update charts

equinor · Feb 23, 2024 · 77a8e79 · 77a8e79
2 parents e2fa697 + c6f64c0
commit 77a8e79
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 78 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -111,7 +111,7 @@
         "RADIX_CONTAINER_REGISTRY": "radixdev.azurecr.io",
         "RADIX_APP_CONTAINER_REGISTRY": "radixdevapp.azurecr.io",
         "RADIX_OAUTH_PROXY_DEFAULT_OIDC_ISSUER_URL": "https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0",
-        "RADIX_OAUTH_PROXY_IMAGE": "quay.io/oauth2-proxy/oauth2-proxy:v7.2.0",
+        "RADIX_OAUTH_PROXY_IMAGE": "quay.io/oauth2-proxy/oauth2-proxy:v7.6.0",
         "RADIXOPERATOR_TENANT_ID": "3aa4a235-b6e2-48d5-9195-7fcf05b459b0",
         "KUBERNETES_SERVICE_PORT": "443",
         "REGISTRATION_CONTROLLER_THREADS": "10",

diff --git a/charts/radix-operator/Chart.yaml b/charts/radix-operator/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: radix-operator
-version: 1.30.0
-appVersion: 1.50.0
+version: 1.30.1
+appVersion: 1.50.1
 kubeVersion: ">=1.24.0"
 description: Radix Operator
 keywords:

diff --git a/pkg/apis/deployment/oauthproxyresourcemanager.go b/pkg/apis/deployment/oauthproxyresourcemanager.go
@@ -694,6 +694,7 @@ func (o *oauthProxyResourceManager) getEnvVars(component v1.RadixCommonDeployCom
 	envVars = append(envVars, corev1.EnvVar{Name: "OAUTH2_PROXY_PASS_BASIC_AUTH", Value: "false"})
 	envVars = append(envVars, corev1.EnvVar{Name: "OAUTH2_PROXY_SKIP_PROVIDER_BUTTON", Value: "true"})
 	envVars = append(envVars, corev1.EnvVar{Name: "OAUTH2_PROXY_EMAIL_DOMAINS", Value: "*"})
+	envVars = append(envVars, corev1.EnvVar{Name: "OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL", Value: "true"})
 	envVars = append(envVars, corev1.EnvVar{Name: "OAUTH2_PROXY_HTTP_ADDRESS", Value: fmt.Sprintf("%s://:%v", "http", defaults.OAuthProxyPortNumber)})
 	secretName := utils.GetAuxiliaryComponentSecretName(component.GetName(), defaults.OAuthProxyAuxiliaryComponentSuffix)
 	envVars = append(envVars, o.createEnvVarWithSecretRef("OAUTH2_PROXY_COOKIE_SECRET", secretName, defaults.OAuthCookieSecretKeyName))

diff --git a/pkg/apis/deployment/oauthproxyresourcemanager_test.go b/pkg/apis/deployment/oauthproxyresourcemanager_test.go
@@ -313,12 +313,13 @@ func (s *OAuthProxyResourceManagerTestSuite) Test_Sync_OAuthProxyDeploymentCreat
 	s.NotNil(defaultContainer.ReadinessProbe)
 	s.Equal(defaults.OAuthProxyPortNumber, defaultContainer.ReadinessProbe.TCPSocket.Port.IntVal)
 
