: - Cluster - => CAPI Cluster for instance {{ index .Cluster.Spec.ClusterNetwork.Pods.CIDRBlocks - 0 }} - KubeadmControlPlane => the CAPI Cluster controlPlaneRef - - InfrastructureProvider => the CAPI cluster infrastructure - provider - SecretRef => store any confindetial information - in a Secret, set SecretRef then reference it for instance - password: "{{ printf "%s" .SecretRef.Data.password | b64dec - }}"' + => CAPI Cluster for instance - KubeadmControlPlane => + the CAPI Cluster controlPlaneRef - InfrastructureProvider + => the CAPI cluster infrastructure provider - SecretRef + => store any confindetial information in a Secret, set + SecretRef then reference it' type: string required: - chartName @@ -856,8 +852,9 @@ spec: minLength: 1 type: string namespace: - description: Namespace of the referenced resource. - minLength: 1 + description: Namespace of the referenced resource. Namespace + can be left empty. In such a case, namespace will be implicit + set to cluster's namespace. type: string required: - kind @@ -1345,7 +1342,7 @@ kind: Service metadata: labels: control-plane: controller-manager - name: fm-controller-manager-metrics-service + name: fm-manager-metrics-service namespace: projectsveltos spec: ports: @@ -1383,7 +1380,7 @@ spec: - --v=5 command: - /manager - image: gianlucam76/sveltos-manager-amd64:v0.4.0 + image: gianlucam76/sveltos-manager-amd64:v0.4.1 livenessProbe: httpGet: path: /healthz diff --git a/pkg/drift-detection/drift-detection-manager.go b/pkg/drift-detection/drift-detection-manager.go index 41936cb9..0396ef39 100644 --- a/pkg/drift-detection/drift-detection-manager.go +++ b/pkg/drift-detection/drift-detection-manager.go @@ -260,7 +260,7 @@ spec: - --run-mode=do-not-send-updates command: - /manager - image: gianlucam76/drift-detection-manager-amd64:v0.4.0 + image: gianlucam76/drift-detection-manager-amd64:v0.4.1 livenessProbe: httpGet: path: /healthz diff --git a/pkg/drift-detection/drift-detection-manager.yaml b/pkg/drift-detection/drift-detection-manager.yaml index 44f30d6d..00721e64 100644 --- a/pkg/drift-detection/drift-detection-manager.yaml +++ b/pkg/drift-detection/drift-detection-manager.yaml @@ -242,7 +242,7 @@ spec: - --run-mode=do-not-send-updates command: - /manager - image: gianlucam76/drift-detection-manager-amd64:v0.4.0 + image: gianlucam76/drift-detection-manager-amd64:v0.4.1 livenessProbe: httpGet: path: /healthz diff --git a/test/fv/resource_per_cluster_test.go b/test/fv/resource_per_cluster_test.go new file mode 100644 index 00000000..bbf9728c --- /dev/null +++ b/test/fv/resource_per_cluster_test.go @@ -0,0 +1,200 @@ +/* +Copyright 2022. projectsveltos.io. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package fv_test + +import ( + "context" + "fmt" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + + libsveltosv1alpha1 "github.com/projectsveltos/libsveltos/api/v1alpha1" + configv1alpha1 "github.com/projectsveltos/sveltos-manager/api/v1alpha1" +) + +var _ = Describe("Feature", func() { + const ( + namePrefix = "pre-cluster-feature-" + ) + + It("Deploy and updates resources referenced in ResourceRefs correctly. Namespace not set", Label("FV"), func() { + Byf("Create a ClusterProfile matching Cluster %s/%s", kindWorkloadCluster.Namespace, kindWorkloadCluster.Name) + clusterProfile := getClusterProfile(namePrefix, map[string]string{key: value}) + clusterProfile.Spec.SyncMode = configv1alpha1.SyncModeContinuous + Expect(k8sClient.Create(context.TODO(), clusterProfile)).To(Succeed()) + + verifyClusterProfileMatches(clusterProfile) + + verifyClusterSummary(clusterProfile, kindWorkloadCluster.Namespace, kindWorkloadCluster.Name) + + Byf("Create