From df2a1e684c5fa9c61f38e11790046c7436ef4327 Mon Sep 17 00:00:00 2001 From: Varsha B Date: Tue, 11 Feb 2025 13:31:01 +0530 Subject: [PATCH] Addressing review comments Signed-off-by: Varsha B --- .../03-assert.yaml | 44 ++++++------- .../{05-create-ns.yaml => 03-create-ns.yaml} | 0 .../{07-assert.yaml => 04-assert.yaml} | 0 .../04-check-app.yaml | 10 --- ...{03-create-app.yaml => 04-create-app.yaml} | 0 .../05-assert.yaml | 62 ++++++++++++------- ...{08-create-app.yaml => 05-create-app.yaml} | 0 .../{08-errors.yaml => 05-errors.yaml} | 2 +- .../06-argocd-login.yaml | 12 ---- .../{09-check-app.yaml => 06-check-app.yaml} | 4 +- .../08-assert.yaml | 44 ------------- .../{10-delete.yaml => 99-delete.yaml} | 0 .../06-create-app.yaml | 1 - .../06-errors.yaml | 2 +- .../07-check-app.yaml | 4 +- 15 files changed, 71 insertions(+), 114 deletions(-) rename tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/{05-create-ns.yaml => 03-create-ns.yaml} (100%) rename tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/{07-assert.yaml => 04-assert.yaml} (100%) delete mode 100644 tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/04-check-app.yaml rename tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/{03-create-app.yaml => 04-create-app.yaml} (100%) rename tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/{08-create-app.yaml => 05-create-app.yaml} (100%) rename tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/{08-errors.yaml => 05-errors.yaml} (65%) delete mode 100644 tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/06-argocd-login.yaml rename tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/{09-check-app.yaml => 06-check-app.yaml} (83%) delete mode 100644 tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-assert.yaml rename tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/{10-delete.yaml => 99-delete.yaml} (100%) diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/03-assert.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/03-assert.yaml index 8d3e7de8b..fd0470855 100644 --- a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/03-assert.yaml +++ b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/03-assert.yaml @@ -1,24 +1,24 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application +apiVersion: v1 +kind: Namespace metadata: name: guestbook - namespace: argocd-test-impersonation -spec: - destination: - namespace: guestbook - server: 'https://kubernetes.default.svc' - project: guestbook-proj - source: - directory: - jsonnet: {} - recurse: true - path: guestbook - repoURL: 'https://github.com/argoproj/argocd-example-apps' - syncPolicy: - automated: {} - syncOptions: - - ServerSideApply=true - - CreateNamespace=true -status: - sync: - status: OutOfSync \ No newline at end of file +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: guestbook-deployer + namespace: guestbook +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: guestbook-deployer-rb + namespace: guestbook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: guestbook-deployer + namespace: guestbook \ No newline at end of file diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-create-ns.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/03-create-ns.yaml similarity index 100% rename from tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-create-ns.yaml rename to tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/03-create-ns.yaml diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/07-assert.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/04-assert.yaml similarity index 100% rename from tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/07-assert.yaml rename to tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/04-assert.yaml diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/04-check-app.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/04-check-app.yaml deleted file mode 100644 index 6c234bda6..000000000 --- a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/04-check-app.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - error_message=$(kubectl get app guestbook -n argocd-test-impersonation -o jsonpath='{.status.operationState.message}') - expected_error="Namespace auto creation failed: namespaces \"guestbook\" is forbidden: User \"system:serviceaccount:guestbook:guestbook-deployer\"" - - if ! [[ ${error_message} =~ ${expected_error} ]]; then - exit 1 - fi \ No newline at end of file diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/03-create-app.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/04-create-app.yaml similarity index 100% rename from tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/03-create-app.yaml rename to tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/04-create-app.yaml diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-assert.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-assert.yaml index fd0470855..53192e11e 100644 --- a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-assert.yaml +++ b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-assert.yaml @@ -1,24 +1,44 @@ -apiVersion: v1 -kind: Namespace +apiVersion: argoproj.io/v1alpha1 +kind: AppProject metadata: - name: guestbook + name: guestbook-proj + namespace: argocd-test-impersonation +spec: + clusterResourceWhitelist: + - group: '*' + kind: '*' + destinationServiceAccounts: + - defaultServiceAccount: guestbook-deployer + namespace: guestbook + server: 'https://kubernetes.default.svc' + destinations: + - namespace: guestbook + server: 'https://kubernetes.default.svc' + - namespace: guestbook-dev + server: 'https://kubernetes.default.svc' + sourceRepos: + - 'https://github.com/argoproj/argocd-example-apps.git' --- -apiVersion: v1 -kind: ServiceAccount +apiVersion: argoproj.io/v1alpha1 +kind: Application metadata: - name: guestbook-deployer - namespace: guestbook ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: guestbook-deployer-rb - namespace: guestbook -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: guestbook-deployer - namespace: guestbook \ No newline at end of file + name: guestbook-dev + namespace: argocd-test-impersonation +spec: + destination: + namespace: guestbook-dev + server: 'https://kubernetes.default.svc' + project: guestbook-proj + source: + directory: + jsonnet: {} + recurse: true + path: guestbook + repoURL: 'https://github.com/argoproj/argocd-example-apps' + syncPolicy: + automated: {} + syncOptions: + - ServerSideApply=true +status: + health: + status: Missing \ No newline at end of file diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-create-app.