utils

package
v0.0.0-...-e2e8ee5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OperatorNamespace                = "zero-trust-workload-identity-manager"
	OperatorDeploymentName           = "zero-trust-workload-identity-manager-controller-manager"
	OperatorLabelSelector            = "name=zero-trust-workload-identity-manager"
	OperatorSubscriptionNameFragment = "zero-trust-workload-identity-manager"
	OperatorLogLevelEnvVar           = "OPERATOR_LOG_LEVEL"
	CreateOnlyModeEnvVar             = "CREATE_ONLY_MODE"

	SpireServerStatefulSetName               = "spire-server"
	SpireServerPodLabel                      = "app.kubernetes.io/name=spire-server"
	SpireServerConfigMapName                 = "spire-server"
	SpireServerConfigKey                     = "server.conf"
	SpireAgentDaemonSetName                  = "spire-agent"
	SpireAgentPodLabel                       = "app.kubernetes.io/name=spire-agent"
	SpireAgentConfigMapName                  = "spire-agent"
	SpireAgentConfigKey                      = "agent.conf"
	SpiffeCSIDriverDaemonSetName             = "spire-spiffe-csi-driver"
	SpiffeCSIDriverPodLabel                  = "app.kubernetes.io/name=spiffe-csi-driver"
	SpireOIDCDiscoveryProviderDeploymentName = "spire-spiffe-oidc-discovery-provider"
	SpireOIDCDiscoveryProviderPodLabel       = "app.kubernetes.io/name=spiffe-oidc-discovery-provider"
	SpireOIDCDiscoveryProviderConfigMapName  = "spire-spiffe-oidc-discovery-provider"
	SpireOIDCDiscoveryProviderConfigKey      = "oidc-discovery-provider.conf"

	SpiffeHelperConfigMapName = "spiffe-helper-config"
	SpiffeHelperContainerName = "spiffe-helper"
	SpiffeHelperImage         = "ghcr.io/spiffe/spiffe-helper:0.11.0"

	DefaultInterval    = 10 * time.Second
	ShortInterval      = 5 * time.Second
	DefaultTimeout     = 5 * time.Minute
	ShortTimeout       = 2 * time.Minute
	TestContextTimeout = 10 * time.Minute
)

Variables

This section is empty.

Functions

func ExecInPod 

func ExecInPod(ctx context.Context, namespace, podName, containerName string, command []string) (stdout, stderr string, err error)

ExecInPod runs a command in a pod container and returns stdout, stderr, and error. Uses oc exec when available (OpenShift) or kubectl as fallback.

func FilterActivePods 

func FilterActivePods(pods []corev1.Pod) []corev1.Pod

FilterActivePods returns only pods that are Running and not marked for deletion. Use after a rolling update to exclude terminating or old ReplicaSet pods from verification.

func FindOperatorConditionName 

func FindOperatorConditionName(ctx context.Context, k8sClient client.Client, namespace, nameFragment string) (string, []string, error)

FindOperatorConditionName finds an OLM OperatorCondition by name fragment in the specified namespace

func FindOperatorSubscription 

func FindOperatorSubscription(ctx context.Context, k8sClient client.Client, namespace, nameFragment string) (string, []string, error)

FindOperatorSubscription finds an OLM subscription by name fragment in the specified namespace

func GetClusterBaseDomain 

func GetClusterBaseDomain(ctx context.Context, configClient configv1.ConfigV1Interface) (string, error)

GetClusterBaseDomain gets the cluster base domain from the DNS cluster object

func GetDeploymentEnvVar 

func GetDeploymentEnvVar(ctx context.Context, clientset kubernetes.Interface, namespace, deploymentName, envVarName string) (string, error)

GetDeploymentEnvVar retrieves an environment variable value from a deployment's first container

func GetKubeConfig 

func GetKubeConfig() (*rest.Config, error)

GetKubeConfig returns the Kubernetes configuration

func GetNestedStringFromConfigMapJSON 

func GetNestedStringFromConfigMapJSON(ctx context.Context, clientset kubernetes.Interface, namespace, configMapName, dataKey string, fields ...string) (string, bool, error)

GetNestedStringFromConfigMapJSON retrieves a nested string value from a JSON-formatted ConfigMap data field

func GetTestDir 

func GetTestDir() string

GetTestDir returns the directory to write test results to

func GetUpgradeableCondition 

func GetUpgradeableCondition(ctx context.Context, k8sClient client.Client, namespace, operatorConditionName string) (*metav1.Condition, error)

GetUpgradeableCondition fetches the current Upgradeable condition from the OperatorCondition.

