diff --git a/internal/process/provisioning/create_runtime_resource_step.go b/internal/process/provisioning/create_runtime_resource_step.go index 178d9a90ac..f7eb1aee78 100644 --- a/internal/process/provisioning/create_runtime_resource_step.go +++ b/internal/process/provisioning/create_runtime_resource_step.go @@ -62,6 +62,10 @@ func (s *CreateRuntimeResourceStep) Run(operation internal.Operation, log logrus } if !s.kimConfig.IsEnabledForPlan(broker.PlanNamesMapping[operation.ProvisioningParameters.PlanID]) { + if !s.kimConfig.Enabled { + log.Infof("KIM is not enabled, skipping") + return operation, 0, nil + } log.Infof("KIM is not enabled for plan %s, skipping", broker.PlanNamesMapping[operation.ProvisioningParameters.PlanID]) return operation, 0, nil } @@ -139,6 +143,9 @@ func (s *CreateRuntimeResourceStep) createLabelsForRuntime(operation internal.Op "kyma-project.io/region": *operation.ProvisioningParameters.Parameters.Region, "operator.kyma-project.io/kyma-name": kymaName, } + if s.kimConfig.ViewOnly { + labels["kyma-project.io/controlled-by-provisioner"] = "true" + } return labels } diff --git a/internal/process/provisioning/create_runtime_resource_step_test.go b/internal/process/provisioning/create_runtime_resource_step_test.go index 3955bd2b30..45a2e40071 100644 --- a/internal/process/provisioning/create_runtime_resource_step_test.go +++ b/internal/process/provisioning/create_runtime_resource_step_test.go @@ -324,7 +324,7 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_SingleZone_ActualCreation(t *tes assert.Equal(t, runtime.Name, preOperation.RuntimeID) assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) - assertLabels(t, preOperation, runtime) + assertLabelsKIMDriven(t, preOperation, runtime) assertSecurity(t, runtime) assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type) @@ -379,7 +379,7 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_MultiZone_ActualCreation(t *test assert.Equal(t, runtime.Name, preOperation.RuntimeID) assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) - assertLabels(t, preOperation, runtime) + assertLabelsKIMDriven(t, preOperation, runtime) assertSecurity(t, runtime) assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type) @@ -431,7 +431,7 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ActualCreation(t assert.Equal(t, preOperation.RuntimeID, runtime.Name) assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) - assertLabels(t, preOperation, runtime) + assertLabelsKIMDriven(t, preOperation, runtime) assertSecurity(t, runtime) assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type) @@ -444,6 +444,58 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ActualCreation(t } +func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ViewOnly_ActualCreation(t *testing.T) { + // given + log := logrus.New() + memoryStorage := storage.NewMemoryStorage() + + err := imv1.AddToScheme(scheme.Scheme) + + region := "eu-west-2" + + instance := fixInstance() + err = memoryStorage.Instances().Insert(instance) + assert.NoError(t, err) + + preOperation := fixOperationForCreateRuntimeResource(instance.InstanceID, fixture.FixProvisioningParametersWithDTO(operationID, broker.PreviewPlanID, fixProvisioningParametersDTOWithRegion(region))) + err = memoryStorage.Operations().InsertOperation(preOperation) + assert.NoError(t, err) + + kimConfig := fixKimConfigProvisionerDriven("preview", false) + + cli := getClientForTests(t) + inputConfig := input.Config{MultiZoneCluster: false} + step := NewCreateRuntimeResourceStep(memoryStorage.Operations(), memoryStorage.Instances(), cli, kimConfig, inputConfig, nil, false) + + // when + entry := log.WithFields(logrus.Fields{"step": "TEST"}) + _, repeat, err := step.Run(preOperation, entry) + + // then + assert.NoError(t, err) + assert.Zero(t, repeat) + + runtime := imv1.Runtime{} + err = cli.Get(context.Background(), client.ObjectKey{ + Namespace: "kyma-system", + Name: preOperation.RuntimeID, + }, &runtime) + assert.NoError(t, err) + assert.Equal(t, preOperation.RuntimeID, runtime.Name) + assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) + + assertLabelsProvisionerDriven(t, preOperation, runtime) + assertSecurity(t, runtime) + + assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type) + assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region) + assert.Equal(t, "production", string(runtime.Spec.Shoot.Purpose)) + assertWorkers(t, runtime.Spec.Shoot.Provider.Workers, "m6i.large", 