Skip to content

Commit 99209ab

Browse files
authored
ROSAENG-59417 | feat: expose CreateOCMRole to CAPA (#3262)
1 parent f9012c3 commit 99209ab

8 files changed

Lines changed: 1296 additions & 378 deletions

File tree

cmd/create/ocmrole/cmd.go

Lines changed: 42 additions & 258 deletions
Large diffs are not rendered by default.

cmd/create/ocmrole/cmd_test.go

Lines changed: 62 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -19,18 +19,56 @@ package ocmrole
1919
import (
2020
"fmt"
2121
"os"
22+
"testing"
2223

2324
"go.uber.org/mock/gomock"
2425

2526
. "github.com/onsi/ginkgo/v2"
2627
. "github.com/onsi/gomega"
2728
cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
2829

30+
internalocmrole "github.com/openshift/rosa/internal/ocmrole"
2931
"github.com/openshift/rosa/pkg/aws"
3032
"github.com/openshift/rosa/pkg/reporter"
3133
"github.com/openshift/rosa/pkg/rosa"
3234
)
3335

36+
func TestOCMRole(t *testing.T) {
37+
RegisterFailHandler(Fail)
38+
RunSpecs(t, "OCM Role suite")
39+
}
40+
41+
var _ = Describe("internalocmrole.RoleProfile constants", func() {
42+
It("Should have correct profile values", func() {
43+
Expect(internalocmrole.ProfileStandard).To(Equal(internalocmrole.RoleProfile("standard")))
44+
Expect(internalocmrole.ProfileAdmin).To(Equal(internalocmrole.RoleProfile("admin")))
45+
Expect(internalocmrole.ProfileNoConsole).To(Equal(internalocmrole.RoleProfile("no-console")))
46+
})
47+
})
48+
49+
var _ = Describe("internalocmrole.DetermineProfile", func() {
50+
It("should return internalocmrole.ProfileAdmin when isAdmin is true", func() {
51+
profile := internalocmrole.DetermineProfile(true, false)
52+
Expect(profile).To(Equal(internalocmrole.ProfileAdmin))
53+
})
54+
55+
It("should return internalocmrole.ProfileAdmin when both isAdmin and isNoConsole are true", func() {
56+
// Admin takes precedence
57+
profile := internalocmrole.DetermineProfile(true, true)
58+
Expect(profile).To(Equal(internalocmrole.ProfileAdmin))
59+
})
60+
61+
It("should return internalocmrole.ProfileNoConsole when isNoConsole is true and isAdmin is false", func() {
62+
profile := internalocmrole.DetermineProfile(false, true)
63+
Expect(profile).To(Equal(internalocmrole.ProfileNoConsole))
64+
})
65+
66+
It("should return internalocmrole.ProfileStandard when both are false", func() {
67+
profile := internalocmrole.DetermineProfile(false, false)
68+
Expect(profile).To(Equal(internalocmrole.ProfileStandard))
69+
})
70+
})
71+
3472
var _ = Describe("buildCommands", func() {
3573
var (
3674
creator *aws.Creator
@@ -76,7 +114,7 @@ var _ = Describe("buildCommands", func() {
76114
"",
77115
creator,
78116
"production",
79-
ProfileNoConsole,
117+
internalocmrole.ProfileNoConsole,
80118
true, // managedPolicies
81119
false,
82120
policies,
@@ -96,7 +134,7 @@ var _ = Describe("buildCommands", func() {
96134
"",
97135
creator,
98136
"production",
99-
ProfileNoConsole,
137+
internalocmrole.ProfileNoConsole,
100138
true, // managedPolicies
101139
false,
102140
policies,
@@ -115,7 +153,7 @@ var _ = Describe("buildCommands", func() {
115153
"",
116154
creator,
117155
"production",
118-
ProfileAdmin,
156+
internalocmrole.ProfileAdmin,
119157
true, // managedPolicies
120158
false,
121159
policies,
@@ -135,7 +173,7 @@ var _ = Describe("buildCommands", func() {
135173
"",
136174
creator,
137175
"production",
138-
ProfileAdmin,
176+
internalocmrole.ProfileAdmin,
139177
true, // managedPolicies
140178
false,
141179
policies,
@@ -154,7 +192,7 @@ var _ = Describe("buildCommands", func() {
154192
"",
155193
creator,
156194
"production",
157-
ProfileStandard,
195+
internalocmrole.ProfileStandard,
158196
true, // managedPolicies
159197
false,
160198
policies,
@@ -174,7 +212,7 @@ var _ = Describe("buildCommands", func() {
174212
"",
175213
creator,
176214
"production",
177-
ProfileNoConsole,
215+
internalocmrole.ProfileNoConsole,
178216
true, // managedPolicies
179217
false,
180218
policies,
@@ -252,7 +290,7 @@ var _ = Describe("generateOcmRolePolicyFiles", func() {
252290
})
253291