-	s.Len(defaultContainer.Env, 29)
+	s.Len(defaultContainer.Env, 30)
 	s.Equal("oidc", s.getEnvVarValueByName("OAUTH2_PROXY_PROVIDER", defaultContainer.Env))
 	s.Equal("true", s.getEnvVarValueByName("OAUTH2_PROXY_COOKIE_HTTPONLY", defaultContainer.Env))
 	s.Equal("true", s.getEnvVarValueByName("OAUTH2_PROXY_COOKIE_SECURE", defaultContainer.Env))
 	s.Equal("false", s.getEnvVarValueByName("OAUTH2_PROXY_PASS_BASIC_AUTH", defaultContainer.Env))
 	s.Equal("true", s.getEnvVarValueByName("OAUTH2_PROXY_SKIP_PROVIDER_BUTTON", defaultContainer.Env))
+	s.Equal("true", s.getEnvVarValueByName("OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL", defaultContainer.Env))
 	s.Equal("*", s.getEnvVarValueByName("OAUTH2_PROXY_EMAIL_DOMAINS", defaultContainer.Env))
 	s.Equal(fmt.Sprintf("http://:%v", defaults.OAuthProxyPortNumber), s.getEnvVarValueByName("OAUTH2_PROXY_HTTP_ADDRESS", defaultContainer.Env))
 	s.Equal(returnOAuth.ClientID, s.getEnvVarValueByName("OAUTH2_PROXY_CLIENT_ID", defaultContainer.Env))
@@ -351,7 +352,7 @@ func (s *OAuthProxyResourceManagerTestSuite) Test_Sync_OAuthProxyDeploymentCreat
 	err = sut.Sync()
 	s.Nil(err)
 	actualDeploys, _ = s.kubeClient.AppsV1().Deployments(corev1.NamespaceAll).List(context.Background(), metav1.ListOptions{})
-	s.Len(actualDeploys.Items[0].Spec.Template.Spec.Containers[0].Env, 28)
+	s.Len(actualDeploys.Items[0].Spec.Template.Spec.Containers[0].Env, 29)
 	s.False(s.getEnvVarExist("OAUTH2_PROXY_REDIS_PASSWORD", actualDeploys.Items[0].Spec.Template.Spec.Containers[0].Env))
 }
 

diff --git a/radix-operator/deployment/controller_test.go b/radix-operator/deployment/controller_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"os"
 	"testing"
+	"time"
 
 	"github.com/equinor/radix-operator/pkg/apis/config"
 	"github.com/equinor/radix-operator/pkg/apis/defaults"
@@ -39,21 +40,27 @@ func setupTest(t *testing.T) (*test.Utils, kubernetes.Interface, *kube.Kube, rad
 }
 
 func teardownTest() {
-	os.Unsetenv(defaults.OperatorRollingUpdateMaxUnavailable)
-	os.Unsetenv(defaults.OperatorRollingUpdateMaxSurge)
-	os.Unsetenv(defaults.OperatorReadinessProbeInitialDelaySeconds)
-	os.Unsetenv(defaults.OperatorReadinessProbePeriodSeconds)
+	_ = os.Unsetenv(defaults.OperatorRollingUpdateMaxUnavailable)
+	_ = os.Unsetenv(defaults.OperatorRollingUpdateMaxSurge)
+	_ = os.Unsetenv(defaults.OperatorReadinessProbeInitialDelaySeconds)
+	_ = os.Unsetenv(defaults.OperatorReadinessProbePeriodSeconds)
 }
 
 func Test_Controller_Calls_Handler(t *testing.T) {
 	anyAppName := "test-app"
 	anyEnvironment := "qa"
 
+	ctx, stopFn := context.WithTimeout(context.TODO(), 5*time.Second)
+	defer stopFn()
+
+	synced := make(chan bool)
+	defer close(synced)
+
 	// Setup
 	tu, client, kubeUtil, radixClient, prometheusclient := setupTest(t)
 
 	_, err := client.CoreV1().Namespaces().Create(
-		context.TODO(),
+		ctx,
 		&corev1.Namespace{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: utils.GetEnvironmentNamespace(anyAppName, anyEnvironment),
@@ -66,12 +73,6 @@ func Test_Controller_Calls_Handler(t *testing.T) {
 		metav1.CreateOptions{})
 	require.NoError(t, err)
 
-	stop := make(chan struct{})
-	synced := make(chan bool)
-
-	defer close(stop)
-	defer close(synced)
-
 	radixInformerFactory := informers.NewSharedInformerFactory(radixClient, 0)
 	kubeInformerFactory := kubeinformers.NewSharedInformerFactory(client, 0)
 
