Merge pull request #422 from Fedosin/configmap_namespace

k8s-ci-robot · web-flow · commit 9ccc6d1e10ea · 2024-02-19T01:57:43.000-08:00
🐛 Restrict configmap lookup to the provider namespace
diff --git a/internal/controller/manifests_downloader.go b/internal/controller/manifests_downloader.go
@@ -127,6 +127,7 @@ func (p *phaseReconciler) checkConfigMapExists(ctx context.Context, labelSelecto
 	labelSet := labels.Set(labelSelector.MatchLabels)
 	listOpts := []client.ListOption{
 		client.MatchingLabelsSelector{Selector: labels.SelectorFromSet(labelSet)},
+		client.InNamespace(p.provider.GetNamespace()),
 	}
 
 	var configMapList corev1.ConfigMapList
diff --git a/internal/controller/phases.go b/internal/controller/phases.go
@@ -176,7 +176,7 @@ func (p *phaseReconciler) load(ctx context.Context) (reconcile.Result, error) {
 		return reconcile.Result{}, wrapPhaseError(err, "failed to load additional manifests", operatorv1.ProviderInstalledCondition)
 	}
 
-	p.repo, err = p.configmapRepository(ctx, labelSelector, additionalManifests)
+	p.repo, err = p.configmapRepository(ctx, labelSelector, p.provider.GetNamespace(), additionalManifests)
 	if err != nil {
 		return reconcile.Result{}, wrapPhaseError(err, "failed to load the repository", operatorv1.ProviderInstalledCondition)
 	}
@@ -269,7 +269,7 @@ func (p *phaseReconciler) secretReader(ctx context.Context, providers ...configc
 
 // configmapRepository use clusterctl NewMemoryRepository structure to store the manifests
 // and metadata from a given configmap.
-func (p *phaseReconciler) configmapRepository(ctx context.Context, labelSelector *metav1.LabelSelector, additionalManifests string) (repository.Repository, error) {
+func (p *phaseReconciler) configmapRepository(ctx context.Context, labelSelector *metav1.LabelSelector, namespace, additionalManifests string) (repository.Repository, error) {
 	mr := repository.NewMemoryRepository()
 	mr.WithPaths("", "components.yaml")
 
@@ -280,7 +280,7 @@ func (p *phaseReconciler) configmapRepository(ctx context.Context, labelSelector
 		return nil, err
 	}
 
-	if err = p.ctrlClient.List(ctx, cml, &client.ListOptions{LabelSelector: selector}); err != nil {
+	if err = p.ctrlClient.List(ctx, cml, &client.ListOptions{LabelSelector: selector, Namespace: namespace}); err != nil {
 		return nil, err
 	}
 
diff --git a/internal/controller/phases_test.go b/internal/controller/phases_test.go
@@ -388,7 +388,7 @@ metadata:
 				g.Expect(fakeclient.Create(ctx, &tt.configMaps[i])).To(Succeed())
 			}
 
-			got, err := p.configmapRepository(context.TODO(), p.provider.GetSpec().FetchConfig.Selector, tt.additionalManifests)
+			got, err := p.configmapRepository(context.TODO(), p.provider.GetSpec().FetchConfig.Selector, "ns1", tt.additionalManifests)
 			if len(tt.wantErr) > 0 {
 				g.Expect(err).Should(MatchError(tt.wantErr))
 				return
diff --git a/test/e2e/air_gapped_test.go b/test/e2e/air_gapped_test.go
@@ -54,6 +54,14 @@ var _ = Describe("Install Core Provider in an air-gapped environment", func() {
 			configMaps = append(configMaps, configMap)
 		}
 
+		By("Creating capi-system namespace")
+		namespace := &corev1.Namespace{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: capiSystemNamespace,
+			},
+		}
+		Expect(bootstrapCluster.Create(ctx, namespace)).To(Succeed())
+
 		By("Applying core provider manifests to the cluster")
 		for _, cm := range configMaps {
 			Expect(bootstrapCluster.Create(ctx, &cm)).To(Succeed())
@@ -65,7 +73,7 @@ var _ = Describe("Install Core Provider in an air-gapped environment", func() {
 		coreProvider := &operatorv1.CoreProvider{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      coreProviderName,
-				Namespace: operatorNamespace,
+				Namespace: capiSystemNamespace,
 			},
 			Spec: operatorv1.CoreProviderSpec{
 				ProviderSpec: operatorv1.ProviderSpec{
@@ -87,7 +95,7 @@ var _ = Describe("Install Core Provider in an air-gapped environment", func() {
 		By("Waiting for the core provider deployment to be ready")
 		framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{
 			Getter:     bootstrapClusterProxy.GetClient(),
-			Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: coreProviderDeploymentName, Namespace: operatorNamespace}},
+			Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: coreProviderDeploymentName, Namespace: capiSystemNamespace}},
 		}, e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...)
 
