steps

func AnnotationsAreAdded ¶ added in v1.9.0

func AnnotationsAreAdded(ctx context.Context, resourceName string, table *godog.Table) error

AnnotationsAreAdded adds annotations from a data table to a resource using kubectl annotate. The table must have "key" and "value" columns. Only supports namespaced resources (always uses sc.namespace).

func BeforeSuite ¶

func BeforeSuite()

func BundleInstalled ¶

func BundleInstalled(ctx context.Context, name, version string) error

BundleInstalled waits for the ClusterExtension to report the specified bundle name and version as installed. Polls with timeout.

func CatalogVersionWithPackages ¶ added in v1.9.0

func CatalogVersionWithPackages(ctx context.Context, catalogUserName, version string, table *godog.Table) error

CatalogVersionWithPackages builds an additional version of a per-scenario catalog image. It pushes a new catalog image with the specified tag but does NOT update the ClusterCatalog. Use ScenarioCatalogIsUpdatedToVersion to patch the ClusterCatalog to use the new version.

func CatalogWithPackages ¶ added in v1.9.0

func CatalogWithPackages(ctx context.Context, catalogUserName string, table *godog.Table) error

CatalogWithPackages builds a per-scenario catalog from a Gherkin data table. Table columns: package | version | channel | replaces | contents

func CatalogdLeaderPodIsForceDeleted ¶ added in v1.9.0

func CatalogdLeaderPodIsForceDeleted(ctx context.Context) error

CatalogdLeaderPodIsForceDeleted force-deletes the catalogd leader pod to simulate leader loss. The pod is identified from sc.leaderPods["catalogd"] (populated by a prior "catalogd is ready to reconcile resources" step). Force-deletion is equivalent to an abrupt process crash: the lease is no longer renewed and the surviving pod acquires leadership after the lease expires.

Note: stopping the kind node container is not used here because both nodes in the experimental 2-node cluster are control-plane nodes that run etcd — stopping either would break etcd quorum and make the API server unreachable for the rest of the test.

func CheckFeatureTags ¶

func CheckFeatureTags(ctx context.Context, sc *godog.Scenario) (context.Context, error)

func ClusterExtensionIsAvailable ¶

func ClusterExtensionIsAvailable(ctx context.Context) error

ClusterExtensionIsAvailable waits for the ClusterExtension's Installed condition to be True. Polls with timeout.

func ClusterExtensionIsReconciled ¶ added in v1.9.0

func ClusterExtensionIsReconciled(ctx context.Context) error

ClusterExtensionIsReconciled waits for the ClusterExtension to be reconciled by checking the leader pod's logs for a "reconcile ending" entry.

func ClusterExtensionIsRemoved ¶

func ClusterExtensionIsRemoved(ctx context.Context) error

ClusterExtensionIsRemoved deletes the current ClusterExtension, saving its state for potential restore checks.

func ClusterExtensionIsRolledOut ¶

func ClusterExtensionIsRolledOut(ctx context.Context) error

ClusterExtensionIsRolledOut waits for the ClusterExtension's Progressing condition to be True with reason Succeeded, then gathers its constituent resources into the scenario context. Polls with timeout.

func ClusterExtensionReconciledLatestGeneration ¶

func ClusterExtensionReconciledLatestGeneration(ctx context.Context) error

ClusterExtensionReconciledLatestGeneration waits for the ClusterExtension's observedGeneration to match its metadata generation. Polls with timeout.

func ClusterExtensionReportsActiveRevisions ¶

func ClusterExtensionReportsActiveRevisions(ctx context.Context, rawRevisionNames string) error

ClusterExtensionReportsActiveRevisions waits for the ClusterExtension's active revisions to match the expected set of revision names. Polls with timeout.

func ClusterExtensionReportsCondition ¶

func ClusterExtensionReportsCondition(ctx context.Context, conditionType, conditionStatus, conditionReason string, msg *godog.DocString) error

ClusterExtensionReportsCondition waits for the ClusterExtension to have a condition matching the specified type, status, reason, and exact message. Polls with timeout.

func ClusterExtensionReportsConditionTransitionTime ¶

func ClusterExtensionReportsConditionTransitionTime(ctx context.Context, conditionType string, minMinutes, maxMinutes int) error

