Skip to content

Conversation

@xstefank
Copy link
Collaborator

@xstefank xstefank commented Apr 11, 2025

First part for #2753. I believe it makes sense to split this into a separate PR. Let me know if I misunderstood where everywhere the infrastructure client should be used.

@openshift-ci openshift-ci bot requested review from csviri and metacosm April 11, 2025 14:49
@xstefank xstefank force-pushed the test-extension-separate-clients-2753 branch from bf116d5 to 9e5009f Compare August 26, 2025 07:18
@Copilot Copilot AI review requested due to automatic review settings August 26, 2025 07:18
Copilot

This comment was marked as outdated.

@xstefank
Copy link
Collaborator Author

@csviri @metacosm added a test for this, please take a look again.

@xstefank xstefank requested a review from csviri August 26, 2025 07:20
.withUid(UUID.randomUUID().toString())
.withGeneration(1L)
.build());
resource.getMetadata().setAnnotations(new HashMap<>());
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this needed?

.withGeneration(1L)
.build());
resource.getMetadata().setAnnotations(new HashMap<>());
resource.setKind("InfrastructureClientTestCustomResource");
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shouldn't be necessary.

resource.setMetadata(
new ObjectMetaBuilder()
.withName("infrastructure-client-resource")
.withUid(UUID.randomUUID().toString())
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shouldn't be needed.

new ObjectMetaBuilder()
.withName("infrastructure-client-resource")
.withUid(UUID.randomUUID().toString())
.withGeneration(1L)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shouldn't be needed.

@xstefank xstefank force-pushed the test-extension-separate-clients-2753 branch from 59eacca to ce0e0d9 Compare August 26, 2025 08:57
@xstefank xstefank requested a review from Copilot August 26, 2025 09:08
Copilot

This comment was marked as outdated.

@xstefank xstefank requested a review from Copilot August 26, 2025 09:13
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR allows test infrastructure to use a separate Kubernetes client from the one used by operators under test. It adds the ability to configure an infrastructure client with broader permissions while using a restricted client for the operator itself, enabling better testing of RBAC scenarios.

Key changes:

  • Added infrastructure client configuration to test extensions
  • Implemented RBAC test scenario to verify separated client functionality
  • Modified infrastructure operations to use the dedicated infrastructure client

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.

Show a summary per file
File Description
AbstractOperatorExtension.java Added infrastructure client field and updated namespace/infrastructure operations
LocallyRunOperatorExtension.java Added builder support for infrastructure client configuration
ClusterDeployedOperatorExtension.java Added infrastructure client support for cluster deployment scenarios
HasKubernetesClient.java Extended interface to expose infrastructure client
InfrastructureClientIT.java Integration test demonstrating RBAC separation using restricted operator client
InfrastructureClientTestReconciler.java Test reconciler for infrastructure client testing
InfrastructureClientTestCustomResource.java Custom resource definition for testing
rbac-test-role.yaml RBAC role with limited permissions for testing
rbac-test-role-binding.yaml Role binding for test user

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@csviri csviri force-pushed the test-extension-separate-clients-2753 branch from 668ec59 to dad9093 Compare August 26, 2025 12:08

@BeforeEach
void setup() {
applyClusterRole(RBAC_TEST_ROLE);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are I guess redundant. The one from constructor might be an another hook I guess?!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the problem I mentioned to you on the call. If I removed this BeforeEach, the cluster roles wouldn't be applied for the second test.

@metacosm metacosm changed the title allow to override test infrastructure kube client separately feat: allow overriding test infrastructure kube client separately Aug 26, 2025
@xstefank xstefank force-pushed the test-extension-separate-clients-2753 branch from dad9093 to b1bea3e Compare August 28, 2025 11:27
@csviri
Copy link
Collaborator

csviri commented Aug 28, 2025

@xstefank might be better to target next with this

@xstefank xstefank changed the base branch from main to next August 28, 2025 11:33
@xstefank xstefank force-pushed the test-extension-separate-clients-2753 branch from b1bea3e to 06b9a8a Compare August 28, 2025 11:34
@xstefank xstefank force-pushed the test-extension-separate-clients-2753 branch from 06b9a8a to 98cb8da Compare August 28, 2025 11:37
Copy link
Collaborator

@metacosm metacosm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The difference between both clients and why it might be interesting to configure them differently should be documented, in my opinion. Otherwise, LGTM.

…n HasKubernetesClient interface

Signed-off-by: xstefank <[email protected]>
@xstefank xstefank merged commit 72c5400 into operator-framework:next Aug 29, 2025
25 checks passed
@xstefank xstefank deleted the test-extension-separate-clients-2753 branch August 29, 2025 11:28
csviri pushed a commit that referenced this pull request Sep 2, 2025
csviri pushed a commit that referenced this pull request Sep 24, 2025
csviri pushed a commit that referenced this pull request Oct 7, 2025
csviri pushed a commit that referenced this pull request Oct 14, 2025
csviri pushed a commit that referenced this pull request Oct 18, 2025
csviri pushed a commit that referenced this pull request Oct 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants