fix tests and remove unused code

tetrateio · Feb 28, 2024 · 30cbcc7 · 30cbcc7
1 parent e7c1e60
commit 30cbcc7
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 112 deletions.
diff --git a/internal/k8s/client.go b/internal/k8s/client.go
diff --git a/internal/k8s/client_test.go b/internal/k8s/client_test.go
diff --git a/internal/k8s/secret_controller.go b/internal/k8s/secret_controller.go
@@ -42,6 +42,7 @@ var (
 	_ run.PreRunner      = (*SecretController)(nil)
 	_ run.ServiceContext = (*SecretController)(nil)
 
+	ErrLoadingConfig           = errors.New("error loading kube config")
 	ErrCrossNamespaceSecretRef = errors.New("cross-namespace secret reference is not allowed")
 )
 
@@ -104,25 +105,8 @@ func (s *SecretController) PreRun() error {
 	}
 
 	// Collect the k8s secrets that are used in the configuration
-	s.secrets = make(map[string][]*oidcv1.OIDCConfig)
-	for _, c := range s.config.Chains {
-		for _, f := range c.Filters {
-			oidcCfg, isOIDCConf := f.Type.(*configv1.Filter_Oidc)
-			if !isOIDCConf ||
-				oidcCfg.Oidc.GetClientSecretRef() == nil ||
-				oidcCfg.Oidc.GetClientSecretRef().GetName() == "" {
-				continue
-			}
-
-			ref := oidcCfg.Oidc.GetClientSecretRef()
-			if ref.Namespace != "" && ref.Namespace != s.namespace {
-				return fmt.Errorf("%w: secret reference namespace %s does not match the current namespace %s",
-					ErrCrossNamespaceSecretRef, ref.Namespace, s.namespace)
-			}
-
-			key := secretNamespacedName(ref, s.namespace).String()
-			s.secrets[key] = append(s.secrets[key], oidcCfg.Oidc)
-		}
+	if err = s.loadSecrets(); err != nil {
+		return err
 	}
 
 	// Load the k8s configuration from in-cluster environment
@@ -173,6 +157,31 @@ func (s *SecretController) ServeContext(ctx context.Context) error {
 	return nil
 }
 
+// loadSecrets loads the secrets from the configuration and stores them in the secrets map.
+func (s *SecretController) loadSecrets() error {
+	s.secrets = make(map[string][]*oidcv1.OIDCConfig)
+	for _, c := range s.config.Chains {
+		for _, f := range c.Filters {
+			oidcCfg, isOIDCConf := f.Type.(*configv1.Filter_Oidc)
+			if !isOIDCConf ||
+				oidcCfg.Oidc.GetClientSecretRef() == nil ||
+				oidcCfg.Oidc.GetClientSecretRef().GetName() == "" {
+				continue
+			}
+
+			ref := oidcCfg.Oidc.GetClientSecretRef()
+			if ref.Namespace != "" && ref.Namespace != s.namespace {
+				return fmt.Errorf("%w: secret reference namespace %s does not match the current namespace %s",
+					ErrCrossNamespaceSecretRef, ref.Namespace, s.namespace)
+			}
+
+			key := secretNamespacedName(ref, s.namespace).String()
+			s.secrets[key] = append(s.secrets[key], oidcCfg.Oidc)
+		}
+	}
+	return nil
+}
+
 func secretNamespacedName(secretRef *oidcv1.OIDCConfig_SecretReference, currentNamespace string) types.NamespacedName {
 	return types.NamespacedName{
 		Namespace: currentNamespace,

diff --git a/internal/k8s/secret_controller_lifecycle_test.go b/internal/k8s/secret_controller_lifecycle_test.go
@@ -36,6 +36,14 @@ const (
 	defaultTick = time.Millisecond * 20
 )
 
+func TestErrorLoadingConfig(t *testing.T) {
+	t.Setenv("KUBECONFIG", "non-existent-file")
+	sc := NewSecretController(loadTestConf(t, "testdata/oidc-with-secret-ref.json"))
+	sc.namespace = "default"
+
+	require.ErrorIs(t, sc.PreRun(), ErrLoadingConfig)
+}
+
 func TestManagerStarts(t *testing.T) {
 	var (
 		g = run.Group{Logger: telemetry.NoopLogger()}
@@ -116,6 +124,7 @@ func startEnv(t *testing.T) *rest.Config {
 	env := &envtest.Environment{}
 	cfg, err := env.Start()
 	require.NoError(t, err)
+
 	t.Cleanup(func() {
 		require.NoError(t, env.Stop())
 	})

diff --git a/internal/k8s/secret_controller_reconcile_test.go b/internal/k8s/secret_controller_reconcile_test.go
@@ -58,25 +58,20 @@ func TestOIDCProcessWithKubernetesSecret(t *testing.T) {
 			kubeClient := fake.NewClientBuilder().WithLists(secrets).Build()
 			controller := NewSecretController(originalConf)
 			controller.namespace = "default"
-
-			// pre-run the controller
-			err := controller.PreRun()
-			require.ErrorIs(t, err, tt.err)
-
-			// replace the k8s client with the fake client for testing
-			controller.k8sClient = kubeClient
+			controller.k8sClient = kubeClient // set the k8s client with the fake client for testing
+			require.ErrorIs(t, controller.loadSecrets(), tt.err)
 
 			// reconcile the secrets
 			for _, secret := range secrets.Items {
-				_, err = controller.Reconcile(context.Background(), ctrl.Request{
+				_, err := controller.Reconcile(context.Background(), ctrl.Request{
 					NamespacedName: types.NamespacedName{
 						Namespace: secret.Namespace,
 						Name:      secret.Name,
 					},
 				})
 				require.NoError(t, err)
 			}
-			_, err = controller.Reconcile(context.Background(), ctrl.Request{
+			_, err := controller.Reconcile(context.Background(), ctrl.Request{
 				NamespacedName: types.NamespacedName{
 					Namespace: "default",
 					Name:      "non-existing-secret",