github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-02-14 18:09:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(e2e): update tests to use v1beta1 version

Browse Source
This commit is contained in:
Maksim Fedotov
2021-07-01 12:30:08 +03:00
committed by Dario Tranchitella
parent e6b433dcd7
commit 44bf846260
36 changed files with 282 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
e2e/additional_role_bindings_test.go
View File

@@ -14,20 +14,20 @@ import (
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace with an additional Role Binding", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "additional-role-binding",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "dale",
Kind: "User",
},
AdditionalRoleBindings: []v1alpha1.AdditionalRoleBindings{
AdditionalRoleBindings: []capsulev1beta1.AdditionalRoleBindingsSpec{
{
ClusterRoleName: "crds-rolebinding",
Subjects: []rbacv1.Subject{

12
e2e/allowed_external_ips_test.go
View File

@@ -14,21 +14,21 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("enforcing an allowed set of Service external IPs", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "allowed-external-ip",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "google",
Kind: "User",
},
ExternalServiceIPs: &v1alpha1.ExternalServiceIPs{
Allowed: []v1alpha1.AllowedIP{
ExternalServiceIPs: &capsulev1beta1.ExternalServiceIPsSpec{
Allowed: []capsulev1beta1.AllowedIP{
"10.20.0.0/16",
"192.168.1.2/32",
},

10
e2e/container_registry_test.go
View File

@@ -14,20 +14,20 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("enforcing a Container Registry", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "container-registry",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "matt",
Kind: "User",
},
ContainerRegistries: &v1alpha1.AllowedListSpec{
ContainerRegistries: &capsulev1beta1.AllowedListSpec{
Exact: []string{"docker.io", "docker.tld"},
Regex: `quay\.\w+`,
},

16
e2e/custom_capsule_group_test.go
View File

@@ -12,16 +12,18 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace as Tenant owner with custom --capsule-group", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-assigned-custom-group",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "alice",
Kind: "User",
},
@@ -39,7 +41,7 @@ var _ = Describe("creating a Namespace as Tenant owner with custom --capsule-gro
})
It("should fail using a User non matching the capsule-user-group flag", func() {
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.UserGroups = []string{"test"}
})
@@ -48,7 +50,7 @@ var _ = Describe("creating a Namespace as Tenant owner with custom --capsule-gro
})
It("should succeed and be available in Tenant namespaces list with multiple groups", func() {
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.UserGroups = []string{"test", "alice"}
})
@@ -59,7 +61,7 @@ var _ = Describe("creating a Namespace as Tenant owner with custom --capsule-gro
})
It("should succeed and be available in Tenant namespaces list with default single group", func() {
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.UserGroups = []string{"capsule.clastix.io"}
})

12
e2e/disable_node_ports_test.go
View File

@@ -14,22 +14,20 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a nodePort service when it is disabled for Tenant", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "disable-node-ports",
Annotations: map[string]string{
"capsule.clastix.io/enable-node-ports": "false",
},
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "google",
Kind: "User",
},
EnableNodePorts: false,
},
}

8
e2e/enable_node_ports_test.go
View File

@@ -14,16 +14,16 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a nodePort service when it is enabled for Tenant", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "enable-node-ports",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "google",
Kind: "User",
},

20
e2e/force_tenant_prefix_test.go
View File

@@ -12,27 +12,29 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace with Tenant name prefix enforcement", func() {
t1 := &v1alpha1.Tenant{
t1 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "awesome",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "User",
},
},
}
t2 := &v1alpha1.Tenant{
t2 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "awesome-tenant",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "User",
},
@@ -49,7 +51,7 @@ var _ = Describe("creating a Namespace with Tenant name prefix enforcement", fun
return k8sClient.Create(context.TODO(), t2)
}).Should(Succeed())
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.ForceTenantPrefix = true
})
})
@@ -57,7 +59,7 @@ var _ = Describe("creating a Namespace with Tenant name prefix enforcement", fun
Expect(k8sClient.Delete(context.TODO(), t1)).Should(Succeed())
Expect(k8sClient.Delete(context.TODO(), t2)).Should(Succeed())
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.ForceTenantPrefix = false
})
})

