Skip to content

Commit f1eb92e

Browse files
pkbhowmickpkbhowmick
authored
use rolebinding namespace for built-in role (#42)
* use rolebinding namespace for built-in role Signed-off-by: Pulak Kanti Bhowmick <[email protected]> * fix unit tests Signed-off-by: Pulak Kanti Bhowmick <[email protected]> --------- Signed-off-by: Pulak Kanti Bhowmick <[email protected]>
1 parent 7fff5f6 commit f1eb92e

File tree

4 files changed

+12
-12
lines changed

4 files changed

+12
-12
lines changed

internal/controller/argocdrolebinding_controller.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -154,9 +154,9 @@ func (r *ArgoCDRoleBindingReconciler) Reconcile(ctx context.Context, req ctrl.Re
154154

155155
switch roleName {
156156
case "admin":
157-
role = r.createBuiltInAdminRole()
157+
role = r.createBuiltInAdminRole(rb.Namespace)
158158
case "readonly":
159-
role = r.createBuiltInReadOnlyRole()
159+
role = r.createBuiltInReadOnlyRole(rb.Namespace)
160160
}
161161

162162
r.Log.Info("Reconciling RBAC ConfigMap")

internal/controller/argocdrolebinding_controller_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -333,7 +333,7 @@ func TestArgoCDRoleBindingReconciler_ReconcileBuiltInAdmin(t *testing.T) {
333333
cm := &corev1.ConfigMap{}
334334
err = reconciler.Get(context.TODO(), types.NamespacedName{Name: testRBACCMName, Namespace: testRBACCMNamespace}, cm)
335335
assert.NoError(t, err)
336-
resCM := makeTestCM_BuiltInAdmin_WithRoleBinding_Expected()
336+
resCM := makeTestCM_BuiltInAdmin_WithRoleBinding_Expected(argocdRoleBinding.Namespace)
337337
assert.Equal(t, resCM.Data, cm.Data)
338338
}
339339

@@ -367,7 +367,7 @@ func TestArgoCDRoleBindingReconciler_ReconcileBuiltInReadOnly(t *testing.T) {
367367
cm := &corev1.ConfigMap{}
368368
err = reconciler.Get(context.TODO(), types.NamespacedName{Name: testRBACCMName, Namespace: testRBACCMNamespace}, cm)
369369
assert.NoError(t, err)
370-
resCM := makeTestCM_BuiltInReadOnly_WithRoleBinding_Expected()
370+
resCM := makeTestCM_BuiltInReadOnly_WithRoleBinding_Expected(argocdRoleBinding.Namespace)
371371
assert.Equal(t, resCM.Data, cm.Data)
372372
}
373373

internal/controller/configmap.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -205,11 +205,11 @@ func FetchObject(client client.Client, namespace string, name string, obj client
205205
}
206206

207207
// createBuiltInAdminRole will return a new built-in ArgoCDRole with admin permissions.
208-
func (r *ArgoCDRoleBindingReconciler) createBuiltInAdminRole() *rbacoperatorv1alpha1.ArgoCDRole {
208+
func (r *ArgoCDRoleBindingReconciler) createBuiltInAdminRole(rbNamespace string) *rbacoperatorv1alpha1.ArgoCDRole {
209209
return &rbacoperatorv1alpha1.ArgoCDRole{
210210
ObjectMeta: metav1.ObjectMeta{
211211
Name: common.ArgoCDRoleAdmin,
212-
Namespace: r.ArgoCDRBACConfigMapNamespace,
212+
Namespace: rbNamespace,
213213
},
214214
Spec: rbacoperatorv1alpha1.ArgoCDRoleSpec{
215215
Rules: []rbacoperatorv1alpha1.GlobalRule{
@@ -269,11 +269,11 @@ func (r *ArgoCDRoleBindingReconciler) createBuiltInAdminRole() *rbacoperatorv1al
269269
}
270270

271271
// createBuiltInReadOnlyRole will return a new built-in ArgoCDRole with read-only permissions.
272-
func (r *ArgoCDRoleBindingReconciler) createBuiltInReadOnlyRole() *rbacoperatorv1alpha1.ArgoCDRole {
272+
func (r *ArgoCDRoleBindingReconciler) createBuiltInReadOnlyRole(rbNamespace string) *rbacoperatorv1alpha1.ArgoCDRole {
273273
return &rbacoperatorv1alpha1.ArgoCDRole{
274274
ObjectMeta: metav1.ObjectMeta{
275275
Name: common.ArgoCDRoleReadOnly,
276-
Namespace: r.ArgoCDRBACConfigMapNamespace,
276+
Namespace: rbNamespace,
277277
},
278278
Spec: rbacoperatorv1alpha1.ArgoCDRoleSpec{
279279
Rules: []rbacoperatorv1alpha1.GlobalRule{

internal/controller/testing.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -344,29 +344,29 @@ func makeTestCM_ArgoCDRole_WithRoleBindingLocalSubject_Expected() *corev1.Config
344344
return cm
345345
}
346346

347-
func makeTestCM_BuiltInAdmin_WithRoleBinding_Expected() *corev1.ConfigMap {
347+
func makeTestCM_BuiltInAdmin_WithRoleBinding_Expected(rbNamespace string) *corev1.ConfigMap {
348348
cm := &corev1.ConfigMap{
349349
ObjectMeta: metav1.ObjectMeta{
350350
Name: testRBACCMName,
351351
Namespace: testRBACCMNamespace,
352352
},
353353
Data: map[string]string{
354354
"policy.csv": "",
355-
fmt.Sprintf("policy.%s.%s.csv", testRBACCMNamespace, common.ArgoCDRoleAdmin): fmt.Sprintf("g, role:rb-role-test, role:%s\n", common.ArgoCDRoleAdmin),
355+
fmt.Sprintf("policy.%s.%s.csv", rbNamespace, common.ArgoCDRoleAdmin): fmt.Sprintf("g, role:rb-role-test, role:%s\n", common.ArgoCDRoleAdmin),
356356
},
357357
}
358358
return cm
359359
}
360360

361-
func makeTestCM_BuiltInReadOnly_WithRoleBinding_Expected() *corev1.ConfigMap {
361+
func makeTestCM_BuiltInReadOnly_WithRoleBinding_Expected(rbNamespace string) *corev1.ConfigMap {
362362
cm := &corev1.ConfigMap{
363363
ObjectMeta: metav1.ObjectMeta{
364364
Name: testRBACCMName,
365365
Namespace: testRBACCMNamespace,
366366
},
367367
Data: map[string]string{
368368
"policy.csv": "",
369-
fmt.Sprintf("policy.%s.%s.csv", testRBACCMNamespace, common.ArgoCDRoleReadOnly): fmt.Sprintf("g, role:rb-role-test, role:%s\n", common.ArgoCDRoleReadOnly),
369+
fmt.Sprintf("policy.%s.%s.csv", rbNamespace, common.ArgoCDRoleReadOnly): fmt.Sprintf("g, role:rb-role-test, role:%s\n", common.ArgoCDRoleReadOnly),
370370
},
371371
}
372372
return cm

0 commit comments

Comments
 (0)