github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/caas/kubernetes/provider/resources/clusterrolebinding_test.go (about) 1 // Copyright 2021 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package resources_test 5 6 import ( 7 "context" 8 9 "github.com/juju/errors" 10 jc "github.com/juju/testing/checkers" 11 gc "gopkg.in/check.v1" 12 rbacv1 "k8s.io/api/rbac/v1" 13 k8serrors "k8s.io/apimachinery/pkg/api/errors" 14 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 15 16 "github.com/juju/juju/caas/kubernetes/provider/resources" 17 ) 18 19 type clusterRoleBindingSuite struct { 20 resourceSuite 21 } 22 23 var _ = gc.Suite(&clusterRoleBindingSuite{}) 24 25 func (s *clusterRoleBindingSuite) TestApply(c *gc.C) { 26 roleBinding := &rbacv1.ClusterRoleBinding{ 27 ObjectMeta: metav1.ObjectMeta{ 28 Name: "roleBinding1", 29 }, 30 } 31 // Create. 32 rbResource := resources.NewClusterRoleBinding("roleBinding1", roleBinding) 33 c.Assert(rbResource.Apply(context.TODO(), s.client), jc.ErrorIsNil) 34 result, err := s.client.RbacV1().ClusterRoleBindings().Get(context.TODO(), "roleBinding1", metav1.GetOptions{}) 35 c.Assert(err, jc.ErrorIsNil) 36 c.Assert(len(result.GetAnnotations()), gc.Equals, 0) 37 38 // Update. 39 roleBinding.SetAnnotations(map[string]string{"a": "b"}) 40 rbResource = resources.NewClusterRoleBinding("roleBinding1", roleBinding) 41 c.Assert(rbResource.Apply(context.TODO(), s.client), jc.ErrorIsNil) 42 43 result, err = s.client.RbacV1().ClusterRoleBindings().Get(context.TODO(), "roleBinding1", metav1.GetOptions{}) 44 c.Assert(err, jc.ErrorIsNil) 45 c.Assert(result.GetName(), gc.Equals, `roleBinding1`) 46 c.Assert(result.GetAnnotations(), gc.DeepEquals, map[string]string{"a": "b"}) 47 } 48 49 func (s *clusterRoleBindingSuite) TestGet(c *gc.C) { 50 template := rbacv1.ClusterRoleBinding{ 51 ObjectMeta: metav1.ObjectMeta{ 52 Name: "roleBinding1", 53 }, 54 } 55 roleBinding1 := template 56 roleBinding1.SetAnnotations(map[string]string{"a": "b"}) 57 _, err := s.client.RbacV1().ClusterRoleBindings().Create(context.TODO(), &roleBinding1, metav1.CreateOptions{}) 58 c.Assert(err, jc.ErrorIsNil) 59 60 rbResource := resources.NewClusterRoleBinding("roleBinding1", &template) 61 c.Assert(len(rbResource.GetAnnotations()), gc.Equals, 0) 62 err = rbResource.Get(context.TODO(), s.client) 63 c.Assert(err, jc.ErrorIsNil) 64 c.Assert(rbResource.GetName(), gc.Equals, `roleBinding1`) 65 c.Assert(rbResource.GetAnnotations(), gc.DeepEquals, map[string]string{"a": "b"}) 66 } 67 68 func (s *clusterRoleBindingSuite) TestDelete(c *gc.C) { 69 roleBinding := rbacv1.ClusterRoleBinding{ 70 ObjectMeta: metav1.ObjectMeta{ 71 Name: "roleBinding1", 72 }, 73 } 74 _, err := s.client.RbacV1().ClusterRoleBindings().Create(context.TODO(), &roleBinding, metav1.CreateOptions{}) 75 c.Assert(err, jc.ErrorIsNil) 76 77 result, err := s.client.RbacV1().ClusterRoleBindings().Get(context.TODO(), "roleBinding1", metav1.GetOptions{}) 78 c.Assert(err, jc.ErrorIsNil) 79 c.Assert(result.GetName(), gc.Equals, `roleBinding1`) 80 81 rbResource := resources.NewClusterRoleBinding("roleBinding1", &roleBinding) 82 err = rbResource.Delete(context.TODO(), s.client) 83 c.Assert(err, jc.ErrorIsNil) 84 85 err = rbResource.Get(context.TODO(), s.client) 86 c.Assert(err, jc.Satisfies, errors.IsNotFound) 87 88 _, err = s.client.RbacV1().ClusterRoleBindings().Get(context.TODO(), "roleBinding1", metav1.GetOptions{}) 89 c.Assert(err, jc.Satisfies, k8serrors.IsNotFound) 90 } 91 92 func (s *clusterRoleBindingSuite) TestDeleteWithoutPreconditions(c *gc.C) { 93 roleBinding := rbacv1.ClusterRoleBinding{ 94 ObjectMeta: metav1.ObjectMeta{ 95 Name: "roleBinding1", 96 }, 97 } 98 _, err := s.client.RbacV1().ClusterRoleBindings().Create(context.TODO(), &roleBinding, metav1.CreateOptions{}) 99 c.Assert(err, jc.ErrorIsNil) 100 