25
e2e/imagepullpolicy_multiple_test.go
View File

@@ -13,22 +13,20 @@ import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("enforcing some defined ImagePullPolicy", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "image-pull-policies",
Annotations: map[string]string{
"capsule.clastix.io/allowed-image-pull-policy": "Always,IfNotPresent",
},
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "alex",
Kind: "User",
},
ImagePullPolicies: []capsulev1beta1.ImagePullPolicySpec{"Always", "IfNotPresent"},
},
}
@@ -57,8 +55,8 @@ var _ = Describe("enforcing some defined ImagePullPolicy", func() {
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
ImagePullPolicy: corev1.PullAlways,
},
},
@@ -72,7 +70,6 @@ var _ = Describe("enforcing some defined ImagePullPolicy", func() {
}).Should(Succeed())
})
By("allowing IfNotPresent", func() {
pod := &corev1.Pod{
ObjectMeta: metav1.ObjectMeta{
@@ -81,8 +78,8 @@ var _ = Describe("enforcing some defined ImagePullPolicy", func() {
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
ImagePullPolicy: corev1.PullIfNotPresent,
},
},
@@ -104,8 +101,8 @@ var _ = Describe("enforcing some defined ImagePullPolicy", func() {
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
ImagePullPolicy: corev1.PullNever,
},
},

25
e2e/imagepullpolicy_single_test.go
View File

@@ -13,22 +13,20 @@ import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("enforcing a defined ImagePullPolicy", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "image-pull-policy",
Annotations: map[string]string{
"capsule.clastix.io/allowed-image-pull-policy": "Always",
},
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "axel",
Kind: "User",
},
ImagePullPolicies: []capsulev1beta1.ImagePullPolicySpec{"Always"},
},
}
@@ -57,8 +55,8 @@ var _ = Describe("enforcing a defined ImagePullPolicy", func() {
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
ImagePullPolicy: corev1.PullAlways,
},
},
@@ -72,7 +70,6 @@ var _ = Describe("enforcing a defined ImagePullPolicy", func() {
}).Should(Succeed())
})
By("blocking IfNotPresent", func() {
pod := &corev1.Pod{
ObjectMeta: metav1.ObjectMeta{
@@ -81,8 +78,8 @@ var _ = Describe("enforcing a defined ImagePullPolicy", func() {
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
ImagePullPolicy: corev1.PullIfNotPresent,
},
},
@@ -104,8 +101,8 @@ var _ = Describe("enforcing a defined ImagePullPolicy", func() {
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
Name: "container",
Image: "gcr.io/google_containers/pause-amd64:3.0",
ImagePullPolicy: corev1.PullNever,
},
},

10
e2e/ingress_class_test.go
View File

@@ -15,20 +15,20 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/utils/pointer"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("when Tenant handles Ingress classes", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-class",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "ingress",
Kind: "User",
},
IngressClasses: &v1alpha1.AllowedListSpec{
IngressClasses: &capsulev1beta1.AllowedListSpec{
Exact: []string{
"nginx",
"haproxy",

16
e2e/ingress_hostnames_allowed_collision_test.go
View File

@@ -14,16 +14,18 @@ import (
networkingv1 "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("when handling Ingress hostnames collision", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-hostnames-allowed-collision",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "ingress-allowed",
Kind: "User",
},
@@ -68,7 +70,7 @@ var _ = Describe("when handling Ingress hostnames collision", func() {
return k8sClient.Create(context.TODO(), tnt)
}).Should(Succeed())
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.AllowIngressHostnameCollision = true
})
})
@@ -76,13 +78,13 @@ var _ = Describe("when handling Ingress hostnames collision", func() {
JustAfterEach(func() {
Expect(k8sClient.Delete(context.TODO(), tnt)).Should(Succeed())
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.AllowIngressHostnameCollision = false
})
})
It("should not allow creating several Ingress with same hostname", func() {
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.AllowIngressHostnameCollision = false
})

14
e2e/ingress_hostnames_denied_collision_test.go
View File

@@ -14,16 +14,18 @@ import (
networkingv1 "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("when handling Ingress hostnames collision", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-hostnames-denied-collision",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "ingress-denied",
Kind: "User",
},
@@ -67,14 +69,14 @@ var _ = Describe("when handling Ingress hostnames collision", func() {
return k8sClient.Create(context.TODO(), tnt)
}).Should(Succeed())
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.AllowIngressHostnameCollision = true
})
})
JustAfterEach(func() {
Expect(k8sClient.Delete(context.TODO(), tnt)).Should(Succeed())
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.AllowIngressHostnameCollision = false
})
})

