fixed client and revert changes for e2e tests

.github/workflows/e2e.yml

@@ -81,70 +81,4 @@ jobs:
       - name: On error get eventing CR
         if: failure()
         run: |
-          kubectl get eventing -n kyma-system -o yaml
-
-  PeerAuthentication:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install k3d tools
-        run: |
-          make -C hack/ci/ install-k3d-tools
-
-      - name: Install Kyma CLI & setup k3d cluster using kyma CLI
-        run: |
-          make kyma
-          make -C hack/ci/ create-k3d
-          kubectl version
-          kubectl cluster-info
-
-      - name: Install Istio
-        run: |
-          make -C hack/ci/ apply-peerauthentication-crd
-
-      - name: Install eventing-manager
-        run: |
-          make install IMG=$MANAGER_IMAGE
-
-      - name: Wait for the 'pull-eventing-manager-build' job to succeed
-        uses: kyma-project/wait-for-commit-status-action@2b3ffe09af8b6f40e1213d5fb7f91a7bd41ffb20
-        with:
-          context: "pull-eventing-manager-build"
-          commit_ref: "${{ github.event.pull_request.head.sha }}" # Note: 'github.event.pull_request.head.sha' is not same as 'github.sha' on pull requests.
-          timeout: 600000 # 10 minutes in milliseconds
-          # The check interval is kept long otherwise it will exhaust the GitHub rate limit (More info: https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#rate-limiting)
-          check_interval: 60000 # 1 minute in milliseconds
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          GITHUB_OWNER: "${{ github.repository_owner }}"
-          GITHUB_REPO: "eventing-manager"
-
-      - name: Deploy the controller to the cluster
-        run: |
-          kubectl create ns kyma-system || true
-          make deploy IMG=$MANAGER_IMAGE
-
-      - name: Setup NATS
-        run: |
-          make -C hack/ci/ get-nats-via-lifecycle-manager
-
-      - name: Setup and test the eventing-manager
-        run: |
-          go test -v ./hack/e2e/setup/setup_test.go --tags=e2e --peerauthentication
-
-      - name: On error get NATS CR
-        if: failure()
-        run: |
-          kubectl get nats -n kyma-system -o yaml
-
-      - name: On error get eventing CR
-        if: failure()
-        run: |
-          kubectl get eventing -n kyma-system -o yaml
-
-      - name: On error get all PeerAuthentications
-        run: |
-          kubectl get peerauthentications.security.istio.io --all-namespaces -o yaml
-          
+          kubectl get eventing -n kyma-system -o yaml          

Makefile

@@ -308,6 +308,11 @@ e2e-eventing:
 e2e-eventing-cleanup:
 	go test -v ./hack/e2e/eventing/cleanup/cleanup_test.go --tags=e2e
 
+# e2e-eventing-peerauthentications will check if the peerauthentications are created as intended.
+.PHONY: e2e-eventing-peerauthentications
+e2e-eventing-peerauthentications:
+	go test -v ./hack/e2e/eventing/peerauthentications/peerauthentications_test.go --tags=e2e
+
 # e2e will run the whole suite of end-to-end tests for eventing-manager.
 .PHONY: e2e
 e2e: e2e-setup e2e-eventing-setup e2e-eventing e2e-cleanup

cmd/main.go

@@ -22,10 +22,11 @@ import (
 	"log"
 	"os"
 
+	istiopeerauthentication "github.com/kyma-project/eventing-manager/pkg/istio/peerauthentication"
+
 	"github.com/go-logr/zapr"
 	subscriptionv1alpha1 "github.com/kyma-project/kyma/components/eventing-controller/api/v1alpha1"
 	subscriptionv1alpha2 "github.com/kyma-project/kyma/components/eventing-controller/api/v1alpha2"
-	istio "istio.io/client-go/pkg/apis/security/v1beta1"
 	apiclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -44,7 +45,6 @@ import (
 	"github.com/kyma-project/eventing-manager/pkg/logger"
 	"github.com/kyma-project/eventing-manager/pkg/subscriptionmanager"
 	"github.com/kyma-project/eventing-manager/pkg/subscriptionmanager/jetstream"
-	"github.com/kyma-project/eventing-manager/pkg/utils/istio/peerauthentication"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
@@ -191,11 +191,6 @@ func main() { //nolint:funlen // main function needs to initialize many object
 	}
 	//+kubebuilder:scaffold:builder
 
-	err = handlePeerAuthentications(ctx, kubeClient)
-	if err != nil {
-		setupLog.Error(err, "unable to handle PeerAuthentication")
-	}
-
 	// Setup webhooks.
 	if err = (&subscriptionv1alpha1.Subscription{}).SetupWebhookWithManager(mgr); err != nil {
 		setupLog.Error(err, "Failed to create webhook")
@@ -207,6 +202,13 @@ func main() { //nolint:funlen // main function needs to initialize many object
 		os.Exit(1)
 	}
 
