Merge branch 'master' into default-sa-namespace

kubesaw · Sep 12, 2024 · 10742d6 · 10742d6
2 parents f139983 + 5b6d495
commit 10742d6
Show file tree

Hide file tree

Showing 22 changed files with 92 additions and 308 deletions.
diff --git a/cmd/user-identity-mapper/user_identity_mapper.go b/cmd/user-identity-mapper/user_identity_mapper.go
@@ -16,15 +16,15 @@ func CreateUserIdentityMappings(ctx context.Context, logger *log.Logger, cl runt
 	logger.Info("listing users...")
 	users := &userv1.UserList{}
 	if err := cl.List(ctx, users, runtimeclient.MatchingLabels{
-		"provider": "sandbox-sre",
+		"provider": "ksctl",
 	}); err != nil {
 		return fmt.Errorf("unable to list users: %w", err)
 	}
 	for _, user := range users.Items {
 		logger.Info("listing identities", "username", user.Name)
 		identities := userv1.IdentityList{}
 		if err := cl.List(ctx, &identities, runtimeclient.MatchingLabels{
-			"provider": "sandbox-sre",
+			"provider": "ksctl",
 			"username": user.Name,
 		}); err != nil {
 			return fmt.Errorf("unable to list identities: %w", err)

diff --git a/cmd/user-identity-mapper/user_identity_mapper_test.go b/cmd/user-identity-mapper/user_identity_mapper_test.go
@@ -29,15 +29,15 @@ func TestUserIdentityMapper(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "user1",
 			Labels: map[string]string{
-				"provider": "sandbox-sre",
+				"provider": "ksctl",
 			},
 		},
 	}
 	identity1 := &userv1.Identity{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "identity1",
 			Labels: map[string]string{
-				"provider": "sandbox-sre",
+				"provider": "ksctl",
 				"username": "user1",
 			},
 		},
@@ -46,30 +46,30 @@ func TestUserIdentityMapper(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "user2",
 			Labels: map[string]string{
-				"provider": "sandbox-sre",
+				"provider": "ksctl",
 			},
 		},
 	}
 	identity2 := &userv1.Identity{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "identity2",
 			Labels: map[string]string{
-				"provider": "sandbox-sre",
+				"provider": "ksctl",
 				"username": "user2",
 			},
 		},
 	}
 	user3 := &userv1.User{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "user3",
-			// not managed by sandbox-sre
+			// not managed by ksctl
 		},
 	}
 	identity3 := &userv1.Identity{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "identity3",
 			Labels: map[string]string{
-				"provider": "sandbox-sre",
+				"provider": "ksctl",
 				"username": "user3",
 			},
 		},
@@ -88,7 +88,7 @@ func TestUserIdentityMapper(t *testing.T) {
 		require.NoError(t, err)
 		assert.NotContains(t, out.String(), "unable to list identities")
 		uim := &userv1.UserIdentityMapping{}
-		// `user1` and `user2` are not managed by sandbox (ie, labelled with `provider: sandbox-sre`), hence the `UserIdentityMappings` exist
+		// `user1` and `user2` are not managed by ksctl (ie, labelled with `provider: ksctl`), hence the `UserIdentityMappings` exist
 		require.NoError(t, cl.Get(context.TODO(), types.NamespacedName{Name: identity1.Name}, uim))
 		assert.Equal(t, identity1.Name, uim.Identity.Name)
 		assert.Equal(t, user1.Name, uim.User.Name)
@@ -111,7 +111,7 @@ func TestUserIdentityMapper(t *testing.T) {
 			// then
 			require.NoError(t, err)
 			assert.NotContains(t, out.String(), "unable to list identities")
-			// `user3` is not managed by sandbox (ie, not labelled with `provider: sandbox-sre`), , hence the `UserIdentityMappings` does not exist
+			// `user3` is not managed by ksctl (ie, not labelled with `provider: ksctl`), , hence the `UserIdentityMappings` does not exist
 			require.EqualError(t, cl.Get(context.TODO(), types.NamespacedName{Name: identity3.Name}, &userv1.UserIdentityMapping{}), `useridentitymappings.user.openshift.io "identity3" not found`)
 		})
 