ClusterExtensionReportsConditionTransitionTime asserts that a condition's lastTransitionTime falls within the specified minute range since the ClusterExtension's creation.

func ClusterExtensionReportsConditionWithMessageFragment ¶

func ClusterExtensionReportsConditionWithMessageFragment(ctx context.Context, conditionType, conditionStatus, conditionReason string, msgFragment *godog.DocString) error

ClusterExtensionReportsConditionWithMessageFragment waits for the ClusterExtension to have a condition matching type, status, and reason, with a message containing the specified fragment. Polls with timeout.

func ClusterExtensionReportsConditionWithoutMsg ¶

func ClusterExtensionReportsConditionWithoutMsg(ctx context.Context, conditionType, conditionStatus, conditionReason string) error

ClusterExtensionReportsConditionWithoutMsg waits for the ClusterExtension to have a condition matching type, status, and reason, without checking the message. Polls with timeout.

func ClusterExtensionReportsConditionWithoutReason ¶

func ClusterExtensionReportsConditionWithoutReason(ctx context.Context, conditionType, conditionStatus string) error

ClusterExtensionReportsConditionWithoutReason waits for the ClusterExtension to have a condition matching type and status, without checking reason or message. Polls with timeout.

func ClusterExtensionResourcesCreatedAndAreLabeled ¶

func ClusterExtensionResourcesCreatedAndAreLabeled(ctx context.Context) error

ClusterExtensionResourcesCreatedAndAreLabeled verifies each constituent resource has the expected OLM owner-kind and owner-name labels. Polls with timeout per resource.

func ClusterExtensionResourcesRemoved ¶

func ClusterExtensionResourcesRemoved(ctx context.Context) error

ClusterExtensionResourcesRemoved waits for each previously gathered constituent resource to be deleted. Polls with timeout per resource.

func ClusterExtensionVersionUpdate ¶

func ClusterExtensionVersionUpdate(ctx context.Context, version string) error

ClusterExtensionVersionUpdate patches the ClusterExtension's catalog version to the specified value.

func ClusterObjectSetHasAnnotationWithValue ¶ added in v1.9.0

func ClusterObjectSetHasAnnotationWithValue(ctx context.Context, revisionName, annotationKey string, annotationValue *godog.DocString) error

ClusterObjectSetHasAnnotationWithValue waits for the named ClusterObjectSet to have the specified annotation with the expected value. Polls with timeout.

func ClusterObjectSetHasLabelWithValue ¶ added in v1.9.0

func ClusterObjectSetHasLabelWithValue(ctx context.Context, revisionName, labelKey, labelValue string) error

ClusterObjectSetHasLabelWithValue waits for the named ClusterObjectSet to have the specified label with the expected value. Polls with timeout.

func ClusterObjectSetHasObservedPhase ¶ added in v1.9.0

func ClusterObjectSetHasObservedPhase(ctx context.Context, cosName, phaseName string) error

ClusterObjectSetHasObservedPhase waits for the named ClusterObjectSet to have an observedPhases entry matching the given phase name with a non-empty digest. Polls with timeout.

func ClusterObjectSetIsArchived ¶ added in v1.9.0

func ClusterObjectSetIsArchived(ctx context.Context, revisionName string) error

ClusterObjectSetIsArchived waits for the named ClusterObjectSet to have Progressing=False with reason Archived. Polls with timeout.

func ClusterObjectSetLifecycleUpdate ¶ added in v1.9.0

func ClusterObjectSetLifecycleUpdate(ctx context.Context, cosName, lifecycle string) error

ClusterObjectSetLifecycleUpdate patches the ClusterObjectSet's lifecycleState to the specified value.

func ClusterObjectSetObjectsNotFoundOrNotOwned ¶ added in v1.9.0

func ClusterObjectSetObjectsNotFoundOrNotOwned(ctx context.Context, revisionName string) error

ClusterObjectSetObjectsNotFoundOrNotOwned waits for all objects described in the named ClusterObjectSet's phases to either not exist on the cluster or not contain the revision in their ownerReferences. Polls with timeout.

func ClusterObjectSetPhaseObjectsManagedInSecrets ¶ added in v1.9.0

func ClusterObjectSetPhaseObjectsManagedInSecrets(ctx context.Context, revisionName string) error

