Merge pull request #464 from stefanprodan/fix-cluster-wide-res

stefanprodan · web-flow · commit 0027449dce72 · 2024-12-16T15:05:55.000+02:00
Fix cluster-wide resource readiness check
diff --git a/cmd/timoni/apply_test.go b/cmd/timoni/apply_test.go
@@ -405,13 +405,15 @@ func TestApply_GlobalResources(t *testing.T) {
 			namespace,
 			name,
 			modPath,
-		), strings.NewReader("values: ns: enabled: true"))
+		), strings.NewReader("values: globals: enabled: true"))
 		g.Expect(err).ToNot(HaveOccurred())
 		t.Log("\n", output)
 
 		ns := nsObj.DeepCopy()
 		err = envTestClient.Get(context.Background(), client.ObjectKeyFromObject(ns), ns)
 		g.Expect(err).ToNot(HaveOccurred())
+
+		g.Expect(output).To(ContainSubstring(fmt.Sprintf("ClusterRole/%s-readonly", name)))
 	})
 
 	t.Run("uninstalls instance", func(t *testing.T) {
diff --git a/cmd/timoni/testdata/module/README.md b/cmd/timoni/testdata/module/README.md
@@ -50,6 +50,6 @@ timoni -n module delete module
 | `client: image: pullPolicy:` | `string` | `"IfNotPresent"`                                                            | PullPolicy defines the pull policy for the image. By default, it is set to IfNotPresent.                                                                                                                                                      |
 | `server: enabled:`           | `bool`   | `true`                                                                      |                                                                                                                                                                                                                                               |
 | `domain:`                    | `string` | `"example.internal"`                                                        |                                                                                                                                                                                                                                               |
-| `ns: enabled:`               | `bool`   | `false`                                                                     |                                                                                                                                                                                                                                               |
+| `globals: enabled:`          | `bool`   | `false`                                                                     |                                                                                                                                                                                                                                               |
 | `team:`                      | `string` | `"test"`                                                                    |                                                                                                                                                                                                                                               |
 
diff --git a/cmd/timoni/testdata/module/templates/clusterrole.cue b/cmd/timoni/testdata/module/templates/clusterrole.cue
@@ -0,0 +1,21 @@
+package templates
+
+#ClusterRole: {
+	#config:    #Config
+	apiVersion: "rbac.authorization.k8s.io/v1"
+	kind:       "ClusterRole"
+	metadata: {
+		name: "\(#config.metadata.name)-readonly"
+		// This is for testing invalid namspace reference
+		namespace: "default"
+	}
+	rules: [{
+		apiGroups: [""]
+		resources: ["*"]
+		verbs: [
+			"get",
+			"list",
+			"watch",
+		]
+	}]
+}
diff --git a/cmd/timoni/testdata/module/templates/config.cue b/cmd/timoni/testdata/module/templates/config.cue
@@ -42,7 +42,7 @@ import (
 	domain: *"example.internal" | string
 
 	// +nodoc
-	ns: {
+	globals: {
 		enabled: *false | bool
 	}
 
@@ -61,8 +61,10 @@ import (
 			"\(config.metadata.name)-server": #ServerConfig & {#config: config}
 		}
 
-		if config.ns.enabled {
+		if config.globals.enabled {
 			"\(config.metadata.name)-ns": #Namespace & {#config: config}
+			"\(config.metadata.name)-cr": #ClusterRole & {#config: config}
+
 		}
 	}
 }
diff --git a/internal/reconciler/reconciler.go b/internal/reconciler/reconciler.go
@@ -28,6 +28,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	kerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
+	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 
 	apiv1 "github.com/stefanprodan/timoni/api/v1alpha1"
 	"github.com/stefanprodan/timoni/internal/engine"
@@ -103,6 +104,17 @@ func (r *Reconciler) Init(ctx context.Context, builder *engine.ModuleBuilder, bu
 		r.instanceManager.Instance.Labels[apiv1.BundleNameLabelKey] = instance.Bundle
 	}
 
+	for _, obj := range r.currentObjects {
+		// If the object is not namespaced, we need to remove the metadata.namespace field.
+		if obj.GetNamespace() != "" {
+			if namespaced, err := apiutil.IsObjectNamespaced(obj,
+				r.resourceManager.Client().Scheme(),
+				r.resourceManager.Client().RESTMapper()); err == nil && !namespaced {
+				obj.SetNamespace("")
+			}
+		}
+	}
+
 	if err := r.instanceManager.AddObjects(r.currentObjects); err != nil {
 		return fmt.Errorf("adding objects to instance failed: %w", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ import (`
`42`	`42`	`domain: *"example.internal" \| string`
`43`	`43`
`44`	`44`	`// +nodoc`
`45`		`- ns: {`
	`45`	`+ globals: {`
`46`	`46`	`enabled: *false \| bool`
`47`	`47`	`}`
`48`	`48`
`@@ -61,8 +61,10 @@ import (`
`61`	`61`	`"\(config.metadata.name)-server": #ServerConfig & {#config: config}`
`62`	`62`	`}`
`63`	`63`
`64`		`- if config.ns.enabled {`
	`64`	`+ if config.globals.enabled {`
`65`	`65`	`"\(config.metadata.name)-ns": #Namespace & {#config: config}`
	`66`	`+ "\(config.metadata.name)-cr": #ClusterRole & {#config: config}`
	`67`	`+`
`66`	`68`	`}`
`67`	`69`	`}`
`68`	`70`	`}`