Merge pull request #726 from deads2k/apply-12-test-data

API-1835: first integration-tests

Author: openshift-merge-bot[bot]

.gitignore

@@ -19,3 +19,4 @@ tags
 .envrc
 authentication-operator
 telepresence.log
+/test-output/

go.mod

@@ -9,8 +9,8 @@ require (
 	github.com/openshift/api v0.0.0-20241001152557-e415140e5d5f
 	github.com/openshift/build-machinery-go v0.0.0-20241025131534-5f3bc3c56265
 	github.com/openshift/client-go v0.0.0-20241001162912-da6d55e4611f
-	github.com/openshift/library-go v0.0.0-20241025192116-97dc382cad13
-	github.com/openshift/multi-operator-manager v0.0.0-20241028172628-4e6de0af517a
+	github.com/openshift/library-go v0.0.0-20241028193827-a808e2fb8060
+	github.com/openshift/multi-operator-manager v0.0.0-20241029144625-19a490bc33c3
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
 	go.etcd.io/etcd/client/v3 v3.5.14

go.sum

@@ -148,10 +148,10 @@ github.com/openshift/build-machinery-go v0.0.0-20241025131534-5f3bc3c56265 h1:FT
 github.com/openshift/build-machinery-go v0.0.0-20241025131534-5f3bc3c56265/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
 github.com/openshift/client-go v0.0.0-20241001162912-da6d55e4611f h1:FRc0bVNWprihWS0GqQWzb3dY4dkCwpOP3mDw5NwSoR4=
 github.com/openshift/client-go v0.0.0-20241001162912-da6d55e4611f/go.mod h1:KiZi2mJRH1TOJ3FtBDYS6YvUL30s/iIXaGSUrSa36mo=
-github.com/openshift/library-go v0.0.0-20241025192116-97dc382cad13 h1:59NslqHDdxffgFww2qnzc6HZ1OHvfVzkUpEICiZAvok=
-github.com/openshift/library-go v0.0.0-20241025192116-97dc382cad13/go.mod h1:9B1MYPoLtP9tqjWxcbUNVpwxy68zOH/3EIP6c31dAM0=
-github.com/openshift/multi-operator-manager v0.0.0-20241028172628-4e6de0af517a h1:ru37iQH7O+lqv4H8a2QTOYp+ZCajf6MS02a3HouEFrc=
-github.com/openshift/multi-operator-manager v0.0.0-20241028172628-4e6de0af517a/go.mod h1:/gSz0z+w5wjpnbsCvE/uo+Tu4xKG7iZKKWMh3skmfRw=
+github.com/openshift/library-go v0.0.0-20241028193827-a808e2fb8060 h1:Dvja54+vTv/ZZVoY/sCnh8bacSRdJPdkPeLuVOt8hmE=
+github.com/openshift/library-go v0.0.0-20241028193827-a808e2fb8060/go.mod h1:9B1MYPoLtP9tqjWxcbUNVpwxy68zOH/3EIP6c31dAM0=
+github.com/openshift/multi-operator-manager v0.0.0-20241029144625-19a490bc33c3 h1:GeSci9SzTgK47WEArLskz4GlL+VsxGFEnt6avuxw3GA=
+github.com/openshift/multi-operator-manager v0.0.0-20241029144625-19a490bc33c3/go.mod h1:/gSz0z+w5wjpnbsCvE/uo+Tu4xKG7iZKKWMh3skmfRw=
 github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

pkg/cmd/mom/apply_configuration_command.go

@@ -15,8 +15,6 @@ func NewApplyConfigurationCommand(streams genericiooptions.IOStreams) *cobra.Com
 }
 
 func RunApplyConfiguration(ctx context.Context, input libraryapplyconfiguration.ApplyConfigurationInput) (libraryapplyconfiguration.AllDesiredMutationsGetter, error) {
-	// TODO initialize dynamic clients, informers, operator clients, and kubeclients from the input to demonstrate.
-
 	authenticationOperatorInput, err := operator.CreateOperatorInputFromMOM(ctx, input)
 	if err != nil {
 		return nil, fmt.Errorf("unable to configure operator input: %w", err)

