Fix problem with non-matching namespace for broker ClusterRoleBinding (…

…#1840) * Fix problem with non-matching namespace for broker ClusterRoleBinding * Fix the indentation
strimzi · Jul 26, 2019 · 216747b · 216747b
1 parent b834980
commit 216747b
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 2 deletions.
diff --git a/cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaCluster.java b/cluster-operator/src/main/java/io/strimzi/operator/cluster/model/KafkaCluster.java
@@ -1377,7 +1377,6 @@ public ClusterRoleBinding generateClusterRoleBinding(String assemblyNamespace) {
             return new ClusterRoleBindingBuilder()
                     .withNewMetadata()
                         .withName(initContainerClusterRoleBindingName(namespace, cluster))
-                        .withNamespace(assemblyNamespace)
                         .withOwnerReferences(createOwnerReference())
                         .withLabels(labels.toMap())
                     .endMetadata()

diff --git a/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaClusterTest.java b/cluster-operator/src/test/java/io/strimzi/operator/cluster/model/KafkaClusterTest.java
@@ -28,6 +28,7 @@
 import io.fabric8.kubernetes.api.model.networking.NetworkPolicyPeer;
 import io.fabric8.kubernetes.api.model.networking.NetworkPolicyPeerBuilder;
 import io.fabric8.kubernetes.api.model.policy.PodDisruptionBudget;
+import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding;
 import io.fabric8.openshift.api.model.Route;
 import io.strimzi.api.kafka.model.listener.NodePortListenerBootstrapOverrideBuilder;
 import io.strimzi.api.kafka.model.listener.NodePortListenerBrokerOverrideBuilder;
@@ -2111,4 +2112,66 @@ image, healthDelay, healthTimeout, metricsCm, configuration, emptyMap()))
             }
         }
     }
+
+    @Test
+    public void testClusterRoleBindingNodePort() {
+        String testNamespace = "other-namespace";
+
+        Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafkaCluster(testNamespace, cluster, replicas,
+                image, healthDelay, healthTimeout, metricsCm, configuration, emptyMap()))
+                .editSpec()
+                    .editKafka()
+                        .withNewListeners()
+                            .withNewKafkaListenerExternalNodePort()
+                                .withNewKafkaListenerAuthenticationTlsAuth()
+                                .endKafkaListenerAuthenticationTlsAuth()
+                            .endKafkaListenerExternalNodePort()
+                        .endListeners()
+                    .endKafka()
+                .endSpec()
+                .build();
+
+        KafkaCluster kc = KafkaCluster.fromCrd(kafkaAssembly, VERSIONS);
+        ClusterRoleBinding crb = kc.generateClusterRoleBinding(testNamespace);
+
+        assertEquals(KafkaCluster.initContainerClusterRoleBindingName(testNamespace, cluster), crb.getMetadata().getName());
+        assertNull(crb.getMetadata().getNamespace());
+        assertEquals(testNamespace, crb.getSubjects().get(0).getNamespace());
+        assertEquals(KafkaCluster.initContainerServiceAccountName(cluster), crb.getSubjects().get(0).getName());
+    }
+
+    @Test
+    public void testClusterRoleBindingRack() {
+        String testNamespace = "other-namespace";
+
+        Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafkaCluster(testNamespace, cluster, replicas,
+                image, healthDelay, healthTimeout, metricsCm, configuration, emptyMap()))
+                .editSpec()
+                    .editKafka()
+                        .withNewRack("my-topology-label")
+                    .endKafka()
+                .endSpec()
+                .build();
+
+        KafkaCluster kc = KafkaCluster.fromCrd(kafkaAssembly, VERSIONS);
+        ClusterRoleBinding crb = kc.generateClusterRoleBinding(testNamespace);
+
+        assertEquals(KafkaCluster.initContainerClusterRoleBindingName(testNamespace, cluster), crb.getMetadata().getName());
+        assertNull(crb.getMetadata().getNamespace());
+        assertEquals(testNamespace, crb.getSubjects().get(0).getNamespace());
+        assertEquals(KafkaCluster.initContainerServiceAccountName(cluster), crb.getSubjects().get(0).getName());
+    }
+
+    @Test
+    public void testNullClusterRoleBinding() {
+        String testNamespace = "other-namespace";
+
+        Kafka kafkaAssembly = ResourceUtils.createKafkaCluster(testNamespace, cluster, replicas,
+                image, healthDelay, healthTimeout, metricsCm, configuration, emptyMap());
+
+        KafkaCluster kc = KafkaCluster.fromCrd(kafkaAssembly, VERSIONS);
+        ClusterRoleBinding crb = kc.generateClusterRoleBinding(testNamespace);
+
+        assertNull(crb);
+    }
 }
diff --git a/systemtest/src/test/java/io/strimzi/systemtest/AbstractNamespaceST.java b/systemtest/src/test/java/io/strimzi/systemtest/AbstractNamespaceST.java
@@ -28,7 +28,16 @@ public abstract class AbstractNamespaceST extends AbstractST {
     void checkKafkaInDiffNamespaceThanCO() {
         String kafkaName = kafkaClusterName(CLUSTER_NAME + "-second");
         String previousNamespace = setNamespace(SECOND_NAMESPACE);
-        secondNamespaceResources.kafkaEphemeral(CLUSTER_NAME + "-second", 3).done();
+        secondNamespaceResources.kafkaEphemeral(CLUSTER_NAME + "-second", 3)
+                .editSpec()
+                    .editKafka()
+                        .editListeners()
+                            .withNewKafkaListenerExternalNodePort()
+                            .endKafkaListenerExternalNodePort()
+                        .endListeners()
+                    .endKafka()
+                .endSpec()
+                .done();
 
         LOGGER.info("Waiting for creation {} in namespace {}", kafkaName, SECOND_NAMESPACE);
         StUtils.waitForAllStatefulSetPodsReady(kafkaName, 3);