diff --git a/config/admission/admission.yaml b/config/admission/admission.yaml deleted file mode 100644 index 8a795ae96..000000000 --- a/config/admission/admission.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingAdmissionPolicy -metadata: - name: "clusterextensions-package-uniqueness" -spec: - failurePolicy: Fail - paramKind: - apiVersion: olm.operatorframework.io/v1alpha1 - kind: ClusterExtension - matchConstraints: - resourceRules: - - apiGroups: ["olm.operatorframework.io"] - apiVersions: ["v1alpha1"] - operations: ["CREATE", "UPDATE"] - resources: ["clusterextensions"] - matchConditions: - # Only apply the policy when the request operation is CREATE - # or when the package is being changed - - name: 'only-create-or-package-change' - expression: request.operation == 'CREATE' || oldObject.spec.packageName != object.spec.packageName - validations: - - expression: object.spec.packageName != params.spec.packageName - messageExpression: "'Package \"' + string(object.spec.packageName) + '\" is already installed via ClusterExtension \"' + string(params.metadata.name) + '\"'" - reason: Invalid - ---- - -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "clusterextensions-package-uniqueness-binding" -spec: - policyName: "clusterextensions-package-uniqueness" - validationActions: [Deny] - paramRef: - parameterNotFoundAction: Allow - selector: {} diff --git a/config/admission/kustomization.yaml b/config/admission/kustomization.yaml deleted file mode 100644 index 4e1629d33..000000000 --- a/config/admission/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -configurations: -- kustomizeconfig.yaml - -resources: -- admission.yaml diff --git a/config/admission/kustomizeconfig.yaml b/config/admission/kustomizeconfig.yaml deleted file mode 100644 index 55fc4088a..000000000 --- a/config/admission/kustomizeconfig.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# This file is for teaching kustomize how to substitute name in ValidatingAdmissionPolicyBinding -# This might become obsolete depending on the outcome of https://github.com/kubernetes-sigs/kustomize/issues/5674 -nameReference: -- kind: ValidatingAdmissionPolicy - group: admissionregistration.k8s.io - fieldSpecs: - - kind: ValidatingAdmissionPolicyBinding - group: admissionregistration.k8s.io - path: spec/policyName diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 2719a8565..6e2a672dd 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -16,7 +16,6 @@ namePrefix: operator-controller- resources: - ../crd -- ../admission - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in diff --git a/test/e2e/cluster_extension_admission_test.go b/test/e2e/cluster_extension_admission_test.go deleted file mode 100644 index b1cca6c3f..000000000 --- a/test/e2e/cluster_extension_admission_test.go +++ /dev/null @@ -1,103 +0,0 @@ -package e2e - -import ( - "context" - "fmt" - "testing" - - "github.com/stretchr/testify/require" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" - - ocv1alpha1 "github.com/operator-framework/operator-controller/api/v1alpha1" -) - -func TestClusterExtensionPackageUniqueness(t *testing.T) { - ctx := context.Background() - fieldOwner := client.FieldOwner("operator-controller-e2e") - - deleteClusterExtension := func(clusterExtension *ocv1alpha1.ClusterExtension) { - require.NoError(t, c.Delete(ctx, clusterExtension)) - require.Eventually(t, func() bool { - err := c.Get(ctx, types.NamespacedName{Name: clusterExtension.Name}, &ocv1alpha1.ClusterExtension{}) - return errors.IsNotFound(err) - }, pollDuration, pollInterval) - } - - const firstResourceName = "test-extension-first" - const firstResourcePackageName = "package1" - - t.Log("create first resource") - clusterExtension1 := &ocv1alpha1.ClusterExtension{ - ObjectMeta: metav1.ObjectMeta{ - Name: firstResourceName, - }, - Spec: ocv1alpha1.ClusterExtensionSpec{ - PackageName: firstResourcePackageName, - InstallNamespace: "default", - }, - } - require.NoError(t, c.Create(ctx, clusterExtension1)) - defer deleteClusterExtension(clusterExtension1) - - t.Log("create second resource with the same package as the first resource") - clusterExtension2 := &ocv1alpha1.ClusterExtension{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "test-extension-", - }, - Spec: ocv1alpha1.ClusterExtensionSpec{ - PackageName: firstResourcePackageName, - InstallNamespace: "default", - }, - } - err := c.Create(ctx, clusterExtension2) - require.ErrorContains(t, err, fmt.Sprintf("Package %q is already installed via ClusterExtension %q", firstResourcePackageName, firstResourceName)) - - t.Log("create second resource with different package") - clusterExtension2 = &ocv1alpha1.ClusterExtension{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "test-extension-", - }, - Spec: ocv1alpha1.ClusterExtensionSpec{ - PackageName: "package2", - InstallNamespace: "default", - }, - } - require.NoError(t, c.Create(ctx, clusterExtension2)) - defer deleteClusterExtension(clusterExtension2) - - t.Log("update second resource with package which already exists on the cluster") - intent := &ocv1alpha1.ClusterExtension{ - TypeMeta: metav1.TypeMeta{ - APIVersion: ocv1alpha1.GroupVersion.String(), - Kind: "ClusterExtension", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: clusterExtension2.Name, - }, - Spec: ocv1alpha1.ClusterExtensionSpec{ - PackageName: firstResourcePackageName, - InstallNamespace: "default", - }, - } - err = c.Patch(ctx, intent, client.Apply, client.ForceOwnership, fieldOwner) - require.ErrorContains(t, err, fmt.Sprintf("Package %q is already installed via ClusterExtension %q", firstResourcePackageName, firstResourceName)) - - t.Log("update second resource with package which does not exist on the cluster") - intent = &ocv1alpha1.ClusterExtension{ - TypeMeta: metav1.TypeMeta{ - APIVersion: ocv1alpha1.GroupVersion.String(), - Kind: "ClusterExtension", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: clusterExtension2.Name, - }, - Spec: ocv1alpha1.ClusterExtensionSpec{ - PackageName: "package3", - InstallNamespace: "default", - }, - } - require.NoError(t, c.Patch(ctx, intent, client.Apply, client.ForceOwnership, fieldOwner)) -}