diff --git a/.gitignore b/.gitignore index 84cc8ec8..ed8cc2de 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,5 @@ venonactl/dist/* venonactl-linux venonalog.json .venonaconf +.cover +configdir diff --git a/package.json b/package.json index 8a9c7809..716a1bac 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "venona", - "version": "1.2.17", + "version": "1.3.0", "description": "Codefresh agent to run on Codefresh's runtime environment and execute pipeline", "main": "index.js", "scripts": { diff --git a/venonactl/VERSION b/venonactl/VERSION index 21344eb1..f0bb29e7 100644 --- a/venonactl/VERSION +++ b/venonactl/VERSION @@ -1 +1 @@ -1.2.17 \ No newline at end of file +1.3.0 diff --git a/venonactl/cmd/install-agent.go b/venonactl/cmd/install-agent.go index 0885bb0c..994c4465 100644 --- a/venonactl/cmd/install-agent.go +++ b/venonactl/cmd/install-agent.go @@ -37,11 +37,10 @@ var installAgentCmdOptions struct { venona struct { version string } - agentToken string - agentID string - kubernetesRunnerType bool - tolerations string - skipClusterAcceptanceTest bool + agentToken string + agentID string + kubernetesRunnerType bool + tolerations string } var installAgentCmd = &cobra.Command{ @@ -59,8 +58,7 @@ var installAgentCmd = &cobra.Command{ cfAPIHost = "https://g.codefresh.io" } builderInstallOpt := &plugins.InstallOptions{ - CodefreshHost: cfAPIHost, - SkipAcceptanceTest: installAgentCmdOptions.skipClusterAcceptanceTest, + CodefreshHost: cfAPIHost, } if installAgentCmdOptions.agentToken == "" { @@ -133,7 +131,6 @@ func init() { installAgentCmd.Flags().BoolVar(&installAgentCmdOptions.kube.inCluster, "in-cluster", false, "Set flag if venona is been installed from inside a cluster") installAgentCmd.Flags().BoolVar(&installAgentCmdOptions.dryRun, "dry-run", false, "Set to true to simulate installation") installAgentCmd.Flags().BoolVar(&installAgentCmdOptions.kubernetesRunnerType, "kubernetes-runner-type", false, "Set the runner type to kubernetes (alpha feature)") - installAgentCmd.Flags().BoolVar(&installAgentCmdOptions.skipClusterAcceptanceTest, "skip-cluster-test", false, "Do not run cluster acceptance test") } func fillCodefreshAPI(logger logger.Logger) { diff --git a/venonactl/cmd/install-runtime.go b/venonactl/cmd/install-runtime.go index 77cf83a8..4bf3ab62 100644 --- a/venonactl/cmd/install-runtime.go +++ b/venonactl/cmd/install-runtime.go @@ -34,13 +34,12 @@ var installRuntimeCmdOptions struct { context string nodeSelector string } - storageClass string - runtimeEnvironmentName string - kubernetesRunnerType bool - tolerations string - templateValues []string - templateFileValues []string - skipClusterAcceptanceTest bool + storageClass string + runtimeEnvironmentName string + kubernetesRunnerType bool + tolerations string + templateValues []string + templateFileValues []string } var installRuntimeCmd = &cobra.Command{ @@ -96,7 +95,6 @@ var installRuntimeCmd = &cobra.Command{ CodefreshToken: installRuntimeCmdOptions.codefreshToken, RuntimeEnvironment: installRuntimeCmdOptions.runtimeEnvironmentName, ClusterNamespace: installRuntimeCmdOptions.kube.namespace, - SkipAcceptanceTest: installRuntimeCmdOptions.skipClusterAcceptanceTest, } if installRuntimeCmdOptions.kubernetesRunnerType { @@ -175,6 +173,4 @@ func init() { installRuntimeCmd.Flags().StringArrayVar(&installRuntimeCmdOptions.templateValues, "set-value", []string{}, "Set values for templates, example: --set-value LocalVolumesDir=/mnt/disks/ssd0/codefresh-volumes") installRuntimeCmd.Flags().StringArrayVar(&installRuntimeCmdOptions.templateFileValues, "set-file", []string{}, "Set values for templates from file, example: --set-file Storage.GoogleServiceAccount=/path/to/service-account.json") - installRuntimeCmd.Flags().BoolVar(&installRuntimeCmdOptions.skipClusterAcceptanceTest, "skip-cluster-test", false, "Do not run cluster acceptance test") - } diff --git a/venonactl/cmd/test.go