feat: allow overriding test infrastructure kube client separately #2764
Conversation
...mework-junit5/src/main/java/io/javaoperatorsdk/operator/junit/AbstractOperatorExtension.java
Show resolved
Hide resolved
xstefank
force-pushed
the
test-extension-separate-clients-2753
branch
from
bf116d5 to
9e5009f
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| .withUid(UUID.randomUUID().toString()) | ||
| .withGeneration(1L) | ||
| .build()); | ||
| resource.getMetadata().setAnnotations(new HashMap<>()); |
| .withGeneration(1L) | ||
| .build()); | ||
| resource.getMetadata().setAnnotations(new HashMap<>()); | ||
| resource.setKind("InfrastructureClientTestCustomResource"); |
There was a problem hiding this comment.
This shouldn't be necessary.
| resource.setMetadata( | ||
| new ObjectMetaBuilder() | ||
| .withName("infrastructure-client-resource") | ||
| .withUid(UUID.randomUUID().toString()) |
There was a problem hiding this comment.
This shouldn't be needed.
| new ObjectMetaBuilder() | ||
| .withName("infrastructure-client-resource") | ||
| .withUid(UUID.randomUUID().toString()) | ||
| .withGeneration(1L) |
There was a problem hiding this comment.
This shouldn't be needed.
xstefank
force-pushed
the
test-extension-separate-clients-2753
branch
from
59eacca to
ce0e0d9
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Pull Request Overview
This PR allows test infrastructure to use a separate Kubernetes client from the one used by operators under test. It adds the ability to configure an infrastructure client with broader permissions while using a restricted client for the operator itself, enabling better testing of RBAC scenarios.
Key changes:
- Added infrastructure client configuration to test extensions
- Implemented RBAC test scenario to verify separated client functionality
- Modified infrastructure operations to use the dedicated infrastructure client
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| AbstractOperatorExtension.java | Added infrastructure client field and updated namespace/infrastructure operations |
| LocallyRunOperatorExtension.java | Added builder support for infrastructure client configuration |
| ClusterDeployedOperatorExtension.java | Added infrastructure client support for cluster deployment scenarios |
| HasKubernetesClient.java | Extended interface to expose infrastructure client |
| InfrastructureClientIT.java | Integration test demonstrating RBAC separation using restricted operator client |
| InfrastructureClientTestReconciler.java | Test reconciler for infrastructure client testing |
| InfrastructureClientTestCustomResource.java | Custom resource definition for testing |
| rbac-test-role.yaml | RBAC role with limited permissions for testing |
| rbac-test-role-binding.yaml | Role binding for test user |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Signed-off-by: xstefank <[email protected]>
Signed-off-by: Chris Laprun <[email protected]>
Signed-off-by: Chris Laprun <[email protected]>
Signed-off-by: xstefank <[email protected]>
…Extension.Builder Signed-off-by: xstefank <[email protected]>
Signed-off-by: xstefank <[email protected]>
csviri
force-pushed
the
test-extension-separate-clients-2753
branch
from
668ec59 to
dad9093
Compare
|
|
||
| @BeforeEach | ||
| void setup() { | ||
| applyClusterRole(RBAC_TEST_ROLE); |
There was a problem hiding this comment.
These are I guess redundant. The one from constructor might be an another hook I guess?!
There was a problem hiding this comment.
This is the problem I mentioned to you on the call. If I removed this BeforeEach, the cluster roles wouldn't be applied for the second test.
metacosm
changed the title
First part for #2753. I believe it makes sense to split this into a separate PR. Let me know if I misunderstood where everywhere the infrastructure client should be used.