diff --git a/pkg/assets/assets_test.go b/pkg/assets/assets_test.go
@@ -28,7 +28,7 @@ objects:
   metadata:
     name: get-catalogsources
     labels:
-      provider: sandbox-sre
+      provider: ksctl
   rules:
   - apiGroups:
     - operators.coreos.com
@@ -47,7 +47,7 @@ objects:
   metadata:
     name: get-deployments
     labels:
-      provider: sandbox-sre
+      provider: ksctl
   rules:
   - apiGroups:
     - apps

diff --git a/pkg/assets/sandbox_config.go → pkg/assets/kubesaw-admins.go b/pkg/assets/sandbox_config.go → pkg/assets/kubesaw-admins.go
diff --git a/pkg/client/client_test.go b/pkg/client/client_test.go
@@ -350,14 +350,14 @@ func TestCreate(t *testing.T) {
 			namespacedName := commontest.NamespacedName("openshift-customer-monitoring", "openshift-customer-monitoring")
 			fakeClient := commontest.NewFakeClient(t)
 			term := NewFakeTerminalWithResponse("Y")
-			operatorGroup := newOperatorGroup(namespacedName, map[string]string{"provider": "sandbox-sre"})
+			operatorGroup := newOperatorGroup(namespacedName, map[string]string{"provider": "ksctl"})
 
 			// when
 			err := client.Create(term, fakeClient, operatorGroup)
 
 			// then
 			require.NoError(t, err)
-			AssertOperatorGroupHasLabels(t, fakeClient, namespacedName, map[string]string{"provider": "sandbox-sre"})
+			AssertOperatorGroupHasLabels(t, fakeClient, namespacedName, map[string]string{"provider": "ksctl"})
 			output := term.Output()
 			assert.Contains(t, output, "The 'openshift-customer-monitoring/openshift-customer-monitoring' OperatorGroup has been created")
 		})
@@ -370,7 +370,7 @@ func TestCreate(t *testing.T) {
 			namespacedName := commontest.NamespacedName("openshift-customer-monitoring", "openshift-customer-monitoring")
 			fakeClient := commontest.NewFakeClient(t, newOperatorGroup(namespacedName, map[string]string{"provider": "osd"}))
 			term := NewFakeTerminalWithResponse("Y")
-			operatorGroup := newOperatorGroup(namespacedName, map[string]string{"provider": "sandbox-sre"})
+			operatorGroup := newOperatorGroup(namespacedName, map[string]string{"provider": "ksctl"})
 
 			// when
 			err := client.Create(term, fakeClient, operatorGroup)
@@ -390,7 +390,7 @@ func TestCreate(t *testing.T) {
 			}
 			term := NewFakeTerminalWithResponse("Y")
 			namespacedName := commontest.NamespacedName("openshift-customer-monitoring", "openshift-customer-monitoring")
-			operatorGroup := newOperatorGroup(namespacedName, map[string]string{"provider": "sandbox-sre"})
+			operatorGroup := newOperatorGroup(namespacedName, map[string]string{"provider": "ksctl"})
 
 			// when
 			err := client.Create(term, fakeClient, operatorGroup)
@@ -408,7 +408,7 @@ func TestCreate(t *testing.T) {
 			}
 			term := NewFakeTerminalWithResponse("Y")
 			namespacedName := commontest.NamespacedName("openshift-customer-monitoring", "openshift-customer-monitoring")
-			operatorGroup := newOperatorGroup(namespacedName, map[string]string{"provider": "sandbox-sre"})
+			operatorGroup := newOperatorGroup(namespacedName, map[string]string{"provider": "ksctl"})
 
 			// when
 			err := client.Create(term, fakeClient, operatorGroup)

diff --git a/pkg/client/sandbox_config_file.go → pkg/client/ksctl_config_file.go b/pkg/client/sandbox_config_file.go → pkg/client/ksctl_config_file.go
diff --git a/pkg/cmd/adm/must_gather_namespace_test.go b/pkg/cmd/adm/must_gather_namespace_test.go
@@ -36,7 +36,7 @@ func TestMustGatherNamespaceCmd(t *testing.T) {
 	t.Run("ok", func(t *testing.T) {
 		t.Run("create the dest-dir on-the-fly", func(t *testing.T) {
 			// given
-			baseDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			baseDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			destDir := filepath.Join(baseDir, "test-dev")
 
