diff --git a/component/class/appcat.yml b/component/class/appcat.yml index acc2da865..8243508b1 100644 --- a/component/class/appcat.yml +++ b/component/class/appcat.yml @@ -66,6 +66,7 @@ parameters: - ${_base_directory}/component/statefuleset-resize-controller.jsonnet - ${_base_directory}/component/functions.jsonnet - ${_base_directory}/component/vshn_appcat_services.jsonnet + - ${_base_directory}/component/rbac_e2e.jsonnet input_type: jsonnet output_path: appcat/ diff --git a/component/class/defaults.yml b/component/class/defaults.yml index baaf8b21e..3a67623ac 100644 --- a/component/class/defaults.yml +++ b/component/class/defaults.yml @@ -42,7 +42,7 @@ parameters: appcat: registry: ghcr.io repository: vshn/appcat - tag: v4.44.0 + tag: fix/missing_rbac_mariadb apiserver: registry: ghcr.io repository: vshn/appcat-apiserver @@ -69,19 +69,19 @@ parameters: grpcEndpoint: host.docker.internal:9443 defaultRestoreRoleRules: - apiGroups: - - vshn.appcat.vshn.io + - vshn.appcat.vshn.io resources: - - vshnredis + - vshnredis verbs: - - get + - get - apiGroups: - - 'k8up.io' + - "k8up.io" resources: - snapshots verbs: - get - apiGroups: - - '' + - "" resources: - secrets verbs: @@ -89,26 +89,26 @@ parameters: - create - delete - apiGroups: - - apps + - apps resources: - - statefulsets/scale + - statefulsets/scale verbs: - update - patch - apiGroups: - - apps + - apps resources: - statefulsets verbs: - get - apiGroups: - - batch + - batch resources: - jobs verbs: - get - apiGroups: - - '' + - "" resources: - events verbs: @@ -292,6 +292,7 @@ parameters: vshn: enabled: false externalDatabaseConnectionsEnabled: "false" + e2eTests: false quotasEnabled: ${appcat:quotasEnabled} secretNamespace: ${crossplane:namespace} emailAlerting: @@ -511,12 +512,12 @@ parameters: hasSts: true openshiftTemplate: serviceName: mariadbbyvshn - description: 'The open source relational database management system (DBMS) that is a compatible drop-in replacement for the widely used MySQL database technology' + description: "The open source relational database management system (DBMS) that is a compatible drop-in replacement for the widely used MySQL database technology" message: 'Your MariaDB by VSHN instance is being provisioned, please see \${SECRET_NAME} for access.' url: https://vs.hn/vshn-mariadb - tags: 'database,sql,mariadb' - icon: 'icon-mariadb' - defaultVersion: '11.2' + tags: "database,sql,mariadb" + icon: "icon-mariadb" + defaultVersion: "11.2" enableNetworkPolicy: false secretNamespace: ${appcat:services:vshn:secretNamespace} helmChartVersion: ${appcat:charts:mariadb:version} diff --git a/component/component/rbac_e2e.jsonnet b/component/component/rbac_e2e.jsonnet new file mode 100644 index 000000000..8de59e649 --- /dev/null +++ b/component/component/rbac_e2e.jsonnet @@ -0,0 +1,42 @@ +local kap = import 'lib/kapitan.libjsonnet'; +local kube = import 'lib/kube.libjsonnet'; + +local inv = kap.inventory(); +local params = inv.parameters.appcat; + +local e2eNs = kube.Namespace('appcat-e2e') + { + metadata+: { + labels+: { + 'appuio.io/organization': 'vshn-e2e-tests', + }, + }, +}; + +local e2eSA = kube.ServiceAccount('appcat-e2e') + { + metadata+: { + namespace: 'appcat-e2e', + }, +}; + +local e2eRoleBinding = kube.RoleBinding('appcat-e2e') + { + metadata+: { + namespace: 'appcat-e2e', + }, + roleRef_: kube.ClusterRole('admin'), + subjects_: [ e2eSA ], +}; + +local e2eSAToken = kube.Secret('appcat-e2e-github') + { + metadata+: { + namespace: 'appcat-e2e', + annotations+: { + 'kubernetes.io/service-account.name': 'appcat-e2e', + 'argocd.argoproj.io/compare-options': 'IgnoreExtraneous', + }, + }, + type: 'kubernetes.io/service-account-token', +}; + +if params.services.vshn.e2eTests then { + '20_rbac_vshn_e2e_tests': [ e2eNs, e2eSA, e2eRoleBinding, e2eSAToken ] +} else {} diff --git a/component/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml b/component/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml index eea4ddc75..729248519 100644 --- a/component/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml +++ b/component/tests/golden/apiserver/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.44.0-func + package: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb-func runtimeConfigRef: name: function-appcat diff --git a/component/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml b/component/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml index eea4ddc75..729248519 100644 --- a/component/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml +++ b/component/tests/golden/cloudscale/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.44.0-func + package: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb-func runtimeConfigRef: name: function-appcat diff --git a/component/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml b/component/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml index eea4ddc75..729248519 100644 --- a/component/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml +++ b/component/tests/golden/controllers/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.44.0-func + package: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb-func runtimeConfigRef: name: function-appcat diff --git a/component/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml b/component/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml index bde2706cf..4d0ff079c 100644 --- a/component/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/component/tests/golden/controllers/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb livenessProbe: httpGet: path: /healthz diff --git a/component/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml b/component/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml index eea4ddc75..729248519 100644 --- a/component/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml +++ b/component/tests/golden/defaults/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.44.0-func + package: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb-func runtimeConfigRef: name: function-appcat diff --git a/component/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/component/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 3bee2ad84..36088e4f1 100644 --- a/component/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/component/tests/golden/defaults/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -28,7 +28,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNREDIS value: "false" - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb livenessProbe: httpGet: path: /healthz diff --git a/component/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml b/component/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml index eea4ddc75..729248519 100644 --- a/component/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml +++ b/component/tests/golden/exoscale/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.44.0-func + package: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb-func runtimeConfigRef: name: function-appcat diff --git a/component/tests/golden/minio/appcat/appcat/10_function_appcat.yaml b/component/tests/golden/minio/appcat/appcat/10_function_appcat.yaml index eea4ddc75..729248519 100644 --- a/component/tests/golden/minio/appcat/appcat/10_function_appcat.yaml +++ b/component/tests/golden/minio/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.44.0-func + package: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb-func runtimeConfigRef: name: function-appcat diff --git a/component/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml b/component/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml index 96110d9d0..760aea4fa 100644 --- a/component/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml +++ b/component/tests/golden/minio/appcat/appcat/21_composition_vshn_minio.yaml @@ -28,7 +28,7 @@ spec: data: controlNamespace: syn-appcat-control defaultPlan: standard-1 - imageTag: v4.44.0 + imageTag: fix_missing_rbac_mariadb maintenanceSA: helm-based-service-maintenance minioChartRepository: https://charts.min.io minioChartVersion: 5.0.13 diff --git a/component/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml b/component/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml index bde2706cf..4d0ff079c 100644 --- a/component/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/component/tests/golden/minio/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb livenessProbe: httpGet: path: /healthz diff --git a/component/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml b/component/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml index c22451b28..459ed93ea 100644 --- a/component/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/component/tests/golden/minio/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb name: sla-reporter resources: limits: diff --git a/component/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/component/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 3bee2ad84..36088e4f1 100644 --- a/component/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/component/tests/golden/minio/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -28,7 +28,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNREDIS value: "false" - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb livenessProbe: httpGet: path: /healthz diff --git a/component/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml b/component/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml index eea4ddc75..729248519 100644 --- a/component/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml +++ b/component/tests/golden/openshift/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.44.0-func + package: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb-func runtimeConfigRef: name: function-appcat diff --git a/component/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/component/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 3bee2ad84..36088e4f1 100644 --- a/component/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/component/tests/golden/openshift/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -28,7 +28,7 @@ spec: value: "false" - name: APPCAT_SLI_VSHNREDIS value: "false" - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb livenessProbe: httpGet: path: /healthz diff --git a/component/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml b/component/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml index eea4ddc75..729248519 100644 --- a/component/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml +++ b/component/tests/golden/vshn/appcat/appcat/10_function_appcat.yaml @@ -3,6 +3,6 @@ kind: Function metadata: name: function-appcat spec: - package: ghcr.io/vshn/appcat:v4.44.0-func + package: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb-func runtimeConfigRef: name: function-appcat diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml index c56de8105..5e0f13347 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_mariadb.yaml @@ -31,7 +31,7 @@ spec: chartRepository: https://charts.bitnami.com/bitnami chartVersion: 10.1.3 controlNamespace: syn-appcat-control - imageTag: v4.44.0 + imageTag: fix_missing_rbac_mariadb isOpenshift: 'false' maintenanceSA: helm-based-service-maintenance plans: '{"standard-1": {"size": {"cpu": "250m", "disk": "16Gi", "enabled": diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml index 88e523613..bc6c84a14 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgres.yaml @@ -1142,7 +1142,7 @@ spec: emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com externalDatabaseConnectionsEnabled: 'true' - imageTag: v4.44.0 + imageTag: fix_missing_rbac_mariadb proxyEndpoint: 172.18.0.1:9443 quotasEnabled: 'false' serviceName: postgresql diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml index 5339260df..cc8cb77f7 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_postgresrestore.yaml @@ -1244,7 +1244,7 @@ spec: emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com externalDatabaseConnectionsEnabled: 'true' - imageTag: v4.44.0 + imageTag: fix_missing_rbac_mariadb proxyEndpoint: 172.18.0.1:9443 quotasEnabled: 'false' serviceName: postgresql diff --git a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml index f79c40849..2cf29a3ec 100644 --- a/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml +++ b/component/tests/golden/vshn/appcat/appcat/21_composition_vshn_redis.yaml @@ -985,7 +985,7 @@ spec: emailAlertingSmtpFromAddress: myuser@example.com emailAlertingSmtpHost: smtp.eu.mailgun.org:465 emailAlertingSmtpUsername: myuser@example.com - imageTag: v4.44.0 + imageTag: fix_missing_rbac_mariadb maintenanceSA: helm-based-service-maintenance proxyEndpoint: 172.18.0.1:9443 quotasEnabled: 'false' diff --git a/component/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml b/component/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml index bde2706cf..4d0ff079c 100644 --- a/component/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml +++ b/component/tests/golden/vshn/appcat/appcat/controllers/appcat/30_deployment.yaml @@ -23,7 +23,7 @@ spec: env: - name: PLANS_NAMESPACE value: syn-appcat - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb livenessProbe: httpGet: path: /healthz diff --git a/component/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml b/component/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml index e353ed080..ad77772ba 100644 --- a/component/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml +++ b/component/tests/golden/vshn/appcat/appcat/sla_reporter/01_cronjob.yaml @@ -30,7 +30,7 @@ spec: envFrom: - secretRef: name: appcat-sla-reports-creds - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb name: sla-reporter resources: limits: diff --git a/component/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml b/component/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml index 964cee9ac..5066d845f 100644 --- a/component/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml +++ b/component/tests/golden/vshn/appcat/appcat/sli_exporter/apps_v1_deployment_appcat-sliexporter-controller-manager.yaml @@ -28,7 +28,7 @@ spec: value: "true" - name: APPCAT_SLI_VSHNREDIS value: "true" - image: ghcr.io/vshn/appcat:v4.44.0 + image: ghcr.io/vshn/appcat:fix_missing_rbac_mariadb livenessProbe: httpGet: path: /healthz diff --git a/package/main.yaml b/package/main.yaml index 9890f4501..98678e162 100644 --- a/package/main.yaml +++ b/package/main.yaml @@ -7,7 +7,7 @@ parameters: image: registry: ghcr.io repository: vshn/appcat - tag: v4.44.0 + tag: fix/missing_rbac_mariadb components: appcat: url: https://github.com/vshn/component-appcat.git