@@ -84,66 +85,77 @@ func Test_Controller_Calls_Handler(t *testing.T) {
 		WithHasSyncedCallback(func(syncedOk bool) { synced <- syncedOk }),
 	)
 	go func() {
-		err := startDeploymentController(client, radixClient, radixInformerFactory, kubeInformerFactory, deploymentHandler, stop)
+		err := startDeploymentController(client, radixClient, radixInformerFactory, kubeInformerFactory, deploymentHandler, ctx.Done())
 		require.NoError(t, err)
 	}()
 
 	// Test
 
 	// Create deployment should sync
-	rd, _ := tu.ApplyDeployment(
+	rd, err := tu.ApplyDeployment(
 		utils.ARadixDeployment().
 			WithAppName(anyAppName).
 			WithEnvironment(anyEnvironment))
+	require.NoError(t, err)
+	select {
+	case op, ok := <-synced:
+		assert.True(t, op)
+		assert.True(t, ok)
+	case <-ctx.Done():
+		require.NoError(t, ctx.Err())
+	}
 
-	op, ok := <-synced
-	assert.True(t, ok)
-	assert.True(t, op)
-
-	syncedRd, _ := radixClient.RadixV1().RadixDeployments(rd.ObjectMeta.Namespace).Get(context.TODO(), rd.GetName(), metav1.GetOptions{})
+	syncedRd, err := radixClient.RadixV1().RadixDeployments(rd.ObjectMeta.Namespace).Get(ctx, rd.GetName(), metav1.GetOptions{})
+	require.NoError(t, err)
 	lastReconciled := syncedRd.Status.Reconciled
 	assert.Truef(t, !lastReconciled.Time.IsZero(), "Reconciled on status should have been set")
 
 	// Update deployment should sync. Only actual updates will be handled by the controller
 	noReplicas := 0
 	rd.Spec.Components[0].Replicas = &noReplicas
-	_, err = radixClient.RadixV1().RadixDeployments(rd.ObjectMeta.Namespace).Update(context.TODO(), rd, metav1.UpdateOptions{})
+	_, err = radixClient.RadixV1().RadixDeployments(rd.ObjectMeta.Namespace).Update(ctx, rd, metav1.UpdateOptions{})
 	require.NoError(t, err)
+	select {
+	case op, ok := <-synced:
+		assert.True(t, op)
+		assert.True(t, ok)
+	case <-ctx.Done():
+		require.NoError(t, ctx.Err())
+	}
 
-	op, ok = <-synced
-	assert.True(t, ok)
-	assert.True(t, op)
-
-	syncedRd, _ = radixClient.RadixV1().RadixDeployments(rd.ObjectMeta.Namespace).Get(context.TODO(), rd.GetName(), metav1.GetOptions{})
+	syncedRd, _ = radixClient.RadixV1().RadixDeployments(rd.ObjectMeta.Namespace).Get(ctx, rd.GetName(), metav1.GetOptions{})
 	assert.Truef(t, !lastReconciled.Time.IsZero(), "Reconciled on status should have been set")
 	assert.NotEqual(t, lastReconciled, syncedRd.Status.Reconciled)
 	lastReconciled = syncedRd.Status.Reconciled
 
 	// Delete service should sync
 	services, _ := client.CoreV1().Services(rd.ObjectMeta.Namespace).List(
-		context.TODO(),
+		ctx,
 		metav1.ListOptions{
 			LabelSelector: "radix-app=test-app",
 		})
 
 	for _, aservice := range services.Items {
-		err := client.CoreV1().Services(rd.ObjectMeta.Namespace).Delete(context.TODO(), aservice.Name, metav1.DeleteOptions{})
+		err := client.CoreV1().Services(rd.ObjectMeta.Namespace).Delete(ctx, aservice.Name, metav1.DeleteOptions{})
 		require.NoError(t, err)
-
-		op, ok = <-synced
-		assert.True(t, ok)
-		assert.True(t, op)
+		select {
+		case op, ok := <-synced:
+			assert.True(t, op)
+			assert.True(t, ok)
+		case <-ctx.Done():
+			require.NoError(t, ctx.Err())
+		}
 	}
 
