diff --git a/cmd/timoni/apply_test.go b/cmd/timoni/apply_test.go index 259d28fa..483db86a 100644 --- a/cmd/timoni/apply_test.go +++ b/cmd/timoni/apply_test.go @@ -405,13 +405,15 @@ func TestApply_GlobalResources(t *testing.T) { namespace, name, modPath, - ), strings.NewReader("values: ns: enabled: true")) + ), strings.NewReader("values: globals: enabled: true")) g.Expect(err).ToNot(HaveOccurred()) t.Log("\n", output) ns := nsObj.DeepCopy() err = envTestClient.Get(context.Background(), client.ObjectKeyFromObject(ns), ns) g.Expect(err).ToNot(HaveOccurred()) + + g.Expect(output).To(ContainSubstring(fmt.Sprintf("ClusterRole/%s-readonly", name))) }) t.Run("uninstalls instance", func(t *testing.T) { diff --git a/cmd/timoni/testdata/module/README.md b/cmd/timoni/testdata/module/README.md index 38ef13c6..59ddfb26 100644 --- a/cmd/timoni/testdata/module/README.md +++ b/cmd/timoni/testdata/module/README.md @@ -50,6 +50,6 @@ timoni -n module delete module | `client: image: pullPolicy:` | `string` | `"IfNotPresent"` | PullPolicy defines the pull policy for the image. By default, it is set to IfNotPresent. | | `server: enabled:` | `bool` | `true` | | | `domain:` | `string` | `"example.internal"` | | -| `ns: enabled:` | `bool` | `false` | | +| `globals: enabled:` | `bool` | `false` | | | `team:` | `string` | `"test"` | | diff --git a/cmd/timoni/testdata/module/templates/clusterrole.cue b/cmd/timoni/testdata/module/templates/clusterrole.cue new file mode 100644 index 00000000..cc1e8e47 --- /dev/null +++ b/cmd/timoni/testdata/module/templates/clusterrole.cue @@ -0,0 +1,21 @@ +package templates + +#ClusterRole: { + #config: #Config + apiVersion: "rbac.authorization.k8s.io/v1" + kind: "ClusterRole" + metadata: { + name: "\(#config.metadata.name)-readonly" + // This is for testing invalid namspace reference + namespace: "default" + } + rules: [{ + apiGroups: [""] + resources: ["*"] + verbs: [ + "get", + "list", + "watch", + ] + }] +} diff --git a/cmd/timoni/testdata/module/templates/config.cue b/cmd/timoni/testdata/module/templates/config.cue index bf06ca07..7a0be13a 100644 --- a/cmd/timoni/testdata/module/templates/config.cue +++ b/cmd/timoni/testdata/module/templates/config.cue @@ -42,7 +42,7 @@ import ( domain: *"example.internal" | string // +nodoc - ns: { + globals: { enabled: *false | bool } @@ -61,8 +61,10 @@ import ( "\(config.metadata.name)-server": #ServerConfig & {#config: config} } - if config.ns.enabled { + if config.globals.enabled { "\(config.metadata.name)-ns": #Namespace & {#config: config} + "\(config.metadata.name)-cr": #ClusterRole & {#config: config} + } } } diff --git a/internal/reconciler/reconciler.go b/internal/reconciler/reconciler.go index eb6da553..b16692ec 100644 --- a/internal/reconciler/reconciler.go +++ b/internal/reconciler/reconciler.go @@ -28,6 +28,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/cli-runtime/pkg/genericclioptions" + "sigs.k8s.io/controller-runtime/pkg/client/apiutil" apiv1 "github.com/stefanprodan/timoni/api/v1alpha1" "github.com/stefanprodan/timoni/internal/engine" @@ -103,6 +104,17 @@ func (r *Reconciler) Init(ctx context.Context, builder *engine.ModuleBuilder, bu r.instanceManager.Instance.Labels[apiv1.BundleNameLabelKey] = instance.Bundle } + for _, obj := range r.currentObjects { + // If the object is not namespaced, we need to remove the metadata.namespace field. + if obj.GetNamespace() != "" { + if namespaced, err := apiutil.IsObjectNamespaced(obj, + r.resourceManager.Client().Scheme(), + r.resourceManager.Client().RESTMapper()); err == nil && !namespaced { + obj.SetNamespace("") + } + } + } + if err := r.instanceManager.AddObjects(r.currentObjects); err != nil { return fmt.Errorf("adding objects to instance failed: %w", err) }