private async Task CreateNameSpace(
NamespaceName namespaceName,
ContextAccountCreatedDomainEvent domainEvent
)
{
var labels = new List <Label>
{
Label.CreateSafely("capability-id", domainEvent.Payload.CapabilityId.ToString()),
Label.CreateSafely("capability-name", domainEvent.Payload.CapabilityName),
Label.CreateSafely("context-id", domainEvent.Payload.ContextId.ToString()),
Label.CreateSafely("context-name", domainEvent.Payload.ContextName)
};
try
{
await _namespaceRepository.CreateNamespaceAsync(namespaceName, labels);
}
catch (NamespaceAlreadyExistException)
{
// TODO Should we assert labels exist?
_logger.LogInformation($"Not creating namespace {namespaceName} as it already exist in kubernetes");
}
await _namespaceRepository.AddAnnotations(namespaceName, new Dictionary <string, string>
{
{
"iam.amazonaws.com/permitted",
IAM.ConstructRoleArn(domainEvent.Payload.AccountId, ".*")
},
{
"dfds-aws-account-id",
domainEvent.Payload.AccountId
}
});
}
public async Task CreateNamespaceAsync(string namespaceName, string accountId)
{
var ns = new V1Namespace
{
Metadata = new V1ObjectMeta
{
Name = namespaceName,
Annotations = new Dictionary <string, string> {
{ "iam.amazonaws.com/permitted", IAM.ConstructRoleArn(accountId, ".*") }
}
}
};
await CreateNamespaceAsync(ns);
}
public async Task HandleAsync_Will_Use_Event_Payload_Correctly()
{
// Arrange
var configMapServiceSpy = new ConfigMapServiceSpy();
var namespaceRepositorySpy = new NamespaceRepositorySpy();
var roleRepositorySpy = new RoleRepositorySpy();
var roleBindingRepositorySpy = new RoleBindingRepositorySpy();
var k8sApplicationService = new StubK8sApplicationService();
var logger = new LoggerFactory().CreateLogger <ContextAccountCreatedDomainEventHandler>();
var sut = new ContextAccountCreatedDomainEventHandler(
configMapServiceSpy,
namespaceRepositorySpy,
roleRepositorySpy,
roleBindingRepositorySpy,
k8sApplicationService,
logger
);
var @event = new ContextAccountCreatedDomainEventBuilder().Build();
// Act
await sut.HandleAsync(@event);
// Assert
Assert.NotEmpty(configMapServiceSpy.Roles.Single().Key);
Assert.NotEmpty(configMapServiceSpy.Roles.Single().Value);
var @namespace = namespaceRepositorySpy.Namespaces.Single();
var namespaceName = @namespace.NamespaceName;
Assert.NotNull(namespaceName);
Assert.Equal(@event.Payload.CapabilityRootId, namespaceName);
Assert.Equal(IAM.ConstructRoleArn(@event.Payload.AccountId, ".*"), @namespace.Annotations["iam.amazonaws.com/permitted"]);
Assert.Equal(namespaceName, roleRepositorySpy.Namespaces.Single());
Assert.Equal(namespaceName, roleBindingRepositorySpy.NamespaceRoleToGroupBindings.Single().Item1);
Assert.Equal(namespaceName + "-full-access-role",
roleBindingRepositorySpy.NamespaceRoleToGroupBindings.Single().Item2);
Assert.Equal(namespaceName, roleBindingRepositorySpy.NamespaceRoleToGroupBindings.Single().Item3);
}