Merge pull request #3 from FanZhang526/main

Update v1.0.1
Huawei · Dec 28, 2024 · 3bc1113 · 3bc1113
2 parents 2bc342f + 7059848
commit 3bc1113
Show file tree

Hide file tree

Showing 9 changed files with 885 additions and 12 deletions.
diff --git a/doc/eSDK Huawei Storage COSI Plugins V1.0.1 User Guide 01.pdf b/doc/eSDK Huawei Storage COSI Plugins V1.0.1 User Guide 01.pdf
diff --git a/doc/eSDK Huawei Storage COSI Plugins V1.0.1 用户指南 01.pdf b/doc/eSDK Huawei Storage COSI Plugins V1.0.1 用户指南 01.pdf
diff --git a/helm/templates/provisioner-deployment.yaml b/helm/templates/provisioner-deployment.yaml
@@ -110,6 +110,12 @@ spec:
             - --log-file={{ ((.Values.global).logging).loggingFileName | default "cosi-driver" }}
             - --log-file-size={{ ((.Values.global).logging).fileSize | default "20M" }}
             - --max-backups={{ int ((.Values.global).logging).maxBackups | default 9 }}
+          env:
+            - name: env-namepsace
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
           livenessProbe:
             failureThreshold: 5
             httpGet:
@@ -186,6 +192,11 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: status.podIP
+            - name: env-namepsace
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
           volumeMounts:
             - mountPath: /var/lib/cosi
               name: socket

diff --git a/pkg/provider/driver_grant_bucketaccess_test.go b/pkg/provider/driver_grant_bucketaccess_test.go
@@ -17,21 +17,67 @@ package provider
 
 import (
 	"context"
+	"fmt"
 	"reflect"
 	"testing"
 
 	"github.com/agiledragon/gomonkey/v2"
 	coreV1 "k8s.io/api/core/v1"
+	metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/fake"
 	cosispec "sigs.k8s.io/container-object-storage-interface-spec"
 
 	"github.com/huawei/cosi-driver/pkg/s3/agent"
 	"github.com/huawei/cosi-driver/pkg/s3/policy"
 	"github.com/huawei/cosi-driver/pkg/user"
 	"github.com/huawei/cosi-driver/pkg/user/api"
 	"github.com/huawei/cosi-driver/pkg/user/clientset/poe"
+	"github.com/huawei/cosi-driver/pkg/utils/keylock"
 )
 
-func Test_registerUser_NewUser_Success(t *testing.T) {
+func Test_ProvisionerServer_DriverGrantBucketAccess_Success(t *testing.T) {
+	// arrange
+	ctx := context.TODO()
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	s := &provisionerServer{
+		K8sClient: fake.NewSimpleClientset(),
+		keyLock:   keylock.NewKeyLock(keyLockSize),
+	}
+	bacSecret := &coreV1.Secret{}
+	bcResource := &resourceIdInfo{}
+	bcSecret := &coreV1.Secret{}
+	userData := &userInfo{}
+
+	_, _ = s.K8sClient.CoreV1().Secrets(bacSecret.Namespace).Create(ctx, bacSecret, metaV1.CreateOptions{})
+
+	wantResponse := &cosispec.DriverGrantBucketAccessResponse{
+		AccountId:   assembleResourceId(bacSecret.Namespace, bacSecret.Name, req.Name),
+		Credentials: buildCredentials(bcSecret, userData),
+	}
+
+	// mock
+	patches := gomonkey.ApplyFuncReturn(checkDriverGrantBucketAccessRequest, nil).
+		ApplyFuncReturn(fetchDataFromResourceId, bcResource, bcSecret, nil).
+		ApplyFuncReturn(checkBucketExistence, nil).
+		ApplyFuncReturn(registerUser, userData, nil).
+		ApplyFuncReturn(setBucketPolicy, nil)
+
+	// act
+	gotResponse, gotErr := s.DriverGrantBucketAccess(ctx, req)
+
+	// assert
+	if !reflect.DeepEqual(gotResponse, wantResponse) || gotErr != nil {
+		t.Errorf("Test_ProvisionerServer_DriverGrantBucketAccess_Success failed, "+
+			"wantResponse= [%v], gotResponse= [%v], wantErr= nil, gotErr= [%v]", wantResponse, gotResponse, gotErr)
+	}
+
+	// cleanup
+	t.Cleanup(func() {
+		patches.Reset()
+	})
+}
+
+func Test_RegisterUser_NewUser_Success(t *testing.T) {
 	// arrange
 	ctx := context.TODO()
 	accountSecret := &coreV1.Secret{}
@@ -67,7 +113,7 @@ func Test_registerUser_NewUser_Success(t *testing.T) {
 
 	// assert
 	if reflect.DeepEqual(gotUserData, wantUserData) || gotErr != nil {
-		t.Errorf("Test_registerUser_NewUser_Success failed, got= [%v], want= [%v], "+
+		t.Errorf("Test_RegisterUser_NewUser_Success failed, got= [%v], want= [%v], "+
 			"gotErr= [%v], wantErr= nil", gotUserData, wantUserData, gotErr)
 	}
 