13
e2e/ingress_hostnames_test.go
View File

@@ -16,21 +16,21 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("when Tenant handles Ingress hostnames", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "ingress-hostnames",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "hostname",
Kind: "User",
},
IngressHostnames: &v1alpha1.AllowedListSpec{
Exact: []string{"sigs.k8s.io", "operator.sdk", "domain.tld"},
IngressHostnames: &capsulev1beta1.AllowedListSpec{
Exact: []string{"sigs.k8s.io", "operator.sdk", "domain.tld"},
Regex: `.*\.clastix\.io`,
},
},
@@ -113,7 +113,6 @@ var _ = Describe("when Tenant handles Ingress hostnames", func() {
Expect(k8sClient.Delete(context.TODO(), tnt)).Should(Succeed())
})
It("should block a non allowed Hostname", func() {
maj, min, v := GetKubernetesSemVer()

8
e2e/missing_tenant_test.go
View File

@@ -12,14 +12,14 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace creation with no Tenant assigned", func() {
It("should fail", func() {
tnt := &v1alpha1.Tenant{
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
tnt := &capsulev1beta1.Tenant{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "missing",
Kind: "User",
},

8
e2e/namespace_capsule_label_test.go
View File

@@ -14,16 +14,16 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating several Namespaces for a Tenant", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "capsule-labels",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "charlie",
Kind: "User",
},

10
e2e/namespace_metadata_test.go
View File

@@ -13,20 +13,20 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace for a Tenant with additional metadata", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-metadata",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "gatsby",
Kind: "User",
},
NamespacesMetadata: v1alpha1.AdditionalMetadata{
NamespacesMetadata: &capsulev1beta1.AdditionalMetadataSpec{
AdditionalLabels: map[string]string{
"k8s.io/custom-label": "foo",
"clastix.io/custom-label": "bar",

8
e2e/new_namespace_test.go
View File

@@ -12,16 +12,16 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace as Tenant owner", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-assigned",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "alice",
Kind: "User",
},

8
e2e/overquota_namespace_test.go
View File

@@ -13,16 +13,16 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/pointer"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace in over-quota of three", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "over-quota-tenant",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "bob",
Kind: "User",
},

21
e2e/owner_webhooks_test.go
View File

@@ -17,26 +17,26 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("when Tenant owner interacts with the webhooks", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-owner",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "ruby",
Kind: "User",
},
StorageClasses: &v1alpha1.AllowedListSpec{
StorageClasses: &capsulev1beta1.AllowedListSpec{
Exact: []string{
"cephfs",
"glusterfs",
},
},
LimitRanges: []corev1.LimitRangeSpec{
LimitRanges: &capsulev1beta1.LimitRangesSpec{Items: []corev1.LimitRangeSpec{
{
Limits: []corev1.LimitRangeItem{
{
@@ -53,7 +53,8 @@ var _ = Describe("when Tenant owner interacts with the webhooks", func() {
},
},
},
NetworkPolicies: []networkingv1.NetworkPolicySpec{
},
NetworkPolicies: &capsulev1beta1.NetworkPolicySpec{Items: []networkingv1.NetworkPolicySpec{
{
Egress: []networkingv1.NetworkPolicyEgressRule{
{
@@ -73,13 +74,15 @@ var _ = Describe("when Tenant owner interacts with the webhooks", func() {
},
},
},
ResourceQuota: []corev1.ResourceQuotaSpec{
},
ResourceQuota: &capsulev1beta1.ResourceQuotaSpec{Items: []corev1.ResourceQuotaSpec{
{
Hard: map[corev1.ResourceName]resource.Quantity{
corev1.ResourcePods: resource.MustParse("10"),
},
},
},
},
},
}
JustBeforeEach(func() {
@@ -183,7 +186,7 @@ var _ = Describe("when Tenant owner interacts with the webhooks", func() {
ObjectMeta: metav1.ObjectMeta{
Name: "custom-network-policy",
},
Spec: tnt.Spec.NetworkPolicies[0],
Spec: tnt.Spec.NetworkPolicies.Items[0],
}
By("creating", func() {
Eventually(func() (err error) {

19
e2e/pod_priority_class_test.go
View File

@@ -8,28 +8,29 @@ package e2e
import (
"context"
"github.com/clastix/capsule/api/v1alpha1"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/scheduling/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("enforcing a Priority Class", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "priority-class",
Annotations: map[string]string{
"priorityclass.capsule.clastix.io/allowed": "gold",
"priorityclass.capsule.clastix.io/allowed-regex": "pc\\-\\w+",
},
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "george",
Kind: "User",
},
PriorityClasses: &capsulev1beta1.AllowedListSpec{
Exact: []string{"gold"},
Regex: "pc\\-\\w+",
},
},
}
@@ -113,7 +114,7 @@ var _ = Describe("enforcing a Priority Class", func() {
NamespaceCreation(ns, tnt, defaultTimeoutInterval).Should(Succeed())
for i, pc := range []string{"pc-bronze", "pc-silver", "pc-gold"} {
for i, pc := range []string{"pc-bronze", "pc-silver", "pc-gold"} {
class := &v1.PriorityClass{
ObjectMeta: metav1.ObjectMeta{
Name: pc,

14
e2e/protected_namespace_regex_test.go
View File

@@ -12,16 +12,18 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace with a protected Namespace regex enabled", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-protected-namespace",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "alice",
Kind: "User",
},
@@ -39,7 +41,7 @@ var _ = Describe("creating a Namespace with a protected Namespace regex enabled"
})
It("should succeed and be available in Tenant namespaces list", func() {
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.ProtectedNamespaceRegexpString = `^.*[-.]system$`
})
@@ -53,7 +55,7 @@ var _ = Describe("creating a Namespace with a protected Namespace regex enabled"
ns := NewNamespace("test-system")
NamespaceCreation(ns, tnt, defaultTimeoutInterval).ShouldNot(Succeed())
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.ProtectedNamespaceRegexpString = ""
})
})

14
e2e/resource_quota_exceeded_test.go
View File

@@ -18,20 +18,20 @@ import (
"k8s.io/apimachinery/pkg/types"
"k8s.io/utils/pointer"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("exceeding a Tenant resource quota", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-resources-changes",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "bobby",
Kind: "User",
},
LimitRanges: []corev1.LimitRangeSpec{
LimitRanges: &capsulev1beta1.LimitRangesSpec{Items: []corev1.LimitRangeSpec{
{
Limits: []corev1.LimitRangeItem{
{
@@ -76,7 +76,8 @@ var _ = Describe("exceeding a Tenant resource quota", func() {
},
},
},
ResourceQuota: []corev1.ResourceQuotaSpec{
},
ResourceQuota: &capsulev1beta1.ResourceQuotaSpec{Items: []corev1.ResourceQuotaSpec{
{
Hard: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceLimitsCPU: resource.MustParse("8"),
@@ -99,6 +100,7 @@ var _ = Describe("exceeding a Tenant resource quota", func() {
},
},
},
},
},
}

12
e2e/selecting_non_owned_tenant_test.go
View File

@@ -13,16 +13,16 @@ import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace trying to select a third Tenant", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-non-owned",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "undefined",
Kind: "User",
},
@@ -42,7 +42,7 @@ var _ = Describe("creating a Namespace trying to select a third Tenant", func()
var ns *corev1.Namespace
By("assigning to the Namespace the Capsule Tenant label", func() {
l, err := v1alpha1.GetTypeLabel(&v1alpha1.Tenant{})
l, err := capsulev1beta1.GetTypeLabel(&capsulev1beta1.Tenant{})
Expect(err).ToNot(HaveOccurred())
ns := NewNamespace("tenant-non-owned-ns")
@@ -51,7 +51,7 @@ var _ = Describe("creating a Namespace trying to select a third Tenant", func()
})
})
cs := ownerClient(&v1alpha1.Tenant{Spec: v1alpha1.TenantSpec{Owner: v1alpha1.OwnerSpec{Name: "dale", Kind: "User"}}})
cs := ownerClient(&capsulev1beta1.Tenant{Spec: capsulev1beta1.TenantSpec{Owner: capsulev1beta1.OwnerSpec{Name: "dale", Kind: "User"}}})
_, err := cs.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{})
Expect(err).To(HaveOccurred())
})

