From d99940d38035f34a66758defc45664acee537079 Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Thu, 11 Jul 2024 11:10:46 -0700 Subject: [PATCH 01/10] add logic to return service account Signed-off-by: Ish Shah --- cmd/manager/main.go | 36 ++++++++++++++++++- .../olm_v1alpha1_clusterextension.yaml | 2 +- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index a7d4bcda7..ff2b30091 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -22,6 +22,7 @@ import ( "fmt" "os" "path/filepath" + "time" "github.com/spf13/pflag" "go.uber.org/zap/zapcore" @@ -39,9 +40,17 @@ import ( catalogd "github.com/operator-framework/catalogd/api/core/v1alpha1" helmclient "github.com/operator-framework/helm-operator-plugins/pkg/client" + registryv1handler "github.com/operator-framework/rukpak/pkg/handler" + crdupgradesafety "github.com/operator-framework/rukpak/pkg/preflights/crdupgradesafety" + "github.com/operator-framework/rukpak/pkg/provisioner/registry" + "github.com/operator-framework/rukpak/pkg/source" + "github.com/operator-framework/rukpak/pkg/storage" + "k8s.io/apimachinery/pkg/types" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + "k8s.io/client-go/rest" ocv1alpha1 "github.com/operator-framework/operator-controller/api/v1alpha1" - "github.com/operator-framework/operator-controller/internal/action" + "github.com/operator-framework/operator-controller/internal/authentication" "github.com/operator-framework/operator-controller/internal/catalogmetadata/cache" catalogclient "github.com/operator-framework/operator-controller/internal/catalogmetadata/client" "github.com/operator-framework/operator-controller/internal/controllers" @@ -158,9 +167,34 @@ func main() { ext := obj.(*ocv1alpha1.ClusterExtension) return ext.Spec.InstallNamespace, nil }) + coreClient, err := corev1client.NewForConfig(mgr.GetConfig()) + if err != nil { + setupLog.Error(err, "unable to create core client") + os.Exit(1) + } + tokenGetter := authentication.NewTokenGetter(coreClient, authentication.WithExpirationDuration(1*time.Hour)) + + restConfigMapper := func(ctx context.Context, o client.Object, c *rest.Config) (*rest.Config, error) { + cExt, ok := o.(*ocv1alpha1.ClusterExtension) + if !ok { + return c, nil + } + namespacedName := types.NamespacedName{ + Name: cExt.Spec.ServiceAccount.Name, + Namespace: cExt.Spec.InstallNamespace, + } + token, err := tokenGetter.Get(ctx, namespacedName) + if err != nil { + return nil, fmt.Errorf("Failed to extract SA token, %w", err) + } + tempConfig := rest.CopyConfig(c) + tempConfig.BearerToken = token + return tempConfig, nil + } cfgGetter, err := helmclient.NewActionConfigGetter(mgr.GetConfig(), mgr.GetRESTMapper(), helmclient.StorageNamespaceMapper(installNamespaceMapper), helmclient.ClientNamespaceMapper(installNamespaceMapper), + helmclient.RestConfigMapper(restConfigMapper), ) if err != nil { setupLog.Error(err, "unable to config for creating helm client") diff --git a/config/samples/olm_v1alpha1_clusterextension.yaml b/config/samples/olm_v1alpha1_clusterextension.yaml index 475f3eeaf..b66c75ac0 100644 --- a/config/samples/olm_v1alpha1_clusterextension.yaml +++ b/config/samples/olm_v1alpha1_clusterextension.yaml @@ -7,4 +7,4 @@ spec: packageName: argocd-operator version: 0.6.0 serviceAccount: - name: argocd-installer + name: default From 11d8f9094d676ef9e6dd387fba1425ba2f08fc47 Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Thu, 11 Jul 2024 11:40:29 -0700 Subject: [PATCH 02/10] update permissions and anon token Signed-off-by: Ish Shah --- cmd/manager/main.go | 2 +- internal/controllers/clusterextension_controller.