Add DevWorkspace controller tests for automount functionality

Add test cases covering automatic mounting of image pull secrets,
configmaps/secrets, git credentials.

Signed-off-by: Angel Misevski <[email protected]>

Author: amisevsk

controllers/workspace/devworkspace_controller_test.go

@@ -286,4 +286,239 @@ var _ = Describe("DevWorkspace Controller", func() {
 		})
 
 	})
+
+	Context("Automatic provisioning", func() {
+		const testURL = "test-url"
+
+		BeforeEach(func() {
+			workspacecontroller.SetupHttpClientsForTesting(&http.Client{
+				Transport: &testutil.TestRoundTripper{
+					Data: map[string]testutil.TestResponse{
+						fmt.Sprintf("%s/healthz", testURL): {
+							StatusCode: http.StatusOK,
+						},
+					},
+				},
+			})
+			createDevWorkspace("test-devworkspace.yaml")
+		})
+
+		AfterEach(func() {
+			deleteDevWorkspace(devWorkspaceName)
+			workspacecontroller.SetupHttpClientsForTesting(getBasicTestHttpClient())
+		})
+
+		It("Mounts image pull secrets to the DevWorkspace Deployment", func() {
+			devworkspace := getExistingDevWorkspace()
+			workspaceID := devworkspace.Status.DevWorkspaceId
+
+			By("Creating secrets for docker configs")
+			dockerCfgSecretName := "test-dockercfg"
+			dockerCfg := generateSecret(dockerCfgSecretName, corev1.SecretTypeDockercfg)
+			dockerCfg.Labels[constants.DevWorkspacePullSecretLabel] = "true"
+			dockerCfg.Data[".dockercfg"] = []byte("{}")
+			createObject(dockerCfg)
+			defer deleteObject(dockerCfg)
+
+			dockerCfgSecretJsonName := "test-dockercfg-json"
+			dockerCfgJson := generateSecret(dockerCfgSecretJsonName, corev1.SecretTypeDockerConfigJson)
+			dockerCfgJson.Labels[constants.DevWorkspacePullSecretLabel] = "true"
+			dockerCfgJson.Data[".dockerconfigjson"] = []byte("{}")
+			createObject(dockerCfgJson)
+			defer deleteObject(dockerCfgJson)
+
+			By("Manually making Routing ready to continue")
+			markRoutingReady(testURL, common.DevWorkspaceRoutingName(workspaceID))
+
+			deploy := &appsv1.Deployment{}
+			deployNN := types.NamespacedName{
+				Name:      common.DeploymentName(workspaceID),
+				Namespace: testNamespace,
+			}
+			Eventually(func() error {
+				return k8sClient.Get(ctx, deployNN, deploy)
+			}, timeout, interval).Should(Succeed(), "Getting workspace deployment from cluster")
+
+			Expect(deploy.Spec.Template.Spec.ImagePullSecrets).Should(ContainElement(corev1.LocalObjectReference{Name: dockerCfgSecretName}))
+			Expect(deploy.Spec.Template.Spec.ImagePullSecrets).Should(ContainElement(corev1.LocalObjectReference{Name: dockerCfgSecretJsonName}))
+		})
+
+		It("Manages git credentials for DevWorkspace", func() {
+			devworkspace := getExistingDevWorkspace()
+			workspaceID := devworkspace.Status.DevWorkspaceId
+
+			By("Creating a secret for git credentials")
+			gitCredentialsSecretName := "test-git-credentials"
+			gitCredentials := generateSecret(gitCredentialsSecretName, corev1.SecretTypeOpaque)
+			gitCredentials.Labels[constants.DevWorkspaceGitCredentialLabel] = "true"
+			gitCredentials.Annotations[constants.DevWorkspaceMountPathAnnotation] = "/test/path"
+			gitCredentials.Data["credentials"] = []byte("https://username:[email protected]")
+
+			createObject(gitCredentials)
+			defer deleteObject(gitCredentials)
+
+			By("Manually making Routing ready to continue")
+			markRoutingReady(testURL, common.DevWorkspaceRoutingName(workspaceID))
