diff --git a/controllers/admissionpolicy_controller_test.go b/controllers/admissionpolicy_controller_test.go index 65958f4d..29df033d 100644 --- a/controllers/admissionpolicy_controller_test.go +++ b/controllers/admissionpolicy_controller_test.go @@ -32,9 +32,12 @@ import ( ) var _ = Describe("AdmissionPolicy controller", func() { - policyNamespace := "admission-policy-controller-test" + var policyNamespace string + var policyServerName string BeforeEach(func() { + policyNamespace = "admission-policy-controller-test" + policyServerName = newName("policy-server") Expect( k8sClient.Create(ctx, &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ @@ -45,20 +48,17 @@ var _ = Describe("AdmissionPolicy controller", func() { }) When("creating a validating AdmissionPolicy", func() { - policyServerName := newName("policy-server") - policyName := newName("validating-policy") - - It("should set the AdmissionPolicy to active", func() { - By("creating the PolicyServer") - Expect( - k8sClient.Create(ctx, policyServerFactory(policyServerName)), - ).To(Succeed()) - - By("creating the AdmissionPolicy") - Expect( - k8sClient.Create(ctx, admissionPolicyFactory(policyName, policyNamespace, policyServerName, false)), - ).To(Succeed()) + var policyName string + var policy *policiesv1.AdmissionPolicy + + BeforeEach(func() { + policyName = newName("validating-policy") + createPolicyServerAndWaitForItsService(policyServerFactory(policyServerName)) + policy = admissionPolicyFactory(policyName, policyNamespace, policyServerName, false) + Expect(k8sClient.Create(ctx, policy)).To(Succeed()) + }) + It("should set the AdminissionPolicy to active sometime after its creation", func() { By("changing the policy status to pending") Eventually(func() (*policiesv1.AdmissionPolicy, error) { return getTestAdmissionPolicy(policyNamespace, policyName) @@ -76,7 +76,7 @@ var _ = Describe("AdmissionPolicy controller", func() { It("should create the ValidatingWebhookConfiguration", func() { Eventually(func() error { - validatingWebhookConfiguration, err := getTestValidatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) + validatingWebhookConfiguration, err := getTestValidatingWebhookConfiguration(policy.GetUniqueName()) if err != nil { return err } @@ -96,74 +96,77 @@ var _ = Describe("AdmissionPolicy controller", func() { }, timeout, pollInterval).Should(Succeed()) }) - When("the ValidatingWebhookConfiguration is changed", func() { - It("should be reconciled to the original state", func() { - By("changing the ValidatingWebhookConfiguration") - validatingWebhookConfiguration, err := getTestValidatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) - Expect(err).ToNot(HaveOccurred()) - originalValidatingWebhookConfiguration := validatingWebhookConfiguration.DeepCopy() - - delete(validatingWebhookConfiguration.Labels, "kubewarden") - validatingWebhookConfiguration.Labels[constants.WebhookConfigurationPolicyScopeLabelKey] = newName("scope") - delete(validatingWebhookConfiguration.Annotations, constants.WebhookConfigurationPolicyNameAnnotationKey) - validatingWebhookConfiguration.Annotations[constants.WebhookConfigurationPolicyNamespaceAnnotationKey] = newName("namespace") - validatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name = newName("service") - validatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte("invalid") - Expect( - k8sClient.Update(ctx, validatingWebhookConfiguration), - ).To(Succeed()) - - By("reconciling the ValidatingWebhookConfiguration to its original state") - Eventually(func() (*admissionregistrationv1.ValidatingWebhookConfiguration, error) { - return getTestValidatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) - }, timeout, pollInterval).Should( - And( - HaveField("Labels", Equal(originalValidatingWebhookConfiguration.Labels)), - HaveField("Annotations", Equal(originalValidatingWebhookConfiguration.Annotations)), - HaveField("Webhooks", Equal(originalValidatingWebhookConfiguration.Webhooks)), - ), - ) - - // simulate unitialized labels and annotation maps (behaviour of Kubewarden <= 1.9.0), or user change - By("setting the ValidatingWebhookConfiguration labels and annotation to nil") - validatingWebhookConfiguration, err = getTestValidatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) - Expect(err).ToNot(HaveOccurred()) + It("should be reconcile the ValidationWebhookConfiguration to the original state after some change", func() { + var originalValidatingWebhookConfiguration *admissionregistrationv1.ValidatingWebhookConfiguration + var validatingWebhookConfiguration *admissionregistrationv1.ValidatingWebhookConfiguration + Eventually(func() error { + var err error + validatingWebhookConfiguration, err = getTestValidatingWebhookConfiguration(policy.GetUniqueName()) + if err != nil { + return err + } originalValidatingWebhookConfiguration = validatingWebhookConfiguration.DeepCopy() - validatingWebhookConfiguration.Labels = nil - validatingWebhookConfiguration.Annotations = nil - Expect( - k8sClient.Update(ctx, validatingWebhookConfiguration), - ).To(Succeed()) - - By("reconciling the ValidatingWebhookConfiguration to its original state") - Eventually(func() (*admissionregistrationv1.ValidatingWebhookConfiguration, error) { - return getTestValidatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) - }, timeout, pollInterval).Should( - And( - HaveField("Labels", Equal(originalValidatingWebhookConfiguration.Labels)), - HaveField("Annotations", Equal(originalValidatingWebhookConfiguration.Annotations)), - HaveField("Webhooks", Equal(originalValidatingWebhookConfiguration.Webhooks)), - ), - ) - }) - }) - }) - - When("creating a mutating AdmissionPolicy", func() { - policyServerName := newName("policy-server") - policyName := newName("mutating-policy") + return nil + }, timeout, pollInterval).Should(Succeed()) - It("should set the AdmissionPolicy to active", func() { - By("creating the PolicyServer") + By("changing the ValidatingWebhookConfiguration") + delete(validatingWebhookConfiguration.Labels, "kubewarden") + validatingWebhookConfiguration.Labels[constants.WebhookConfigurationPolicyScopeLabelKey] = newName("scope") + delete(validatingWebhookConfiguration.Annotations, constants.WebhookConfigurationPolicyNameAnnotationKey) + validatingWebhookConfiguration.Annotations[constants.WebhookConfigurationPolicyNamespaceAnnotationKey] = newName("namespace") + validatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name = newName("service") + validatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte("invalid") Expect( - k8sClient.Create(ctx, policyServerFactory(policyServerName)), + k8sClient.Update(ctx, validatingWebhookConfiguration), ).To(Succeed()) - By("creating the AdmissionPolicy") + By("reconciling the ValidatingWebhookConfiguration to its original state") + Eventually(func() (*admissionregistrationv1.ValidatingWebhookConfiguration, error) { + return getTestValidatingWebhookConfiguration(policy.GetUniqueName()) + }, timeout, pollInterval).Should( + And( + HaveField("Labels", Equal(originalValidatingWebhookConfiguration.Labels)), + HaveField("Annotations", Equal(originalValidatingWebhookConfiguration.Annotations)), + HaveField("Webhooks", Equal(originalValidatingWebhookConfiguration.Webhooks)), + ), + ) + + // simulate unitialized labels and annotation maps (behaviour of Kubewarden <= 1.9.0), or user change + By("setting the ValidatingWebhookConfiguration labels and annotation to nil") + validatingWebhookConfiguration, err := getTestValidatingWebhookConfiguration(policy.GetUniqueName()) + Expect(err).ToNot(HaveOccurred()) + originalValidatingWebhookConfiguration = validatingWebhookConfiguration.DeepCopy() + validatingWebhookConfiguration.Labels = nil + validatingWebhookConfiguration.Annotations = nil Expect( - k8sClient.Create(ctx, admissionPolicyFactory(policyName, policyNamespace, policyServerName, true)), + k8sClient.Update(ctx, validatingWebhookConfiguration), ).To(Succeed()) + By("reconciling the ValidatingWebhookConfiguration to its original state") + Eventually(func() (*admissionregistrationv1.ValidatingWebhookConfiguration, error) { + return getTestValidatingWebhookConfiguration(policy.GetUniqueName()) + }, timeout, pollInterval).Should( + And( + HaveField("Labels", Equal(originalValidatingWebhookConfiguration.Labels)), + HaveField("Annotations", Equal(originalValidatingWebhookConfiguration.Annotations)), + HaveField("Webhooks", Equal(originalValidatingWebhookConfiguration.Webhooks)), + ), + ) + }) + }) + + When("creating