42
e2e/selecting_tenant_fail_test.go
View File

@@ -12,49 +12,49 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace without a Tenant selector when user owns multiple Tenants", func() {
t1 := &v1alpha1.Tenant{
t1 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-one",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "User",
},
},
}
t2 := &v1alpha1.Tenant{
t2 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-two",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "User",
},
},
}
t3 := &v1alpha1.Tenant{
t3 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-three",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "Group",
},
},
}
t4 := &v1alpha1.Tenant{
t4 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-four",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "Group",
},
@@ -64,16 +64,16 @@ var _ = Describe("creating a Namespace without a Tenant selector when user owns
It("should fail", func() {
ns := NewNamespace("fail-ns")
By("user owns 2 tenants", func() {
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t1)}).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t2)}).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t1) }).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t2) }).Should(Succeed())
NamespaceCreation(ns, t1, defaultTimeoutInterval).ShouldNot(Succeed())
NamespaceCreation(ns, t2, defaultTimeoutInterval).ShouldNot(Succeed())
Expect(k8sClient.Delete(context.TODO(), t1)).Should(Succeed())
Expect(k8sClient.Delete(context.TODO(), t2)).Should(Succeed())
})
By("group owns 2 tenants", func() {
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t3)}).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t4)}).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t3) }).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t4) }).Should(Succeed())
NamespaceCreation(ns, t3, defaultTimeoutInterval).ShouldNot(Succeed())
NamespaceCreation(ns, t4, defaultTimeoutInterval).ShouldNot(Succeed())
Expect(k8sClient.Delete(context.TODO(), t3)).Should(Succeed())
@@ -81,10 +81,10 @@ var _ = Describe("creating a Namespace without a Tenant selector when user owns
})
By("user and group owns 4 tenants", func() {
t1.ResourceVersion, t2.ResourceVersion, t3.ResourceVersion, t4.ResourceVersion = "", "", "", ""
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t1)}).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t2)}).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t3)}).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t4)}).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t1) }).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t2) }).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t3) }).Should(Succeed())
EventuallyCreation(func() error { return k8sClient.Create(context.TODO(), t4) }).Should(Succeed())
NamespaceCreation(ns, t1, defaultTimeoutInterval).ShouldNot(Succeed())
NamespaceCreation(ns, t2, defaultTimeoutInterval).ShouldNot(Succeed())
NamespaceCreation(ns, t3, defaultTimeoutInterval).ShouldNot(Succeed())

16
e2e/selecting_tenant_with_label_test.go
View File

@@ -12,27 +12,27 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace with Tenant selector when user owns multiple tenants", func() {
t1 := &v1alpha1.Tenant{
t1 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-one",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "User",
},
},
}
t2 := &v1alpha1.Tenant{
t2 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-two",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "User",
},
@@ -55,7 +55,7 @@ var _ = Describe("creating a Namespace with Tenant selector when user owns multi
It("should be assigned to the selected Tenant", func() {
ns := NewNamespace("tenant-2-ns")
By("assigning to the Namespace the Capsule Tenant label", func() {
l, err := v1alpha1.GetTypeLabel(&v1alpha1.Tenant{})
l, err := capsulev1beta1.GetTypeLabel(&capsulev1beta1.Tenant{})
Expect(err).ToNot(HaveOccurred())
ns.Labels = map[string]string{
l: t2.Name,

12
e2e/service_metadata_test.go
View File

@@ -18,20 +18,20 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/utils/pointer"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("adding metadata to Service objects", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "service-metadata",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "gatsby",
Kind: "User",
},
ServicesMetadata: v1alpha1.AdditionalMetadata{
ServicesMetadata: &capsulev1beta1.AdditionalMetadataSpec{
AdditionalLabels: map[string]string{
"k8s.io/custom-label": "foo",
"clastix.io/custom-label": "bar",
@@ -41,7 +41,7 @@ var _ = Describe("adding metadata to Service objects", func() {
"clastix.io/custom-annotation": "buzz",
},
},
AdditionalRoleBindings: []v1alpha1.AdditionalRoleBindings{
AdditionalRoleBindings: []capsulev1beta1.AdditionalRoleBindingsSpec{
{
ClusterRoleName: "system:controller:endpointslice-controller",
Subjects: []rbacv1.Subject{

10
e2e/storage_class_test.go
View File

@@ -15,20 +15,20 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/pointer"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("when Tenant handles Storage classes", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "storage-class",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "storage",
Kind: "User",
},
StorageClasses: &v1alpha1.AllowedListSpec{
StorageClasses: &capsulev1beta1.AllowedListSpec{
Exact: []string{
"cephfs",
"glusterfs",