b/venonactl/cmd/test.go new file mode 100644 index 00000000..1ea8e561 --- /dev/null +++ b/venonactl/cmd/test.go @@ -0,0 +1,105 @@ +package cmd + +/* +Copyright 2019 The Codefresh Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +import ( + "fmt" + + "github.com/codefresh-io/venona/venonactl/pkg/plugins" + "github.com/codefresh-io/venona/venonactl/pkg/store" + "github.com/spf13/cobra" + "github.com/spf13/viper" +) + +var allTestPluginTypes = []string{ + plugins.RuntimeEnvironmentPluginType, + plugins.VenonaPluginType, + plugins.MonitorAgentPluginType, + plugins.VolumeProvisionerPluginType, + plugins.EnginePluginType, + plugins.RuntimeAttachType, +} + +var testCommandOptions struct { + kube struct { + namespace string + context string + } + plugin []string +} + +var testCommand = &cobra.Command{ + Use: "test", + Short: "Run test on the target cluster prior installation", + Run: func(cmd *cobra.Command, args []string) { + lgr := createLogger("test", verbose) + s := store.GetStore() + extendStoreWithKubeClient(lgr) + fillKubernetesAPI(lgr, testCommandOptions.kube.context, testCommandOptions.kube.namespace, false) + + builder := plugins.NewBuilder(lgr) + for _, p := range testCommandOptions.plugin { + if p == plugins.RuntimeEnvironmentPluginType { + builder.Add(plugins.RuntimeEnvironmentPluginType) + } + if p == plugins.VenonaPluginType { + builder.Add(plugins.VenonaPluginType) + } + if p == plugins.MonitorAgentPluginType { + builder.Add(plugins.MonitorAgentPluginType) + } + if p == plugins.VolumeProvisionerPluginType { + builder.Add(plugins.VolumeProvisionerPluginType) + } + if p == plugins.EnginePluginType { + builder.Add(plugins.EnginePluginType) + } + if p == plugins.RuntimeAttachType { + builder.Add(plugins.RuntimeAttachType) + } + } + var finalerr error + for _, p := range builder.Get() { + lgr.Info("Testing requirements", "installer", p.Name()) + err := p.Test(plugins.TestOptions{ + KubeBuilder: getKubeClientBuilder(s.KubernetesAPI.ContextName, s.KubernetesAPI.Namespace, s.KubernetesAPI.ConfigPath, false), + ClusterNamespace: s.KubernetesAPI.Namespace, + }) + if err != nil { + if finalerr != nil { + finalerr = fmt.Errorf("%s - %s", finalerr.Error(), err.Error()) + } else { + finalerr = fmt.Errorf("%s", err.Error()) + + } + } + } + dieOnError(finalerr) + + lgr.Info("Cluster passed acceptance test") + }, +} + +func init() { + viper.BindEnv("kube-namespace", "KUBE_NAMESPACE") + viper.BindEnv("kube-context", "KUBE_CONTEXT") + + testCommand.Flags().StringVar(&testCommandOptions.kube.namespace, "kube-namespace", viper.GetString("kube-namespace"), "Name of the namespace on which monitor should be installed [$KUBE_NAMESPACE]") + testCommand.Flags().StringVar(&testCommandOptions.kube.context, "kube-context-name", viper.GetString("kube-context"), "Name of the kubernetes context on which monitor should be installed (default is current-context) [$KUBE_CONTEXT]") + testCommand.Flags().StringArrayVar(&testCommandOptions.plugin, "installer", allTestPluginTypes, "Which test to run, based on the installer type") + + rootCmd.AddCommand(testCommand) +} diff --git a/venonactl/pkg/plugins/engine.go b/venonactl/pkg/plugins/engine.go index 19c79e79..552f4810 100644 --- a/venonactl/pkg/plugins/engine.go +++ b/venonactl/pkg/plugins/engine.go @@ -145,3 +145,11 @@ func (u *enginePlugin) Upgrade(opt *UpgradeOptions, v Values) (Values, error) { func (u *enginePlugin) Migrate(*MigrateOptions, Values) error { return fmt.Errorf("not supported") } + +func (u *enginePlugin) Test(opt TestOptions) error { + return nil +} + +func (u *enginePlugin) Name() string { + return EnginePluginType +} diff --git a/venonactl/pkg/plugins/helper.go b/venonactl/pkg/plugins/helper.go index a7c1607b..656582dc 100644 --- a/venonactl/pkg/plugins/helper.go +++ b/venonactl/pkg/plugins/helper.go @@ -25,6 +25,7 @@ import ( "strings" // import all cloud providers auth clients + authv1 "k8s.io/api/authorization/v1" v1 "k8s.io/api/core/v1" "k8s.io/client-go/kubernetes" _ "k8s.io/client-go/plugin/pkg/client/auth" @@ -51,6 +52,14 @@ type ( cpu string localDiskMinimumSize string momorySize string + rbac []rbacValidation + } + + rbacValidation struct { + Namespace string + Resource string + Verbs []string + Group string } ) @@ -155,6 +164,32 @@ func getKubeObjectsFromTempalte(values map[string]interface{}, pattern string, l func ensureClusterRequirements(client *kubernetes.Clientset, req validationRequest, logger logger.Logger) (validationResult, error) { result := validationResult{true, nil} + specs := []*authv1.SelfSubjectAccessReview{} + for _, rbac := range req.rbac { + for _, verb := range rbac.Verbs { + attr := &authv1.ResourceAttributes{ + Resource: rbac.Resource, + Verb: verb, + Group: rbac.Group, + } + if rbac.Namespace != "" { + attr.Namespace = rbac.Namespace + } + specs = append(specs, &authv1.SelfSubjectAccessReview{ + Spec: authv1.SelfSubjectAccessReviewSpec{ + ResourceAttributes: attr, + }, + }) + } + } + rbacres := testRBAC(client, specs) + if len(rbacres) > 0 { + result.isValid = false + for _, res := range rbacres { + result.message = append(result.message, res) + } + return result, nil + } v, err := client.ServerVersion() if err != nil { @@ -198,6 +233,20 @@ func ensureClusterRequirements(client *kubernetes.Clientset, req validationReque return result, nil } +func handleValidationResult(res validationResult, logger logger.Logger) error { + if !res.isValid { + for _, m := range res.message { + logger.Error(m) + } + return errors.New("Failed to run acceptance test on cluster") + } + + for _, m := range res.message { + logger.Warn(m) + } + return nil +} + func testKubernetesVersion(version *version.Info) (bool, error) { v, err := semver.NewVersion(version.String()) if err != nil { @@ -244,3 +293,27 @@ func testNode(n v1.Node, req validationRequest) []string { return result } + +func testRBAC(client *kubernetes.Clientset, specs []*authv1.SelfSubjectAccessReview) []string { + res := []string{} + for _, sar := range specs { + resp, err := client.AuthorizationV1().SelfSubjectAccessReviews().Create(sar) + if err != nil { + res = append(res, err.Error()) + continue + } + if !resp.Status.Allowed { + verb := sar.Spec.ResourceAttributes.Verb + namespace := sar.Spec.ResourceAttributes.Namespace + resource := sar.Spec.ResourceAttributes.Resource + group := sar.Spec.ResourceAttributes.Group + msg := strings.Builder{} + msg.WriteString(fmt.Sprintf("Insufficient permission, %s %s/%s is not allowed", verb, group, resource)) + if namespace != "" { + msg.WriteString(fmt.Sprintf(" on namespace %s", namespace)) + } + res = append(res, msg.String()) + } + } + return res +} diff --git a/venonactl/pkg/plugins/monitor.go b/venonactl/pkg/plugins/monitor.go index 6751a8bc..d1d4850d 100644 --- a/venonactl/pkg/plugins/monitor.go +++ b/venonactl/pkg/plugins/monitor.go @@ -18,6 +18,7 @@ package plugins import ( "fmt" + "github.com/codefresh-io/venona/venonactl/pkg/logger" templates "github.com/codefresh-io/venona/venonactl/pkg/templates/kubernetes" ) @@ -84,3 +85,42 @@ func (u *monitorAgentPlugin) Upgrade(opt *UpgradeOptions, v Values) (Values, err func (u *monitorAgentPlugin) Migrate(*MigrateOptions, Values) error { return fmt.Errorf("not supported") } + +func (u *monitorAgentPlugin) Test(opt TestOptions) error { + validationRequest := validationRequest{ + rbac: []rbacValidation{ + { + Group: "apps", + Resource: "*", + Verbs: []string{"get", "list", "watch"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "*", + Verbs: []string{"get", "list", "watch", "create", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Group: "extensions", + Resource: "*", + Verbs: []string{"get", "list", "watch"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "pods", + Verbs: []string{"deletecollection"}, + Namespace: opt.ClusterNamespace, + }, + }, + } + return test(testOptions{ + logger: u.logger, + kubeBuilder: opt.KubeBuilder, + namespace: opt.ClusterNamespace, + validationRequest: validationRequest, + }) +} + +func (u *monitorAgentPlugin) Name() string { + return MonitorAgentPluginType +} diff --git a/venonactl/pkg/plugins/plugin.go b/venonactl/pkg/plugins/plugin.go index aa69f23c..b03ee8c7 100644 --- a/venonactl/pkg/plugins/plugin.go +++ b/venonactl/pkg/plugins/plugin.go @@ -28,6 +28,8 @@ type ( Delete(*DeleteOptions, Values) error Upgrade(*UpgradeOptions, Values) (Values, error) Migrate(*MigrateOptions, Values) error + Test(TestOptions) error + Name() string } PluginBuilder interface { @@ -72,7 +74,6 @@ type ( RuntimeClusterName string RuntimeServiceAccount string RestartAgent bool - SkipAcceptanceTest bool } DeleteOptions struct { @@ -108,6 +109,13 @@ type ( } } + TestOptions struct { + KubeBuilder interface { + BuildClient() (*kubernetes.Clientset, error) + } + ClusterNamespace string + } + StatusOptions struct { KubeBuilder interface { BuildClient() (*kubernetes.Clientset, error) @@ -148,6 +156,15 @@ type ( operatorType string logger logger.Logger } + + testOptions struct { + logger logger.Logger + kubeBuilder interface { + BuildClient() (*kubernetes.Clientset, error) + } + namespace string + validationRequest validationRequest + } ) func NewBuilder(logger logger.Logger) PluginBuilder { @@ -169,37 +186,37 @@ func (p *pb) Get() []Plugin { func build(t string, logger logger.Logger) Plugin { if t == VenonaPluginType { return &venonaPlugin{ - logger: logger.New("Plugin", VenonaPluginType), + logger: logger.New("installer", VenonaPluginType), } } if t == RuntimeEnvironmentPluginType { return &runtimeEnvironmentPlugin{ - logger: logger.New("Plugin", RuntimeEnvironmentPluginType), + logger: logger.New("installer", RuntimeEnvironmentPluginType), } } if t == VolumeProvisionerPluginType { return &volumeProvisionerPlugin{ - logger: logger.New("Plugin", VolumeProvisionerPluginType), + logger: logger.New("installer", VolumeProvisionerPluginType), } } if t == EnginePluginType { return &enginePlugin{ - logger: logger.New("Plugin", EnginePluginType), + logger: logger.New("installer", EnginePluginType), } } if t == RuntimeAttachType { return &runtimeAttachPlugin{ - logger: logger.New("Plugin", RuntimeAttachType), + logger: logger.New("installer", RuntimeAttachType), } } if t == MonitorAgentPluginType { return &monitorAgentPlugin{ - logger: logger.New("Plugin", MonitorAgentPluginType), + logger: logger.New("installer", MonitorAgentPluginType), } } @@ -290,3 +307,18 @@ func uninstall(opt *deleteOptions) error { } return nil } + +func test(opt testOptions) error { + lgr := opt.logger + cs, err := opt.kubeBuilder.BuildClient() + if err != nil { + lgr.Error(fmt.Sprintf("Cannot create kubernetes clientset: %v ", err)) + return err + } + lgr.Debug("Running acceptance tests") + res, err := ensureClusterRequirements(cs, opt.validationRequest, lgr) + if err != nil { + return err + } + return handleValidationResult(res, lgr) +} diff --git a/venonactl/pkg/plugins/runtime-attach.go b/venonactl/pkg/plugins/runtime-attach.go index 1e71215d..6cc9f245 100644 --- a/venonactl/pkg/plugins/runtime-attach.go +++ b/venonactl/pkg/plugins/runtime-attach.go @@ -294,3 +294,11 @@ func (u *runtimeAttachPlugin) Upgrade(_ *UpgradeOptions, v Values) (Values, erro func (u *runtimeAttachPlugin) Migrate(*MigrateOptions, Values) error { return fmt.Errorf("not supported") } + +func (u *runtimeAttachPlugin) Test(opt TestOptions) error { + return nil +} + +func (u *runtimeAttachPlugin) Name() string { + return RuntimeAttachType +} diff --git a/venonactl/pkg/plugins/runtime-environment.go b/venonactl/pkg/plugins/runtime-environment.go index ec5311fe..5b394dcc 100644 --- a/venonactl/pkg/plugins/runtime-environment.go +++ b/venonactl/pkg/plugins/runtime-environment.go @@ -18,7 +18,6 @@ package plugins import ( "encoding/base64" - "errors" "fmt" "github.com/codefresh-io/venona/venonactl/pkg/codefresh" @@ -84,27 +83,6 @@ func (u *runtimeEnvironmentPlugin) Install(opt *InstallOptions, v Values) (Value return nil, err } - if !opt.SkipAcceptanceTest { - u.logger.Debug("Running acceptance tests") - res, err := ensureClusterRequirements(cs, validationRequest{ - cpu: "1", - momorySize: "1Gi", - }, u.logger) - if err != nil { - return nil, err - } - if !res.isValid { - for _, m := range res.message { - u.logger.Error(m) - } - return nil, errors.New("Failed to run acceptance test on cluster") - } - - for _, m := range res.message { - u.logger.Warn(m) - } - } - v["RuntimeEnvironment"] = opt.RuntimeEnvironment err = install(&installOptions{ logger: u.logger, @@ -166,3 +144,57 @@ func (u *runtimeEnvironmentPlugin) Upgrade(_ *UpgradeOptions, v Values) (Values, func (u *runtimeEnvironmentPlugin) Migrate(*MigrateOptions, Values) error { return fmt.Errorf("not supported") } + +func (u *runtimeEnvironmentPlugin) Test(opt TestOptions) error { + validationRequest := validationRequest{ + rbac: []rbacValidation{ + { + Resource: "ServiceAccount", + Verbs: []string{"create", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "ConfigMap", + Verbs: []string{"create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "Service", + Verbs: []string{"create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "Role", + Group: "rbac.authorization.k8s.io", + Verbs: []string{"create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "RoleBinding", + Group: "rbac.authorization.k8s.io", + Verbs: []string{"create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "persistentvolumeclaims", + Namespace: opt.ClusterNamespace, + Verbs: []string{"create", "update", "delete"}, + }, + { + Resource: "pods", + Namespace: opt.ClusterNamespace, + Verbs: []string{"create", "update", "delete"}, + }, + }, + } + return test(testOptions{ + logger: u.logger, + kubeBuilder: opt.KubeBuilder, + namespace: opt.ClusterNamespace, + validationRequest: validationRequest, + }) +} + +func (u *runtimeEnvironmentPlugin) Name() string { + return RuntimeEnvironmentPluginType +} diff --git a/venonactl/pkg/plugins/venona.go b/venonactl/pkg/plugins/venona.go index e2d0c70a..8cae3df9 100644 --- a/venonactl/pkg/plugins/venona.go +++ b/venonactl/pkg/plugins/venona.go @@ -19,7 +19,6 @@ package plugins import ( "encoding/base64" "encoding/json" - "errors" "fmt" "io/ioutil" "time" @@ -28,10 +27,9 @@ import ( "github.com/codefresh-io/venona/venonactl/pkg/logger" "github.com/codefresh-io/venona/venonactl/pkg/obj/kubeobj" templates "github.com/codefresh-io/venona/venonactl/pkg/templates/kubernetes" + v1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - ) // venonaPlugin installs assets on Kubernetes Dind runtimectl Env @@ -41,8 +39,8 @@ type venonaPlugin struct { type migrationData struct { NodeSelector map[string]string `json:"nodeSelector,omitempty"` - Tolerations [] v1.Toleration `json:"tolerations,omitempty"` - Env [] v1.EnvVar + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + Env []v1.EnvVar } const ( @@ -84,26 +82,6 @@ func (u *venonaPlugin) Install(opt *InstallOptions, v Values) (Values, error) { u.logger.Error(fmt.Sprintf("Cannot ensure namespace exists: %v", err)) return nil, err } - if !opt.SkipAcceptanceTest { - u.logger.Debug("Running acceptance tests") - res, err := ensureClusterRequirements(cs, validationRequest{ - cpu: "500m", - momorySize: "1Gi", - }, u.logger) - if err != nil { - return nil, err - } - if !res.isValid { - for _, m := range res.message { - u.logger.Error(m) - } - return nil, errors.New("Failed to run acceptance test on cluster") - } - - for _, m := range res.message { - u.logger.Warn(m) - } - } return v, install(&installOptions{ logger: u.logger, @@ -240,7 +218,7 @@ func (u *venonaPlugin) Upgrade(opt *UpgradeOptions, v Values) (Values, error) { func (u *venonaPlugin) Migrate(opt *MigrateOptions, v Values) error { var deletePriorUpgrade = map[string]interface{}{ "deployment.venona.yaml": nil, - "secret.venona.yaml": nil, + "secret.venona.yaml": nil, } kubeClientset, err := opt.KubeBuilder.BuildClient() @@ -258,19 +236,19 @@ func (u *venonaPlugin) Migrate(opt *MigrateOptions, v Values) error { u.logger.Error(fmt.Sprintf("Cannot find agent pod: %v ", err)) return err } - if (len(list.Items) == 0) { + if len(list.Items) == 0 { u.logger.Debug("Runner pod not found , existing migration") return nil } migrationData := migrationData{ - Tolerations: list.Items[0].Spec.Tolerations, + Tolerations: list.Items[0].Spec.Tolerations, NodeSelector: list.Items[0].Spec.NodeSelector, - Env: list.Items[0].Spec.Containers[0].Env, + Env: list.Items[0].Spec.Containers[0].Env, } var jsonData []byte jsonData, err = json.Marshal(migrationData) err = ioutil.WriteFile("migration.json", jsonData, 0644) - if (err != nil) { + if err != nil { u.logger.Error("Cannot write migration json") } @@ -312,3 +290,37 @@ func (u *venonaPlugin) Migrate(opt *MigrateOptions, v Values) error { } } } + +func (u *venonaPlugin) Test(opt TestOptions) error { + validationRequest := validationRequest{ + cpu: "500m", + momorySize: "1Gi", + rbac: []rbacValidation{ + { + Resource: "deployment", + Verbs: []string{"create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "secret", + Verbs: []string{"create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "ClusterRoleBinding", + Group: "rbac.authorization.k8s.io", + Verbs: []string{"create", "update", "delete"}, + }, + }, + } + return test(testOptions{ + logger: u.logger, + kubeBuilder: opt.KubeBuilder, + namespace: opt.ClusterNamespace, + validationRequest: validationRequest, + }) +} + +func (u *venonaPlugin) Name() string { + return VenonaPluginType +} diff --git a/venonactl/pkg/plugins/volume-provisioner.go b/venonactl/pkg/plugins/volume-provisioner.go index 171bf78b..bb8d8a2a 100644 --- a/venonactl/pkg/plugins/volume-provisioner.go +++ b/venonactl/pkg/plugins/volume-provisioner.go @@ -111,3 +111,81 @@ func (u *volumeProvisionerPlugin) Upgrade(opt *UpgradeOptions, v Values) (Values func (u *volumeProvisionerPlugin) Migrate(*MigrateOptions, Values) error { return fmt.Errorf("not supported") } + +func (u *volumeProvisionerPlugin) Test(opt TestOptions) error { + validationRequest := validationRequest{ + rbac: []rbacValidation{ + { + Resource: "persistentvolumes", + Verbs: []string{"get", "list", "watch", "create", "delete", "patch"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "persistentvolumeclaims", + Verbs: []string{"get", "list", "watch", "update"}, + }, + { + Resource: "storageclasses", + Group: "storage.k8s.io", + Verbs: []string{"get", "list", "watch"}, + }, + { + Resource: "events", + Group: "", + Verbs: []string{"list", "watch", "create", "update", "patch"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "secrets", + Group: "", + Verbs: []string{"get", "list"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "nodes", + Group: "", + Verbs: []string{"get", "list", "watch"}, + }, + { + Resource: "pods", + Group: "", + Verbs: []string{"get", "list", "watch", "create", "delete", "patch"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "endpoints", + Group: "", + Verbs: []string{"get", "list", "watch", "create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "DaemonSet", + Group: "", + Verbs: []string{"get", "create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "CronJob", + Group: "batch", + Verbs: []string{"get", "create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + { + Resource: "ServiceAccount", + Group: "", + Verbs: []string{"get", "create", "update", "delete"}, + Namespace: opt.ClusterNamespace, + }, + }, + } + return test(testOptions{ + logger: u.logger, + kubeBuilder: opt.KubeBuilder, + namespace: opt.ClusterNamespace, + validationRequest: validationRequest, + }) +} + +func (u *volumeProvisionerPlugin) Name() string { + return VolumeProvisionerPluginType +}