Get agent tentacle namespaces

Author: sathvikkumar-octo

cmd/main.go

@@ -205,8 +205,15 @@ func main() {
 		os.Exit(1)
 	}
 
+	// Discover target namespaces from octopus tentacle deployments
+	targetNamespaces, err := rules.DiscoverTargetNamespaces(mgr.GetClient())
+	if err != nil {
+		setupLog.Error(err, "unable to discover target namespaces")
+		os.Exit(1)
+	}
+
 	// Create the rules engine instance
-	engine := rules.NewInMemoryEngine()
+	engine := rules.NewInMemoryEngine(targetNamespaces)
 
 	if err := (&controller.WorkloadServiceAccountReconciler{
 		Client: mgr.GetClient(),

internal/rules/engine.go

@@ -29,17 +29,19 @@ type Engine interface {
 }
 
 type InMemoryEngine struct {
-	rules map[AgentName]map[Scope]ServiceAccountName
+	rules            map[AgentName]map[Scope]ServiceAccountName
+	targetNamespaces []string
 	// client kubernetes.Interface
 }
 
 func (s *Scope) IsEmpty() bool {
 	return s.Project == "" && s.Environment == "" && s.Tenant == "" && s.Step == "" && s.Space == ""
 }
 
-func NewInMemoryEngine() InMemoryEngine {
+func NewInMemoryEngine(targetNamespaces []string) InMemoryEngine {
 	return InMemoryEngine{
-		rules: make(map[AgentName]map[Scope]ServiceAccountName),
+		rules:            make(map[AgentName]map[Scope]ServiceAccountName),
+		targetNamespaces: targetNamespaces,
 	}
 }
 

internal/rules/namespace_discovery.go

@@ -0,0 +1,48 @@
+package rules
+
+import (
+	"context"
+
+	appsv1 "k8s.io/api/apps/v1"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+var discoveryLog = ctrl.Log.WithName("namespace_discovery")
+
+// DiscoverTargetNamespaces finds namespaces containing Octopus Tentacle deployments
+// these namespaces are used for creating the service accounts for use by pods deployed by Tentacle those namespaces
+func DiscoverTargetNamespaces(k8sClient client.Client) ([]string, error) {
+	ctx := context.Background()
+
+	var deployments appsv1.DeploymentList
+	err := k8sClient.List(ctx, &deployments, client.MatchingLabels{
+		"app.kubernetes.io/name": "octopus-agent",
+	})
+	if err != nil {
+		discoveryLog.Error(err, "Failed to list deployments with octopus agent label")
+		return nil, err
+	}
+
+	namespaceSet := make(map[string]struct{})
+	for _, deployment := range deployments.Items {
+		namespaceSet[deployment.Namespace] = struct{}{}
+	}
+
+	namespaces := make([]string, 0, len(namespaceSet))
+	for namespace := range namespaceSet {
+		namespaces = append(namespaces, namespace)
+	}
+
+	// Use default namespace as fallback for local testing if no tentacle deployments found
+	if len(namespaces) == 0 {
+		namespaces = []string{"default"}
+		discoveryLog.Info("No octopus tentacle deployments found, using default namespace as fallback")
+	} else {
+		discoveryLog.Info("Discovered target namespaces for service account creation",
+			"count", len(namespaces),
+			"namespaces", namespaces)
+	}
+
+	return namespaces, nil
+}

internal/rules/namespace_discovery_test.go

@@ -0,0 +1,84 @@
+package rules
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	appsv1 "k8s.io/api/apps/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+func TestDiscoverTargetNamespaces(t *testing.T) {
+	scheme := runtime.NewScheme()
+	assert.NoError(t, appsv1.AddToScheme(scheme))
+
+	tests := []struct {
+		name        string
+		deployments []appsv1.Deployment
+		expected    []string
+	}{
+		{
+			name:        "no deployments should return default namespace",
+			deployments: []appsv1.Deployment{},
+			expected:    []string{"default"},
+		},
+		{
+			name: "multiple deployments with duplicate namespace should return unique namespaces",
+			deployments: []appsv1.Deployment{
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "octopus-agent-1",
+						Namespace: "test-namespace",
+						Labels: map[string]string{
+							"app.kubernetes.io/name": "octopus-agent",
+						},
+					},
+				},
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "octopus-agent-2",
+						Namespace: "test-namespace", // duplicate namespace
+						Labels: map[string]string{
+							"app.kubernetes.io/name": "octopus-agent",
+						},
+					},
+				},
+				{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "octopus-agent-3",
+						Namespace: "octopus-system",
+						Labels: map[string]string{
+							"app.kubernetes.io/name": "octopus-agent",
+						},
+					},
+				},
+			},
+			expected: []string{"octopus-system", "test-namespace"}, // should be sorted and unique
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Create fake client with test deployments
+			var objects []client.Object
+			for i := range tt.deployments {
+				objects = append(objects, &tt.deployments[i])
+			}
+
+			fakeClient := fake.NewClientBuilder().
+				WithScheme(scheme).
+				WithObjects(objects...).
+				Build()
+
+			// Test the function
+			result, err := DiscoverTargetNamespaces(fakeClient)
+
+			// Assertions
+			assert.NoError(t, err)
+			assert.ElementsMatch(t, tt.expected, result)
+		})
+	}
+}