+
+			deploy := &appsv1.Deployment{}
+			deployNN := types.NamespacedName{
+				Name:      common.DeploymentName(workspaceID),
+				Namespace: testNamespace,
+			}
+			Eventually(func() error {
+				return k8sClient.Get(ctx, deployNN, deploy)
+			}, timeout, interval).Should(Succeed(), "Getting workspace deployment from cluster")
+
+			modeReadOnly := int32(0640)
+			gitconfigVolumeName := common.AutoMountConfigMapVolumeName("devworkspace-gitconfig")
+			gitconfigVolume := corev1.Volume{
+				Name: gitconfigVolumeName,
+				VolumeSource: corev1.VolumeSource{
+					ConfigMap: &corev1.ConfigMapVolumeSource{
+						LocalObjectReference: corev1.LocalObjectReference{Name: "devworkspace-gitconfig"},
+						DefaultMode:          &modeReadOnly,
+					},
+				},
+			}
+			gitConfigVolumeMount := corev1.VolumeMount{
+				Name:      gitconfigVolumeName,
+				ReadOnly:  false,
+				MountPath: "/etc/gitconfig",
+				SubPath:   "gitconfig",
+			}
+			gitCredentialsVolumeName := common.AutoMountSecretVolumeName("devworkspace-merged-git-credentials")
+			gitCredentialsVolume := corev1.Volume{
+				Name: gitCredentialsVolumeName,
+				VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName:  "devworkspace-merged-git-credentials",
+						DefaultMode: &modeReadOnly,
+					},
+				},
+			}
+			gitCredentialsVolumeMount := corev1.VolumeMount{
+				Name:      gitCredentialsVolumeName,
+				ReadOnly:  true,
+				MountPath: "/test/path/credentials",
+				SubPath:   "credentials",
+			}
+
+			volumes := deploy.Spec.Template.Spec.Volumes
+			Expect(volumes).Should(ContainElements(gitconfigVolume, gitCredentialsVolume), "Git credentials should be mounted as volumes in Deployment")
+			for _, container := range deploy.Spec.Template.Spec.Containers {
+				Expect(container.VolumeMounts).Should(ContainElements(gitConfigVolumeMount, gitCredentialsVolumeMount))
+			}
+		})
+
+		It("Automounts secrets and configmaps volumes", func() {
+			devworkspace := getExistingDevWorkspace()
+			workspaceID := devworkspace.Status.DevWorkspaceId
+
+			By("Creating a automount secrets and configmaps")
+			fileCM := generateConfigMap("file-cm")
+			fileCM.Labels[constants.DevWorkspaceMountLabel] = "true"
+			fileCM.Annotations[constants.DevWorkspaceMountPathAnnotation] = "/file/cm"
+			createObject(fileCM)
+			defer deleteObject(fileCM)
+
+			subpathCM := generateConfigMap("subpath-cm")
+			subpathCM.Labels[constants.DevWorkspaceMountLabel] = "true"
+			subpathCM.Annotations[constants.DevWorkspaceMountPathAnnotation] = "/subpath/cm"
+			subpathCM.Annotations[constants.DevWorkspaceMountAsAnnotation] = "subpath"
+			subpathCM.Data["testdata1"] = "testValue"
+			subpathCM.Data["testdata2"] = "testValue"
+			createObject(subpathCM)
+			defer deleteObject(subpathCM)
+
+			fileSecret := generateSecret("file-secret", corev1.SecretTypeOpaque)
+			fileSecret.Labels[constants.DevWorkspaceMountLabel] = "true"
+			fileSecret.Annotations[constants.DevWorkspaceMountPathAnnotation] = "/file/secret"
+			createObject(fileSecret)
+			defer deleteObject(fileSecret)
+
+			subpathSecret := generateSecret("subpath-secret", corev1.SecretTypeOpaque)
+			subpathSecret.Labels[constants.DevWorkspaceMountLabel] = "true"
+			subpathSecret.Annotations[constants.DevWorkspaceMountPathAnnotation] = "/subpath/secret"
