Skip to content

Commit

Permalink
Update getSecretInterfaceMock for cleanup_test
Browse files Browse the repository at this point in the history 
Signed-off-by: Chad Roberts <chad.roberts@suse.com>
  • Loading branch information
@crobby
crobby committed Oct 22, 2024
1 parent 56f118b commit ec389f8
Showing 1 changed file with 45 additions and 36 deletions.
81 changes: 45 additions & 36 deletions pkg/auth/api/secrets/cleanup_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,27 @@ import (
"github.com/rancher/rancher/pkg/auth/tokens"
client "github.com/rancher/rancher/pkg/client/generated/management/v3"
v1 "github.com/rancher/rancher/pkg/generated/norman/core/v1"
"github.com/rancher/rancher/pkg/generated/norman/core/v1/fakes"
wcorev1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/core/v1"
wranglerfake "github.com/rancher/wrangler/v3/pkg/generic/fake"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/mock/gomock"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
)

func TestCleanupClientSecretsNilConfig(t *testing.T) {
secrets := getSecretInterfaceMock(map[string]*corev1.Secret{})
ctrl := gomock.NewController(t)
secrets := getSecretInterfaceMock(ctrl, map[string]*corev1.Secret{})
err := CleanupClientSecrets(secrets, nil)
require.Error(t, err)
}

func TestCleanupClientSecretsUnknownConfig(t *testing.T) {
secrets := getSecretInterfaceMock(map[string]*corev1.Secret{})
ctrl := gomock.NewController(t)
secrets := getSecretInterfaceMock(ctrl, map[string]*corev1.Secret{})

config := &v3.AuthConfig{
ObjectMeta: metav1.ObjectMeta{Name: "unknownConfig"},
Expand All @@ -57,7 +61,8 @@ func TestCleanupClientSecretsKnownConfig(t *testing.T) {
oauthSecretName := "user123-secret"

initialStore := map[string]*corev1.Secret{}
secrets := getSecretInterfaceMock(initialStore)
ctrl := gomock.NewController(t)
secrets := getSecretInterfaceMock(ctrl, initialStore)

_, err := secrets.Create(&v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -87,30 +92,30 @@ func TestCleanupClientSecretsKnownConfig(t *testing.T) {
})
assert.NoError(t, err)

s, err := secrets.GetNamespaced(common.SecretsNamespace, secretName1, metav1.GetOptions{})
s, err := secrets.Get(common.SecretsNamespace, secretName1, metav1.GetOptions{})
assert.NoErrorf(t, err, "expected to find the secret %s belonging to the disabled auth provider", secretName1)

s, err = secrets.GetNamespaced(common.SecretsNamespace, secretName2, metav1.GetOptions{})
s, err = secrets.Get(common.SecretsNamespace, secretName2, metav1.GetOptions{})
assert.NoErrorf(t, err, "expected to find the secret %s belonging to the disabled auth provider", secretName2)

s, err = secrets.GetNamespaced(tokens.SecretNamespace, oauthSecretName, metav1.GetOptions{})
s, err = secrets.Get(tokens.SecretNamespace, oauthSecretName, metav1.GetOptions{})
assert.NoErrorf(t, err, "expected to find the secret %s belonging to the disabled auth provider", oauthSecretName)

err = CleanupClientSecrets(secrets, config)
assert.NoError(t, err)

t.Run("Cleanup deletes provider secrets", func(t *testing.T) {
s, err = secrets.GetNamespaced(common.SecretsNamespace, secretName1, metav1.GetOptions{})
s, err = secrets.Get(common.SecretsNamespace, secretName1, metav1.GetOptions{})
assert.Errorf(t, err, "expected to not find the secret %s belonging to the disabled auth provider", secretName1)
assert.Nil(t, s, "expected the secret to be nil")

s, err = secrets.GetNamespaced(common.SecretsNamespace, secretName2, metav1.GetOptions{})
s, err = secrets.Get(common.SecretsNamespace, secretName2, metav1.GetOptions{})
assert.Errorf(t, err, "expected to not find the secret %s belonging to the disabled auth provider", secretName2)
assert.Nil(t, s, "expected the secret to be nil")
})

t.Run("Cleanup deletes OAuth secrets", func(t *testing.T) {
s, err = secrets.GetNamespaced(tokens.SecretNamespace, oauthSecretName, metav1.GetOptions{})
s, err = secrets.Get(tokens.SecretNamespace, oauthSecretName, metav1.GetOptions{})
assert.Errorf(t, err, "expected to not find the secret %s belonging to the disabled auth provider", oauthSecretName)
assert.Nil(t, s, "expected the secret to be nil")
})
Expand All @@ -125,7 +130,8 @@ func TestCleanupDeprecatedSecretsKnownConfig(t *testing.T) {

secretName := fmt.Sprintf("%s-%s", strings.ToLower(config.Name), "access-token")
initialStore := map[string]*corev1.Secret{}
secrets := getSecretInterfaceMock(initialStore)
ctrl := gomock.NewController(t)
secrets := getSecretInterfaceMock(ctrl, initialStore)

