MarianMacik commented on code in PR #239: URL: https://github.com/apache/incubator-kie-kogito-serverless-operator/pull/239#discussion_r1337267507
########## config/manager/kustomization.yaml: ########## @@ -22,6 +22,8 @@ images: newName: quay.io/kiegroup/kogito-serverless-operator-nightly newTag: latest # Patching the manager deployment file to add an env var with the operator namespace in +# - name: ENABLE_WEBHOOKS +# value: "true" Review Comment: Why is this commented? Shouldn't this be a part of the patch? ########## test/e2e/workflow_nowebhooks_test.go: ########## @@ -0,0 +1,178 @@ +// Copyright 2022 Red Hat, Inc. and/or its affiliates +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package e2e + +import ( + "fmt" + "os/exec" + "path/filepath" + "time" + + "github.com/kiegroup/kogito-serverless-operator/test" + "github.com/kiegroup/kogito-serverless-operator/test/utils" + + //nolint:golint + //nolint:revive + . "github.com/onsi/ginkgo/v2" + + //nolint:golint + //nolint:revive + . "github.com/onsi/gomega" +) + +var _ = Describe("SonataFlow Operator - no webhooks", Serial, func() { + + Describe("ensure that Operator and Operand(s) can run in restricted namespaces - no webhooks", Ordered, func() { + It("Prepare the environment - no webhooks", func() { + var controllerPodName string + operatorImageName, err := utils.GetOperatorImageName() + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("installing CRDs") + cmd := exec.Command("make", "install-no-webhooks") Review Comment: This step shouldn't be needed as this will call just `$(KUSTOMIZE) build config/crd-no-webhooks | kubectl apply -f -` which is a subset of what `make deploy-no-webhooks` calls, i.e. `$(KUSTOMIZE) build config/default-no-webhooks | kubectl apply -f -` ########## test/e2e/workflow_test.go: ########## @@ -36,139 +32,122 @@ import ( . "github.com/onsi/gomega" ) -// namespace store the ns where the Operator and Operand will be executed -const namespace = "sonataflow-operator-system" - -const ( - minikubePlatform = "minikube" - openshiftPlatform = "openshift" -) +var _ = Describe("SonataFlow Operator", Serial, func() { + + Describe("ensure that Operator and Operand(s) can run in restricted namespaces", Ordered, func() { + It("Prepare the environment", func() { + // Now, let's ensure that all namespaces can raise a Warn when we apply the manifests + // and that the namespace where the Operator and Operand will run are enforced as + // restricted so that we can ensure that both can be admitted and run with the enforcement + + // See: https://kubernetes.io/docs/tutorials/security/seccomp/ + + /* + TODO: Uncomment to enable when https://issues.redhat.com/browse/KOGITO-9110 will be available + By("labeling all namespaces to warn when we apply the manifest if would violate the PodStandards") + cmd = exec.Command("kubectl", "label", "--overwrite", "ns", "--all", + "pod-security.kubernetes.io/audit=restricted", + "pod-security.kubernetes.io/enforce-version=v1.22", + "pod-security.kubernetes.io/warn=restricted") + _, err := utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("labeling enforce the namespace where the Operator and Operand(s) will run") + cmd = exec.Command("kubectl", "label", "--overwrite", "ns", namespace, + "pod-security.kubernetes.io/audit=restricted", + "pod-security.kubernetes.io/enforce-version=v1.22", + "pod-security.kubernetes.io/enforce=restricted") + _, err = utils.Run(cmd) + Expect(err).To(Not(HaveOccurred())) + + */ + + var controllerPodName string + operatorImageName, err := utils.GetOperatorImageName() + ExpectWithOffset(1, err).NotTo(HaveOccurred()) -var _ = Describe("SonataFlow Operator", Ordered, func() { + By("deploying the controller-manager") + cmd := exec.Command("make", "deploy", fmt.Sprintf("IMG=%s", operatorImageName)) - BeforeAll(func() { Review Comment: Shouldn't this be retained in a BeforeAll block as it is just a setup and not a part of the test? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
