[Backport release-1.4] Feat: enhance controller auth by removing useless features & add authentication for componentrevision+healthcheck (#4023)

* Feat: use application identity in gc & componentrevision & collectHealthStatus Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit 63fc4bcc69) * Chore: remove useless features and roles Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit f4ef77b2b3) * Fix: remove DELETE from mutating webhook Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit 75f3d5dc35) * Chore: enhance deploy error display Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit e69079bdae) * Fix: e2e test vela cli output match & controllerrevision recycle for serviceaccount impersonation Signed-off-by: Somefive <yd219913@alibaba-inc.com> (cherry picked from commit 05b85573a2) Co-authored-by: Somefive <yd219913@alibaba-inc.com>
2026-03-06 03:31:12 +00:00 · 2022-05-27 16:00:04 +08:00
parent 371affb389
commit e20ef02a6a
21 changed files with 54 additions and 96 deletions
--- a/test/e2e-multicluster-test/multicluster_test.go
+++ b/test/e2e-multicluster-test/multicluster_test.go
@@ -328,9 +328,11 @@ var _ = Describe("Test multicluster scenario", func() {
 			envs[0].Placement.ClusterSelector.Name = WorkerClusterName
 			bs, err = json.Marshal(&v1alpha1.EnvBindingSpec{Envs: []v1alpha1.EnvConfig{envs[0]}})
 			Expect(err).Should(Succeed())
-			Expect(k8sClient.Get(hubCtx, namespacedName, app)).Should(Succeed())
-			app.Spec.Policies[0].Properties.Raw = bs
-			Expect(k8sClient.Update(hubCtx, app)).Should(Succeed())
+			Eventually(func(g Gomega) {
+				g.Expect(k8sClient.Get(hubCtx, namespacedName, app)).Should(Succeed())
+				app.Spec.Policies[0].Properties.Raw = bs
+				g.Expect(k8sClient.Update(hubCtx, app)).Should(Succeed())
+			}, 15*time.Second).Should(Succeed())
 			Eventually(func(g Gomega) {
 				deploys := &appsv1.DeploymentList{}
 				g.Expect(k8sClient.List(hubCtx, deploys, client.InNamespace(testNamespace))).Should(Succeed())
--- a/test/e2e-test/application_test.go
+++ b/test/e2e-test/application_test.go
@@ -28,6 +28,7 @@ import (
 	v1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"

@@ -364,7 +365,7 @@ var _ = Describe("Application Normal tests", func() {
 				{
 					Verbs:     []string{rbacv1.VerbAll},
 					APIGroups: []string{"apps"},
-					Resources: []string{"deployments"},
+					Resources: []string{"deployments", "controllerrevisions"},
 				},
 			},
 		}
@@ -402,6 +403,11 @@ var _ = Describe("Application Normal tests", func() {
 		By("Checking an application status")
 		verifyWorkloadRunningExpected("myweb", 1, "stefanprodan/podinfo:4.0.3")
 		verifyComponentRevision("myweb", 1)
+
+		Expect(k8sClient.Delete(ctx, &newApp)).Should(Succeed())
+		Eventually(func(g Gomega) {
+			g.Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(&newApp), &newApp)).Should(Satisfy(errors.IsNotFound))
+		}, 15*time.Second).Should(Succeed())
 	})

 	It("Test app with ServiceAccount which has no permission for the component", func() {