Update

Author: jgwest

controllers/argocd/openshift/openshift_test.go

@@ -306,10 +306,10 @@ func TestAdminClusterRoleMapper(t *testing.T) {
 
 		// Sort both slices to ensure consistent comparison
 		sort.Slice(result, func(i, j int) bool {
-			return result[i].NamespacedName.Name < result[j].NamespacedName.Name
+			return result[i].Name < result[j].Name
 		})
 		sort.Slice(expectedRequests, func(i, j int) bool {
-			return expectedRequests[i].NamespacedName.Name < expectedRequests[j].NamespacedName.Name
+			return expectedRequests[i].Name < expectedRequests[j].Name
 		})
 
 		assert.Equal(t, expectedRequests, result)

test/openshift/e2e/ginkgo/fixture/fixture.go

@@ -881,6 +881,17 @@ func OutputDebugOnFail(namespaceParams ...any) {
 		GinkgoWriter.Println(kubectlOutput)
 		GinkgoWriter.Println("----------------------------------------------------------------")
 
+		kubectlOutput, err = osFixture.ExecCommandWithOutputParam(false, "kubectl", "get", "events", "-n", namespace)
+		if err != nil {
+			GinkgoWriter.Println("unable to get events for namespace", err, kubectlOutput)
+		} else {
+			GinkgoWriter.Println("")
+			GinkgoWriter.Println("----------------------------------------------------------------")
+			GinkgoWriter.Println("'kubectl get events -n " + namespace + ":")
+			GinkgoWriter.Println(kubectlOutput)
+			GinkgoWriter.Println("----------------------------------------------------------------")
+		}
+
 	}
 
 	kubectlOutput, err := osFixture.ExecCommandWithOutputParam(false, "kubectl", "get", "argocds", "-A", "-o", "yaml")
@@ -894,6 +905,8 @@ func OutputDebugOnFail(namespaceParams ...any) {
 		GinkgoWriter.Println("----------------------------------------------------------------")
 	}
 
+	GinkgoWriter.Println("You can skip this debug output by setting 'SKIP_DEBUG_OUTPUT=true'")
+
 }
 
 // EnsureRunningOnOpenShift should be called if a test requires OpenShift (for example, it uses Route CR).

test/openshift/e2e/ginkgo/fixture/k8s/fixture.go

@@ -90,6 +90,8 @@ func NotHaveLabelWithValue(key string, value string) matcher.GomegaMatcher {
 			return true
 		}
 
+		GinkgoWriter.Println("NotHaveLabelWithValue: not expected: ", key, "/", value, ". actual:", labels[key])
+
 		return labels[key] != value
 
 	}, BeTrue())

test/openshift/e2e/ginkgo/fixture/secret/fixture.go

@@ -98,6 +98,16 @@ func HaveDataKeyValue(key string, value []byte) matcher.GomegaMatcher {
 
 }
 
+// NotHaveDataKey returns true if Secret's .data 'key' does not exist, false otherwise
+func NotHaveDataKey(key string) matcher.GomegaMatcher {
+	return fetchSecret(func(secret *corev1.Secret) bool {
+		_, exists := secret.Data[key]
+		GinkgoWriter.Println("NotHaveDataKey - key:", key, "Exists:", exists)
+		return !exists
+	})
+
+}
+
 // This is intentionally NOT exported, for now. Create another function in this file/package that calls this function, and export that.
 func fetchSecret(f func(*corev1.Secret) bool) matcher.GomegaMatcher {
 

test/openshift/e2e/ginkgo/parallel/1-042_restricted_pss_compliant_test.go

@@ -58,6 +58,7 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() {
 			defer fixture.DeleteNamespace(ns)
 
 			fixture.OutputDebugOnFail(ns.Name)
+
 		})
 
 		It("verifies that all Argo CD components can run with pod-security enforce, warn, and audit of 'restricted'", func() {

test/openshift/e2e/ginkgo/parallel/1-055_validate_notification_controller_test.go

@@ -171,5 +171,76 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() {
 
 		})
 
