diff --git a/go.mod b/go.mod index fbdaab3..8bf81c9 100644 --- a/go.mod +++ b/go.mod @@ -9,8 +9,8 @@ require ( github.com/fluxcd/pkg/apis/meta v1.22.0 github.com/fluxcd/source-controller/api v1.7.2 github.com/openmcp-project/controller-utils v0.23.1 - github.com/openmcp-project/openmcp-operator/api v0.15.1 - github.com/openmcp-project/openmcp-operator/lib v0.15.1 + github.com/openmcp-project/openmcp-operator/api v0.15.2 + github.com/openmcp-project/openmcp-operator/lib v0.15.3-0.20251017065940-637b58a6e264 github.com/openmcp-project/platform-service-dns/api v0.0.2 github.com/spf13/cobra v1.10.1 k8s.io/api v0.34.1 @@ -106,7 +106,7 @@ require ( k8s.io/component-base v0.34.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect - k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // indirect + k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect diff --git a/go.sum b/go.sum index e38fd8d..f9809a1 100644 --- a/go.sum +++ b/go.sum @@ -121,10 +121,10 @@ github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/openmcp-project/controller-utils v0.23.1 h1:suuZ9UWJbSE/LbpZCtzpHg6FOqU7BkR4bq6cEAYykyc= github.com/openmcp-project/controller-utils v0.23.1/go.mod h1:fU16gy7PHCqMtNaH/nAnHJyGM1SI5ZUiyQcUwrPy2TQ= -github.com/openmcp-project/openmcp-operator/api v0.15.1 h1:xjVQG9zt+QGuSyhGCE0HV0ZCVS9KTX71JALoCUM4BRU= -github.com/openmcp-project/openmcp-operator/api v0.15.1/go.mod h1:eaJf9f3D/SuSF8souPpatSxt67FJkyGFYfKGIEQ2qvA= -github.com/openmcp-project/openmcp-operator/lib v0.15.1 h1:Sqb60JylpodWhhaKAbb4Uk33j/LufimDt9JyfSRnRAM= -github.com/openmcp-project/openmcp-operator/lib v0.15.1/go.mod h1:apLlI2djouLHfv/ZrZM7KoFZwXDTi0GcYQbVVdvRRDw= +github.com/openmcp-project/openmcp-operator/api v0.15.2 h1:Ujf0NLysUSj0Wiel3qnroDcnnHCXMEpbFd0a9rkZoxY= +github.com/openmcp-project/openmcp-operator/api v0.15.2/go.mod h1:0KytEWVi1Gw5SEjyclhNZmUXks+SqbivLW10fDe7vL4= +github.com/openmcp-project/openmcp-operator/lib v0.15.3-0.20251017065940-637b58a6e264 h1:Tb9voXDeiYc4vnkMwEFX7Np9tZQk1XpV6FQ4YB0QcTs= +github.com/openmcp-project/openmcp-operator/lib v0.15.3-0.20251017065940-637b58a6e264/go.mod h1:D/CwGD8NjUHba4PAIzEHFi/FNoj4xcnOb6F2qwcAaIc= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -286,8 +286,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaCjDbf07wVh6yaUlTpunnkE= k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= -k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y= diff --git a/internal/controllers/cluster/controller.go b/internal/controllers/cluster/controller.go index 5391624..c5567f2 100644 --- a/internal/controllers/cluster/controller.go +++ b/internal/controllers/cluster/controller.go @@ -16,12 +16,10 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" @@ -37,13 +35,14 @@ import ( ctrlutils "github.com/openmcp-project/controller-utils/pkg/controller" errutils "github.com/openmcp-project/controller-utils/pkg/errors" "github.com/openmcp-project/controller-utils/pkg/logging" + testutils "github.com/openmcp-project/controller-utils/pkg/testing" clustersv1alpha1 "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1" clusterconst "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1/constants" commonapi "github.com/openmcp-project/openmcp-operator/api/common" openmcpconst "github.com/openmcp-project/openmcp-operator/api/constants" providerv1alpha1 "github.com/openmcp-project/openmcp-operator/api/provider/v1alpha1" - accesslib "github.com/openmcp-project/openmcp-operator/lib/clusteraccess" + accesslib "github.com/openmcp-project/openmcp-operator/lib/clusteraccess/advanced" dnsv1alpha1 "github.com/openmcp-project/platform-service-dns/api/dns/v1alpha1" ) @@ -56,17 +55,19 @@ const ( SourceKindHelmRepository = "HelmRepository" SourceKindGitRepository = "GitRepository" SourceKindOCIRepository = "OCIRepository" + + clusterId = "cluster" ) type ClusterReconciler struct { - PlatformCluster *clusters.Cluster - eventRecorder record.EventRecorder - ProviderName string - ProviderNamespace string - Environment string - KnownClusters map[types.NamespacedName]struct{} - KnownClustersLock *sync.RWMutex - FakeClientMappings map[string]client.Client // only used for testing + PlatformCluster *clusters.Cluster + eventRecorder record.EventRecorder + ProviderName string + ProviderNamespace string + Environment string + KnownClusters map[types.NamespacedName]struct{} + KnownClustersLock *sync.RWMutex + ClusterAccessReconciler accesslib.ClusterAccessReconciler } func NewClusterReconciler(platformCluster *clusters.Cluster, recorder record.EventRecorder, providerName, providerNamespace, environment string) *ClusterReconciler { @@ -78,6 +79,22 @@ func NewClusterReconciler(platformCluster *clusters.Cluster, recorder record.Eve Environment: environment, KnownClusters: map[types.NamespacedName]struct{}{}, KnownClustersLock: &sync.RWMutex{}, + ClusterAccessReconciler: accesslib.NewClusterAccessReconciler(platformCluster.Client(), ControllerName). + WithManagedLabels(func(controllerName string, req reconcile.Request, _ accesslib.ClusterRegistration) (string, string, map[string]string) { + return fmt.Sprintf("%s.%s", providerName, controllerName), req.Name, nil + }). + Register(accesslib.ExistingCluster(clusterId, "", accesslib.IdentityReferenceGenerator). + WithTokenAccess(&clustersv1alpha1.TokenConfig{ + RoleRefs: []commonapi.RoleRef{ + { + Kind: "ClusterRole", + Name: "cluster-admin", + }, + }, + }). + WithNamespaceGenerator(accesslib.RequestNamespaceGenerator). + Build(), + ), } } @@ -223,80 +240,28 @@ func (r *ClusterReconciler) handleCreateOrUpdate(ctx context.Context, c *cluster r.addKnownCluster(c) log.Info("Creating or updating AccessRequest to get access to Cluster") - ar := &clustersv1alpha1.AccessRequest{} - ar.SetName(accesslib.StableRequestNameFromLocalName(ControllerName, c.Name)) - ar.SetNamespace(c.Namespace) - if _, err := controllerutil.CreateOrUpdate(ctx, r.PlatformCluster.Client(), ar, func() error { - if err := controllerutil.SetOwnerReference(c, ar, r.PlatformCluster.Scheme()); err != nil { - return fmt.Errorf("error setting owner reference: %w", err) - } - ar.Labels = maputils.Merge(ar.Labels, expectedLabels) - ar.Spec.ClusterRef = &commonapi.ObjectReference{ - Name: c.Name, - Namespace: c.Namespace, - } - ar.Spec.Token = &clustersv1alpha1.TokenConfig{ - RoleRefs: []commonapi.RoleRef{ - { - Kind: "ClusterRole", - Name: "cluster-admin", - }, - }, - } - return nil - }); err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error creating or updating AccessRequest '%s/%s': %w", ar.Namespace, ar.Name, err), clusterconst.ReasonPlatformClusterInteractionProblem) - return rr - } - if err := r.PlatformCluster.Client().Get(ctx, client.ObjectKeyFromObject(ar), ar); err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error getting AccessRequest '%s/%s': %w", ar.Namespace, ar.Name, err), clusterconst.ReasonPlatformClusterInteractionProblem) + req := testutils.RequestFromObject(c) + res, err := r.ClusterAccessReconciler.Reconcile(ctx, req) + if err != nil { + rr.ReconcileError = errutils.WithReason(fmt.Errorf("error