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-create-app.yaml similarity index 100% rename from tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-create-app.yaml rename to tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-create-app.yaml diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-errors.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-errors.yaml similarity index 65% rename from tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-errors.yaml rename to tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-errors.yaml index 9f9a19400..3f858fc73 100644 --- a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-errors.yaml +++ b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/05-errors.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: guestbook-deployer - namespace: argocd-test-impersonation \ No newline at end of file + namespace: guestbook-dev \ No newline at end of file diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/06-argocd-login.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/06-argocd-login.yaml deleted file mode 100644 index e738202b1..000000000 --- a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/06-argocd-login.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: -- script: | - api_server=$(kubetl get routes -n argocd-test-impersonation --field-selector metadata.name=argocd-test-server -o jsonpath="{.items[*]['spec.host']}") - password=$(kubectl get secret argocd-test-cluster -n argocd-test-impersonation -o jsonpath='{.data.admin\.password}' | base64 -d) - - argocd login $api_server --username admin --password $password --insecure - - argocd app sync guestbook - - sleep 5 \ No newline at end of file diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/09-check-app.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/06-check-app.yaml similarity index 83% rename from tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/09-check-app.yaml rename to tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/06-check-app.yaml index bf5854b4e..91599c079 100644 --- a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/09-check-app.yaml +++ b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/06-check-app.yaml @@ -5,6 +5,8 @@ commands: error_message=$(kubectl get app guestbook-dev -n argocd-test-impersonation -o jsonpath='{.status.operationState.message}') expected_error="failed to find a matching service account to impersonate: no matching service account found for destination server https://kubernetes.default.svc and namespace guestbook-dev" - if ! [[ ${error_message} =~ ${expected_error} ]]; then + if [[ "$error_message" == *"$expected_error"* ]]; then + exit 0 + else exit 1 fi \ No newline at end of file diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-assert.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-assert.yaml deleted file mode 100644 index 53192e11e..000000000 --- a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/08-assert.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: guestbook-proj - namespace: argocd-test-impersonation -spec: - clusterResourceWhitelist: - - group: '*' - kind: '*' - destinationServiceAccounts: - - defaultServiceAccount: guestbook-deployer - namespace: guestbook - server: 'https://kubernetes.default.svc' - destinations: - - namespace: guestbook - server: 'https://kubernetes.default.svc' - - namespace: guestbook-dev - server: 'https://kubernetes.default.svc' - sourceRepos: - - 'https://github.com/argoproj/argocd-example-apps.git' ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: guestbook-dev - namespace: argocd-test-impersonation -spec: - destination: - namespace: guestbook-dev - server: 'https://kubernetes.default.svc' - project: guestbook-proj - source: - directory: - jsonnet: {} - recurse: true - path: guestbook - repoURL: 'https://github.com/argoproj/argocd-example-apps' - syncPolicy: - automated: {} - syncOptions: - - ServerSideApply=true -status: - health: - status: Missing \ No newline at end of file diff --git a/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/10-delete.yaml b/tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/99-delete.yaml similarity index 100% rename from tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/10-delete.yaml rename to tests/k8s/1-046_validate_impersonation_cluster_scoped_instance/99-delete.yaml diff --git a/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/06-create-app.yaml b/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/06-create-app.yaml index 0d0d5831f..ce4798436 100644 --- a/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/06-create-app.yaml +++ b/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/06-create-app.yaml @@ -1,4 +1,3 @@ ---- apiVersion: argoproj.io/v1alpha1 kind: Application metadata: diff --git a/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/06-errors.yaml b/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/06-errors.yaml index dde6086db..3f858fc73 100644 --- a/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/06-errors.yaml +++ b/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/06-errors.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: guestbook-deployer - namespace: argocd-test-ns-scoped \ No newline at end of file + namespace: guestbook-dev \ No newline at end of file diff --git a/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/07-check-app.yaml b/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/07-check-app.yaml index fe7e0f569..c633a6cb5 100644 --- a/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/07-check-app.yaml +++ b/tests/k8s/1-047_validate_impersonation_namespace_scoped_instance/07-check-app.yaml @@ -5,6 +5,8 @@ commands: error_message=$(kubectl get app guestbook-dev -n argocd-test-ns-scoped -o jsonpath='{.status.operationState.message}') expected_error="failed to find a matching service account to impersonate: no matching service account found for destination server https://kubernetes.default.svc and namespace guestbook-dev" - if ! [[ ${error_message} =~ ${expected_error} ]]; then + if [[ "$error_message" == *"$expected_error"* ]]; then + exit 0 + else exit 1 fi \ No newline at end of file