254292
It("should generate no-console permission policy file when profile is no-console", func() {
255-
err := generateOcmRolePolicyFiles(r, env, orgID, ProfileNoConsole, policies)
293+
err := generateOcmRolePolicyFiles(r, env, orgID, internalocmrole.ProfileNoConsole, policies)
256294
Expect(err).ToNot(HaveOccurred())
257295

258296
_, err = os.Stat("sts_ocm_no_console_permission_policy.json")
@@ -269,7 +307,7 @@ var _ = Describe("generateOcmRolePolicyFiles", func() {
269307
})
270308

271309
It("should generate standard permission policy file when profile is standard", func() {
272-
err := generateOcmRolePolicyFiles(r, env, orgID, ProfileStandard, policies)
310+
err := generateOcmRolePolicyFiles(r, env, orgID, internalocmrole.ProfileStandard, policies)
273311
Expect(err).ToNot(HaveOccurred())
274312

275313
_, err = os.Stat("sts_ocm_permission_policy.json")
@@ -286,7 +324,7 @@ var _ = Describe("generateOcmRolePolicyFiles", func() {
286324
})
287325

288326
It("should generate admin policy file when profile is admin", func() {
289-
err := generateOcmRolePolicyFiles(r, env, orgID, ProfileAdmin, policies)
327+
err := generateOcmRolePolicyFiles(r, env, orgID, internalocmrole.ProfileAdmin, policies)
290328
Expect(err).ToNot(HaveOccurred())
291329

292330
_, err = os.Stat("sts_ocm_admin_permission_policy.json")
@@ -303,7 +341,7 @@ var _ = Describe("generateOcmRolePolicyFiles", func() {
303341
})
304342

305343
It("should generate no-console files successfully when policy is available", func() {
306-
err := generateOcmRolePolicyFiles(r, env, orgID, ProfileNoConsole, policies)
344+
err := generateOcmRolePolicyFiles(r, env, orgID, internalocmrole.ProfileNoConsole, policies)
307345

308346
Expect(err).NotTo(HaveOccurred())
309347
// Verify no-console permission policy file was created
@@ -345,7 +383,7 @@ var _ = Describe("checkRoleExists", func() {
345383
mockClient.EXPECT().IsAdminRole(roleName).Return(false, nil)
346384
mockClient.EXPECT().IsNoConsoleRole(roleName).Return(false, nil)
347385

348-
arn, exists, err := checkRoleExists(r, roleName, ProfileStandard, "auto", "")
386+
arn, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileStandard, "auto", "")
349387

350388
Expect(err).NotTo(HaveOccurred())
351389
Expect(exists).To(BeTrue())
@@ -357,7 +395,7 @@ var _ = Describe("checkRoleExists", func() {
357395
mockClient.EXPECT().IsAdminRole(roleName).Return(true, nil)
358396
mockClient.EXPECT().IsNoConsoleRole(roleName).Return(false, nil)
359397

360-
_, exists, err := checkRoleExists(r, roleName, ProfileStandard, "auto", "")
398+
_, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileStandard, "auto", "")
361399

362400
Expect(err).To(HaveOccurred())
363401
Expect(exists).To(BeTrue())
@@ -369,7 +407,7 @@ var _ = Describe("checkRoleExists", func() {
369407
mockClient.EXPECT().IsAdminRole(roleName).Return(false, nil)
370408
mockClient.EXPECT().IsNoConsoleRole(roleName).Return(true, nil)
371409

372-
_, exists, err := checkRoleExists(r, roleName, ProfileStandard, "auto", "")
410+
_, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileStandard, "auto", "")
373411

374412
Expect(err).To(HaveOccurred())
375413
Expect(exists).To(BeTrue())
@@ -383,7 +421,7 @@ var _ = Describe("checkRoleExists", func() {
383421
mockClient.EXPECT().IsAdminRole(roleName).Return(true, nil)
384422
mockClient.EXPECT().IsNoConsoleRole(roleName).Return(false, nil)
385423

386-
arn, exists, err := checkRoleExists(r, roleName, ProfileAdmin, "auto", "")
424+
arn, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileAdmin, "auto", "")
387425

388426
Expect(err).NotTo(HaveOccurred())
389427
Expect(exists).To(BeTrue())
@@ -395,7 +433,7 @@ var _ = Describe("checkRoleExists", func() {
395433
mockClient.EXPECT().IsAdminRole(roleName).Return(false, nil)
396434
mockClient.EXPECT().IsNoConsoleRole(roleName).Return(true, nil)
397435

398-
_, exists, err := checkRoleExists(r, roleName, ProfileAdmin, "auto", "")
436+
_, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileAdmin, "auto", "")
399437

400438
Expect(err).To(HaveOccurred())
401439
Expect(exists).To(BeTrue())
@@ -415,7 +453,7 @@ var _ = Describe("checkRoleExists", func() {
415453
"arn:aws:iam::123456789012:policy/test-role-NoConsole-Policy",
416454
}, nil)
417455

