Merge pull request #671 from kubevirt-bot/cherry-pick-646-to-release-…

…v0.18

[release-v0.18] feat: replace namespace of configMaps and roleBindings

internal/operands/tekton-pipelines/tekton-pipelines.go

@@ -89,7 +89,7 @@ func (t *tektonPipelines) Reconcile(request *common.Request) ([]common.Reconcile
 		return nil, nil
 	}
 	if !request.CrdList.CrdExists(tektonCrd) {
-		return nil, fmt.Errorf("Tekton CRD %s does not exist", tektonCrd)
+		return nil, fmt.Errorf("tekton CRD %s does not exist", tektonCrd)
 	}
 
 	var reconcileFunc []common.ReconcileFunc
@@ -133,9 +133,9 @@ func (t *tektonPipelines) Cleanup(request *common.Request) ([]common.CleanupResu
 		o := sa.DeepCopy()
 		objects = append(objects, o)
 	}
-
+	namespace, _ := getTektonPipelinesNamespace(request)
 	for i := range objects {
-		objects[i].SetNamespace(getTektonPipelinesNamespace(request))
+		objects[i].SetNamespace(namespace)
 	}
 
 	for _, cr := range t.clusterRoles {
@@ -155,7 +155,7 @@ func reconcileTektonPipelinesFuncs(pipelines []pipeline.Pipeline) []common.Recon
 	for i := range pipelines {
 		tektonPipeline := &pipelines[i]
 		funcs = append(funcs, func(request *common.Request) (common.ReconcileResult, error) {
-			tektonPipeline.Namespace = getTektonPipelinesNamespace(request)
+			tektonPipeline.Namespace, _ = getTektonPipelinesNamespace(request)
 			return common.CreateOrUpdate(request).
 				ClusterResource(tektonPipeline).
 				WithAppLabels(operandName, operandComponent).
@@ -180,13 +180,13 @@ func reconcileTektonPipelinesFuncs(pipelines []pipeline.Pipeline) []common.Recon
 
 func reconcileConfigMapsFuncs(configMaps []v1.ConfigMap) []common.ReconcileFunc {
 	funcs := make([]common.ReconcileFunc, 0, len(configMaps))
+	var userDefinedNamespace bool
 	for i := range configMaps {
 		configMap := &configMaps[i]
 		funcs = append(funcs, func(request *common.Request) (common.ReconcileResult, error) {
-			if value, ok := configMap.Annotations[deployNamespaceAnnotation]; ok {
+			configMap.Namespace, userDefinedNamespace = getTektonPipelinesNamespace(request)
+			if value, ok := configMap.Annotations[deployNamespaceAnnotation]; ok && !userDefinedNamespace {
 				configMap.Namespace = value
-			} else {
-				configMap.Namespace = getTektonPipelinesNamespace(request)
 			}
 			return common.CreateOrUpdate(request).
 				ClusterResource(configMap).
@@ -219,7 +219,7 @@ func reconcileServiceAccountsFuncs(request *common.Request, serviceAccounts []v1
 		}
 
 		funcs = append(funcs, func(r *common.Request) (common.ReconcileResult, error) {
-			serviceAccount.Namespace = getTektonPipelinesNamespace(r)
+			serviceAccount.Namespace, _ = getTektonPipelinesNamespace(r)
 			//check if pipeline SA already exists from tekton deployment
 			if serviceAccount.Name == pipelineServiceAccountName {
 				existingSA, err := getServiceAccount(request, serviceAccount.Name)
@@ -261,8 +261,8 @@ func reconcileRoleBindingsFuncs(rolebindings []rbac.RoleBinding) []common.Reconc
 	for i := range rolebindings {
 		roleBinding := &rolebindings[i]
 		funcs = append(funcs, func(request *common.Request) (common.ReconcileResult, error) {
-			namespace := getTektonPipelinesNamespace(request)
-			if value, ok := roleBinding.Annotations[deployNamespaceAnnotation]; ok {
+			namespace, userDefinedNamespace := getTektonPipelinesNamespace(request)
+			if value, ok := roleBinding.Annotations[deployNamespaceAnnotation]; ok && !userDefinedNamespace {
 				roleBinding.Namespace = value
 			} else {
 				roleBinding.Namespace = namespace
@@ -280,9 +280,9 @@ func reconcileRoleBindingsFuncs(rolebindings []rbac.RoleBinding) []common.Reconc
 	return funcs
 }
 
