refactor(operator): introduce ClusterUser to make actor-vs-SUT boundary explicit#83
Open
SamBarker wants to merge 5 commits intorefactor/operator-it-shared-resourcesfrom
Open
Conversation
ClusterUser wraps a KubernetesClient scoped to a specific namespace and exposes create, get, replace, delete and resources. It is deliberately separate from the operator extension (the SUT) so test code can clearly distinguish user-side actions from operator reactions. patchStatus is intentionally absent — that requires /status subresource RBAC that a regular cluster user does not hold. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk>
Adds userClient() to LocallyRunningOperatorRbacHandler to expose the admin-backed KubernetesClient used for user-level interactions, then wires it into clusterUser() on the extension. Tests can now obtain a ClusterUser — the explicit actor in integration tests — without going through the testActor internal interface. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk>
Replace direct operator.create/get/replace/delete/resources calls with clusterUser.create/get/replace/delete/resources to make the actor-vs-SUT boundary explicit: ClusterUser represents a Kubernetes user interacting with the cluster; the operator is the system under test reacting to those user actions. AllReconcilersIT also updates its parameterized-test lambda signatures from Function<LocalKroxyliciousOperatorExtension, T> to Function<ClusterUser, T> since those lambdas represent user setup actions (creating Secrets, CMs, etc.) rather than operator behaviour. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk>
… ClusterUser Same pattern as the previous commit: route create/get/replace/delete/resources through ClusterUser to make the actor-vs-SUT boundary explicit. patchStatus remains on the extension — it represents test infrastructure simulating another system updating status subresources, not a user action. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk>
create, get, replace, delete, and resources were all delegating to the internal testActor. Now that all ITs use clusterUser() for user-side operations, these delegation methods are dead code. patchStatus remains — it represents test infrastructure, not a user action. Also fixes missed operator.delete() calls in four ITs from the previous migration commit. Assisted-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Sam Barker <sam@quadrocket.co.uk>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of change
Description
Introduces
ClusterUser— a thin wrapper around aKubernetesClientscoped to the test namespace — to give integration tests an explicit, named object representing the actor (a regular Kubernetes user), distinct from the operator (the system under test).Previously,
LocalKroxyliciousOperatorExtensionexposedcreate,get,replace,delete, andresourcesmethods that silently delegated to an internalTestActor. This made test code look like the operator itself was creating resources, obscuring the actor/SUT boundary.Changes:
ClusterUser: new class withcreate,get,replace,delete,resources— backed by the admin Kubernetes client scoped to the test namespaceLocallyRunningOperatorRbacHandler.userClient(): exposes the lazily-created admin client for constructing aClusterUserLocalKroxyliciousOperatorExtension.clusterUser(): returns aClusterUserscoped to the test namespace; must be called afterbeforeAllReconcilerITfiles migrated to obtain aClusterUserviaoperator.clusterUser()and route resource operations through itLocalKroxyliciousOperatorExtension.create/get/replace/delete/resourcesremoved — they are now dead codepatchStatusremains on the extension: it represents test infrastructure simulating another system updating status subresources, not a user actionAllReconcilersITalso updates its parameterised-test lambdas fromFunction<LocalKroxyliciousOperatorExtension, T>toFunction<ClusterUser, T>since those lambdas create user-side resources (Secrets, ConfigMaps).Additional Context
This is a follow-on to
refactor/operator-it-shared-resources(the base branch). TheClusterUsername was chosen deliberately — it communicates a Kubernetes user perspective without overloading the term "user". A futureclusterUser(ClusterRole)overload could enable RBAC-persona testing (platform team vs. app team) when needed.Checklist