Add test for tenantUpdateEncryption (#2611)
This commit is contained in:
Javier Adriel
GitHub
2
.github/workflows/jobs.yaml
vendored
2
.github/workflows/jobs.yaml
vendored
@@ -1539,7 +1539,7 @@ jobs:
|
||||
go tool cover -func=all.out | grep total > tmp2
|
||||
result=`cat tmp2 | awk 'END {print $3}'`
|
||||
result=${result%\%}
|
||||
threshold=67.7
|
||||
threshold=68.5
|
||||
echo "Result:"
|
||||
echo "$result%"
|
||||
if (( $(echo "$result >= $threshold" |bc -l) )); then
|
||||
|
||||
@@ -666,15 +666,8 @@ func (suite *TenantTestSuite) TestUpdateTenantSecurityWithoutError() {
|
||||
opClientTenantUpdateMock = func(ctx context.Context, tenant *miniov2.Tenant, opts metav1.UpdateOptions) (*miniov2.Tenant, error) {
|
||||
return &miniov2.Tenant{}, nil
|
||||
}
|
||||
runAsUser := "1000"
|
||||
runAsGroup := "1000"
|
||||
fsGroup := "1000"
|
||||
params, _ := suite.initUpdateTenantSecurityRequest()
|
||||
params.Body.SecurityContext = &models.SecurityContext{
|
||||
RunAsUser: &runAsUser,
|
||||
RunAsGroup: &runAsGroup,
|
||||
FsGroup: fsGroup,
|
||||
}
|
||||
params.Body.SecurityContext = suite.createMockModelsSecurityContext()
|
||||
err := updateTenantSecurity(ctx, suite.opClient, suite.k8sclient, "mock-namespace", params)
|
||||
suite.assert.Nil(err)
|
||||
}
|
||||
@@ -1211,9 +1204,6 @@ func (suite *TenantTestSuite) TestSetTenantMonitoringWithTenantUpdateError() {
|
||||
opClientTenantUpdateMock = func(ctx context.Context, tenant *miniov2.Tenant, opts metav1.UpdateOptions) (*miniov2.Tenant, error) {
|
||||
return nil, errors.New("mock-tenant-update-error")
|
||||
}
|
||||
runAsUser := "1000"
|
||||
runAsGroup := "1000"
|
||||
fsGroup := "1000"
|
||||
params, _ := suite.initSetTenantMonitoringRequest()
|
||||
params.Data = &models.TenantMonitoringInfo{
|
||||
Labels: []*models.Label{{
|
||||
@@ -1231,11 +1221,7 @@ func (suite *TenantTestSuite) TestSetTenantMonitoringWithTenantUpdateError() {
|
||||
MonitoringCPURequest: "1",
|
||||
MonitoringMemRequest: "1Gi",
|
||||
DiskCapacityGB: "1Gi",
|
||||
SecurityContext: &models.SecurityContext{
|
||||
RunAsUser: &runAsUser,
|
||||
RunAsGroup: &runAsGroup,
|
||||
FsGroup: fsGroup,
|
||||
},
|
||||
SecurityContext: suite.createMockModelsSecurityContext(),
|
||||
}
|
||||
tenant := &miniov2.Tenant{
|
||||
Spec: miniov2.TenantSpec{
|
||||
@@ -1251,16 +1237,9 @@ func (suite *TenantTestSuite) TestSetTenantMonitoringWithoutError() {
|
||||
opClientTenantUpdateMock = func(ctx context.Context, tenant *miniov2.Tenant, opts metav1.UpdateOptions) (*miniov2.Tenant, error) {
|
||||
return nil, nil
|
||||
}
|
||||
runAsUser := "1000"
|
||||
runAsGroup := "1000"
|
||||
fsGroup := "1000"
|
||||
params, _ := suite.initSetTenantMonitoringRequest()
|
||||
params.Data = &models.TenantMonitoringInfo{
|
||||
SecurityContext: &models.SecurityContext{
|
||||
RunAsUser: &runAsUser,
|
||||
RunAsGroup: &runAsGroup,
|
||||
FsGroup: fsGroup,
|
||||
},
|
||||
SecurityContext: suite.createMockModelsSecurityContext(),
|
||||
}
|
||||
tenant := &miniov2.Tenant{
|
||||
Spec: miniov2.TenantSpec{
|
||||
@@ -1519,6 +1498,177 @@ func (suite *TenantTestSuite) TestTenantUpdateEncryptionHandlerWithError() {
|
||||
suite.assert.True(ok)
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) TestTenantUpdateEncryptionWithExternalCertError() {
|
||||
params, _ := suite.initTenantUpdateEncryptionRequest()
|
||||
params.Body = &models.EncryptionConfiguration{
|
||||
ServerTLS: &models.KeyPairConfiguration{},
|
||||
}
|
||||
opClientTenantGetMock = func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error) {
|
||||
return &miniov2.Tenant{
|
||||
Spec: miniov2.TenantSpec{
|
||||
KES: &miniov2.KESConfig{
|
||||
ExternalCertSecret: &miniov2.LocalCertificateReference{
|
||||
Name: "mock-crt",
|
||||
},
|
||||
},
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