-	syncedRd, _ = radixClient.RadixV1().RadixDeployments(rd.ObjectMeta.Namespace).Get(context.TODO(), rd.GetName(), metav1.GetOptions{})
+	syncedRd, _ = radixClient.RadixV1().RadixDeployments(rd.ObjectMeta.Namespace).Get(ctx, rd.GetName(), metav1.GetOptions{})
 	assert.Truef(t, !lastReconciled.Time.IsZero(), "Reconciled on status should have been set")
 	assert.NotEqual(t, lastReconciled, syncedRd.Status.Reconciled)
 	lastReconciled = syncedRd.Status.Reconciled
 
 	teardownTest()
 }
 
-func startDeploymentController(client kubernetes.Interface, radixClient radixclient.Interface, radixInformerFactory informers.SharedInformerFactory, kubeInformerFactory kubeinformers.SharedInformerFactory, handler *Handler, stop chan struct{}) error {
+func startDeploymentController(client kubernetes.Interface, radixClient radixclient.Interface, radixInformerFactory informers.SharedInformerFactory, kubeInformerFactory kubeinformers.SharedInformerFactory, handler *Handler, stop <-chan struct{}) error {
 
 	eventRecorder := &record.FakeRecorder{}
 

diff --git a/radix-operator/registration/controller_test.go b/radix-operator/registration/controller_test.go
@@ -3,6 +3,7 @@ package registration
 import (
 	"context"
 	"testing"
+	"time"
 
 	"github.com/equinor/radix-operator/pkg/apis/defaults"
 	"github.com/equinor/radix-operator/pkg/apis/kube"
@@ -37,10 +38,10 @@ func Test_Controller_Calls_Handler(t *testing.T) {
 	// Setup
 	client, kubeUtil, radixClient := setupTest(t)
 
-	stop := make(chan struct{})
-	synced := make(chan bool)
+	ctx, stopFn := context.WithTimeout(context.TODO(), 5*time.Second)
+	defer stopFn()
 
-	defer close(stop)
+	synced := make(chan bool)
 	defer close(synced)
 
 	kubeInformerFactory := kubeinformers.NewSharedInformerFactory(client, 0)
@@ -51,7 +52,9 @@ func Test_Controller_Calls_Handler(t *testing.T) {
 	if err != nil {
 		log.Fatalf("Could not read configuration data: %v", err)
 	}
-	registeredApp, err := radixClient.RadixV1().RadixRegistrations().Create(context.TODO(), registration, metav1.CreateOptions{})
+	registeredApp, err := radixClient.RadixV1().RadixRegistrations().Create(ctx, registration, metav1.CreateOptions{})
+	require.NoError(t, err)
+	require.NotNil(t, registeredApp)
 
 	registrationHandler := NewHandler(
 		client,
@@ -62,71 +65,76 @@ func Test_Controller_Calls_Handler(t *testing.T) {
 		},
 	)
 	go func() {
-		err := startRegistrationController(client, radixClient, radixInformerFactory, kubeInformerFactory, registrationHandler, stop)
+		err := startRegistrationController(client, radixClient, radixInformerFactory, kubeInformerFactory, registrationHandler, ctx.Done())
 		require.NoError(t, err)
 	}()
 
 	// Test
+	select {
+	case op, ok := <-synced:
+		assert.True(t, op)
+		assert.True(t, ok)
+	case <-ctx.Done():
+		require.NoError(t, ctx.Err())
+	}
 
-	assert.NoError(t, err)
-	assert.NotNil(t, registeredApp)
-
-	op, ok := <-synced
-	assert.True(t, ok)
-	assert.True(t, op)
-
-	syncedRr, _ := radixClient.RadixV1().RadixRegistrations().Get(context.TODO(), registration.GetName(), metav1.GetOptions{})
+	syncedRr, _ := radixClient.RadixV1().RadixRegistrations().Get(ctx, registration.GetName(), metav1.GetOptions{})
 	lastReconciled := syncedRr.Status.Reconciled
 	assert.Truef(t, !lastReconciled.Time.IsZero(), "Reconciled on status should have been set")
 
