Merge branch 'kubesaw170_restart' of https://github.com/fbm3307/ksctl …

…into kubesaw170_restart

README.adoc

@@ -193,6 +193,35 @@ serviceAccounts:
       - ...
 ```
 
+===== ServiceAccount namespace location
+
+By default, all `ServiceAccounts` are created in default namespaces:
+
+* `kubesaw-admins-host` for the host cluster
+* `kubesaw-admins-meber` for the member cluster
+
+The default location can be changed in `kubesaw-admin.yaml` file:
+
+```yaml
+defaultServiceAccountsNamespace:
+  host: your-host-namespace
+  member: your-member-namespace
+```
+
+These two namespaces has to have different names.
+
+It's also possible to override the namespace location for a given `ServiceAccount`:
+
+```yaml
+serviceAccounts:
+- name: in-namespace-sa
+  namespace: specific-sa-namespace
+  host:
+    ...
+  member:
+    ...
+```
+
 ===== Generate ksctl.yaml files
 
 For each ServiceAccount defined in this section, the `ksctl generate cli-configs` generates a separate `ksctl.yaml` file with the corresponding cluster configuration and tokens. As an administrator of the clusters, run this command and distribute securely the generated `ksctl.yaml` files to other team members.
@@ -201,7 +230,7 @@ For each ServiceAccount defined in this section, the `ksctl generate cli-configs
 1. Run `make install`
 2. Create `kubesaw-admins.yaml` (as an example, check link:test-resources/dummy.openshiftapps.com/kubesaw-admins.yaml[kubesaw-admins.yaml])
 3. Run `ksctl generate admin-manifests --kubesaw-admins <path>/kubesaw-admins.yaml --out-dir <admin-manifests-out-dir-path>`
-4. Create resources from the `<admin-manifests-out-dir-path>` of the previous command. Please, note that you will need to create some namespaces manually (`oc create ns <namespace-name>`), such as `sandbox-sre-host`, `first-component`, `second-component`, `some-component`, `sandbox-sre-member`, and `crw`, for example.
+4. Create resources from the `<admin-manifests-out-dir-path>` of the previous command. Please, note that you will need to create some namespaces manually (`oc create ns <namespace-name>`), such as `host-sre-namespace`, `first-component`, `second-component`, `some-component`, `member-sre-namespace`, and `crw`, for example.
 - Run `oc apply -k <admin-manifests-out-dir-path>/host`
 - Run `oc apply -k <admin-manifests-out-dir-path>/member`
 - Run `oc apply -k <admin-manifests-out-dir-path>/member-3`

pkg/cmd/adm/adm.go

@@ -10,7 +10,7 @@ func NewAdmCmd() *cobra.Command {
 	admCommand := &cobra.Command{
 		Use:   "adm",
 		Short: "Administrative Commands",
-		Long:  `Actions for administering Dev Sandbox instance.`,
+		Long:  `Actions for administering a KubeSaw instance.`,
 	}
 	registerCommands(admCommand)
 

pkg/cmd/generate/admin-manifests.go

@@ -16,8 +16,8 @@ import (
 )
 
 type adminManifestsFlags struct {
-	kubeSawAdminsFile, outDir, hostRootDir, memberRootDir string
-	singleCluster                                         bool
+	kubeSawAdminsFile, outDir, hostRootDir, memberRootDir, idpName string
+	singleCluster                                                  bool
 }
 
 func NewAdminManifestsCmd() *cobra.Command {
@@ -39,6 +39,7 @@ ksctl generate admin-manifests ./path/to/kubesaw-stage.openshiftapps.com/kubesaw
 	command.Flags().BoolVarP(&f.singleCluster, "single-cluster", "s", false, "If host and member are deployed to the same cluster. Cannot be used with separateKustomizeComponent set in one of the members.")
 	command.Flags().StringVar(&f.hostRootDir, "host-root-dir", "host", "The root directory name for host manifests")
 	command.Flags().StringVar(&f.memberRootDir, "member-root-dir", "member", "The root directory name for member manifests")
+	command.Flags().StringVar(&f.idpName, "idp-name", "KubeSaw", "Identity provider name to be used in Identity CRs")
 
 	flags.MustMarkRequired(command, "kubesaw-admins")
 	flags.MustMarkRequired(command, "out-dir")

pkg/cmd/generate/admin-manifests_test.go

