test: adopt-or-create for IAM Policy (#135)

michaelhtm · web-flow · commit 52217f7d9452 · 2025-05-19T22:49:39.000Z
Issue [#2459](aws-controllers-k8s/community#2459): Description of changes: Ensure Policy ARN is in cr after adopt-or-create of an existing resource By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
diff --git a/test/e2e/requirements.txt b/test/e2e/requirements.txt
@@ -1 +1 @@
-acktest @ git+https://github.com/aws-controllers-k8s/test-infra.git@371852014efcb8c26c454f861eb546c93a48f205
+acktest @ git+https://github.com/aws-controllers-k8s/test-infra.git@10ce1ccf0f723933960e04c972808d9b4015ba50
diff --git a/test/e2e/resources/policy_adopt.yaml b/test/e2e/resources/policy_adopt.yaml
diff --git a/test/e2e/resources/policy_adopt_or_create.yaml b/test/e2e/resources/policy_adopt_or_create.yaml
@@ -0,0 +1,23 @@
+apiVersion: iam.services.k8s.aws/v1alpha1
+kind: Policy
+metadata:
+  name: $POLICY_ADOPTION_NAME
+  annotations:
+    services.k8s.aws/adoption-policy: $ADOPTION_POLICY
+    services.k8s.aws/adoption-fields: "$ADOPTION_FIELDS"
+    services.k8s.aws/deletion-policy: retain
+spec:
+  name: $POLICY_ADOPTION_NAME
+  policyDocument: |
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:ListBucket",
+                ],
+                "Resource": "*"
+            }
+        ]
+    }
diff --git a/test/e2e/tests/test_policy.py b/test/e2e/tests/test_policy.py
@@ -18,9 +18,11 @@
 
 import pytest
 
+from enum import Enum
 from acktest.k8s import condition
 from acktest.k8s import resource as k8s
 from acktest.resources import random_suffix_name
+from acktest.adoption import ADOPT_ADOPTION_POLICY, ADOPT_OR_CREATE_ADOPTION_POLICY
 from e2e import service_marker, CRD_GROUP, CRD_VERSION, load_resource
 from e2e.bootstrap_resources import get_bootstrap_resources
 from e2e.common.types import POLICY_RESOURCE_PLURAL
@@ -35,7 +37,6 @@
 MODIFY_WAIT_AFTER_SECONDS = 20
 CREATE_WAIT_AFTER_SECONDS = 10
 
-
 @pytest.fixture(scope="module")
 def simple_policy():
     policy_name = random_suffix_name("my-simple-policy", 24)
@@ -79,17 +80,30 @@ def simple_policy():
 
     policy.wait_until_deleted(policy_arn)
 
-@pytest.fixture(scope="module")
-def adopt_policy():
-    resource_arn = get_bootstrap_resources().AdoptedPolicy.arns[0]
-    resource_name = random_suffix_name("adopted-policy", 24)
+@pytest.fixture
+def adopt_policy(request):
+    filename = ""
+    resource_name = ""
     replacements = REPLACEMENT_VALUES.copy()
+
+    marker = request.node.get_closest_marker("resource_data")
+    assert marker is not None
+    data = marker.args[0]
+    assert 'adoption-policy' in data
+    replacements["ADOPTION_POLICY"] = data['adoption-policy']
+    assert 'filename' in data
+    filename = data['filename']
+    assert 'resource_name' in data
+    resource_name = data['resource_name']
+
+    resource_name = random_suffix_name(resource_name, 24)
+    resource_arn = get_bootstrap_resources().AdoptedPolicy.arns[0]
     replacements["POLICY_ADOPTION_NAME"] = resource_name
-    replacements["ADOPTION_POLICY"] = "adopt"
     replacements["ADOPTION_FIELDS"] = f"{{\\\"arn\\\": \\\"{resource_arn}\\\"}}"
+    replacements["POLICY_ADOPTION_NAME"] = resource_name
 
     resource_data = load_resource(
-        "policy_adoption",
+        filename,
         additional_replacements=replacements,
     )    
 
@@ -227,10 +241,11 @@ def test_crud(self, simple_policy):
         after_doc = after_pv["Document"]
         assert after_doc == new_policy_doc
 
+    @pytest.mark.resource_data({'adoption-policy': ADOPT_ADOPTION_POLICY, 'filename': 'policy_adopt', 'resource_name': 'adopt'})
     def test_policy_adopt_update(self, adopt_policy):
         ref, cr, policy_arn = adopt_policy
 
-        condition.assert_synced(ref)
+        k8s.wait_on_condition(ref, "ACK.ResourceSynced", "True", wait_periods=5)
 
         assert cr is not None
         assert 'status' in cr
@@ -262,3 +277,17 @@ def test_policy_adopt_update(self, adopt_policy):
 
         policy_doc = policy.get_version(policy_arn, "v2")["Document"]
         assert policy_doc == new_policy_doc
+
+    @pytest.mark.resource_data({'adoption-policy': ADOPT_OR_CREATE_ADOPTION_POLICY, 'filename': 'policy_adopt_or_create', 'resource_name': 'adopt-or-create'})
+    def test_policy_adopt_or_create(self, adopt_policy):
+        ref, cr, policy_arn = adopt_policy
+
+        k8s.wait_on_condition(ref, "ACK.ResourceSynced", "True", wait_periods=5)
+
+        assert cr is not None
+        assert 'status' in cr
+        assert 'defaultVersionID' in cr['status']
+        assert cr['status']['defaultVersionID'] == 'v1'
+        assert 'ackResourceMetadata' in cr['status']
+        assert 'arn' in cr['status']['ackResourceMetadata']
+        assert cr['status']['ackResourceMetadata']['arn'] == policy_arn

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-acktest @ git+https://github.com/aws-controllers-k8s/test-infra.git@371852014efcb8c26c454f861eb546c93a48f205`
	`1`	`+acktest @ git+https://github.com/aws-controllers-k8s/test-infra.git@10ce1ccf0f723933960e04c972808d9b4015ba50`