_, err := secrets.Create(&v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -135,58 +141,60 @@ func TestCleanupDeprecatedSecretsKnownConfig(t *testing.T) {
})
assert.NoError(t, err)

s, err := secrets.GetNamespaced(common.SecretsNamespace, secretName, metav1.GetOptions{})
s, err := secrets.Get(common.SecretsNamespace, secretName, metav1.GetOptions{})
assert.NoErrorf(t, err, "expected to find the secret %s belonging to the disabled auth provider", secretName)

err = CleanupClientSecrets(secrets, config)
assert.NoError(t, err)

s, err = secrets.GetNamespaced(common.SecretsNamespace, secretName, metav1.GetOptions{})
s, err = secrets.Get(common.SecretsNamespace, secretName, metav1.GetOptions{})
assert.Errorf(t, err, "expected to not find the secret %s belonging to the disabled auth provider", secretName)
assert.Nil(t, s, "expected the secret to be nil")
}

func getSecretInterfaceMock(store map[string]*corev1.Secret) v1.SecretInterface {
secretInterfaceMock := &fakes.SecretInterfaceMock{}
func getSecretInterfaceMock(ctrl *gomock.Controller, store map[string]*corev1.Secret) wcorev1.SecretController {
secretController := wranglerfake.NewMockControllerInterface[*corev1.Secret, *corev1.SecretList](ctrl)

secretInterfaceMock.CreateFunc = func(secret *corev1.Secret) (*corev1.Secret, error) {
secretController.EXPECT().Create(gomock.Any()).DoAndReturn(func(secret *corev1.Secret) (*corev1.Secret, error) {
if secret.Name == "" {
uniqueIdentifier := md5.Sum([]byte(time.Now().String()))
secret.Name = hex.EncodeToString(uniqueIdentifier[:])
}
store[fmt.Sprintf("%s:%s", secret.Namespace, secret.Name)] = secret
return secret, nil
}
}).AnyTimes()

secretInterfaceMock.GetNamespacedFunc = func(namespace string, name string, opts metav1.GetOptions) (*corev1.Secret, error) {
secret, ok := store[fmt.Sprintf("%s:%s", namespace, name)]
if ok {
secretController.EXPECT().Get(gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(namespace, name string, opts metav1.GetOptions) (*corev1.Secret, error) {
key := fmt.Sprintf("%s:%s", namespace, name)
if secret, ok := store[key]; ok {
return secret, nil
}
return nil, errors.New("secret not found")
}
}).AnyTimes()

secretInterfaceMock.DeleteNamespacedFunc = func(namespace string, name string, options *metav1.DeleteOptions) error {
secretController.EXPECT().Delete(gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn(func(namespace, name string, options *metav1.DeleteOptions) error {
key := fmt.Sprintf("%s:%s", namespace, name)
if _, ok := store[key]; !ok {
return apierrors.NewNotFound(schema.GroupResource{
Group: v1.SecretGroupVersionKind.Group,
Resource: v1.SecretGroupVersionResource.Resource,
Group: v1.SchemeGroupVersion.Group,
Resource: "secrets",
}, key)
}
delete(store, key)
return nil
}
}).AnyTimes()

secretInterfaceMock.ListNamespacedFunc = func(namespace string, opts metav1.ListOptions) (*corev1.SecretList, error) {
secretController.EXPECT().List(gomock.Any(), gomock.Any()).DoAndReturn(func(namespace string, opts metav1.ListOptions) (*corev1.SecretList, error) {
var secrets []corev1.Secret
for _, s := range store {
secrets = append(secrets, *s)
for _, secret := range store {
if secret.Namespace == namespace {
secrets = append(secrets, *secret)
}
}
return &corev1.SecretList{Items: secrets}, nil
}
}).AnyTimes()

return secretInterfaceMock
return secretController
}

func TestCleanupClientSecretsOKTAConfig(t *testing.T) {
Expand All @@ -201,7 +209,8 @@ func TestCleanupClientSecretsOKTAConfig(t *testing.T) {
oauthSecretName := "user123-secret"

initialStore := map[string]*corev1.Secret{}
secrets := getSecretInterfaceMock(initialStore)
ctrl := gomock.NewController(t)
secrets := getSecretInterfaceMock(ctrl, initialStore)

_, err := secrets.Create(&v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -231,24 +240,24 @@ func TestCleanupClientSecretsOKTAConfig(t *testing.T) {
})
assert.NoError(t, err)

s, err := secrets.GetNamespaced(common.SecretsNamespace, secretName1, metav1.GetOptions{})
s, err := secrets.Get(common.SecretsNamespace, secretName1, metav1.GetOptions{})
assert.NoErrorf(t, err, "expected to find the secret %s belonging to the disabled auth provider", secretName1)

s, err = secrets.GetNamespaced(common.SecretsNamespace, secretName2, metav1.GetOptions{})
s, err = secrets.Get(common.SecretsNamespace, secretName2, metav1.GetOptions{})
assert.NoErrorf(t, err, "expected to find the secret %s belonging to the disabled auth provider", secretName2)

s, err = secrets.GetNamespaced(tokens.SecretNamespace, oauthSecretName, metav1.GetOptions{})
s, err = secrets.Get(tokens.SecretNamespace, oauthSecretName, metav1.GetOptions{})
assert.NoErrorf(t, err, "expected to find the secret %s belonging to the disabled auth provider", oauthSecretName)

err = CleanupClientSecrets(secrets, config)
assert.NoError(t, err)

t.Run("Cleanup deletes provider secrets", func(t *testing.T) {
s, err = secrets.GetNamespaced(common.SecretsNamespace, secretName1, metav1.GetOptions{})
s, err = secrets.Get(common.SecretsNamespace, secretName1, metav1.GetOptions{})
assert.Errorf(t, err, "expected to not find the secret %s belonging to the disabled auth provider", secretName1)
assert.Nil(t, s, "expected the secret to be nil")

s, err = secrets.GetNamespaced(common.SecretsNamespace, secretName2, metav1.GetOptions{})
s, err = secrets.Get(common.SecretsNamespace, secretName2, metav1.GetOptions{})
assert.Errorf(t, err, "expected to not find the secret %s belonging to the disabled auth provider", secretName2)
assert.Nil(t, s, "expected the secret to be nil")
})
Expand Down

0 comments on commit ec389f8

Please # to comment.