ClusterObjectSetPhaseObjectsManagedInSecrets verifies that every object in every phase of the named ClusterObjectSet uses a ref (not an inline object). Polls with timeout.

func ClusterObjectSetReferredSecretsAreImmutable ¶ added in v1.9.0

func ClusterObjectSetReferredSecretsAreImmutable(ctx context.Context, revisionName string) error

ClusterObjectSetReferredSecretsAreImmutable verifies that all referred Secrets for the named ClusterObjectSet are immutable. Polls with timeout.

func ClusterObjectSetReferredSecretsContainLabels ¶ added in v1.9.0

func ClusterObjectSetReferredSecretsContainLabels(ctx context.Context, revisionName string, table *godog.Table) error

ClusterObjectSetReferredSecretsContainLabels verifies that all referred Secrets for the named ClusterObjectSet have the expected labels specified in the data table. Polls with timeout.

func ClusterObjectSetReferredSecretsExist ¶ added in v1.9.0

func ClusterObjectSetReferredSecretsExist(ctx context.Context, revisionName, namespace string) error

ClusterObjectSetReferredSecretsExist verifies that all Secrets referenced by the named ClusterObjectSet's phase objects exist in the given namespace. Polls with timeout.

func ClusterObjectSetReferredSecretsHaveType ¶ added in v1.9.0

func ClusterObjectSetReferredSecretsHaveType(ctx context.Context, revisionName, expectedType string) error

ClusterObjectSetReferredSecretsHaveType verifies that all referred Secrets for the named ClusterObjectSet have the specified Secret type.

func ClusterObjectSetReferredSecretsOwnedByObjectSet ¶ added in v1.9.0

func ClusterObjectSetReferredSecretsOwnedByObjectSet(ctx context.Context, revisionName string) error

ClusterObjectSetReferredSecretsOwnedByObjectSet verifies that all referred Secrets for the named ClusterObjectSet have an ownerReference pointing to the ClusterObjectSet with controller=true.

func ClusterObjectSetReportsConditionWithMessageFragment ¶ added in v1.9.0

func ClusterObjectSetReportsConditionWithMessageFragment(ctx context.Context, revisionName, conditionType, conditionStatus, conditionReason string, msgFragment *godog.DocString) error

ClusterObjectSetReportsConditionWithMessageFragment waits for the named ClusterObjectSet to have a condition matching type, status, reason, with a message containing the specified fragment. Polls with timeout.

func ClusterObjectSetReportsConditionWithMsg ¶ added in v1.9.0

func ClusterObjectSetReportsConditionWithMsg(ctx context.Context, revisionName, conditionType, conditionStatus, conditionReason string, msg *godog.DocString) error

ClusterObjectSetReportsConditionWithMsg waits for the named ClusterObjectSet to have a condition matching type, status, reason, and message. Polls with timeout.

func ClusterObjectSetReportsConditionWithoutMsg ¶ added in v1.9.0

func ClusterObjectSetReportsConditionWithoutMsg(ctx context.Context, revisionName, conditionType, conditionStatus, conditionReason string) error

ClusterObjectSetReportsConditionWithoutMsg waits for the named ClusterObjectSet to have a condition matching type, status, and reason. Polls with timeout.

func ComponentIsReadyToReconcile ¶ added in v1.9.0

func ComponentIsReadyToReconcile(ctx context.Context, component string) error

ComponentIsReadyToReconcile waits for the named component's deployment to be fully rolled out, then checks the leader election lease and stores the leader pod name in the scenario context.

func ConfigureDeploymentWithCustomTLSFull ¶ added in v1.9.0

func ConfigureDeploymentWithCustomTLSFull(ctx context.Context, component, version, ciphers, curves string) error

ConfigureDeploymentWithCustomTLSFull configures the component deployment with a custom TLS profile specifying version, cipher suite list, and curve list.

func ConfigureDeploymentWithCustomTLSVersion ¶ added in v1.9.0

func ConfigureDeploymentWithCustomTLSVersion(ctx context.Context, component, version string) error

ConfigureDeploymentWithCustomTLSVersion configures the component deployment with a custom TLS profile that only sets the minimum TLS version (no cipher or curve override).

func ConfigureDeploymentWithHTTPSProxy ¶ added in v1.9.0

func ConfigureDeploymentWithHTTPSProxy(ctx context.Context, component, proxyURL string) error