@@ -51,7 +51,7 @@ func TestMustGatherNamespaceCmd(t *testing.T) {
 
 		t.Run("dest-dir already exists and is empty", func(t *testing.T) {
 			// given
-			baseDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			baseDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			destDir := filepath.Join(baseDir, "test-dev")
 			err = os.Mkdir(destDir, 0755)
@@ -71,7 +71,7 @@ func TestMustGatherNamespaceCmd(t *testing.T) {
 
 		t.Run("dest-dir already exists but is not empty", func(t *testing.T) {
 			// given
-			baseDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			baseDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			destDir := filepath.Join(baseDir, "test-dev")
 			err = os.Mkdir(destDir, 0755)

diff --git a/pkg/cmd/generate/admin-manifests_test.go b/pkg/cmd/generate/admin-manifests_test.go
@@ -317,7 +317,7 @@ func verifyUsers(t *testing.T, outDir, expectedRootDir string, clusterType confi
 func createKubeconfigFiles(t *testing.T, contents ...string) []string {
 	var fileNames []string
 	for _, content := range contents {
-		tempFile, err := os.CreateTemp("", "sandbox-sre-kubeconfig-")
+		tempFile, err := os.CreateTemp("", "ksctl-kubeconfig-")
 		require.NoError(t, err)
 
 		err = os.WriteFile(tempFile.Name(), []byte(content), os.FileMode(0755))
@@ -333,19 +333,19 @@ const ksctlKubeconfigContent = `
 apiVersion: v1
 clusters:
 - cluster:
-    server: https://api.sandbox.host.openshiftapps.com:6443
-  name: api-sandbox-host-openshiftapps-com:6443
+    server: https://api.kubesaw.host.openshiftapps.com:6443
+  name: api-kubesaw-host-openshiftapps-com:6443
 - cluster:
-    server: https://api.sandbox.member1.openshiftapps.com:6443
-  name: api-sandbox-member1-openshiftapps-com:6443
+    server: https://api.kubesaw.member1.openshiftapps.com:6443
+  name: api-kubesaw-member1-openshiftapps-com:6443
 contexts:
 - context:
-    cluster: api-sandbox-host-openshiftapps-com:6443
+    cluster: api-kubesaw-host-openshiftapps-com:6443
     namespace: toolchain-host-operator
     user: dedicatedadmin
   name: host
 - context:
-    cluster: api-sandbox-member1-openshiftapps-com:6443
+    cluster: api-kubesaw-member1-openshiftapps-com:6443
     namespace: toolchain-member-operator
     user: dedicatedadmin
   name: member1
@@ -362,11 +362,11 @@ const ksctlKubeconfigContentMember2 = `
 apiVersion: v1
 clusters:
 - cluster:
-    server: https://api.sandbox.member2.openshiftapps.com:6443
-  name: api-sandbox-member2-openshiftapps-com:6443
+    server: https://api.kubesaw.member2.openshiftapps.com:6443
+  name: api-kubesaw-member2-openshiftapps-com:6443
 contexts:
 - context:
-    cluster: api-sandbox-member2-openshiftapps-com:6443
+    cluster: api-kubesaw-member2-openshiftapps-com:6443
     namespace: toolchain-member-operator
     user: dedicatedadmin
   name: member2

diff --git a/pkg/cmd/generate/assertion_test.go b/pkg/cmd/generate/assertion_test.go
@@ -258,7 +258,7 @@ func newPermissionAssertion(storageAssertion *storageAssertionImpl, subjNamespac
 			Namespace: subjNamespace,
 		},
 		expLabels: map[string]string{
-			"provider": "sandbox-sre",
+			"provider": "ksctl",
 		},
 	}
 }
@@ -269,7 +269,7 @@ func (a *storageAssertionImpl) assertSa(namespace, name string) permissionAssert
 	sa := &corev1.ServiceAccount{}
 	a.assertObject(namespace, name, sa, func() {
 		expLabels := map[string]string{
-			"provider": "sandbox-sre",
+			"provider": "ksctl",
 			"username": splitName[len(splitName)-1],
 		}
 		assert.Equal(a.t, expLabels, sa.Labels)
@@ -287,7 +287,7 @@ type userAssertion struct {
 
