diff --git a/bundle/manifests/argocd-image-updater.argoproj.io_imageupdaters.yaml b/bundle/manifests/argocd-image-updater.argoproj.io_imageupdaters.yaml new file mode 100644 index 00000000000..47ac2e2d01e --- /dev/null +++ b/bundle/manifests/argocd-image-updater.argoproj.io_imageupdaters.yaml @@ -0,0 +1,556 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + creationTimestamp: null + name: imageupdaters.argocd-image-updater.argoproj.io +spec: + group: argocd-image-updater.argoproj.io + names: + kind: ImageUpdater + listKind: ImageUpdaterList + plural: imageupdaters + singular: imageupdater + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ImageUpdater is the Schema for the imageupdaters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ImageUpdaterSpec defines the desired state of ImageUpdater + It specifies which applications to target, default update strategies, + and a list of images to manage. + properties: + applicationRefs: + description: |- + ApplicationRefs indicates the set of applications to be managed. + ApplicationRefs is a list of rules to select Argo CD Applications within the ImageUpdater CR's namespace. + Each reference can also provide specific overrides for the global settings defined above. + items: + description: ApplicationRef contains various criteria by which to + include applications for managing by image updater + properties: + commonUpdateSettings: + description: |- + CommonUpdateSettings overrides the global CommonUpdateSettings for applications + matched by this selector. + This field is ignored when UseAnnotations is true. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + images: + description: |- + Images contains a list of configurations that how images should be updated. + These rules apply to applications selected by namePattern in ApplicationRefs, and each + image can override global/ApplicationRef settings. + This field is ignored when UseAnnotations is true. + items: + description: |- + ImageConfig defines how a specific container image should be discovered, updated, + and how those updates should be reflected in application manifests. + properties: + alias: + description: |- + Alias is a short, user-defined name for this image configuration. + It MUST be unique within a single ApplicationRef's list of images. + This field is mandatory. + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-._]*$ + type: string + commonUpdateSettings: + description: CommonUpdateSettings overrides the effective + default CommonUpdateSettings for this specific image. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + imageName: + description: |- + ImageName is the full identifier of the image to be tracked, + including the registry (if not Docker Hub), the image name, and an initial/current tag or version. + This is the string used to query the container registry and also as a base for finding updates. + Example: "docker.io/library/nginx:1.17.10", "quay.io/prometheus/node-exporter:v1.5.0". + This field is mandatory. + type: string + manifestTargets: + description: |- + ManifestTarget defines how and where to update this image in Kubernetes manifests. + Only one of Helm or Kustomize should be specified within this block. + This whole block is optional if the image update isn't written to a manifest in a structured way. + properties: + helm: + description: |- + Helm specifies update parameters if the target manifest is managed by Helm + and updates are to be made to Helm values files. + properties: + name: + description: |- + Name is the dot-separated path to the Helm key for the image repository/name part. + Example: "image.repository", "frontend.deployment.image.name". + If neither spec nor name/tag are set, defaults to "image.name". + If spec is set, this field is ignored. + type: string + spec: + description: |- + Spec is the dot-separated path to a Helm key where the full image string + (e.g., "image/name:1.0") should be written. + Use this if your Helm chart expects the entire image reference in a single field, + rather than separate name/tag fields. If this is set, name and tag will be ignored. + type: string + tag: + description: |- + Tag is the dot-separated path to the Helm key for the image tag part. + Example: "image.tag", "frontend.deployment.image.version". + If neither spec nor name/tag are set, defaults to "image.tag". + If spec is set, this field is ignored. + type: string + type: object + kustomize: + description: |- + Kustomize specifies update parameters if the target manifest is managed by Kustomize + and updates involve changing image tags in Kustomize configurations. + properties: + name: + description: |- + Name is the image name (which can include the registry and an initial tag) + as it appears in the `images` list of a kustomization.yaml file that needs to be updated. + The updater will typically change the tag or add a digest to this entry. + Example: "docker.io/library/nginx". + This field is required if the Kustomize target is used. + type: string + required: + - name + type: object + type: object + x-kubernetes-validations: + - message: Exactly one of helm or kustomize must be specified + within manifestTargets if the block is present. + rule: 'has(self.helm) ? !has(self.kustomize) : has(self.kustomize)' + required: + - alias + - imageName + type: object + type: array + x-kubernetes-list-map-keys: + - alias + x-kubernetes-list-type: map + labelSelectors: + description: LabelSelectors indicates the label selectors to + apply for application selection + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namePattern: + description: NamePattern indicates the glob pattern for application + name + type: string + useAnnotations: + default: false + description: |- + UseAnnotations When true, read image configuration from Application's + argocd-image-updater.argoproj.io/* annotations instead of + requiring explicit Images[] configuration in this CR. + When this field is set to true, only namePattern and labelSelectors are used for + application selection. All other fields (CommonUpdateSettings, WriteBackConfig, Images) + are ignored. + type: boolean + writeBackConfig: + description: |- + WriteBackConfig overrides the global WriteBackConfig settings for applications + matched by this selector. + This field is ignored when UseAnnotations is true. + properties: + gitConfig: + description: |- + GitConfig provides Git configuration settings if the write-back method involves Git. + This can only be used when method is "git" or starts with "git:". + properties: + branch: + description: |- + Branch to commit updates to. + Required if write-back method is Git and this is not specified at the spec level. + type: string + repository: + description: |- + Repository URL to commit changes to. + If not specified here or at the spec level, the controller MUST infer it from the + Argo CD Application's `spec.source.repoURL`. This field allows overriding that. + type: string + writeBackTarget: + description: |- + WriteBackTarget defines the path and type of file to update in the Git repository. + Examples: "helmvalues:./helm/values.yaml", "kustomization:./kustomize/overlays/production". + For ApplicationSet usage, `{{ .app.path.path }}` should be resolved by ApplicationSet + before this CR is generated, resulting in a concrete path here. + Required if write-back method is Git and this is not specified at the spec level. + type: string + type: object + method: + default: argocd + description: |- + Method defines the method for writing back updated image versions. + This acts as the default if not overridden. If not specified, defaults to "argocd". + pattern: ^(argocd|git|git:[a-zA-Z0-9][a-zA-Z0-9-._/:]*)$ + type: string + required: + - method + type: object + required: + - namePattern + type: object + x-kubernetes-validations: + - message: Either useAnnotations must be true, or images must be + provided with at least one item + rule: '!(has(self.useAnnotations) && self.useAnnotations == true) + ? (has(self.images) && size(self.images) > 0) : true' + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - namePattern + x-kubernetes-list-type: map + commonUpdateSettings: + description: |- + CommonUpdateSettings provides global default settings for update strategies, + tag filtering, pull secrets, etc., for all applications matched by this CR. + These can be overridden at the ApplicationRef or ImageConfig level. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + namespace: + description: |- + Namespace indicates the target namespace of the applications. + + Deprecated: This field is deprecated and will be removed in a future release. + The controller now uses the ImageUpdater CR's namespace (metadata.namespace) + to determine which namespace to search for applications. This field is ignored. + type: string + writeBackConfig: + description: |- + WriteBackConfig provides global default settings for how and where to write back image updates. + This can be overridden at the ApplicationRef level. + properties: + gitConfig: + description: |- + GitConfig provides Git configuration settings if the write-back method involves Git. + This can only be used when method is "git" or starts with "git:". + properties: + branch: + description: |- + Branch to commit updates to. + Required if write-back method is Git and this is not specified at the spec level. + type: string + repository: + description: |- + Repository URL to commit changes to. + If not specified here or at the spec level, the controller MUST infer it from the + Argo CD Application's `spec.source.repoURL`. This field allows overriding that. + type: string + writeBackTarget: + description: |- + WriteBackTarget defines the path and type of file to update in the Git repository. + Examples: "helmvalues:./helm/values.yaml", "kustomization:./kustomize/overlays/production". + For ApplicationSet usage, `{{ .app.path.path }}` should be resolved by ApplicationSet + before this CR is generated, resulting in a concrete path here. + Required if write-back method is Git and this is not specified at the spec level. + type: string + type: object + method: + default: argocd + description: |- + Method defines the method for writing back updated image versions. + This acts as the default if not overridden. If not specified, defaults to "argocd". + pattern: ^(argocd|git|git:[a-zA-Z0-9][a-zA-Z0-9-._/:]*)$ + type: string + required: + - method + type: object + required: + - applicationRefs + type: object + status: + description: ImageUpdaterStatus defines the observed state of ImageUpdater + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + imageStatus: + description: ImageStatus indicates the detailed status for the list + of managed images + items: + description: ImageStatus contains information for an image:version + and its update status in hosting applications + properties: + applications: + description: Applications contains a list of applications and + when the image was last updated therein + items: + description: ImageApplicationLastUpdated contains information + for an application and when the image was last updated therein + properties: + appName: + description: AppName indicates and namespace and the application + name + type: string + lastUpdatedAt: + description: LastUpdatedAt indicates when the image in + this application was last updated + format: date-time + type: string + required: + - appName + type: object + type: array + name: + description: Name indicates the image name + type: string + version: + description: Version indicates the image version + type: string + required: + - name + - version + type: object + type: array + reconciledAt: + description: LastUpdatedAt indicates when the image updater last ran + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/bundle/manifests/gitops-operator.clusterserviceversion.yaml b/bundle/manifests/gitops-operator.clusterserviceversion.yaml index 7cf70eff722..982fe97cca3 100644 --- a/bundle/manifests/gitops-operator.clusterserviceversion.yaml +++ b/bundle/manifests/gitops-operator.clusterserviceversion.yaml @@ -180,7 +180,7 @@ metadata: capabilities: Deep Insights console.openshift.io/plugins: '["gitops-plugin"]' containerImage: quay.io/redhat-developer/gitops-operator - createdAt: "2026-02-27T08:17:37Z" + createdAt: "2026-03-04T06:59:29Z" description: Enables teams to adopt GitOps principles for managing cluster configurations and application delivery across hybrid multi-cluster Kubernetes environments. features.operators.openshift.io/disconnected: "true" @@ -306,6 +306,11 @@ spec: kind: GitopsService name: gitopsservices.pipelines.openshift.io version: v1alpha1 + - description: ImageUpdater is the Schema for the imageupdaters API + displayName: ImageUpdater + kind: ImageUpdater + name: imageupdaters.argocd-image-updater.argoproj.io + version: v1alpha1 - kind: NamespaceManagement name: namespacemanagements.argoproj.io version: v1beta1 diff --git a/config/crd/bases/argocd-image-updater.argoproj.io_imageupdaters.yaml b/config/crd/bases/argocd-image-updater.argoproj.io_imageupdaters.yaml new file mode 100644 index 00000000000..47ac2e2d01e --- /dev/null +++ b/config/crd/bases/argocd-image-updater.argoproj.io_imageupdaters.yaml @@ -0,0 +1,556 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.19.0 + creationTimestamp: null + name: imageupdaters.argocd-image-updater.argoproj.io +spec: + group: argocd-image-updater.argoproj.io + names: + kind: ImageUpdater + listKind: ImageUpdaterList + plural: imageupdaters + singular: imageupdater + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ImageUpdater is the Schema for the imageupdaters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ImageUpdaterSpec defines the desired state of ImageUpdater + It specifies which applications to target, default update strategies, + and a list of images to manage. + properties: + applicationRefs: + description: |- + ApplicationRefs indicates the set of applications to be managed. + ApplicationRefs is a list of rules to select Argo CD Applications within the ImageUpdater CR's namespace. + Each reference can also provide specific overrides for the global settings defined above. + items: + description: ApplicationRef contains various criteria by which to + include applications for managing by image updater + properties: + commonUpdateSettings: + description: |- + CommonUpdateSettings overrides the global CommonUpdateSettings for applications + matched by this selector. + This field is ignored when UseAnnotations is true. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + images: + description: |- + Images contains a list of configurations that how images should be updated. + These rules apply to applications selected by namePattern in ApplicationRefs, and each + image can override global/ApplicationRef settings. + This field is ignored when UseAnnotations is true. + items: + description: |- + ImageConfig defines how a specific container image should be discovered, updated, + and how those updates should be reflected in application manifests. + properties: + alias: + description: |- + Alias is a short, user-defined name for this image configuration. + It MUST be unique within a single ApplicationRef's list of images. + This field is mandatory. + pattern: ^[a-zA-Z0-9][a-zA-Z0-9-._]*$ + type: string + commonUpdateSettings: + description: CommonUpdateSettings overrides the effective + default CommonUpdateSettings for this specific image. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + imageName: + description: |- + ImageName is the full identifier of the image to be tracked, + including the registry (if not Docker Hub), the image name, and an initial/current tag or version. + This is the string used to query the container registry and also as a base for finding updates. + Example: "docker.io/library/nginx:1.17.10", "quay.io/prometheus/node-exporter:v1.5.0". + This field is mandatory. + type: string + manifestTargets: + description: |- + ManifestTarget defines how and where to update this image in Kubernetes manifests. + Only one of Helm or Kustomize should be specified within this block. + This whole block is optional if the image update isn't written to a manifest in a structured way. + properties: + helm: + description: |- + Helm specifies update parameters if the target manifest is managed by Helm + and updates are to be made to Helm values files. + properties: + name: + description: |- + Name is the dot-separated path to the Helm key for the image repository/name part. + Example: "image.repository", "frontend.deployment.image.name". + If neither spec nor name/tag are set, defaults to "image.name". + If spec is set, this field is ignored. + type: string + spec: + description: |- + Spec is the dot-separated path to a Helm key where the full image string + (e.g., "image/name:1.0") should be written. + Use this if your Helm chart expects the entire image reference in a single field, + rather than separate name/tag fields. If this is set, name and tag will be ignored. + type: string + tag: + description: |- + Tag is the dot-separated path to the Helm key for the image tag part. + Example: "image.tag", "frontend.deployment.image.version". + If neither spec nor name/tag are set, defaults to "image.tag". + If spec is set, this field is ignored. + type: string + type: object + kustomize: + description: |- + Kustomize specifies update parameters if the target manifest is managed by Kustomize + and updates involve changing image tags in Kustomize configurations. + properties: + name: + description: |- + Name is the image name (which can include the registry and an initial tag) + as it appears in the `images` list of a kustomization.yaml file that needs to be updated. + The updater will typically change the tag or add a digest to this entry. + Example: "docker.io/library/nginx". + This field is required if the Kustomize target is used. + type: string + required: + - name + type: object + type: object + x-kubernetes-validations: + - message: Exactly one of helm or kustomize must be specified + within manifestTargets if the block is present. + rule: 'has(self.helm) ? !has(self.kustomize) : has(self.kustomize)' + required: + - alias + - imageName + type: object + type: array + x-kubernetes-list-map-keys: + - alias + x-kubernetes-list-type: map + labelSelectors: + description: LabelSelectors indicates the label selectors to + apply for application selection + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namePattern: + description: NamePattern indicates the glob pattern for application + name + type: string + useAnnotations: + default: false + description: |- + UseAnnotations When true, read image configuration from Application's + argocd-image-updater.argoproj.io/* annotations instead of + requiring explicit Images[] configuration in this CR. + When this field is set to true, only namePattern and labelSelectors are used for + application selection. All other fields (CommonUpdateSettings, WriteBackConfig, Images) + are ignored. + type: boolean + writeBackConfig: + description: |- + WriteBackConfig overrides the global WriteBackConfig settings for applications + matched by this selector. + This field is ignored when UseAnnotations is true. + properties: + gitConfig: + description: |- + GitConfig provides Git configuration settings if the write-back method involves Git. + This can only be used when method is "git" or starts with "git:". + properties: + branch: + description: |- + Branch to commit updates to. + Required if write-back method is Git and this is not specified at the spec level. + type: string + repository: + description: |- + Repository URL to commit changes to. + If not specified here or at the spec level, the controller MUST infer it from the + Argo CD Application's `spec.source.repoURL`. This field allows overriding that. + type: string + writeBackTarget: + description: |- + WriteBackTarget defines the path and type of file to update in the Git repository. + Examples: "helmvalues:./helm/values.yaml", "kustomization:./kustomize/overlays/production". + For ApplicationSet usage, `{{ .app.path.path }}` should be resolved by ApplicationSet + before this CR is generated, resulting in a concrete path here. + Required if write-back method is Git and this is not specified at the spec level. + type: string + type: object + method: + default: argocd + description: |- + Method defines the method for writing back updated image versions. + This acts as the default if not overridden. If not specified, defaults to "argocd". + pattern: ^(argocd|git|git:[a-zA-Z0-9][a-zA-Z0-9-._/:]*)$ + type: string + required: + - method + type: object + required: + - namePattern + type: object + x-kubernetes-validations: + - message: Either useAnnotations must be true, or images must be + provided with at least one item + rule: '!(has(self.useAnnotations) && self.useAnnotations == true) + ? (has(self.images) && size(self.images) > 0) : true' + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - namePattern + x-kubernetes-list-type: map + commonUpdateSettings: + description: |- + CommonUpdateSettings provides global default settings for update strategies, + tag filtering, pull secrets, etc., for all applications matched by this CR. + These can be overridden at the ApplicationRef or ImageConfig level. + properties: + allowTags: + description: |- + AllowTags is a regex pattern for tags to allow. + This acts as the default if not overridden. + type: string + forceUpdate: + default: false + description: |- + ForceUpdate specifies whether updates should be forced. + This acts as the default if not overridden. + type: boolean + ignoreTags: + description: |- + IgnoreTags is a list of glob-like patterns of tags to ignore. + This acts as the default and can be overridden at more specific levels. + items: + type: string + type: array + x-kubernetes-list-type: atomic + platforms: + description: |- + Platforms specifies a list of target platforms (e.g., "linux/amd64", "linux/arm64"). + If specified, the image updater will consider these platforms when checking for new versions or digests. + items: + type: string + type: array + x-kubernetes-list-type: atomic + pullSecret: + description: |- + PullSecret is the pull secret to use for images. + This acts as the default if not overridden. + type: string + updateStrategy: + default: semver + description: |- + UpdateStrategy defines the update strategy to apply. + Examples: "semver", "latest", "digest", "name". + This acts as the default if not overridden at a more specific level. + type: string + type: object + namespace: + description: |- + Namespace indicates the target namespace of the applications. + + Deprecated: This field is deprecated and will be removed in a future release. + The controller now uses the ImageUpdater CR's namespace (metadata.namespace) + to determine which namespace to search for applications. This field is ignored. + type: string + writeBackConfig: + description: |- + WriteBackConfig provides global default settings for how and where to write back image updates. + This can be overridden at the ApplicationRef level. + properties: + gitConfig: + description: |- + GitConfig provides Git configuration settings if the write-back method involves Git. + This can only be used when method is "git" or starts with "git:". + properties: + branch: + description: |- + Branch to commit updates to. + Required if write-back method is Git and this is not specified at the spec level. + type: string + repository: + description: |- + Repository URL to commit changes to. + If not specified here or at the spec level, the controller MUST infer it from the + Argo CD Application's `spec.source.repoURL`. This field allows overriding that. + type: string + writeBackTarget: + description: |- + WriteBackTarget defines the path and type of file to update in the Git repository. + Examples: "helmvalues:./helm/values.yaml", "kustomization:./kustomize/overlays/production". + For ApplicationSet usage, `{{ .app.path.path }}` should be resolved by ApplicationSet + before this CR is generated, resulting in a concrete path here. + Required if write-back method is Git and this is not specified at the spec level. + type: string + type: object + method: + default: argocd + description: |- + Method defines the method for writing back updated image versions. + This acts as the default if not overridden. If not specified, defaults to "argocd". + pattern: ^(argocd|git|git:[a-zA-Z0-9][a-zA-Z0-9-._/:]*)$ + type: string + required: + - method + type: object + required: + - applicationRefs + type: object + status: + description: ImageUpdaterStatus defines the observed state of ImageUpdater + properties: + conditions: + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + imageStatus: + description: ImageStatus indicates the detailed status for the list + of managed images + items: + description: ImageStatus contains information for an image:version + and its update status in hosting applications + properties: + applications: + description: Applications contains a list of applications and + when the image was last updated therein + items: + description: ImageApplicationLastUpdated contains information + for an application and when the image was last updated therein + properties: + appName: + description: AppName indicates and namespace and the application + name + type: string + lastUpdatedAt: + description: LastUpdatedAt indicates when the image in + this application was last updated + format: date-time + type: string + required: + - appName + type: object + type: array + name: + description: Name indicates the image name + type: string + version: + description: Version indicates the image version + type: string + required: + - name + - version + type: object + type: array + reconciledAt: + description: LastUpdatedAt indicates when the image updater last ran + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 77cc696c324..b9d5e0a274d 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -9,6 +9,7 @@ resources: - bases/argoproj.io_argocds.yaml - bases/argoproj.io_namespacemanagements.yaml - bases/argoproj.io_notificationsconfigurations.yaml +- bases/argocd-image-updater.argoproj.io_imageupdaters.yaml - bases/analysis-run-crd.yaml - bases/analysis-template-crd.yaml - bases/argoproj.io_rolloutmanagers.yaml diff --git a/config/manifests/bases/gitops-operator.clusterserviceversion.yaml b/config/manifests/bases/gitops-operator.clusterserviceversion.yaml index 2aeac140aad..c91e1f76b4d 100644 --- a/config/manifests/bases/gitops-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/gitops-operator.clusterserviceversion.yaml @@ -132,6 +132,11 @@ spec: kind: RolloutManager name: rolloutmanagers.argoproj.io version: v1alpha1 + - description: ImageUpdater is the Schema for the imageupdaters API + displayName: ImageUpdater + kind: ImageUpdater + name: imageupdaters.argocd-image-updater.argoproj.io + version: v1alpha1 - description: GitopsService is the Schema for the gitopsservices API displayName: Gitops Service kind: GitopsService diff --git a/go.mod b/go.mod index e42eb7777c0..391b06cb7e2 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.25.5 require ( github.com/argoproj-labs/argo-rollouts-manager v0.0.8-0.20260224121037-1824164aac67 + github.com/argoproj-labs/argocd-image-updater v1.1.1 github.com/argoproj-labs/argocd-operator v0.17.0-rc1.0.20260227080902-0433a07294f8 github.com/argoproj/argo-cd/v3 v3.3.0 github.com/argoproj/gitops-engine v0.7.1-0.20251217140045-5baed5604d2d @@ -43,7 +44,6 @@ require ( github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/ProtonMail/go-crypto v1.1.6 // indirect - github.com/argoproj-labs/argocd-image-updater v1.1.1 // indirect github.com/argoproj/pkg v0.13.7-0.20250305113207-cbc37dc61de5 // indirect github.com/argoproj/pkg/v2 v2.