reconciling cluster access: %w", err), clusterconst.ReasonInternalError) return rr } - if ar.Status.IsDenied() { - rr.Message = fmt.Sprintf("AccessRequest '%s/%s' was denied, unable to proceed with deploying DNS configuration", ar.Namespace, ar.Name) + if res.RequeueAfter > 0 { + log.Info("Requeuing because cluster access is not yet available", "after", res.RequeueAfter) + rr.Result = res return rr } - if !ar.Status.IsGranted() { - rr.Message = fmt.Sprintf("AccessRequest '%s/%s' is not yet granted, waiting for access to be granted", ar.Namespace, ar.Name) - rr.Result.RequeueAfter = defaultRequeueAfterDuration - return rr + ar, err := r.ClusterAccessReconciler.AccessRequest(ctx, req, clusterId) + if err != nil { + rr.ReconcileError = errutils.WithReason(fmt.Errorf("error getting AccessRequest: %w", err), clusterconst.ReasonInternalError) } rr.AccessRequest = ar - - // get access to Cluster - if ar.Status.SecretRef == nil { - rr.Message = fmt.Sprintf("AccessRequest '%s/%s' does not have a secretRef in its status despite being granted", ar.Namespace, ar.Name) - return rr - } - sec := &corev1.Secret{} - sec.Name = ar.Status.SecretRef.Name - sec.Namespace = ar.Status.SecretRef.Namespace - if err := r.PlatformCluster.Client().Get(ctx, client.ObjectKeyFromObject(sec), sec); err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error getting secret '%s/%s' referenced by AccessRequest '%s/%s': %w", sec.Namespace, sec.Name, ar.Namespace, ar.Name, err), clusterconst.ReasonPlatformClusterInteractionProblem) + access, err := r.ClusterAccessReconciler.Access(ctx, req, clusterId) + if err != nil { + rr.ReconcileError = errutils.WithReason(fmt.Errorf("error getting access to Cluster: %w", err), clusterconst.ReasonInternalError) return rr } - kcfgData := sec.Data[clustersv1alpha1.SecretKeyKubeconfig] - if strings.HasPrefix(string(kcfgData), "fake:") && r.FakeClientMappings != nil { - log.Info("Using fake client for testing, this message should never appear outside of tests") - id := strings.TrimPrefix(string(kcfgData), "fake:") - fk := r.FakeClientMappings[id] - if fk == nil { - fk = fake.NewFakeClient() - r.FakeClientMappings[id] = fk - } - rr.Access = clusters.NewTestClusterFromClient(id, fk) - } else { - rest, err := clientcmd.RESTConfigFromKubeConfig(kcfgData) - if err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error creating REST config for Cluster from kubeconfig in secret '%s/%s': %w", sec.Namespace, sec.Name, err), clusterconst.ReasonInternalError) - return rr - } - rr.Access = clusters.New(ar.Name).WithRESTConfig(rest) - if err := rr.Access.InitializeClient(nil); err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error initializing client for Cluster from kubeconfig in secret '%s/%s': %w", sec.Namespace, sec.Name, err), clusterconst.ReasonInternalError) - return rr - } - } + rr.Access = access rr, copied := r.copySecrets(ctx, c.Namespace, expectedLabels, rr, platformClusterCopy) if rr.ReconcileError != nil || rr.Result.RequeueAfter > 0 { @@ -354,55 +319,19 @@ func (r *ClusterReconciler) handleDelete(ctx context.Context, c *clustersv1alpha } // get access to Cluster - accessRequestGone := false - ar := &clustersv1alpha1.AccessRequest{} - ar.SetName(accesslib.StableRequestNameFromLocalName(ControllerName, c.Name)) - ar.SetNamespace(c.Namespace) - if err := r.PlatformCluster.Client().Get(ctx, client.ObjectKeyFromObject(ar), ar); err != nil { - if !apierrors.IsNotFound(err) { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error getting AccessRequest '%s/%s': %w", ar.Namespace, ar.Name, err), clusterconst.ReasonPlatformClusterInteractionProblem) - return rr - } - accessRequestGone = true + req := testutils.RequestFromObject(c) + ar, err := r.ClusterAccessReconciler.AccessRequest(ctx, req, clusterId) + if client.IgnoreNotFound(err) != nil { + rr.ReconcileError = errutils.WithReason(fmt.Errorf("error getting AccessRequest: %w", err), clusterconst.ReasonInternalError) + return rr } - if !accessRequestGone && ar.Status.IsGranted() { - if ar.Status.SecretRef == nil { - rr.Message = fmt.Sprintf("AccessRequest '%s/%s' does not have a secretRef in its status despite being granted", ar.Namespace, ar.Name) - return rr - } - sec := &corev1.Secret{} - sec.Name = ar.Status.SecretRef.Name - sec.Namespace = ar.Status.SecretRef.Namespace - if err := r.PlatformCluster.Client().Get(ctx, client.ObjectKeyFromObject(sec), sec); err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error getting secret '%s/%s' referenced by AccessRequest '%s/%s': %w", sec.Namespace, sec.Name, ar.Namespace, ar.Name, err), clusterconst.ReasonPlatformClusterInteractionProblem) + if ar != nil && ar.Status.IsGranted() { + access, err := r.ClusterAccessReconciler.Access(ctx, req, clusterId) + if err != nil { + rr.ReconcileError = errutils.WithReason(fmt.Errorf("error getting access to Cluster: %w", err), clusterconst.ReasonInternalError) return rr } - kcfgData := sec.Data[clustersv1alpha1.SecretKeyKubeconfig] - if strings.HasPrefix(string(kcfgData), "fake:") && r.FakeClientMappings != nil { - log.Info("Using fake client for testing, this message should never appear outside of tests") - id := strings.TrimPrefix(string(kcfgData), "fake:") - fk := r.FakeClientMappings[id] - if fk == nil { - fk = fake.NewFakeClient() - r.FakeClientMappings[id] = fk - } - rr.Access = clusters.NewTestClusterFromClient(id, fk) - } else { - rest, err := clientcmd.RESTConfigFromKubeConfig(kcfgData) - if err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error creating REST config for Cluster from kubeconfig in secret '%s/%s': %w", sec.Namespace, sec.Name, err), clusterconst.ReasonInternalError) - return rr - } - rr.Access = clusters.New(ar.Name).WithRESTConfig(rest) - if err := rr.Access.InitializeRESTConfig(); err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error initializing REST config for Cluster from kubeconfig in secret '%s/%s': %w", sec.Namespace, sec.Name, err), clusterconst.ReasonInternalError) - return rr - } - if err := rr.Access.InitializeClient(nil); err != nil { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error initializing client for Cluster from kubeconfig in secret '%s/%s': %w", sec.Namespace, sec.Name, err), clusterconst.ReasonInternalError) - return rr - } - } + rr.Access = access rr = r.removeSecrets(ctx, TargetClusterNamespace, expectedLabels, rr, targetClusterCopy, nil) if rr.ReconcileError != nil || rr.Result.RequeueAfter > 0 { @@ -422,12 +351,15 @@ func (r *ClusterReconciler) handleDelete(ctx context.Context, c *clustersv1alpha return rr } - // delete AccessRequest - if err := r.PlatformCluster.Client().Delete(ctx, ar); err != nil { - if !apierrors.IsNotFound(err) { - rr.ReconcileError = errutils.WithReason(fmt.Errorf("error deleting AccessRequest '%s/%s': %w", ar.Namespace, ar.Name, err), clusterconst.ReasonPlatformClusterInteractionProblem) - return rr - } + res, err := r.ClusterAccessReconciler.ReconcileDelete(ctx, req) + if err != nil { + rr.ReconcileError = errutils.WithReason(fmt.Errorf("error reconciling deletion of cluster