Add RBAC and e2e test

component/provider.jsonnet

@@ -148,6 +148,11 @@ local providerRBAC = {
         resources: [ 'providerconfigs' ],
         verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
       },
+      {
+        apiGroups: [ 'mysql.sql.crossplane.io' ],
+        resources: [ 'providerconfigs' ],
+        verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
+      },
       {
         apiGroups: [ 'apiextensions.crossplane.io' ],
         resources: [ 'usages' ],

tests/e2e/mariadb/00-assert.yaml

@@ -7,7 +7,7 @@ kind: VSHNMariaDB
 metadata:
   finalizers:
   - finalizer.apiextensions.crossplane.io
-  name: mariadb
+  name: mariadb-e2e
 spec:
   compositeDeletePolicy: Background
   compositionRef:
@@ -18,6 +18,8 @@ spec:
     security:
       deletionProtection: true
     service:
+      access:
+        - user: e2e-test
       serviceLevel: besteffort
       version: "11.2"
     size:
@@ -43,4 +45,4 @@ metadata:
   ownerReferences:
     - apiVersion: vshn.appcat.vshn.io/v1
       kind: VSHNMariaDB
-      name: mariadb
+      name: mariadb-e2e

tests/e2e/mariadb/00-install.yaml

@@ -1,9 +1,12 @@
 apiVersion: vshn.appcat.vshn.io/v1
 kind: VSHNMariaDB
 metadata:
-  name: mariadb
+  name: mariadb-e2e
 spec:
   parameters:
+    service:
+      access:
+        - user: e2e-test
     size:
       plan: standard-2
   writeConnectionSecretToRef:

tests/e2e/mariadb/02-check-protection.yaml

@@ -1,4 +1,4 @@
 apiVersion: kuttl.dev/v1beta1
 kind: TestStep
 commands:
-  - script: scripts/check-protection.sh vshnmariadb mariadb
+  - script: scripts/check-protection.sh vshnmariadb mariadb-e2e

tests/e2e/mariadb/03-assert.yaml

@@ -7,7 +7,7 @@ kind: VSHNMariaDB
 metadata:
   finalizers:
   - finalizer.apiextensions.crossplane.io
-  name: mariadb
+  name: mariadb-e2e
 spec:
   compositeDeletePolicy: Background
   compositionRef:
@@ -43,4 +43,4 @@ metadata:
   ownerReferences:
     - apiVersion: vshn.appcat.vshn.io/v1
       kind: VSHNMariaDB
-      name: mariadb
+      name: mariadb-e2e

tests/e2e/mariadb/03-install.yaml

@@ -1,7 +1,7 @@
 apiVersion: vshn.appcat.vshn.io/v1
 kind: VSHNMariaDB
 metadata:
-  name: mariadb
+  name: mariadb-e2e
 spec:
   parameters:
     security:

tests/e2e/mariadb/99-delete.yaml

@@ -11,4 +11,4 @@ delete:
       e2e-test: mariadb
   - apiVersion: vshn.appcat.vshn.io/v1
     kind: VSHNMariaDB
-    name: mariadb-e2e-test
+    name: mariadb-e2e

tests/golden/vshn/appcat/appcat/10_appcat_legacy_billing_recording_rule.yaml

@@ -32,7 +32,7 @@ spec:
                               # Fetch all namespaces with label label_appuio_io_billing_name=~"appcat-.+"
                               kube_namespace_labels{label_appuio_io_organization=~".+", label_appuio_io_billing_name=~"appcat-.+"} *
                               on (namespace) group_right(label_appuio_io_organization,label_appcat_vshn_io_claim_namespace,label_appcat_vshn_io_sla, label_appuio_io_billing_name)
-                              (kube_pod_info{created_by_kind!="Job"} * on(namespace, pod) kube_pod_labels{label_appcat_io_billing="true"})),
+                              (kube_pod_info{created_by_kind!="Job"} * on(namespace, pod) kube_pod_labels{label_appcat_io_billing="true"}),
                               "tenant_id",
             "$1",
             "label_appuio_io_organization",

