Skip to content

Commit b000341

Browse files
varshab1210varshab1210
committed
addressed review comments
Signed-off-by: Varsha B <[email protected]>
1 parent 14b8ef3 commit b000341

File tree

2 files changed

+110
-8
lines changed

2 files changed

+110
-8
lines changed

controllers/gitopsservice_controller.go

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -107,10 +107,12 @@ func (r *ReconcileGitopsService) SetupWithManager(mgr ctrl.Manager) error {
107107
Owns(&appsv1.Deployment{}, builder.WithPredicates(pred)).
108108
Owns(&corev1.Service{}, builder.WithPredicates(pred)).
109109
Owns(&routev1.Route{}, builder.WithPredicates(pred)).
110-
Watches(&corev1.Namespace{ObjectMeta: metav1.ObjectMeta{
111-
Name: "openshift-gitops",
112-
}},
113-
handler.EnqueueRequestsFromMapFunc(namespaceMapper),
110+
Watches(
111+
&corev1.Namespace{},
112+
&handler.EnqueueRequestForObject{},
113+
builder.WithPredicates(predicate.NewPredicateFuncs(func(obj client.Object) bool {
114+
return obj.GetName() == "openshift-gitops"
115+
})),
114116
).
115117
Complete(r)
116118
}
@@ -971,10 +973,6 @@ func namespaceMapper(ctx context.Context, o client.Object) []reconcile.Request {
971973
namespacedName := client.ObjectKey{
972974
Name: o.GetName(),
973975
}
974-
// result := []reconcile.Request{
975-
// {NamespacedName: namespacedName},
976-
// }
977-
// return result
978976
return []reconcile.Request{
979977
{NamespacedName: namespacedName},
980978
}

controllers/gitopsservice_controller_test.go

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -633,6 +633,110 @@ func TestReconcile_InfrastructureNode(t *testing.T) {
633633

634634
}
635635

636+
func TestReconcile_PSSLabels(t *testing.T) {
637+
logf.SetLogger(argocd.ZapLogger(true))
638+
s := scheme.Scheme
639+
addKnownTypesToScheme(s)
640+
641+
testCases := []struct {
642+
name string
643+
namespace string
644+
labels map[string]string
645+
}{
646+
{
647+
name: "modified valid PSS labels for openshift-gitops ns",
648+
namespace: "openshift-gitops",
649+
labels: map[string]string{
650+
"pod-security.kubernetes.io/enforce": "privileged",
651+
"pod-security.kubernetes.io/enforce-version": "v1.30",
652+
"pod-security.kubernetes.io/audit": "privileged",
653+
"pod-security.kubernetes.io/audit-version": "v1.29",
654+
"pod-security.kubernetes.io/warn": "privileged",
655+
"pod-security.kubernetes.io/warn-version": "v1.29",
656+
},
657+
},
658+
{
659+
name: "modified invalid and empty PSS labels for openshift-gitops ns",
660+
namespace: "openshift-gitops",
661+
labels: map[string]string{
662+
"pod-security.kubernetes.io/enforce": "invalid",
663+
"pod-security.kubernetes.io/enforce-version": "invalid",
664+
"pod-security.kubernetes.io/warn": "invalid",
665+
"pod-security.kubernetes.io/warn-version": "invalid",
666+
},
667+
},
668+
}
669+
670+
expected_labels := map[string]string{
671+
"pod-security.kubernetes.io/enforce": "restricted",
672+
"pod-security.kubernetes.io/enforce-version": "v1.29",
673+
"pod-security.kubernetes.io/audit": "restricted",
674+
"pod-security.kubernetes.io/audit-version": "latest",
675+
"pod-security.kubernetes.io/warn": "restricted",
676+
"pod-security.kubernetes.io/warn-version": "latest",
677+
}
678+
679+
fakeClient := fake.NewFakeClient(util.NewClusterVersion("4.7.1"), newGitopsService())
680+
reconciler := newReconcileGitOpsService(fakeClient, s)
681+
682+
_, err := reconciler.Reconcile(context.TODO(), newRequest("test", "test"))
683+
assertNoError(t, err)
684+
685+
// Create a user defined namespace
686+
testNS := newRestrictedNamespace("test")
687+
err = fakeClient.Create(context.TODO(), testNS)
688+
assertNoError(t, err)
689+
690+
// Create an ArgoCD instance in the user defined namespace
691+
testArgoCD := &argoapp.ArgoCD{
692+
ObjectMeta: v1.ObjectMeta{
693+
Name: "test",
694+
Namespace: "test",
695+
},
696+
Spec: argoapp.ArgoCDSpec{},
697+
}
698+
err = fakeClient.Create(context.TODO(), testArgoCD)
699+
assertNoError(t, err)
700+
701+
_, err = reconciler.Reconcile(context.TODO(), newRequest("test", "test"))
702+
assertNoError(t, err)
703+
704+
// Check if PSS labels are addded to the user defined ns
705+
reconciled_ns := &corev1.Namespace{}
706+
err = fakeClient.Get(context.TODO(), types.NamespacedName{Name: "test"},
707+
reconciled_ns)
708+
assertNoError(t, err)
709+
710+
for label, _ := range reconciled_ns.ObjectMeta.Labels {
711+
_, found := expected_labels[label]
712+
// Fail if label is found
713+
assert.Check(t, found != true)
714+
}
715+
716+
for _, tc := range testCases {
717+
existing_ns := &corev1.Namespace{}
718+
assert.NilError(t, fakeClient.Get(context.TODO(), types.NamespacedName{Name: tc.namespace}, existing_ns), err)
719+
720+
// Assign new values, confirm the assignment and update the PSS labels
721+
existing_ns.ObjectMeta.Labels = tc.labels
722+
fakeClient.Update(context.TODO(), existing_ns)
723+
assert.NilError(t, fakeClient.Get(context.TODO(), types.NamespacedName{Name: tc.namespace}, existing_ns), err)
724+
assert.DeepEqual(t, existing_ns.ObjectMeta.Labels, tc.labels)
725+
726+
_, err := reconciler.Reconcile(context.TODO(), newRequest("test", "test"))
727+
assertNoError(t, err)
728+
729+
assert.NilError(t, fakeClient.Get(context.TODO(), types.NamespacedName{Name: tc.namespace}, reconciled_ns), err)
730+
731+
for key, value := range expected_labels {
732+
label, found := reconciled_ns.ObjectMeta.Labels[key]
733+
// Fail if label is not found, comapre the values with the expected values if found
734+
assert.Check(t, found)
735+
assert.Equal(t, label, value)
736+
}
737+
}
738+
}
739+
636740
func addKnownTypesToScheme(scheme *runtime.Scheme) {
637741
scheme.AddKnownTypes(configv1.GroupVersion, &configv1.ClusterVersion{})
638742
scheme.AddKnownTypes(pipelinesv1alpha1.GroupVersion, &pipelinesv1alpha1.GitopsService{})

0 commit comments

Comments
 (0)