From 36d315f2410b4227b92460fc0e02c9f822c5f09d Mon Sep 17 00:00:00 2001
From: Jian Zhu <jiazhu@redhat.com>
Date: Mon, 6 Nov 2023 10:42:39 +0800
Subject: [PATCH] [bp-2.2] orphan the agent install namespace (#38)

* orphan the open-cluster-management-agent-addon namespace

Signed-off-by: zhujian <jiazhu@redhat.com>

* orphan the agent install namespace

Signed-off-by: zhujian <jiazhu@redhat.com>

---------

Signed-off-by: zhujian <jiazhu@redhat.com>
---
 pkg/addon/manager/addon_test.go               | 103 ++++++++++++++++++
 .../templates/image_pull_secret.yaml          |   3 +
 .../manifests/templates/namespace.yaml        |   2 +
 3 files changed, 108 insertions(+)

diff --git a/pkg/addon/manager/addon_test.go b/pkg/addon/manager/addon_test.go
index ad11e71..01f11d2 100644
--- a/pkg/addon/manager/addon_test.go
+++ b/pkg/addon/manager/addon_test.go
@@ -7,6 +7,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	fakekube "k8s.io/client-go/kubernetes/fake"
 	clienttesting "k8s.io/client-go/testing"
 	"open-cluster-management.io/addon-framework/pkg/addonfactory"
@@ -90,6 +91,94 @@ func TestManifestAddonAgent(t *testing.T) {
 	}
 }
 
+func TestManifestOrphan(t *testing.T) {
+	clusterName := "cluster1"
+	addonName := "addon1"
+	imageName := "imageName1"
+
+	cases := []struct {
+		name             string
+		getValuesFunc    []addonfactory.GetValuesFunc
+		installNamespace string
+		validate         func(t *testing.T, manifests []runtime.Object)
+	}{
+		{
+			name:             "orphan the install namespace and not overwrite the pull secret",
+			getValuesFunc:    []addonfactory.GetValuesFunc{GetDefaultValues(imageName, newTestImagePullSecret())},
+			installNamespace: "open-cluster-management-agent-addon",
+			validate: func(t *testing.T, manifests []runtime.Object) {
+				nsFound := false
+				secretFound := false
+				for _, manifest := range manifests {
+					obj, ok := manifest.(metav1.ObjectMetaAccessor)
+					assert.True(t, ok, "invalid manifest")
+
+					namespace, nok := obj.(*corev1.Namespace)
+					if nok {
+						assert.Equal(t, map[string]string{"addon.open-cluster-management.io/deletion-orphan": ""},
+							namespace.Annotations, "invalid namespace annotations")
+						nsFound = true
+						continue
+					}
+
+					secret, sok := obj.(*corev1.Secret)
+					if sok {
+						if secret.Name == "open-cluster-management-image-pull-credentials" {
+							secretFound = true
+						}
+					}
+				}
+				assert.True(t, nsFound, "namespace not found")
+				assert.False(t, secretFound, "pull secret found")
+			},
+		},
+		{
+			name:             "orphan the install namespace and not overwrite the pull secret",
+			getValuesFunc:    []addonfactory.GetValuesFunc{GetDefaultValues(imageName, newTestImagePullSecret())},
+			installNamespace: "test",
+			validate: func(t *testing.T, manifests []runtime.Object) {
+				nsFound := false
+				secretFound := false
+				for _, manifest := range manifests {
+					obj, ok := manifest.(metav1.ObjectMetaAccessor)
+					assert.True(t, ok, "invalid manifest")
+
+					namespace, nok := obj.(*corev1.Namespace)
+					if nok {
+						assert.Equal(t, map[string]string{"addon.open-cluster-management.io/deletion-orphan": ""},
+							namespace.Annotations, "invalid namespace annotations")
+						nsFound = true
+						continue
+					}
+
+					secret, sok := obj.(*corev1.Secret)
+					if sok {
+						if secret.Name == "open-cluster-management-image-pull-credentials" {
+							secretFound = true
+						}
+					}
+				}
+				assert.True(t, nsFound, "namespace not found")
+				assert.True(t, secretFound, "pull secret not found")
+			},
+		},
+	}
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			agentFactory := addonfactory.NewAgentAddonFactory(common.AddonName, FS, "manifests/templates").
+				WithGetValuesFuncs(c.getValuesFunc...)
+
+			addOnAgent, err := agentFactory.BuildTemplateAgentAddon()
+			assert.NoError(t, err)
+
+			manifests, err := addOnAgent.Manifests(newTestCluster(clusterName),
+				newTestAddOnWithInstallNamespace(addonName, clusterName, c.installNamespace))
+			assert.NoError(t, err)
+			c.validate(t, manifests)
+		})
+	}
+}
+
 func newTestImagePullSecret() *corev1.Secret {
 	return &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
@@ -121,3 +210,17 @@ func newTestAddOn(name, namespace string) *addonv1alpha1.ManagedClusterAddOn {
 		},
 	}
 }
+
+func newTestAddOnWithInstallNamespace(name, namespace, installNamespace string) *addonv1alpha1.ManagedClusterAddOn {
+	addon := &addonv1alpha1.ManagedClusterAddOn{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Spec: addonv1alpha1.ManagedClusterAddOnSpec{
+			InstallNamespace: name,
+		},
+	}
+	addon.Spec.InstallNamespace = installNamespace
+	return addon
+}
diff --git a/pkg/addon/manager/manifests/templates/image_pull_secret.yaml b/pkg/addon/manager/manifests/templates/image_pull_secret.yaml
index 9f0b5f4..0db47f6 100644
--- a/pkg/addon/manager/manifests/templates/image_pull_secret.yaml
+++ b/pkg/addon/manager/manifests/templates/image_pull_secret.yaml
@@ -1,3 +1,5 @@
+# should not overwrite the pull secret if it is the default namespace
+{{ if ne .AddonInstallNamespace "open-cluster-management-agent-addon" }}
 {{ if .ImagePullSecretData }}
 apiVersion: v1
 kind: Secret
@@ -8,3 +10,4 @@ type:  kubernetes.io/dockerconfigjson
 data:
   ".dockerconfigjson": {{ .ImagePullSecretData }}
 {{ end }}
+{{ end }}
diff --git a/pkg/addon/manager/manifests/templates/namespace.yaml b/pkg/addon/manager/manifests/templates/namespace.yaml
index c31eeac..ade7478 100644
--- a/pkg/addon/manager/manifests/templates/namespace.yaml
+++ b/pkg/addon/manager/manifests/templates/namespace.yaml
@@ -2,3 +2,5 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: {{ .AddonInstallNamespace }}
+  annotations:
+    addon.open-cluster-management.io/deletion-orphan: ""