 func (a *storageAssertionImpl) assertUser(name string) userAssertion {
 	expLabels := map[string]string{
-		"provider": "sandbox-sre",
+		"provider": "ksctl",
 		"username": name,
 	}
 
@@ -343,7 +343,7 @@ func (a userAssertion) belongsToGroups(groups groupsUserBelongsTo, extraGroups e
 
 	for _, groupObj := range presentGroups {
 		expLabels := map[string]string{
-			"provider": "sandbox-sre",
+			"provider": "ksctl",
 		}
 		assert.Equal(a.t, expLabels, groupObj.GetLabels())
 		group := groupObj.(*userv1.Group)
@@ -360,7 +360,7 @@ func (a *storageAssertionImpl) assertThatGroupHasUsers(name string, usernames ..
 	group := &userv1.Group{}
 	a.assertObject("", name, group, func() {
 		expLabels := map[string]string{
-			"provider": "sandbox-sre",
+			"provider": "ksctl",
 		}
 		assert.Equal(a.t, expLabels, group.Labels)
 		sort.Strings(group.Users)
@@ -427,7 +427,7 @@ func (a *storageAssertionImpl) assertRole(namespace, roleName string, contentAss
 	role := &rbacv1.Role{}
 	a.assertObject(namespace, roleName, role, func() {
 		expLabels := map[string]string{
-			"provider": "sandbox-sre",
+			"provider": "ksctl",
 		}
 		assert.Equal(a.t, expLabels, role.Labels)
 		for _, assertContent := range contentAssertion {

diff --git a/pkg/cmd/generate/cli_configs.go b/pkg/cmd/generate/cli_configs.go
@@ -133,7 +133,7 @@ func serverName(API string) string {
 	return strings.Split(strings.Split(API, "api.")[1], ":")[0]
 }
 
-// writeKsctlConfigs marshals the given KsctlConfig objects and stored them in sandbox-sre/out/config/<name>/ directories
+// writeKsctlConfigs marshals the given KsctlConfig objects and stored them in ksctl/out/config/<name>/ directories
 func writeKsctlConfigs(term ioutils.Terminal, configDirPath string, ksctlConfigsPerName map[string]configuration.KsctlConfig) error {
 	if err := os.RemoveAll(configDirPath); err != nil {
 		return err

diff --git a/pkg/cmd/generate/cli_configs_test.go b/pkg/cmd/generate/cli_configs_test.go
@@ -75,7 +75,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 	t.Run("successful", func(t *testing.T) {
 		t.Run("when there is host and two members", func(t *testing.T) {
 			// given
-			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			tempDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: configFile, outDir: tempDir, tokenExpirationDays: 50}
 
@@ -106,7 +106,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 			kubeSawAdminsContent, err := yaml.Marshal(saInHostOnly)
 			require.NoError(t, err)
 			configFile := createKubeSawAdminsFile(t, "kubesaw.host.openshiftapps.com", kubeSawAdminsContent)
-			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			tempDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: configFile, outDir: tempDir, tokenExpirationDays: 50}
 
@@ -128,7 +128,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 				newServiceAccount("kubesaw-admins-member", "john"),
 				newServiceAccount("kubesaw-admins-member", "bob"),
 			)
-			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			tempDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			kubeconfigFiles := createKubeconfigFiles(t, ksctlKubeconfigContent)
 			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: configFile, outDir: tempDir, dev: true, tokenExpirationDays: 50}
@@ -185,7 +185,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 
 		t.Run("wrong kubesaw-admins.yaml file path", func(t *testing.T) {
 			// given
-			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			tempDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: "does/not/exist", outDir: tempDir}
 
