fix(tests): Improved the e2e tests for app sync with impersonation fe…

…ature (#21792) Signed-off-by: anandf <[email protected]>
argoproj · Feb 6, 2025 · fa747f9 · fa747f9
1 parent 71c7700
commit fa747f9
Show file tree

Hide file tree

Showing 5 changed files with 194 additions and 192 deletions.
diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go
@@ -7,6 +7,8 @@ import (
 	"slices"
 	"strconv"
 
+	rbacv1 "k8s.io/api/rbac/v1"
+
 	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -519,3 +521,17 @@ func (a *Actions) SetTrackingLabel(trackingLabel string) *Actions {
 	errors.CheckError(fixture.SetTrackingLabel(trackingLabel))
 	return a
 }
+
+func (a *Actions) WithImpersonationEnabled(serviceAccountName string, policyRules []rbacv1.PolicyRule) *Actions {
+	errors.CheckError(fixture.SetImpersonationEnabled("true"))
+	if serviceAccountName == "" || policyRules == nil {
+		return a
+	}
+	errors.CheckError(fixture.CreateRBACResourcesForImpersonation(serviceAccountName, policyRules))
+	return a
+}
+
+func (a *Actions) WithImpersonationDisabled() *Actions {
+	errors.CheckError(fixture.SetImpersonationEnabled("false"))
+	return a
+}
diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go
@@ -14,9 +14,11 @@ import (
 	"testing"
 	"time"
 
+	corev1 "k8s.io/api/core/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
+
 	jsonpatch "github.com/evanphx/json-patch"
 	log "github.com/sirupsen/logrus"
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
@@ -461,6 +463,57 @@ func SetTrackingLabel(trackingLabel string) error {
 	})
 }
 
+func SetImpersonationEnabled(impersonationEnabledFlag string) error {
+	return updateSettingConfigMap(func(cm *corev1.ConfigMap) error {
+		cm.Data["application.sync.impersonation.enabled"] = impersonationEnabledFlag
+		return nil
+	})
+}
+
+func CreateRBACResourcesForImpersonation(serviceAccountName string, policyRules []rbacv1.PolicyRule) error {
+	sa := &corev1.ServiceAccount{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: serviceAccountName,
+		},
+	}
+	_, err := KubeClientset.CoreV1().ServiceAccounts(DeploymentNamespace()).Create(context.Background(), sa, metav1.CreateOptions{})
+	if err != nil {
+		return err
+	}
+	role := &rbacv1.Role{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: fmt.Sprintf("%s-%s", serviceAccountName, "role"),
+		},
+		Rules: policyRules,
+	}
+	_, err = KubeClientset.RbacV1().Roles(DeploymentNamespace()).Create(context.Background(), role, metav1.CreateOptions{})
+	if err != nil {
+		return err
+	}
+	rolebinding := &rbacv1.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: fmt.Sprintf("%s-%s", serviceAccountName, "rolebinding"),
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: "rbac.authorization.k8s.io",
+			Kind:     "Role",
+			Name:     fmt.Sprintf("%s-%s", serviceAccountName, "role"),
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:      "ServiceAccount",
+				Name:      serviceAccountName,
+				Namespace: DeploymentNamespace(),
+			},
+		},
+	}
+	_, err = KubeClientset.RbacV1().RoleBindings(DeploymentNamespace()).Create(context.Background(), rolebinding, metav1.CreateOptions{})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func SetResourceOverridesSplitKeys(overrides map[string]v1alpha1.ResourceOverride) error {
 	return updateSettingConfigMap(func(cm *corev1.ConfigMap) error {
 		for k, v := range overrides {

diff --git a/test/e2e/fixture/project/actions.go b/test/e2e/fixture/project/actions.go
@@ -46,6 +46,11 @@ func (a *Actions) AddDestination(cluster string, namespace string) *Actions {
 	return a
 }
 
+func (a *Actions) AddDestinationServiceAccount(cluster string, namespace string) *Actions {
+	a.runCli("proj", "add-destination-service-account", a.context.name, cluster, namespace)
+	return a
+}
+
 func (a *Actions) AddSource(repo string) *Actions {
 	a.runCli("proj", "add-source", a.context.name, repo)
 	return a
@@ -78,6 +83,18 @@ func (a *Actions) prepareCreateArgs(args []string) []string {
 	if len(a.context.sourceNamespaces) > 0 {
 		args = append(args, "--source-namespaces", strings.Join(a.context.sourceNamespaces, ","))
 	}
+
+	if len(a.context.repos) > 0 {
+		for _, repo := range a.context.repos {
+			args = append(args, "--src", repo)
+		}
+	}
+
+	if len(a.context.destinationServiceAccounts) != 0 {
+		for _, destinationServiceAccount := range a.context.destinationServiceAccounts {
+			args = append(args, "--dest-service-accounts", destinationServiceAccount)
+		}
+	}
 	return args
 }
 

diff --git a/test/e2e/fixture/project/context.go b/test/e2e/fixture/project/context.go
@@ -11,11 +11,12 @@ import (
 type Context struct {
 	t *testing.T
 	// seconds
-	timeout          int
-	name             string
-	destination      string
-	repos            []string
-	sourceNamespaces []string
+	timeout                    int
+	name                       string
+	destination                string
+	destinationServiceAccounts []string
+	repos                      []string
+	sourceNamespaces           []string
 }
 
 func Given(t *testing.T) *Context {
@@ -46,6 +47,11 @@ func (c *Context) Destination(destination string) *Context {
 	return c
 }
 
+func (c *Context) DestinationServiceAccounts(destinationServiceAccounts []string) *Context {
+	c.destinationServiceAccounts = destinationServiceAccounts
+	return c
+}
+
 func (c *Context) SourceRepositories(repos []string) *Context {
 	c.repos = repos
 	return c