@@ -385,6 +385,7 @@ func newAdminManifestsFlags(adminManifestsFlagsOptions ...adminManifestsFlagsOpt
 	flags := adminManifestsFlags{
 		hostRootDir:   "host",
 		memberRootDir: "member",
+		idpName:       "KubeSaw",
 	}
 	for _, applyOption := range adminManifestsFlagsOptions {
 		applyOption(&flags)

pkg/cmd/generate/assertion_test.go

@@ -306,7 +306,10 @@ func (a *storageAssertionImpl) assertUser(name string) userAssertion {
 }
 
 func (a userAssertion) hasIdentity(ID string) userAssertion {
-	ins := commonidentity.NewIdentityNamingStandard(ID, "DevSandbox")
+	return a.hasIdentityWithIdentityStandard(commonidentity.NewIdentityNamingStandard(ID, "KubeSaw"))
+}
+
+func (a userAssertion) hasIdentityWithIdentityStandard(ins commonidentity.NamingStandard) userAssertion {
 	src := &userv1.Identity{}
 	ins.ApplyToIdentity(src)
 

pkg/cmd/generate/cluster.go

@@ -20,7 +20,7 @@ func ensureServiceAccounts(ctx *clusterContext, objsCache objectsCache) error {
 			continue
 		}
 
-		// by default, it should use the sandbox sre namespace. let's keep this empty (if the target namespace is not defined) so it is recognized in the ensureServiceAccount method based on the cluster type it is being applied in
+		// let's keep this empty (if the target namespace is not defined) so it is recognized in the ensureServiceAccount method based on the cluster type it is being applied in
 		saNamespace := ""
 		if sa.Namespace != "" {
 			saNamespace = sa.Namespace

pkg/cmd/generate/mock_test.go

@@ -59,6 +59,7 @@ func newAdminManifestsContext(t *testing.T, config *assets.KubeSawAdmins, files
 			outDir:        temp,
 			memberRootDir: "member",
 			hostRootDir:   "host",
+			idpName:       "KubeSaw",
 		},
 	}
 }

pkg/cmd/generate/permissions.go

@@ -190,7 +190,7 @@ func ensureUserIdentityAndGroups(IDs []string, groups []string) newSubjectFunc {
 		// Create identities and identity mappings
 		for _, id := range IDs {
 
-			ins := commonidentity.NewIdentityNamingStandard(id, "DevSandbox")
+			ins := commonidentity.NewIdentityNamingStandard(id, ctx.idpName)
 
 			// create identity
 			identity := &userv1.Identity{

pkg/cmd/generate/permissions_test.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"testing"
 
+	commonidentity "github.com/codeready-toolchain/toolchain-common/pkg/identity"
 	commontest "github.com/codeready-toolchain/toolchain-common/pkg/test"
 	"github.com/kubesaw/ksctl/pkg/assets"
 	"github.com/kubesaw/ksctl/pkg/client"
@@ -109,7 +110,7 @@ func TestEnsureServiceAccount(t *testing.T) {
 
 		// when
 		subject, err := ensureServiceAccount("openshift-customer-monitoring")(
-			ctx, cache, "john", "sandbox-sre-host", labels)
+			ctx, cache, "john", "default-ns-is-ignored", labels)
 
 		// then
 		require.NoError(t, err)
@@ -148,6 +149,26 @@ func TestEnsureUserAndIdentity(t *testing.T) {
 		assert.Empty(t, subject.Namespace)
 	})
 
+	t.Run("create user & identity with custom IdP", func(t *testing.T) {
+		// given
+		ctx := newFakeClusterContext(newAdminManifestsContextWithDefaultFiles(t, nil), configuration.Host)
+		ctx.idpName = "MyIdP"
+		cache := objectsCache{}
+
+		// when
+		subject, err := ensureUserIdentityAndGroups([]string{"12345", "abc:19944:FZZ"}, []string{})(ctx, cache, "john-crtadmin", commontest.HostOperatorNs, labels)
+
+		// then
+		require.NoError(t, err)
+		inObjectCache(t, ctx.outDir, "host", cache).
+			assertUser("john-crtadmin").
+			hasIdentityWithIdentityStandard(commonidentity.NewIdentityNamingStandard("12345", "MyIdP")).
+			hasIdentityWithIdentityStandard(commonidentity.NewIdentityNamingStandard("abc:19944:FZZ", "MyIdP"))
+		assert.Equal(t, "User", subject.Kind)
+		assert.Equal(t, "john-crtadmin", subject.Name)
+		assert.Empty(t, subject.Namespace)
+	})
+
 	t.Run("don't create any group", func(t *testing.T) {
 		// given
 		ctx := newFakeClusterContext(newAdminManifestsContextWithDefaultFiles(t, nil), configuration.Host)