ConfigureDeploymentWithHTTPSProxy sets HTTPS_PROXY to a dead loopback address on the given deployment, proving that catalog fetches are blocked when the proxy is unreachable.

func CreateScenarioContext ¶

func CreateScenarioContext(ctx context.Context, sc *godog.Scenario) (context.Context, error)

func DeploymentHasReplicaSets ¶ added in v1.9.0

func DeploymentHasReplicaSets(ctx context.Context, deploymentName string, expectedCount int) error

DeploymentHasReplicaSets verifies that a deployment has the expected number of ReplicaSets and that at least one owned ReplicaSet is active with pods running.

func DeploymentPodTemplateHasAnnotation ¶ added in v1.9.0

func DeploymentPodTemplateHasAnnotation(ctx context.Context, deploymentName, annotationKey string) error

DeploymentPodTemplateHasAnnotation waits for the deployment's pod template to have the given annotation key. Uses JSON parsing to avoid JSONPath issues with dots in annotation keys. Polls with timeout.

func DeploymentRolloutIsComplete ¶ added in v1.9.0

func DeploymentRolloutIsComplete(ctx context.Context, deploymentName string) error

DeploymentRolloutIsComplete verifies that a deployment rollout has completed successfully. This ensures the new ReplicaSet is fully scaled up and the old one is scaled down.

func ImageRegistryIsAvailable ¶ added in v1.9.0

func ImageRegistryIsAvailable() error

ImageRegistryIsAvailable ensures the in-cluster image registry is deployed and ready. This is needed for scenarios that build and push per-scenario catalog images.

func LabelsAreAdded ¶ added in v1.9.0

func LabelsAreAdded(ctx context.Context, resourceName string, table *godog.Table) error

LabelsAreAdded adds labels from a data table to a resource using kubectl label. The table must have "key" and "value" columns. Only supports namespaced resources (always uses sc.namespace).

func LatestStableOLMReleaseIsInstalled ¶ added in v1.9.0

func LatestStableOLMReleaseIsInstalled(_ context.Context) error

LatestStableOLMReleaseIsInstalled downloads and executes the latest stable OLM release install script. Uses sync.Once to ensure the install only happens once across multiple scenarios.

func MarkDeploymentReadiness ¶ added in v1.9.0

func MarkDeploymentReadiness(ctx context.Context, deploymentName, state string) error

MarkDeploymentReadiness controls a deployment's readiness probe by removing or creating the readiness file in its pod.

func MetricsEndpointAcceptsConnectionUsingCurve ¶ added in v1.9.0

func MetricsEndpointAcceptsConnectionUsingCurve(ctx context.Context, component, curveName string) error

MetricsEndpointAcceptsConnectionUsingCurve verifies that the component's metrics endpoint accepts a connection from a client restricted to a single named curve.

func MetricsEndpointAcceptsTLS12ConnectionWithCurve ¶ added in v1.9.0

func MetricsEndpointAcceptsTLS12ConnectionWithCurve(ctx context.Context, component, cipherName, curveName string) error

MetricsEndpointAcceptsTLS12ConnectionWithCurve connects with TLS 1.2, a specific cipher, and a single curve, asserting the connection succeeds (curve is in server's preferences).

func MetricsEndpointAcceptsTLS13 ¶ added in v1.9.0

func MetricsEndpointAcceptsTLS13(ctx context.Context, component string) error

MetricsEndpointAcceptsTLS13 verifies that the component's metrics endpoint accepts connections negotiated at TLS 1.3.

func MetricsEndpointNegotiatesCipherIn ¶ added in v1.9.0

func MetricsEndpointNegotiatesCipherIn(ctx context.Context, component, cipherList string) error

MetricsEndpointNegotiatesCipherIn connects to the component's metrics endpoint, completes a TLS handshake, and asserts that the negotiated cipher suite is one of the comma-separated names in cipherList.