a mutating AdmissionPolicy", func() { + var policyName string + var policy *policiesv1.AdmissionPolicy + + BeforeEach(func() { + policyName = newName("mutating-policy") + createPolicyServerAndWaitForItsService(policyServerFactory(policyServerName)) + policy = admissionPolicyFactory(policyName, policyNamespace, policyServerName, true) + Expect(k8sClient.Create(ctx, policy)).To(Succeed()) + }) + + It("should set the AdmissionPolicy to active", func() { By("changing the policy status to pending") Eventually(func() (*policiesv1.AdmissionPolicy, error) { return getTestAdmissionPolicy(policyNamespace, policyName) @@ -181,7 +184,7 @@ var _ = Describe("AdmissionPolicy controller", func() { It("should create the MutatingWebhookConfiguration", func() { Eventually(func() error { - mutatingWebhookConfiguration, err := getTestMutatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) + mutatingWebhookConfiguration, err := getTestMutatingWebhookConfiguration(policy.GetUniqueName()) if err != nil { return err } @@ -201,86 +204,91 @@ var _ = Describe("AdmissionPolicy controller", func() { }, timeout, pollInterval).Should(Succeed()) }) - When("the MutatingWebhookConfiguration is changed", func() { - It("should be reconciled to the original state", func() { - By("changing the MutatingWebhookConfiguration") - mutatingWebhookConfiguration, err := getTestMutatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) - Expect(err).ToNot(HaveOccurred()) - originalMutatingWebhookConfiguration := mutatingWebhookConfiguration.DeepCopy() - - delete(mutatingWebhookConfiguration.Labels, "kubewarden") - mutatingWebhookConfiguration.Labels[constants.WebhookConfigurationPolicyScopeLabelKey] = newName("scope") - delete(mutatingWebhookConfiguration.Annotations, constants.WebhookConfigurationPolicyNameAnnotationKey) - mutatingWebhookConfiguration.Annotations[constants.WebhookConfigurationPolicyNamespaceAnnotationKey] = newName("namespace") - mutatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name = newName("service") - mutatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte("invalid") - Expect( - k8sClient.Update(ctx, mutatingWebhookConfiguration), - ).To(Succeed()) - - By("reconciling the MutatingWebhookConfiguration to its original state") - Eventually(func() (*admissionregistrationv1.MutatingWebhookConfiguration, error) { - return getTestMutatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) - }, timeout, pollInterval).Should( - And( - HaveField("Labels", Equal(originalMutatingWebhookConfiguration.Labels)), - HaveField("Annotations", Equal(originalMutatingWebhookConfiguration.Annotations)), - HaveField("Webhooks", Equal(originalMutatingWebhookConfiguration.Webhooks)), - ), - ) - - // simulate unitialized labels and annotation maps (behaviour of Kubewarden <= 1.9.0), or user change - By("by setting the MutatingWebhookConfiguration labels and annotation to nil") - mutatingWebhookConfiguration, err = getTestMutatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) - Expect(err).ToNot(HaveOccurred()) + It("should be reconcile the MutatingWebhookConfiguration to the original state after some change", func() { + var originalMutatingWebhookConfiguration *admissionregistrationv1.MutatingWebhookConfiguration + var mutatingWebhookConfiguration *admissionregistrationv1.MutatingWebhookConfiguration + Eventually(func() error { + var err error + mutatingWebhookConfiguration, err = getTestMutatingWebhookConfiguration(policy.GetUniqueName()) + if err != nil { + return err + } originalMutatingWebhookConfiguration = mutatingWebhookConfiguration.DeepCopy() - mutatingWebhookConfiguration.Labels = nil - mutatingWebhookConfiguration.Annotations = nil - Expect( - k8sClient.Update(ctx, mutatingWebhookConfiguration), - ).To(Succeed()) - - By("reconciling the MutatingWebhookConfiguration to its original state") - Eventually(func() (*admissionregistrationv1.MutatingWebhookConfiguration, error) { - return getTestMutatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) - }, timeout, pollInterval).Should( - And( - HaveField("Labels", Equal(originalMutatingWebhookConfiguration.Labels)), - HaveField("Annotations", Equal(originalMutatingWebhookConfiguration.Annotations)), - HaveField("Webhooks", Equal(originalMutatingWebhookConfiguration.Webhooks)), - ), - ) - }) - }) - }) + return