+		It("ensure that sourceNamespace resources are not created for namespace-scoped instance", func() {
+
+			By("creating test namespaces")
+			fooNs, fooNsCleanupFunc := fixture.CreateNamespaceWithCleanupFunc("foo-src-ns")
+			defer fooNsCleanupFunc()
+
+			By("creating namespace-scoped Argo CD instance with sourceNamespaces")
+			ns, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("1-055-src-ns-test")
+			defer cleanupFunc()
+
+			argocd := &argov1beta1api.ArgoCD{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "example-argocd",
+					Namespace: ns.Name,
+				},
+				Spec: argov1beta1api.ArgoCDSpec{
+					Notifications: argov1beta1api.ArgoCDNotifications{
+						Enabled:          true,
+						SourceNamespaces: []string{fooNs.Name},
+					},
+					SourceNamespaces: []string{fooNs.Name},
+				},
+			}
+			Expect(k8sClient.Create(ctx, argocd)).To(Succeed())
+
+			By("verifying Argo CD and notification controller start as expected")
+			Eventually(argocd, "4m", "5s").Should(argocdFixture.HaveNotificationControllerStatus("Running"))
+
+			By("verifying that sourceNamespace cmd args don't exist")
+			depl := &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "example-argocd-notifications-controller",
+					Namespace: ns.Name,
+				},
+			}
+			Eventually(depl).Should(k8sFixture.ExistByName())
+			// TODO: add check to test "--application-namespaces" cmd arg is not present in the notification deployment container args
+
+			By("verifying sourceNamespace rbac resources are not created")
+			clusterRole := &rbacv1.ClusterRole{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "example-argocd-1-055-src-ns-test-argocd-notifications-controller",
+					Namespace: ns.Name,
+				},
+			}
+			clusterRoleBinding := &rbacv1.ClusterRoleBinding{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "example-argocd-1-055-src-ns-test-argocd-notifications-controller",
+					Namespace: ns.Name,
+				},
+			}
+			role := &rbacv1.Role{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "example-argocd-1-055-src-ns-test-notifications",
+					Namespace: fooNs.Name,
+				},
+			}
+			roleBinding := &rbacv1.RoleBinding{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "example-argocd-1-055-src-ns-test-notifications",
+					Namespace: fooNs.Name,
+				},
+			}
+
+			Eventually(role).Should(k8sFixture.NotExistByName())
+			Eventually(roleBinding).Should(k8sFixture.NotExistByName())
+			Eventually(clusterRole).Should(k8sFixture.NotExistByName())
+			Eventually(clusterRoleBinding).Should(k8sFixture.NotExistByName())
+
+		})
+
 	})
 })

test/openshift/e2e/ginkgo/parallel/1-121_validate_custom_labels_rollouts.go

@@ -76,10 +76,10 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() {
 			By("updating RolloutManager spec")
 
 			// Add a new label to trigger reconciliation
-			if rolloutManager.ObjectMeta.Labels == nil {
-				rolloutManager.ObjectMeta.Labels = make(map[string]string)
+			if rolloutManager.Labels == nil {
+				rolloutManager.Labels = make(map[string]string)
 			}
-			rolloutManager.ObjectMeta.Labels["test-update"] = "true"
+			rolloutManager.Labels["test-update"] = "true"
 			patch := client.MergeFrom(rolloutManager.DeepCopy())
 			Expect(k8sClient.Patch(ctx, rolloutManager, patch)).To(Succeed())
 

test/openshift/e2e/ginkgo/sequential/1-036_validate_role_rolebinding_for_source_namespace_test.go

@@ -12,7 +12,9 @@ import (
 	namespaceFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/namespace"
 	"github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils"
 
+	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
@@ -22,8 +24,10 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 	Context("1-036_validate_role_rolebinding_for_source_namespace", func() {
 
 		var (
-			ctx       context.Context
-			k8sClient client.Client
+			ctx               context.Context
+			k8sClient         client.Client
+			argoNamespace     *corev1.Namespace
+			cleanupArgoNSFunc func()
 
 			defaultNSArgoCD *v1beta1.ArgoCD
 
@@ -39,30 +43,37 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 
 		AfterEach(func() {
 
-			fixture.OutputDebugOnFail("default")
+			fixture.OutputDebugOnFail(argoNamespace)
+
+			// Clean up argo cd instance created in test namespace first (before deleting the namespace itself)
+			Expect(defaultNSArgoCD).ToNot(BeNil())
+			err := k8sClient.Delete(ctx, defaultNSArgoCD)
+			if err != nil && !apierrors.IsNotFound(err) {
+				Expect(err).ToNot(HaveOccurred())
+			}
 
 			// Clean up namespaces created
 			for _, namespaceCleanupFunction := range cleanupFunctions {
 				namespaceCleanupFunction()
 			}
 
-			// Clean up argo cd instance created in 'default' NS
-			Expect(defaultNSArgoCD).ToNot(BeNil())
-			Expect(k8sClient.Delete(ctx, defaultNSArgoCD)).To(Succeed())
-
 		})
 
 		It("verifies that ArgoCD CR '.spec.sourceNamespaces' field wildcard-matching matches and manages only namespaces which match the wildcard", func() {
 