access: %w", err), clusterconst.ReasonInternalError) + return rr + } + if res.RequeueAfter > 0 { + log.Info("Requeuing because cluster access has not been fully deleted yet", "after", res.RequeueAfter) + rr.Result = res + return rr } // remove finalizer from Cluster diff --git a/internal/controllers/cluster/controller_test.go b/internal/controllers/cluster/controller_test.go index bdbe77d..da21480 100644 --- a/internal/controllers/cluster/controller_test.go +++ b/internal/controllers/cluster/controller_test.go @@ -2,7 +2,9 @@ package cluster_test import ( + "context" "fmt" + "strings" "time" . "github.com/onsi/ginkgo/v2" @@ -14,6 +16,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/yaml" @@ -23,9 +26,8 @@ import ( "github.com/openmcp-project/controller-utils/pkg/clusters" testutils "github.com/openmcp-project/controller-utils/pkg/testing" clustersv1alpha1 "github.com/openmcp-project/openmcp-operator/api/clusters/v1alpha1" - commonapi "github.com/openmcp-project/openmcp-operator/api/common" openmcpconst "github.com/openmcp-project/openmcp-operator/api/constants" - accesslib "github.com/openmcp-project/openmcp-operator/lib/clusteraccess" + accesslib "github.com/openmcp-project/openmcp-operator/lib/clusteraccess/advanced" dnsv1alpha1 "github.com/openmcp-project/platform-service-dns/api/dns/v1alpha1" "github.com/openmcp-project/platform-service-dns/api/install" @@ -43,21 +45,32 @@ const ( var platformScheme = install.InstallOperatorAPIsPlatform(runtime.NewScheme()) -func defaultTestSetup(testDirPathSegments ...string) (*testutils.Environment, *cluster.ClusterReconciler) { +func defaultTestSetup(testDirPathSegments ...string) (*testutils.Environment, map[string]client.Client) { + fakeClientMapping := map[string]client.Client{} env := testutils.NewEnvironmentBuilder(). WithFakeClient(platformScheme). WithInitObjectPath(testDirPathSegments...). WithDynamicObjectsWithStatus(&clustersv1alpha1.AccessRequest{}). WithReconcilerConstructor(func(c client.Client) reconcile.Reconciler { rec := cluster.NewClusterReconciler(clusters.NewTestClusterFromClient(platformCluster, c), nil, providerName, providerNamespace, environment) - rec.FakeClientMappings = map[string]client.Client{} + rec.ClusterAccessReconciler.WithFakingCallback(accesslib.FakingCallback_WaitingForAccessRequestReadiness, accesslib.FakeAccessRequestReadiness()) + rec.ClusterAccessReconciler.WithFakeClientGenerator(func(ctx context.Context, kcfgData []byte, scheme *runtime.Scheme, additionalData ...any) (client.Client, error) { + if clusterRef, ok := strings.CutPrefix(string(kcfgData), "fake:cluster:"); ok { + if fc, ok := fakeClientMapping[clusterRef]; ok { + return fc, nil + } + fc := fake.NewClientBuilder().WithScheme(scheme).Build() + fakeClientMapping[clusterRef] = fc + return fc, nil + + } + return nil, fmt.Errorf("invalid fake kubeconfig data: '%s'", string(kcfgData)) + }) return rec }). Build() - rec, ok := env.Reconciler().(*cluster.ClusterReconciler) - Expect(ok).To(BeTrue(), "reconciler is not a ClusterReconciler") - return env, rec + return env, fakeClientMapping } var _ = Describe("ClusterReconciler", func() { @@ -74,7 +87,7 @@ var _ = Describe("ClusterReconciler", func() { }) It("should correctly match configs to clusters and create the flux resources", func() { - env, rec := defaultTestSetup("testdata", "test-01") + env, fakeClientMapping := defaultTestSetup("testdata", "test-01") cfg := &dnsv1alpha1.DNSServiceConfig{} Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: providerName}, cfg)).To(Succeed()) @@ -83,7 +96,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-01", Namespace: "foo"}, c1)).To(Succeed()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -123,11 +135,6 @@ var _ = Describe("ClusterReconciler", func() { ars := &clustersv1alpha1.AccessRequestList{} Expect(env.Client().List(env.Ctx, ars, client.InNamespace(c1.Namespace), client.MatchingLabels(expectedLabels))).To(Succeed()) Expect(ars.Items).To(HaveLen(1)) - Expect(ars.Items[0].OwnerReferences).To(ContainElements(MatchFields(IgnoreExtras, Fields{ - "APIVersion": Equal(clustersv1alpha1.GroupVersion.String()), - "Kind": Equal("Cluster"), - "Name": Equal(c1.Name), - }))) Expect(ars.Items[0].Spec.ClusterRef).To(PointTo(MatchFields(IgnoreExtras, Fields{ "Name": Equal(c1.Name), "Namespace": Equal("foo"), @@ -152,9 +159,9 @@ var _ = Describe("ClusterReconciler", func() { // namespace on target cluster ns := &corev1.Namespace{} ns.Name = cluster.TargetClusterNamespace - Expect(rec.FakeClientMappings["foo/cluster-01"].Get(env.Ctx, client.ObjectKeyFromObject(ns), ns)).To(Succeed()) + Expect(fakeClientMapping["foo/cluster-01"].Get(env.Ctx, client.ObjectKeyFromObject(ns), ns)).To(Succeed()) // copied secrets on target cluster - Expect(rec.FakeClientMappings["foo/cluster-01"].List(env.Ctx, ss, client.InNamespace(cluster.TargetClusterNamespace), client.MatchingLabels(expectedLabels))).To(Succeed()) + Expect(fakeClientMapping["foo/cluster-01"].List(env.Ctx, ss, client.InNamespace(cluster.TargetClusterNamespace), client.MatchingLabels(expectedLabels))).To(Succeed()) Expect(ss.Items).To(ConsistOf( MatchFields(IgnoreExtras, Fields{ "ObjectMeta": MatchFields(IgnoreExtras, Fields{ @@ -174,7 +181,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-02", Namespace: "bar"}, c2)).To(Succeed()) rr = env.ShouldReconcile(testutils.RequestFromObject(c2)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c2) rr = env.ShouldReconcile(testutils.RequestFromObject(c2)) Expect(rr.RequeueAfter).To(BeZero()) @@ -211,11 +217,6 @@ var _ = Describe("ClusterReconciler", func() { ars = &clustersv1alpha1.AccessRequestList{} Expect(env.Client().List(env.Ctx, ars, client.InNamespace(c2.Namespace), client.MatchingLabels(expectedLabels))).To(Succeed()) Expect(ars.Items).To(HaveLen(1)) - Expect(ars.Items[0].OwnerReferences).To(ContainElements(MatchFields(IgnoreExtras, Fields{ - "APIVersion": Equal(clustersv1alpha1.GroupVersion.String()), - "Kind": Equal("Cluster"), - "Name": Equal(c2.Name), - }))) Expect(ars.Items[0].Spec.ClusterRef).To(PointTo(MatchFields(IgnoreExtras, Fields{ "Name": Equal(c2.Name), "Namespace": Equal("bar"), @@ -237,9 +238,9 @@ var _ = Describe("ClusterReconciler", func() { }), )) // namespace on target cluster - Expect(rec.FakeClientMappings["bar/cluster-02"].Get(env.Ctx, client.ObjectKeyFromObject(ns), ns)).To(Succeed()) + Expect(fakeClientMapping["bar/cluster-02"].Get(env.Ctx, client.ObjectKeyFromObject(ns), ns)).To(Succeed()) // copied secrets on target cluster - Expect(rec.FakeClientMappings["bar/cluster-02"].List(env.Ctx, ss, client.InNamespace(cluster.TargetClusterNamespace), client.MatchingLabels(expectedLabels))).To(Succeed()) + Expect(fakeClientMapping["bar/cluster-02"].List(env.Ctx, ss, client.InNamespace(cluster.TargetClusterNamespace), client.MatchingLabels(expectedLabels))).To(Succeed()) Expect(ss.Items).To(ConsistOf( MatchFields(IgnoreExtras, Fields{ "ObjectMeta": MatchFields(IgnoreExtras, Fields{ @@ -266,7 +267,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-01", Namespace: "foo"}, c1)).To(Succeed()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -287,7 +287,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-02", Namespace: "bar"}, c2)).To(Succeed()) rr = env.ShouldReconcile(testutils.RequestFromObject(c2)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c2) rr = env.ShouldReconcile(testutils.RequestFromObject(c2)) Expect(rr.RequeueAfter).To(BeZero()) @@ -328,7 +327,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-01", Namespace: "foo"}, c1)).To(Succeed()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -419,7 +417,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-01", Namespace: "foo"}, c1)).To(Succeed()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -436,7 +433,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-01", Namespace: "foo"}, c1)).To(Succeed()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -466,7 +462,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-01", Namespace: "foo"}, c1)).To(Succeed()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -496,7 +491,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-01", Namespace: "foo"}, c1)).To(Succeed()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -527,7 +521,6 @@ var _ = Describe("ClusterReconciler", func() { Expect(s1.Labels).To(BeEmpty()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -537,14 +530,13 @@ var _ = Describe("ClusterReconciler", func() { }) It("should copy image pull secrets from the PlatformService resource", func() { - env, rec := defaultTestSetup("testdata", "test-06") + env, fakeClientMapping := defaultTestSetup("testdata", "test-06") c1 := &clustersv1alpha1.Cluster{} Expect(env.Client().Get(env.Ctx, client.ObjectKey{Name: "cluster-01", Namespace: "foo"}, c1)).To(Succeed()) rr := env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeNumerically(">", 0)) - fakeAccessRequestReadiness(env, c1) rr = env.ShouldReconcile(testutils.RequestFromObject(c1)) Expect(rr.RequeueAfter).To(BeZero()) @@ -576,7 +568,7 @@ var _ = Describe("ClusterReconciler", func() { }), )) // copied secrets on target cluster - Expect(rec.FakeClientMappings["foo/cluster-01"].List(env.Ctx, ss, client.InNamespace(cluster.TargetClusterNamespace), client.MatchingLabels(expectedLabels))).To(Succeed()) + Expect(fakeClientMapping["foo/cluster-01"].List(env.Ctx, ss, client.InNamespace(cluster.TargetClusterNamespace), client.MatchingLabels(expectedLabels))).To(Succeed()) Expect(ss.Items).To(ConsistOf( MatchFields(IgnoreExtras, Fields{ "ObjectMeta": MatchFields(IgnoreExtras, Fields{ @@ -595,24 +587,3 @@ var _ = Describe("ClusterReconciler", func() { }) }) - -func fakeAccessRequestReadiness(env *testutils.Environment, c *clustersv1alpha1.Cluster) { - ar := &clustersv1alpha1.AccessRequest{} - ar.SetName(accesslib.StableRequestNameFromLocalName(cluster.ControllerName, c.Name)) - ar.SetNamespace(c.Namespace) - Expect(env.Client().Get(env.Ctx, client.ObjectKeyFromObject(ar), ar)).To(Succeed()) - old := ar.DeepCopy() - ar.Status.Phase = clustersv1alpha1.REQUEST_GRANTED - ar.Status.SecretRef = &commonapi.ObjectReference{ - Name: ar.Name, - Namespace: ar.Namespace, - } - Expect(env.Client().Status().Patch(env.Ctx, ar, client.MergeFrom(old))).To(Succeed()) - sec := &corev1.Secret{} - sec.Name = ar.Status.SecretRef.Name - sec.Namespace = ar.Status.SecretRef.Namespace - sec.Data = map[string][]byte{ - clustersv1alpha1.SecretKeyKubeconfig: fmt.Appendf(nil, "fake:%s/%s", c.Namespace, c.Name), - } - Expect(env.Client().Create(env.Ctx, sec)).To(Succeed()) -}