@@ -77,7 +123,7 @@ func Test_registerUser_NewUser_Success(t *testing.T) {
 	})
 }
 
-func Test_setBucketPolicy_NewPolicy_Success(t *testing.T) {
+func Test_SetBucketPolicy_NewPolicy_Success(t *testing.T) {
 	// arrange
 	userName := "user-demo"
 	userArn := "arn-id"
@@ -108,7 +154,252 @@ func Test_setBucketPolicy_NewPolicy_Success(t *testing.T) {
 
 	// assert
 	if gotErr != nil {
-		t.Errorf("Test_setBucketPolicy_NewPolicy_Success failed, gotErr= [%v], wantErr= nil", gotErr)
+		t.Errorf("Test_SetBucketPolicy_NewPolicy_Success failed, gotErr= [%v], wantErr= nil", gotErr)
+	}
+
+	//cleanup
+	t.Cleanup(func() {
+		mock.Reset()
+	})
+}
+
+func Test_CheckDriverGrantBucketAccessRequest_EmptyBucketId(t *testing.T) {
+	// arrange
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	req.BucketId = ""
+	wantErr := fmt.Errorf("empty bucket id")
+
+	// act
+	gotErr := checkDriverGrantBucketAccessRequest(req)
+
+	// assert
+	if gotErr == nil || gotErr.Error() != wantErr.Error() {
+		t.Errorf("Test_CheckDriverGrantBucketAccessRequest_EmptyBucketId failed, "+
+			"gotErr= [%s], wantErr= [%s]", gotErr, wantErr)
+	}
+}
+
+func Test_CheckDriverGrantBucketAccessRequest_EmptyUserName(t *testing.T) {
+	// arrange
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	req.BucketId = "bucketId"
+	req.Name = ""
+	wantErr := fmt.Errorf("empty user name")
+
+	// act
+	gotErr := checkDriverGrantBucketAccessRequest(req)
+
+	// assert
+	if gotErr == nil || gotErr.Error() != wantErr.Error() {
+		t.Errorf("Test_CheckDriverGrantBucketAccessRequest_EmptyUserName failed, "+
+			"gotErr= [%v], wantErr= [%v]", gotErr, wantErr)
+	}
+}
+
+func Test_CheckDriverGrantBucketAccessRequest_IAMAuthenticationType(t *testing.T) {
+	// arrange
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	req.BucketId = "bucketId"
+	req.Name = "userName"
+	req.AuthenticationType = cosispec.AuthenticationType_IAM
+
+	wantErr := fmt.Errorf("IAM authentication type not implemented")
+
+	// act
+	gotErr := checkDriverGrantBucketAccessRequest(req)
+
+	// assert
+	if gotErr == nil || gotErr.Error() != wantErr.Error() {
+		t.Errorf("Test_CheckDriverGrantBucketAccessRequest_IAMAuthenticationType failed, "+
+			"gotErr= [%v], wantErr= [%v]", gotErr, wantErr)
+	}
+}
+
+func Test_CheckDriverGrantBucketAccessRequest_UnknownAuthenticationType(t *testing.T) {
+	// arrange
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	req.BucketId = "bucketId"
+	req.Name = "userName"
+	req.AuthenticationType = cosispec.AuthenticationType_UnknownAuthenticationType
+
+	wantErr := fmt.Errorf("unknown authentication type")
+
+	// act
+	gotErr := checkDriverGrantBucketAccessRequest(req)
+
+	// assert
+	if gotErr == nil || gotErr.Error() != wantErr.Error() {
+		t.Errorf("Test_CheckDriverGrantBucketAccessRequest_UnknownAuthenticationType failed, "+
+			"gotErr= [%v], wantErr= [%v]", gotErr, wantErr)
+	}
+}
+
+func Test_CheckDriverGrantBucketAccessRequest_MissingAccountSecretName(t *testing.T) {
+	// arrange
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	req.BucketId = "bucketId"
+	req.Name = "userName"
+	req.AuthenticationType = cosispec.AuthenticationType_Key
+	req.Parameters = make(map[string]string)
+
+	wantErr := fmt.Errorf("account secret name value is empty")
+
+	// act
+	gotErr := checkDriverGrantBucketAccessRequest(req)
+
+	// assert
+	if gotErr == nil || gotErr.Error() != wantErr.Error() {
+		t.Errorf("Test_CheckDriverGrantBucketAccessRequest_MissingAccountSecretName failed, "+
+			"gotErr= [%v], wantErr= [%v]", gotErr, wantErr)
+	}
+}
+
+func Test_CheckDriverGrantBucketAccessRequest_MissingAccountSecretNamespace(t *testing.T) {
+	// arrange
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	req.BucketId = "bucketId"
+	req.Name = "userName"
+	req.AuthenticationType = cosispec.AuthenticationType_Key
+	req.Parameters = map[string]string{
+		accountSecretName: "accountSecret",
+	}
+
+	wantErr := fmt.Errorf("account secret namespace value is empty")
+
+	// act