func InferControlPlaneRoleKey 

func InferControlPlaneRoleKey(ctx context.Context, clientset kubernetes.Interface) string

InferControlPlaneRoleKey returns the node-role label key used for control-plane nodes. CI clusters may use either "node-role.kubernetes.io/control-plane" (OCP 4.12+ fresh installs) or "node-role.kubernetes.io/master" (upgraded clusters). This helper lists nodes once and returns whichever key is actually present.

func IsCRDEstablished 

func IsCRDEstablished(crd *apiextv1.CustomResourceDefinition) bool

IsCRDEstablished checks if a CRD is Established

func IsDaemonSetAvailable 

func IsDaemonSetAvailable(ds *appsv1.DaemonSet) bool

IsDaemonSetAvailable checks if a DaemonSet has all desired pods Up-to-date and Available

func IsDeploymentAvailable 

func IsDeploymentAvailable(deployment *appsv1.Deployment) bool

IsDeploymentAvailable checks if a Deployment has the Available condition set to True

func IsDeploymentRolloutComplete 

func IsDeploymentRolloutComplete(deployment *appsv1.Deployment) bool

IsDeploymentRolloutComplete checks if a Deployment rollout is fully complete This includes checking that the controller has observed the latest generation and that all replicas are updated, available, and none are unavailable

func IsPodReady 

func IsPodReady(pod *corev1.Pod) bool

IsPodReady checks if a pod has the Ready condition set to True

func IsPodRunning 

func IsPodRunning(pod *corev1.Pod) bool

IsPodRunning checks if a pod is in Running phase

func IsStatefulSetReady 

func IsStatefulSetReady(sts *appsv1.StatefulSet) bool

IsStatefulSetReady checks if a StatefulSet is Ready

func PatchSubscriptionEnv 

func PatchSubscriptionEnv(ctx context.Context, k8sClient client.Client, namespace, name, envKey, envValue string) error

PatchSubscriptionEnv patches a subscription's environment variable using merge patch

func UpdateCRWithRetry 

func UpdateCRWithRetry(ctx context.Context, k8sClient client.Client, obj client.Object, updateFunc func()) error

UpdateCRWithRetry updates a CR with retry on conflict

func VerifyContainerResources 

func VerifyContainerResources(pods []corev1.Pod, expectedResources *corev1.ResourceRequirements)

VerifyContainerResources verifies that all containers in the provided pods have the expected resource limits and requests

func VerifyPodLabels 

func VerifyPodLabels(pods []corev1.Pod, expectedLabels map[string]string)

VerifyPodLabels verifies that all provided pods have the expected labels.

func VerifyPodScheduling 

func VerifyPodScheduling(ctx context.Context, clientset kubernetes.Interface, pods []corev1.Pod, requiredNodeLabels map[string]string)

VerifyPodScheduling verifies that pods are scheduled to nodes with the required nodeSelector labels

func VerifyPodTolerations 

func VerifyPodTolerations(ctx context.Context, clientset kubernetes.Interface, pods []corev1.Pod, expectedTolerations []*corev1.Toleration)

VerifyPodTolerations verifies that pods are scheduled to nodes that have taints matching the pod's tolerations

func WaitForCRDEstablished 

func WaitForCRDEstablished(ctx context.Context, apiextClient apiextclient.Interface, name string, timeout time.Duration)

WaitForCRDEstablished waits for a CRD to be Established within timeout

func WaitForDaemonSetAvailable 

func WaitForDaemonSetAvailable(ctx context.Context, clientset kubernetes.Interface, name, namespace string, timeout time.Duration)

WaitForDaemonSetAvailable waits for a DaemonSet to have all desired pods available within timeout

func WaitForDaemonSetRollingUpdate 

func WaitForDaemonSetRollingUpdate(ctx context.Context, clientset kubernetes.Interface, name, namespace string, initialGeneration int64, timeout time.Duration)

WaitForDaemonSetRollingUpdate waits for a DaemonSet rolling update to be processed by the controller This ensures the controller has observed the changes, whether the update is in progress or already completed initialGeneration should be recorded before making any changes to the DaemonSet

func WaitForDeploymentAvailable 

func WaitForDeploymentAvailable(ctx context.Context, clientset kubernetes.Interface, name, namespace string, timeout time.Duration)

WaitForDeploymentAvailable waits for a Deployment to become Available within timeout

func WaitForDeploymentEnvVar 

func WaitForDeploymentEnvVar(ctx context.Context, clientset kubernetes.Interface, namespace, deploymentName, envKey, expectedValue string, timeout time.Duration)

