Skip to content

Commit

Permalink
tests: fix KongCredential tests in envtest suite (#709)
Browse files Browse the repository at this point in the history
  • Loading branch information
pmalek authored Oct 8, 2024
1 parent e3cd706 commit 15fce4a
Show file tree
Hide file tree
Showing 10 changed files with 259 additions and 122 deletions.
2 changes: 1 addition & 1 deletion controller/konnect/ops/ops_credentialapikey.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ func deleteKongCredentialAPIKey(
sdkkonnectops.DeleteKeyAuthWithConsumerRequest{
ControlPlaneID: cpID,
ConsumerIDForNestedEntities: cred.Status.Konnect.GetConsumerID(),
// BasicAuthID: id,
KeyAuthID: id,
})
if errWrap := wrapErrIfKonnectOpFailed(err, DeleteOp, cred); errWrap != nil {
// Service delete operation returns an SDKError instead of a NotFoundError.
Expand Down
6 changes: 0 additions & 6 deletions controller/konnect/reconciler_generic.go
Original file line number Diff line number Diff line change
Expand Up @@ -854,12 +854,6 @@ func handleKongConsumerRef[T constraints.SupportedKonnectEntityType, TEnt constr
client.ObjectKeyFromObject(&consumer), constraints.EntityTypeName[T](), client.ObjectKeyFromObject(ent),
)
}
if cred, ok := any(ent).(*configurationv1alpha1.KongCredentialHMAC); ok {
if cred.Status.Konnect == nil {
cred.Status.Konnect = &konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs{}
}
cred.Status.Konnect.ConsumerID = consumer.Status.Konnect.GetKonnectID()
}

if res, errStatus := updateStatusWithCondition(
ctx, cl, ent,
Expand Down
3 changes: 0 additions & 3 deletions test/envtest/consts.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,6 @@ const (
// sync period. It's set to 60m that is virtually infinite for the tests.
konnectInfiniteSyncTime = time.Minute * 60

// konnectSyncTime is used for tests that want to verify behavior of the reconcilers relying on the fixed sync.
konnectSyncTime = 100 * time.Millisecond

// waitTime is a generic wait time for the tests' eventual conditions.
waitTime = 10 * time.Second

Expand Down
34 changes: 11 additions & 23 deletions test/envtest/kongconsumercredential_acl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
"k8s.io/apimachinery/pkg/watch"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
"sigs.k8s.io/controller-runtime/pkg/client"

"github.com/kong/gateway-operator/controller/konnect"
Expand All @@ -35,10 +35,6 @@ func TestKongConsumerCredential_ACL(t *testing.T) {

mgr, logs := NewManager(t, ctx, cfg, scheme.Get())

clientWithWatch, err := client.NewWithWatch(mgr.GetConfig(), client.Options{
Scheme: scheme.Get(),
})
require.NoError(t, err)
clientNamespaced := client.NewNamespacedClient(mgr.GetClient(), ns.Name)

apiAuth := deploy.KonnectAPIAuthConfigurationWithProgrammed(t, ctx, clientNamespaced)
Expand Down Expand Up @@ -114,7 +110,7 @@ func TestKongConsumerCredential_ACL(t *testing.T) {
require.NoError(t, manager.SetupCacheIndicesForKonnectTypes(ctx, mgr, false))
reconcilers := []Reconciler{
konnect.NewKonnectEntityReconciler(factory, false, mgr.GetClient(),
konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialACL](konnectSyncTime),
konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialACL](konnectInfiniteSyncTime),
),
}