18
e2e/suite_test.go
View File

@@ -21,7 +21,8 @@ import (
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
capsulev1alpha "github.com/clastix/capsule/api/v1alpha1"
capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
// These tests use Ginkgo (BDD-style Go testing framework). Refer to
@@ -34,12 +35,6 @@ var (
tenantRoleBindingNames = []string{"namespace:admin", "namespace-deleter"}
)
const (
capsuleDeploymentName = "capsule-controller-manager"
capsuleNamespace = "capsule-system"
capsuleManagerContainerName = "manager"
)
func TestAPIs(t *testing.T) {
RegisterFailHandler(Fail)
@@ -64,7 +59,10 @@ var _ = BeforeSuite(func(done Done) {
Expect(err).ToNot(HaveOccurred())
Expect(cfg).ToNot(BeNil())
err = capsulev1alpha.AddToScheme(scheme.Scheme)
err = capsulev1beta1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
err = capsulev1alpha1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
@@ -79,10 +77,10 @@ var _ = AfterSuite(func() {
Expect(testEnv.Stop()).ToNot(HaveOccurred())
})
func ownerClient(tenant *capsulev1alpha.Tenant) (cs kubernetes.Interface) {
func ownerClient(tenant *capsulev1beta1.Tenant) (cs kubernetes.Interface) {
c, err := config.GetConfig()
Expect(err).ToNot(HaveOccurred())
c.Impersonate.Groups = []string{capsulev1alpha.GroupVersion.Group, tenant.Spec.Owner.Name}
c.Impersonate.Groups = []string{capsulev1beta1.GroupVersion.Group, tenant.Spec.Owner.Name}
c.Impersonate.UserName = tenant.Spec.Owner.Name
cs, err = kubernetes.NewForConfig(c)
Expect(err).ToNot(HaveOccurred())

9
e2e/tenant_cordoning_test.go
View File

@@ -9,21 +9,22 @@ import (
"context"
"time"
"github.com/clastix/capsule/api/v1alpha1"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("cordoning a Tenant", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-cordoning",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "jim",
Kind: "User",
},

32
e2e/tenant_ingress_hostnames_collision_allowed_test.go
View File

@@ -13,20 +13,22 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("when a second Tenant contains an already declared allowed Ingress hostname", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "allowed-collision-ingress-hostnames",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "first-user",
Kind: "User",
},
IngressHostnames: &v1alpha1.AllowedListSpec{
IngressHostnames: &capsulev1beta1.AllowedListSpec{
Exact: []string{"capsule.clastix.io", "docs.capsule.k8s", "42.clatix.io"},
},
},
@@ -42,23 +44,23 @@ var _ = Describe("when a second Tenant contains an already declared allowed Ingr
JustAfterEach(func() {
Expect(k8sClient.Delete(context.TODO(), tnt)).Should(Succeed())
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.AllowTenantIngressHostnamesCollision = false
})
})
It("should block creation if contains collided Ingress hostnames", func() {
for i, h := range tnt.Spec.IngressHostnames.Exact {
tnt2 := &v1alpha1.Tenant{
tnt2 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("%s-%d", tnt.GetName(), i),
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "second-user",
Kind: "User",
},
IngressHostnames: &v1alpha1.AllowedListSpec{
IngressHostnames: &capsulev1beta1.AllowedListSpec{
Exact: []string{h},
},
},
@@ -70,21 +72,21 @@ var _ = Describe("when a second Tenant contains an already declared allowed Ingr
})
It("should not block creation if contains collided Ingress hostnames", func() {
ModifyCapsuleConfigurationOpts(func(configuration *v1alpha1.CapsuleConfiguration) {
ModifyCapsuleConfigurationOpts(func(configuration *capsulev1alpha1.CapsuleConfiguration) {
configuration.Spec.AllowTenantIngressHostnamesCollision = true
})
for i, h := range tnt.Spec.IngressHostnames.Exact {
tnt2 := &v1alpha1.Tenant{
tnt2 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("%s-%d", tnt.GetName(), i),
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "second-user",
Kind: "User",
},
IngressHostnames: &v1alpha1.AllowedListSpec{
IngressHostnames: &capsulev1beta1.AllowedListSpec{
Exact: []string{h},
},
},

18
e2e/tenant_ingress_hostnames_collision_blocked_test.go
View File

@@ -13,20 +13,20 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("when a second Tenant contains an already declared allowed Ingress hostname", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "no-collision-ingress-hostnames",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "first-user",
Kind: "User",
},
IngressHostnames: &v1alpha1.AllowedListSpec{
IngressHostnames: &capsulev1beta1.AllowedListSpec{
Exact: []string{"capsule.clastix.io", "docs.capsule.k8s", "42.clatix.io"},
},
},
@@ -44,16 +44,16 @@ var _ = Describe("when a second Tenant contains an already declared allowed Ingr
It("should block creation if contains collided Ingress hostnames", func() {
for i, h := range tnt.Spec.IngressHostnames.Exact {
tnt2 := &v1alpha1.Tenant{
tnt2 := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("%s-%d", tnt.GetName(), i),
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "second-user",
Kind: "User",
},
IngressHostnames: &v1alpha1.AllowedListSpec{
IngressHostnames: &capsulev1beta1.AllowedListSpec{
Exact: []string{h},
},
},