+			subpathSecret.Annotations[constants.DevWorkspaceMountAsAnnotation] = "subpath"
+			subpathSecret.Data["testsecret"] = []byte("testValue")
+			createObject(subpathSecret)
+			defer deleteObject(subpathSecret)
+
+			By("Manually making Routing ready to continue")
+			markRoutingReady(testURL, common.DevWorkspaceRoutingName(workspaceID))
+
+			deploy := &appsv1.Deployment{}
+			deployNN := types.NamespacedName{
+				Name:      common.DeploymentName(workspaceID),
+				Namespace: testNamespace,
+			}
+			Eventually(func() error {
+				return k8sClient.Get(ctx, deployNN, deploy)
+			}, timeout, interval).Should(Succeed(), "Getting workspace deployment from cluster")
+
+			expectedAutomountVolumes := []corev1.Volume{
+				volumeFromConfigMap(fileCM),
+				volumeFromConfigMap(subpathCM),
+				volumeFromSecret(fileSecret),
+				volumeFromSecret(subpathSecret),
+			}
+			Expect(deploy.Spec.Template.Spec.Volumes).Should(ContainElements(expectedAutomountVolumes), "Automount volumes should be added to deployment")
+			expectedAutomountVolumeMounts := []corev1.VolumeMount{
+				volumeMountFromConfigMap(fileCM, "/file/cm", ""),
+				volumeMountFromConfigMap(subpathCM, "/subpath/cm", "testdata1"),
+				volumeMountFromConfigMap(subpathCM, "/subpath/cm", "testdata2"),
+				volumeMountFromSecret(fileSecret, "/file/secret", ""),
+				volumeMountFromSecret(subpathSecret, "/subpath/secret", "testsecret"),
+			}
+			for _, container := range deploy.Spec.Template.Spec.Containers {
+				Expect(container.VolumeMounts).Should(ContainElements(expectedAutomountVolumeMounts), "Automount volumeMounts should be added to all containers")
+			}
+		})
+
+		It("Automounts secrets and configmaps env vars", func() {
+			devworkspace := getExistingDevWorkspace()
+			workspaceID := devworkspace.Status.DevWorkspaceId
+
+			By("Creating a automount secrets and configmaps")
+			cm := generateConfigMap("env-cm")
+			cm.Labels[constants.DevWorkspaceMountLabel] = "true"
+			cm.Annotations[constants.DevWorkspaceMountAsAnnotation] = "env"
+			createObject(cm)
+			defer deleteObject(cm)
+
+			secret := generateSecret("env-secret", corev1.SecretTypeOpaque)
+			secret.Labels[constants.DevWorkspaceMountLabel] = "true"
+			secret.Annotations[constants.DevWorkspaceMountAsAnnotation] = "env"
+			createObject(secret)
+			defer deleteObject(secret)
+
+			By("Manually making Routing ready to continue")
+			markRoutingReady(testURL, common.DevWorkspaceRoutingName(workspaceID))
+			deploy := &appsv1.Deployment{}
+			deployNN := types.NamespacedName{
+				Name:      common.DeploymentName(workspaceID),
+				Namespace: testNamespace,
+			}
+			Eventually(func() error {
+				return k8sClient.Get(ctx, deployNN, deploy)
+			}, timeout, interval).Should(Succeed(), "Getting workspace deployment from cluster")
+
+			expectedEnvFromSources := []corev1.EnvFromSource{
+				{
+					ConfigMapRef: &corev1.ConfigMapEnvSource{
+						LocalObjectReference: corev1.LocalObjectReference{Name: cm.Name},
+					},
+				},
+				{
+					SecretRef: &corev1.SecretEnvSource{
+						LocalObjectReference: corev1.LocalObjectReference{Name: secret.Name},
+					},
+				},
+			}
+			for _, container := range deploy.Spec.Template.Spec.Containers {
+				Expect(container.EnvFrom).Should(ContainElements(expectedEnvFromSources), "Automounted env sources should be added to containers")
+			}
+		})
+	})
+
 })

