From 66246bc55b80221a9100de34e2e788749f15561e Mon Sep 17 00:00:00 2001
From: Varsha B <vab@redhat.com>
Date: Wed, 15 Jan 2025 14:34:52 +0530
Subject: [PATCH] fix: Reconcile serviceAccount fields in redis deployment
 (#1635) (#1639)

* fix: Reconcile serviceAccount fields in redis deployment (#1635)

* fix redis SA updation issue

Signed-off-by: Varsha B <vab@redhat.com>

* fix CI test failure

Signed-off-by: Varsha B <vab@redhat.com>

---------

Signed-off-by: Varsha B <vab@redhat.com>

* Addressed review comment

Signed-off-by: Varsha B <vab@redhat.com>

---------

Signed-off-by: Varsha B <vab@redhat.com>
---
 controllers/argocd/deployment.go              |  5 ++
 controllers/argocd/deployment_test.go         | 59 +++++++++++++++++++
 .../03-remove-extraCommandArgs.yaml           |  2 +-
 3 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/controllers/argocd/deployment.go b/controllers/argocd/deployment.go
index 6d0897e5c..2ef47efb5 100644
--- a/controllers/argocd/deployment.go
+++ b/controllers/argocd/deployment.go
@@ -573,6 +573,11 @@ func (r *ReconcileArgoCD) reconcileRedisDeployment(cr *argoproj.ArgoCD, useTLS b
 			changed = true
 		}
 
+		if !reflect.DeepEqual(deploy.Spec.Template.Spec.ServiceAccountName, existing.Spec.Template.Spec.ServiceAccountName) {
+			existing.Spec.Template.Spec.ServiceAccountName = deploy.Spec.Template.Spec.ServiceAccountName
+			changed = true
+		}
+
 		if changed {
 			return r.Client.Update(context.TODO(), existing)
 		}
diff --git a/controllers/argocd/deployment_test.go b/controllers/argocd/deployment_test.go
index 83122d71f..73614ed44 100644
--- a/controllers/argocd/deployment_test.go
+++ b/controllers/argocd/deployment_test.go
@@ -1833,6 +1833,65 @@ func TestReconcileArgoCD_reconcileRedisDeployment_with_error(t *testing.T) {
 	assert.Error(t, r.reconcileRedisDeployment(cr, false), "this is a test error")
 }
 
+func TestReconcileRedisDeployment_serviceAccountNameUpdate(t *testing.T) {
+	// tests SA update for redis deployment
+
+	tests := []struct {
+		name       string
+		SA         string
+		expectedSA string
+	}{
+		{
+			name:       "serviceAccountName field should reflect the original value",
+			SA:         "argocd-argocd-redis",
+			expectedSA: "argocd-argocd-redis",
+		},
+		{
+			name:       "serviceAccountName field should be reset to the original value with an existing SA modification",
+			SA:         "builder",
+			expectedSA: "argocd-argocd-redis",
+		},
+		{
+			name:       "serviceAccountName field should be reset to the original value with a non-existing SA modification",
+			SA:         "argocd-argocd-redis-new",
+			expectedSA: "argocd-argocd-redis",
+		},
+		{
+			name:       "serviceAccountName field should be reset to the original value and not left empty",
+			SA:         "",
+			expectedSA: "argocd-argocd-redis",
+		},
+	}
+
+	cr := makeTestArgoCD()
+
+	resObjs := []client.Object{cr}
+	subresObjs := []client.Object{cr}
+	runtimeObjs := []runtime.Object{}
+	sch := makeTestReconcilerScheme(argoproj.AddToScheme)
+	cl := makeTestReconcilerClient(sch, resObjs, subresObjs, runtimeObjs)
+	r := makeTestReconciler(cl, sch)
+
+	// Verify redis deployment
+	assert.NoError(t, r.reconcileRedisDeployment(cr, false))
+
+	// Verify SA update
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			existing := &appsv1.Deployment{}
+			assert.NoError(t, r.Client.Get(context.TODO(), types.NamespacedName{Name: cr.Name + "-redis", Namespace: cr.Namespace}, existing))
+
+			existing.Spec.Template.Spec.ServiceAccountName = test.SA
+			assert.NoError(t, cl.Update(context.TODO(), existing))
+			assert.NoError(t, r.reconcileRedisDeployment(cr, false))
+
+			newRedis := &appsv1.Deployment{}
+			assert.NoError(t, r.Client.Get(context.TODO(), types.NamespacedName{Name: cr.Name + "-redis", Namespace: cr.Namespace}, newRedis))
+			assert.Equal(t, newRedis.Spec.Template.Spec.ServiceAccountName, test.expectedSA)
+		})
+	}
+}
+
 func operationProcessors(n int32) argoCDOpt {
 	return func(a *argoproj.ArgoCD) {
 		a.Spec.Controller.Processors.Operation = n
diff --git a/tests/k8s/1-038_validate_controller_extra_command_args/03-remove-extraCommandArgs.yaml b/tests/k8s/1-038_validate_controller_extra_command_args/03-remove-extraCommandArgs.yaml
index c2e73a858..41ced38ad 100644
--- a/tests/k8s/1-038_validate_controller_extra_command_args/03-remove-extraCommandArgs.yaml
+++ b/tests/k8s/1-038_validate_controller_extra_command_args/03-remove-extraCommandArgs.yaml
@@ -2,4 +2,4 @@ apiVersion: kuttl.dev/v1beta1
 kind: TestStep
 commands:
 - script: |
-    oc patch -n test-1-38-controller-extra-command argocds/example-argocd --type=json --patch '[{"op": "remove", "path": "/spec/controller/extraCommandArgs"}]'
\ No newline at end of file
+    kubectl patch -n test-1-38-controller-extra-command argocds/example-argocd --type=json --patch '[{"op": "remove", "path": "/spec/controller/extraCommandArgs"}]'
\ No newline at end of file