From 7a4a1d919e082c8bfb7bd7c2d4a5c98df8547f5c Mon Sep 17 00:00:00 2001
From: Dennis Nguyen <dnguyen@nextdoor.com>
Date: Thu, 17 Aug 2023 22:03:43 -0700
Subject: [PATCH] inject rollout crd into test cluster

---
 Makefile                                      |   1 +
 .../create_access_resources_test.go           | 146 +++++++++++++++++-
 .../builders/podaccessbuilder/suite_test.go   |  20 ++-
 3 files changed, 157 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
index d5bb774a..496c928a 100644
--- a/Makefile
+++ b/Makefile
@@ -101,6 +101,7 @@ vet: ## Run go vet against code.
 
 .PHONY: test
 test: manifests generate envtest ## Run tests.
+	go mod download
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -v $(shell go list ./... | grep -v 'e2e') -coverprofile cover.out -covermode=atomic -race
 
 ##@ Build
diff --git a/internal/builders/podaccessbuilder/create_access_resources_test.go b/internal/builders/podaccessbuilder/create_access_resources_test.go
index 6f53bcdc..1088b4cf 100644
--- a/internal/builders/podaccessbuilder/create_access_resources_test.go
+++ b/internal/builders/podaccessbuilder/create_access_resources_test.go
@@ -7,6 +7,7 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 
+	rolloutsv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -22,12 +23,14 @@ import (
 var _ = Describe("RequestReconciler", Ordered, func() {
 	Context("CreateAccessResources()", func() {
 		var (
-			ctx        = context.Background()
-			ns         *corev1.Namespace
-			deployment *appsv1.Deployment
-			request    *v1alpha1.PodAccessRequest
-			template   *v1alpha1.PodAccessTemplate
-			builder    = PodAccessBuilder{}
+			ctx             = context.Background()
+			ns              *corev1.Namespace
+			deployment      *appsv1.Deployment
+			request         *v1alpha1.PodAccessRequest
+			rolloutRequest  *v1alpha1.PodAccessRequest
+			template        *v1alpha1.PodAccessTemplate
+			rolloutTemplate *v1alpha1.PodAccessTemplate
+			builder         = PodAccessBuilder{}
 		)
 
 		BeforeAll(func() {
@@ -72,6 +75,39 @@ var _ = Describe("RequestReconciler", Ordered, func() {
 			err = k8sClient.Create(ctx, deployment)
 			Expect(err).To(Not(HaveOccurred()))
 
+			By("Creating a Rollout to reference for the test")
+			rollout := &rolloutsv1alpha1.Rollout{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "rollout-test",
+					Namespace: ns.Name,
+				},
+				Spec: rolloutsv1alpha1.RolloutSpec{
+					Selector: &metav1.LabelSelector{
+						MatchLabels: map[string]string{
+							"testLabel": "testValue",
+						},
+					},
+					Template: corev1.PodTemplateSpec{
+						ObjectMeta: metav1.ObjectMeta{
+							Labels: map[string]string{
+								"testLabel": "testValue",
+							},
+						},
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{
+								{
+									Name:  "test",
+									Image: "nginx:latest",
+								},
+							},
+						},
+					},
+				},
+			}
+
+			err = k8sClient.Create(ctx, rollout)
+			Expect(err).To(Not(HaveOccurred()))
+
 			By("Should have an PodAccessTemplate to test against")
 			cpuReq, _ := resource.ParseQuantity("1")
 			template = &v1alpha1.PodAccessTemplate{
@@ -108,6 +144,40 @@ var _ = Describe("RequestReconciler", Ordered, func() {
 			err = k8sClient.Create(ctx, template)
 			Expect(err).ToNot(HaveOccurred())
 
+			rolloutTemplate = &v1alpha1.PodAccessTemplate{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      utils.RandomString(8),
+					Namespace: ns.GetName(),
+				},
+				Spec: v1alpha1.PodAccessTemplateSpec{
+					AccessConfig: v1alpha1.AccessConfig{
+						AllowedGroups:   []string{"testGroupA"},
+						DefaultDuration: "1h",
+						MaxDuration:     "2h",
+					},
+					ControllerTargetRef: &v1alpha1.CrossVersionObjectReference{
+						APIVersion: "argoproj.io/v1alpha1",
+						Kind:       "Rollout",
+						Name:       "rollout-test",
+					},
+					ControllerTargetMutationConfig: &v1alpha1.PodTemplateSpecMutationConfig{
+						DefaultContainerName: "test",
+						Command:              &[]string{"/bin/sleep"},
+						Args:                 &[]string{"100"},
+						Env: []corev1.EnvVar{
+							{Name: "FOO", Value: "BAR"},
+						},
+						Resources: corev1.ResourceRequirements{
+							Requests: map[corev1.ResourceName]resource.Quantity{
+								"cpu": cpuReq,
+							},
+						},
+					},
+				},
+			}
+			err = k8sClient.Create(ctx, rolloutTemplate)
+			Expect(err).ToNot(HaveOccurred())
+
 			By("Should have an PodAccessRequest built to test against")
 			request = &v1alpha1.PodAccessRequest{
 				ObjectMeta: metav1.ObjectMeta{
@@ -120,6 +190,19 @@ var _ = Describe("RequestReconciler", Ordered, func() {
 			}
 			err = k8sClient.Create(ctx, request)
 			Expect(err).ToNot(HaveOccurred())
+
+			// verify podaccess request with Rollout
+			rolloutRequest = &v1alpha1.PodAccessRequest{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "createaccessresource-rollout-test",
+					Namespace: ns.GetName(),
+				},
+				Spec: v1alpha1.PodAccessRequestSpec{
+					TemplateName: rolloutTemplate.GetName(),
+				},
+			}
+			err = k8sClient.Create(ctx, rolloutRequest)
+			Expect(err).ToNot(HaveOccurred())
 		})
 
