Merge pull request #157 from nimrod-becker/backport_to_2_0

Backport to 2.0

.travis.yml

@@ -1,7 +1,7 @@
 os: linux
 dist: xenial
 sudo: required
-sevices:
+services:
   - docker
 language: go
 go:
@@ -16,13 +16,16 @@ env:
     - MINIKUBE_HOME=$HOME
     - CHANGE_MINIKUBE_NONE_USER=true
     - KUBECONFIG=$HOME/.kube/config
+
 install:
   - bash .travis/install-tools.sh
   - bash .travis/install-operator-sdk.sh
   - bash .travis/install-python.sh
   - bash .travis/install-minikube.sh
+
 script:
   - make gen-api-fail-if-dirty --always-make
   - make build
   - make test
   - make test-olm
+  - make test-cli-flow

Makefile

@@ -142,6 +142,11 @@ test-go: gen cli
 	@echo "✅ test-go"
 .PHONY: test-go
 
+test-cli-flow:
+	$(TIME) ./test/cli/test_cli_flow.sh
+	@echo "✅ test-cli-flow"
+.PHONY: test-cli-flow
+
 # test-olm runs tests for the OLM package
 test-olm: operator-sdk gen-olm
 	$(TIME) ./test/test-olm.sh $(CATALOG_IMAGE)

pkg/operator/operator.go

@@ -12,7 +12,9 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/cli-runtime/pkg/printers"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 // Cmd returns a CLI command
@@ -134,7 +136,12 @@ func RunUninstall(cmd *cobra.Command, args []string) {
 func RunStatus(cmd *cobra.Command, args []string) {
 	c := LoadOperatorConf(cmd)
 	util.KubeCheck(c.NS)
-	util.KubeCheck(c.SA)
+	if util.KubeCheck(c.SA) {
+		// in OLM deployment the roles and bindings have generated names
+		// so we list and lookup bindings to our service account to discover the actual names
+		DetectRole(c)
+		DetectClusterRole(c)
+	}
 	util.KubeCheck(c.Role)
 	util.KubeCheck(c.RoleBinding)
 	util.KubeCheck(c.ClusterRole)
@@ -205,3 +212,54 @@ func LoadOperatorConf(cmd *cobra.Command) *Conf {
 	}
 	return c
 }
+
+// DetectRole looks up a role binding referencing our service account
+func DetectRole(c *Conf) {
+	roleBindings := &rbacv1.RoleBindingList{}
+	selector := labels.SelectorFromSet(labels.Set{
+		"olm.owner.kind":      "ClusterServiceVersion",
+		"olm.owner.namespace": c.SA.Namespace,
+	})
+	util.KubeList(roleBindings, &client.ListOptions{
+		Namespace:     c.SA.Namespace,
+		LabelSelector: selector,
+	})
+	for i := range roleBindings.Items {
+		b := &roleBindings.Items[i]
+		for j := range b.Subjects {
+			s := b.Subjects[j]
+			if s.Kind == "ServiceAccount" &&
+				s.Name == c.SA.Name &&
+				s.Namespace == c.SA.Namespace {
+				c.Role.Name = b.RoleRef.Name
+				c.RoleBinding.Name = b.Name
+				return
+			}
+		}
+	}
+}
+
+// DetectClusterRole looks up a cluster role binding referencing our service account
+func DetectClusterRole(c *Conf) {
+	clusterRoleBindings := &rbacv1.ClusterRoleBindingList{}
+	selector := labels.SelectorFromSet(labels.Set{
+		"olm.owner.kind":      "ClusterServiceVersion",
+		"olm.owner.namespace": c.SA.Namespace,
+	})
+	util.KubeList(clusterRoleBindings, &client.ListOptions{
+		LabelSelector: selector,
+	})
+	for i := range clusterRoleBindings.Items {
+		b := &clusterRoleBindings.Items[i]
+		for j := range b.Subjects {
+			s := b.Subjects[j]
+			if s.Kind == "ServiceAccount" &&
+				s.Name == c.SA.Name &&
+				s.Namespace == c.SA.Namespace {
+				c.ClusterRole.Name = b.RoleRef.Name
+				c.ClusterRoleBinding.Name = b.Name
+				return
+			}
+		}
+	}
+}

