Skip to content

Commit 2654a78

Browse files
committed
Add e2e for the managed label modification
Signed-off-by: chiragkyal <ckyal@redhat.com>
1 parent 8c5fe48 commit 2654a78

1 file changed

Lines changed: 112 additions & 0 deletions

File tree

test/e2e/e2e_test.go

Lines changed: 112 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1056,6 +1056,118 @@ var _ = Describe("External Secrets Operator End-to-End test scenarios", Ordered,
10561056

10571057
})
10581058

1059+
Context("Managed Label Restoration", Label("Platform:Generic"), func() {
1060+
const (
1061+
managedLabelKey = "app"
1062+
managedLabelValue = "external-secrets"
1063+
)
1064+
1065+
It("should restore the app=external-secrets label on a ServiceAccount after external removal", func() {
1066+
saName := "external-secrets"
1067+
1068+
By("Verifying ServiceAccount has the managed label initially")
1069+
Eventually(func(g Gomega) {
1070+
sa, err := clientset.CoreV1().ServiceAccounts(operandNamespace).Get(ctx, saName, metav1.GetOptions{})
1071+
g.Expect(err).NotTo(HaveOccurred())
1072+
g.Expect(sa.Labels).To(HaveKeyWithValue(managedLabelKey, managedLabelValue))
1073+
}, time.Minute, 5*time.Second).Should(Succeed())
1074+
1075+
By("Removing the managed label from the ServiceAccount")
1076+
Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error {
1077+
sa, err := clientset.CoreV1().ServiceAccounts(operandNamespace).Get(ctx, saName, metav1.GetOptions{})
1078+
if err != nil {
1079+
return err
1080+
}
1081+
delete(sa.Labels, managedLabelKey)
1082+
_, err = clientset.CoreV1().ServiceAccounts(operandNamespace).Update(ctx, sa, metav1.UpdateOptions{})
1083+
return err
1084+
})).To(Succeed(), "should remove the managed label")
1085+
1086+
By("Waiting for operator to restore the managed label")
1087+
Eventually(func(g Gomega) {
1088+
sa, err := clientset.CoreV1().ServiceAccounts(operandNamespace).Get(ctx, saName, metav1.GetOptions{})
1089+
g.Expect(err).NotTo(HaveOccurred())
1090+
g.Expect(sa.Labels).To(HaveKeyWithValue(managedLabelKey, managedLabelValue),
1091+
"operator should restore app=external-secrets on ServiceAccount %s", saName)
1092+
}, 2*time.Minute, 5*time.Second).Should(Succeed())
1093+
})
1094+
1095+
It("should restore the app=external-secrets label on a Role after external removal", func() {
1096+
roleName := "external-secrets"
1097+
1098+
By("Verifying Role has the managed label initially")
1099+
Eventually(func(g Gomega) {
1100+
role, err := clientset.RbacV1().Roles(operandNamespace).Get(ctx, roleName, metav1.GetOptions{})
1101+
g.Expect(err).NotTo(HaveOccurred())
1102+
g.Expect(role.Labels).To(HaveKeyWithValue(managedLabelKey, managedLabelValue))
1103+
}, time.Minute, 5*time.Second).Should(Succeed())
1104+
1105+
By("Removing the managed label from the Role")
1106+
Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error {
1107+
role, err := clientset.RbacV1().Roles(operandNamespace).Get(ctx, roleName, metav1.GetOptions{})
1108+
if err != nil {
1109+
return err
1110+
}
1111+
delete(role.Labels, managedLabelKey)
1112+
_, err = clientset.RbacV1().Roles(operandNamespace).Update(ctx, role, metav1.UpdateOptions{})
1113+
return err
1114+
})).To(Succeed(), "should remove the managed label")
1115+
1116+
By("Waiting for operator to restore the managed label")
1117+
Eventually(func(g Gomega) {
1118+
role, err := clientset.RbacV1().Roles(operandNamespace).Get(ctx, roleName, metav1.GetOptions{})
1119+
g.Expect(err).NotTo(HaveOccurred())
1120+
g.Expect(role.Labels).To(HaveKeyWithValue(managedLabelKey, managedLabelValue),
1121+
"operator should restore app=external-secrets on Role %s", roleName)
1122+
}, 2*time.Minute, 5*time.Second).Should(Succeed())
1123+
})
1124+
1125+
It("should restore the app=external-secrets label on a Deployment after external removal", func() {
1126+
depName := "external-secrets"
1127+
1128+
By("Verifying Deployment has the managed label initially")
1129+
Eventually(func(g Gomega) {
1130+
dep, err := clientset.AppsV1().Deployments(operandNamespace).Get(ctx, depName, metav1.GetOptions{})
1131+
g.Expect(err).NotTo(HaveOccurred())
1132+
g.Expect(dep.Labels).To(HaveKeyWithValue(managedLabelKey, managedLabelValue))
1133+
}, time.Minute, 5*time.Second).Should(Succeed())
1134+
1135+
By("Removing the managed label from the Deployment")
1136+
Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error {
1137+
dep, err := clientset.AppsV1().Deployments(operandNamespace).Get(ctx, depName, metav1.GetOptions{})
1138+
if err != nil {
1139+
return err
1140+
}
1141+
delete(dep.Labels, managedLabelKey)
1142+
_, err = clientset.AppsV1().Deployments(operandNamespace).Update(ctx, dep, metav1.UpdateOptions{})
1143+
return err
1144+
})).To(Succeed(), "should remove the managed label")
1145+
1146+
By("Waiting for operator to restore the managed label")
1147+
Eventually(func(g Gomega) {
1148+
dep, err := clientset.AppsV1().Deployments(operandNamespace).Get(ctx, depName, metav1.GetOptions{})
1149+
g.Expect(err).NotTo(HaveOccurred())
1150+
g.Expect(dep.Labels).To(HaveKeyWithValue(managedLabelKey, managedLabelValue),
1151+
"operator should restore app=external-secrets on Deployment %s", depName)
1152+
}, 2*time.Minute, 5*time.Second).Should(Succeed())
1153+
})
1154+
1155+
It("should keep ExternalSecretsConfig in Ready state after label restoration", func() {
1156+
By("Verifying ExternalSecretsConfig is Ready and not Degraded")
1157+
Expect(utils.WaitForExternalSecretsConfigReady(ctx, dynamicClient, "cluster", 2*time.Minute)).To(Succeed(),
1158+
"ExternalSecretsConfig should remain Ready after label tampering and restoration")
1159+
})
1160+
1161+
It("should keep operand pods running after label restoration", func() {
1162+
By("Verifying operand pods are still ready")
1163+
Expect(utils.VerifyPodsReadyByPrefix(ctx, clientset, operandNamespace, []string{
1164+
operandCoreControllerPodPrefix,
1165+
operandCertControllerPodPrefix,
1166+
operandWebhookPodPrefix,
1167+
})).To(Succeed(), "operand pods should still be running after label restoration")
1168+
})
1169+
})
1170+
10591171
AfterAll(func() {
10601172
By("Deleting the externalsecrets.openshift.operator.io/cluster CR")
10611173
loader.DeleteFromFile(testassets.ReadFile, externalSecretsFile, "")

0 commit comments

Comments
 (0)