From 9e737a43e93dca163386ce127550886ec7dab174 Mon Sep 17 00:00:00 2001 From: Karel Simon Date: Thu, 7 Sep 2023 11:03:28 +0200 Subject: [PATCH] fix: replacing of namespace annotation when openshift-cnv namespace is set When ssp CR contains openshift-cnv namespace as a target namespace for pipelines, ssp operator recognized this namespace as user defined and deployed configmaps and roleBindings to a single namespace, instead of two namespaces. That broke our default installation path in ds. This change adds a check if the pipeline namespace in the CR is openshift-cnv, then it is not used as a user defined namespace and kubevirt.io/deploy-namespace annotation is used instead. Signed-off-by: Karel Simon --- .../operands/tekton-pipelines/reconcile.go | 3 +- .../tekton-pipelines/reconcile_test.go | 47 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/internal/operands/tekton-pipelines/reconcile.go b/internal/operands/tekton-pipelines/reconcile.go index 0554e1486..974fc8a3c 100644 --- a/internal/operands/tekton-pipelines/reconcile.go +++ b/internal/operands/tekton-pipelines/reconcile.go @@ -27,6 +27,7 @@ const ( tektonCrd = "tasks.tekton.dev" deployNamespaceAnnotation = "kubevirt.io/deploy-namespace" pipelineServiceAccountName = "pipeline" + openshiftCNVNamespace = "openshift-cnv" ) var namespaceRegex = regexp.MustCompile(namespacePattern) @@ -281,7 +282,7 @@ func reconcileRoleBindingsFuncs(rolebindings []rbac.RoleBinding) []common.Reconc } func getTektonPipelinesNamespace(request *common.Request) (string, bool) { - if request.Instance.Spec.TektonPipelines != nil && request.Instance.Spec.TektonPipelines.Namespace != "" { + if request.Instance.Spec.TektonPipelines != nil && request.Instance.Spec.TektonPipelines.Namespace != "" && request.Instance.Spec.TektonPipelines.Namespace != openshiftCNVNamespace { return request.Instance.Spec.TektonPipelines.Namespace, true } return request.Instance.Namespace, false diff --git a/internal/operands/tekton-pipelines/reconcile_test.go b/internal/operands/tekton-pipelines/reconcile_test.go index 65e1952b0..fcd9b8df0 100644 --- a/internal/operands/tekton-pipelines/reconcile_test.go +++ b/internal/operands/tekton-pipelines/reconcile_test.go @@ -202,6 +202,53 @@ var _ = Describe("environments", func() { }) }) + Context("With openshift-cnv namespace in ssp CR for pipelines", func() { + BeforeEach(func() { + request.Instance.Spec.FeatureGates.DeployTektonTaskResources = true + request.Instance.Spec.TektonPipelines = &ssp.TektonPipelines{ + Namespace: openshiftCNVNamespace, + } + }) + + It("kubevirt.io/deploy-namespace annotation in configMaps should not be replaced", func() { + _, err := operand.Reconcile(request) + Expect(err).ToNot(HaveOccurred()) + + for _, configMap := range bundle.ConfigMaps { + objNamespace := namespace + + if configMap.Name == "test-cm" { + configMap.Namespace = testDifferentNamespace + objNamespace = testDifferentNamespace + } + + key := client.ObjectKeyFromObject(&configMap) + cm := &v1.ConfigMap{} + Expect(request.Client.Get(request.Context, key, cm)).ToNot(HaveOccurred()) + Expect(cm.Namespace).To(Equal(objNamespace), cm.Name+" configMap namespace should equal") + } + }) + + It("kubevirt.io/deploy-namespace annotation in roleBindings should not be replaced", func() { + _, err := operand.Reconcile(request) + Expect(err).ToNot(HaveOccurred()) + + for _, roleBinding := range bundle.RoleBindings { + objNamespace := namespace + + if roleBinding.Name == "test-rb" { + roleBinding.Namespace = testDifferentNamespace + objNamespace = testDifferentNamespace + } + + key := client.ObjectKeyFromObject(&roleBinding) + rb := &rbac.RoleBinding{} + Expect(request.Client.Get(request.Context, key, rb)).ToNot(HaveOccurred()) + Expect(rb.Namespace).To(Equal(objNamespace), rb.Name+" roleBinding namespace should equal") + } + }) + }) + Context("Without user defined namespace in ssp CR for pipelines", func() { BeforeEach(func() { request.Instance.Spec.FeatureGates.DeployTektonTaskResources = true