Note: Go's crypto/tls does not allow restricting TLS 1.3 cipher suites on either side of a connection; the suite is chosen by the server based on AES hardware availability (TLS_AES_128_GCM_SHA256 preferred with AES-NI, TLS_CHACHA20_POLY1305_SHA256 otherwise). This step therefore validates observed negotiation behaviour rather than server-side enforcement.

func MetricsEndpointNegotiatesTLS12Cipher ¶ added in v1.9.0

func MetricsEndpointNegotiatesTLS12Cipher(ctx context.Context, component, cipherName string) error

MetricsEndpointNegotiatesTLS12Cipher connects to the metrics endpoint, forces TLS 1.2, restricts the client to a single cipher, and asserts that cipher is what was negotiated.

func MetricsEndpointRejectsConnectionUsingOnlyCurve ¶ added in v1.9.0

func MetricsEndpointRejectsConnectionUsingOnlyCurve(ctx context.Context, component, curveName string) error

MetricsEndpointRejectsConnectionUsingOnlyCurve verifies that the component's metrics endpoint refuses a connection from a client whose only supported curve is not in the server's configured curve preferences.

func MetricsEndpointRejectsTLS12 ¶ added in v1.9.0

func MetricsEndpointRejectsTLS12(ctx context.Context, component string) error

MetricsEndpointRejectsTLS12 verifies that the component's metrics endpoint refuses connections from clients that advertise TLS 1.2 as their maximum supported version.

func MetricsEndpointRejectsTLS12ConnectionWithCipher ¶ added in v1.9.0

func MetricsEndpointRejectsTLS12ConnectionWithCipher(ctx context.Context, component, cipherName string) error

MetricsEndpointRejectsTLS12ConnectionWithCipher connects with TLS 1.2 and a single cipher that is NOT in the server's configured cipher list, expecting a handshake failure.

func MetricsEndpointRejectsTLS12ConnectionWithCurve ¶ added in v1.9.0

func MetricsEndpointRejectsTLS12ConnectionWithCurve(ctx context.Context, component, cipherName, curveName string) error

MetricsEndpointRejectsTLS12ConnectionWithCurve connects with TLS 1.2, a specific cipher, and a single curve that is NOT in the server's curve preferences, expecting failure.

func NewCatalogdLeaderIsElected ¶ added in v1.9.0

func NewCatalogdLeaderIsElected(ctx context.Context) error

NewCatalogdLeaderIsElected polls the catalogd leader election lease until the holder identity changes to a pod other than the deleted leader. It updates sc.leaderPods["catalogd"] with the new leader pod name.

func OLMIsUpgraded ¶ added in v1.9.0

func OLMIsUpgraded(ctx context.Context) error

OLMIsUpgraded applies the locally built OLM manifest to upgrade OLM. Uses sync.Once to ensure the upgrade only happens once across multiple scenarios.

func OLMisAvailable ¶

func OLMisAvailable(ctx context.Context) error

OLMisAvailable waits for the OLM operator-controller deployment to become available. Polls with timeout.

func OperatorTargetNamespace ¶

func OperatorTargetNamespace(ctx context.Context, operator, namespace string) error

OperatorTargetNamespace asserts that the operator deployment has the expected olm.targetNamespaces annotation.

func PrometheusMetricsAreReturned ¶

func PrometheusMetricsAreReturned(ctx context.Context) error

PrometheusMetricsAreReturned validates that each pod's stored metrics response is non-empty and parses as valid Prometheus text format.

func RecordingProxyReceivedCONNECTForCatalogd ¶ added in v1.9.0

func RecordingProxyReceivedCONNECTForCatalogd(ctx context.Context) error

RecordingProxyReceivedCONNECTForCatalogd polls until the recording proxy has received at least one CONNECT request whose target host contains "catalogd", or the polling timeout is reached.

Note: the recording proxy runs on the host and cannot route to in-cluster service addresses, so it responds with 502 Bad Gateway after recording the CONNECT. This is intentional — the step only verifies that operator-controller respected HTTPS_PROXY and sent the request through the proxy.

func RegisterHooks ¶

func RegisterHooks(sc *godog.ScenarioContext)

func RegisterSteps ¶

func RegisterSteps(sc *godog.ScenarioContext)

func ResourceApplyFails ¶

func ResourceApplyFails(ctx context.Context, errMsg string, yamlTemplate *godog.DocString) error

ResourceApplyFails waits for kubectl apply of the provided YAML to fail with the expected error message. Polls with timeout.

func ResourceAvailable ¶

func ResourceAvailable(ctx context.Context, resource string) error

ResourceAvailable waits for the specified resource (kind/name format) to exist in the test namespace. Polls with timeout.

