From 1d9f744389c58578c6848190508fce86ebf920d0 Mon Sep 17 00:00:00 2001 From: Matous Jobanek Date: Thu, 3 Aug 2023 12:59:04 +0200 Subject: [PATCH] drop obsolete proxy Role&RoleBinding --- test/e2e/proxy_test.go | 5 +++-- testsupport/tiers/checks.go | 43 ++----------------------------------- 2 files changed, 5 insertions(+), 43 deletions(-) diff --git a/test/e2e/proxy_test.go b/test/e2e/proxy_test.go index 3619d719d..b258a9f51 100644 --- a/test/e2e/proxy_test.go +++ b/test/e2e/proxy_test.go @@ -252,10 +252,11 @@ func TestProxyFlow(t *testing.T) { Path: "/spec/displayName", Value: patchString, }} - patchPayloadBytes, _ := json.Marshal(patchPayload) + patchPayloadBytes, err := json.Marshal(patchPayload) + require.NoError(t, err) // Appply Patch - err := proxyCl.Patch(context.TODO(), proxyApp, client.RawPatch(types.JSONPatchType, patchPayloadBytes)) + err = proxyCl.Patch(context.TODO(), proxyApp, client.RawPatch(types.JSONPatchType, patchPayloadBytes)) require.NoError(t, err) // Get patched app and verify patched DisplayName diff --git a/testsupport/tiers/checks.go b/testsupport/tiers/checks.go index c1619496c..b5a373762 100644 --- a/testsupport/tiers/checks.go +++ b/testsupport/tiers/checks.go @@ -442,8 +442,6 @@ func (a *appstudioTierChecks) GetNamespaceObjectChecks(_ string) []namespaceObje resourceQuotaStorage("50Gi", "50Gi", "50Gi", "12"), limitRange("2", "2Gi", "10m", "256Mi"), numberOfLimitRanges(1), - toolchainSaReadRole(), - memberOperatorSaReadRoleBinding(), gitOpsServiceLabel(), appstudioWorkSpaceNameLabel(), environment("development"), @@ -504,8 +502,8 @@ func (a *appstudioTierChecks) GetSpaceRoleChecks(spaceRoles map[string][]string) } // also count the roles, rolebindings and service accounts checks = append(checks, - numberOfToolchainRoles(roles+1), // +1 for `toolchain-sa-read` - numberOfToolchainRoleBindings(rolebindings+2), // +2 for `member-operator-sa-read` and `appstudio-pipelines-runner-rolebinding` + numberOfToolchainRoles(roles), + numberOfToolchainRoleBindings(rolebindings+1), // +1 for `appstudio-pipelines-runner-rolebinding` ) return checks, nil } @@ -1761,20 +1759,6 @@ func appstudioViewRoleBinding(userName string) spaceRoleObjectsCheck { } } -func memberOperatorSaReadRoleBinding() namespaceObjectsCheck { - return func(t *testing.T, ns *corev1.Namespace, memberAwait *wait.MemberAwaitility, owner string) { - rb, err := memberAwait.WaitForRoleBinding(t, ns, "member-operator-sa-read", toolchainLabelsWaitCriterion(owner)...) - require.NoError(t, err) - assert.Len(t, rb.Subjects, 1) - assert.Equal(t, "Group", rb.Subjects[0].Kind) - assert.Equal(t, "system:serviceaccounts:"+memberAwait.Namespace, rb.Subjects[0].Name) - assert.Equal(t, "rbac.authorization.k8s.io", rb.Subjects[0].APIGroup) - assert.Equal(t, "toolchain-sa-read", rb.RoleRef.Name) - assert.Equal(t, "Role", rb.RoleRef.Kind) - assert.Equal(t, "rbac.authorization.k8s.io", rb.RoleRef.APIGroup) - } -} - func namespaceManagerSaEditRoleBinding() namespaceObjectsCheck { return func(t *testing.T, ns *corev1.Namespace, memberAwait *wait.MemberAwaitility, owner string) { rb, err := memberAwait.WaitForRoleBinding(t, ns, toolchainv1alpha1.AdminServiceAccountName, toolchainLabelsWaitCriterion(owner)...) @@ -1829,29 +1813,6 @@ func additionalArgocdReadRole() namespaceObjectsCheck { } } -func toolchainSaReadRole() namespaceObjectsCheck { - return func(t *testing.T, ns *corev1.Namespace, memberAwait *wait.MemberAwaitility, owner string) { - role, err := memberAwait.WaitForRole(t, ns, "toolchain-sa-read", toolchainLabelsWaitCriterion(owner)...) - require.NoError(t, err) - expected := &rbacv1.Role{ - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{""}, - Resources: []string{"secrets", "serviceaccounts"}, - Verbs: []string{"get", "list"}, - }, - { - APIGroups: []string{""}, - Resources: []string{"serviceaccounts/token"}, - Verbs: []string{"create"}, - }, - }, - } - - assert.Equal(t, expected.Rules, role.Rules) - } -} - func namespaceManagerSA() namespaceObjectsCheck { return func(t *testing.T, ns *corev1.Namespace, memberAwait *wait.MemberAwaitility, owner string) { _, err := memberAwait.WaitForServiceAccount(t, ns.Name, toolchainv1alpha1.AdminServiceAccountName)