-func getTektonPipelinesNamespace(request *common.Request) string {
+func getTektonPipelinesNamespace(request *common.Request) (string, bool) {
 	if request.Instance.Spec.TektonPipelines != nil && request.Instance.Spec.TektonPipelines.Namespace != "" {
-		return request.Instance.Spec.TektonPipelines.Namespace
+		return request.Instance.Spec.TektonPipelines.Namespace, true
 	}
-	return request.Instance.Namespace
+	return request.Instance.Namespace, false
 }

internal/operands/tekton-pipelines/tekton-pipelines_test.go

@@ -20,14 +20,17 @@ import (
 	"kubevirt.io/ssp-operator/internal/operands"
 	tektonbundle "kubevirt.io/ssp-operator/internal/tekton-bundle"
 	. "kubevirt.io/ssp-operator/internal/test-utils"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
 
 const (
-	namespace = "kubevirt"
-	name      = "test-tekton"
+	namespace              = "kubevirt"
+	name                   = "test-tekton"
+	testNamespace          = "test-namespace"
+	testDifferentNamespace = "different-namespace"
 )
 
 var _ = Describe("environments", func() {
@@ -163,6 +166,86 @@ var _ = Describe("environments", func() {
 			}
 		})
 	})
+
+	Context("With user defined namespace in ssp CR for pipelines", func() {
+		BeforeEach(func() {
+			request.Instance.Spec.FeatureGates.DeployTektonTaskResources = true
+			request.Instance.Spec.TektonPipelines = &ssp.TektonPipelines{
+				Namespace: testNamespace,
+			}
+		})
+
+		It("kubevirt.io/deploy-namespace annotation in configMaps should be replaced by user defined namespace", func() {
+			_, err := operand.Reconcile(request)
+			Expect(err).ToNot(HaveOccurred())
+
+			for _, configMap := range bundle.ConfigMaps {
+				configMap.Namespace = testNamespace
+				key := client.ObjectKeyFromObject(&configMap)
+				cm := &v1.ConfigMap{}
+				ExpectWithOffset(1, request.Client.Get(request.Context, key, cm)).ToNot(HaveOccurred())
+				Expect(cm.Namespace).To(Equal(testNamespace), "configMap namespace should equal")
+			}
+		})
+
+		It("kubevirt.io/deploy-namespace annotation in roleBindings should be replaced by user defined namespace", func() {
+			_, err := operand.Reconcile(request)
+			Expect(err).ToNot(HaveOccurred())
+
+			for _, roleBinding := range bundle.RoleBindings {
+				roleBinding.Namespace = testNamespace
+				key := client.ObjectKeyFromObject(&roleBinding)
+				rb := &rbac.RoleBinding{}
+				ExpectWithOffset(1, request.Client.Get(request.Context, key, rb)).ToNot(HaveOccurred())
+				Expect(rb.Namespace).To(Equal(testNamespace), rb.Name+" roleBinding namespace should equal")
+			}
+		})
+	})
+
+	Context("Without user defined namespace in ssp CR for pipelines", func() {
+		BeforeEach(func() {
+			request.Instance.Spec.FeatureGates.DeployTektonTaskResources = true
+			request.Instance.Spec.TektonPipelines = nil
+		})
+
+		It("kubevirt.io/deploy-namespace annotation in configMaps should replace default namespace", func() {
+			_, err := operand.Reconcile(request)
+			Expect(err).ToNot(HaveOccurred())
+
+			for _, configMap := range bundle.ConfigMaps {
+				objNamespace := namespace
+
+				if configMap.Name == "test-cm" {
+					configMap.Namespace = testDifferentNamespace
+					objNamespace = testDifferentNamespace
+				}
+
+				key := client.ObjectKeyFromObject(&configMap)
+				cm := &v1.ConfigMap{}
+				ExpectWithOffset(1, request.Client.Get(request.Context, key, cm)).ToNot(HaveOccurred())
+				Expect(cm.Namespace).To(Equal(objNamespace), cm.Name+" configMap namespace should equal")
+			}
+		})
+
+		It("kubevirt.io/deploy-namespace annotation in roleBindings should replace default namespace", func() {
+			_, err := operand.Reconcile(request)
+			Expect(err).ToNot(HaveOccurred())
+
+			for _, roleBinding := range bundle.RoleBindings {
+				objNamespace := namespace
+
+				if roleBinding.Name == "test-rb" {
+					roleBinding.Namespace = testDifferentNamespace
+					objNamespace = testDifferentNamespace
+				}
+
+				key := client.ObjectKeyFromObject(&roleBinding)
+				rb := &rbac.RoleBinding{}
+				ExpectWithOffset(1, request.Client.Get(request.Context, key, rb)).ToNot(HaveOccurred())
+				Expect(rb.Namespace).To(Equal(objNamespace), rb.Name+" roleBinding namespace should equal")
+			}
+		})
+	})
 })
 
 func TestTektonPipelines(t *testing.T) {
@@ -245,6 +328,9 @@ func getMockedTestBundle() *tektonbundle.Bundle {
 			{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "test-cm",
+					Annotations: map[string]string{
+						deployNamespaceAnnotation: testDifferentNamespace,
+					},
 				},
 			}, {
 				ObjectMeta: metav1.ObjectMeta{
@@ -256,6 +342,9 @@ func getMockedTestBundle() *tektonbundle.Bundle {
 			{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: "test-rb",
+					Annotations: map[string]string{
+						deployNamespaceAnnotation: testDifferentNamespace,
+					},
 				},
 			}, {
 				ObjectMeta: metav1.ObjectMeta{