pkg/options/options.go

@@ -31,7 +31,7 @@ const (
 	ContainerImageRepo = "noobaa-core"
 	// ContainerImageTag is the tag of the default image url
 	ContainerImageTag = "5.2.10"
-	// ContainerImageConstraintSemver is the contraints of supported image versions
+	// ContainerImageConstraintSemver is the constraints of supported image versions
 	ContainerImageConstraintSemver = ">=5, <6"
 	// ContainerImageName is the default image name without the tag/version
 	ContainerImageName = ContainerImageOrg + "/" + ContainerImageRepo
@@ -52,26 +52,26 @@ const (
 var Namespace = "noobaa"
 
 // OperatorImage is the container image url built from https://github.com/noobaa/noobaa-operator
-// it can be overriden for testing or for different registry locations.
+// it can be overridden for testing or different registry locations.
 var OperatorImage = "noobaa/noobaa-operator:" + version.Version
 
 // NooBaaImage is the container image url built from https://github.com/noobaa/noobaa-core
-// it can be overriden for testing or for different registry locations.
+// it can be overridden for testing or different registry locations.
 var NooBaaImage = ContainerImage
 
 // DBImage is the default db image url
-// it can be overriden for testing or for different registry locations.
+// it can be overridden for testing or different registry locations.
 var DBImage = "centos/mongodb-36-centos7"
 
 // DBVolumeSizeGB can be used to override the default database volume size
 var DBVolumeSizeGB = 0
 
 // DBStorageClass is used for PVC's allocation for the noobaa server data
-// it can be overriden for testing or for different PV providers.
+// it can be overridden for testing or different PV providers.
 var DBStorageClass = ""
 
 // PVPoolDefaultStorageClass is used for PVC's allocation for the noobaa server data
-// it can be overriden for testing or for different PV providers.
+// it can be overridden for testing or different PV providers.
 var PVPoolDefaultStorageClass = ""
 
 // ImagePullSecret is optionally used to authenticate when pulling the container images