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index ff2b30091..7d7f3408a 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -187,7 +187,7 @@ func main() { if err != nil { return nil, fmt.Errorf("Failed to extract SA token, %w", err) } - tempConfig := rest.CopyConfig(c) + tempConfig := rest.AnonymousClientConfig(c) tempConfig.BearerToken = token return tempConfig, nil } diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go index 9b91e3750..b636cbb52 100644 --- a/internal/controllers/clusterextension_controller.go +++ b/internal/controllers/clusterextension_controller.go @@ -113,11 +113,11 @@ type Preflight interface { Upgrade(context.Context, *release.Release) error } -//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions,verbs=get;list;watch +//+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions,verbs=get;list;watch;update;patch //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/status,verbs=update;patch //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/finalizers,verbs=update //+kubebuilder:rbac:groups=core,resources=secrets,verbs=create;update;patch;delete;get;list;watch -//+kubebuilder:rbac:groups=*,resources=*,verbs=* +//+kubebuilder:rbac:groups=core,resources=serviceaccounts/token,verbs=create //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=clustercatalogs,verbs=list;watch //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogmetadata,verbs=list;watch From dbe5705580e5b15f611ca3cff2259bedf1dfd4e7 Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Wed, 17 Jul 2024 10:17:06 -0700 Subject: [PATCH 03/10] updated role yaml Signed-off-by: Ish Shah --- config/base/rbac/role.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/config/base/rbac/role.yaml b/config/base/rbac/role.yaml index 3d36de44e..d28325d67 100644 --- a/config/base/rbac/role.yaml +++ b/config/base/rbac/role.yaml @@ -4,12 +4,6 @@ kind: ClusterRole metadata: name: manager-role rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' - apiGroups: - catalogd.operatorframework.io resources: @@ -36,6 +30,12 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create - apiGroups: - olm.operatorframework.io resources: @@ -43,6 +43,8 @@ rules: verbs: - get - list + - patch + - update - watch - apiGroups: - olm.operatorframework.io From fbcf4c8e91abcf51d23d88ce3abb69d275500691 Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Wed, 17 Jul 2024 10:33:49 -0700 Subject: [PATCH 04/10] clean up imports Signed-off-by: Ish Shah --- cmd/manager/main.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 7d7f3408a..744ab994b 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -40,16 +40,13 @@ import ( catalogd "github.com/operator-framework/catalogd/api/core/v1alpha1" helmclient "github.com/operator-framework/helm-operator-plugins/pkg/client" - registryv1handler "github.com/operator-framework/rukpak/pkg/handler" - crdupgradesafety "github.com/operator-framework/rukpak/pkg/preflights/crdupgradesafety" - "github.com/operator-framework/rukpak/pkg/provisioner/registry" - "github.com/operator-framework/rukpak/pkg/source" - "github.com/operator-framework/rukpak/pkg/storage" + "k8s.io/apimachinery/pkg/types" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/rest" ocv1alpha1 "github.com/operator-framework/operator-controller/api/v1alpha1" + "github.com/operator-framework/operator-controller/internal/action" "github.com/operator-framework/operator-controller/internal/authentication" "github.com/operator-framework/operator-controller/internal/catalogmetadata/cache" catalogclient "github.com/operator-framework/operator-controller/internal/catalogmetadata/client" From 0e5dc715845661ad435c9dc8947a52b2828d12d4 Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Wed, 17 Jul 2024 11:30:34 -0700 Subject: [PATCH 05/10] update e2e tests Signed-off-by: Ish Shah --- test/e2e/cluster_extension_install_test.go | 115 +++++++++++++++++---- 1 file changed, 95 insertions(+), 20 deletions(-) diff --git a/test/e2e/cluster_extension_install_test.go b/test/e2e/cluster_extension_install_test.go