 		By("Waiting for core provider to be ready")
@@ -104,7 +112,7 @@ var _ = Describe("Install Core Provider in an air-gapped environment", func() {
 	It("should successfully upgrade a CoreProvider (v1.5.4 -> latest)", func() {
 		bootstrapCluster := bootstrapClusterProxy.GetClient()
 		coreProvider := &operatorv1.CoreProvider{}
-		key := client.ObjectKey{Namespace: operatorNamespace, Name: coreProviderName}
+		key := client.ObjectKey{Namespace: capiSystemNamespace, Name: coreProviderName}
 		Expect(bootstrapCluster.Get(ctx, key, coreProvider)).To(Succeed())
 
 		coreProvider.Spec.Version = ""
@@ -114,7 +122,7 @@ var _ = Describe("Install Core Provider in an air-gapped environment", func() {
 		By("Waiting for the core provider deployment to be ready")
 		framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{
 			Getter:     bootstrapClusterProxy.GetClient(),
-			Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: coreProviderDeploymentName, Namespace: operatorNamespace}},
+			Deployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: coreProviderDeploymentName, Namespace: capiSystemNamespace}},
 		}, e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...)
 
 		By("Waiting for core provider to be ready")
@@ -132,15 +140,15 @@ var _ = Describe("Install Core Provider in an air-gapped environment", func() {
 		bootstrapCluster := bootstrapClusterProxy.GetClient()
 		coreProvider := &operatorv1.CoreProvider{ObjectMeta: metav1.ObjectMeta{
 			Name:      coreProviderName,
-			Namespace: operatorNamespace,
+			Namespace: capiSystemNamespace,
 		}}
 
 		Expect(bootstrapCluster.Delete(ctx, coreProvider)).To(Succeed())
 
 		By("Waiting for the core provider deployment to be deleted")
 		WaitForDelete(ctx, For(&appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{
 			Name:      coreProviderDeploymentName,
-			Namespace: operatorNamespace,
+			Namespace: capiSystemNamespace,
 		}}).In(bootstrapCluster), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...)
 
 		By("Waiting for the core provider object to be deleted")
@@ -168,5 +176,13 @@ var _ = Describe("Install Core Provider in an air-gapped environment", func() {
 		for _, cm := range configMaps {
 			Expect(bootstrapCluster.Delete(ctx, &cm)).To(Succeed())
 		}
+
+		By("Deleting capi-system namespace")
+		namespace := &corev1.Namespace{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: capiSystemNamespace,
+			},
+		}
+		Expect(bootstrapCluster.Delete(ctx, namespace)).To(Succeed())
 	})
 })
diff --git a/test/e2e/helpers_test.go b/test/e2e/helpers_test.go
@@ -28,7 +28,8 @@ var (
 )
 
 const (
-	operatorNamespace = "capi-operator-system"
+	operatorNamespace   = "capi-operator-system"
+	capiSystemNamespace = "capi-system"
 
 	previousCAPIVersion = "v1.5.4"
 
diff --git a/test/e2e/resources/core-cluster-api-v1.5.4.yaml b/test/e2e/resources/core-cluster-api-v1.5.4.yaml
@@ -1,14 +1,6 @@
 apiVersion: v1
 data:
   components: |
-    apiVersion: v1
-    kind: Namespace
-    metadata:
-      labels:
-        cluster.x-k8s.io/provider: cluster-api
-        control-plane: controller-manager
-      name: capi-system
-    ---
     apiVersion: apiextensions.k8s.io/v1
     kind: CustomResourceDefinition
     metadata:
@@ -11797,4 +11789,4 @@ metadata:
     provider.cluster.x-k8s.io/type: core
     provider.cluster.x-k8s.io/version: v1.5.4
   name: core-cluster-api-v1.5.4
-  namespace: capi-operator-system
+  namespace: capi-system
diff --git a/test/e2e/resources/core-cluster-api-v1.6.0.yaml b/test/e2e/resources/core-cluster-api-v1.6.0.yaml
@@ -1,14 +1,6 @@
 apiVersion: v1
 data:
   components: |
-    apiVersion: v1
-    kind: Namespace
-    metadata:
-      labels:
-        cluster.x-k8s.io/provider: cluster-api
-        control-plane: controller-manager
-      name: capi-system
-    ---
     apiVersion: apiextensions.k8s.io/v1
     kind: CustomResourceDefinition
     metadata:
@@ -9860,4 +9852,4 @@ metadata:
     provider.cluster.x-k8s.io/type: core
     provider.cluster.x-k8s.io/version: v1.6.0
   name: core-cluster-api-v1.6.0
-  namespace: capi-operator-system
+  namespace: capi-system