+			By("creating cluster-scoped namespace for Argo CD instance")
+			argoNamespace, cleanupArgoNSFunc = fixture.CreateNamespaceWithCleanupFunc("argocd-e2e-cluster-config")
+			cleanupFunctions = append(cleanupFunctions, cleanupArgoNSFunc)
+
 			By("creating test NS")
 			testNS, cleanupFunc := fixture.CreateNamespaceWithCleanupFunc("test")
 			cleanupFunctions = append(cleanupFunctions, cleanupFunc)
 
-			By("creating Argo CD instance in default NS, with 'test' sourceNamespace only")
+			By("creating Argo CD instance in argocd-e2e-cluster-config NS, with 'test' sourceNamespace only")
 			defaultNSArgoCD = &v1beta1.ArgoCD{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "example-argocd",
-					Namespace: "default",
+					Namespace: argoNamespace.Name,
 				},
 				Spec: v1beta1.ArgoCDSpec{
 					SourceNamespaces: []string{
@@ -73,7 +84,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 			Expect(k8sClient.Create(ctx, defaultNSArgoCD)).To(Succeed())
 
 			By("verifying Argo CD instance starts managing the namespace via managed-by-cluster-argocd label")
-			Eventually(testNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(testNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
 			expectRoleAndRoleBindingValues := func(name string, ns string) {
 
@@ -107,12 +118,12 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 					{
 						Kind:      "ServiceAccount",
 						Name:      "example-argocd-argocd-server",
-						Namespace: "default",
+						Namespace: argoNamespace.Name,
 					},
 					{
 						Kind:      "ServiceAccount",
 						Name:      "example-argocd-argocd-application-controller",
-						Namespace: "default",
+						Namespace: argoNamespace.Name,
 					},
 				}))
 
@@ -133,7 +144,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 			})
 
 			By("verifying test-1 NS becomes managed, and expected role/rolebindings exist in test* namespaces but not dev")
-			Eventually(test1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(test1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
 			expectRoleAndRoleBindingValues("example-argocd_test", "test")
 
@@ -161,7 +172,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 			cleanupFunctions = append(cleanupFunctions, cleanupFunc)
 
 			By("verifying the test-2 namespace becomes managed by the argo cd instance, and has the expected role/rolebinding")
-			Eventually(test2NS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(test2NS, "2m", "5s").Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
 			expectRoleAndRoleBindingValues("example-argocd_test-2", "test-2")
 
@@ -173,17 +184,17 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 			})
 
 			By("verifying test, test-1, test-2, and dev are all managed and have the expected roles")
-			Eventually(testNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
-			Consistently(testNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(testNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
+			Consistently(testNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
-			Eventually(test1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
-			Consistently(test1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(test1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
+			Consistently(test1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
-			Eventually(test2NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
-			Consistently(test2NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(test2NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
+			Consistently(test2NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
-			Eventually(devNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
-			Consistently(devNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(devNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
+			Consistently(devNS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
 			expectRoleAndRoleBindingValues("example-argocd_test", "test")
 			expectRoleAndRoleBindingValues("example-argocd_test-1", "test-1")
@@ -208,11 +219,11 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 			cleanupFunctions = append(cleanupFunctions, cleanupFunc)
 
 			By("verifying test-ns-1 and dev-ns-1 are managed, but other-ns isn't")
-			Eventually(test_ns_1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
-			Consistently(test_ns_1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(test_ns_1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
+			Consistently(test_ns_1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
-			Eventually(dev_ns_1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
-			Consistently(dev_ns_1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(dev_ns_1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
+			Consistently(dev_ns_1NS).Should(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
 			expectRoleAndRoleBindingValues("example-argocd_test-ns-1", "test-ns-1")
 			expectRoleAndRoleBindingValues("example-argocd_dev-ns-1", "dev-ns-1")
@@ -239,18 +250,18 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 			})
 
 			By("verifying dev-ns-1 eventually becomes unmanaged")
-			Eventually(dev_ns_1NS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
-			Consistently(dev_ns_1NS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", "default"))
+			Eventually(dev_ns_1NS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
+			Consistently(dev_ns_1NS).ShouldNot(namespaceFixture.HaveLabel("argocd.argoproj.io/managed-by-cluster-argocd", argoNamespace.Name))
 
 			devns1Role := &rbacv1.Role{
 				ObjectMeta: metav1.ObjectMeta{
-					Name:      " example-argocd_dev-ns-1",
+					Name:      "example-argocd_dev-ns-1",
 					Namespace: dev_ns_1NS.Name,
 				},
 			}
 			devns1RoleBinding := &rbacv1.RoleBinding{
 				ObjectMeta: metav1.ObjectMeta{
-					Name:      " example-argocd_dev-ns-1",
+					Name:      "example-argocd_dev-ns-1",
 					Namespace: dev_ns_1NS.Name,
 				},
 			}