Add various functional options to ActionClientGetter constructor

Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
operator-framework · Sep 17, 2022 · b6678ec · b6678ec
1 parent 001e6c7
commit b6678ec
Show file tree

Hide file tree

Showing 2 changed files with 187 additions and 12 deletions.
diff --git a/pkg/client/actionconfig.go b/pkg/client/actionconfig.go
@@ -20,8 +20,6 @@ import (
 	"context"
 	"fmt"
 
-	"k8s.io/client-go/kubernetes"
-
 	"github.com/go-logr/logr"
 	"helm.sh/helm/v3/pkg/action"
 	"helm.sh/helm/v3/pkg/kube"
@@ -30,6 +28,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -39,7 +38,7 @@ type ActionConfigGetter interface {
 	ActionConfigFor(obj client.Object) (*action.Configuration, error)
 }
 
-func NewActionConfigGetter(cfg *rest.Config, rm meta.RESTMapper, log logr.Logger) (ActionConfigGetter, error) {
+func NewActionConfigGetter(cfg *rest.Config, rm meta.RESTMapper, log logr.Logger, opts ...ActionConfigGetterOption) (ActionConfigGetter, error) {
 	rcg := newRESTClientGetter(cfg, rm, "")
 	// Setup the debug log function that Helm will use
 	debugLog := func(format string, v ...interface{}) {
@@ -56,29 +55,78 @@ func NewActionConfigGetter(cfg *rest.Config, rm meta.RESTMapper, log logr.Logger
 		return nil, fmt.Errorf("creating kubernetes client set: %w", err)
 	}
 
-	return &actionConfigGetter{
+	acg := &actionConfigGetter{
 		kubeClient:       kc,
 		kubeClientSet:    kcs,
 		debugLog:         debugLog,
 		restClientGetter: rcg.restClientGetter,
-	}, nil
+	}
+	for _, o := range opts {
+		o(acg)
+	}
+	if acg.objectToClientNamespace == nil {
+		acg.objectToClientNamespace = getObjectNamespace
+	}
+	if acg.objectToStorageNamespace == nil {
+		acg.objectToStorageNamespace = getObjectNamespace
+	}
+	return acg, nil
 }
 
 var _ ActionConfigGetter = &actionConfigGetter{}
 
+type ActionConfigGetterOption func(getter *actionConfigGetter)
+
+type ObjectToStringMapper func(client.Object) (string, error)
+
+func ClientNamespaceMapper(m ObjectToStringMapper) ActionConfigGetterOption {
+	return func(getter *actionConfigGetter) {
+		getter.objectToClientNamespace = m
+	}
+}
+
+func StorageNamespaceMapper(m ObjectToStringMapper) ActionConfigGetterOption {
+	return func(getter *actionConfigGetter) {
+		getter.objectToStorageNamespace = m
+	}
+}
+
+func DisableStorageOwnerRefInjection(v bool) ActionConfigGetterOption {
+	return func(getter *actionConfigGetter) {
+		getter.disableStorageOwnerRefInjection = v
+	}
+}
+
+func getObjectNamespace(obj client.Object) (string, error) {
+	return obj.GetNamespace(), nil
+}
+
 type actionConfigGetter struct {
 	kubeClient       *kube.Client
 	kubeClientSet    kubernetes.Interface
 	debugLog         func(string, ...interface{})
 	restClientGetter *restClientGetter
+
+	objectToClientNamespace         ObjectToStringMapper
+	objectToStorageNamespace        ObjectToStringMapper
+	disableStorageOwnerRefInjection bool
 }
 
 func (acg *actionConfigGetter) ActionConfigFor(obj client.Object) (*action.Configuration, error) {
-	ownerRef := metav1.NewControllerRef(obj, obj.GetObjectKind().GroupVersionKind())
-	d := driver.NewSecrets(&ownerRefSecretClient{
-		SecretInterface: acg.kubeClientSet.CoreV1().Secrets(obj.GetNamespace()),
-		refs:            []metav1.OwnerReference{*ownerRef},
-	})
+	storageNs, err := acg.objectToStorageNamespace(obj)
+	if err != nil {
+		return nil, fmt.Errorf("get storage namespace from object: %v", err)
+	}
+
+	secretClient := acg.kubeClientSet.CoreV1().Secrets(storageNs)
+	if !acg.disableStorageOwnerRefInjection {
+		ownerRef := metav1.NewControllerRef(obj, obj.GetObjectKind().GroupVersionKind())
+		secretClient = &ownerRefSecretClient{
+			SecretInterface: secretClient,
+			refs:            []metav1.OwnerReference{*ownerRef},
+		}
+	}
+	d := driver.NewSecrets(secretClient)
 
 	// Also, use the debug log for the storage driver
 	d.Log = acg.debugLog
@@ -87,10 +135,13 @@ func (acg *actionConfigGetter) ActionConfigFor(obj client.Object) (*action.Confi
 	s := storage.Init(d)
 
 	kubeClient := *acg.kubeClient
-	kubeClient.Namespace = obj.GetNamespace()
+	kubeClient.Namespace, err = acg.objectToClientNamespace(obj)
+	if err != nil {
+		return nil, fmt.Errorf("get client namespace from object: %v", err)
+	}
 
 	return &action.Configuration{
-		RESTClientGetter: acg.restClientGetter.ForNamespace(obj.GetNamespace()),
+		RESTClientGetter: acg.restClientGetter.ForNamespace(kubeClient.Namespace),
 		Releases:         s,
 		KubeClient:       &kubeClient,
 		Log:              acg.debugLog,