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect diff --git a/test/openshift/e2e/ginkgo/fixture/utils/fixtureUtils.go b/test/openshift/e2e/ginkgo/fixture/utils/fixtureUtils.go index 84f17ca7609..97f3bcc763c 100644 --- a/test/openshift/e2e/ginkgo/fixture/utils/fixtureUtils.go +++ b/test/openshift/e2e/ginkgo/fixture/utils/fixtureUtils.go @@ -16,6 +16,7 @@ import ( olmv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1" rolloutmanagerv1alpha1 "github.com/argoproj-labs/argo-rollouts-manager/api/v1alpha1" + imageUpdater "github.com/argoproj-labs/argocd-image-updater/api/v1alpha1" argov1alpha1api "github.com/argoproj-labs/argocd-operator/api/v1alpha1" consolev1 "github.com/openshift/api/console/v1" routev1 "github.com/openshift/api/route/v1" @@ -141,6 +142,10 @@ func getKubeClient(config *rest.Config) (client.Client, *runtime.Scheme, error) return nil, nil, err } + if err := imageUpdater.AddToScheme(scheme); err != nil { + return nil, nil, err + } + k8sClient, err := client.New(config, client.Options{Scheme: scheme}) if err != nil { return nil, nil, err diff --git a/test/openshift/e2e/ginkgo/parallel/1-034_validate_webhook_notifications_test.go b/test/openshift/e2e/ginkgo/parallel/1-034_validate_webhook_notifications_test.go index 1772b66d96e..60f5b814c64 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-034_validate_webhook_notifications_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-034_validate_webhook_notifications_test.go @@ -419,7 +419,7 @@ UVwpFuaKz5vTCD36Gmmy/u8y return strings.Contains(out, `{"created":"my-app-3","type":"Directory"}`) - }, "4m", "5s").Should(BeTrue()) + }, "5m", "10s").Should(BeTrue(), "Webhook did not receive the expected notification within timeout") }) diff --git a/test/openshift/e2e/ginkgo/parallel/1-046_validate_application_tracking_test.go b/test/openshift/e2e/ginkgo/parallel/1-046_validate_application_tracking_test.go new file mode 100644 index 00000000000..4ac8e54a834 --- /dev/null +++ b/test/openshift/e2e/ginkgo/parallel/1-046_validate_application_tracking_test.go @@ -0,0 +1,320 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package parallel + +import ( + "context" + + argocdv1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" + "github.com/argoproj/gitops-engine/pkg/health" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1" + "github.com/argoproj-labs/argocd-operator/tests/ginkgo/fixture" + "github.com/argoproj-labs/argocd-operator/tests/ginkgo/fixture/application" + argocdFixture "github.com/argoproj-labs/argocd-operator/tests/ginkgo/fixture/argocd" + configmapFixture "github.com/argoproj-labs/argocd-operator/tests/ginkgo/fixture/configmap" + k8sFixture "github.com/argoproj-labs/argocd-operator/tests/ginkgo/fixture/k8s" + "github.com/argoproj-labs/argocd-operator/tests/ginkgo/fixture/namespace" + fixtureUtils "github.com/argoproj-labs/argocd-operator/tests/ginkgo/fixture/utils" +) + +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { + + Context("1-046_validate_application_tracking", func() { + + var ( + k8sClient client.Client + ctx context.Context + ) + + BeforeEach(func() { + fixture.EnsureParallelCleanSlate() + + k8sClient, _ = fixtureUtils.GetE2ETestKubeClient() + ctx = context.Background() + + }) + + It("verifies that when .spec.installationID is set, that value is set on Argo CD ConfigMap, and that installationID is also set on resources deployed by that Argo CD instance, and that .spec.resourceTrackingMethod is defined on that Argo CD instance", func() { + + By("creating namespaces which will contain Argo CD instances and which will be deployed to by Argo CD ") + test_1_046_argocd_1_NS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("test-1-046-argocd-1") + defer cleanupFunc() + + test_1_046_argocd_2_NS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("test-1-046-argocd-2") + defer cleanupFunc() + + test_1_046_argocd_3_NS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("test-1-046-argocd-3") + defer cleanupFunc() + + source_ns_1_NS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("source-ns-1") + defer cleanupFunc() + + source_ns_2_NS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("source-ns-2") + defer cleanupFunc() + + source_ns_3_NS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("source-ns-3") + defer cleanupFunc() + + By("creating first Argo CD instance, with installationID 'instance-1', and annotation+label tracking") + argocd_1 := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-1", + Namespace: test_1_046_argocd_1_NS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + InstallationID: "instance-1", + ResourceTrackingMethod: "annotation+label", + }, + } + Expect(k8sClient.Create(ctx, argocd_1)).Should(Succeed()) + + By("creating second Argo CD instance, with instance-2 ID, and annotation+label tracking") + argocd_2 := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-2", + Namespace: test_1_046_argocd_2_NS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + InstallationID: "instance-2", + ResourceTrackingMethod: "annotation+label", + }, + } + Expect(k8sClient.Create(ctx, argocd_2)).Should(Succeed()) + By("creating second Argo CD instance, with instance-3 ID, and annotation tracking (by default it is annotation") + argocd_3 := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-3", + Namespace: test_1_046_argocd_3_NS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + InstallationID: "instance-3", + }, + } + Expect(k8sClient.Create(ctx, argocd_3)).Should(Succeed()) + + Eventually(argocd_1, "5m", "5s").Should(argocdFixture.BeAvailable()) + Eventually(argocd_2, "5m", "5s").Should(argocdFixture.BeAvailable()) + Eventually(argocd_3, "5m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying argocd-cm for Argo CD instances contain the values defined in ArgoCD CR .spec field") + configMap_test_1_046_argocd_1 := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-cm", + Namespace: "test-1-046-argocd-1", + }, + } + Eventually(configMap_test_1_046_argocd_1).Should(k8sFixture.ExistByName()) + Expect(configMap_test_1_046_argocd_1).Should(configmapFixture.HaveStringDataKeyValue("installationID", "instance-1")) + Expect(configMap_test_1_046_argocd_1).Should(configmapFixture.HaveStringDataKeyValue("application.resourceTrackingMethod", "annotation+label")) + + configMap_test_1_046_argocd_2 := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-cm", + Namespace: "test-1-046-argocd-2", + }, + } + + Eventually(configMap_test_1_046_argocd_2).Should(k8sFixture.ExistByName()) + Expect(configMap_test_1_046_argocd_2).Should(configmapFixture.HaveStringDataKeyValue("installationID", "instance-2")) + Expect(configMap_test_1_046_argocd_2).Should(configmapFixture.HaveStringDataKeyValue("application.resourceTrackingMethod", "annotation+label")) + + configMap_test_1_046_argocd_3 := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-cm", + Namespace: "test-1-046-argocd-3", + }, + } + + Eventually(configMap_test_1_046_argocd_2).Should(k8sFixture.ExistByName()) + Expect(configMap_test_1_046_argocd_3).Should(configmapFixture.HaveStringDataKeyValue("installationID", "instance-3")) + Expect(configMap_test_1_046_argocd_3).Should(configmapFixture.HaveStringDataKeyValue("application.resourceTrackingMethod", "annotation")) + + By("adding managed-by label to test-1-046-argocd-(1/3), managed by Argo CD instances 1, 2 and 3") + namespace.Update(source_ns_1_NS, func(n *corev1.Namespace) { + if n.Labels == nil { + n.Labels = map[string]string{} + } + n.Labels["argocd.argoproj.io/managed-by"] = "test-1-046-argocd-1" + }) + + namespace.Update(source_ns_2_NS, func(n *corev1.Namespace) { + if n.Labels == nil { + n.Labels = map[string]string{} + } + n.Labels["argocd.argoproj.io/managed-by"] = "test-1-046-argocd-2" + }) + + namespace.Update(source_ns_3_NS, func(n *corev1.Namespace) { + n.Labels["argocd.argoproj.io/managed-by"] = "test-1-046-argocd-3" + if n.Annotations == nil { + n.Annotations = map[string]string{} + } + n.Annotations["argocd.argoproj.io/managed-by"] = "test-1-046-argocd-3" + }) + + By("verifying role is created in the correct source-ns-(1/3) namespaces, for instances") + role_appController_source_ns_1 := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-1-argocd-application-controller", + Namespace: "source-ns-1", + }, + } + Eventually(role_appController_source_ns_1).Should(k8sFixture.ExistByName()) + + role_appController_source_ns_2 := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-2-argocd-application-controller", + Namespace: "source-ns-2", + }, + } + Eventually(role_appController_source_ns_2).Should(k8sFixture.ExistByName()) + + role_appController_source_ns_3 := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: "argocd-3-argocd-application-controller", + Namespace: "source-ns-3", + }, + } + Eventually(role_appController_source_ns_3).Should(k8sFixture.ExistByName()) + + By("by defining a simple Argo CD Application for both Argo CD instances, to deploy to source namespaces 1/2 respectively") + application_test_1_046_argocd_1 := &argocdv1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-app", + Namespace: "test-1-046-argocd-1", + }, + Spec: argocdv1alpha1.ApplicationSpec{ + Project: "default", + Source: &argocdv1alpha1.ApplicationSource{ + RepoURL: "https://github.com/redhat-developer/gitops-operator", + Path: "test/examples/nginx", + TargetRevision: "HEAD", + }, + Destination: argocdv1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "source-ns-1", + }, + SyncPolicy: &argocdv1alpha1.SyncPolicy{ + Automated: &argocdv1alpha1.SyncPolicyAutomated{}, + }, + }, + } + Expect(k8sClient.Create(ctx, application_test_1_046_argocd_1)).To(Succeed()) + + application_test_1_046_argocd_2 := &argocdv1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-app", + Namespace: "test-1-046-argocd-2", + }, + Spec: argocdv1alpha1.ApplicationSpec{ + Project: "default", + Source: &argocdv1alpha1.ApplicationSource{ + RepoURL: "https://github.com/redhat-developer/gitops-operator", + Path: "test/examples/nginx", + TargetRevision: "HEAD", + }, + Destination: argocdv1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "source-ns-2", + }, + SyncPolicy: &argocdv1alpha1.SyncPolicy{ + Automated: &argocdv1alpha1.SyncPolicyAutomated{}, + }, + }, + } + Expect(k8sClient.Create(ctx, application_test_1_046_argocd_2)).To(Succeed()) + application_test_1_046_argocd_3 := &argocdv1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-app", + Namespace: "test-1-046-argocd-3", + }, + Spec: argocdv1alpha1.ApplicationSpec{ + Project: "default", + Source: &argocdv1alpha1.ApplicationSource{ + RepoURL: "https://github.com/redhat-developer/gitops-operator", + Path: "test/examples/nginx", + TargetRevision: "HEAD", + }, + Destination: argocdv1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "source-ns-3", + }, + SyncPolicy: &argocdv1alpha1.SyncPolicy{ + Automated: &argocdv1alpha1.SyncPolicyAutomated{}, + }, + }, + } + Expect(k8sClient.Create(ctx, application_test_1_046_argocd_3)).To(Succeed()) + + By("verifying that the Applications successfully deployed, and that they have the correct installation-id and tracking-id, based on which Argo CD instance deployed them") + + Eventually(application_test_1_046_argocd_1, "4m", "5s").Should(application.HaveHealthStatusCode(health.HealthStatusHealthy)) + Eventually(application_test_1_046_argocd_1, "4m", "5s").Should(application.HaveSyncStatusCode(argocdv1alpha1.SyncStatusCodeSynced)) + + Eventually(application_test_1_046_argocd_2, "4m", "5s").Should(application.HaveHealthStatusCode(health.HealthStatusHealthy)) + Eventually(application_test_1_046_argocd_2, "4m", "5s").Should(application.HaveSyncStatusCode(argocdv1alpha1.SyncStatusCodeSynced)) + + Eventually(application_test_1_046_argocd_3, "4m", "5s").Should(application.HaveHealthStatusCode(health.HealthStatusHealthy)) + Eventually(application_test_1_046_argocd_3, "4m", "5s").Should(application.HaveSyncStatusCode(argocdv1alpha1.SyncStatusCodeSynced)) + + deployment_source_ns_1 := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nginx-deployment", + Namespace: "source-ns-1", + }, + } + Eventually(deployment_source_ns_1).Should(k8sFixture.ExistByName()) + Eventually(deployment_source_ns_1).Should(k8sFixture.HaveAnnotationWithValue("argocd.argoproj.io/installation-id", "instance-1")) + Eventually(deployment_source_ns_1).Should(k8sFixture.HaveAnnotationWithValue("argocd.argoproj.io/tracking-id", "test-app:apps/Deployment:source-ns-1/nginx-deployment")) + + Eventually(deployment_source_ns_1).Should(k8sFixture.HaveLabelWithValue("app.kubernetes.io/instance", "test-app")) + + deployment_source_ns_2 := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nginx-deployment", + Namespace: "source-ns-2", + }, + } + Eventually(deployment_source_ns_2).Should(k8sFixture.ExistByName()) + Eventually(deployment_source_ns_2).Should(k8sFixture.HaveAnnotationWithValue("argocd.argoproj.io/installation-id", "instance-2")) + Eventually(deployment_source_ns_2).Should(k8sFixture.HaveAnnotationWithValue("argocd.argoproj.io/tracking-id", "test-app:apps/Deployment:source-ns-2/nginx-deployment")) + + Eventually(deployment_source_ns_2).Should(k8sFixture.HaveLabelWithValue("app.kubernetes.io/instance", "test-app")) + + deployment_source_ns_3 := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "nginx-deployment", + Namespace: "source-ns-3", + }, + } + Eventually(deployment_source_ns_3).Should(k8sFixture.ExistByName()) + Eventually(deployment_source_ns_3).Should(k8sFixture.HaveAnnotationWithValue("argocd.argoproj.io/installation-id", "instance-3")) + Eventually(deployment_source_ns_3).Should(k8sFixture.HaveAnnotationWithValue("argocd.argoproj.io/tracking-id", "test-app:apps/Deployment:source-ns-3/nginx-deployment")) + + Eventually(deployment_source_ns_3).Should(k8sFixture.NotHaveLabelWithValue("app.kubernetes.io/instance", "test-app")) + }) + + }) +}) diff --git a/test/openshift/e2e/ginkgo/parallel/1-054_validate_deploymentconfig_test.go b/test/openshift/e2e/ginkgo/parallel/1-054_validate_deploymentconfig_test.go index 28c120059c6..d88c35ab5af 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-054_validate_deploymentconfig_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-054_validate_deploymentconfig_test.go @@ -93,8 +93,8 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Expect(k8sClient.Create(ctx, app)).To(Succeed()) By("verifying Application is healthy and sync operation succeeded") - Eventually(app).Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy)) - Eventually(app).Should(applicationFixture.HaveOperationStatePhase(common.OperationSucceeded)) + Eventually(app, "8m", "10s").Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy), "Application did not reach healthy status within timeout") + Eventually(app, "8m", "10s").Should(applicationFixture.HaveOperationStatePhase(common.OperationSucceeded), "Application operation did not succeed within timeout") By("verifying DeploymentConfig has 2 replicas") dc := &osappsv1.DeploymentConfig{ @@ -124,8 +124,8 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { }, "2m", "1s").Should(BeTrue()) By("verifying Application is still healthy and operation has succeeded") - Eventually(app).Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy)) - Eventually(app).Should(applicationFixture.HaveOperationStatePhase(common.OperationSucceeded)) + Eventually(app, "8m", "10s").Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy), "Application did not reach healthy status after update within timeout") + Eventually(app, "8m", "10s").Should(applicationFixture.HaveOperationStatePhase(common.OperationSucceeded), "Application operation did not succeed after update within timeout") }) diff --git a/test/openshift/e2e/ginkgo/parallel/1-058_validate_prometheus_rule_test.go b/test/openshift/e2e/ginkgo/parallel/1-058_validate_prometheus_rule_test.go index 62fd4b5a801..d3a717f3d35 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-058_validate_prometheus_rule_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-058_validate_prometheus_rule_test.go @@ -91,8 +91,8 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } Expect(k8sClient.Create(ctx, app)).To(Succeed()) - Eventually(app).Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy)) - Eventually(app).Should(applicationFixture.HaveSyncStatusCode(appv1alpha1.SyncStatusCodeSynced)) + Eventually(app, "8m", "10s").Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy), "Application did not reach healthy status within timeout") + Eventually(app, "8m", "10s").Should(applicationFixture.HaveSyncStatusCode(appv1alpha1.SyncStatusCodeSynced), "Application did not sync within timeout") }) }) }) diff --git a/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go b/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go index a536fba9bc5..54d25696023 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go @@ -87,15 +87,15 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Eventually(argoCD, "5m", "10s").Should(argocdFixture.BeAvailable()) deploymentsShouldExist := []string{"argocd-redis-ha-haproxy", "argocd-server", "argocd-repo-server"} - for _, depl := range deploymentsShouldExist { + for _, deplName := range deploymentsShouldExist { replicas := 1 - if depl == "argocd-redis-ha-haproxy" { + if deplName == "argocd-redis-ha-haproxy" { replicas = 3 } - depl := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: depl, Namespace: ns.Name}} - Eventually(depl).Should(k8sFixture.ExistByName()) - Eventually(depl).Should(deplFixture.HaveReadyReplicas(replicas)) + depl := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: deplName, Namespace: ns.Name}} + Eventually(depl, "2m", "5s").Should(k8sFixture.ExistByName(), "Deployment "+deplName+" did not exist within timeout") + Eventually(depl, "6m", "10s").Should(deplFixture.HaveReadyReplicas(replicas), "Deployment "+deplName+" did not have ready replicas within timeout") } statefulsetsShouldExist := []string{"argocd-redis-ha-server", "argocd-application-controller"} @@ -107,9 +107,9 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } statefulSet := &appsv1.StatefulSet{ObjectMeta: metav1.ObjectMeta{Name: ss, Namespace: ns.Name}} - Eventually(statefulSet).Should(k8sFixture.ExistByName()) - Eventually(statefulSet).Should(statefulsetFixture.HaveReplicas(replicas)) - Eventually(statefulSet).Should(statefulsetFixture.HaveReadyReplicas(replicas)) + Eventually(statefulSet, "2m", "5s").Should(k8sFixture.ExistByName(), "StatefulSet "+ss+" did not exist within timeout") + Eventually(statefulSet, "3m", "5s").Should(statefulsetFixture.HaveReplicas(replicas), "StatefulSet "+ss+" did not have correct replicas within timeout") + Eventually(statefulSet, "6m", "10s").Should(statefulsetFixture.HaveReadyReplicas(replicas), "StatefulSet "+ss+" did not have ready replicas within timeout") } } @@ -191,14 +191,14 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } repoServerDepl := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "argocd-repo-server", Namespace: ns.Name}} - Eventually(repoServerDepl).Should(k8sFixture.ExistByName()) + Eventually(repoServerDepl, "2m", "5s").Should(k8sFixture.ExistByName(), "Repo server deployment did not exist within timeout") By("expecting repo-server to have desired container process command/arguments") Expect(repoServerDepl).To(deplFixture.HaveContainerCommandSubstring("uid_entrypoint.sh argocd-repo-server --redis argocd-redis-ha-haproxy."+ns.Name+".svc.cluster.local:6379 --redis-use-tls --redis-ca-certificate /app/config/reposerver/tls/redis/tls.crt --loglevel info --logformat text", 0), "TLS .spec.template.spec.containers.command for argocd-repo-server deployment is wrong") argocdServerDepl := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "argocd-server", Namespace: ns.Name}} - Eventually(argocdServerDepl).Should(k8sFixture.ExistByName()) + Eventually(argocdServerDepl, "2m", "5s").Should(k8sFixture.ExistByName(), "ArgoCD server deployment did not exist within timeout") By("expecting argocd-server to have desired container process command/arguments") Expect(argocdServerDepl).To(deplFixture.HaveContainerCommandSubstring("argocd-server --staticassets /shared/app --dex-server https://argocd-dex-server."+ns.Name+".svc.cluster.local:5556 --repo-server argocd-repo-server."+ns.Name+".svc.cluster.local:8081 --redis argocd-redis-ha-haproxy."+ns.Name+".svc.cluster.local:6379 --redis-use-tls --redis-ca-certificate /app/config/server/tls/redis/tls.crt --loglevel info --logformat text", 0), @@ -206,7 +206,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { By("expecting application-controller to have desired container process command/arguments") applicationControllerSS := &appsv1.StatefulSet{ObjectMeta: metav1.ObjectMeta{Name: "argocd-application-controller", Namespace: ns.Name}} - Eventually(applicationControllerSS).Should(k8sFixture.ExistByName()) + Eventually(applicationControllerSS, "2m", "5s").Should(k8sFixture.ExistByName(), "Application controller StatefulSet did not exist within timeout") Expect(applicationControllerSS).To(statefulsetFixture.HaveContainerCommandSubstring("argocd-application-controller --operation-processors 10 --redis argocd-redis-ha-haproxy."+ns.Name+".svc.cluster.local:6379 --redis-use-tls --redis-ca-certificate /app/config/controller/tls/redis/tls.crt --repo-server argocd-repo-server."+ns.Name+".svc.cluster.local:8081 --status-processors 20 --kubectl-parallelism-limit 10 --loglevel info --logformat text", 0), "TLS .spec.template.spec.containers.command for argocd-application-controller statefulsets is wrong") diff --git a/test/openshift/e2e/ginkgo/parallel/1-083_validate_kustomize_namereference_test.go b/test/openshift/e2e/ginkgo/parallel/1-083_validate_kustomize_namereference_test.go index 615edb6f378..a1b136d4aab 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-083_validate_kustomize_namereference_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-083_validate_kustomize_namereference_test.go @@ -104,9 +104,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { By("verifying that the ConfigMap is generated by Kustomize, within Argo CD, and deployed to the Namespace") configMap := &corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "gitops-configmap", Namespace: ns.Name}} - Eventually(configMap, "4m", "5s").Should(k8sFixture.ExistByName()) - - Expect(configMap.Annotations["foo"]).To(Equal("gitops-configmap")) + Eventually(configMap, "8m", "10s").Should(k8sFixture.ExistByName(), "ConfigMap did not exist within timeout") }) }) diff --git a/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go b/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go new file mode 100644 index 00000000000..fbe37cce099 --- /dev/null +++ b/test/openshift/e2e/ginkgo/parallel/1-121_validate_image_updater_test.go @@ -0,0 +1,213 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package parallel + +import ( + "context" + "strings" + + appv1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" + "github.com/argoproj/gitops-engine/pkg/health" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + imageUpdaterApi "github.com/argoproj-labs/argocd-image-updater/api/v1alpha1" + + argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1" + "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" + applicationFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/application" + argocdFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/argocd" + deplFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/deployment" + k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" + osFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/os" + ssFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/statefulset" + fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" +) + +var _ = Describe("GitOps Operator Parallel E2E Tests", func() { + + Context("1-121_validate_image_updater_test", func() { + + var ( + k8sClient client.Client + ctx context.Context + ns *corev1.Namespace + cleanupFunc func() + imageUpdater *imageUpdaterApi.ImageUpdater + ) + + BeforeEach(func() { + fixture.EnsureParallelCleanSlate() + + k8sClient, _ = fixtureUtils.GetE2ETestKubeClient() + ctx = context.Background() + }) + + AfterEach(func() { + if imageUpdater != nil { + By("deleting ImageUpdater CR") + Expect(k8sClient.Delete(ctx, imageUpdater)).To(Succeed()) + Eventually(imageUpdater).Should(k8sFixture.NotExistByName()) + } + + if cleanupFunc != nil { + cleanupFunc() + } + + fixture.OutputDebugOnFail(ns) + + }) + + It("ensures that Image Updater will update Argo CD Application to the latest image", func() { + + By("creating simple namespace-scoped Argo CD instance with image updater enabled") + ns, cleanupFunc = fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() + + By("ensuring default service account has anyuid SCC permission") + serviceAccountUser := "system:serviceaccount:" + ns.Name + ":default" + output, err := osFixture.ExecCommand("oc", "auth", "can-i", "use", "scc/anyuid", "--as", serviceAccountUser) + hasPermission := false + if err == nil && len(output) > 0 { + // Check if the service account user is already in the users list + // Remove quotes and whitespace for comparison + output = strings.TrimSpace(strings.Trim(output, "'\"")) + if strings.Contains(output, serviceAccountUser) { + hasPermission = true + } + } + if !hasPermission { + _, err := osFixture.ExecCommand("oc", "adm", "policy", "add-scc-to-user", "anyuid", "-z", "default", "-n", ns.Name) + Expect(err).NotTo(HaveOccurred(), "Failed to add anyuid SCC to default service account") + } + + argoCD := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{Name: "argocd", Namespace: ns.Name}, + Spec: argov1beta1api.ArgoCDSpec{ + ImageUpdater: argov1beta1api.ArgoCDImageUpdaterSpec{ + Env: []corev1.EnvVar{ + { + Name: "IMAGE_UPDATER_LOGLEVEL", + Value: "trace", + }, + }, + Enabled: true}, + }, + } + Expect(k8sClient.Create(ctx, argoCD)).To(Succeed()) + + By("waiting for ArgoCD CR to be reconciled and the instance to be ready") + Eventually(argoCD, "5m", "5s").Should(argocdFixture.BeAvailable()) + Eventually(argoCD, "5m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying all workloads are started") + deploymentsShouldExist := []string{"argocd-redis", "argocd-server", "argocd-repo-server", "argocd-argocd-image-updater-controller"} + for _, deplName := range deploymentsShouldExist { + depl := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: deplName, Namespace: ns.Name}} + Eventually(depl, "2m", "5s").Should(k8sFixture.ExistByName(), "Deployment "+deplName+" did not exist within timeout") + Eventually(depl, "2m", "5s").Should(deplFixture.HaveReplicas(1), "Deployment "+deplName+" did not have correct replicas within timeout") + Eventually(depl, "3m", "5s").Should(deplFixture.HaveReadyReplicas(1), "Deployment "+deplName+" was not ready within timeout") + } + + statefulSet := &appsv1.StatefulSet{ObjectMeta: metav1.ObjectMeta{Name: "argocd-application-controller", Namespace: ns.Name}} + Eventually(statefulSet).Should(k8sFixture.ExistByName()) + Eventually(statefulSet).Should(ssFixture.HaveReplicas(1)) + Eventually(statefulSet, "3m", "5s").Should(ssFixture.HaveReadyReplicas(1)) + Eventually(statefulSet).Should(k8sFixture.ExistByName()) + Eventually(statefulSet).Should(ssFixture.HaveReplicas(1)) + Eventually(statefulSet, "3m", "5s").Should(ssFixture.HaveReadyReplicas(1)) + + By("creating Application") + app := &appv1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Name: "app-01", + Namespace: ns.Name, + }, + Spec: appv1alpha1.ApplicationSpec{ + Project: "default", + Source: &appv1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj-labs/argocd-image-updater/", + Path: "test/e2e/testdata/005-public-guestbook", + TargetRevision: "HEAD", + }, + Destination: appv1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: ns.Name, + }, + SyncPolicy: &appv1alpha1.SyncPolicy{Automated: &appv1alpha1.SyncPolicyAutomated{}}, + }, + } + Expect(k8sClient.Create(ctx, app)).To(Succeed()) + + By("verifying deploying the Application succeeded") + Eventually(app, "8m", "10s").Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy), "Application did not reach healthy status within timeout") + Eventually(app, "8m", "10s").Should(applicationFixture.HaveSyncStatusCode(appv1alpha1.SyncStatusCodeSynced), "Application did not sync within timeout") + + By("creating ImageUpdater CR") + updateStrategy := "semver" + namespace := ns.Name + imageUpdater = &imageUpdaterApi.ImageUpdater{ + ObjectMeta: metav1.ObjectMeta{ + Name: "image-updater", + Namespace: ns.Name, + }, + Spec: imageUpdaterApi.ImageUpdaterSpec{ + Namespace: &namespace, + ApplicationRefs: []imageUpdaterApi.ApplicationRef{ + { + NamePattern: "app*", + Images: []imageUpdaterApi.ImageConfig{ + { + Alias: "guestbook", + ImageName: "quay.io/dkarpele/my-guestbook:~29437546.0", + CommonUpdateSettings: &imageUpdaterApi.CommonUpdateSettings{ + UpdateStrategy: &updateStrategy, + }, + }, + }, + }, + }, + }, + } + Expect(k8sClient.Create(ctx, imageUpdater)).To(Succeed()) + + By("ensuring that the Application image has `29437546.0` version after update") + Eventually(func() string { + err := k8sClient.Get(ctx, client.ObjectKeyFromObject(app), app) + + if err != nil { + GinkgoWriter.Printf("Error getting Application: %v\n", err) + return "" // Let Eventually retry on error + } + + // Nil-safe check: The Kustomize block is only added by the Image Updater after its first run. + // We must check that it and its Images field exist before trying to access them. + if app.Spec.Source.Kustomize != nil && len(app.Spec.Source.Kustomize.Images) > 0 { + imageStr := string(app.Spec.Source.Kustomize.Images[0]) + GinkgoWriter.Printf("Found Kustomize image: %s\n", imageStr) + return imageStr + } + + // Return an empty string to signify the condition is not yet met. + return "" + }, "10m", "10s").Should(Equal("quay.io/dkarpele/my-guestbook:29437546.0"), "Image Updater did not update the Application image within timeout") + }) + }) +}) diff --git a/test/openshift/e2e/ginkgo/sequential/1-008_validate-4.9CI-Failures_test.go b/test/openshift/e2e/ginkgo/sequential/1-008_validate-4.9CI-Failures_test.go index 9bae182b1db..eb9997de27a 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-008_validate-4.9CI-Failures_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-008_validate-4.9CI-Failures_test.go @@ -167,8 +167,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Expect(k8sClient.Create(ctx, app)).To(Succeed()) By("verifying Argo CD in source-ns is able to deploy to managed namespace target-ns") - Eventually(app, "4m", "5s").Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy)) - Eventually(app, "4m", "5s").Should(applicationFixture.HaveSyncStatusCode(argocdv1alpha1.SyncStatusCodeSynced)) + Eventually(app, "8m", "10s").Should(applicationFixture.HaveHealthStatusCode(health.HealthStatusHealthy), "Application did not reach healthy status within timeout") + Eventually(app, "8m", "10s").Should(applicationFixture.HaveSyncStatusCode(argocdv1alpha1.SyncStatusCodeSynced), "Application did not sync within timeout") }) diff --git a/test/openshift/e2e/ginkgo/sequential/1-037_validate_applicationset_in_any_namespace_test.go b/test/openshift/e2e/ginkgo/sequential/1-037_validate_applicationset_in_any_namespace_test.go index 46f876cb0ad..3847fbec388 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-037_validate_applicationset_in_any_namespace_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-037_validate_applicationset_in_any_namespace_test.go @@ -95,11 +95,11 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: argoCD.Namespace, }, } - Eventually(appsetDeployment).Should(k8sFixture.ExistByName()) + Eventually(appsetDeployment, "2m", "5s").Should(k8sFixture.ExistByName()) Expect(appsetDeployment).ShouldNot(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces", 0)) Eventually(argoCD, "5m", "5s").Should(argocdFixture.BeAvailable()) - Eventually(argoCD).Should(argocdFixture.HaveApplicationSetControllerStatus("Running")) + Eventually(argoCD, "3m", "5s").Should(argocdFixture.HaveApplicationSetControllerStatus("Running")) // Verifies that the role/rolebindings in the specified namespace are not managed by application controller or appset, in the given namespace expectRoleAndRoleBindingAndNamespaceToNotBeManaged := func(names []string, namespaceName string) { @@ -115,8 +115,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: namespaceName, }, } - Eventually(role).Should(k8sFixture.NotExistByName()) - Consistently(role).Should(k8sFixture.NotExistByName()) + Eventually(role, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(role, "10s", "1s").Should(k8sFixture.NotExistByName()) roleBinding := &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ @@ -124,8 +124,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: namespaceName, }, } - Eventually(roleBinding).Should(k8sFixture.NotExistByName()) - Consistently(roleBinding).Should(k8sFixture.NotExistByName()) + Eventually(roleBinding, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(roleBinding, "10s", "1s").Should(k8sFixture.NotExistByName()) } @@ -136,8 +136,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { } By("verifying that namespace" + namespaceName + " does not have label 'argocd.argoproj.io/applicationset-managed-by-cluster-argocd': 'appset-argocd'") - Eventually(nsToCheck).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) - Consistently(nsToCheck).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Eventually(nsToCheck, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Consistently(nsToCheck, "10s", "1s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) } @@ -168,8 +168,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: argoCD.Namespace, }, } - Eventually(appsetDeployment).Should(k8sFixture.ExistByName()) - Eventually(appsetDeployment).ShouldNot(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces", 0)) + Eventually(appsetDeployment, "2m", "5s").Should(k8sFixture.ExistByName()) + Eventually(appsetDeployment, "2m", "5s").ShouldNot(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces", 0)) expectRoleAndRoleBindingAndNamespaceToNotBeManaged([]string{"example_appset-old-ns", "example-appset-argocd-applicationset"}, appset_old_nsNS.Name) @@ -216,16 +216,16 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }) By("verifying appset namespaces parameter exists, and it points to only the namespace specified in .spec.sourceNamespaces") - Eventually(appsetDeployment).Should(k8sFixture.ExistByName()) - Eventually(appsetDeployment).Should(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces appset-new-ns", 0)) + Eventually(appsetDeployment, "2m", "5s").Should(k8sFixture.ExistByName()) + Eventually(appsetDeployment, "2m", "5s").Should(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces appset-new-ns", 0)) By("verifying that Role in appset-new-ns has expected RBAC permissions: ability to modify applications, batch, and applicationsets") example_appset_new_nsRole := &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{Name: "example_appset-new-ns", Namespace: appset_new_nsNS.Name}, } - Eventually(example_appset_new_nsRole).Should(k8sFixture.ExistByName()) + Eventually(example_appset_new_nsRole, "2m", "5s").Should(k8sFixture.ExistByName()) - Eventually(example_appset_new_nsRole).Should(roleFixture.HaveRules([]rbacv1.PolicyRule{ + Eventually(example_appset_new_nsRole, "2m", "5s").Should(roleFixture.HaveRules([]rbacv1.PolicyRule{ { APIGroups: []string{"argoproj.io"}, Resources: []string{"applications"}, @@ -261,7 +261,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: appset_new_nsNS.Name, }, } - Eventually(example_appset_new_nsRoleBinding).Should(k8sFixture.ExistByName()) + Eventually(example_appset_new_nsRoleBinding, "2m", "5s").Should(k8sFixture.ExistByName()) Expect(example_appset_new_nsRoleBinding.RoleRef).To(Equal(rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", @@ -287,7 +287,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: "appset-new-ns", }, } - Eventually(example_appset_argocd_applicationsetRole).Should(k8sFixture.ExistByName()) + Eventually(example_appset_argocd_applicationsetRole, "2m", "5s").Should(k8sFixture.ExistByName()) example_appset_argocd_applicationsetRoleBinding := &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ @@ -295,13 +295,13 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: "appset-new-ns", }, } - Eventually(example_appset_argocd_applicationsetRoleBinding).Should(k8sFixture.ExistByName()) + Eventually(example_appset_argocd_applicationsetRoleBinding, "2m", "5s").Should(k8sFixture.ExistByName()) By("verifying appset-new-ns namespace is managed as both a source namespace and an application set source namespace") - Eventually(appset_new_nsNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_new_nsNS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) - Eventually(appset_new_nsNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_new_nsNS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) expectRoleAndRoleBindingAndNamespaceToNotBeManaged([]string{"example_appset-old-ns", "example-appset-argocd-applicationset"}, appset_old_nsNS.Name) @@ -327,8 +327,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { } }) - Eventually(appsetDeployment).Should(k8sFixture.ExistByName()) - Eventually(appsetDeployment).Should(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces appset-new-ns,appset-old-ns", 0)) + Eventually(appsetDeployment, "2m", "5s").Should(k8sFixture.ExistByName()) + Eventually(appsetDeployment, "2m", "5s").Should(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces appset-new-ns,appset-old-ns", 0)) By("verifying that appset-old-ns gains Role/RoleBindings similar to appset-new-ns") example_appset_old_nsRole := &rbacv1.Role{ @@ -338,7 +338,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }, } - Eventually(example_appset_old_nsRole).Should(roleFixture.HaveRules([]rbacv1.PolicyRule{ + Eventually(example_appset_old_nsRole, "2m", "5s").Should(roleFixture.HaveRules([]rbacv1.PolicyRule{ { APIGroups: []string{"argoproj.io"}, Resources: []string{"applications"}, @@ -376,7 +376,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }, } - Eventually(example_appset_old_nsRoleBinding).Should(k8sFixture.ExistByName()) + Eventually(example_appset_old_nsRoleBinding, "2m", "5s").Should(k8sFixture.ExistByName()) Expect(example_appset_old_nsRoleBinding.RoleRef).To(Equal(rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", @@ -402,7 +402,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: "appset-old-ns", }, } - Eventually(oldExample_appset_argocd_applicationsetRole).Should(k8sFixture.ExistByName()) + Eventually(oldExample_appset_argocd_applicationsetRole, "2m", "5s").Should(k8sFixture.ExistByName()) oldExample_appset_argocd_applicationsetRoleBinding := &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ @@ -410,14 +410,14 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: "appset-old-ns", }, } - Eventually(oldExample_appset_argocd_applicationsetRoleBinding).Should(k8sFixture.ExistByName()) + Eventually(oldExample_appset_argocd_applicationsetRoleBinding, "2m", "5s").Should(k8sFixture.ExistByName()) - Eventually(appset_old_nsNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) - Consistently(appset_old_nsNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_old_nsNS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Consistently(appset_old_nsNS, "10s", "1s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) - Eventually(example_appset_new_nsRole).Should(k8sFixture.ExistByName()) + Eventually(example_appset_new_nsRole, "2m", "5s").Should(k8sFixture.ExistByName()) - Eventually(example_appset_new_nsRole).Should(roleFixture.HaveRules([]rbacv1.PolicyRule{ + Eventually(example_appset_new_nsRole, "2m", "5s").Should(roleFixture.HaveRules([]rbacv1.PolicyRule{ { APIGroups: []string{"argoproj.io"}, Resources: []string{"applications"}, @@ -448,7 +448,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }, })) - Eventually(example_appset_new_nsRoleBinding).Should(k8sFixture.ExistByName()) + Eventually(example_appset_new_nsRoleBinding, "2m", "5s").Should(k8sFixture.ExistByName()) Expect(example_appset_new_nsRoleBinding.RoleRef).To(Equal(rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "Role", @@ -467,12 +467,12 