Skip to content

Commit c2f59e9

Browse files
openshift-cherrypick-robotnmirasch
openshift-cherrypick-robot
and
nmirasch
authored
Downstream testing tokenRef default Restrictions for ApplicationSet Any-Namespace Mode (#1169)
Assisted-by: Cursor Signed-off-by: nmirasch <neus.miras@gmail.com> Co-authored-by: nmirasch <neus.miras@gmail.com>
1 parent fbd51d5 commit c2f59e9

1 file changed

Lines changed: 92 additions & 6 deletions

File tree

test/openshift/e2e/ginkgo/sequential/1-037_validate_applicationset_in_any_namespace_test.go

Lines changed: 92 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ import (
1515
appprojectFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/appproject"
1616
argocdFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/argocd"
1717
clusterroleFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/clusterrole"
18+
configmapFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/configmap"
1819
deploymentFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/deployment"
1920
k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s"
2021
namespaceFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/namespace"
@@ -44,6 +45,10 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
4445
BeforeEach(func() {
4546

4647
fixture.EnsureSequentialCleanSlate()
48+
49+
fixture.SetEnvInOperatorSubscriptionOrDeployment("ARGOCD_CLUSTER_CONFIG_NAMESPACES",
50+
"openshift-gitops, argocd-e2e-cluster-config, appset-argocd, appset-old-ns, appset-new-ns, appset-argocd-clusterrole, appset-target-ns")
51+
4752
k8sClient, _ = utils.GetE2ETestKubeClient()
4853
ctx = context.Background()
4954
})
@@ -62,8 +67,6 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
6267

6368
It("verifying that ArgoCD CR '.spec.applicationset.sourcenamespaces' and '.spec.sourcenamespaces' correctly control role/rolebindings within the managed namespaces", func() {
6469

65-
fixture.SetEnvInOperatorSubscriptionOrDeployment("ARGOCD_CLUSTER_CONFIG_NAMESPACES", "openshift-gitops, argocd-e2e-cluster-config, appset-argocd, appset-old-ns, appset-new-ns")
66-
6770
By("0) create namespaces: appset-argocd, appset-old-ns, appset-new-ns")
6871

6972
appset_argocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("appset-argocd")
@@ -746,8 +749,6 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
746749

747750
By("0) create namespaces: appset-argocd, team-1, team-2, team-frontend, team-backend, other-ns")
748751

749-
fixture.SetEnvInOperatorSubscriptionOrDeployment("ARGOCD_CLUSTER_CONFIG_NAMESPACES", "openshift-gitops, argocd-e2e-cluster-config, appset-argocd")
750-
751752
appset_wildcard_argocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("appset-argocd")
752753
cleanupFunctions = append(cleanupFunctions, cleanupFunc)
753754

@@ -981,8 +982,6 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
981982

982983
It("verifies ApplicationSet clusterrole rules and creates appset/app in another namespace", func() {
983984

984-
fixture.SetEnvInOperatorSubscriptionOrDeployment("ARGOCD_CLUSTER_CONFIG_NAMESPACES", "openshift-gitops, argocd-e2e-cluster-config, appset-argocd-clusterrole,appset-target-ns")
985-
986985
By("creating Argo CD namespace and target source namespace")
987986
argoNamespace, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("appset-argocd-clusterrole")
988987
cleanupFunctions = append(cleanupFunctions, cleanupFunc)
@@ -1194,5 +1193,92 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
11941193
Eventually(appset).Should(k8sFixture.NotExistByName())
11951194
})
11961195

