fix: Added back permission to list and watch namespaces (#404)

Signed-off-by: RealAnna <[email protected]>
keptn · Nov 14, 2022 · df346f7 · df346f7
1 parent ca8f11d
commit df346f7
Show file tree

Hide file tree

Showing 6 changed files with 93 additions and 1 deletion.
diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml
@@ -65,6 +65,8 @@ rules:
   - namespaces
   verbs:
   - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

diff --git a/operator/webhooks/pod_mutating_webhook.go b/operator/webhooks/pod_mutating_webhook.go
@@ -31,7 +31,7 @@ import (
 )
 
 // +kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,name=mpod.keptn.sh,admissionReviewVersions=v1,sideEffects=None
-//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get
+//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch
 //+kubebuilder:rbac:groups=apps,resources=deployments;statefulsets;daemonsets;replicasets,verbs=get
 
 // PodMutatingWebhook annotates Pods

diff --git a/test/.build/install.yaml b/test/.build/install.yaml
@@ -7,3 +7,10 @@ metadata:
   annotations:
     keptn.sh/lifecycle-toolkit: "enabled"
 
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test-annotation
+  annotations:
+    keptn.sh/lifecycle-toolkit: "enabled"
diff --git a/test/integration/simple-deployment-annotated/00-assert.yaml b/test/integration/simple-deployment-annotated/00-assert.yaml
@@ -0,0 +1,9 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: test
+  name: test
+  namespace: test-annotation
+status:
+  readyReplicas: 1
diff --git a/test/integration/simple-deployment-annotated/00-install.yaml b/test/integration/simple-deployment-annotated/00-install.yaml
@@ -0,0 +1,48 @@
+
+---
+
+apiVersion: lifecycle.keptn.sh/v1alpha1
+kind: KeptnTaskDefinition
+metadata:
+  name: pre-deployment-hello
+  namespace: test-annotation
+spec:
+  function:
+    inline:
+      code: |
+        console.log("Pre-Deployment Task has been executed");
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: test
+  name: test
+  namespace: test-annotation
+  annotations:
+    keptn.sh/workload: waiter
+    keptn.sh/version: "0.4"
+    keptn.sh/pre-deployment-tasks: pre-deployment-hello
+    keptn.sh/post-deployment-tasks: pre-deployment-hello
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: test
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: test
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+          command: ['sh', '-c', 'echo The app is running! && sleep infinity']
+      initContainers:
+        - name: init-myservice
+          image: busybox:1.28
+          command: ['sh', '-c', 'sleep 30']
+
diff --git a/test/integration/simple-deployment-annotated/01-assert.yaml b/test/integration/simple-deployment-annotated/01-assert.yaml
@@ -0,0 +1,26 @@
+apiVersion: lifecycle.keptn.sh/v1alpha1
+kind: KeptnWorkload
+metadata:
+  name: waiter-waiter
+  namespace: test-annotation
+
+---
+
+apiVersion: lifecycle.keptn.sh/v1alpha1
+kind: KeptnWorkloadInstance
+metadata:
+  name: waiter-waiter-0.4
+  namespace: test-annotation
+status:
+  currentPhase: Completed
+  deploymentStatus: Succeeded
+  postDeploymentEvaluationStatus: Succeeded
+  postDeploymentStatus: Succeeded
+  postDeploymentTaskStatus:
+    - status: Succeeded
+      taskDefinitionName: pre-deployment-hello
+  preDeploymentEvaluationStatus: Succeeded
+  preDeploymentStatus: Succeeded
+  preDeploymentTaskStatus:
+    - status: Succeeded
+      taskDefinitionName: pre-deployment-hello
-Original file line number
+Diff line change
@@ Expand Up / @@ -65,6 +65,8 @@ rules: @@
       - namespaces
       verbs:
       - get
+      - list
+      - watch
     - apiGroups:
       - ""
       resources:
@@ Expand Down @@