err := tenantUpdateEncryption(context.Background(), suite.opClient, suite.k8sclient, params.Namespace, params)
|
||||
suite.assert.NotNil(err)
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) TestTenantUpdateEncryptionWithExternalClientCertError() {
|
||||
params, _ := suite.initTenantUpdateEncryptionRequest()
|
||||
params.Body = &models.EncryptionConfiguration{
|
||||
MinioMtls: &models.KeyPairConfiguration{},
|
||||
}
|
||||
opClientTenantGetMock = func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error) {
|
||||
return &miniov2.Tenant{
|
||||
Spec: miniov2.TenantSpec{
|
||||
ExternalClientCertSecret: &miniov2.LocalCertificateReference{
|
||||
Name: "mock-crt",
|
||||
},
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
err := tenantUpdateEncryption(context.Background(), suite.opClient, suite.k8sclient, params.Namespace, params)
|
||||
suite.assert.NotNil(err)
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) TestTenantUpdateEncryptionAWSWithoutError() {
|
||||
params, _ := suite.initTenantUpdateEncryptionRequest()
|
||||
endpoint := "mock-endpoint"
|
||||
region := "mock-region"
|
||||
ak := "mock-accesskey"
|
||||
sk := "mock-secretkey"
|
||||
params.Body = &models.EncryptionConfiguration{
|
||||
Replicas: "1",
|
||||
SecurityContext: suite.createMockModelsSecurityContext(),
|
||||
SecretsToBeDeleted: []string{"mock-crt"},
|
||||
Aws: &models.AwsConfiguration{
|
||||
Secretsmanager: &models.AwsConfigurationSecretsmanager{
|
||||
Endpoint: &endpoint,
|
||||
Region: ®ion,
|
||||
Kmskey: "mock-kmskey",
|
||||
Credentials: &models.AwsConfigurationSecretsmanagerCredentials{
|
||||
Accesskey: &ak,
|
||||
Secretkey: &sk,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
k8sClientCreateSecretMock = func(ctx context.Context, namespace string, secret *v1.Secret, opts metav1.CreateOptions) (*v1.Secret, error) {
|
||||
return nil, nil
|
||||
}
|
||||
opClientTenantGetMock = func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error) {
|
||||
return &miniov2.Tenant{
|
||||
Spec: miniov2.TenantSpec{
|
||||
ExternalClientCertSecret: &miniov2.LocalCertificateReference{
|
||||
Name: "mock-crt",
|
||||
},
|
||||
KES: &miniov2.KESConfig{
|
||||
ExternalCertSecret: &miniov2.LocalCertificateReference{
|
||||
Name: "mock-crt",
|
||||
},
|
||||
},
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
opClientTenantUpdateMock = func(ctx context.Context, tenant *miniov2.Tenant, opts metav1.UpdateOptions) (*miniov2.Tenant, error) {
|
||||
return nil, nil
|
||||
}
|
||||
err := tenantUpdateEncryption(context.Background(), suite.opClient, suite.k8sclient, params.Namespace, params)
|
||||
suite.assert.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) TestTenantUpdateEncryptionGemaltoWithoutError() {
|
||||
params, _ := suite.initTenantUpdateEncryptionRequest()
|
||||
endpoint := "mock-endpoint"
|
||||
token := "mock-token"
|
||||
domain := "mock-domain"
|
||||
params.Body = &models.EncryptionConfiguration{
|
||||
Replicas: "1",
|
||||
SecurityContext: suite.createMockModelsSecurityContext(),
|
||||
Gemalto: &models.GemaltoConfiguration{
|
||||
Keysecure: &models.GemaltoConfigurationKeysecure{
|
||||
Endpoint: &endpoint,
|
||||
Credentials: &models.GemaltoConfigurationKeysecureCredentials{
|
||||
Token: &token,
|
||||
Domain: &domain,
|
||||
},
|
||||
},
|
||||
},
|
||||
KmsMtls: &models.EncryptionConfigurationAO1KmsMtls{
|
||||
Ca: "bW9jaw==",
|
||||
},
|
||||
}
|
||||
suite.prepareEncryptionUpdateMocksNoError()
|
||||
err := tenantUpdateEncryption(context.Background(), suite.opClient, suite.k8sclient, params.Namespace, params)
|
||||
suite.assert.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) TestTenantUpdateEncryptionGCPWithoutError() {
|
||||
params, _ := suite.initTenantUpdateEncryptionRequest()
|
||||
project := "mock-project"
|
||||
params.Body = &models.EncryptionConfiguration{