nil + }, timeout, pollInterval).Should(Succeed()) - When("creating an AdmissionPolicy without a PolicyServer assigned", func() { - policyName := newName("unscheduled-policy") + By("changing the MutatingWebhookConfiguration") + delete(mutatingWebhookConfiguration.Labels, "kubewarden") + mutatingWebhookConfiguration.Labels[constants.WebhookConfigurationPolicyScopeLabelKey] = newName("scope") + delete(mutatingWebhookConfiguration.Annotations, constants.WebhookConfigurationPolicyNameAnnotationKey) + mutatingWebhookConfiguration.Annotations[constants.WebhookConfigurationPolicyNamespaceAnnotationKey] = newName("namespace") + mutatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name = newName("service") + mutatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte("invalid") + Expect( + k8sClient.Update(ctx, mutatingWebhookConfiguration), + ).To(Succeed()) + + By("reconciling the MutatingWebhookConfiguration to its original state") + Eventually(func() (*admissionregistrationv1.MutatingWebhookConfiguration, error) { + return getTestMutatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) + }, timeout, pollInterval).Should( + And( + HaveField("Labels", Equal(originalMutatingWebhookConfiguration.Labels)), + HaveField("Annotations", Equal(originalMutatingWebhookConfiguration.Annotations)), + HaveField("Webhooks", Equal(originalMutatingWebhookConfiguration.Webhooks)), + ), + ) - It("should set the policy status to unscheduled", func() { + // simulate unitialized labels and annotation maps (behaviour of Kubewarden <= 1.9.0), or user change + By("by setting the MutatingWebhookConfiguration labels and annotation to nil") + mutatingWebhookConfiguration, err := getTestMutatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) + Expect(err).ToNot(HaveOccurred()) + originalMutatingWebhookConfiguration = mutatingWebhookConfiguration.DeepCopy() + mutatingWebhookConfiguration.Labels = nil + mutatingWebhookConfiguration.Annotations = nil Expect( - k8sClient.Create(ctx, admissionPolicyFactory(policyName, policyNamespace, "", false)), - ).To(haveSucceededOrAlreadyExisted()) + k8sClient.Update(ctx, mutatingWebhookConfiguration), + ).To(Succeed()) - Eventually(func() (*policiesv1.AdmissionPolicy, error) { - return getTestAdmissionPolicy(policyNamespace, policyName) - }, 30*time.Second, 250*time.Millisecond).Should( - HaveField("Status.PolicyStatus", Equal(policiesv1.PolicyStatusUnscheduled)), + By("reconciling the MutatingWebhookConfiguration to its original state") + Eventually(func() (*admissionregistrationv1.MutatingWebhookConfiguration, error) { + return getTestMutatingWebhookConfiguration(fmt.Sprintf("namespaced-%s-%s", policyNamespace, policyName)) + }, timeout, pollInterval).Should( + And( + HaveField("Labels", Equal(originalMutatingWebhookConfiguration.Labels)), + HaveField("Annotations", Equal(originalMutatingWebhookConfiguration.Annotations)), + HaveField("Webhooks", Equal(originalMutatingWebhookConfiguration.Webhooks)), + ), ) }) + }) - When("creating an AdmissionPolicy with a PolicyServer assigned but not running yet", func() { - var ( - policyName = newName("scheduled-policy") - policyServerName = newName("policy-server") + It("should set policy status to unscheduled when creating an AdmissionPolicy without a PolicyServer assigned", func() { + policyName := newName("unscheduled-policy") + Expect( + k8sClient.Create(ctx, admissionPolicyFactory(policyName, policyNamespace, "", false)), + ).To(haveSucceededOrAlreadyExisted()) + + Eventually(func() (*policiesv1.AdmissionPolicy, error) { + return getTestAdmissionPolicy(policyNamespace, policyName) + }, 30*time.Second, 250*time.Millisecond).Should( + HaveField("Status.PolicyStatus", Equal(policiesv1.PolicyStatusUnscheduled)), ) - It("should set the policy status to scheduled", func() { + }) + + When("creating an AdmissionPolicy with a PolicyServer assigned but not running yet", func() { + var policyName string + + BeforeEach(func() { + policyName = newName("scheduled-policy") Expect( k8sClient.Create(ctx, admissionPolicyFactory(policyName, policyNamespace, policyServerName, false)), ).To(haveSucceededOrAlreadyExisted()) + }) + It("should