opendefensecloud / solution-arsenal / 26780227011
74%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 30
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 72.528% (+0.5%) from 72.073%
26780227011

push

github

web-flow 
feat: finish ReferenceGrants implementation (#541)

## What

Finish the ReferenceGrants feature started in #474.

Closes #490

## Why

PR #474 merged the `ReferenceGrant` CRD and a PoC implementation, but
left several gaps:

- The target controller had a bug where cross-namespace `ReleaseBinding`
resources (created by the Profile controller in the provider namespace
with `spec.targetNamespace` set) were never discovered — the controller
only listed bindings in the target's own namespace.
- No documentation existed for operators or users on how to create and
manage `ReferenceGrant`s.
- No ADR captured the decision.
- `RegistryBindingSpec` was missing the `TargetNamespace` field needed
for future cross-namespace support (blocked on ADR-010).
- Four correctness bugs were discovered and fixed during code review
(see Notes for reviewers → Review fixes below).

## Testing

- Unit/integration tests: `make test` — all passing
- `mapReleaseBindingToTarget` and `mapReleaseToTargets` mapper fixes
covered by existing reconciler tests
- E2e test extended: the cross-namespace Profile→Target scenario now
also verifies that a `RenderTask` is created for the matched target
(previously only verified the `ReleaseBinding` was created)
- Integration tests for the cross-namespace ReleaseBinding flow: happy
path (grant present → RenderTask created), negative path (no grant → no
RenderTask), deduplication (two overlapping grants → exactly one
RenderTask), and same-name Target collision (provider-ns Target with
identical name must not receive the cross-namespace binding)
- Unit test for `mapReferenceGrantToTargets` verifying the
ComponentVersion grant branch enqueues the correct (consumer) Target
namespace via a cross-namespace ReleaseBinding

## Notes for reviewers

- **Controller change:** `TargetReconciler.Reconcile` now calls
`collectCrossNamespaceReleaseBindings` after the same-namespace list.
This lists `ReferenceGrant`s in the target's namespace (already cached)
and fo... (continued)

90 of 116 new or added lines in 2 files covered. (77.59%)

19 existing lines in 2 files now uncovered.

2450 of 3378 relevant lines covered (72.53%)

33.73 hits per line

Uncovered Changes

Lines Coverage File
24
69.68
 0.62% pkg/controller/target_controller.go
2
73.96
 0.09% pkg/controller/helpers.go

Coverage Regressions

Lines Coverage File
17
69.68
 0.62% pkg/controller/target_controller.go
2
87.7
 0.91% pkg/controller/rendertask_controller.go
Jobs
ID Job ID Ran Files Coverage
1 26780227011.1 30
72.53
 GitHub Action Run
Source Files on build 26780227011