diff --git a/pkg/client/actionconfig_test.go b/pkg/client/actionconfig_test.go
@@ -17,9 +17,21 @@ limitations under the License.
 package client
 
 import (
+	"bytes"
+	"context"
+	"fmt"
+
 	"github.com/go-logr/logr"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"helm.sh/helm/v3/pkg/action"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/rand"
+	"k8s.io/cli-runtime/pkg/resource"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 
@@ -28,11 +40,123 @@ import (
 
 var _ = Describe("ActionConfig", func() {
 	var _ = Describe("NewActionConfigGetter", func() {
+		var rm meta.RESTMapper
+
+		BeforeEach(func() {
+			var err error
+			rm, err = apiutil.NewDiscoveryRESTMapper(cfg)
+			Expect(err).To(BeNil())
+		})
+
 		It("should return a valid ActionConfigGetter", func() {
 			acg, err := NewActionConfigGetter(cfg, nil, logr.Discard())
 			Expect(err).ShouldNot(HaveOccurred())
 			Expect(acg).NotTo(BeNil())
 		})
+
+		When("passing options", func() {
+			var (
+				obj client.Object
+				cl  client.Client
+			)
+
+			BeforeEach(func() {
+				obj = testutil.BuildTestCR(gvk)
+
+				var err error
+				cl, err = client.New(cfg, client.Options{Scheme: clientgoscheme.Scheme})
+				Expect(err).To(BeNil())
+			})
+
+			It("should use a custom client namespace", func() {
+				clientNs := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("client-%s", rand.String(8))}}
+				clientNsMapper := func(_ client.Object) (string, error) { return clientNs.Name, nil }
+				acg, err := NewActionConfigGetter(cfg, rm, logr.Discard(),
+					ClientNamespaceMapper(clientNsMapper),
+				)
+				Expect(err).To(BeNil())
+				ac, err := acg.ActionConfigFor(obj)
+				Expect(err).To(BeNil())
+				Expect(ac.RESTClientGetter.(*namespacedRCG).namespaceConfig.Namespace()).To(Equal(clientNs.Name))
+				resources, err := ac.KubeClient.Build(bytes.NewBufferString(`---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sa`), false)
+				Expect(err).To(BeNil())
+				Expect(resources.Visit(func(info *resource.Info, err error) error {
+					Expect(err).To(BeNil())
+					Expect(info.Namespace).To(Equal(clientNs.Name))
+					return nil
+				})).To(Succeed())
+			})
+
+			It("should use a custom storage namespace", func() {
+				storageNs := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("storage-%s", rand.String(8))}}
+				storageNsMapper := func(_ client.Object) (string, error) { return storageNs.Name, nil }
+				acg, err := NewActionConfigGetter(cfg, rm, logr.Discard(),
+					StorageNamespaceMapper(storageNsMapper),
+				)
+				Expect(err).To(BeNil())
+
+				ac, err := acg.ActionConfigFor(obj)
+				Expect(err).To(BeNil())
+
+				By("Creating the storage namespace")
+				Expect(cl.Create(context.Background(), storageNs)).To(Succeed())
+
+				By("Installing a release")
+				i := action.NewInstall(ac)
+				i.ReleaseName = fmt.Sprintf("release-name-%s", rand.String(8))
+				i.Namespace = obj.GetNamespace()
+				rel, err := i.Run(&chrt, nil)
+				Expect(err).To(BeNil())
+				Expect(rel.Namespace).To(Equal(obj.GetNamespace()))
+
+				By("Verifying the release secret is created in the storage namespace")
+				secretKey := types.NamespacedName{
+					Namespace: storageNs.Name,
+					Name:      fmt.Sprintf("sh.helm.release.v1.%s.v1", i.ReleaseName),
+				}
+				secret := &corev1.Secret{}
+				Expect(cl.Get(context.Background(), secretKey, secret)).To(Succeed())
+				Expect(secret.OwnerReferences).To(HaveLen(1))
+
+				By("Deleting the storage namespace")
+				Expect(cl.Delete(context.Background(), storageNs)).To(Succeed())
+			})
+
+			It("should disable storage owner ref injection", func() {
+				acg, err := NewActionConfigGetter(cfg, rm, logr.Discard(),
+					DisableStorageOwnerRefInjection(true),
+				)
+				Expect(err).To(BeNil())
+
+				ac, err := acg.ActionConfigFor(obj)
+				Expect(err).To(BeNil())
+
+				By("Installing a release")
+				i := action.NewInstall(ac)
+				i.ReleaseName = fmt.Sprintf("release-name-%s", rand.String(8))
+				i.Namespace = obj.GetNamespace()
+				rel, err := i.Run(&chrt, nil)
+				Expect(err).To(BeNil())
+				Expect(rel.Namespace).To(Equal(obj.GetNamespace()))
+
+				By("Verifying the release secret has no owner references")
+				secretKey := types.NamespacedName{
+					Namespace: obj.GetNamespace(),
+					Name:      fmt.Sprintf("sh.helm.release.v1.%s.v1", i.ReleaseName),
+				}
+				secret := &corev1.Secret{}
+				Expect(cl.Get(context.Background(), secretKey, secret)).To(Succeed())
+				Expect(secret.OwnerReferences).To(HaveLen(0))
+
+				By("Uninstalling the release")
+				_, err = action.NewUninstall(ac).Run(i.ReleaseName)
+				Expect(err).To(BeNil())
+			})
+		})
 	})
 
 	var _ = Describe("GetActionConfig", func() {