func ResourceEventuallyNotFound ¶

func ResourceEventuallyNotFound(ctx context.Context, resource string) error

ResourceEventuallyNotFound waits for the specified resource to be fully deleted from the test namespace. Polls with timeout.

func ResourceHasAnnotations ¶ added in v1.9.0

func ResourceHasAnnotations(ctx context.Context, resourceName string, table *godog.Table) error

ResourceHasAnnotations waits for a resource to have all annotations specified in the data table. The table must have "key" and "value" columns. Only supports namespaced resources (always uses sc.namespace).

func ResourceHasLabels ¶ added in v1.9.0

func ResourceHasLabels(ctx context.Context, resourceName string, table *godog.Table) error

ResourceHasLabels waits for a resource to have all labels specified in the data table. The table must have "key" and "value" columns. Only supports namespaced resources (always uses sc.namespace).

func ResourceIsApplied ¶

func ResourceIsApplied(ctx context.Context, yamlTemplate *godog.DocString) error

ResourceIsApplied applies the provided YAML resource to the cluster and in case of ClusterExtension or ClusterObjectSet it captures its name in the test context so that it can be referred to in later steps with ${NAME} or ${COS_NAME}, respectively

func ResourceMatches ¶

func ResourceMatches(ctx context.Context, resource string, requiredContentTemplate *godog.DocString) error

ResourceMatches waits for the specified resource to match the expected content using JSON merge patch comparison. Polls with timeout.

func ResourceRemoved ¶

func ResourceRemoved(ctx context.Context, resource string) error

ResourceRemoved saves the resource state for potential restore checks, then deletes it from the test namespace.

func ResourceRestored ¶

func ResourceRestored(ctx context.Context, resource string) error

ResourceRestored waits for a previously removed resource to be re-created with matching spec or data. Polls with timeout.

func RolloutRestartIsPerformed ¶ added in v1.9.0

func RolloutRestartIsPerformed(ctx context.Context, resourceName string) error

RolloutRestartIsPerformed runs "kubectl rollout restart deployment/<name>". See: https://github.com/operator-framework/operator-lifecycle-manager/issues/3392

func ScenarioCatalogIsDeleted ¶ added in v1.9.0

func ScenarioCatalogIsDeleted(ctx context.Context, catalogUserName string) error

ScenarioCatalogIsDeleted deletes a named per-scenario ClusterCatalog and waits for it to be removed.

func ScenarioCatalogIsReconciled ¶ added in v1.9.0

func ScenarioCatalogIsReconciled(ctx context.Context, catalogUserName string) error

ScenarioCatalogIsReconciled waits for a named per-scenario ClusterCatalog to be reconciled by checking leader pod logs.

func ScenarioCatalogIsUpdatedToVersion ¶ added in v1.9.0

func ScenarioCatalogIsUpdatedToVersion(ctx context.Context, catalogUserName, version string) error

ScenarioCatalogIsUpdatedToVersion patches a named per-scenario ClusterCatalog's image ref to a new version tag.

func ScenarioCatalogReportsCondition ¶ added in v1.9.0

func ScenarioCatalogReportsCondition(ctx context.Context, catalogUserName, conditionType, conditionStatus, conditionReason string) error

ScenarioCatalogReportsCondition waits for a named per-scenario ClusterCatalog to have the specified condition.

func ScenarioCatalogTagImage ¶ added in v1.9.0

func ScenarioCatalogTagImage(ctx context.Context, catalogUserName, oldTag, newTag string) error

ScenarioCatalogTagImage tags an existing per-scenario catalog image with a new tag.

func ScenarioCleanup ¶

func ScenarioCleanup(ctx context.Context, _ *godog.Scenario, err error) (context.Context, error)

func SendMetricsRequest ¶

func SendMetricsRequest(ctx context.Context, serviceAccount string, endpoint string, controllerName string) error

SendMetricsRequest sets up port-forwarding to the controller's service pods and waits for the metrics endpoint to return a successful response. Stores the response body per pod in the scenario context. Polls with timeout.

func ServiceAccountIsAvailableInNamespace ¶

func ServiceAccountIsAvailableInNamespace(ctx context.Context, serviceAccount string) error

