codeready-toolchain · mmulholla · Oct 29, 2023 · Nov 13, 2023
@@ -48,6 +48,12 @@ spec:
           spec:
             description: SpaceRequestSpec defines the desired state of Space
             properties:
+              disableInheritance:
+                description: "DisableInheritance indicates whether or not SpaceBindings
+                  from the parent-spaces are automatically inherited to all sub-spaces
+                  in the tree. \n Set to True to disable SpaceBinding inheritance
+                  from the parent-spaces. Default is False."
+                type: boolean
               targetClusterRoles:
                 description: TargetClusterRoles one or more label keys that define
                   a set of clusters where the Space can be provisioned. The target

@@ -48,6 +48,12 @@ spec:
           spec:
             description: SpaceSpec defines the desired state of Space
             properties:
+              disableInheritance:
+                description: "DisableInheritance indicates whether or not SpaceBindings
+                  from the parent-spaces are automatically inherited to all sub-spaces
+                  in the tree. \n Set to True to disable SpaceBinding inheritance
+                  from the parent-spaces. Default is False."
+                type: boolean
               parentSpace:
                 description: "ParentSpace holds the name of the context (Space) from
                   which this space was created (requested), enabling hierarchy relationships

@@ -619,6 +619,18 @@ spec:
                             description: Defines the flag that determines whether
                               to deploy the Webhook
                             type: boolean
+                          secret:
+                            description: Defines all secrets related to webhook configuration
+                            properties:
+                              ref:
+                                description: Reference is the name of the secret resource
+                                  to look up
+                                type: string
+                              virtualMachineAccessKey:
+                                description: The key in the secret values map that
+                                  contains a comma-separated list of SSH keys
+                                type: string
+                            type: object
                         type: object
                     type: object
                   specificPerMemberCluster:
@@ -759,6 +771,19 @@ spec:
                               description: Defines the flag that determines whether
                                 to deploy the Webhook
                               type: boolean
+                            secret:
+                              description: Defines all secrets related to webhook
+                                configuration
+                              properties:
+                                ref:
+                                  description: Reference is the name of the secret
+                                    resource to look up
+                                  type: string
+                                virtualMachineAccessKey:
+                                  description: The key in the secret values map that
+                                    contains a comma-separated list of SSH keys
+                                  type: string
+                              type: object
                           type: object
                       type: object
                     description: A map of cluster-specific member operator configurations

@@ -42,7 +42,8 @@ func TestCreateSpaceRequest(t *testing.T) {
 	t.Run("success", func(t *testing.T) {
 		sr := spacerequesttest.NewSpaceRequest("jane", srNamespace.GetName(),
 			spacerequesttest.WithTierName("appstudio"),
-			spacerequesttest.WithTargetClusterRoles(srClusterRoles))
+			spacerequesttest.WithTargetClusterRoles(srClusterRoles),
+			spacerequesttest.WithDisableInheritance(false))
 
 		t.Run("subSpace doesn't exists it should be created", func(t *testing.T) {
 			// given
@@ -59,12 +60,44 @@ func TestCreateSpaceRequest(t *testing.T) {
 			spacerequesttest.AssertThatSpaceRequest(t, srNamespace.Name, sr.GetName(), member1.Client).
 				HasSpecTargetClusterRoles(srClusterRoles).
 				HasSpecTierName("appstudio").
+				HasDisableInheritance(false).
 				HasConditions(spacetest.Provisioning()).
 				HasFinalizer()
 			// there should be 1 subSpace that was created from the spacerequest
 			spacetest.AssertThatSubSpace(t, hostClient, sr, parentSpace).
 				HasTier("appstudio").
-				HasSpecTargetClusterRoles(srClusterRoles)
+				HasSpecTargetClusterRoles(srClusterRoles).
+				HasDisableInheritance(false)
+		})
+
+		t.Run("subSpace created with disableInheritance", func(t *testing.T) {
+			sr := spacerequesttest.NewSpaceRequest("jane", srNamespace.GetName(),
+				spacerequesttest.WithTierName("appstudio"),
+				spacerequesttest.WithTargetClusterRoles(srClusterRoles),
+				spacerequesttest.WithDisableInheritance(true))
+
+			// given
+			member1 := NewMemberClusterWithClient(test.NewFakeClient(t, sr, srNamespace), "member-1", corev1.ConditionTrue)
+			hostClient := test.NewFakeClient(t, appstudioTier, parentSpace)
+			ctrl := newReconciler(t, hostClient, member1)
+
+			// when
+			_, err = ctrl.Reconcile(context.TODO(), requestFor(sr))
+
+			// then
+			require.NoError(t, err)
+			// spacerequest exists with expected cluster roles and finalizer
+			spacerequesttest.AssertThatSpaceRequest(t, srNamespace.Name, sr.GetName(), member1.Client).
+				HasSpecTargetClusterRoles(srClusterRoles).
+				HasSpecTierName("appstudio").
+				HasDisableInheritance(true).
+				HasConditions(spacetest.Provisioning()).
+				HasFinalizer()
+			// there should be 1 subSpace that was created from the spacerequest
+			spacetest.AssertThatSubSpace(t, hostClient, sr, parentSpace).
+				HasTier("appstudio").
+				HasSpecTargetClusterRoles(srClusterRoles).
+				HasDisableInheritance(true)
 		})
 