test/cli/test_cli_flow.sh

@@ -0,0 +1,145 @@
+#!/bin/bash
+
+export PS4='\e[36m+ ${FUNCNAME:-main}\e[0m@\e[32m${BASH_SOURCE}:\e[35m${LINENO} \e[0m'
+
+#In first stage, the script assume that the noobaa cli is installed.
+#Also assuming aws cli is installed
+
+NAMESPACE='test'
+#the timeout is that big because it sometimes take a while to get pvc
+DEFAULT_TIMEOUT=1800
+
+directory=$(dirname ${0})
+. ${directory}/test_cli_functions.sh
+unset directory
+
+#FLOW TODO: 
+# # AWS-S3 ❌  
+# nb backingstore create aws-s3 aws1 --target-bucket znoobaa --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY ❌
+# nb backingstore create aws-s3 aws2 --target-bucket noobaa-qa --access-key $AWS_ACCESS_KEY_ID --secret-key $AWS_SECRET_ACCESS_KEY ❌
+# nb backingstore status aws1 ❌
+# nb backingstore status aws2 ❌
+# nb backingstore list ❌
+# nb status ❌
+# kubectl get backingstore ❌
+# kubectl describe backingstore ❌
+
+# # Google - TODO ❌  
+# nb backingstore create azure-blob blob1 --target-blob-container jacky-container --account-name $AZURE_ACCOUNT_NAME --account-key $AZURE_ACCOUNT_KEY
+
+# # Azure - TODO ❌ 
+# nb backingstore create google-cloud-storage google1 --target-bucket jacky-bucket --private-key-json-file ~/Downloads/noobaa-test-1-d462775d1e1a.json
+
+# # BucketClass ❌  
+# nb bucketclass create class1 --backingstores nb1 ✅
+# nb bucketclass create class2 --placement Mirror --backingstores nb1,aws1 ❌ 
+# nb bucketclass create class3 --placement Spread --backingstores aws1,aws2 ❌ 
+# nb bucketclass create class4 --backingstores nb1,nb2 ✅
+# nb bucketclass status class1 ✅
+# nb bucketclass status class2 ✅
+# nb bucketclass list ✅
+# nb status ✅
+# kubectl get bucketclass ✅
+# kubectl describe bucketclass ✅
+
+# # OBC ❌  
+# nb obc create buck1 --bucketclass class1 ✅
+# nb obc create buck2 --bucketclass class2 ❌  
+# nb obc create buck3 --bucketclass class3 --app-namespace default ❌  
+# nb obc create buck4 --bucketclass class4 ✅
+# nb obc list ✅
+# # nb obc status buck1 ✅
+# # nb obc status buck2 ✅
+# # nb obc status buck3 ✅
+# kubectl get obc ✅
+# kubectl describe obc ✅
+# kubectl get obc,ob,secret,cm -l noobaa-obc ✅
+
+# AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=YYY aws s3 --endpoint-url XXX ls BUCKETNAME ❌  
+
+function clean {
+    PID=$1
+    kill -9 ${PID}
+    exit 0
+}
+
+function main {
+    noobaa_install
+    aws_credentials
+    check_S3_compatible
+    bucketclass_cycle
+    obc_cycle
+    # TODO:: Enable the deletions path 
+    #check_deletes
+    #noobaa uninstall 
+}
+
+function usage {
+    set +x
+    echo -e "\nUsage: ${0} [options]"
+    echo "--timeout         -   Set Timeout in sec (default: ${DEFAULT_TIMEOUT})"
+    echo "--namespace       -   Change the namespace"
+    echo "--mongo-image     -   Change the mongo image"
+    echo "--noobaa-image    -   Change the noobaa image"
+    echo "--operator-image  -   Change the operator image"
+    echo -e "--help         -   print this help\n"
+    exit 1
+}
+
+while true
+do
+    if [ -z ${1} ]; then
+        break
+    fi
+
+    case ${1} in
+        --mongo-image)      MONGO_IMAGE=${2}
+                            shift 2;;
+        --noobaa-image)     NOOBAA_IMAGE=${2}
+                            shift 2;;
+        --operator-image)   OPERATOR_IMAGE=${2}
+                            shift 2;;
+        -n|--namespace)     NAMESPACE=${2}
+                            shift 2;;
+        --timeout)          TIMEOUT=${2} 
+                            shift 2
+                            number='^[0-9]+$'
+                            if ! [[ ${TIMEOUT} =~ ${number} ]]
+                            then
+                                echo "❌  timeout must be a number, Exiting"
+                                exit 1
+                            fi;;
+        -h|--help)          usage;;
+        *)                  usage;;
+    esac
+done
+
+#Setting noobaa command with namespace
+#The reason that we are doing it in a variable and not alias is
+#That alias is not expended in non interactive shell
+#Currently will work only on noobaa-operator-local - need to change it
+noobaa="build/_output/bin/noobaa-operator-local -n ${NAMESPACE}"
+kubectl="kubectl -n ${NAMESPACE}"
+
+#Setting the noobaa command with non standard options if needed.
+if [ ! -z ${MONGO_IMAGE} ]
+then
+    noobaa+=" --mongo-image ${MONGO_IMAGE}"
+fi
+
+if [ ! -z ${NOOBAA_IMAGE} ]
+then
+    noobaa+=" --noobaa-image ${NOOBAA_IMAGE}"
+fi
+
+if [ ! -z ${OPERATOR_IMAGE} ]
+then
+    noobaa+=" --operator-image ${OPERATOR_IMAGE}"
+fi
+
+if [ -z ${TIMEOUT} ]
+then
+    TIMEOUT=${DEFAULT_TIMEOUT}
+fi
+
+main