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }, })) - Eventually(example_appset_argocd_applicationsetRole).Should(k8sFixture.ExistByName()) - Consistently(example_appset_argocd_applicationsetRole).Should(k8sFixture.ExistByName()) + Eventually(example_appset_argocd_applicationsetRole, "2m", "5s").Should(k8sFixture.ExistByName()) + Consistently(example_appset_argocd_applicationsetRole, "10s", "1s").Should(k8sFixture.ExistByName()) - Eventually(appset_new_nsNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_new_nsNS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) - Eventually(appset_new_nsNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_new_nsNS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) /// ------------- @@ -497,8 +497,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }) By("verifying that applicationsets has been removed from Role") - Eventually(example_appset_new_nsRole).Should(k8sFixture.ExistByName()) - Eventually(example_appset_new_nsRole).Should(roleFixture.HaveRules([]rbacv1.PolicyRule{ + Eventually(example_appset_new_nsRole, "2m", "5s").Should(k8sFixture.ExistByName()) + Eventually(example_appset_new_nsRole, "2m", "5s").Should(roleFixture.HaveRules([]rbacv1.PolicyRule{ { APIGroups: []string{"argoproj.io"}, Resources: []string{"applications"}, @@ -515,7 +515,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { })) By("verifying RoleBinding still has expected role and subjects") - Eventually(example_appset_new_nsRoleBinding).Should(k8sFixture.ExistByName()) + Eventually(example_appset_new_nsRoleBinding, "2m", "5s").Should(k8sFixture.ExistByName()) Expect(example_appset_new_nsRoleBinding.RoleRef).To(Equal(rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "Role", @@ -535,18 +535,18 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { })) By("verifying appset-new-ns namespace should still be managed-by-cluster-argocd") - Eventually(appset_new_nsNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_new_nsNS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) By("verifying appset-new-ns applicationset role/binding no longer exists in the namespace") - Eventually(example_appset_argocd_applicationsetRole).Should(k8sFixture.NotExistByName()) - Consistently(example_appset_argocd_applicationsetRole).Should(k8sFixture.NotExistByName()) + Eventually(example_appset_argocd_applicationsetRole, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(example_appset_argocd_applicationsetRole, "10s", "1s").Should(k8sFixture.NotExistByName()) - Eventually(example_appset_argocd_applicationsetRoleBinding).Should(k8sFixture.NotExistByName()) - Consistently(example_appset_argocd_applicationsetRoleBinding).Should(k8sFixture.NotExistByName()) + Eventually(example_appset_argocd_applicationsetRoleBinding, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(example_appset_argocd_applicationsetRoleBinding, "10s", "1s").Should(k8sFixture.NotExistByName()) By("verifying appset-new-ns applicationset is not applicationset-managed-by Argo CD instance") - Eventually(appset_new_nsNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) - Consistently(appset_new_nsNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_new_nsNS, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Consistently(appset_new_nsNS, "10s", "1s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) // --- @@ -566,30 +566,30 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }) By("verifying role/rolebinding no longer exists in any namespace") - Eventually(example_appset_new_nsRole).Should(k8sFixture.NotExistByName()) - Consistently(example_appset_new_nsRole).Should(k8sFixture.NotExistByName()) - Eventually(example_appset_new_nsRoleBinding).Should(k8sFixture.NotExistByName()) - Consistently(example_appset_new_nsRoleBinding).Should(k8sFixture.NotExistByName()) + Eventually(example_appset_new_nsRole, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(example_appset_new_nsRole, "10s", "1s").Should(k8sFixture.NotExistByName()) + Eventually(example_appset_new_nsRoleBinding, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(example_appset_new_nsRoleBinding, "10s", "1s").Should(k8sFixture.NotExistByName()) - Eventually(example_appset_old_nsRole).Should(k8sFixture.NotExistByName()) - Consistently(example_appset_old_nsRole).Should(k8sFixture.NotExistByName()) - Eventually(example_appset_old_nsRoleBinding).Should(k8sFixture.NotExistByName()) - Consistently(example_appset_old_nsRoleBinding).Should(k8sFixture.NotExistByName()) + Eventually(example_appset_old_nsRole, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(example_appset_old_nsRole, "10s", "1s").Should(k8sFixture.NotExistByName()) + Eventually(example_appset_old_nsRoleBinding, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(example_appset_old_nsRoleBinding, "10s", "1s").Should(k8sFixture.NotExistByName()) - Eventually(oldExample_appset_argocd_applicationsetRole).Should(k8sFixture.NotExistByName()) - Consistently(oldExample_appset_argocd_applicationsetRole).Should(k8sFixture.NotExistByName()) - Eventually(oldExample_appset_argocd_applicationsetRoleBinding).Should(k8sFixture.NotExistByName()) - Consistently(oldExample_appset_argocd_applicationsetRoleBinding).Should(k8sFixture.NotExistByName()) + Eventually(oldExample_appset_argocd_applicationsetRole, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(oldExample_appset_argocd_applicationsetRole, "10s", "1s").Should(k8sFixture.NotExistByName()) + Eventually(oldExample_appset_argocd_applicationsetRoleBinding, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(oldExample_appset_argocd_applicationsetRoleBinding, "10s", "1s").Should(k8sFixture.NotExistByName()) By("verifying applicationset-managed-by and managed-by are not set on any namespace") - Eventually(appset_old_nsNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) - Consistently(appset_old_nsNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_old_nsNS, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) + Consistently(appset_old_nsNS, "10s", "1s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", "appset-argocd")) - Eventually(appset_old_nsNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) - Consistently(appset_old_nsNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_old_nsNS, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) + Consistently(appset_old_nsNS, "10s", "1s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) - Eventually(appset_new_nsNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) - Consistently(appset_new_nsNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) + Eventually(appset_new_nsNS, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) + Consistently(appset_new_nsNS, "10s", "1s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "appset-argocd")) }) @@ -616,7 +616,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }, } Expect(k8sClient.Create(ctx, argoCD)).To(Succeed()) - Eventually(argoCD).Should(argocdFixture.HaveApplicationSetControllerStatus("Running")) + Eventually(argoCD, "3m", "5s").Should(argocdFixture.HaveApplicationSetControllerStatus("Running")) By("verifying that the appset deplomyent does not contain 'applications in any namespace' parameter") appsetDeployment := &appsv1.Deployment{ @@ -625,7 +625,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: argoCD.Namespace, }, } - Eventually(appsetDeployment).Should(k8sFixture.ExistByName()) + Eventually(appsetDeployment, "2m", "5s").Should(k8sFixture.ExistByName()) Expect(appsetDeployment).ShouldNot(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces", 0)) By("first verify that the ClusterRole was not automatically created for the Argo CD instance") @@ -635,11 +635,11 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Annotations: common.DefaultAnnotations(argoCD.Name, argoCD.Namespace), }, } - Consistently(clusterRole).Should(k8sFixture.NotExistByName()) + Consistently(clusterRole, "10s", "1s").Should(k8sFixture.NotExistByName()) By("creating ClusterRole and then ensuring it is automatically cleaned up") Expect(k8sClient.Create(ctx, clusterRole)).To(Succeed()) - Eventually(clusterRole).ShouldNot(k8sFixture.ExistByName()) + Eventually(clusterRole, "2m", "5s").ShouldNot(k8sFixture.ExistByName()) By("first verify that ClusterRoleBinding was not automatically created for the Argo CD instance") clusterRoleBinding := &rbacv1.ClusterRoleBinding{ @@ -660,10 +660,10 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Name: clusterRole.Name, }, } - Consistently(clusterRoleBinding).Should(k8sFixture.NotExistByName()) + Consistently(clusterRoleBinding, "10s", "1s").Should(k8sFixture.NotExistByName()) By("creating ClusterRoleBinding and then ensuring it is automatically cleaned up") Expect(k8sClient.Create(ctx, clusterRoleBinding)).To(Succeed()) - Eventually(clusterRoleBinding).ShouldNot(k8sFixture.ExistByName()) + Eventually(clusterRoleBinding, "2m", "5s").ShouldNot(k8sFixture.ExistByName()) By("first verifying that Role does not exist in namespace specified in appset sourceNamespaces field") roleInTargetNS := &rbacv1.Role{ @@ -672,10 +672,10 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: targetNS.Name, }, } - Consistently(roleInTargetNS).Should(k8sFixture.NotExistByName()) + Consistently(roleInTargetNS, "10s", "1s").Should(k8sFixture.NotExistByName()) By("creating Role in source NS and verifying it is not cleaned up (yet)") Expect(k8sClient.Create(ctx, roleInTargetNS)).To(Succeed()) - Consistently(roleInTargetNS).Should(k8sFixture.ExistByName()) + Consistently(roleInTargetNS, "10s", "1s").Should(k8sFixture.ExistByName()) By("verifying that there exist no rolebindings that point to the namespace-scoped argocd instance namespace") Consistently(func() bool { @@ -715,10 +715,10 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Name: roleInTargetNS.Name, }, } - Consistently(roleBindingInTargetNS).Should(k8sFixture.NotExistByName()) + Consistently(roleBindingInTargetNS, "10s", "1s").Should(k8sFixture.NotExistByName()) By("creating RoleBinding in source NS and verifying it is not cleaned up (yet)") Expect(k8sClient.Create(ctx, roleBindingInTargetNS)).To(Succeed()) - Consistently(roleBindingInTargetNS).Should(k8sFixture.ExistByName()) + Consistently(roleBindingInTargetNS, "10s", "1s").Should(k8sFixture.ExistByName()) By("adding ArgoCDApplicationSetManagedByClusterArgoCDLabel label to target NS") namespaceFixture.Update(targetNS, func(n *corev1.Namespace) { @@ -729,11 +729,11 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }) By("verifying the label is automatically removed") - Eventually(targetNS).Should(k8sFixture.NotHaveLabelWithValue(common.ArgoCDApplicationSetManagedByClusterArgoCDLabel, argoCD.Namespace)) + Eventually(targetNS, "2m", "5s").Should(k8sFixture.NotHaveLabelWithValue(common.ArgoCDApplicationSetManagedByClusterArgoCDLabel, argoCD.Namespace)) By("verifying that the roles/rolebindings we created in the previous steps are now automatically cleaned up, because the namespace had the ArgoCDApplicationSetManagedByClusterArgoCDLabel") - Eventually(roleBindingInTargetNS).Should(k8sFixture.NotExistByName()) - Eventually(roleInTargetNS).Should(k8sFixture.NotExistByName()) + Eventually(roleBindingInTargetNS, "2m", "5s").Should(k8sFixture.NotExistByName()) + Eventually(roleInTargetNS, "2m", "5s").Should(k8sFixture.NotExistByName()) }) It("verifies that wildcard patterns in .spec.applicationSet.sourceNamespaces correctly match and manage multiple namespaces", func() { @@ -786,7 +786,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Expect(k8sClient.Create(ctx, argoCD)).To(Succeed()) Eventually(argoCD, "5m", "5s").Should(argocdFixture.BeAvailable()) - Eventually(argoCD).Should(argocdFixture.HaveApplicationSetControllerStatus("Running")) + Eventually(argoCD, "3m", "5s").Should(argocdFixture.HaveApplicationSetControllerStatus("Running")) By("2) verifying that the appset deployment contains all matching namespaces in the command") appsetDeployment := &appsv1.Deployment{ @@ -795,10 +795,10 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: argoCD.Namespace, }, } - Eventually(appsetDeployment).Should(k8sFixture.ExistByName()) + Eventually(appsetDeployment, "2m", "5s").Should(k8sFixture.ExistByName()) // Verify that all team-* namespaces are included (order may vary) - Eventually(appsetDeployment).Should(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces", 0)) + Eventually(appsetDeployment, "2m", "5s").Should(deploymentFixture.HaveContainerCommandSubstring("--applicationset-namespaces", 0)) Eventually(func() bool { if err := k8sClient.Get(ctx, client.ObjectKeyFromObject(appsetDeployment), appsetDeployment); err != nil { return false @@ -816,7 +816,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { strings.Contains(cmdStr, "team-backend") } return false - }).Should(BeTrue()) + }, "3m", "5s").Should(BeTrue(), "Deployment command did not contain all expected team-* namespaces within timeout") By("3) verifying that Role and RoleBinding are created in all matching team-* namespaces") verifyAppSetResourcesInNamespace := func(namespaceName string) { @@ -826,7 +826,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: namespaceName, }, } - Eventually(appsetRole).Should(k8sFixture.ExistByName()) + Eventually(appsetRole, "2m", "5s").Should(k8sFixture.ExistByName()) appsetRoleBinding := &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ @@ -834,7 +834,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: namespaceName, }, } - Eventually(appsetRoleBinding).Should(k8sFixture.ExistByName()) + Eventually(appsetRoleBinding, "2m", "5s").Should(k8sFixture.ExistByName()) Expect(appsetRoleBinding.RoleRef).To(Equal(rbacv1.RoleRef{ APIGroup: "rbac.authorization.k8s.io", Kind: "Role", @@ -853,10 +853,10 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { verifyAppSetResourcesInNamespace(teamBackendNS.Name) By("4) verifying