index cac2edde1..c3f261f0b 100644 --- a/test/e2e/cluster_extension_install_test.go +++ b/test/e2e/cluster_extension_install_test.go @@ -29,6 +29,8 @@ import ( ocv1alpha1 "github.com/operator-framework/operator-controller/api/v1alpha1" "github.com/operator-framework/operator-controller/internal/conditionsets" + + rbacv1 "k8s.io/api/rbac/v1" ) const ( @@ -38,7 +40,65 @@ const ( var pollDuration = time.Minute var pollInterval = time.Second -func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.ClusterCatalog) { +func createServiceAccount(ctx context.Context, name types.NamespacedName) (*corev1.ServiceAccount, error) { + sa := &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + Namespace: name.Namespace, + }, + } + err := c.Create(ctx, sa) + if err != nil { + return nil, err + } + cr := &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{ + "*", + }, + Resources: []string{ + "*", + }, + Verbs: []string{ + "*", + }, + }, + }, + } + err = c.Create(ctx, cr) + if err != nil { + return nil, err + } + crb := &rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: name.Name, + Namespace: name.Namespace, + }, + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "ClusterRole", + Name: name.Name, + }, + } + err = c.Create(ctx, crb) + if err != nil { + return nil, err + } + + return sa, nil +} + +func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.ClusterCatalog, *corev1.ServiceAccount) { var err error extensionCatalog, err := createTestCatalog(context.Background(), testCatalogName, os.Getenv(testCatalogRefEnvVar)) require.NoError(t, err) @@ -49,10 +109,18 @@ func testInit(t *testing.T) (*ocv1alpha1.ClusterExtension, *catalogd.ClusterCata Name: clusterExtensionName, }, } - return clusterExtension, extensionCatalog + + defaultNamespace := types.NamespacedName{ + Name: clusterExtensionName, + Namespace: "default", + } + + sa, err := createServiceAccount(context.Background(), defaultNamespace) + require.NoError(t, err) + return clusterExtension, extensionCatalog, sa } -func testCleanup(t *testing.T, cat *catalogd.ClusterCatalog, clusterExtension *ocv1alpha1.ClusterExtension) { +func testCleanup(t *testing.T, cat *catalogd.ClusterCatalog, clusterExtension *ocv1alpha1.ClusterExtension, sa *corev1.ServiceAccount) { require.NoError(t, c.Delete(context.Background(), cat)) require.Eventually(t, func() bool { err := c.Get(context.Background(), types.NamespacedName{Name: cat.Name}, &catalogd.ClusterCatalog{}) @@ -63,21 +131,26 @@ func testCleanup(t *testing.T, cat *catalogd.ClusterCatalog, clusterExtension *o err := c.Get(context.Background(), types.NamespacedName{Name: clusterExtension.Name}, &ocv1alpha1.ClusterExtension{}) return errors.IsNotFound(err) }, pollDuration, pollInterval) + require.NoError(t, c.Delete(context.Background(), sa)) + require.Eventually(t, func() bool { + err := c.Get(context.Background(), types.NamespacedName{Name: sa.Name, Namespace: sa.Namespace}, &corev1.ServiceAccount{}) + return errors.IsNotFound(err) + }, pollDuration, pollInterval) } func TestClusterExtensionInstallRegistry(t *testing.T) { t.Log("When a cluster extension is installed from a catalog") t.Log("When the extension bundle format is registry+v1") - clusterExtension, extensionCatalog := testInit(t) - defer testCleanup(t, extensionCatalog, clusterExtension) + clusterExtension, extensionCatalog, sa := testInit(t) + defer testCleanup(t, extensionCatalog, clusterExtension, sa) defer getArtifactsOutput(t) clusterExtension.Spec = ocv1alpha1.ClusterExtensionSpec{ PackageName: "prometheus", InstallNamespace: "default", ServiceAccount: ocv1alpha1.ServiceAccountReference{ - Name: "default", + Name: sa.Name, }, } t.Log("It resolves the specified package with correct bundle path") @@ -128,8 +201,8 @@ func TestClusterExtensionBlockInstallNonSuccessorVersion(t *testing.T) { t.Log("When a cluster extension is installed from a catalog") t.Log("When resolving upgrade edges") - clusterExtension, extensionCatalog := testInit(t) - defer testCleanup(t, extensionCatalog, clusterExtension) + clusterExtension, extensionCatalog, sa := testInit(t) + defer testCleanup(t, extensionCatalog, clusterExtension, sa) defer getArtifactsOutput(t) t.Log("By creating an ClusterExtension at a specified version") @@ -138,7 +211,7 @@ func TestClusterExtensionBlockInstallNonSuccessorVersion(t *testing.T) { Version: "1.0.0", InstallNamespace: "default", ServiceAccount: ocv1alpha1.ServiceAccountReference{ - Name: "default", + Name: sa.Name, }, } require.NoError(t, c.Create(context.Background(), clusterExtension)) @@ -177,8 +250,8 @@ func TestClusterExtensionForceInstallNonSuccessorVersion(t *testing.T) { t.Log("When a cluster extension is installed from a catalog") t.Log("When resolving upgrade edges") - clusterExtension, extensionCatalog := testInit(t) - defer testCleanup(t, extensionCatalog, clusterExtension) + clusterExtension, extensionCatalog, sa := testInit(t) + defer testCleanup(t, extensionCatalog, clusterExtension, sa) defer getArtifactsOutput(t) t.Log("By creating an ClusterExtension at a specified version") @@ -187,7 +260,7 @@ func TestClusterExtensionForceInstallNonSuccessorVersion(t *testing.T) { Version: "1.0.0", InstallNamespace: "default", ServiceAccount: ocv1alpha1.ServiceAccountReference{ - Name: "default", + Name: sa.Name, }, } require.NoError(t, c.Create(context.Background(), clusterExtension)) @@ -225,8 +298,8 @@ func TestClusterExtensionForceInstallNonSuccessorVersion(t *testing.T) { func TestClusterExtensionInstallSuccessorVersion(t *testing.T) { t.Log("When a cluster extension is installed from a catalog") t.Log("When resolving upgrade edges") - clusterExtension, extensionCatalog := testInit(t) - defer testCleanup(t, extensionCatalog, clusterExtension) + clusterExtension, extensionCatalog, sa := testInit(t) + defer testCleanup(t, extensionCatalog, clusterExtension, sa) defer getArtifactsOutput(t) t.Log("By creating an ClusterExtension at a specified version") @@ -235,7 +308,7 @@ func TestClusterExtensionInstallSuccessorVersion(t *testing.T) { Version: "1.0.0", InstallNamespace: "default", ServiceAccount: ocv1alpha1.ServiceAccountReference{ - Name: "default", + Name: sa.Name, }, } require.NoError(t, c.Create(context.Background(), clusterExtension)) @@ -272,15 +345,15 @@ func TestClusterExtensionInstallSuccessorVersion(t *testing.T) { func TestClusterExtensionInstallReResolvesWhenCatalogIsPatched(t *testing.T) { t.Log("When a cluster extension is installed from a catalog") t.Log("It resolves again when a catalog is patched with new ImageRef") - clusterExtension, extensionCatalog := testInit(t) - defer testCleanup(t, extensionCatalog, clusterExtension) + clusterExtension, extensionCatalog, sa := testInit(t) + defer testCleanup(t, extensionCatalog, clusterExtension, sa) defer getArtifactsOutput(t) clusterExtension.Spec = ocv1alpha1.ClusterExtensionSpec{ PackageName: "prometheus", InstallNamespace: "default", ServiceAccount: ocv1alpha1.ServiceAccountReference{ - Name: "default", + Name: sa.Name, }, } t.Log("It resolves the specified package with correct bundle path") @@ -351,14 +424,16 @@ func TestClusterExtensionInstallReResolvesWhenNewCatalog(t *testing.T) { Name: clusterExtensionName, }, } - defer testCleanup(t, extensionCatalog, clusterExtension) + sa, err := createServiceAccount(context.Background(), types.NamespacedName{Name: clusterExtensionName, Namespace: "default"}) + require.NoError(t, err) + defer testCleanup(t, extensionCatalog, clusterExtension, sa) defer getArtifactsOutput(t) clusterExtension.Spec = ocv1alpha1.ClusterExtensionSpec{ PackageName: "prometheus", InstallNamespace: "default", ServiceAccount: ocv1alpha1.ServiceAccountReference{ - Name: "default", + Name: sa.Name, }, } t.Log("It resolves the specified package with correct bundle path") From 182648ab11ed1998576e47e8122f78c4e63cc72e Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Wed, 17 Jul 2024 11:38:43 -0700 Subject: [PATCH 06/10] fix lint Signed-off-by: Ish Shah --- cmd/manager/main.go | 9 ++++----- test/e2e/cluster_extension_install_test.go | 3 +-- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 744ab994b..282508b1d 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -29,7 +29,10 @@ import ( apiextensionsv1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" k8slabels "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/selection" + "k8s.io/apimachinery/pkg/types" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" _ "k8s.io/client-go/plugin/pkg/client/auth" + "k8s.io/client-go/rest" ctrl "sigs.k8s.io/controller-runtime" crcache "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" @@ -41,10 +44,6 @@ import ( catalogd "github.com/operator-framework/catalogd/api/core/v1alpha1" helmclient "github.com/operator-framework/helm-operator-plugins/pkg/client" - "k8s.io/apimachinery/pkg/types" - corev1client "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/client-go/rest" - ocv1alpha1 "github.com/operator-framework/operator-controller/api/v1alpha1" "github.com/operator-framework/operator-controller/internal/action" "github.com/operator-framework/operator-controller/internal/authentication" @@ -182,7 +181,7 @@ func main() { } token, err := tokenGetter.Get(ctx, namespacedName) if err != nil { - return nil, fmt.Errorf("Failed to extract SA token, %w", err) + return nil, fmt.Errorf("failed to extract SA token, %w", err) } tempConfig := rest.AnonymousClientConfig(c) tempConfig.BearerToken = token diff --git a/test/e2e/cluster_extension_install_test.go b/test/e2e/cluster_extension_install_test.go index c3f261f0b..7c1f0855b 100644 --- a/test/e2e/cluster_extension_install_test.go +++ b/test/e2e/cluster_extension_install_test.go @@ -16,6 +16,7 @@ import ( "gopkg.in/yaml.v2" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/errors" apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -29,8 +30,6 @@ import ( ocv1alpha1 "github.com/operator-framework/operator-controller/api/v1alpha1" "github.com/operator-framework/operator-controller/internal/conditionsets" - - rbacv1 "k8s.io/api/rbac/v1" ) const ( From 09efb2a7b7fce9e3982511f6754e99ef2500494f Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Thu, 18 Jul 2024 10:24:50 -0700 Subject: [PATCH 07/10] extension developer test fixed Signed-off-by: Ish Shah --- .../extension_developer_test.go | 64 ++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/test/extension-developer-e2e/extension_developer_test.go b/test/extension-developer-e2e/extension_developer_test.go index 107e15206..c329b4eb3 100644 --- a/test/extension-developer-e2e/extension_developer_test.go +++ b/test/extension-developer-e2e/extension_developer_test.go @@ -17,6 +17,12 @@ import ( catalogd "github.com/operator-framework/catalogd/api/core/v1alpha1" ocv1alpha1 "github.com/operator-framework/operator-controller/api/v1alpha1" + + "fmt" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/rand" ) func TestExtensionDeveloper(t *testing.T) { @@ -27,10 +33,66 @@ func TestExtensionDeveloper(t *testing.T) { require.NoError(t, catalogd.AddToScheme(scheme)) require.NoError(t, ocv1alpha1.AddToScheme(scheme)) + require.NoError(t, corev1.AddToScheme(scheme)) + require.NoError(t, rbacv1.AddToScheme(scheme)) c, err := client.New(cfg, client.Options{Scheme: scheme}) require.NoError(t, err) + ctx := context.Background() + saName := fmt.Sprintf("serviceaccounts-%s", rand.String(8)) + name := types.NamespacedName{ + Name: saName, + Namespace: "default", + } + + sa := &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + Namespace: name.Namespace, + }, + } + require.NoError(t, c.Create(ctx, sa)) + + cr := &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{ + "*", + }, + Resources: []string{ + "*", + }, + Verbs: []string{ + "*", + }, + }, + }, + } + require.NoError(t, c.Create(ctx, cr)) + + crb := &rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: name.Name, + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: name.Name, + Namespace: name.Namespace, + }, + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "ClusterRole", + Name: name.Name, + }, + } + require.NoError(t, c.Create(ctx, crb)) + var clusterExtensions = []*ocv1alpha1.ClusterExtension{ { ObjectMeta: metav1.ObjectMeta{ @@ -40,7 +102,7 @@ func TestExtensionDeveloper(t *testing.T) { PackageName: os.Getenv("REG_PKG_NAME"), InstallNamespace: "default", ServiceAccount: ocv1alpha1.ServiceAccountReference{ - Name: "default", + Name: saName, }, }, }, From c04d504a40cba5976253bd4ed2c101e1b317de3e Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Thu, 18 Jul 2024 10:52:20 -0700 Subject: [PATCH 08/10] stand up sa for upgrade test Signed-off-by: Ish Shah --- hack/test/pre-upgrade-setup.sh | 38 +++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/hack/test/pre-upgrade-setup.sh b/hack/test/pre-upgrade-setup.sh index 937b38370..ebd1bf4c5 100755 --- a/hack/test/pre-upgrade-setup.sh +++ b/hack/test/pre-upgrade-setup.sh @@ -33,6 +33,42 @@ spec: insecureSkipTLSVerify: true EOF +kubectl apply -f - < Date: Thu, 18 Jul 2024 11:08:34 -0700 Subject: [PATCH 09/10] fixed upgrade test Signed-off-by: Ish Shah --- config/base/rbac/role.yaml | 6 ++++++ internal/controllers/clusterextension_controller.go | 1 + 2 files changed, 7 insertions(+) diff --git a/config/base/rbac/role.yaml b/config/base/rbac/role.yaml index d28325d67..0130a1662 100644 --- a/config/base/rbac/role.yaml +++ b/config/base/rbac/role.yaml @@ -4,6 +4,12 @@ kind: ClusterRole metadata: name: manager-role rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get - apiGroups: - catalogd.operatorframework.io resources: diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go index b636cbb52..ea7d95952 100644 --- a/internal/controllers/clusterextension_controller.go +++ b/internal/controllers/clusterextension_controller.go @@ -118,6 +118,7 @@ type Preflight interface { //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/finalizers,verbs=update //+kubebuilder:rbac:groups=core,resources=secrets,verbs=create;update;patch;delete;get;list;watch //+kubebuilder:rbac:groups=core,resources=serviceaccounts/token,verbs=create +//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=clustercatalogs,verbs=list;watch //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogmetadata,verbs=list;watch From d1eb63268671989686f890160ba29bd89c1d294a Mon Sep 17 00:00:00 2001 From: Ish Shah Date: Thu, 18 Jul 2024 11:14:46 -0700 Subject: [PATCH 10/10] linting for extension test Signed-off-by: Ish Shah --- .../extension_developer_test.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/test/extension-developer-e2e/extension_developer_test.go b/test/extension-developer-e2e/extension_developer_test.go index c329b4eb3..acf9e9a64 100644 --- a/test/extension-developer-e2e/extension_developer_test.go +++ b/test/extension-developer-e2e/extension_developer_test.go @@ -2,27 +2,26 @@ package extensione2e import ( "context" + "fmt" "os" "testing" "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/rand" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" catalogd "github.com/operator-framework/catalogd/api/core/v1alpha1" ocv1alpha1 "github.com/operator-framework/operator-controller/api/v1alpha1" - - "fmt" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/rand" ) func TestExtensionDeveloper(t *testing.T) {