tests/golden/vshn/appcat/appcat/10_appcat_metering_recording_rule.yaml

@@ -18,7 +18,7 @@ spec:
                     # Fetch all namespaces with label label_appuio_io_billing_name=~"appcat-.+"
                     (kube_namespace_labels{label_appuio_io_billing_name=~"appcat-.+"} *
                     on (namespace) group_right(label_appuio_io_organization,label_appcat_vshn_io_claim_namespace,label_appcat_vshn_io_sla,label_appcat_vshn_io_claim_name,label_appuio_io_billing_name,label_appuio_io_organization)
-                    (kube_pod_info{created_by_kind!="Job"} * on(namespace, pod) kube_pod_labels{label_appcat_io_billing="true"}))
+                    (kube_pod_info{created_by_kind!="Job"} * on(namespace, pod) kube_pod_labels{label_appcat_io_billing="true"})
                     # We join it with appuio_control_organization_info to map the organization to a sales_order
                     # This metric is not available on the cluster's prometheus, only on mimir, this is just included for completenes sake.
                     #* on(label_appuio_io_organization) group_left(sales_order) label_replace(appuio_control_organization_info, "label_appuio_io_organization", "$1", "name", "(.*)")

tests/golden/vshn/appcat/appcat/10_provider_kubernetes.yaml

@@ -315,6 +315,18 @@ rules:
       - patch
       - create
       - delete
+  - apiGroups:
+      - mysql.sql.crossplane.io
+    resources:
+      - providerconfigs
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - patch
+      - create
+      - delete
   - apiGroups:
       - apiextensions.crossplane.io
     resources:

tests/golden/vshn/appcat/appcat/21_composition_objectstorage_minio.yaml

@@ -26,6 +26,7 @@ spec:
         apiVersion: v1
         data:
           providerConfig: minio
+          proxyEndpoint: host.docker.internal:9443
           serviceName: miniobucket
         kind: ConfigMap
         metadata:

tests/golden/vshn/appcat/appcat/21_composition_vshn_keycloak.yaml

@@ -52,6 +52,7 @@ spec:
             true, "memory": "2Gi"}}, "standard-4": {"size": {"cpu": "1", "disk": "16Gi",
             "enabled": true, "memory": "4Gi"}}, "standard-8": {"size": {"cpu": "2",
             "disk": "16Gi", "enabled": true, "memory": "8Gi"}}}'
+          proxyEndpoint: host.docker.internal:9443
           quotasEnabled: 'false'
           registry_password: ''
           registry_username: ''

tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml

@@ -52,6 +52,7 @@ spec:
             {"size": {"cpu": "125m", "disk": "16Gi", "enabled": true, "memory": "512Mi"}},
             "standard-8": {"size": {"cpu": "2", "disk": "16Gi", "enabled": true, "memory":
             "8Gi"}}}'
+          proxyEndpoint: host.docker.internal:9443
           quotasEnabled: 'false'
           restoreSA: mariadbrestoreserviceaccount
           serviceName: mariadb

tests/golden/vshn/appcat/appcat/21_composition_vshn_nextcloud.yaml

@@ -53,6 +53,7 @@ spec:
             true, "memory": "2Gi"}}, "standard-4": {"size": {"cpu": "1", "disk": "16Gi",
             "enabled": true, "memory": "4Gi"}}, "standard-8": {"size": {"cpu": "2",
             "disk": "16Gi", "enabled": true, "memory": "8Gi"}}}'
+          proxyEndpoint: host.docker.internal:9443
           quotasEnabled: 'false'
           restoreSA: nextcloudserviceaccount
           serviceName: nextcloud

tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml

@@ -77,6 +77,7 @@ spec:
             {"cpu": "400m", "disk": "20Gi", "enabled": true, "memory": "1936Mi"}},
             "standard-4": {"size": {"cpu": "900m", "disk": "40Gi", "enabled": true,
             "memory": "3984Mi"}}}'
+          proxyEndpoint: host.docker.internal:9443
           quotasEnabled: 'false'
           serviceName: postgresql
           sgNamespace: stackgres

tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml

@@ -601,6 +601,7 @@ spec:
           ownerGroup: vshn.appcat.vshn.io
           ownerKind: XVSHNRedis
           ownerVersion: v1
+          proxyEndpoint: host.docker.internal:9443
           quotasEnabled: 'false'
           restoreSA: redisrestoreserviceaccount
           serviceName: redis

tests/vshn.yml

@@ -22,7 +22,7 @@ parameters:
   appcat:
 
     grpcEndpoint: host.docker.internal:9443
-    proxyFunction: false
+    proxyFunction: true
 
     quotasEnabled: false
     appuioManaged: false