8
e2e/tenant_name_webhook_test.go
View File

@@ -12,16 +12,16 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Tenant with wrong name", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "non_rfc_dns_1123",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "User",
},

8
e2e/tenant_owner_group_test.go
View File

@@ -12,16 +12,16 @@ import (
. "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating a Namespace with group Tenant owner", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-group-owner",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "alice",
Kind: "Group",
},

23
e2e/tenant_resources_changes_test.go
View File

@@ -18,20 +18,20 @@ import (
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/client"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("changing Tenant managed Kubernetes resources", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-resources-changes",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "laura",
Kind: "User",
},
LimitRanges: []corev1.LimitRangeSpec{
LimitRanges: &capsulev1beta1.LimitRangesSpec{Items: []corev1.LimitRangeSpec{
{
Limits: []corev1.LimitRangeItem{
{
@@ -76,7 +76,8 @@ var _ = Describe("changing Tenant managed Kubernetes resources", func() {
},
},
},
NetworkPolicies: []networkingv1.NetworkPolicySpec{
},
NetworkPolicies: &capsulev1beta1.NetworkPolicySpec{Items: []networkingv1.NetworkPolicySpec{
{
Ingress: []networkingv1.NetworkPolicyIngressRule{
{
@@ -120,10 +121,11 @@ var _ = Describe("changing Tenant managed Kubernetes resources", func() {
},
},
},
},
NodeSelector: map[string]string{
"kubernetes.io/os": "linux",
},
ResourceQuota: []corev1.ResourceQuotaSpec{
ResourceQuota: &capsulev1beta1.ResourceQuotaSpec{Items: []corev1.ResourceQuotaSpec{
{
Hard: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceLimitsCPU: resource.MustParse("8"),
@@ -146,6 +148,7 @@ var _ = Describe("changing Tenant managed Kubernetes resources", func() {
},
},
},
},
},
}
nsl := []string{"fire", "walk", "with", "me"}
@@ -168,7 +171,7 @@ var _ = Describe("changing Tenant managed Kubernetes resources", func() {
It("should reapply the original resources upon third party change", func() {
for _, ns := range nsl {
By("changing Limit Range", func() {
for i, s := range tnt.Spec.LimitRanges {
for i, s := range tnt.Spec.LimitRanges.Items {
n := fmt.Sprintf("capsule-%s-%d", tnt.GetName(), i)
lr := &corev1.LimitRange{}
Eventually(func() error {
@@ -186,7 +189,7 @@ var _ = Describe("changing Tenant managed Kubernetes resources", func() {
}
})
By("changing Network Policy", func() {
for i, s := range tnt.Spec.NetworkPolicies {
for i, s := range tnt.Spec.NetworkPolicies.Items {
n := fmt.Sprintf("capsule-%s-%d", tnt.GetName(), i)
np := &networkingv1.NetworkPolicy{}
Eventually(func() error {
@@ -206,7 +209,7 @@ var _ = Describe("changing Tenant managed Kubernetes resources", func() {
}
})
By("changing Resource Quota", func() {
for i, s := range tnt.Spec.ResourceQuota {
for i, s := range tnt.Spec.ResourceQuota.Items {
n := fmt.Sprintf("capsule-%s-%d", tnt.GetName(), i)
rq := &corev1.ResourceQuota{}
Eventually(func() error {