1196+
It("defaults tokenRef strict mode to true when applicationSet sourceNamespaces are configured", func() {
1197+
appsetArgocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("appset-argocd")
1198+
cleanupFunctions = append(cleanupFunctions, cleanupFunc)
1199+
1200+
targetNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("appset-target-ns")
1201+
cleanupFunctions = append(cleanupFunctions, cleanupFunc)
1202+
1203+
argoCD := &v1beta1.ArgoCD{
1204+
ObjectMeta: metav1.ObjectMeta{
1205+
Name: "tokenref-strict-true",
1206+
Namespace: appsetArgocdNS.Name,
1207+
},
1208+
Spec: v1beta1.ArgoCDSpec{
1209+
ApplicationSet: &v1beta1.ArgoCDApplicationSet{
1210+
SourceNamespaces: []string{targetNS.Name},
1211+
},
1212+
},
1213+
}
1214+
Expect(k8sClient.Create(ctx, argoCD)).To(Succeed())
1215+
1216+
cmdParamsCM := &corev1.ConfigMap{
1217+
ObjectMeta: metav1.ObjectMeta{
1218+
Name: common.ArgoCDCmdParamsConfigMapName,
1219+
Namespace: argoCD.Namespace,
1220+
},
1221+
}
1222+
Eventually(cmdParamsCM, "3m", "5s").Should(configmapFixture.HaveStringDataKeyValue(common.ArgoCDApplicationSetControllerTokenRefStrictModeCmdParamKey, "true"))
1223+
})
1224+
1225+
It("defaults tokenRef strict mode to false when applicationSet sourceNamespaces are empty on create", func() {
1226+
appsetArgocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("appset-argocd")
1227+
cleanupFunctions = append(cleanupFunctions, cleanupFunc)
1228+
1229+
argoCD := &v1beta1.ArgoCD{
1230+
ObjectMeta: metav1.ObjectMeta{
1231+
Name: "tokenref-strict-false-empty",
1232+
Namespace: appsetArgocdNS.Name,
1233+
},
1234+
Spec: v1beta1.ArgoCDSpec{
1235+
ApplicationSet: &v1beta1.ArgoCDApplicationSet{
1236+
SourceNamespaces: []string{},
1237+
},
1238+
},
1239+
}
1240+
Expect(k8sClient.Create(ctx, argoCD)).To(Succeed())
1241+
1242+
cmdParamsCM := &corev1.ConfigMap{
1243+
ObjectMeta: metav1.ObjectMeta{
1244+
Name: common.ArgoCDCmdParamsConfigMapName,
1245+
Namespace: argoCD.Namespace,
1246+
},
1247+
}
1248+
Eventually(cmdParamsCM, "3m", "5s").Should(configmapFixture.HaveStringDataKeyValue(common.ArgoCDApplicationSetControllerTokenRefStrictModeCmdParamKey, "false"))
1249+
})
1250+
1251+
It("spec.cmdParams overrides tokenRef strict mode default", func() {
1252+
appsetArgocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("appset-argocd")
1253+
cleanupFunctions = append(cleanupFunctions, cleanupFunc)
1254+
1255+
targetNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("appset-target-ns")
1256+
cleanupFunctions = append(cleanupFunctions, cleanupFunc)
1257+
1258+
argoCD := &v1beta1.ArgoCD{
1259+
ObjectMeta: metav1.ObjectMeta{
1260+
Name: "tokenref-strict-optout",
1261+
Namespace: appsetArgocdNS.Name,
1262+
},
1263+
Spec: v1beta1.ArgoCDSpec{
1264+
ApplicationSet: &v1beta1.ArgoCDApplicationSet{
1265+
SourceNamespaces: []string{targetNS.Name},
1266+
},
1267+
CmdParams: map[string]string{
1268+
common.ArgoCDApplicationSetControllerTokenRefStrictModeCmdParamKey: "false",
1269+
},
1270+
},
1271+
}
1272+
Expect(k8sClient.Create(ctx, argoCD)).To(Succeed())
1273+
1274+
cmdParamsCM := &corev1.ConfigMap{
1275+
ObjectMeta: metav1.ObjectMeta{
1276+
Name: common.ArgoCDCmdParamsConfigMapName,
1277+
Namespace: argoCD.Namespace,
1278+
},
1279+
}
1280+
Eventually(cmdParamsCM, "3m", "5s").Should(configmapFixture.HaveStringDataKeyValue(common.ArgoCDApplicationSetControllerTokenRefStrictModeCmdParamKey, "false"))
1281+
})
1282+
11971283
})
11981284
})

0 commit comments

Comments
 (0)