WaitForDeploymentEnvVar waits until a Deployment's first container has the expected env var value. This is needed when patching a Subscription env because OLM may take time to propagate the change to the Deployment, and generation bumps may come from unrelated OLM reconciliations.

func WaitForDeploymentRollingUpdate 

func WaitForDeploymentRollingUpdate(ctx context.Context, clientset kubernetes.Interface, name, namespace string, initialGeneration int64, timeout time.Duration)

WaitForDeploymentRollingUpdate waits for a Deployment rolling update to be processed by the controller This ensures the controller has observed the changes, whether the update is in progress or already completed initialGeneration should be recorded before making any changes to the Deployment

func WaitForPodReady 

func WaitForPodReady(ctx context.Context, clientset kubernetes.Interface, name, namespace string, timeout time.Duration)

WaitForPodReady waits for a specific pod to have Ready condition set to True within timeout

func WaitForPodRunning 

func WaitForPodRunning(ctx context.Context, clientset kubernetes.Interface, name, namespace string, timeout time.Duration)

WaitForPodRunning waits for a specific pod to be in Running phase within timeout

func WaitForSpiffeCSIDriverConditions 

func WaitForSpiffeCSIDriverConditions(ctx context.Context, k8sClient client.Client, name string,
	expectedConditions map[string]metav1.ConditionStatus, timeout time.Duration)

WaitForSpiffeCSIDriverConditions waits for SpiffeCSIDriver conditions to reach expected statuses

func WaitForSpireAgentConditions 

func WaitForSpireAgentConditions(ctx context.Context, k8sClient client.Client, name string,
	expectedConditions map[string]metav1.ConditionStatus, timeout time.Duration)

WaitForSpireAgentConditions waits for SpireAgent conditions to reach expected statuses

func WaitForSpireOIDCDiscoveryProviderConditions 

func WaitForSpireOIDCDiscoveryProviderConditions(ctx context.Context, k8sClient client.Client, name string,
	expectedConditions map[string]metav1.ConditionStatus, timeout time.Duration)

WaitForSpireOIDCDiscoveryProviderConditions waits for SpireOIDCDiscoveryProvider conditions to reach expected statuses

func WaitForSpireServerConditions 

func WaitForSpireServerConditions(ctx context.Context, k8sClient client.Client, name string,
	expectedConditions map[string]metav1.ConditionStatus, timeout time.Duration)

WaitForSpireServerConditions waits for SpireServer conditions to reach expected statuses

func WaitForStatefulSetReady 

func WaitForStatefulSetReady(ctx context.Context, clientset kubernetes.Interface, name, namespace string, timeout time.Duration)

WaitForStatefulSetReady waits for a StatefulSet to be Ready within timeout

func WaitForStatefulSetRollingUpdate 

func WaitForStatefulSetRollingUpdate(ctx context.Context, clientset kubernetes.Interface, name, namespace string, initialGeneration int64, timeout time.Duration)

WaitForStatefulSetRollingUpdate waits for a StatefulSet rolling update to be processed by the controller This ensures the controller has observed the changes, whether the update is in progress or already completed initialGeneration should be recorded before making any changes to the StatefulSet

func WaitForUpgradeableStatus 

func WaitForUpgradeableStatus(ctx context.Context, k8sClient client.Client, namespace, operatorConditionName string, expectedStatus metav1.ConditionStatus, timeout time.Duration)

WaitForUpgradeableStatus waits for Upgradeable condition to reach expected status within timeout.

func WaitForZeroTrustWorkloadIdentityManagerConditions 

func WaitForZeroTrustWorkloadIdentityManagerConditions(ctx context.Context, k8sClient client.Client, name string,
	expectedConditions map[string]metav1.ConditionStatus, timeout time.Duration)

WaitForZeroTrustWorkloadIdentityManagerConditions waits for ZeroTrustWorkloadIdentityManager conditions to reach expected statuses

Types

type SpiffeHelperConfig 

type SpiffeHelperConfig struct {
	AgentAddress       string
	CertDir            string
	SvidFileName       string
	SvidKeyFileName    string
	SvidBundleFileName string
}

SpiffeHelperConfig holds configuration for the spiffe-helper sidecar (helper.conf format).

func DefaultAttestationSpiffeHelperConfig 

func DefaultAttestationSpiffeHelperConfig() SpiffeHelperConfig

DefaultAttestationSpiffeHelperConfig returns the default config for E2E attestation tests.

func (SpiffeHelperConfig) String 

func (c SpiffeHelperConfig) String() string

String returns the config as a TOML-like string for helper.conf.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.