 		t.Run("subSpace exists but is not ready yet", func(t *testing.T) {

@@ -19,7 +19,7 @@ func TestNewSpaceBinding(t *testing.T) {
 	// given
 	userSignup := commonsignup.NewUserSignup()
 	nsTemplateTier := tiertest.NewNSTemplateTier("advanced", "dev", "stage", "extra")
-	space := NewSpace(userSignup, test.MemberClusterName, "smith", nsTemplateTier.Name)
+	space := NewSpace(userSignup, test.MemberClusterName, "smith", nsTemplateTier.Name, false)
 	mur := newMasterUserRecord(userSignup, test.MemberClusterName, "deactivate90", "johny")
 
 	// when

@@ -693,7 +693,7 @@ func (r *Reconciler) ensureSpace(
 	}
 	tCluster := targetCluster(mur.Spec.UserAccounts[0].TargetCluster)
 
-	space = spaceutil.NewSpace(userSignup, tCluster.getClusterName(), mur.Name, spaceTier.Name)
+	space = spaceutil.NewSpace(userSignup, tCluster.getClusterName(), mur.Name, spaceTier.Name, false)
 
 	err = r.Client.Create(ctx, space)
 	if err != nil {

@@ -1584,7 +1584,7 @@ func TestUserSignupMUROrSpaceOrSpaceBindingCreateFails(t *testing.T) {
 			mur := newMasterUserRecord(userSignup, "member1", deactivate30Tier.Name, "foo")
 			mur.Labels = map[string]string{toolchainv1alpha1.MasterUserRecordOwnerLabelKey: userSignup.Name}
 
-			space := NewSpace(userSignup, "member1", "foo", "base")
+			space := NewSpace(userSignup, "member1", "foo", "base", false)
 
 			ready := NewGetMemberClusters(NewMemberClusterWithTenantRole(t, "member1", corev1.ConditionTrue))
 			initObjs := []runtime.Object{userSignup, baseNSTemplateTier, deactivate30Tier}
@@ -1868,7 +1868,7 @@ func TestUserSignupWithExistingMUROK(t *testing.T) {
 		},
 	}
 
-	space := NewSpace(userSignup, "member1", "foo", "base")
+	space := NewSpace(userSignup, "member1", "foo", "base", false)
 
 	spacebinding := spacebindingtest.NewSpaceBinding("foo", "foo", "admin", userSignup.Name)
 