ServiceAccountIsAvailableInNamespace creates a ServiceAccount in the test namespace without RBAC permissions.

func ServiceAccountWithClusterAdminPermissionsIsAvailableInNamespace ¶

func ServiceAccountWithClusterAdminPermissionsIsAvailableInNamespace(ctx context.Context, serviceAccount string) error

ServiceAccountWithClusterAdminPermissionsIsAvailableInNamespace creates a ServiceAccount and applies cluster-admin RBAC.

func ServiceAccountWithFetchMetricsPermissions ¶

func ServiceAccountWithFetchMetricsPermissions(ctx context.Context, serviceAccount string, controllerName string) error

ServiceAccountWithFetchMetricsPermissions creates a ServiceAccount and applies metrics-reader RBAC for the specified controller.

func ServiceAccountWithNeededPermissionsIsAvailableInGivenNamespace ¶ added in v1.9.0

func ServiceAccountWithNeededPermissionsIsAvailableInGivenNamespace(ctx context.Context, serviceAccount string, ns string) error

ServiceAccountWithNeededPermissionsIsAvailableInGivenNamespace creates a ServiceAccount and enables creation of any cluster extension on behalf of this account.

func ServiceAccountWithNeededPermissionsIsAvailableInTestNamespace ¶ added in v1.9.0

func ServiceAccountWithNeededPermissionsIsAvailableInTestNamespace(ctx context.Context, serviceAccount string) error

ServiceAccountWithNeededPermissionsIsAvailableInTestNamespace creates a ServiceAccount and applies standard RBAC permissions. The RBAC template is selected based on the service account and BoxcutterRuntime feature gate: <service-account>-<helm|boxcutter>-rbac-template.yaml

func ServiceAccountWithoutCreatePermissionsIsAvailableInTestNamespace ¶ added in v1.9.0

func ServiceAccountWithoutCreatePermissionsIsAvailableInTestNamespace(ctx context.Context, serviceAccount string) error

ServiceAccountWithoutCreatePermissionsIsAvailableInTestNamespace creates a ServiceAccount with permissions that intentionally exclude the "create" verb to test preflight permission validation for Boxcutter applier. This is used to verify that the preflight check properly detects missing CREATE permissions. Note: This function requires both @BoxcutterRuntime and @PreflightPermissions tags.

func SetCRDFieldMinValue ¶

func SetCRDFieldMinValue(_ context.Context, resourceType, jsonPath string, minValue int) error

SetCRDFieldMinValue patches a CRD to set the minimum value for a field. jsonPath is in the format ".spec.fieldName" and gets converted to the CRD schema path.

func StartRecordingProxyAndConfigureDeployment ¶ added in v1.9.0

func StartRecordingProxyAndConfigureDeployment(ctx context.Context, component string) error

StartRecordingProxyAndConfigureDeployment starts an in-process HTTP CONNECT proxy reachable from the cluster via the container-runtime kind network gateway, then patches the component deployment to route HTTPS through it.

func TrackCurrentClusterExtensionForCleanup ¶ added in v1.9.0

func TrackCurrentClusterExtensionForCleanup(ctx context.Context) error

TrackCurrentClusterExtensionForCleanup saves the current ClusterExtension name in the cleanup list so it gets deleted at the end of the scenario. Call this before applying a second ClusterExtension in the same scenario, because ResourceIsApplied overwrites the tracked name.

func TriggerClusterExtensionReconciliation ¶ added in v1.9.0

func TriggerClusterExtensionReconciliation(ctx context.Context) error

TriggerClusterExtensionReconciliation patches the ClusterExtension spec to bump its metadata generation, forcing the controller to run a full reconciliation loop. Use with "ClusterExtension has been reconciled the latest generation" to confirm the controller processed the change before asserting on the cluster state.

We flip install.preflight.crdUpgradeSafety.enforcement between "None" and "Strict" because it is a real spec field that the API server will persist (unlike unknown fields, which are pruned by structural schemas). Toggling ensures that each call results in a spec change, reliably bumping .metadata.generation.

func TriggerClusterObjectSetReconciliation ¶ added in v1.9.0

func TriggerClusterObjectSetReconciliation(ctx context.Context, cosName string) error

TriggerClusterObjectSetReconciliation annotates the named ClusterObjectSet to trigger a new reconciliation cycle.