418-
arn, exists, err := checkRoleExists(r, roleName, ProfileNoConsole, "auto", "")
456+
arn, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileNoConsole, "auto", "")
419457

420458
Expect(err).NotTo(HaveOccurred())
421459
Expect(exists).To(BeTrue())
@@ -427,7 +465,7 @@ var _ = Describe("checkRoleExists", func() {
427465
mockClient.EXPECT().IsAdminRole(roleName).Return(true, nil)
428466
mockClient.EXPECT().IsNoConsoleRole(roleName).Return(false, nil)
429467

430-
_, exists, err := checkRoleExists(r, roleName, ProfileNoConsole, "auto", "")
468+
_, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileNoConsole, "auto", "")
431469

432470
Expect(err).To(HaveOccurred())
433471
Expect(exists).To(BeTrue())
@@ -442,7 +480,7 @@ var _ = Describe("checkRoleExists", func() {
442480
"arn:aws:iam::123456789012:policy/ManagedOpenShift-OCM-Role-Policy",
443481
}, nil)
444482

445-
_, exists, err := checkRoleExists(r, roleName, ProfileNoConsole, "auto", "")
483+
_, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileNoConsole, "auto", "")
446484

447485
Expect(err).To(HaveOccurred())
448486
Expect(exists).To(BeTrue())
@@ -459,7 +497,7 @@ var _ = Describe("checkRoleExists", func() {
459497
}, nil)
460498
mockClient.EXPECT().AddRoleTag(roleName, "rosa_no_console_role", "true").Return(nil)
461499

462-
arn, exists, err := checkRoleExists(r, roleName, ProfileNoConsole, "auto", "")
500+
arn, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileNoConsole, "auto", "")
463501

464502
Expect(err).NotTo(HaveOccurred())
465503
Expect(exists).To(BeTrue())
@@ -477,7 +515,7 @@ var _ = Describe("checkRoleExists", func() {
477515
mockClient.EXPECT().AddRoleTag(roleName, "rosa_no_console_role", "true").Return(
478516
fmt.Errorf("tag operation failed"))
479517

480-
_, exists, err := checkRoleExists(r, roleName, ProfileNoConsole, "auto", "")
518+
_, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileNoConsole, "auto", "")
481519

482520
Expect(err).To(HaveOccurred())
483521
Expect(exists).To(BeTrue())
@@ -492,7 +530,7 @@ var _ = Describe("checkRoleExists", func() {
492530
"arn:aws:iam::123456789012:policy/test-role-Policy", // standard policy, not no-console
493531
}, nil)
494532

495-
_, exists, err := checkRoleExists(r, roleName, ProfileNoConsole, "auto", "")
533+
_, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileNoConsole, "auto", "")
496534

497535
Expect(err).To(HaveOccurred())
498536
Expect(exists).To(BeTrue())
@@ -512,7 +550,7 @@ var _ = Describe("checkRoleExists", func() {
512550
}, nil)
513551
mockClient.EXPECT().AddRoleTag(roleName, "rosa_admin_role", "true").Return(nil)
514552

515-
arn, exists, err := checkRoleExists(r, roleName, ProfileAdmin, "auto", "")
553+
arn, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileAdmin, "auto", "")
516554

517555
Expect(err).NotTo(HaveOccurred())
518556
Expect(exists).To(BeTrue())
@@ -531,7 +569,7 @@ var _ = Describe("checkRoleExists", func() {
531569
mockClient.EXPECT().AddRoleTag(roleName, "rosa_admin_role", "true").Return(
532570
fmt.Errorf("tag operation failed"))
533571

534-
_, exists, err := checkRoleExists(r, roleName, ProfileAdmin, "auto", "")
572+
_, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileAdmin, "auto", "")
535573

536574
Expect(err).To(HaveOccurred())
537575
Expect(exists).To(BeTrue())
@@ -549,7 +587,7 @@ var _ = Describe("checkRoleExists", func() {
549587
}, nil)
550588
mockClient.EXPECT().AddRoleTag(roleName, "rosa_no_console_role", "true").Return(nil)
551589

552-
arn, exists, err := checkRoleExists(r, roleName, ProfileNoConsole, "auto", customPath)
590+
arn, exists, err := checkRoleExists(r, roleName, internalocmrole.ProfileNoConsole, "auto", customPath)
553591

554592
Expect(err).NotTo(HaveOccurred())
555593
Expect(exists).To(BeTrue())

cmd/create/ocmrole/ocmrole.go

Lines changed: 0 additions & 36 deletions
This file was deleted.

cmd/create/ocmrole/ocmrole_test.go

Lines changed: 0 additions & 60 deletions
This file was deleted.

0 commit comments

Comments
 (0)