 		AfterAll(func() {
@@ -178,5 +261,56 @@ var _ = Describe("RequestReconciler", Ordered, func() {
 			Expect(foundRoleBinding.RoleRef.Name).To(Equal(foundRole.GetName()))
 			Expect(foundRoleBinding.Subjects[0].Name).To(Equal("testGroupA"))
 		})
+
+		It("CreateAccessResources() should succeed with Rollout", func() {
+			rolloutRequest.Status.PodName = ""
+
+			// Execute
+			ret, err := builder.CreateAccessResources(ctx, k8sClient, rolloutRequest, rolloutTemplate)
+
+			// VERIFY: No error returned
+			Expect(err).ToNot(HaveOccurred())
+
+			// VERIFY: Proper status string returned
+			Expect(ret).To(MatchRegexp(fmt.Sprintf(
+				"Success. Pod %s-.*, Role %s-.*, RoleBinding %s.* created",
+				rolloutRequest.GetName(),
+				rolloutRequest.GetName(),
+				rolloutRequest.GetName(),
+			)))
+
+			// VERIFY: Pod Created as expected
+			foundPod := &corev1.Pod{}
+			err = k8sClient.Get(ctx, types.NamespacedName{
+				Name:      bldutil.GenerateResourceName(rolloutRequest),
+				Namespace: ns.GetName(),
+			}, foundPod)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(foundPod.GetOwnerReferences()).ToNot(BeNil())
+			Expect(foundPod.Spec.Containers[0].Command[0]).To(Equal("/bin/sleep"))
+			Expect(foundPod.Spec.Containers[0].Args[0]).To(Equal("100"))
+
+			// VERIFY: Role Created as expected
+			foundRole := &rbacv1.Role{}
+			err = k8sClient.Get(ctx, types.NamespacedName{
+				Name:      bldutil.GenerateResourceName(rolloutRequest),
+				Namespace: ns.GetName(),
+			}, foundRole)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(foundRole.GetOwnerReferences()).ToNot(BeNil())
+			Expect(foundRole.Rules[0].ResourceNames[0]).To(Equal(foundPod.GetName()))
+			Expect(foundRole.Rules[1].ResourceNames[0]).To(Equal(foundPod.GetName()))
+
+			// VERIFY: RoleBinding Created as expected
+			foundRoleBinding := &rbacv1.RoleBinding{}
+			err = k8sClient.Get(ctx, types.NamespacedName{
+				Name:      bldutil.GenerateResourceName(rolloutRequest),
+				Namespace: ns.GetName(),
+			}, foundRoleBinding)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(foundRoleBinding.GetOwnerReferences()).ToNot(BeNil())
+			Expect(foundRoleBinding.RoleRef.Name).To(Equal(foundRole.GetName()))
+			Expect(foundRoleBinding.Subjects[0].Name).To(Equal("testGroupA"))
+		})
 	})
 })
diff --git a/internal/builders/podaccessbuilder/suite_test.go b/internal/builders/podaccessbuilder/suite_test.go
index 38feee27..27fdadc5 100644
--- a/internal/builders/podaccessbuilder/suite_test.go
+++ b/internal/builders/podaccessbuilder/suite_test.go
@@ -17,14 +17,16 @@ limitations under the License.
 package podaccessbuilder
 
 import (
+	"fmt"
+	"os/exec"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	rolloutsv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"go.uber.org/zap/zapcore"
-
 	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -60,12 +62,23 @@ var _ = BeforeSuite(func() {
 	logf.SetLogger(logger)
 
 	By("bootstrapping test environment")
+
+	var err error
+
+	// grab go mod directory with Argo rollout CRD to be installed into test environment cluster
+	argoRolloutPath, err := exec.Command("go", "list", "-m", "-f", "{{.Dir}}", "github.com/argoproj/argo-rollouts").Output()
+	Expect(err).NotTo(HaveOccurred())
+	argoCRDPath := fmt.Sprintf("%s/manifests/crds", string(argoRolloutPath))
+	argoCRDPath = strings.ReplaceAll(argoCRDPath, "\n", "")
+
 	testEnv = &envtest.Environment{
-		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "..", "config", "crd", "bases")},
+		CRDDirectoryPaths: []string{
+			filepath.Join("..", "..", "..", "config", "crd", "bases"),
+			argoCRDPath,
+		},
 		ErrorIfCRDPathMissing: true,
 	}
 
-	var err error
 	// cfg is defined in this file globally.
 	cfg, err = testEnv.Start()
 	Expect(err).NotTo(HaveOccurred())
@@ -78,7 +91,6 @@ var _ = BeforeSuite(func() {
 	Expect(err).NotTo(HaveOccurred())
 
 	//+kubebuilder:scaffold:scheme
-
 	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
 	Expect(err).NotTo(HaveOccurred())
 	Expect(k8sClient).NotTo(BeNil())