+	gotErr := checkDriverGrantBucketAccessRequest(req)
+
+	// assert
+	if gotErr == nil || gotErr.Error() != wantErr.Error() {
+		t.Errorf("Test_CheckDriverGrantBucketAccessRequest_MissingAccountSecretNamespace failed, "+
+			"gotErr= [%v], wantErr= [%v]", gotErr, wantErr)
+	}
+}
+
+func Test_CheckDriverGrantBucketAccessRequest_InvalidBucketPolicyModel(t *testing.T) {
+	// arrange
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	req.BucketId = "bucketId"
+	req.Name = "userName"
+	req.AuthenticationType = cosispec.AuthenticationType_Key
+	req.Parameters = map[string]string{
+		accountSecretName:      "accountSecret",
+		accountSecretNamespace: "accountSecretNamespace",
+		bucketPolicyModel:      "invalidModel",
+	}
+
+	wantErr := fmt.Errorf("invalid bucketPolicy model [invalidModel]")
+
+	// act
+	gotErr := checkDriverGrantBucketAccessRequest(req)
+
+	// assert
+	if gotErr == nil || gotErr.Error() != wantErr.Error() {
+		t.Errorf("Test_CheckDriverGrantBucketAccessRequest_InvalidBucketPolicyModel failed, "+
+			"gotErr= [%v], wantErr= [%v]", gotErr, wantErr)
+	}
+}
+
+func Test_CheckDriverGrantBucketAccessRequest_NormalCase(t *testing.T) {
+	// arrange
+	req := &cosispec.DriverGrantBucketAccessRequest{}
+	req.BucketId = "bucketId"
+	req.Name = "userName"
+	req.AuthenticationType = cosispec.AuthenticationType_Key
+	req.Parameters = map[string]string{
+		accountSecretName:      "accountSecret",
+		accountSecretNamespace: "accountSecretNamespace",
+		bucketPolicyModel:      bucketPolicyModelRW,
+	}
+
+	// act
+	gotErr := checkDriverGrantBucketAccessRequest(req)
+
+	// assert
+	if gotErr != nil {
+		t.Errorf("Test_CheckDriverGrantBucketAccessRequest_NormalCase failed, gotErr= [%v], wantErr= [nil]", gotErr)
+	}
+}
+
+func Test_BuildCredentials_Success(t *testing.T) {
+	// arrange
+	bcAccountSecret := &coreV1.Secret{
+		Data: map[string][]byte{
+			"endpoint": []byte("https://example.com"),
+		},
+	}
+	userData := &userInfo{
+		accessKeyId:     "accessKeyId",
+		accessSecretKey: "accessSecretKey",
+	}
+
+	// act
+	gotCredDetails := buildCredentials(bcAccountSecret, userData)
+
+	// assert
+	wantCred := cosispec.CredentialDetails{
+		Secrets: map[string]string{
+			accessAk: userData.accessKeyId,
+			accessSk: userData.accessSecretKey,
+			endpoint: string(bcAccountSecret.Data[endpoint]),
+		},
+	}
+	if !reflect.DeepEqual(wantCred.Secrets, gotCredDetails[s3Protocol].Secrets) {
+		t.Errorf("Test_BuildCredentials_Success failed, gotCredSecret= [%v], wantCredSecret= [%v]",
+			gotCredDetails[s3Protocol].Secrets, wantCred.Secrets)
+	}
+}
+
+func Test_CheckBucketExistence_Success(t *testing.T) {
+	// arrange
+	ctx := context.TODO()
+	c := &agent.S3Agent{}
+	bucketName := "bucket-demo"
+	secret := &coreV1.Secret{}
+
+	// mock
+	mock := gomonkey.
+		ApplyFunc(agent.NewS3Agent, func(agent.Config) (*agent.S3Agent, error) {
+			return c, nil
+		}).ApplyMethod(reflect.TypeOf(c), "CheckBucketExist",
+		func(_ *agent.S3Agent, ctx context.Context, bucketName string) error {
+			return nil
+		})
+
+	// act
+	gotErr := checkBucketExistence(ctx, secret, bucketName)
+
+	// assert
+	if gotErr != nil {
+		t.Errorf("Test_CheckBucketExistence_Success failed, wantErr= nil, gotErr= [%v]", gotErr)
+	}
+
+	// cleanup
+	t.Cleanup(func() {
+		mock.Reset()
+	})
+}
+
+func Test_CheckBucketExistence_NewAgent_Failed(t *testing.T) {
+	// arrange
+	ctx := context.TODO()
+	bucketName := "bucket-demo"
+	secret := &coreV1.Secret{}
+	angentErr := fmt.Errorf("s3 new agent error")
+	wantErr := fmt.Errorf("new s3 agent failed, error is [%v]", angentErr)
+
+	// mock
+	mock := gomonkey.
+		ApplyFunc(agent.NewS3Agent, func(agent.Config) (*agent.S3Agent, error) {
+			return nil, angentErr
+		})
+
+	// act
+	gotErr := checkBucketExistence(ctx, secret, bucketName)
+
+	// assert
+	if gotErr.Error() != wantErr.Error() {
+		t.Errorf("Test_CheckBucketExistence_NewAgent_Failed failed, wangErr= [%v], gotErr= [%v]", wantErr, gotErr)
 	}
 
 	//cleanup