101 result, err := s.client.RbacV1().ClusterRoleBindings().Get(context.TODO(), "roleBinding1", metav1.GetOptions{}) 102 c.Assert(err, jc.ErrorIsNil) 103 c.Assert(result.GetName(), gc.Equals, `roleBinding1`) 104 105 rbResource := resources.NewClusterRoleBinding("roleBinding1", nil) 106 err = rbResource.Delete(context.TODO(), s.client) 107 c.Assert(err, jc.ErrorIsNil) 108 109 err = rbResource.Get(context.TODO(), s.client) 110 c.Assert(err, jc.Satisfies, errors.IsNotFound) 111 112 _, err = s.client.RbacV1().ClusterRoleBindings().Get(context.TODO(), "roleBinding1", metav1.GetOptions{}) 113 c.Assert(err, jc.Satisfies, k8serrors.IsNotFound) 114 } 115 116 // This test ensures that there has not been a regression with ensure cluster 117 // role where it can not update roles that have a labels change. 118 // https://bugs.launchpad.net/juju/+bug/1929909 119 func (s *clusterRoleBindingSuite) TestEnsureClusterRoleBindingRegressionOnLabelChange(c *gc.C) { 120 clusterRoleBinding := &rbacv1.ClusterRoleBinding{ 121 ObjectMeta: metav1.ObjectMeta{ 122 Name: "test", 123 Labels: map[string]string{ 124 "foo": "bar", 125 }, 126 }, 127 } 128 129 crbApi := resources.NewClusterRoleBinding("test", clusterRoleBinding) 130 _, err := crbApi.Ensure( 131 context.TODO(), 132 s.client, 133 resources.ClaimFn(func(_ interface{}) (bool, error) { return true, nil }), 134 ) 135 c.Assert(err, jc.ErrorIsNil) 136 137 rroleBinding, err := s.client.RbacV1().ClusterRoleBindings().Get( 138 context.TODO(), 139 "test", 140 metav1.GetOptions{}, 141 ) 142 143 c.Assert(err, jc.ErrorIsNil) 144 c.Assert(rroleBinding, jc.DeepEquals, clusterRoleBinding) 145 146 crbApi.ClusterRoleBinding.ObjectMeta.Labels = map[string]string{ 147 "new-label": "new-value", 148 } 149 150 crbApi.Ensure( 151 context.TODO(), 152 s.client, 153 resources.ClaimFn(func(_ interface{}) (bool, error) { return true, nil }), 154 ) 155 c.Assert(err, jc.ErrorIsNil) 156 157 rroleBinding, err = s.client.RbacV1().ClusterRoleBindings().Get( 158 context.TODO(), 159 "test", 160 metav1.GetOptions{}, 161 ) 162 163 c.Assert(err, jc.ErrorIsNil) 164 c.Assert(rroleBinding, jc.DeepEquals, &crbApi.ClusterRoleBinding) 165 } 166 167 func (s *clusterRoleBindingSuite) TestEnsureRecreatesOnRoleRefChange(c *gc.C) { 168 clusterRoleBinding := resources.NewClusterRoleBinding( 169 "test", 170 &rbacv1.ClusterRoleBinding{ 171 ObjectMeta: metav1.ObjectMeta{ 172 Name: "test", 173 Labels: map[string]string{ 174 "foo": "bar", 175 }, 176 ResourceVersion: "1", 177 }, 178 Subjects: []rbacv1.Subject{ 179 { 180 Kind: "test", 181 APIGroup: "api", 182 Name: "test", 183 Namespace: "test", 184 }, 185 }, 186 RoleRef: rbacv1.RoleRef{ 187 APIGroup: "test", 188 Kind: "test", 189 Name: "test", 190 }, 191 }, 192 ) 193 194 _, err := clusterRoleBinding.Ensure( 195 context.TODO(), 196 s.client, 197 resources.ClaimFn(func(_ interface{}) (bool, error) { return true, nil }), 198 ) 199 c.Assert(err, jc.ErrorIsNil) 200 201 rval, err := s.client.RbacV1().ClusterRoleBindings().Get( 202 context.TODO(), 203 "test", 204 metav1.GetOptions{}, 205 ) 206 c.Assert(err, jc.ErrorIsNil) 207 c.Assert(rval.ObjectMeta.ResourceVersion, gc.Equals, "1") 208 209 clusterRoleBinding1 := resources.NewClusterRoleBinding( 210 "test", 211 &rbacv1.ClusterRoleBinding{ 212 ObjectMeta: metav1.ObjectMeta{ 213 Name: "test", 214 Labels: map[string]string{ 215 "foo": "bar", 216 }, 217 }, 218 Subjects: []rbacv1.Subject{ 219 { 220 Kind: "test", 221 APIGroup: "api", 222 Name: "test", 223 Namespace: "test", 224 }, 225 }, 226 RoleRef: rbacv1.RoleRef{ 227 APIGroup: "test1", 228 Kind: "test1", 229 Name: "test1", 230 }, 231 }, 232 ) 233 234 _, err = clusterRoleBinding1.Ensure( 235 context.TODO(), 236 s.client, 237 resources.ClaimFn(func(_ interface{}) (bool, error) { return true, nil }), 238 ) 239 c.Assert(err, jc.ErrorIsNil) 240 }