configMap in cluster namespace %s", kindWorkloadCluster.Namespace) + + updateClusterRoleName := randomString() + configMap := createConfigMapWithPolicy(kindWorkloadCluster.Namespace, namePrefix+randomString(), + fmt.Sprintf(updateClusterRole, updateClusterRoleName)) + Expect(k8sClient.Create(context.TODO(), configMap)).To(Succeed()) + currentConfigMap := &corev1.ConfigMap{} + Expect(k8sClient.Get(context.TODO(), + types.NamespacedName{Namespace: configMap.Namespace, Name: configMap.Name}, currentConfigMap)).To(Succeed()) + + podName := "demo" + randomString() + Byf("Create a secret with a Pod in cluster namespace %s", kindWorkloadCluster.Namespace) + secret := createSecretWithPolicy(kindWorkloadCluster.Namespace, namePrefix+randomString(), fmt.Sprintf(demoPod, podName)) + Expect(k8sClient.Create(context.TODO(), secret)).To(Succeed()) + currentSecret := &corev1.Secret{} + Expect(k8sClient.Get(context.TODO(), + types.NamespacedName{Namespace: secret.Namespace, Name: secret.Name}, currentSecret)).To(Succeed()) + + Byf("Update ClusterProfile %s to reference ConfigMap %s (namespace not set)", clusterProfile.Name, configMap.Name) + Byf("Update ClusterProfile %s to reference Secret %s (namespace not set)", clusterProfile.Name, secret.Name) + currentClusterProfile := &configv1alpha1.ClusterProfile{} + Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: clusterProfile.Name}, currentClusterProfile)).To(Succeed()) + currentClusterProfile.Spec.PolicyRefs = []libsveltosv1alpha1.PolicyRef{ + { + Kind: string(libsveltosv1alpha1.ConfigMapReferencedResourceKind), + Namespace: "", + Name: configMap.Name, + }, + { + Kind: string(libsveltosv1alpha1.SecretReferencedResourceKind), + Namespace: "", + Name: secret.Name, + }, + } + Expect(k8sClient.Update(context.TODO(), currentClusterProfile)).To(Succeed()) + + clusterSummary := verifyClusterSummary(currentClusterProfile, kindWorkloadCluster.Namespace, kindWorkloadCluster.Name) + + Byf("Getting client to access the workload cluster") + workloadClient, err := getKindWorkloadClusterKubeconfig() + Expect(err).To(BeNil()) + Expect(workloadClient).ToNot(BeNil()) + + Byf("Verifying proper ClusterRole is created in the workload cluster") + Eventually(func() error { + currentClusterRole := &rbacv1.ClusterRole{} + return workloadClient.Get(context.TODO(), types.NamespacedName{Name: updateClusterRoleName}, currentClusterRole) + }, timeout, pollingInterval).Should(BeNil()) + + Byf("Verifying proper Pod is created in the workload cluster") + Eventually(func() error { + currentPod := &corev1.Pod{} + return workloadClient.Get(context.TODO(), + types.NamespacedName{Namespace: "default", Name: podName}, currentPod) + }, timeout, pollingInterval).Should(BeNil()) + + Byf("Verifying ClusterSummary %s status is set to Deployed for Resources feature", clusterSummary.Name) + verifyFeatureStatusIsProvisioned(kindWorkloadCluster.Namespace, clusterSummary.Name, configv1alpha1.FeatureResources) + + policies := []policy{ + {kind: "ClusterRole", name: updateClusterRoleName, namespace: "", group: "rbac.authorization.k8s.io"}, + {kind: "Pod", name: podName, namespace: "default", group: ""}, + } + verifyClusterConfiguration(clusterProfile.Name, clusterSummary.Spec.ClusterNamespace, + clusterSummary.Spec.ClusterName, configv1alpha1.FeatureResources, policies, nil) + + By("Updating ConfigMap to reference new ClusterRole") + Expect(k8sClient.Get(context.TODO(), + types.NamespacedName{Namespace: configMap.Namespace, Name: configMap.Name}, currentConfigMap)).To(Succeed()) + allClusterRoleName := randomString() + currentConfigMap = updateConfigMapWithPolicy(currentConfigMap, fmt.Sprintf(allClusterRole, allClusterRoleName)) + Expect(k8sClient.Update(context.TODO(), currentConfigMap)).To(Succeed()) + + Byf("Verifying new clusterrole is deployed in the workload cluster") + Eventually(func() error { + currentClusterRole := &rbacv1.ClusterRole{} + return workloadClient.Get(context.TODO(), types.NamespacedName{Name: allClusterRoleName}, currentClusterRole) + }, timeout, pollingInterval).Should(BeNil()) + + Byf("Verifying old clusterrole is removed from the workload cluster") + Eventually(func() bool { + currentClusterRole := &rbacv1.ClusterRole{} + err = workloadClient.Get(context.TODO(), types.NamespacedName{Name: updateClusterRoleName}, currentClusterRole) + return err != nil && + apierrors.IsNotFound(err) + }, timeout, pollingInterval).Should(BeTrue()) + + policies = []policy{ + {kind: "ClusterRole", name: allClusterRoleName, namespace: "", group: "rbac.authorization.k8s.io"}, + {kind: "Pod", name: podName, namespace: "default", group: ""}, + } + verifyClusterConfiguration(clusterProfile.Name, clusterSummary.Spec.ClusterNamespace, + clusterSummary.Spec.ClusterName, configv1alpha1.FeatureResources, policies, nil) + + By("Updating Secret to reference new Pod") + newPodName := "prod" + randomString() + Expect(k8sClient.Get(context.TODO(), + types.NamespacedName{Namespace: secret.Namespace, Name: secret.Name}, currentSecret)).To(Succeed()) + currentSecret.Data["policy0.yaml"] = []byte(fmt.Sprintf(demoPod, newPodName)) + Expect(k8sClient.Update(context.TODO(), currentSecret)).To(Succeed()) + + Byf("Verifying new Pod is deployed in the workload cluster") + Eventually(func() error { + currentPod := &corev1.Pod{} + return workloadClient.Get(context.TODO(), + types.NamespacedName{Namespace: "default", Name: newPodName}, currentPod) + }, timeout, pollingInterval).Should(BeNil()) + + Byf("Verifying old Pod is removed from the workload cluster") + Eventually(func() bool { + currentPod := &corev1.Pod{} + err = workloadClient.Get(context.TODO(), + types.NamespacedName{Namespace: "default", Name: podName}, currentPod) + return err != nil && + apierrors.IsNotFound(err) + }, timeout, pollingInterval).Should(BeTrue()) + + policies = []policy{ + {kind: "ClusterRole", name: allClusterRoleName, namespace: "", group: "rbac.authorization.k8s.io"}, + {kind: "Pod", name: newPodName, namespace: "default", group: ""}, + } + verifyClusterConfiguration(clusterProfile.Name, clusterSummary.Spec.ClusterNamespace, + clusterSummary.Spec.ClusterName, configv1alpha1.FeatureResources, policies, nil) + + Byf("Changing clusterprofile to not reference configmap/secret anymore") + Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: clusterProfile.Name}, currentClusterProfile)).To(Succeed()) + currentClusterProfile.Spec.PolicyRefs = []libsveltosv1alpha1.PolicyRef{} + Expect(k8sClient.Update(context.TODO(), currentClusterProfile)).To(Succeed()) + + verifyClusterSummary(currentClusterProfile, kindWorkloadCluster.Namespace, kindWorkloadCluster.Name) + + Byf("Verifying proper ClusterRole is removed in the workload cluster") + Eventually(func() bool { + currentClusterRole := &rbacv1.ClusterRole{} + err = workloadClient.Get(context.TODO(), types.NamespacedName{Name: allClusterRoleName}, currentClusterRole) + return err != nil && + apierrors.IsNotFound(err) + }, timeout, pollingInterval).Should(BeTrue()) + + Byf("Verifying