that namespace labels are set correctly for all matching namespaces") - Eventually(team1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) - Eventually(team2NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) - Eventually(teamFrontendNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) - Eventually(teamBackendNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Eventually(team1NS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Eventually(team2NS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Eventually(teamFrontendNS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Eventually(teamBackendNS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) By("5) verifying that non-matching namespace (other-ns) does NOT have appset resources") otherNSAppSetRole := &rbacv1.Role{ @@ -865,7 +865,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: otherNS.Name, }, } - Consistently(otherNSAppSetRole).Should(k8sFixture.NotExistByName()) + Consistently(otherNSAppSetRole, "10s", "1s").Should(k8sFixture.NotExistByName()) otherNSAppSetRoleBinding := &rbacv1.RoleBinding{ ObjectMeta: metav1.ObjectMeta{ @@ -873,9 +873,9 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: otherNS.Name, }, } - Consistently(otherNSAppSetRoleBinding).Should(k8sFixture.NotExistByName()) + Consistently(otherNSAppSetRoleBinding, "10s", "1s").Should(k8sFixture.NotExistByName()) - Consistently(otherNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Consistently(otherNS, "10s", "1s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) By("6) creating a new namespace that matches the pattern and verifying it gets resources automatically") team3NS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("team-3") @@ -893,7 +893,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }, "2m", "5s").Should(BeTrue()) verifyAppSetResourcesInNamespace(team3NS.Name) - Eventually(team3NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Eventually(team3NS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) By("7) updating ArgoCD to use a more specific pattern 'team-*' -> 'team-1' and verifying cleanup") argocdFixture.Update(argoCD, func(ac *v1beta1.ArgoCD) { @@ -917,7 +917,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: team1NS.Name, }, } - Eventually(team1AppSetRole).Should(k8sFixture.ExistByName()) + Eventually(team1AppSetRole, "2m", "5s").Should(k8sFixture.ExistByName()) By("9) verifying that other team-* namespaces have resources cleaned up") team2AppSetRole := &rbacv1.Role{ @@ -926,8 +926,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: team2NS.Name, }, } - Eventually(team2AppSetRole).Should(k8sFixture.NotExistByName()) - Consistently(team2AppSetRole).Should(k8sFixture.NotExistByName()) + Eventually(team2AppSetRole, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(team2AppSetRole, "10s", "1s").Should(k8sFixture.NotExistByName()) team3AppSetRole := &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ @@ -935,8 +935,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: team3NS.Name, }, } - Eventually(team3AppSetRole).Should(k8sFixture.NotExistByName()) - Consistently(team3AppSetRole).Should(k8sFixture.NotExistByName()) + Eventually(team3AppSetRole, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(team3AppSetRole, "10s", "1s").Should(k8sFixture.NotExistByName()) teamFrontendAppSetRole := &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ @@ -944,13 +944,13 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Namespace: teamFrontendNS.Name, }, } - Eventually(teamFrontendAppSetRole).Should(k8sFixture.NotExistByName()) - Consistently(teamFrontendAppSetRole).Should(k8sFixture.NotExistByName()) + Eventually(teamFrontendAppSetRole, "2m", "5s").Should(k8sFixture.NotExistByName()) + Consistently(teamFrontendAppSetRole, "10s", "1s").Should(k8sFixture.NotExistByName()) By("10) verifying that labels are removed from namespaces that no longer match") - Eventually(team2NS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) - Eventually(team3NS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) - Eventually(teamFrontendNS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Eventually(team2NS, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Eventually(team3NS, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) + Eventually(teamFrontendNS, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/applicationset-managed-by-cluster-argocd", appset_wildcard_argocdNS.Name)) By("11) verifying deployment command only includes team-1") Eventually(func() bool { @@ -969,7 +969,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { !strings.Contains(cmdStr, "team-frontend") } return false - }).Should(BeTrue()) + }, "3m", "5s").Should(BeTrue(), "Deployment command did not match expected pattern within timeout") }) diff --git a/test/openshift/e2e/ginkgo/sequential/1-058_validate_notifications_source_namespaces_test.go b/test/openshift/e2e/ginkgo/sequential/1-058_validate_notifications_source_namespaces_test.go new file mode 100644 index 00000000000..b9dcfba29bb --- /dev/null +++ b/test/openshift/e2e/ginkgo/sequential/1-058_validate_notifications_source_namespaces_test.go @@ -0,0 +1,636 @@ +/* +Copyright 2025. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package sequential + +import ( + "context" + "strings" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + appsv1 "k8s.io/api/apps/v1" + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + argov1alpha1api "github.com/argoproj-labs/argocd-operator/api/v1alpha1" + argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1" + "github.com/argoproj-labs/argocd-operator/common" + "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" + argocdFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/argocd" + k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" + namespaceFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/namespace" + fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" + + "sigs.k8s.io/controller-runtime/pkg/client" +) + +var _ = Describe("GitOps Operator Sequential E2E Tests", func() { + + Context("1-058_validate_notifications_source_namespaces", func() { + + var ( + k8sClient client.Client + ctx context.Context + ) + + BeforeEach(func() { + fixture.EnsureSequentialCleanSlate() + fixture.SetEnvInOperatorSubscriptionOrDeployment("ARGOCD_CLUSTER_CONFIG_NAMESPACES", "openshift-gitops, argocd-e2e-cluster-config") + k8sClient, _ = fixtureUtils.GetE2ETestKubeClient() + ctx = context.Background() + }) + + AfterEach(func() { + fixture.OutputDebugOnFail("not-argocd-ns") + }) + + It("ensures that NotificationsConfiguration, Role, and RoleBinding are created in source namespaces when notifications.sourceNamespaces is configured", func() { + + By("creating Argo CD instance namespace") + argocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("argocd-e2e-cluster-config") + defer cleanupFunc() + + By("creating source namespaces") + sourceNS1, cleanupFunc1 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-1") + defer cleanupFunc1() + + sourceNS2, cleanupFunc2 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-2") + defer cleanupFunc2() + + By("creating Argo CD instance with notifications enabled and sourceNamespaces configured") + argocd := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd", + Namespace: argocdNS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + SourceNamespaces: []string{sourceNS1.Name, sourceNS2.Name}, + Notifications: argov1beta1api.ArgoCDNotifications{ + Enabled: true, + SourceNamespaces: []string{sourceNS1.Name, sourceNS2.Name}, + }, + }, + } + Expect(k8sClient.Create(ctx, argocd)).To(Succeed()) + + By("waiting for Argo CD to be available") + Eventually(argocd, "5m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying notification controller is running") + Eventually(argocd, "4m", "5s").Should(argocdFixture.HaveNotificationControllerStatus("Running")) + + By("verifying NotificationsConfiguration CR is created in source namespace 1") + notifCfg1 := &argov1alpha1api.NotificationsConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-notifications-configuration", + Namespace: sourceNS1.Name, + }, + } + Eventually(notifCfg1).Should(k8sFixture.ExistByName()) + + By("verifying NotificationsConfiguration CR is created in source namespace 2") + notifCfg2 := &argov1alpha1api.NotificationsConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-notifications-configuration", + Namespace: sourceNS2.Name, + }, + } + Eventually(notifCfg2).Should(k8sFixture.ExistByName()) + + By("verifying Role is created in source namespace 1") + roleName1 := "example-argocd-" + argocdNS.Name + "-notifications" + role1 := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName1, + Namespace: sourceNS1.Name, + }, + } + Eventually(role1).Should(k8sFixture.ExistByName()) + + By("verifying RoleBinding is created in source namespace 1") + roleBinding1 := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName1, + Namespace: sourceNS1.Name, + }, + } + Eventually(roleBinding1).Should(k8sFixture.ExistByName()) + + By("verifying namespace 1 has the notifications-managed-by-cluster-argocd label") + Eventually(sourceNS1).Should(namespaceFixture.HaveLabel(common.ArgoCDNotificationsManagedByClusterArgoCDLabel, argocdNS.Name)) + + By("verifying namespace 2 has the notifications-managed-by-cluster-argocd label") + Eventually(sourceNS2).Should(namespaceFixture.HaveLabel(common.ArgoCDNotificationsManagedByClusterArgoCDLabel, argocdNS.Name)) + + By("verifying notifications controller deployment has --application-namespaces and --self-service-notification-enabled flags") + notifDepl := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-notifications-controller", + Namespace: argocdNS.Name, + }, + } + Eventually(func() bool { + err := k8sClient.Get(ctx, client.ObjectKeyFromObject(notifDepl), notifDepl) + if err != nil { + return false + } + if len(notifDepl.Spec.Template.Spec.Containers) == 0 { + return false + } + cmd := notifDepl.Spec.Template.Spec.Containers[0].Command + cmdStr := strings.Join(cmd, " ") + hasAppNamespaces := strings.Contains(cmdStr, "--application-namespaces") + hasSelfService := strings.Contains(cmdStr, "--self-service-notification-enabled") + hasBothNamespaces := strings.Contains(cmdStr, sourceNS1.Name) && strings.Contains(cmdStr, sourceNS2.Name) + return hasAppNamespaces && hasSelfService && hasBothNamespaces + }, "2m", "5s").Should(BeTrue()) + + By("verifying ClusterRole is created for notifications controller") + notifClusterRole := &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-" + argocdNS.Name + "-argocd-notifications-controller", + }, + } + Eventually(notifClusterRole).Should(k8sFixture.ExistByName()) + + By("verifying ClusterRoleBinding is created for notifications controller") + notifClusterRoleBinding := &rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-" + argocdNS.Name + "-argocd-notifications-controller", + }, + } + Eventually(notifClusterRoleBinding).Should(k8sFixture.ExistByName()) + + By("verifying ClusterRoleBinding references the correct ClusterRole and ServiceAccount") + Eventually(func() bool { + err := k8sClient.Get(ctx, client.ObjectKeyFromObject(notifClusterRoleBinding), notifClusterRoleBinding) + if err != nil { + return false + } + expectedRoleRef := rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "ClusterRole", + Name: notifClusterRole.Name, + } + expectedSubject := rbacv1.Subject{ + Kind: "ServiceAccount", + Name: "example-argocd-argocd-notifications-controller", + Namespace: argocdNS.Name, + } + return notifClusterRoleBinding.RoleRef == expectedRoleRef && + len(notifClusterRoleBinding.Subjects) == 1 && + notifClusterRoleBinding.Subjects[0] == expectedSubject + }, "2m", "5s").Should(BeTrue()) + + }) + + It("ensures that resources are not created when namespace is not in SourceNamespaces", func() { + + By("creating Argo CD instance namespace") + argocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("argocd-e2e-cluster-config") + defer cleanupFunc() + + By("creating source namespaces") + sourceNS1, cleanupFunc1 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-3") + defer cleanupFunc1() + + unmanagedNS, cleanupFunc2 := fixture.CreateNamespaceWithCleanupFunc("notif-unmanaged-ns") + defer cleanupFunc2() + + By("creating Argo CD instance with notifications enabled but only sourceNS1 in both SourceNamespaces and Notifications.SourceNamespaces") + argocd := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd", + Namespace: argocdNS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + SourceNamespaces: []string{sourceNS1.Name}, + Notifications: argov1beta1api.ArgoCDNotifications{ + Enabled: true, + SourceNamespaces: []string{sourceNS1.Name, unmanagedNS.Name}, + }, + }, + } + Expect(k8sClient.Create(ctx, argocd)).To(Succeed()) + + By("waiting for Argo CD to be available") + Eventually(argocd, "5m", "5s").Should(argocdFixture.BeAvailable()) + + fixture.OutputDebugOnFail(argocdNS.Name) + + By("verifying NotificationsConfiguration CR is created in sourceNS1") + notifCfg1 := &argov1alpha1api.NotificationsConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-notifications-configuration", + Namespace: sourceNS1.Name, + }, + } + Eventually(notifCfg1).Should(k8sFixture.ExistByName()) + + By("verifying NotificationsConfiguration CR is NOT created in unmanagedNS") + notifCfgUnmanaged := &argov1alpha1api.NotificationsConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-notifications-configuration", + Namespace: unmanagedNS.Name, + }, + } + Consistently(notifCfgUnmanaged).Should(k8sFixture.NotExistByName()) + + By("verifying Role is NOT created in unmanagedNS") + roleName := "example-argocd-" + argocdNS.Name + "-notifications" + roleUnmanaged := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: unmanagedNS.Name, + }, + } + Consistently(roleUnmanaged).Should(k8sFixture.NotExistByName()) + + By("verifying unmanagedNS does not have the notifications-managed-by-cluster-argocd label") + Consistently(unmanagedNS).ShouldNot(namespaceFixture.HaveLabel(common.ArgoCDNotificationsManagedByClusterArgoCDLabel, argocdNS.Name)) + + By("verifying notifications controller deployment command only includes sourceNS1") + notifDepl := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-notifications-controller", + Namespace: argocdNS.Name, + }, + } + Eventually(func() bool { + err := k8sClient.Get(ctx, client.ObjectKeyFromObject(notifDepl), notifDepl) + if err != nil { + return false + } + if len(notifDepl.Spec.Template.Spec.Containers) == 0 { + return false + } + cmd := notifDepl.Spec.Template.Spec.Containers[0].Command + cmdStr := strings.Join(cmd, " ") + hasSourceNS1 := strings.Contains(cmdStr, sourceNS1.Name) + hasUnmanagedNS := strings.Contains(cmdStr, unmanagedNS.Name) + return hasSourceNS1 && !hasUnmanagedNS + }, "2m", "5s").Should(BeTrue()) + + }) + + It("ensures that resources are cleaned up when sourceNamespaces are removed", func() { + + By("creating Argo CD instance namespace") + argocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("argocd-e2e-cluster-config") + defer cleanupFunc() + + By("creating source namespaces") + sourceNS1, cleanupFunc1 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-4") + defer cleanupFunc1() + + sourceNS2, cleanupFunc2 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-5") + defer cleanupFunc2() + + By("creating Argo CD instance with notifications enabled and both namespaces configured") + argocd := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd", + Namespace: argocdNS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + SourceNamespaces: []string{sourceNS1.Name, sourceNS2.Name}, + Notifications: argov1beta1api.ArgoCDNotifications{ + Enabled: true, + SourceNamespaces: []string{sourceNS1.Name, sourceNS2.Name}, + }, + }, + } + Expect(k8sClient.Create(ctx, argocd)).To(Succeed()) + + By("waiting for Argo CD to be available") + Eventually(argocd, "5m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying resources are created in both namespaces") + roleName := "example-argocd-" + argocdNS.Name + "-notifications" + notifCfg1 := &argov1alpha1api.NotificationsConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-notifications-configuration", + Namespace: sourceNS1.Name, + }, + } + Eventually(notifCfg1).Should(k8sFixture.ExistByName()) + + notifCfg2 := &argov1alpha1api.NotificationsConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-notifications-configuration", + Namespace: sourceNS2.Name, + }, + } + Eventually(notifCfg2).Should(k8sFixture.ExistByName()) + + role1 := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: sourceNS1.Name, + }, + } + Eventually(role1).Should(k8sFixture.ExistByName()) + + role2 := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: sourceNS2.Name, + }, + } + Eventually(role2).Should(k8sFixture.ExistByName()) + + By("removing sourceNS1 from Notifications.SourceNamespaces") + argocdFixture.Update(argocd, func(ac *argov1beta1api.ArgoCD) { + ac.Spec.Notifications.SourceNamespaces = []string{sourceNS2.Name} + }) + + By("waiting for Argo CD to reconcile") + Eventually(argocd, "2m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying resources are removed from sourceNS1") + Eventually(notifCfg1, "3m", "5s").Should(k8sFixture.NotExistByName()) + Eventually(role1, "3m", "5s").Should(k8sFixture.NotExistByName()) + + roleBinding1 := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: sourceNS1.Name, + }, + } + Eventually(roleBinding1, "3m", "5s").Should(k8sFixture.NotExistByName()) + + By("verifying sourceNS1 no longer has the notifications-managed-by-cluster-argocd label") + Eventually(sourceNS1, "2m", "5s").ShouldNot(namespaceFixture.HaveLabel(common.ArgoCDNotificationsManagedByClusterArgoCDLabel, argocdNS.Name)) + + By("verifying resources still exist in sourceNS2") + Consistently(notifCfg2).Should(k8sFixture.ExistByName()) + Consistently(role2).Should(k8sFixture.ExistByName()) + + roleBinding2 := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: sourceNS2.Name, + }, + } + Consistently(roleBinding2).Should(k8sFixture.ExistByName()) + + By("verifying sourceNS2 still has the notifications-managed-by-cluster-argocd label") + Consistently(sourceNS2).Should(namespaceFixture.HaveLabel(common.ArgoCDNotificationsManagedByClusterArgoCDLabel, argocdNS.Name)) + + }) + + It("ensures that resources are not created when notifications are disabled", func() { + + By("creating Argo CD instance namespace") + argocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("argocd-e2e-cluster-config") + defer cleanupFunc() + + By("creating source namespace") + sourceNS1, cleanupFunc1 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-6") + defer cleanupFunc1() + + By("creating Argo CD instance with notifications disabled but sourceNamespaces configured") + argocd := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd", + Namespace: argocdNS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + SourceNamespaces: []string{sourceNS1.Name}, + Notifications: argov1beta1api.ArgoCDNotifications{ + Enabled: false, + SourceNamespaces: []string{sourceNS1.Name}, + }, + }, + } + Expect(k8sClient.Create(ctx, argocd)).To(Succeed()) + + By("waiting for Argo CD to be available") + Eventually(argocd, "5m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying NotificationsConfiguration CR is NOT created in source namespace") + notifCfg := &argov1alpha1api.NotificationsConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-notifications-configuration", + Namespace: sourceNS1.Name, + }, + } + Consistently(notifCfg).Should(k8sFixture.NotExistByName()) + + By("verifying Role is NOT created in source namespace") + roleName := "example-argocd-" + argocdNS.Name + "-notifications" + role := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: sourceNS1.Name, + }, + } + Consistently(role).Should(k8sFixture.NotExistByName()) + + By("verifying ClusterRole is NOT created for notifications controller") + notifClusterRole := &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-" + argocdNS.Name + "-argocd-notifications-controller", + }, + } + Consistently(notifClusterRole).Should(k8sFixture.NotExistByName()) + + By("verifying ClusterRoleBinding is NOT created for notifications controller") + notifClusterRoleBinding := &rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-" + argocdNS.Name + "-argocd-notifications-controller", + }, + } + Consistently(notifClusterRoleBinding).Should(k8sFixture.NotExistByName()) + + By("verifying source namespace does not have the notifications-managed-by-cluster-argocd label") + Consistently(sourceNS1).ShouldNot(namespaceFixture.HaveLabel(common.ArgoCDNotificationsManagedByClusterArgoCDLabel, argocdNS.Name)) + + }) + + It("ensures that notifications controller deployment command is updated when sourceNamespaces change", func() { + + By("creating Argo CD instance namespace") + argocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("argocd-e2e-cluster-config") + defer cleanupFunc() + + By("creating source namespaces") + sourceNS1, cleanupFunc1 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-7") + defer cleanupFunc1() + + sourceNS2, cleanupFunc2 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-8") + defer cleanupFunc2() + + By("creating Argo CD instance with notifications enabled and only sourceNS1 configured") + argocd := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd", + Namespace: argocdNS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + SourceNamespaces: []string{sourceNS1.Name, sourceNS2.Name}, + Notifications: argov1beta1api.ArgoCDNotifications{ + Enabled: true, + SourceNamespaces: []string{sourceNS1.Name}, + }, + }, + } + Expect(k8sClient.Create(ctx, argocd)).To(Succeed()) + + By("waiting for Argo CD to be available") + Eventually(argocd, "5m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying notifications controller deployment command includes only sourceNS1") + notifDepl := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-notifications-controller", + Namespace: argocdNS.Name, + }, + } + Eventually(func() bool { + err := k8sClient.Get(ctx, client.ObjectKeyFromObject(notifDepl), notifDepl) + if err != nil { + return false + } + if len(notifDepl.Spec.Template.Spec.Containers) == 0 { + return false + } + cmd := notifDepl.Spec.Template.Spec.Containers[0].Command + cmdStr := strings.Join(cmd, " ") + hasSourceNS1 := strings.Contains(cmdStr, sourceNS1.Name) + hasSourceNS2 := strings.Contains(cmdStr, sourceNS2.Name) + return hasSourceNS1 && !hasSourceNS2 + }, "2m", "5s").Should(BeTrue()) + + By("adding sourceNS2 to Notifications.SourceNamespaces") + argocdFixture.Update(argocd, func(ac *argov1beta1api.ArgoCD) { + ac.Spec.Notifications.SourceNamespaces = []string{sourceNS1.Name, sourceNS2.Name} + }) + + By("waiting for Argo CD to reconcile") + Eventually(argocd, "2m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying notifications controller deployment command now includes both namespaces") + Eventually(func() bool { + err := k8sClient.Get(ctx, client.ObjectKeyFromObject(notifDepl), notifDepl) + if err != nil { + return false + } + if len(notifDepl.Spec.Template.Spec.Containers) == 0 { + return false + } + cmd := notifDepl.Spec.Template.Spec.Containers[0].Command + cmdStr := strings.Join(cmd, " ") + hasSourceNS1 := strings.Contains(cmdStr, sourceNS1.Name) + hasSourceNS2 := strings.Contains(cmdStr, sourceNS2.Name) + hasSelfService := strings.Contains(cmdStr, "--self-service-notification-enabled") + return hasSourceNS1 && hasSourceNS2 && hasSelfService + }, "2m", "5s").Should(BeTrue()) + + }) + + It("ensures that resources are created when notifications are enabled after being disabled", func() { + + By("creating Argo CD instance namespace") + argocdNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("argocd-e2e-cluster-config") + defer cleanupFunc() + + By("creating source namespace") + sourceNS1, cleanupFunc1 := fixture.CreateNamespaceWithCleanupFunc("notif-source-ns-9") + defer cleanupFunc1() + + By("creating Argo CD instance with notifications disabled") + argocd := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd", + Namespace: argocdNS.Name, + }, + Spec: argov1beta1api.ArgoCDSpec{ + SourceNamespaces: []string{sourceNS1.Name}, + Notifications: argov1beta1api.ArgoCDNotifications{ + Enabled: false, + SourceNamespaces: []string{sourceNS1.Name}, + }, + }, + } + Expect(k8sClient.Create(ctx, argocd)).To(Succeed()) + + By("waiting for Argo CD to be available") + Eventually(argocd, "5m", "5s").Should(argocdFixture.BeAvailable()) + + By("verifying resources are NOT created") + notifCfg := &argov1alpha1api.NotificationsConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-notifications-configuration", + Namespace: sourceNS1.Name, + }, + } + Consistently(notifCfg).Should(k8sFixture.NotExistByName()) + + By("enabling notifications") + argocdFixture.Update(argocd, func(ac *argov1beta1api.ArgoCD) { + ac.Spec.Notifications.Enabled = true + }) + + By("waiting for Argo CD to reconcile") + Eventually(argocd, "2m", "5s").Should(argocdFixture.BeAvailable()) + Eventually(argocd, "4m", "5s").Should(argocdFixture.HaveNotificationControllerStatus("Running")) + + By("verifying resources are now created") + Eventually(notifCfg, "3m", "5s").Should(k8sFixture.ExistByName()) + + roleName := "example-argocd-" + argocdNS.Name + "-notifications" + role := &rbacv1.Role{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: sourceNS1.Name, + }, + } + Eventually(role, "3m", "5s").Should(k8sFixture.ExistByName()) + + roleBinding := &rbacv1.RoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: roleName, + Namespace: sourceNS1.Name, + }, + } + Eventually(roleBinding, "3m", "5s").Should(k8sFixture.ExistByName()) + + By("verifying source namespace has the notifications-managed-by-cluster-argocd label") + Eventually(sourceNS1, "2m", "5s").Should(namespaceFixture.HaveLabel(common.ArgoCDNotificationsManagedByClusterArgoCDLabel, argocdNS.Name)) + + By("verifying ClusterRole is created for notifications controller") + notifClusterRole := &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-" + argocdNS.Name + "-argocd-notifications-controller", + }, + } + Eventually(notifClusterRole, "3m", "5s").Should(k8sFixture.ExistByName()) + + By("verifying ClusterRoleBinding is created for notifications controller") + notifClusterRoleBinding := &rbacv1.ClusterRoleBinding{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example-argocd-" + argocdNS.Name + "-argocd-notifications-controller", + }, + } + Eventually(notifClusterRoleBinding, "3m", "5s").Should(k8sFixture.ExistByName()) + + }) + + }) + +}) diff --git a/test/openshift/e2e/ginkgo/sequential/1-102_validate_handle_terminating_namespaces_test.go b/test/openshift/e2e/ginkgo/sequential/1-102_validate_handle_terminating_namespaces_test.go index 9418ebff4fe..f962fdc24fb 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-102_validate_handle_terminating_namespaces_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-102_validate_handle_terminating_namespaces_test.go @@ -147,7 +147,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { } return true - }).Should(BeTrue()) + }, "3m", "5s").Should(BeTrue(), "RoleBindings were not created in John namespace within timeout") By("creating a test Argo CD Application targeting john NS")