@@ -1,8 +1,8 @@
 from: base
 parameters:
 - name: MEMORY_LIMIT
-  value: "16Gi"
+  value: "32Gi"
 - name: MEMORY_REQUEST
-  value: "16Gi"
+  value: "32Gi"
 - name: IDLER_TIMEOUT_SECONDS
   value: 0
@@ -10,13 +10,13 @@ objects:
   spec:
     quota:
       hard:
-        limits.cpu: 20000m
+        limits.cpu: 40000m
         limits.memory: ${MEMORY_LIMIT}
-        limits.ephemeral-storage: 7Gi
-        requests.cpu: 1750m
+        limits.ephemeral-storage: 15Gi
+        requests.cpu: 6000m
         requests.memory: ${MEMORY_REQUEST}
         requests.storage: 40Gi
-        requests.ephemeral-storage: 7Gi
+        requests.ephemeral-storage: 15Gi
         count/persistentvolumeclaims: "5"
     selector:
       annotations: null
@@ -153,6 +153,6 @@ parameters:
   # 12 hours
   value: "43200"
 - name: MEMORY_LIMIT
-  value: "7Gi"
+  value: "28Gi"
 - name: MEMORY_REQUEST
-  value: "7Gi"
+  value: "28Gi"
@@ -72,7 +72,7 @@ objects:
     - type: "Container"
       default:
         cpu: 1000m
-        memory: 750Mi
+        memory: 1024Mi
       defaultRequest:
         cpu: 10m
         memory: 64Mi

@@ -72,7 +72,7 @@ objects:
     - type: "Container"
       default:
         cpu: 1000m
-        memory: 750Mi
+        memory: 1024Mi
       defaultRequest:
         cpu: 10m
         memory: 64Mi

@@ -1,6 +1,6 @@
 from: base
 parameters:
 - name: MEMORY_LIMIT
-  value: "16Gi"
+  value: "32Gi"
 - name: MEMORY_REQUEST
-  value: "16Gi"
+  value: "32Gi"
@@ -7,7 +7,7 @@
 )
 
 // NewSpace creates a space CR for a UserSignup object.
-func NewSpace(userSignup *toolchainv1alpha1.UserSignup, targetClusterName string, compliantUserName, tier string) *toolchainv1alpha1.Space {
+func NewSpace(userSignup *toolchainv1alpha1.UserSignup, targetClusterName string, compliantUserName, tier string, disableInheritance bool) *toolchainv1alpha1.Space {
 	labels := map[string]string{
 		toolchainv1alpha1.SpaceCreatorLabelKey: userSignup.Name,
 	}
@@ -22,6 +22,7 @@
 			TargetCluster:      targetClusterName,
 			TargetClusterRoles: []string{cluster.RoleLabel(cluster.Tenant)}, // by default usersignups should be provisioned to tenant clusters
 			TierName:           tier,
+			DisableInheritance: disableInheritance,
 		},
 	}
 	return space
@@ -45,6 +46,7 @@
 			TargetClusterRoles: spaceRequest.Spec.TargetClusterRoles,
 			TierName:           spaceRequest.Spec.TierName,
 			ParentSpace:        parentSpace.GetName(),
+			DisableInheritance: spaceRequest.Spec.DisableInheritance,
 		},
 	}
 

@@ -20,7 +20,7 @@ func TestNewSpace(t *testing.T) {
 	userSignup := commonsignup.NewUserSignup()
 
 	// when
-	space := NewSpace(userSignup, test.MemberClusterName, "johny", "advanced")
+	space := NewSpace(userSignup, test.MemberClusterName, "johny", "advanced", false)
 
 	// then
 	expectedSpace := spacetest.NewSpace(test.HostOperatorNs, "johny",

@@ -1,4 +1,4 @@
 package spacerequest

 import (
 	"fmt"
@@ -39,6 +39,12 @@
 	}
 }
 
+func WithDisableInheritance(disableInheritance bool) Option {
+	return func(spaceRequest *toolchainv1alpha1.SpaceRequest) {
+		spaceRequest.Spec.DisableInheritance = disableInheritance
+	}
+}
+
 func WithDeletionTimestamp() Option {
 	return func(spaceRequest *toolchainv1alpha1.SpaceRequest) {
 		now := metav1.NewTime(time.Now())

@@ -119,6 +119,13 @@
 	return a
 }
 
+func (a *Assertion) HasDisableInheritance(disableInheritance bool) *Assertion {
+	err := a.loadResource()
+	require.NoError(a.t, err)
+	assert.Equal(a.t, disableInheritance, a.spaceRequest.Spec.DisableInheritance)
+	return a
+}
+
 func (a *Assertion) HasTargetClusterURL(targetCluster string) *Assertion {
 	err := a.loadResource()
 	require.NoError(a.t, err)