pkg/cmd/mom/output_resources_command.go

@@ -16,53 +16,58 @@ func RunOutputResources(ctx context.Context) (*libraryoutputresources.OutputReso
 	return &libraryoutputresources.OutputResources{
 		ConfigurationResources: libraryoutputresources.ResourceList{
 			ExactResources: []libraryoutputresources.ExactResourceID{
-				exactResource("config.openshift.io", "ingresses", "", "cluster"),
+				libraryoutputresources.ExactResource("config.openshift.io", "ingresses", "", "cluster"),
 			},
 		},
 		ManagementResources: libraryoutputresources.ResourceList{
 			ExactResources: []libraryoutputresources.ExactResourceID{
-				exactResource("config.openshift.io", "clusteroperators", "", "authentication"),
-				exactResource("openshift.openshift.io", "authentications", "", "cluster"),
+				libraryoutputresources.ExactClusterOperator("authentication"),
+				libraryoutputresources.ExactConfigMap("openshift-authentication", "audit"),
+				libraryoutputresources.ExactConfigMap("openshift-authentication", "v4-0-config-system-trusted-ca-bundle"),
+				libraryoutputresources.ExactDeployment("openshift-authentication", "oauth-openshift"),
+				libraryoutputresources.ExactLowLevelOperator("authentications"),
+				exactNamespace("openshift-authentication"),
+				exactRole("openshift-config-managed", "system:openshift:oauth-servercert-trust"),
+				exactRoleBinding("openshift-config-managed", "system:openshift:oauth-servercert-trust"),
+				libraryoutputresources.ExactSecret("openshift-authentication", "v4-0-config-system-session"),
+				libraryoutputresources.ExactSecret("openshift-authentication", "v4-0-config-system-ocp-branding-template"),
+				exactService("openshift-authentication", "oauth-openshift"),
+				libraryoutputresources.ExactServiceAccount("openshift-authentication", "oauth-openshift"),
+			},
+			EventingNamespaces: []string{
+				"openshift-authentication-operator",
 			},
 		},
 		UserWorkloadResources: libraryoutputresources.ResourceList{
 			ExactResources: []libraryoutputresources.ExactResourceID{
-				exactResource("", "secrets", "openshift-authentication", "v4-0-config-system-session"),
-				exactResource("", "secrets", "openshift-authentication", "v4-0-config-system-ocp-branding-template"),
-				exactResource("", "serviceaccounts", "openshift-authentication", "oauth-openshift"),
-				exactResource("apps", "deployments", "openshift-authentication", "oauth-openshift"),
-				exactResource("oauth.openshift.io", "oauthclients", "", "openshift-browser-client"),
-				exactResource("oauth.openshift.io", "oauthclients", "", "openshift-challenging-client"),
-				exactResource("oauth.openshift.io", "oauthclients", "", "openshift-cli-client"),
-				exactResource("rbac.authorization.k8s.io", "clusterrolebindings", "", "system:openshift:openshift-authentication"),
-				exactResource("rbac.authorization.k8s.io", "rolebindings", "openshift-config-managed", "system:openshift:oauth-servercert-trust"),
-				exactResource("rbac.authorization.k8s.io", "roles", "openshift-config-managed", "system:openshift:oauth-servercert-trust"),
+				libraryoutputresources.ExactClusterRoleBinding("system:openshift:openshift-authentication"),
+				exactOAuthClient("openshift-browser-client"),
+				exactOAuthClient("openshift-challenging-client"),
+				exactOAuthClient("openshift-cli-client"),
 			},
 			GeneratedNameResources: []libraryoutputresources.GeneratedResourceID{
-				generatedResource("certificates.k8s.io", "certificatesigningrequests", "", "system:openshift:openshift-authenticator-"),
+				libraryoutputresources.GeneratedCSR("system:openshift:openshift-authenticator-"),
 			},
 		},
 	}, nil
 }
 
