add admin test

However, this test is behaving in a way that I don't like. I am noticing that the predicate checks
are not working like I would like them to (can they fail?). Need to revisit.

Author: mplsgrant

test/data/admin/namespaces/two_namespaces_two_users/namespace-defaults.yaml

@@ -0,0 +1,18 @@
+users:
+  - name: warnet-user
+    roles:
+      - pod-viewer
+      - pod-manager
+# the pod-viewer and pod-manager roles are the default
+# roles defined in values.yaml for the namespaces charts
+#
+# if you need a different set of roles for a particular namespaces
+# deployment, you can override values.yaml by providing your own
+# role definitions below
+#
+# roles:
+#   - name: my-custom-role
+#     rules:
+#      - apiGroups: ""
+#        resources: ""
+#        verbs: ""

test/data/admin/namespaces/two_namespaces_two_users/namespaces.yaml

@@ -0,0 +1,19 @@
+namespaces:
+  - name: wargames-red-team
+    users:
+      - name: alice
+        roles:
+          - pod-viewer
+      - name: bob
+        roles:
+          - pod-viewer
+          - pod-manager
+  - name: wargames-blue-team
+    users:
+      - name: mallory
+        roles:
+          - pod-viewer
+      - name: carol
+        roles:
+          - pod-viewer
+          - pod-manager

test/data/admin/networks/6_node_bitcoin/network.yaml

@@ -0,0 +1,34 @@
+nodes:
+  - name: tank-0001
+    image:
+      tag: "26.0"
+    connect:
+      - tank-0002
+      - tank-0003
+  - name: tank-0002
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    connect:
+      - tank-0003
+      - tank-0004
+  - name: tank-0003
+    connect:
+      - tank-0004
+      - tank-0005
+  - name: tank-0004
+    connect:
+      - tank-0005
+      - tank-0006
+  - name: tank-0005
+    connect:
+      - tank-0006
+  - name: tank-0006
+fork_observer:
+  enabled: true
+caddy:
+  enabled: true

test/data/admin/networks/6_node_bitcoin/node-defaults.yaml

@@ -0,0 +1,26 @@
+chain: regtest
+
+collectLogs: true
+metricsExport: true
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+image:
+  repository: bitcoindevproject/bitcoin
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "27.0"
+
+config: |
+  dns=1
+  debug=rpc

test/namespace_admin_test.py

@@ -0,0 +1,90 @@
+#!/usr/bin/env python3
+
+import os
+from pathlib import Path
+from typing import Optional
+
+from test_base import TestBase
+
+
+class NamespaceAdminTest(TestBase):
+    def __init__(self):
+        super().__init__()
+        self.namespace_dir = (
+            Path(os.path.dirname(__file__))
+            / "data"
+            / "admin"
+            / "namespaces"
+            / "two_namespaces_two_users"
+        )
+
+    def run_test(self):
+        try:
+            self.setup_namespaces()
+            self.setup_service_accounts()
+        except Exception as e:
+            self.log.info(e)
+        finally:
+            self.cleanup()
+
+    def setup_namespaces(self):
+        self.log.info("Setting up the namespaces")
+        self.log.info(self.warnet(f"deploy {self.namespace_dir}"))
+        self.wait_for_predicate(lambda: self.two_namespaces_are_validated)
+
+    def setup_service_accounts(self):
+        self.log.info(self.warnet("admin create-kubeconfigs"))
+        self.wait_for_predicate(lambda: self.service_accounts_are_validated)
+
+    def get_service_accounts(self) -> Optional[list[dict[str, str]]]:
+        self.log.info("Setting up service accounts")
+        resp = self.warnet("admin service-accounts list")
+        if resp == "Could not find any matching service accounts.":
+            return None
+        service_accounts = {}
+        current_namespace = ""
+        for line in resp.splitlines():
+            if line.startswith("Service"):
+                current_namespace = line.split(": ")[1]
+                service_accounts[current_namespace] = []
+            if line.startswith("- "):
+                sa = line.lstrip("- ")
+                service_accounts[current_namespace].append(sa)
+        self.log.info(f"Service accounts: {service_accounts}")
+        return service_accounts
+
+    def service_accounts_are_validated(self) -> bool:
+        maybe_service_accounts = self.get_service_accounts()
+        expected = {
+            "gary": [],
+            "wargames-blue-team": ["carol", "default", "mallory"],
+            "wargames-red-team": ["alice", "bob", "default"],
+        }
+        return maybe_service_accounts == expected
+
+    def get_namespaces(self) -> Optional[list[str]]:
+        resp = self.warnet("warnet admin namespaces list")
+        if resp == "No warnet namespaces found.":
+            return None
+
+        namespaces = []
+        self.log.info(namespaces)
+        for line in resp.splitlines():
+            namespaces.append(line.lstrip("- "))
+        self.log.info(f"Namespaces: {namespaces}")
+        return namespaces
+
+    def two_namespaces_are_validated(self) -> bool:
+        maybe_namespaces = self.get_namespaces()
+        if maybe_namespaces is None:
+            return False
+        if len(maybe_namespaces) != 2:
+            return False
+        if "wargames-blue-team" not in maybe_namespaces:
+            return False
+        return "wargames-red-team" in maybe_namespaces
+
+
+if __name__ == "__main__":
+    test = NamespaceAdminTest()
+    test.run_test()