 	// Update registration should sync
 	registration.ObjectMeta.Annotations = map[string]string{
 		"update": "test",
 	}
-	updatedApp, err := radixClient.RadixV1().RadixRegistrations().Update(context.TODO(), registration, metav1.UpdateOptions{})
-
-	op, ok = <-synced
-	assert.True(t, ok)
-	assert.True(t, op)
+	updatedApp, err := radixClient.RadixV1().RadixRegistrations().Update(ctx, registration, metav1.UpdateOptions{})
+	require.NoError(t, err)
+	select {
+	case op, ok := <-synced:
+		assert.True(t, op)
+		assert.True(t, ok)
+	case <-ctx.Done():
+		require.NoError(t, ctx.Err())
+	}
 
-	assert.NoError(t, err)
 	assert.NotNil(t, updatedApp)
 	assert.NotNil(t, updatedApp.Annotations)
 	assert.Equal(t, "test", updatedApp.Annotations["update"])
 
 	// Delete namespace should sync
-	err = client.CoreV1().Namespaces().Delete(context.TODO(), utils.GetAppNamespace("testapp"), metav1.DeleteOptions{})
-	assert.NoError(t, err)
-
-	op, ok = <-synced
-	assert.True(t, ok)
-	assert.True(t, op)
+	err = client.CoreV1().Namespaces().Delete(ctx, utils.GetAppNamespace("testapp"), metav1.DeleteOptions{})
+	require.NoError(t, err)
 
 	// Delete private key secret should sync
-	err = client.CoreV1().Secrets(utils.GetAppNamespace("testapp")).Delete(context.TODO(), defaults.GitPrivateKeySecretName, metav1.DeleteOptions{})
-	assert.NoError(t, err)
-
-	op, ok = <-synced
-	assert.True(t, ok)
-	assert.True(t, op)
+	err = client.CoreV1().Secrets(utils.GetAppNamespace("testapp")).Delete(ctx, defaults.GitPrivateKeySecretName, metav1.DeleteOptions{})
+	require.NoError(t, err)
+	select {
+	case op, ok := <-synced:
+		assert.True(t, op)
+		assert.True(t, ok)
+	case <-ctx.Done():
+		require.NoError(t, ctx.Err())
+	}
 
 	// Update private key secret should sync
-	existingSecret, err := client.CoreV1().Secrets(utils.GetAppNamespace("testapp")).Get(context.TODO(), defaults.GitPrivateKeySecretName, metav1.GetOptions{})
-	assert.NoError(t, err)
+	existingSecret, err := client.CoreV1().Secrets(utils.GetAppNamespace("testapp")).Get(ctx, defaults.GitPrivateKeySecretName, metav1.GetOptions{})
+	require.NoError(t, err)
 	deployKey, err := utils.GenerateDeployKey()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	existingSecret.Data[defaults.GitPrivateKeySecretKey] = []byte(deployKey.PrivateKey)
 	newSecret := existingSecret.DeepCopy()
 	newSecret.ResourceVersion = "1"
-	_, err = client.CoreV1().Secrets(utils.GetAppNamespace("testapp")).Update(context.TODO(), newSecret, metav1.UpdateOptions{})
-	assert.NoError(t, err)
-
-	op, ok = <-synced
-	assert.True(t, ok)
-	assert.True(t, op)
+	_, err = client.CoreV1().Secrets(utils.GetAppNamespace("testapp")).Update(ctx, newSecret, metav1.UpdateOptions{})
+	require.NoError(t, err)
+	select {
+	case op, ok := <-synced:
+		assert.True(t, op)
+		assert.True(t, ok)
+	case <-ctx.Done():
+		require.NoError(t, ctx.Err())
+	}
 }
 
-func startRegistrationController(client kubernetes.Interface, radixClient radixclient.Interface, radixInformerFactory informers.SharedInformerFactory, kubeInformerFactory kubeinformers.SharedInformerFactory, handler Handler, stop chan struct{}) error {
+func startRegistrationController(client kubernetes.Interface, radixClient radixclient.Interface, radixInformerFactory informers.SharedInformerFactory, kubeInformerFactory kubeinformers.SharedInformerFactory, handler Handler, stop <-chan struct{}) error {
 
 	eventRecorder := &record.FakeRecorder{}