proper Pod is removed in the workload cluster") + Eventually(func() bool { + currentPod := &corev1.Pod{} + err = workloadClient.Get(context.TODO(), + types.NamespacedName{Namespace: "default", Name: newPodName}, currentPod) + return err != nil && + apierrors.IsNotFound(err) + }, timeout, pollingInterval).Should(BeTrue()) + + deleteClusterProfile(clusterProfile) + }) +}) diff --git a/test/fv/resource_test.go b/test/fv/resource_test.go index 759dfa43..105db14e 100644 --- a/test/fv/resource_test.go +++ b/test/fv/resource_test.go @@ -18,7 +18,6 @@ package fv_test import ( "context" - "encoding/base64" "fmt" . "github.com/onsi/ginkgo/v2" @@ -38,7 +37,7 @@ const ( updateClusterRole = `apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: configmap-updater + name: %s rules: - apiGroups: [""] # @@ -51,7 +50,7 @@ rules: allClusterRole = `apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: configmap-all + name: %s rules: - apiGroups: [""] # @@ -100,7 +99,9 @@ var _ = Describe("Feature", func() { Expect(k8sClient.Create(context.TODO(), ns)).To(Succeed()) Byf("Create a configMap with a ClusterRole") - configMap := createConfigMapWithPolicy(configMapNs, namePrefix+randomString(), updateClusterRole) + updateClusterRoleName := randomString() + configMap := createConfigMapWithPolicy(configMapNs, namePrefix+randomString(), + fmt.Sprintf(updateClusterRole, updateClusterRoleName)) Expect(k8sClient.Create(context.TODO(), configMap)).To(Succeed()) currentConfigMap := &corev1.ConfigMap{} Expect(k8sClient.Get(context.TODO(), @@ -142,7 +143,7 @@ var _ = Describe("Feature", func() { Byf("Verifying proper ClusterRole is created in the workload cluster") Eventually(func() error { currentClusterRole := &rbacv1.ClusterRole{} - return workloadClient.Get(context.TODO(), types.NamespacedName{Name: "configmap-updater"}, currentClusterRole) + return workloadClient.Get(context.TODO(), types.NamespacedName{Name: updateClusterRoleName}, currentClusterRole) }, timeout, pollingInterval).Should(BeNil()) Byf("Verifying proper Pod is created in the workload cluster") @@ -156,7 +157,7 @@ var _ = Describe("Feature", func() { verifyFeatureStatusIsProvisioned(kindWorkloadCluster.Namespace, clusterSummary.Name, configv1alpha1.FeatureResources) policies := []policy{ - {kind: "ClusterRole", name: "configmap-updater", namespace: "", group: "rbac.authorization.k8s.io"}, + {kind: "ClusterRole", name: updateClusterRoleName, namespace: "", group: "rbac.authorization.k8s.io"}, {kind: "Pod", name: podName, namespace: "default", group: ""}, } verifyClusterConfiguration(clusterProfile.Name, clusterSummary.Spec.ClusterNamespace, @@ -165,25 +166,26 @@ var _ = Describe("Feature", func() { By("Updating ConfigMap to reference new ClusterRole") Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Namespace: configMap.Namespace, Name: configMap.Name}, currentConfigMap)).To(Succeed()) - currentConfigMap = updateConfigMapWithPolicy(currentConfigMap, allClusterRole) + allClusterRoleName := randomString() + currentConfigMap = updateConfigMapWithPolicy(currentConfigMap, fmt.Sprintf(allClusterRole, allClusterRoleName)) Expect(k8sClient.Update(context.TODO(), currentConfigMap)).To(Succeed()) Byf("Verifying new clusterrole is deployed in the workload cluster") Eventually(func() error { currentClusterRole := &rbacv1.ClusterRole{} - return workloadClient.Get(context.TODO(), types.NamespacedName{Name: "configmap-all"}, currentClusterRole) + return workloadClient.Get(context.TODO(), types.NamespacedName{Name: allClusterRoleName}, currentClusterRole) }, timeout, pollingInterval).Should(BeNil()) Byf("Verifying old clusterrole is removed from the workload cluster") Eventually(func() bool { currentClusterRole := &rbacv1.ClusterRole{} - err = workloadClient.Get(context.TODO(), types.NamespacedName{Name: "configmap-updater"}, currentClusterRole) + err = workloadClient.Get(context.TODO(), types.NamespacedName{Name: updateClusterRoleName}, currentClusterRole) return err != nil && apierrors.IsNotFound(err) }, timeout, pollingInterval).Should(BeTrue()) policies = []policy{ - {kind: "ClusterRole", name: "configmap-all", namespace: "", group: "rbac.authorization.k8s.io"}, + {kind: "ClusterRole", name: allClusterRoleName, namespace: "", group: "rbac.authorization.k8s.io"}, {kind: "Pod", name: podName, namespace: "default", group: ""}, } verifyClusterConfiguration(clusterProfile.Name, clusterSummary.Spec.ClusterNamespace, @@ -193,7 +195,7 @@ var _ = Describe("Feature", func() { newPodName := "prod" + randomString() Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Namespace: secret.Namespace, Name: secret.Name}, currentSecret)).To(Succeed()) - currentSecret.Data["policy0.yaml"] = []byte(base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf(demoPod, newPodName)))) + currentSecret.Data["policy0.yaml"] = []byte(fmt.Sprintf(demoPod, newPodName)) Expect(k8sClient.Update(context.TODO(), currentSecret)).To(Succeed()) Byf("Verifying new Pod is deployed in the workload cluster") @@ -203,7 +205,7 @@ var _ = Describe("Feature", func() { types.NamespacedName{Namespace: "default", Name: newPodName}, currentPod) }, timeout, pollingInterval).Should(BeNil()) - Byf("Verifying old clusterrole is removed from the workload cluster") + Byf("Verifying old Pod is removed from the workload cluster") Eventually(func() bool { currentPod := &corev1.Pod{} err = workloadClient.Get(context.TODO(), @@ -213,7 +215,7 @@ var _ = Describe("Feature", func() { }, timeout, pollingInterval).Should(BeTrue()) policies = []policy{ - {kind: "ClusterRole", name: "configmap-all", namespace: "", group: "rbac.authorization.k8s.io"}, + {kind: "ClusterRole", name: allClusterRoleName, namespace: "", group: "rbac.authorization.k8s.io"}, {kind: "Pod", name: newPodName, namespace: "default", group: ""}, } verifyClusterConfiguration(clusterProfile.Name, clusterSummary.Spec.ClusterNamespace, @@ -229,7 +231,7 @@ var _ = Describe("Feature", func() { Byf("Verifying proper ClusterRole is removed in the workload cluster") Eventually(func() bool { currentClusterRole := &rbacv1.ClusterRole{} - err = workloadClient.Get(context.TODO(), types.NamespacedName{Name: "configmap-updater"}, currentClusterRole) + err = workloadClient.Get(context.TODO(), types.NamespacedName{Name: allClusterRoleName}, currentClusterRole) return err != nil && apierrors.IsNotFound(err) }, timeout, pollingInterval).Should(BeTrue()) diff --git a/test/fv/utils_test.go b/test/fv/utils_test.go index ebaa1051..173e7f91 100644 --- a/test/fv/utils_test.go +++ b/test/fv/utils_test.go @@ -18,7 +18,6 @@ package fv_test import ( "context" - "encoding/base64" "fmt" "reflect" "unicode/utf8" @@ -301,11 +300,12 @@ func createSecretWithPolicy(namespace, configMapName string, policyStrs ...strin Namespace: namespace, Name: configMapName, }, + Type: libsveltosv1alpha1.ClusterProfileSecretType, Data: map[string][]byte{}, } for i := range policyStrs { key := fmt.Sprintf("policy%d.yaml", i) - secret.Data[key] = []byte(base64.StdEncoding.EncodeToString([]byte(policyStrs[i]))) + secret.Data[key] = []byte(policyStrs[i]) } return secret