+	// sync PeerAuthentications
+	err = istiopeerauthentication.SyncPeerAuthentications(ctx, kubeClient, ctrLogger.WithContext().Named("main"))
+	if err != nil {
+		setupLog.Error(err, "unable to sync PeerAuthentication")
+		os.Exit(1)
+	}
+
 	if err = mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		setupLog.Error(err, "unable to set up health check")
 		os.Exit(1)
@@ -222,34 +224,3 @@ func main() { //nolint:funlen // main function needs to initialize many object
 		os.Exit(1)
 	}
 }
-
-func handlePeerAuthentications(ctx context.Context, kubeClient k8s.Client) error {
-	// Only attempt to create PAs if the corresponding CRD exists on the cluster.
-	crdExists, err := kubeClient.PeerAuthenticationCRDExists(ctx)
-	if err != nil {
-		setupLog.Error(err, "error while fetching PeerAuthentication CRD")
-		return err
-	}
-	if crdExists {
-		// Get the eventing Deployment for the OwnerReference.
-		deploy, deployErr := kubeClient.GetDeployment(ctx, "eventing-manager", "kyma-system")
-		if deployErr != nil {
-			setupLog.Error(err, "error while fetching eventing Deployment")
-			return err
-		}
-		if deploy != nil {
-			for _, pa := range []*istio.PeerAuthentication{
-				peerauthentication.EventingManagerMetrics(deploy.Namespace, deploy.OwnerReferences),
-				peerauthentication.EventPublisherProxyMetrics(deploy.Namespace, deploy.OwnerReferences),
-			} {
-				if paErr := kubeClient.CreatePeerAuthentication(ctx, pa); paErr != nil {
-					setupLog.Error(paErr, "failed to create PeerAuthentication")
-					return paErr
-				}
-			}
-		}
-	} else {
-		setupLog.Info("skipping Istio PeerAuthentication creation; CRD is missing")
-	}
-	return nil
-}

config/crd/for-tests/applications.applicationconnector.crd.yaml

@@ -1,183 +1 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    "helm.sh/resource-policy": keep
-  name: applications.applicationconnector.kyma-project.io
-spec:
-  group: applicationconnector.kyma-project.io
-  preserveUnknownFields: false
-  versions:
-    - name: v1alpha1
-      served: true
-      storage: true
-      schema:
-        openAPIV3Schema:
-          type: object
-          properties:
-            spec:
-              properties:
-                compassMetadata:
-                  type: object
-                  required:
-                  - "authentication"
-                  properties:
-                    applicationId:
-                      type: string
-                    authentication:
-                      type: object
-                      required:
-                      - "clientIds"
-                      properties:
-                        clientIds:
-                          type: array
-                          items:
-                            type: string
-                accessLabel:
-                  type: string
-                  maxLength: 63
-                  pattern: '^([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$'
-                description:
-                  type: string
-                skipInstallation:
-                  type: boolean
-                skipVerify:
-                  type: boolean
-                encodeUrl:
-                  type: boolean
-                  default: true
-                labels:
-                  nullable: true
-                  additionalProperties:
-                    type: string
-                  type: object
-                tenant:
-                  type: string
-                group:
-                  type: string
-                tags:
-                  nullable: true
-                  description: New fields used by V2 version
-                  items:
-                    type: string
-                  type: array
-                displayName:
-                  type: string
-                providerDisplayName:
-                  type: string
-                longDescription:
-                  type: string
-                services:
-                  type: array
-                  items:
-                    type: object
-                    required:
-                    - "id"
-                    - "name"
-                    - "displayName"
-                    - "providerDisplayName"
-                    - "description"
-                    - "entries"
-                    properties:
-                      id:
-                        type: string
-                      name:
-                        type: string
-                      identifier:
-                        type: string
-                      labels:
-                        nullable: true
-                        additionalProperties:
-                          type: string
-                        description: Deprecated
-                        type: object
-                      displayName:
-                        type: string
-                      description:
-                        type: string
-                      longDescription:
-                        type: string
-                      providerDisplayName:
-                        type: string
-                      authCreateParameterSchema:
-                        description: New fields used by V2 version
-                        type: string
-                      entries:
-                        type: array
-                        items:
-                          type: object
-                          required:
-                          - "type"
-                          properties:
-                            apiType:
-                              type: string
-                            type:
-                              type: string
-                              enum:
-                              - "API"
-                              - "Events"
-                            gatewayUrl:
-                              type: string
-                            centralGatewayUrl:
-                              type: string
-                            accessLabel:
-                              type: string
-                              maxLength: 63
-                              pattern: '^([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$'
-                            targetUrl:
-                              type: string
-                            id:
-                              type: string
-                            name:
-                              description: New fields used by V2 version
-                              type: string
-                            requestParametersSecretName:
-                              type: string
-                            specificationUrl:
-                              type: string
-                            credentials:
-                              type: object
-                              required:
-                              - "type"
-                              - "secretName"
-                              properties:
-                                type:
-                                  type: string
-                                secretName:
-                                  type: string
-                                authenticationUrl:
-                                  type: string
-                                csrfInfo:
-                                  type: object
-                                  required:
-                                  - "tokenEndpointURL"
-                                  properties:
-                                    tokenEndpointURL:
-                                      type: string
-                      tags:
-                        type: array
-                        items:
-                          type: string
-              type: object
-            status:
-              properties:
-                installationStatus:
-                  description: Represents the status of Application release installation
-                  properties:
-                    description:
-                      type: string
-                    status:
-                      type: string
-                  required:
-                  - status
-                  type: object
-              required:
-              - installationStatus
-              type: object
-  scope: Cluster
-  names:
-    plural: applications
-    singular: application
-    kind: Application
-    shortNames:
-    - app
+404: Not Found

config/manager/kustomization.yaml

@@ -7,5 +7,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: europe-docker.pkg.dev/kyma-project/prod/eventing-manager
-  newTag: v20230907-01f5bd76
+  newName: mfaizan21/eventing-manager-dev
+  newTag: latest

config/rbac/role.yaml

@@ -246,3 +246,15 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - security.istio.io
+  resources:
+  - peerauthentications
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

hack/ci/Makefile

@@ -82,4 +82,4 @@ install-k3d-tools: ## Create k3d with kyma CRDs.
 
 .PHONY: apply-peerauthentication-crd
 apply-peerauthentication-crd:
-	kubectl apply -f ./security.istio.io_peerauthentication.yaml
+	kubectl apply -f ../../config/crd/for-tests/security.istio.io_peerauthentication.yaml