github.com/redhat-appstudio/e2e-tests@v0.0.0-20240520140907-9709f6f59323/pkg/clients/spi/access_token_bindings.go

github.com/redhat-appstudio/e2e-tests@v0.0.0-20240520140907-9709f6f59323/pkg/clients/spi/access_token_bindings.go (about)

     1  package spi
     2  
     3  import (
     4  	"context"
     5  	"time"
     6  
     7  	rs "github.com/redhat-appstudio/remote-secret/api/v1beta1"
     8  	spi "github.com/redhat-appstudio/service-provider-integration-operator/api/v1beta1"
     9  	v1 "k8s.io/api/core/v1"
    10  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    11  	"k8s.io/apimachinery/pkg/types"
    12  	"sigs.k8s.io/controller-runtime/pkg/client"
    13  )
    14  
    15  // CreateSPIAccessTokenBinding creates an SPIAccessTokenBinding object
    16  func (s *SPIController) CreateSPIAccessTokenBinding(name, namespace, repoURL, secretName string, secretType v1.SecretType) (*spi.SPIAccessTokenBinding, error) {
    17  	spiAccessTokenBinding := spi.SPIAccessTokenBinding{
    18  		ObjectMeta: metav1.ObjectMeta{
    19  			GenerateName: name,
    20  			Namespace:    namespace,
    21  		},
    22  		Spec: spi.SPIAccessTokenBindingSpec{
    23  			Permissions: spi.Permissions{
    24  				Required: []spi.Permission{
    25  					{
    26  						Type: spi.PermissionTypeReadWrite,
    27  						Area: spi.PermissionAreaRepository,
    28  					},
    29  				},
    30  			},
    31  			RepoUrl: repoURL,
    32  			Secret: spi.SecretSpec{
    33  				LinkableSecretSpec: rs.LinkableSecretSpec{
    34  					Name: secretName,
    35  					Type: secretType,
    36  				},
    37  			},
    38  		},
    39  	}
    40  	ctx, cancel := context.WithTimeout(context.Background(), time.Minute*1)
    41  	defer cancel()
    42  	err := s.KubeRest().Create(ctx, &spiAccessTokenBinding)
    43  	if err != nil {
    44  		return nil, err
    45  	}
    46  	return &spiAccessTokenBinding, nil
    47  }
    48  
    49  // CreateSPIAccessTokenBindingWithSA creates SPIAccessTokenBinding with secret linked to a service account
    50  // There are three ways of linking a secret to a service account:
    51  // - Linking a secret to an existing service account
    52  // - Linking a secret to an existing service account as image pull secret
    53  // - Using a managed service account
    54  func (s *SPIController) CreateSPIAccessTokenBindingWithSA(name, namespace, serviceAccountName, repoURL, secretName string, isImagePullSecret, isManagedServiceAccount bool) (*spi.SPIAccessTokenBinding, error) {
    55  	spiAccessTokenBinding := spi.SPIAccessTokenBinding{
    56  		ObjectMeta: metav1.ObjectMeta{
    57  			GenerateName: name,
    58  			Namespace:    namespace,
    59  		},
    60  		Spec: spi.SPIAccessTokenBindingSpec{
    61  			Permissions: spi.Permissions{
    62  				Required: []spi.Permission{
    63  					{
    64  						Type: spi.PermissionTypeReadWrite,
    65  						Area: spi.PermissionAreaRepository,
    66  					},
    67  				},
    68  			},
    69  			RepoUrl: repoURL,
    70  			Secret: spi.SecretSpec{
    71  				LinkableSecretSpec: rs.LinkableSecretSpec{
    72  					Name: secretName,
    73  					Type: "kubernetes.io/dockerconfigjson",
    74  					LinkedTo: []rs.SecretLink{
    75  						{
    76  							ServiceAccount: rs.ServiceAccountLink{
    77  								Reference: v1.LocalObjectReference{
    78  									Name: serviceAccountName,
    79  								},
    80  							},
    81  						},
    82  					},
    83  				},
    84  			},
    85  		},
    86  	}
    87  
    88  	if isImagePullSecret {
    89  		spiAccessTokenBinding.Spec.Secret.LinkedTo[0].ServiceAccount.As = rs.ServiceAccountLinkTypeImagePullSecret
    90  	}
    91  
    92  	if isManagedServiceAccount {
    93  		spiAccessTokenBinding.Spec.Secret.Type = "kubernetes.io/basic-auth"
    94  		spiAccessTokenBinding.Spec.Secret.LinkedTo = []rs.SecretLink{
    95  			{
    96  				ServiceAccount: rs.ServiceAccountLink{
    97  					Managed: rs.ManagedServiceAccountSpec{
    98  						GenerateName: serviceAccountName,
    99  					},
   100  				},
   101  			},
   102  		}
   103  	}
   104  
   105  	ctx, cancel := context.WithTimeout(context.Background(), time.Minute*1)
   106  	defer cancel()
   107  	err := s.KubeRest().Create(ctx, &spiAccessTokenBinding)
   108  	if err != nil {
   109  		return nil, err
   110  	}
   111  	return &spiAccessTokenBinding, nil
   112  }
   113  
   114  // GetSPIAccessTokenBinding returns the requested SPIAccessTokenBinding object
   115  func (s *SPIController) GetSPIAccessTokenBinding(name, namespace string) (*spi.SPIAccessTokenBinding, error) {
   116  	namespacedName := types.NamespacedName{
   117  		Name:      name,
   118  		Namespace: namespace,
   119  	}
   120  
   121  	spiAccessTokenBinding := spi.SPIAccessTokenBinding{
   122  		Spec: spi.SPIAccessTokenBindingSpec{},
   123  	}
   124  	err := s.KubeRest().Get(context.Background(), namespacedName, &spiAccessTokenBinding)
   125  	if err != nil {
   126  		return nil, err
   127  	}
   128  	return &spiAccessTokenBinding, nil
   129  }
   130  
   131  // Remove all SPIAccessTokenBinding from a given namespace. Useful when creating a lot of resources and wanting to remove all of them
   132  func (s *SPIController) DeleteAllBindingTokensInASpecificNamespace(namespace string) error {
   133  	return s.KubeRest().DeleteAllOf(context.Background(), &spi.SPIAccessTokenBinding{}, client.InNamespace(namespace))
   134  }