Original file line number	Diff line number	Diff line change
`@@ -127,6 +127,7 @@ func (p *phaseReconciler) checkConfigMapExists(ctx context.Context, labelSelecto`
`127`	`127`	`labelSet := labels.Set(labelSelector.MatchLabels)`
`128`	`128`	`listOpts := []client.ListOption{`
`129`	`129`	`client.MatchingLabelsSelector{Selector: labels.SelectorFromSet(labelSet)},`
	`130`	`+ client.InNamespace(p.provider.GetNamespace()),`
`130`	`131`	`}`
`131`	`132`
`132`	`133`	`var configMapList corev1.ConfigMapList`
Original file line number	Diff line number	Diff line change
`@@ -176,7 +176,7 @@ func (p *phaseReconciler) load(ctx context.Context) (reconcile.Result, error) {`
`176`	`176`	`return reconcile.Result{}, wrapPhaseError(err, "failed to load additional manifests", operatorv1.ProviderInstalledCondition)`
`177`	`177`	`}`
`178`	`178`
`179`		`- p.repo, err = p.configmapRepository(ctx, labelSelector, additionalManifests)`
	`179`	`+ p.repo, err = p.configmapRepository(ctx, labelSelector, p.provider.GetNamespace(), additionalManifests)`
`180`	`180`	`if err != nil {`
`181`	`181`	`return reconcile.Result{}, wrapPhaseError(err, "failed to load the repository", operatorv1.ProviderInstalledCondition)`
`182`	`182`	`}`
`@@ -269,7 +269,7 @@ func (p *phaseReconciler) secretReader(ctx context.Context, providers ...configc`
`269`	`269`
`270`	`270`	`// configmapRepository use clusterctl NewMemoryRepository structure to store the manifests`
`271`	`271`	`// and metadata from a given configmap.`
`272`		`-func (p phaseReconciler) configmapRepository(ctx context.Context, labelSelector metav1.LabelSelector, additionalManifests string) (repository.Repository, error) {`
	`272`	`+func (p phaseReconciler) configmapRepository(ctx context.Context, labelSelector metav1.LabelSelector, namespace, additionalManifests string) (repository.Repository, error) {`
`273`	`273`	`mr := repository.NewMemoryRepository()`
`274`	`274`	`mr.WithPaths("", "components.yaml")`
`275`	`275`
`@@ -280,7 +280,7 @@ func (p *phaseReconciler) configmapRepository(ctx context.Context, labelSelector`
`280`	`280`	`return nil, err`
`281`	`281`	`}`
`282`	`282`
`283`		`- if err = p.ctrlClient.List(ctx, cml, &client.ListOptions{LabelSelector: selector}); err != nil {`
	`283`	`+ if err = p.ctrlClient.List(ctx, cml, &client.ListOptions{LabelSelector: selector, Namespace: namespace}); err != nil {`
`284`	`284`	`return nil, err`
`285`	`285`	`}`
`286`	`286`
Original file line number	Diff line number	Diff line change
`@@ -388,7 +388,7 @@ metadata:`
`388`	`388`	`g.Expect(fakeclient.Create(ctx, &tt.configMaps[i])).To(Succeed())`
`389`	`389`	`}`
`390`	`390`
`391`		`- got, err := p.configmapRepository(context.TODO(), p.provider.GetSpec().FetchConfig.Selector, tt.additionalManifests)`
	`391`	`+ got, err := p.configmapRepository(context.TODO(), p.provider.GetSpec().FetchConfig.Selector, "ns1", tt.additionalManifests)`
`392`	`392`	`if len(tt.wantErr) > 0 {`
`393`	`393`	`g.Expect(err).Should(MatchError(tt.wantErr))`
`394`	`394`	`return`
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,8 @@ var (`
`28`	`28`	`)`
`29`	`29`
`30`	`30`	`const (`
`31`		`- operatorNamespace = "capi-operator-system"`
	`31`	`+ operatorNamespace = "capi-operator-system"`
	`32`	`+ capiSystemNamespace = "capi-system"`
`32`	`33`
`33`	`34`	`previousCAPIVersion = "v1.5.4"`
`34`	`35`