github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/caas/kubernetes/provider/resources/clusterrole_test.go (about)

     1  // Copyright 2021 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package resources_test
     5  
     6  import (
     7  	"context"
     8  
     9  	"github.com/juju/errors"
    10  	jc "github.com/juju/testing/checkers"
    11  	gc "gopkg.in/check.v1"
    12  	rbacv1 "k8s.io/api/rbac/v1"
    13  	k8serrors "k8s.io/apimachinery/pkg/api/errors"
    14  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    15  
    16  	"github.com/juju/juju/caas/kubernetes/provider/resources"
    17  )
    18  
    19  type clusterRoleSuite struct {
    20  	resourceSuite
    21  }
    22  
    23  var _ = gc.Suite(&clusterRoleSuite{})
    24  
    25  func (s *clusterRoleSuite) TestApply(c *gc.C) {
    26  	role := &rbacv1.ClusterRole{
    27  		ObjectMeta: metav1.ObjectMeta{
    28  			Name: "role1",
    29  		},
    30  	}
    31  	// Create.
    32  	clusterRoleResource := resources.NewClusterRole("role1", role)
    33  	c.Assert(clusterRoleResource.Apply(context.TODO(), s.client), jc.ErrorIsNil)
    34  	result, err := s.client.RbacV1().ClusterRoles().Get(context.TODO(), "role1", metav1.GetOptions{})
    35  	c.Assert(err, jc.ErrorIsNil)
    36  	c.Assert(len(result.GetAnnotations()), gc.Equals, 0)
    37  
    38  	// Update.
    39  	role.SetAnnotations(map[string]string{"a": "b"})
    40  	clusterRoleResource = resources.NewClusterRole("role1", role)
    41  	c.Assert(clusterRoleResource.Apply(context.TODO(), s.client), jc.ErrorIsNil)
    42  
    43  	result, err = s.client.RbacV1().ClusterRoles().Get(context.TODO(), "role1", metav1.GetOptions{})
    44  	c.Assert(err, jc.ErrorIsNil)
    45  	c.Assert(result.GetName(), gc.Equals, `role1`)
    46  	c.Assert(result.GetAnnotations(), gc.DeepEquals, map[string]string{"a": "b"})
    47  }
    48  
    49  func (s *clusterRoleSuite) TestGet(c *gc.C) {
    50  	template := rbacv1.ClusterRole{
    51  		ObjectMeta: metav1.ObjectMeta{
    52  			Name: "role1",
    53  		},
    54  	}
    55  	role1 := template
    56  	role1.SetAnnotations(map[string]string{"a": "b"})
    57  	_, err := s.client.RbacV1().ClusterRoles().Create(context.TODO(), &role1, metav1.CreateOptions{})
    58  	c.Assert(err, jc.ErrorIsNil)
    59  
    60  	roleResource := resources.NewClusterRole("role1", &template)
    61  	c.Assert(len(roleResource.GetAnnotations()), gc.Equals, 0)
    62  	err = roleResource.Get(context.TODO(), s.client)
    63  	c.Assert(err, jc.ErrorIsNil)
    64  	c.Assert(roleResource.GetName(), gc.Equals, `role1`)
    65  	c.Assert(roleResource.GetAnnotations(), gc.DeepEquals, map[string]string{"a": "b"})
    66  }
    67  
    68  func (s *clusterRoleSuite) TestDelete(c *gc.C) {
    69  	role := rbacv1.ClusterRole{
    70  		ObjectMeta: metav1.ObjectMeta{
    71  			Name: "role1",
    72  		},
    73  	}
    74  	_, err := s.client.RbacV1().ClusterRoles().Create(context.TODO(), &role, metav1.CreateOptions{})
    75  	c.Assert(err, jc.ErrorIsNil)
    76  
    77  	result, err := s.client.RbacV1().ClusterRoles().Get(context.TODO(), "role1", metav1.GetOptions{})
    78  	c.Assert(err, jc.ErrorIsNil)
    79  	c.Assert(result.GetName(), gc.Equals, `role1`)
    80  
    81  	roleResource := resources.NewClusterRole("role1", &role)
    82  	err = roleResource.Delete(context.TODO(), s.client)
    83  	c.Assert(err, jc.ErrorIsNil)
    84  
    85  	err = roleResource.Get(context.TODO(), s.client)
    86  	c.Assert(err, jc.Satisfies, errors.IsNotFound)
    87  
    88  	_, err = s.client.RbacV1().ClusterRoles().Get(context.TODO(), "role1", metav1.GetOptions{})
    89  	c.Assert(err, jc.Satisfies, k8serrors.IsNotFound)
    90  }
    91  
    92  // This test ensures that there has not been a regression with ensure cluster
    93  // role where it can not update roles that have a labels change.
    94  // https://bugs.launchpad.net/juju/+bug/1929909
    95  func (s *clusterRoleSuite) TestEnsureClusterRoleRegressionOnLabelChange(c *gc.C) {
    96  	clusterRole := &rbacv1.ClusterRole{
    97  		ObjectMeta: metav1.ObjectMeta{
    98  			Name: "test",
    99  			Labels: map[string]string{
   100  				"foo": "bar",
   101  			},
   102  		},
   103  		Rules: []rbacv1.PolicyRule{
   104  			{
   105  				APIGroups: []string{""},
   106  				Resources: []string{"namespaces"},
   107  				Verbs:     []string{"get", "list"},
   108  			},
   109  			{
   110  				APIGroups: []string{"admissionregistration.k8s.io"},
   111  				Resources: []string{"mutatingwebhookconfigurations"},
   112  				Verbs: []string{
   113  					"create",
   114  					"delete",
   115  					"get",
   116  					"list",
   117  					"update",
   118  				},
   119  			},
   120  		},
   121  	}
   122  
   123  	crApi := resources.NewClusterRole("test", clusterRole)
   124  	_, err := crApi.Ensure(
   125  		context.TODO(),
   126  		s.client,
   127  		resources.ClaimFn(func(_ interface{}) (bool, error) { return true, nil }),
   128  	)
   129  	c.Assert(err, jc.ErrorIsNil)
   130  
   131  	rrole, err := s.client.RbacV1().ClusterRoles().Get(
   132  		context.TODO(),
   133  		"test",
   134  		metav1.GetOptions{},
   135  	)
   136  
   137  	c.Assert(err, jc.ErrorIsNil)
   138  	c.Assert(rrole, jc.DeepEquals, clusterRole)
   139  
   140  	crApi.ClusterRole.ObjectMeta.Labels = map[string]string{
   141  		"new-label": "new-value",
   142  	}
   143  
   144  	crApi.Ensure(
   145  		context.TODO(),
   146  		s.client,
   147  		resources.ClaimFn(func(_ interface{}) (bool, error) { return true, nil }),
   148  	)
   149  	c.Assert(err, jc.ErrorIsNil)
   150  
   151  	rrole, err = s.client.RbacV1().ClusterRoles().Get(
   152  		context.TODO(),
   153  		"test",
   154  		metav1.GetOptions{},
   155  	)
   156  
   157  	c.Assert(err, jc.ErrorIsNil)
   158  	c.Assert(rrole, jc.DeepEquals, &crApi.ClusterRole)
   159  }