20, 3, 1, 0, 1, []string{"eu-west-2a", "eu-west-2b", "eu-west-2c"}) + + _, err = memoryStorage.Instances().GetByID(preOperation.InstanceID) + assert.NoError(t, err) +} + func TestCreateRuntimeResourceStep_Defaults_Preview_MultiZone_ActualCreation(t *testing.T) { // given log := logrus.New() @@ -484,7 +536,7 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_MultiZone_ActualCreation(t * assert.Equal(t, preOperation.RuntimeID, runtime.Name) assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) - assertLabels(t, preOperation, runtime) + assertLabelsKIMDriven(t, preOperation, runtime) assertSecurity(t, runtime) assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type) @@ -537,7 +589,7 @@ func TestCreateRuntimeResourceStep_Defaults_Azure_SingleZone_ActualCreation(t *t assert.Equal(t, preOperation.RuntimeID, runtime.Name) assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) - assertLabels(t, preOperation, runtime) + assertLabelsKIMDriven(t, preOperation, runtime) assertSecurity(t, runtime) assert.Equal(t, "azure", runtime.Spec.Shoot.Provider.Type) @@ -592,7 +644,7 @@ func TestCreateRuntimeResourceStep_Defaults_Azure_MultiZone_ActualCreation(t *te assert.Equal(t, preOperation.RuntimeID, runtime.Name) assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) - assertLabels(t, preOperation, runtime) + assertLabelsKIMDriven(t, preOperation, runtime) assertSecurity(t, runtime) assert.Equal(t, "azure", runtime.Spec.Shoot.Provider.Type) @@ -647,7 +699,7 @@ func TestCreateRuntimeResourceStep_Defaults_GCP_SingleZone_ActualCreation(t *tes assert.Equal(t, preOperation.RuntimeID, runtime.Name) assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) - assertLabels(t, preOperation, runtime) + assertLabelsKIMDriven(t, preOperation, runtime) assertSecurity(t, runtime) assert.Equal(t, "gcp", runtime.Spec.Shoot.Provider.Type) @@ -702,7 +754,7 @@ func TestCreateRuntimeResourceStep_Defaults_GCP_MultiZone_ActualCreation(t *test assert.Equal(t, preOperation.RuntimeID, runtime.Name) assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"]) - assertLabels(t, preOperation, runtime) + assertLabelsKIMDriven(t, preOperation, runtime) assertSecurity(t, runtime) assert.Equal(t, "gcp", runtime.Spec.Shoot.Provider.Type) @@ -722,6 +774,20 @@ func assertSecurity(t *testing.T, runtime imv1.Runtime) { assert.Equal(t, runtime.Spec.Security.Networking.Filter.Egress, imv1.Egress(imv1.Egress{Enabled: false})) } +func assertLabelsKIMDriven(t *testing.T, preOperation internal.Operation, runtime imv1.Runtime) { + assertLabels(t, preOperation, runtime) + + provisionerDriven, ok := runtime.Labels["kyma-project.io/controlled-by-provisioner"] + assert.True(t, !ok || provisionerDriven == "false") +} + +func assertLabelsProvisionerDriven(t *testing.T, preOperation internal.Operation, runtime imv1.Runtime) { + assertLabels(t, preOperation, runtime) + + provisionerDriven, ok := runtime.Labels["kyma-project.io/controlled-by-provisioner"] + assert.True(t, ok && provisionerDriven == "true") +} + func assertLabels(t *testing.T, preOperation internal.Operation, runtime imv1.Runtime) { assert.Equal(t, preOperation.InstanceID, runtime.Labels["kyma-project.io/instance-id"]) assert.Equal(t, preOperation.RuntimeID, runtime.Labels["kyma-project.io/runtime-id"]) @@ -800,6 +866,15 @@ func fixKimConfig(planName string, dryRun bool) kim.Config { } } +func fixKimConfigProvisionerDriven(planName string, dryRun bool) kim.Config { + return kim.Config{ + Enabled: true, + Plans: []string{planName}, + ViewOnly: true, + DryRun: dryRun, + } +} + func fixProvisionerParameters(cloudProvider internal.CloudProvider, region string) internal.ProvisioningParametersDTO { return internal.ProvisioningParametersDTO{ Name: "cluster-test", diff --git a/resources/keb/templates/rbac.yaml b/resources/keb/templates/rbac.yaml index 7ae629c69b..7aead6215e 100644 --- a/resources/keb/templates/rbac.yaml +++ b/resources/keb/templates/rbac.yaml @@ -23,7 +23,7 @@ rules: resources: [ "kymas" ] verbs: [ "*" ] - apiGroups: [ "infrastructuremanager.kyma-project.io" ] - resources: [ "gardenerclusters" ] + resources: [ "gardenerclusters", "runtimes" ] verbs: [ "*" ] ---