controllers/workspace/util_test.go

@@ -14,12 +14,17 @@
 package controllers_test
 
 import (
+	"path"
 	"time"
 
 	dw "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2"
 	controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
+	"github.com/devfile/devworkspace-operator/pkg/common"
+	"github.com/devfile/devworkspace-operator/pkg/constants"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	crclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	appsv1 "k8s.io/api/apps/v1"
 	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
@@ -90,6 +95,21 @@ func deleteDevWorkspace(name string) {
 	}).Should(BeTrue(), "DevWorkspace not deleted after timeout")
 }
 
+func createObject(obj crclient.Object) {
+	Expect(k8sClient.Create(ctx, obj)).Should(Succeed())
+	Eventually(func() error {
+		return k8sClient.Get(ctx, types.NamespacedName{Name: obj.GetName(), Namespace: obj.GetNamespace()}, obj)
+	}, 10*time.Second, 250*time.Millisecond).Should(Succeed(), "Creating %s with name %s", obj.GetObjectKind(), obj.GetName())
+}
+
+func deleteObject(obj crclient.Object) {
+	Expect(k8sClient.Delete(ctx, obj)).Should(Succeed())
+	Eventually(func() bool {
+		err := k8sClient.Get(ctx, types.NamespacedName{Name: obj.GetName(), Namespace: obj.GetNamespace()}, obj)
+		return k8sErrors.IsNotFound(err)
+	}, 10*time.Second, 250*time.Millisecond).Should(BeTrue(), "Deleting %s with name %s", obj.GetObjectKind(), obj.GetName())
+}
+
 func markRoutingReady(mainUrl, routingName string) {
 	namespacedName := types.NamespacedName{
 		Name:      routingName,
@@ -148,3 +168,82 @@ func devworkspaceOwnerRef(wksp *dw.DevWorkspace) metav1.OwnerReference {
 		BlockOwnerDeletion: &boolTrue,
 	}
 }
+
+func generateSecret(name string, secretType corev1.SecretType) *corev1.Secret {
+	return &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: testNamespace,
+			Labels: map[string]string{
+				constants.DevWorkspaceWatchSecretLabel: "true",
+			},
+			Annotations: map[string]string{},
+		},
+		Type: secretType,
+		Data: map[string][]byte{},
+	}
+}
+
+func generateConfigMap(name string) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: testNamespace,
+			Labels: map[string]string{
+				constants.DevWorkspaceWatchConfigMapLabel: "true",
+			},
+			Annotations: map[string]string{},
+		},
+		Data: map[string]string{},
+	}
+}
+
+func volumeFromSecret(secret *corev1.Secret) corev1.Volume {
+	modeReadOnly := int32(0640)
+	return corev1.Volume{
+		Name: common.AutoMountSecretVolumeName(secret.Name),
+		VolumeSource: corev1.VolumeSource{
+			Secret: &corev1.SecretVolumeSource{
+				SecretName:  secret.Name,
+				DefaultMode: &modeReadOnly,
+			},
+		},
+	}
+}
+
+func volumeFromConfigMap(cm *corev1.ConfigMap) corev1.Volume {
+	modeReadOnly := int32(0640)
+	return corev1.Volume{
+		Name: common.AutoMountConfigMapVolumeName(cm.Name),
+		VolumeSource: corev1.VolumeSource{
+			ConfigMap: &corev1.ConfigMapVolumeSource{
+				LocalObjectReference: corev1.LocalObjectReference{Name: cm.Name},
+				DefaultMode:          &modeReadOnly,
+			},
+		},
+	}
+}
+
+func volumeMountFromSecret(secret *corev1.Secret, mountPath, subPath string) corev1.VolumeMount {
+	if subPath != "" {
+		mountPath = path.Join(mountPath, subPath)
+	}
+	return corev1.VolumeMount{
+		Name:      common.AutoMountSecretVolumeName(secret.Name),
+		ReadOnly:  true,
+		MountPath: mountPath,
+		SubPath:   subPath,
+	}
+}
+
+func volumeMountFromConfigMap(cm *corev1.ConfigMap, mountPath, subPath string) corev1.VolumeMount {
+	if subPath != "" {
+		mountPath = path.Join(mountPath, subPath)
+	}
+	return corev1.VolumeMount{
+		Name:      common.AutoMountConfigMapVolumeName(cm.Name),
+		ReadOnly:  true,
+		MountPath: mountPath,
+		SubPath:   subPath,
+	}
+}