🧹 Fix unit tests for workloads

Remove resource cleanup, because it is not supported: kubernetes-sigs/controller-runtime#880 Implement check for Service Account in workloads. Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Jun 3, 2022 · f4a7a6d · f4a7a6d
1 parent 62b7a88
commit f4a7a6d
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 25 deletions.
diff --git a/controllers/workloads.go b/controllers/workloads.go
@@ -137,6 +137,17 @@ func (n *Workloads) declareDeployment(ctx context.Context, clt client.Client, sc
 	if err != nil {
 		return ctrl.Result{}, err
 	}
+
+	//Check whether specified SA exists in the namespace, just in case, e.g. when Deployment is spread across namespaces
+	desiredServiceAccountName := n.Mondoo.Spec.Scanner.ServiceAccountName
+	desiredNamespace := n.Mondoo.Namespace
+	foundServiceAccount := &corev1.ServiceAccount{}
+	err = clt.Get(ctx, types.NamespacedName{Name: desiredServiceAccountName, Namespace: desiredNamespace}, foundServiceAccount)
+	if err != nil && errors.IsNotFound(err) {
+		log.Error(err, "Cannot create Deployment because ServiceAccount is missing in namespace", "Deployment.Namespace", desiredNamespace, "Deployment.serviceAccountName", desiredServiceAccountName)
+		return ctrl.Result{}, err
+	}
+
 	desiredDeployment := n.deploymentForMondoo(mondooClientImage)
 	err = clt.Get(ctx, client.ObjectKeyFromObject(desiredDeployment), found)
 	if err != nil && errors.IsNotFound(err) {

diff --git a/controllers/workloads_test.go b/controllers/workloads_test.go
@@ -39,14 +39,15 @@ var _ = Describe("workloads", func() {
 	const (
 		name      = "workloads"
 		namespace = "workloads-namespace"
+		duration  = time.Second * 5
 		timeout   = time.Second * 10
 		interval  = time.Millisecond * 250
 	)
 	BeforeEach(func() {
 		os.Setenv("MONDOO_NAMESPACE_OVERRIDE", "mondoo-operator")
 	})
-	Context("When deploying the operator with workloads enabled", func() {
-		It("Should create a new Deployment", func() {
+	Context("When deploying the operator with workloads enabled, but missing service account", func() {
+		It("Should not create a new Deployment", func() {
 			ctx := context.Background()
 
 			By("Creating a namespace")
@@ -57,25 +58,6 @@ var _ = Describe("workloads", func() {
 			}
 			Expect(k8sClient.Create(ctx, ns)).Should(Succeed())
 
-			By("Creating a secret")
-			secret := &corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      name,
-					Namespace: namespace,
-				},
-				Data: map[string][]byte{"config": []byte("foo")},
-			}
-			Expect(k8sClient.Create(ctx, secret)).Should(Succeed())
-
-			By("Creating a serviceaccount")
-			serviceaccount := &corev1.ServiceAccount{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      name,
-					Namespace: namespace,
-				},
-			}
-			Expect(k8sClient.Create(ctx, serviceaccount)).Should(Succeed())
-
 			By("Creating the mondoo crd")
 			createdMondoo := &k8sv1alpha2.MondooAuditConfig{
 				ObjectMeta: metav1.ObjectMeta{
@@ -96,10 +78,45 @@ var _ = Describe("workloads", func() {
 				},
 			}
 			Expect(k8sClient.Create(ctx, createdMondoo)).Should(Succeed())
-			defer func() {
-				Expect(k8sClient.Delete(context.Background(), createdMondoo)).Should(Succeed())
-				time.Sleep(time.Second * 5)
-			}()
+
+			By("Checking that the mondoo crd is found")
+			foundMondoo := &k8sv1alpha2.MondooAuditConfig{}
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, types.NamespacedName{Name: name, Namespace: namespace}, foundMondoo)
+				return err == nil
+			}, timeout, interval).Should(BeTrue())
+
+			workloadDeploymentName := fmt.Sprintf(WorkloadDeploymentNameTemplate, name)
+			foundDeployment := &appsv1.Deployment{}
+			By("Checking that the deployment is NOT found")
+			Consistently(func() bool {
+				err := k8sClient.Get(ctx, types.NamespacedName{Name: workloadDeploymentName, Namespace: namespace}, foundDeployment)
+				return err == nil
+			}, duration, interval).Should(BeFalse())
+		})
+	})
+	Context("When deploying the operator with workloads enabled and creating a service account", func() {
+		It("Should create a new Deployment", func() {
+			ctx := context.Background()
+
+			By("Creating a secret")
+			secret := &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: namespace,
+				},
+				Data: map[string][]byte{"config": []byte("foo")},
+			}
+			Expect(k8sClient.Create(ctx, secret)).Should(Succeed())
+
+			By("Creating a serviceaccount")
+			serviceaccount := &corev1.ServiceAccount{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: namespace,
+				},
+			}
+			Expect(k8sClient.Create(ctx, serviceaccount)).Should(Succeed())
 
 			By("Checking that the mondoo crd is found")
 			foundMondoo := &k8sv1alpha2.MondooAuditConfig{}