-func exactResource(group, resource, namespace, name string) libraryoutputresources.ExactResourceID {
-	return libraryoutputresources.ExactResourceID{
-		OutputResourceTypeIdentifier: libraryoutputresources.OutputResourceTypeIdentifier{
-			Group:    group,
-			Resource: resource,
-		},
-		Namespace: namespace,
-		Name:      name,
-	}
+func exactOAuthClient(name string) libraryoutputresources.ExactResourceID {
+	return libraryoutputresources.ExactResource("oauth.openshift.io", "oauthclients", "", name)
 }
 
-func generatedResource(group, resource, namespace, name string) libraryoutputresources.GeneratedResourceID {
-	return libraryoutputresources.GeneratedResourceID{
-		OutputResourceTypeIdentifier: libraryoutputresources.OutputResourceTypeIdentifier{
-			Group:    group,
-			Resource: resource,
-		},
-		Namespace:     namespace,
-		GeneratedName: name,
-	}
+func exactNamespace(name string) libraryoutputresources.ExactResourceID {
+	return libraryoutputresources.ExactResource("", "namespaces", "", name)
+}
+
+func exactService(namespace, name string) libraryoutputresources.ExactResourceID {
+	return libraryoutputresources.ExactResource("", "services", namespace, name)
+}
+
+func exactRole(namespace, name string) libraryoutputresources.ExactResourceID {
+	return libraryoutputresources.ExactResource("rbac.authorization.k8s.io", "roles", namespace, name)
+}
+
+func exactRoleBinding(namespace, name string) libraryoutputresources.ExactResourceID {
+	return libraryoutputresources.ExactResource("rbac.authorization.k8s.io", "rolebindings", namespace, name)
 }

pkg/operator/replacement_starter.go

@@ -59,31 +59,36 @@ type authenticationOperatorInput struct {
 const componentName = "cluster-authentication-operator"
 
 func CreateOperatorInputFromMOM(ctx context.Context, momInput libraryapplyconfiguration.ApplyConfigurationInput) (*authenticationOperatorInput, error) {
-	kubeClient, err := kubernetes.NewForConfigAndClient(&rest.Config{}, momInput.MutationTrackingClient.GetHTTPClient())
+	// TODO replace with the library-go function in https://github.com/openshift/library-go/pull/1857 once it merges
+	recommendedRESTConfig := &rest.Config{
+		QPS:   1000,
+		Burst: 10000,
+	}
+	kubeClient, err := kubernetes.NewForConfigAndClient(recommendedRESTConfig, momInput.MutationTrackingClient.GetHTTPClient())
 	if err != nil {
 		return nil, err
 	}
-	configClient, err := configclient.NewForConfigAndClient(&rest.Config{}, momInput.MutationTrackingClient.GetHTTPClient())
+	configClient, err := configclient.NewForConfigAndClient(recommendedRESTConfig, momInput.MutationTrackingClient.GetHTTPClient())
 	if err != nil {
 		return nil, err
 	}
-	operatorClient, err := operatorclient.NewForConfigAndClient(&rest.Config{}, momInput.MutationTrackingClient.GetHTTPClient())
+	operatorClient, err := operatorclient.NewForConfigAndClient(recommendedRESTConfig, momInput.MutationTrackingClient.GetHTTPClient())
 	if err != nil {
 		return nil, err
 	}
-	routeClient, err := routeclient.NewForConfigAndClient(&rest.Config{}, momInput.MutationTrackingClient.GetHTTPClient())
+	routeClient, err := routeclient.NewForConfigAndClient(recommendedRESTConfig, momInput.MutationTrackingClient.GetHTTPClient())
 	if err != nil {
 		return nil, err
 	}
-	oauthClient, err := oauthclient.NewForConfigAndClient(&rest.Config{}, momInput.MutationTrackingClient.GetHTTPClient())
+	oauthClient, err := oauthclient.NewForConfigAndClient(recommendedRESTConfig, momInput.MutationTrackingClient.GetHTTPClient())
 	if err != nil {
 		return nil, err
 	}
-	apiregistrationv1Client, err := apiregistrationclient.NewForConfigAndClient(&rest.Config{}, momInput.MutationTrackingClient.GetHTTPClient())
+	apiregistrationv1Client, err := apiregistrationclient.NewForConfigAndClient(recommendedRESTConfig, momInput.MutationTrackingClient.GetHTTPClient())
 	if err != nil {
 		return nil, err
 	}
-	migrationClient, err := kubemigratorclient.NewForConfigAndClient(&rest.Config{}, momInput.MutationTrackingClient.GetHTTPClient())
+	migrationClient, err := kubemigratorclient.NewForConfigAndClient(recommendedRESTConfig, momInput.MutationTrackingClient.GetHTTPClient())
 	if err != nil {
 		return nil, err
 	}
@@ -100,16 +105,25 @@ func CreateOperatorInputFromMOM(ctx context.Context, momInput libraryapplyconfig
 		return nil, err
 	}
 