@@ -199,7 +199,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 
 		t.Run("wrong kubeconfig file path", func(t *testing.T) {
 			// given
-			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			tempDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			flags := generateFlags{kubeconfigs: []string{"does/not/exist"}, kubeSawAdminsFile: configFile, outDir: tempDir}
 
@@ -222,8 +222,8 @@ func TestGenerateCliConfigs(t *testing.T) {
 			saInHostOnly.DefaultServiceAccountsNamespace.Host = "kubesaw-sre-host"
 			kubeSawAdminsContent, err := yaml.Marshal(saInHostOnly)
 			require.NoError(t, err)
-			configFile := createKubeSawAdminsFile(t, "sandbox.host.openshiftapps.com", kubeSawAdminsContent)
-			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
+			configFile := createKubeSawAdminsFile(t, "kubesaw.host.openshiftapps.com", kubeSawAdminsContent)
+			tempDir, err := os.MkdirTemp("", "ksctl-out-")
 			require.NoError(t, err)
 			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: configFile, outDir: tempDir}
 
@@ -345,8 +345,8 @@ func (a *ksctlConfigAssertion) hasCluster(clusterName, subDomain string, cluster
 
 	assert.NotNil(a.t, a.ksctlConfig.ClusterAccessDefinitions[clusterName])
 	assert.Equal(a.t, clusterType, a.ksctlConfig.ClusterAccessDefinitions[clusterName].ClusterType)
-	assert.Equal(a.t, fmt.Sprintf("sandbox.%s.openshiftapps.com", subDomain), a.ksctlConfig.ClusterAccessDefinitions[clusterName].ServerName)
-	assert.Equal(a.t, fmt.Sprintf("https://api.sandbox.%s.openshiftapps.com:6443", subDomain), a.ksctlConfig.ClusterAccessDefinitions[clusterName].ServerAPI)
+	assert.Equal(a.t, fmt.Sprintf("kubesaw.%s.openshiftapps.com", subDomain), a.ksctlConfig.ClusterAccessDefinitions[clusterName].ServerName)
+	assert.Equal(a.t, fmt.Sprintf("https://api.kubesaw.%s.openshiftapps.com:6443", subDomain), a.ksctlConfig.ClusterAccessDefinitions[clusterName].ServerAPI)
 
 	assert.Equal(a.t, fmt.Sprintf("token-secret-for-%s", a.saBaseName), a.ksctlConfig.ClusterAccessDefinitions[clusterName].Token)
 }

diff --git a/pkg/cmd/generate/cluster.go b/pkg/cmd/generate/cluster.go
@@ -57,7 +57,7 @@ func ensureUsers(ctx *clusterContext, objsCache objectsCache) error {
 		}
 		// create the subject if explicitly requested (even if there is no specific permissions)
 		if user.AllClusters {
-			if _, err := m.createSubject(ctx, m.objectsCache, m.subjectBaseName, defaultSAsNamespace(ctx.kubeSawAdmins, ctx.clusterType), sreLabelsWithUsername(m.subjectBaseName)); err != nil {
+			if _, err := m.createSubject(ctx, m.objectsCache, m.subjectBaseName, defaultSAsNamespace(ctx.kubeSawAdmins, ctx.clusterType), ksctlLabelsWithUsername(m.subjectBaseName)); err != nil {
 				return err
 			}
 		}

diff --git a/pkg/cmd/generate/mock_test.go b/pkg/cmd/generate/mock_test.go
@@ -14,9 +14,9 @@ import (
 )
 
 const (
-	HostServerAPI    = "https://api.sandbox.host.openshiftapps.com:6443"
-	Member1ServerAPI = "https://api.sandbox.member1.openshiftapps.com:6443"
-	Member2ServerAPI = "https://api.sandbox.member2.openshiftapps.com:6443"
+	HostServerAPI    = "https://api.kubesaw.host.openshiftapps.com:6443"
+	Member1ServerAPI = "https://api.kubesaw.member1.openshiftapps.com:6443"
+	Member2ServerAPI = "https://api.kubesaw.member2.openshiftapps.com:6443"
 )
 
 // files part