@@ -27,6 +27,8 @@ import (
2727 "github.com/google/go-cmp/cmp"
2828
2929 "github.com/GoogleCloudPlatform/k8s-config-connector/dev/tools/controllerbuilder/pkg/codegen"
30+ _ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/register"
31+ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/registry"
3032 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/crd/crdloader"
3133 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test"
3234 testcontroller "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/test/controller"
@@ -36,6 +38,7 @@ import (
3638
3739 apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
3840 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
41+ "k8s.io/apimachinery/pkg/runtime/schema"
3942 "k8s.io/apimachinery/pkg/util/sets"
4043 "k8s.io/klog/v2"
4144 "sigs.k8s.io/yaml"
@@ -280,6 +283,79 @@ func TestCRDsAcronyms(t *testing.T) {
280283 test .CompareGoldenFile (t , "testdata/exceptions/acronyms.txt" , want )
281284}
282285
286+ // Enforces that required labels are present on our CRDs.
287+ func TestCRDRequiredLabels (t * testing.T ) {
288+ crds , err := crdloader .LoadAllCRDs ()
289+ if err != nil {
290+ t .Fatalf ("error loading crds: %v" , err )
291+ }
292+
293+ var errs []string
294+ for _ , crd := range crds {
295+ gk := schema.GroupKind {Group : crd .Spec .Group , Kind : crd .Spec .Names .Kind }
296+
297+ if gk .Group == "customize.core.cnrm.cloud.google.com" || gk .Group == "core.cnrm.cloud.google.com" {
298+ // TODO: What labels should these have?
299+ continue
300+ }
301+
302+ if crd .Labels ["cnrm.cloud.google.com/managed-by-kcc" ] != "true" {
303+ // TODO: Should probably be t.Errorf
304+ errs = append (errs , fmt .Sprintf ("[labels] crd=%s: missing label %q=%q" , crd .Name , "cnrm.cloud.google.com/managed-by-kcc" , "true" ))
305+ }
306+ if crd .Labels ["cnrm.cloud.google.com/system" ] != "true" {
307+ // TODO: Should probably be t.Errorf
308+ errs = append (errs , fmt .Sprintf ("[labels] crd=%s: missing label %q=%q" , crd .Name , "cnrm.cloud.google.com/system" , "true" ))
309+ }
310+ }
311+
312+ sort .Strings (errs )
313+
314+ want := strings .Join (errs , "\n " )
315+
316+ test .CompareGoldenFile (t , "testdata/exceptions/labels.txt" , want )
317+ }
318+
319+ // Enforces that reconciler labels (TF/DCL) are consistent on our CRDs.
320+ func TestCRDReconcilerLabels (t * testing.T ) {
321+ crds , err := crdloader .LoadAllCRDs ()
322+ if err != nil {
323+ t .Fatalf ("error loading crds: %v" , err )
324+ }
325+
326+ var errs []string
327+ for _ , crd := range crds {
328+ gk := schema.GroupKind {Group : crd .Spec .Group , Kind : crd .Spec .Names .Kind }
329+
330+ if gk .Group == "customize.core.cnrm.cloud.google.com" || gk .Group == "core.cnrm.cloud.google.com" {
331+ continue
332+ }
333+
334+ hasTF := crd .Labels ["cnrm.cloud.google.com/tf2crd" ] == "true"
335+ hasDCL := crd .Labels ["cnrm.cloud.google.com/dcl2crd" ] == "true"
336+ if hasTF && hasDCL {
337+ errs = append (errs , fmt .Sprintf ("[labels] crd=%s: has both TF and DCL labels" , crd .Name ))
338+ }
339+
340+ if registry .IsDirectByGK (gk ) {
341+ if hasDCL {
342+ errs = append (errs , fmt .Sprintf ("[labels] crd=%s: is direct but has DCL label" , crd .Name ))
343+ }
344+ if hasTF {
345+ errs = append (errs , fmt .Sprintf ("[labels] crd=%s: is direct but has TF label" , crd .Name ))
346+ }
347+ } else if ! hasTF && ! hasDCL {
348+ errs = append (errs , fmt .Sprintf ("[labels] crd=%s: is not direct but has no TF or DCL labels" , crd .Name ))
349+ }
350+ }
351+
352+ sort .Strings (errs )
353+
354+ want := strings .Join (errs , "\n " )
355+
356+ test .CompareGoldenFile (t , "testdata/exceptions/reconciler-labels.txt" , want )
357+ }
358+
283359// Avoid passing sensitive data as plain text in the CRD
284360func TestNoSensitiveField (t * testing.T ) {
285361 crds , err := crdloader .LoadAllCRDs ()
0 commit comments