From 8c66dab1dd24a44f226684f5a2e97a8a257e0ff3 Mon Sep 17 00:00:00 2001 From: Sergi Castro Date: Mon, 26 Feb 2024 17:59:47 +0100 Subject: [PATCH] better tests for k8s.ClientLoader --- internal/k8s/client_test.go | 115 ++++++++++++++++++++++++++++++++--- internal/k8s/secrets_test.go | 13 ---- 2 files changed, 108 insertions(+), 20 deletions(-) diff --git a/internal/k8s/client_test.go b/internal/k8s/client_test.go index b8f8be2..214c78e 100644 --- a/internal/k8s/client_test.go +++ b/internal/k8s/client_test.go @@ -18,24 +18,125 @@ import ( "testing" "github.com/stretchr/testify/require" + "github.com/tetratelabs/run" + + configv1 "github.com/tetrateio/authservice-go/config/gen/go/v1" + oidcv1 "github.com/tetrateio/authservice-go/config/gen/go/v1/oidc" +) + +var ( + filterWithClientSecretRef = &configv1.Filter{ + Type: &configv1.Filter_Oidc{ + Oidc: &oidcv1.OIDCConfig{ + ClientSecretConfig: &oidcv1.OIDCConfig_ClientSecretRef{ + ClientSecretRef: &oidcv1.OIDCConfig_SecretReference{ + Name: "client-secret", + }, + }, + }, + }, + } + filterWithTrustedCASecretRef = &configv1.Filter{ + Type: &configv1.Filter_Oidc{ + Oidc: &oidcv1.OIDCConfig{ + TrustedCaConfig: &oidcv1.OIDCConfig_TrustedCertificateAuthoritySecret{ + TrustedCertificateAuthoritySecret: &oidcv1.OIDCConfig_SecretReference{ + Name: "trusted-ca", + }, + }, + }, + }, + } + filterWithNoSecretRef = &configv1.Filter{ + Type: &configv1.Filter_Oidc{ + Oidc: &oidcv1.OIDCConfig{}, + }, + } ) -func TestGetKubeClient(t *testing.T) { +func TestClientLoader(t *testing.T) { + tests := []struct { name string + config *configv1.Config kubeconfig string - err error + wantErr error + wantClient bool }{ - {"unexisting", "non-existing-file", ErrLoadingConfig}, - {"invalid", "testdata/kubeconfig-invalid", ErrCreatingClient}, - {"valid", "testdata/kubeconfig", nil}, + {"no-secret-ref-no-kubeconfig", &configv1.Config{}, "", nil, false}, + { + "no-secret-ref-valid-kubeconfig", &configv1.Config{ + Chains: []*configv1.FilterChain{{ + Filters: []*configv1.Filter{filterWithNoSecretRef}, + }}, + }, + "testdata/kubeconfig", + nil, + false}, + { + "client-secret-ref-valid-kubeconfig", + &configv1.Config{ + Chains: []*configv1.FilterChain{{ + Filters: []*configv1.Filter{filterWithClientSecretRef}, + }}, + }, + "testdata/kubeconfig", + nil, + true, + }, + { + "trusted-ca-secret-ref-valid-kubeconfig", + &configv1.Config{ + Chains: []*configv1.FilterChain{{ + Filters: []*configv1.Filter{filterWithTrustedCASecretRef}, + }}, + }, + "testdata/kubeconfig", + nil, + true, + }, + { + "secret-ref-but-no-kubeconfig", + &configv1.Config{ + Chains: []*configv1.FilterChain{{ + Filters: []*configv1.Filter{filterWithClientSecretRef, filterWithTrustedCASecretRef}, + }}, + }, + "", + ErrLoadingConfig, + false, + }, + { + "secret-ref-but-invalid-kubeconfig", + &configv1.Config{ + Chains: []*configv1.FilterChain{{ + Filters: []*configv1.Filter{filterWithClientSecretRef, filterWithTrustedCASecretRef}, + }}, + }, + "testdata/kubeconfig-invalid", + ErrCreatingClient, + false, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { t.Setenv("KUBECONFIG", tt.kubeconfig) - _, err := getKubeClient() - require.ErrorIs(t, err, tt.err) + + cl := NewClientLoader(tt.config) + err := cl.(run.PreRunner).PreRun() + + if tt.wantErr != nil { + require.ErrorIs(t, err, tt.wantErr) + } else { + require.NoError(t, err) + } + + if tt.wantClient { + require.NotNil(t, cl.Get()) + } else { + require.Nil(t, cl.Get()) + } }) } } diff --git a/internal/k8s/secrets_test.go b/internal/k8s/secrets_test.go index 6053bf9..523c55e 100644 --- a/internal/k8s/secrets_test.go +++ b/internal/k8s/secrets_test.go @@ -132,19 +132,6 @@ func TestLoadOIDCClientSecret(t *testing.T) { } } -func TestLoadWithInvalidKubeConfig(t *testing.T) { - t.Setenv("KUBECONFIG", "non-existing-file") - - var cfg internal.LocalConfigFile - cl := NewClientLoader(&cfg.Config) - - g := run.Group{Logger: telemetry.NoopLogger()} - g.Register(&cfg, cl) - err := g.Run("", "--config-path", "testdata/oidc-with-valid-secret-ref.json") - - require.ErrorIs(t, err, ErrLoadingConfig) -} - var _ ClientLoader = mockClientLoader{} type mockClientLoader struct {