set the policy status to scheduled", func() { Eventually(func() (*policiesv1.AdmissionPolicy, error) { return getTestAdmissionPolicy(policyNamespace, policyName) }, timeout, pollInterval).Should( diff --git a/controllers/clusteradmissionpolicy_controller_test.go b/controllers/clusteradmissionpolicy_controller_test.go index 82e25d56..cd409093 100644 --- a/controllers/clusteradmissionpolicy_controller_test.go +++ b/controllers/clusteradmissionpolicy_controller_test.go @@ -29,21 +29,24 @@ import ( ) var _ = Describe("ClusterAdmissionPolicy controller", func() { - When("creating a validating ClusterAdmissionPolicy", func() { - policyServerName := newName("policy-server") - policyName := newName("validating-policy") + var policyServerName string - It("should set the ClusterAdmissionPolicy to active", func() { - By("creating the PolicyServer") - Expect( - k8sClient.Create(ctx, policyServerFactory(policyServerName)), - ).To(Succeed()) + BeforeEach(func() { + policyServerName = newName("policy-server") + }) - By("creating the ClusterAdmissionPolicy") - Expect( - k8sClient.Create(ctx, clusterAdmissionPolicyFactory(policyName, policyServerName, false)), - ).To(Succeed()) + When("creating a validating ClusterAdmissionPolicy", func() { + var policyName string + var policy *policiesv1.ClusterAdmissionPolicy + + BeforeEach(func() { + policyName = newName("validating-policy") + createPolicyServerAndWaitForItsService(policyServerFactory(policyServerName)) + policy = clusterAdmissionPolicyFactory(policyName, policyServerName, false) + Expect(k8sClient.Create(ctx, policy)).To(Succeed()) + }) + It("should set the ClusterAdmissionPolicy to active", func() { By("changing the policy status to pending") Eventually(func() (*policiesv1.ClusterAdmissionPolicy, error) { return getTestClusterAdmissionPolicy(policyName) @@ -61,7 +64,7 @@ var _ = Describe("ClusterAdmissionPolicy controller", func() { It("should create the ValidatingWebhookConfiguration", func() { Eventually(func() error { - validatingWebhookConfiguration, err := getTestValidatingWebhookConfiguration(fmt.Sprintf("clusterwide-%s", policyName)) + validatingWebhookConfiguration, err := getTestValidatingWebhookConfiguration(policy.GetUniqueName()) if err != nil { return err } @@ -81,52 +84,55 @@ var _ = Describe("ClusterAdmissionPolicy controller", func() { }, timeout, pollInterval).Should(Succeed()) }) - When("the ValidatingWebhookConfiguration is changed", func() { - It("should be reconciled to the original state", func() { - By("changing the ValidatingWebhookConfiguration") - validatingWebhookConfiguration, err := getTestValidatingWebhookConfiguration(fmt.Sprintf("clusterwide-%s", policyName)) - Expect(err).ToNot(HaveOccurred()) - originalValidatingWebhookConfiguration := validatingWebhookConfiguration.DeepCopy() - - delete(validatingWebhookConfiguration.Labels, "kubewarden") - validatingWebhookConfiguration.Labels[constants.WebhookConfigurationPolicyScopeLabelKey] = newName("scope") - delete(validatingWebhookConfiguration.Annotations, constants.WebhookConfigurationPolicyNameAnnotationKey) - validatingWebhookConfiguration.Annotations[constants.WebhookConfigurationPolicyNamespaceAnnotationKey] = newName("namespace") - validatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name = newName("service") - validatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte("invalid") - Expect( - k8sClient.Update(ctx, validatingWebhookConfiguration), - ).To(Succeed()) - - By("reconciling the ValidatingWebhookConfiguration to its original state") - Eventually(func() (*admissionregistrationv1.ValidatingWebhookConfiguration, error) { - return getTestValidatingWebhookConfiguration(fmt.Sprintf("clusterwide-%s", policyName)) - }, timeout, pollInterval).Should( - And( - HaveField("Labels", Equal(originalValidatingWebhookConfiguration.Labels)), - HaveField("Annotations", Equal(originalValidatingWebhookConfiguration.Annotations)), - HaveField("Webhooks", Equal(originalValidatingWebhookConfiguration.Webhooks)), - ), - ) - }) + It("should be reconcile the ValidationWebhookConfiguration to the original state after some change", func() { + By("changing the