23
e2e/tenant_resources_test.go
View File

@@ -18,20 +18,20 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
var _ = Describe("creating namespaces within a Tenant with resources", func() {
tnt := &v1alpha1.Tenant{
tnt := &capsulev1beta1.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: "tenant-resources",
},
Spec: v1alpha1.TenantSpec{
Owner: v1alpha1.OwnerSpec{
Spec: capsulev1beta1.TenantSpec{
Owner: capsulev1beta1.OwnerSpec{
Name: "john",
Kind: "User",
},
LimitRanges: []corev1.LimitRangeSpec{
LimitRanges: &capsulev1beta1.LimitRangesSpec{Items: []corev1.LimitRangeSpec{
{
Limits: []corev1.LimitRangeItem{
{
@@ -76,7 +76,8 @@ var _ = Describe("creating namespaces within a Tenant with resources", func() {
},
},
},
NetworkPolicies: []networkingv1.NetworkPolicySpec{
},
NetworkPolicies: &capsulev1beta1.NetworkPolicySpec{Items: []networkingv1.NetworkPolicySpec{
{
Ingress: []networkingv1.NetworkPolicyIngressRule{
{
@@ -120,10 +121,11 @@ var _ = Describe("creating namespaces within a Tenant with resources", func() {
},
},
},
},
NodeSelector: map[string]string{
"kubernetes.io/os": "linux",
},
ResourceQuota: []corev1.ResourceQuotaSpec{
ResourceQuota: &capsulev1beta1.ResourceQuotaSpec{Items: []corev1.ResourceQuotaSpec{
{
Hard: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceLimitsCPU: resource.MustParse("8"),
@@ -146,6 +148,7 @@ var _ = Describe("creating namespaces within a Tenant with resources", func() {
},
},
},
},
},
}
nsl := []string{"bim", "bum", "bam"}
@@ -167,7 +170,7 @@ var _ = Describe("creating namespaces within a Tenant with resources", func() {
It("should contains all replicated resources", func() {
for _, name := range nsl {
By("checking Limit Range", func() {
for i, s := range tnt.Spec.LimitRanges {
for i, s := range tnt.Spec.LimitRanges.Items {
n := fmt.Sprintf("capsule-%s-%d", tnt.GetName(), i)
lr := &corev1.LimitRange{}
Eventually(func() error {
@@ -177,7 +180,7 @@ var _ = Describe("creating namespaces within a Tenant with resources", func() {
}
})
By("checking Network Policy", func() {
for i, s := range tnt.Spec.NetworkPolicies {
for i, s := range tnt.Spec.NetworkPolicies.Items {
n := fmt.Sprintf("capsule-%s-%d", tnt.GetName(), i)
np := &networkingv1.NetworkPolicy{}
Eventually(func() error {
@@ -198,7 +201,7 @@ var _ = Describe("creating namespaces within a Tenant with resources", func() {
}, defaultTimeoutInterval, defaultPollInterval).Should(Equal(strings.Join(selector, ",")))
})
By("checking the Resource Quota", func() {
for i, s := range tnt.Spec.ResourceQuota {
for i, s := range tnt.Spec.ResourceQuota.Items {
n := fmt.Sprintf("capsule-%s-%d", tnt.GetName(), i)
rq := &corev1.ResourceQuota{}
Eventually(func() error {

16
e2e/utils_test.go
View File

@@ -10,7 +10,6 @@ import (
"strconv"
"time"
"github.com/clastix/capsule/api/v1alpha1"
. "github.com/onsi/gomega"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
@@ -18,11 +17,14 @@ import (
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/version"
"k8s.io/client-go/kubernetes"
capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1"
capsulev1beta1 "github.com/clastix/capsule/api/v1beta1"
)
const (
defaultTimeoutInterval = 20 * time.Second
defaultPollInterval = time.Second
defaultTimeoutInterval = 20 * time.Second
defaultPollInterval = time.Second
)
func NewNamespace(name string) *corev1.Namespace {
@@ -33,7 +35,7 @@ func NewNamespace(name string) *corev1.Namespace {
}
}
func NamespaceCreation(ns *corev1.Namespace, t *v1alpha1.Tenant, timeout time.Duration) AsyncAssertion {
func NamespaceCreation(ns *corev1.Namespace, t *capsulev1beta1.Tenant, timeout time.Duration) AsyncAssertion {
cs := ownerClient(t)
return Eventually(func() (err error) {
_, err = cs.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{})
@@ -41,7 +43,7 @@ func NamespaceCreation(ns *corev1.Namespace, t *v1alpha1.Tenant, timeout time.Du
}, timeout, defaultPollInterval)
}
func TenantNamespaceList(t *v1alpha1.Tenant, timeout time.Duration) AsyncAssertion {
func TenantNamespaceList(t *capsulev1beta1.Tenant, timeout time.Duration) AsyncAssertion {
return Eventually(func() []string {
Expect(k8sClient.Get(context.TODO(), types.NamespacedName{Name: t.GetName()}, t)).Should(Succeed())
return t.Status.Namespaces
@@ -52,8 +54,8 @@ func EventuallyCreation(f interface{}) AsyncAssertion {
return Eventually(f, defaultTimeoutInterval, defaultPollInterval)
}
func ModifyCapsuleConfigurationOpts(fn func(configuration *v1alpha1.CapsuleConfiguration)) {
config := &v1alpha1.CapsuleConfiguration{}
func ModifyCapsuleConfigurationOpts(fn func(configuration *capsulev1alpha1.CapsuleConfiguration)) {
config := &capsulev1alpha1.CapsuleConfiguration{}
Expect(k8sClient.Get(context.Background(), types.NamespacedName{Name: "default"}, config)).ToNot(HaveOccurred())
fn(config)