|
||||
Replicas: "1",
|
||||
SecurityContext: suite.createMockModelsSecurityContext(),
|
||||
Gcp: &models.GcpConfiguration{
|
||||
Secretmanager: &models.GcpConfigurationSecretmanager{
|
||||
ProjectID: &project,
|
||||
Endpoint: "mock-endpoint",
|
||||
Credentials: &models.GcpConfigurationSecretmanagerCredentials{
|
||||
ClientEmail: "mock",
|
||||
ClientID: "mock",
|
||||
PrivateKey: "mock",
|
||||
PrivateKeyID: "mock",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
suite.prepareEncryptionUpdateMocksNoError()
|
||||
err := tenantUpdateEncryption(context.Background(), suite.opClient, suite.k8sclient, params.Namespace, params)
|
||||
suite.assert.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) TestTenantUpdateEncryptionAzureWithoutError() {
|
||||
params, _ := suite.initTenantUpdateEncryptionRequest()
|
||||
endpoint := "mock-endpoint"
|
||||
tenant := "mock-tenant"
|
||||
clientID := "mock-client-id"
|
||||
clientSecret := "mock-client-secret"
|
||||
params.Body = &models.EncryptionConfiguration{
|
||||
Replicas: "1",
|
||||
SecurityContext: suite.createMockModelsSecurityContext(),
|
||||
Azure: &models.AzureConfiguration{
|
||||
Keyvault: &models.AzureConfigurationKeyvault{
|
||||
Endpoint: &endpoint,
|
||||
Credentials: &models.AzureConfigurationKeyvaultCredentials{
|
||||
TenantID: &tenant,
|
||||
ClientID: &clientID,
|
||||
ClientSecret: &clientSecret,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
suite.prepareEncryptionUpdateMocksNoError()
|
||||
err := tenantUpdateEncryption(context.Background(), suite.opClient, suite.k8sclient, params.Namespace, params)
|
||||
suite.assert.Nil(err)
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) prepareEncryptionUpdateMocksNoError() {
|
||||
k8sClientCreateSecretMock = func(ctx context.Context, namespace string, secret *v1.Secret, opts metav1.CreateOptions) (*v1.Secret, error) {
|
||||
return nil, nil
|
||||
}
|
||||
opClientTenantGetMock = func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error) {
|
||||
return &miniov2.Tenant{Spec: miniov2.TenantSpec{}}, nil
|
||||
}
|
||||
opClientTenantUpdateMock = func(ctx context.Context, tenant *miniov2.Tenant, opts metav1.UpdateOptions) (*miniov2.Tenant, error) {
|
||||
return nil, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) initTenantUpdateEncryptionRequest() (params operator_api.TenantUpdateEncryptionParams, api operations.OperatorAPI) {
|
||||
registerTenantHandlers(&api)
|
||||
params.HTTPRequest = &http.Request{}
|
||||
@@ -1626,3 +1776,14 @@ func (suite *TenantTestSuite) initUpdateTenantDomainsRequest() (params operator_
|
||||
func TestTenant(t *testing.T) {
|
||||
suite.Run(t, new(TenantTestSuite))
|
||||
}
|
||||
|
||||
func (suite *TenantTestSuite) createMockModelsSecurityContext() *models.SecurityContext {
|
||||
runAsUser := "1000"
|
||||
runAsGroup := "1000"
|
||||
fsGroup := "1000"
|
||||
return &models.SecurityContext{
|
||||
RunAsUser: &runAsUser,
|
||||
RunAsGroup: &runAsGroup,
|
||||
FsGroup: fsGroup,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -236,10 +236,7 @@ func tenantUpdateEncryption(ctx context.Context, operatorClient OperatorClientI,
|
||||
return err
|
||||
}
|
||||
_, err = operatorClient.TenantUpdate(ctx, tenant, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
return err
|
||||
}
|
||||
|
||||
// getTenantDeleteEncryptionResponse is a wrapper for tenantDeleteEncryption
|
||||
@@ -898,10 +895,7 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl
|
||||
},
|
||||
}
|
||||
_, err = clientSet.createSecret(ctx, ns, &kesConfigurationSecret, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
return &corev1.LocalObjectReference{
|
||||
Name: kesConfigurationSecretName,
|
||||
}, clientCertSecretReference, nil
|
||||
}, clientCertSecretReference, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user