ValidatingWebhookConfiguration") + var originalValidatingWebhookConfiguration *admissionregistrationv1.ValidatingWebhookConfiguration + var validatingWebhookConfiguration *admissionregistrationv1.ValidatingWebhookConfiguration + Eventually(func() error { + var err error + validatingWebhookConfiguration, err = getTestValidatingWebhookConfiguration(policy.GetUniqueName()) + if err != nil { + return err + } + originalValidatingWebhookConfiguration = validatingWebhookConfiguration.DeepCopy() + return nil + }, timeout, pollInterval).Should(Succeed()) + + delete(validatingWebhookConfiguration.Labels, "kubewarden") + validatingWebhookConfiguration.Labels[constants.WebhookConfigurationPolicyScopeLabelKey] = newName("scope") + delete(validatingWebhookConfiguration.Annotations, constants.WebhookConfigurationPolicyNameAnnotationKey) + validatingWebhookConfiguration.Annotations[constants.WebhookConfigurationPolicyNamespaceAnnotationKey] = newName("namespace") + validatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name = newName("service") + validatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte("invalid") + Expect( + k8sClient.Update(ctx, validatingWebhookConfiguration), + ).To(Succeed()) + + By("reconciling the ValidatingWebhookConfiguration to its original state") + Eventually(func() (*admissionregistrationv1.ValidatingWebhookConfiguration, error) { + return getTestValidatingWebhookConfiguration(fmt.Sprintf("clusterwide-%s", policyName)) + }, timeout, pollInterval).Should( + And( + HaveField("Labels", Equal(originalValidatingWebhookConfiguration.Labels)), + HaveField("Annotations", Equal(originalValidatingWebhookConfiguration.Annotations)), + HaveField("Webhooks", Equal(originalValidatingWebhookConfiguration.Webhooks)), + ), + ) }) }) When("creating a mutating ClusterAdmissionPolicy", func() { - policyServerName := newName("policy-server") - policyName := newName("mutating-policy") + var policyName string + var policy *policiesv1.ClusterAdmissionPolicy + + BeforeEach(func() { + policyName = newName("mutating-policy") + createPolicyServerAndWaitForItsService(policyServerFactory(policyServerName)) + policy = clusterAdmissionPolicyFactory(policyName, policyServerName, true) + Expect(k8sClient.Create(ctx, policy)).To(Succeed()) + }) It("should set the AdmissionPolicy to active", func() { - By("creating the PolicyServer") - Expect( - k8sClient.Create(ctx, policyServerFactory(policyServerName)), - ).To(Succeed()) - - By("creating the AdmissionPolicy") - Expect( - k8sClient.Create(ctx, clusterAdmissionPolicyFactory(policyName, policyServerName, true)), - ).To(Succeed()) - By("changing the policy status to pending") Eventually(func() (*policiesv1.ClusterAdmissionPolicy, error) { return getTestClusterAdmissionPolicy(policyName) @@ -144,7 +150,7 @@ var _ = Describe("ClusterAdmissionPolicy controller", func() { It("should create the MutatingWebhookConfiguration", func() { Eventually(func() error { - mutatingWebhookConfiguration, err := getTestMutatingWebhookConfiguration(fmt.Sprintf("clusterwide-%s", policyName)) + mutatingWebhookConfiguration, err := getTestMutatingWebhookConfiguration(policy.GetUniqueName()) if err != nil { return err } @@ -163,58 +169,65 @@ var _ = Describe("ClusterAdmissionPolicy controller", func() { }, timeout, pollInterval).Should(Succeed()) }) - When("the MutatingWebhookConfiguration is changed", func() { - It("should be reconciled to the original state", func() { - By("changing the MutatingWebhookConfiguration") - mutatingWebhookConfiguration, err := getTestMutatingWebhookConfiguration(fmt.Sprintf("clusterwide-%s", policyName)) - Expect(err).ToNot(HaveOccurred()) - originalMutatingWebhookConfiguration := mutatingWebhookConfiguration.DeepCopy() - - delete(mutatingWebhookConfiguration.Labels, "kubewarden") - mutatingWebhookConfiguration.Labels[constants.WebhookConfigurationPolicyScopeLabelKey] = newName("scope") - delete(mutatingWebhookConfiguration.Annotations, constants.WebhookConfigurationPolicyNameAnnotationKey) - mutatingWebhookConfiguration.Annotations[constants.WebhookConfigurationPolicyNamespaceAnnotationKey] = newName("namespace") - mutatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name = newName("service") - mutatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte("invalid") - Expect( - k8sClient.Update(ctx, mutatingWebhookConfiguration), - ).To(Succeed()) - - By("reconciling the MutatingWebhookConfiguration to its original state") - Eventually(func() (*admissionregistrationv1.MutatingWebhookConfiguration, error) { - return getTestMutatingWebhookConfiguration(fmt.Sprintf("clusterwide-%s", policyName)) - }, timeout, pollInterval).Should( - And( - HaveField("Labels", Equal(originalMutatingWebhookConfiguration.Labels)), - HaveField("Annotations", Equal(originalMutatingWebhookConfiguration.Annotations)), - HaveField("Webhooks", Equal(originalMutatingWebhookConfiguration.Webhooks)), - ), - ) - }) - }) - }) - - When("creating a ClusterAdmissionPolicy without a PolicyServer assigned", func() { - policyName := newName("unscheduled-policy") - - It("should set the policy status to unscheduled", func() { + It("should be reconcile the MutatingWebhookConfiguration to the original state after some change", func() { + var originalMutatingWebhookConfiguration *admissionregistrationv1.MutatingWebhookConfiguration + var mutatingWebhookConfiguration *admissionregistrationv1.MutatingWebhookConfiguration + Eventually(func() error { + var err error + mutatingWebhookConfiguration, err = getTestMutatingWebhookConfiguration(policy.GetUniqueName()) + if err != nil { + return err + } + originalMutatingWebhookConfiguration = mutatingWebhookConfiguration.DeepCopy() + return nil + }, timeout, pollInterval).Should(Succeed()) + By("changing the MutatingWebhookConfiguration") + + delete(mutatingWebhookConfiguration.Labels, "kubewarden") + mutatingWebhookConfiguration.Labels[constants.WebhookConfigurationPolicyScopeLabelKey] = newName("scope") + delete(mutatingWebhookConfiguration.Annotations, constants.WebhookConfigurationPolicyNameAnnotationKey) + mutatingWebhookConfiguration.Annotations[constants.WebhookConfigurationPolicyNamespaceAnnotationKey] = newName("namespace") + mutatingWebhookConfiguration.Webhooks[0].ClientConfig.Service.Name = newName("service") + mutatingWebhookConfiguration.Webhooks[0].ClientConfig.CABundle = []byte("invalid") Expect( - k8sClient.Create(ctx, clusterAdmissionPolicyFactory(policyName, "", false)), - ).To(haveSucceededOrAlreadyExisted()) + k8sClient.Update(ctx, mutatingWebhookConfiguration), + ).To(Succeed()) - Eventually(func() (*policiesv1.ClusterAdmissionPolicy, error) { - return getTestClusterAdmissionPolicy(policyName) + By("reconciling the MutatingWebhookConfiguration to its original state") + Eventually(func() (*admissionregistrationv1.MutatingWebhookConfiguration, error) { + return getTestMutatingWebhookConfiguration(fmt.Sprintf("clusterwide-%s", policyName)) }, timeout, pollInterval).Should( - HaveField("Status.PolicyStatus", Equal(policiesv1.PolicyStatusUnscheduled)), + And( + HaveField("Labels", Equal(originalMutatingWebhookConfiguration.Labels)), + HaveField("Annotations", Equal(originalMutatingWebhookConfiguration.Annotations)), + HaveField("Webhooks", Equal(originalMutatingWebhookConfiguration.Webhooks)), + ), ) }) }) - When("creating a ClusterAdmissionPolicy with a PolicyServer assigned but not running yet", func() { - var ( - policyName = newName("scheduled-policy") - policyServerName = newName("policy-server") + It("should set policy status to unscheduled when creating an ClusterAdmissionPolicy without a PolicyServer assigned", func() { + policyName := newName("unscheduled-policy") + Expect( + k8sClient.Create(ctx, clusterAdmissionPolicyFactory(policyName, "", false)), + ).To(haveSucceededOrAlreadyExisted()) + + Eventually(func() (*policiesv1.ClusterAdmissionPolicy, error) { + return getTestClusterAdmissionPolicy(policyName) + }, timeout, pollInterval).Should( + HaveField("Status.PolicyStatus", Equal(policiesv1.PolicyStatusUnscheduled)), ) + }) + + When("creating a ClusterAdmissionPolicy with a PolicyServer assigned but not running yet", func() { + var policyName string + + BeforeEach(func() { + policyName = newName("scheduled-policy") + Expect( + k8sClient.Create(ctx, clusterAdmissionPolicyFactory(policyName, policyServerName, false)), + ).To(haveSucceededOrAlreadyExisted()) + }) It("should set the policy status to scheduled", func() { Expect(