-	eventRecorder := events.NewKubeRecorderWithOptions(
-		kubeClient.CoreV1().Events("openshift-authentication-operator"),
-		events.RecommendedClusterSingletonCorrelatorOptions(),
+	//eventRecorder := events.NewKubeRecorderWithOptions(
+	//	kubeClient.CoreV1().Events("openshift-authentication-operator"),
+	//	events.RecommendedClusterSingletonCorrelatorOptions(),
+	//	componentName,
+	//	&corev1.ObjectReference{
+	//		Kind:      "Deployment",
+	//		Namespace: "openshift-authentication-operator",
+	//		Name:      "authentication-operator",
+	//	},
+	//)
+	// TODO figure out if we're better off using the event correlator (possible) and making a flush of some kind or if live write are better
+	// but for now don't lose it.
+	eventRecorder := events.NewRecorder(kubeClient.CoreV1().Events("openshift-authentication-operator"),
 		componentName,
 		&corev1.ObjectReference{
 			Kind:      "Deployment",
 			Namespace: "openshift-authentication-operator",
 			Name:      "authentication-operator",
-		},
-	)
+		})
 
 	return &authenticationOperatorInput{
 		kubeClient:                   kubeClient,
@@ -299,7 +313,7 @@ func CreateOperatorStarter(ctx context.Context, authOperatorInput *authenticatio
 
 	oauthAPIServerRunOnceFns, oauthAPIServerRunFns, err := prepareOauthAPIServerOperator(ctx, authOperatorInput, informerFactories, resourceSyncer, versionRecorder)
 	if err != nil {
-		return nil, fmt.Errorf("unable to prepare oauth server: %w", err)
+		return nil, fmt.Errorf("unable to prepare oauth apiserver: %w", err)
 	}
 	ret.ControllerRunFns = append(ret.ControllerRunFns, oauthAPIServerRunFns...)
 	ret.ControllerNamedRunOnceFns = append(ret.ControllerNamedRunOnceFns, oauthAPIServerRunOnceFns...)

test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/001-body-cluster.yaml

@@ -0,0 +1,15 @@
+apiVersion: operator.openshift.io/v1
+kind: Authentication
+metadata:
+  annotations:
+    operator.openshift.io/controller-name: TODO-resourceSyncer
+  name: cluster
+status:
+  conditions:
+  - lastTransitionTime: "2024-10-14T22:38:20Z"
+    message: an error on the server ("request namespace \"openshift-oauth-apiserver\"
+      does not equal body namespace \"\"") has prevented the request from succeeding
+      (delete secrets etcd-client)
+    reason: Error
+    status: "True"
+    type: ResourceSyncControllerDegraded

test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/001-options-cluster.yaml

@@ -0,0 +1,2 @@
+fieldManager: oauth-server-ResourceSync
+force: true

test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/002-body-cluster.yaml

@@ -0,0 +1,12 @@
+apiVersion: operator.openshift.io/v1
+kind: Authentication
+metadata:
+  annotations:
+    operator.openshift.io/controller-name: TODO-configOverridesController
+  name: cluster
+status:
+  conditions:
+  - lastTransitionTime: "2024-10-14T22:38:20Z"
+    reason: NoUnsupportedConfigOverrides
+    status: "True"
+    type: UnsupportedConfigOverridesUpgradeable

test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/002-options-cluster.yaml

@@ -0,0 +1,2 @@
+fieldManager: openshift-authentication-UnsupportedConfigOverrides
+force: true