diff --git a/test/e2e/reconciler/cache/replication_test.go b/test/e2e/reconciler/cache/replication_test.go index 046ef871259..9ebe3319053 100644 --- a/test/e2e/reconciler/cache/replication_test.go +++ b/test/e2e/reconciler/cache/replication_test.go @@ -65,10 +65,6 @@ var scenarios = []testScenario{ {"TestReplicateAPIResourceSchemaNegative", replicateAPIResourceSchemaNegativeScenario}, {"TestReplicateWorkspaceType", replicateWorkspaceTypeScenario}, {"TestReplicateWorkspaceTypeNegative", replicateWorkspaceTypeNegativeScenario}, - {"TestReplicateWorkloadsClusterRole", replicateWorkloadsClusterRoleScenario}, - {"TestReplicateWorkloadsClusterRoleNegative", replicateWorkloadsClusterRoleNegativeScenario}, - {"TestReplicateWorkloadsClusterRoleBinding", replicateWorkloadsClusterRoleBindingScenario}, - {"TestReplicateWorkloadsClusterRoleBindingNegative", replicateWorkloadsClusterRoleBindingNegativeScenario}, } // disruptiveScenarios contains a list of scenarios that will be run in a private environment @@ -746,181 +742,3 @@ func createCacheClientConfigForEnvironment(ctx context.Context, t *testing.T, kc require.NoError(t, err) return cacheServerRestConfig } - -// replicateWorkloadsClusterRoleScenario tests if a ClusterRole related to workloads API is propagated to the cache server. -// The test exercises creation, modification and removal of the ClusterRole object. -func replicateWorkloadsClusterRoleScenario(ctx context.Context, t *testing.T, server framework.RunningServer, kcpShardClusterDynamicClient kcpdynamic.ClusterInterface, cacheKcpClusterDynamicClient kcpdynamic.ClusterInterface) { - t.Helper() - replicateResource(ctx, - t, - server, - kcpShardClusterDynamicClient, - cacheKcpClusterDynamicClient, - "", - "ClusterRole", - rbacv1.SchemeGroupVersion.WithResource("clusterroles"), - &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Name: withPseudoRandomSuffix("syncer"), - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{"sync"}, - APIGroups: []string{"workload.kcp.io"}, - Resources: []string{"synctargets"}, - ResourceNames: []string{"asynctarget"}, - }, - }, - }, - nil, - ) -} - -// replicateWorkloadsClusterRoleNegativeScenario checks if modified or even deleted cached ClusterRole (related to workloads API) will be reconciled to match the original object. -func replicateWorkloadsClusterRoleNegativeScenario(ctx context.Context, t *testing.T, server framework.RunningServer, kcpShardClusterDynamicClient kcpdynamic.ClusterInterface, cacheKcpClusterDynamicClient kcpdynamic.ClusterInterface) { - t.Helper() - replicateResourceNegative( - ctx, - t, - server, - kcpShardClusterDynamicClient, - cacheKcpClusterDynamicClient, - "", - "ClusterRole", - rbacv1.SchemeGroupVersion.WithResource("clusterroles"), - &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Name: withPseudoRandomSuffix("syncer"), - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{"sync"}, - APIGroups: []string{"workload.kcp.io"}, - Resources: []string{"synctargets"}, - ResourceNames: []string{"asynctarget"}, - }, - }, - }, - nil, - ) -} - -// replicateWorkloadsClusterRoleBindingScenario tests if a ClusterRoleBinding related to workloads API is propagated to the cache server. -// The test exercises creation, modification and removal of the ClusterRoleBinding object. -func replicateWorkloadsClusterRoleBindingScenario(ctx context.Context, t *testing.T, server framework.RunningServer, kcpShardClusterDynamicClient kcpdynamic.ClusterInterface, cacheKcpClusterDynamicClient kcpdynamic.ClusterInterface) { - t.Helper() - - clusterRole := &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Name: withPseudoRandomSuffix("syncer"), - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{"sync"}, - APIGroups: []string{"workload.kcp.io"}, - Resources: []string{"synctargets"}, - ResourceNames: []string{"asynctarget"}, - }, - }, - } - - orgPath, _ := framework.NewOrganizationFixture(t, server) - _, ws := framework.NewWorkspaceFixture(t, server, orgPath, framework.WithRootShard()) - clusterName := logicalcluster.Name(ws.Spec.Cluster) - - t.Logf("Create additional ClusterRole %s on the root shard for replication", clusterRole.Name) - clusterRoleGVR := rbacv1.SchemeGroupVersion.WithResource("clusterroles") - clusterRoleUnstr, err := toUnstructured(clusterRole, "ClusterRole", clusterRoleGVR) - require.NoError(t, err) - _, err = kcpShardClusterDynamicClient.Resource(clusterRoleGVR).Cluster(clusterName.Path()).Create(ctx, clusterRoleUnstr, metav1.CreateOptions{}) - require.NoError(t, err) - - replicateResource(ctx, - t, - server, - kcpShardClusterDynamicClient, - cacheKcpClusterDynamicClient, - clusterName, - "ClusterRoleBinding", - rbacv1.SchemeGroupVersion.WithResource("clusterrolebindings"), - &rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: withPseudoRandomSuffix("syncer"), - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: rbacv1.SchemeGroupVersion.Group, - Kind: "ClusterRole", - Name: clusterRole.Name, - }, - Subjects: []rbacv1.Subject{ - { - Kind: "ServiceAccount", - APIGroup: "", - Name: "kcp-syncer-0000", - Namespace: "kcp-syncer-namespace", - }, - }, - }, - nil, - ) -} - -// replicateWorkloadsClusterRoleNegativeScenario checks if modified or even deleted cached ClusterRole (related to workloads API) will be reconciled to match the original object. -func replicateWorkloadsClusterRoleBindingNegativeScenario(ctx context.Context, t *testing.T, server framework.RunningServer, kcpShardClusterDynamicClient kcpdynamic.ClusterInterface, cacheKcpClusterDynamicClient kcpdynamic.ClusterInterface) { - t.Helper() - - clusterRole := &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Name: withPseudoRandomSuffix("syncer"), - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{"sync"}, - APIGroups: []string{"workload.kcp.io"}, - Resources: []string{"synctargets"}, - ResourceNames: []string{"asynctarget"}, - }, - }, - } - - orgPath, _ := framework.NewOrganizationFixture(t, server) - _, ws := framework.NewWorkspaceFixture(t, server, orgPath, framework.WithRootShard()) - clusterName := logicalcluster.Name(ws.Spec.Cluster) - - t.Logf("Create additional ClusterRole %s on the root shard for replication", clusterRole.Name) - clusterRoleGVR := rbacv1.SchemeGroupVersion.WithResource("clusterroles") - clusterRoleUnstr, err := toUnstructured(clusterRole, "ClusterRole", clusterRoleGVR) - require.NoError(t, err) - _, err = kcpShardClusterDynamicClient.Resource(clusterRoleGVR).Cluster(clusterName.Path()).Create(ctx, clusterRoleUnstr, metav1.CreateOptions{}) - require.NoError(t, err) - - replicateResourceNegative( - ctx, - t, - server, - kcpShardClusterDynamicClient, - cacheKcpClusterDynamicClient, - clusterName, - "ClusterRoleBinding", - rbacv1.SchemeGroupVersion.WithResource("clusterrolebindings"), - &rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: withPseudoRandomSuffix("syncer"), - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: rbacv1.SchemeGroupVersion.Group, - Kind: "ClusterRole", - Name: clusterRole.Name, - }, - Subjects: []rbacv1.Subject{ - { - Kind: "ServiceAccount", - APIGroup: "", - Name: "kcp-syncer-0000", - Namespace: "kcp-syncer-namespace", - }, - }, - }, - nil, - ) -}