Expand All @@ -141,24 +137,16 @@ func TestKongConsumerCredential_ACL(t *testing.T) {
)
require.NoError(t, clientNamespaced.Delete(ctx, kongCredentialACL))

assert.EventuallyWithT(t,
func(c *assert.CollectT) {
assert.True(c, k8serrors.IsNotFound(
clientNamespaced.Get(ctx, client.ObjectKeyFromObject(kongCredentialACL), kongCredentialACL),
))
}, waitTime, tickTime,
"KongCredentialACL wasn't deleted but it should have been",
)

assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.True(c, factory.SDK.KongCredentialsACLSDK.AssertExpectations(t))
}, waitTime, tickTime)

w := setupWatch[configurationv1alpha1.KongCredentialACLList](t, ctx, clientWithWatch, client.InNamespace(ns.Name))

kongCredentialACL = deploy.KongCredentialACL(t, ctx, clientNamespaced, consumer.Name, aclGroup)
t.Logf("redeployed %s KongCredentialACL resource", client.ObjectKeyFromObject(kongCredentialACL))
t.Logf("checking if KongConsumer %s removal will delete the associated credentials %s",
client.ObjectKeyFromObject(consumer),
client.ObjectKeyFromObject(kongCredentialACL),
)

require.NoError(t, clientNamespaced.Delete(ctx, consumer))
_ = watchFor(t, ctx, w, watch.Modified,
func(c *configurationv1alpha1.KongCredentialACL) bool {
return c.Name == kongCredentialACL.Name
},
"KongCredentialACL wasn't deleted but it should have been",
)
}
152 changes: 152 additions & 0 deletions test/envtest/kongconsumercredential_apikey_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
package envtest

import (
"context"
"testing"

sdkkonnectcomp "github.com/Kong/sdk-konnect-go/models/components"
sdkkonnectops "github.com/Kong/sdk-konnect-go/models/operations"
"github.com/google/uuid"
"github.com/samber/lo"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
"sigs.k8s.io/controller-runtime/pkg/client"

"github.com/kong/gateway-operator/controller/konnect"
"github.com/kong/gateway-operator/controller/konnect/ops"
"github.com/kong/gateway-operator/modules/manager"
"github.com/kong/gateway-operator/modules/manager/scheme"
"github.com/kong/gateway-operator/test/helpers/deploy"

configurationv1 "github.com/kong/kubernetes-configuration/api/configuration/v1"
configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
"github.com/kong/kubernetes-configuration/api/konnect/v1alpha1"
)

func TestKongConsumerCredential_APIKey(t *testing.T) {
t.Parallel()
ctx, cancel := Context(t, context.Background())
defer cancel()

// Setup up the envtest environment.
cfg, ns := Setup(t, ctx, scheme.Get())

mgr, logs := NewManager(t, ctx, cfg, scheme.Get())

clientNamespaced := client.NewNamespacedClient(mgr.GetClient(), ns.Name)

apiAuth := deploy.KonnectAPIAuthConfigurationWithProgrammed(t, ctx, clientNamespaced)
cp := deploy.KonnectGatewayControlPlaneWithID(t, ctx, clientNamespaced, apiAuth)

consumerID := uuid.NewString()
consumer := deploy.KongConsumerWithProgrammed(t, ctx, clientNamespaced, &configurationv1.KongConsumer{
Username: "username1",
Spec: configurationv1.KongConsumerSpec{
ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{
Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef,
KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{
Name: cp.Name,
},
},
},
})
consumer.Status.Konnect = &v1alpha1.KonnectEntityStatusWithControlPlaneRef{
ControlPlaneID: cp.GetKonnectStatus().GetKonnectID(),
KonnectEntityStatus: v1alpha1.KonnectEntityStatus{
ID: consumerID,
ServerURL: cp.GetKonnectStatus().GetServerURL(),
OrgID: cp.GetKonnectStatus().GetOrgID(),
},
}
require.NoError(t, clientNamespaced.Status().Update(ctx, consumer))

kongCredentialAPIKey := deploy.KongCredentialAPIKey(t, ctx, clientNamespaced, consumer.Name)
keyID := uuid.NewString()
tags := []string{
"k8s-generation:1",
"k8s-group:configuration.konghq.com",
"k8s-kind:KongCredentialAPIKey",
"k8s-name:" + kongCredentialAPIKey.Name,
"k8s-namespace:" + ns.Name,
"k8s-uid:" + string(kongCredentialAPIKey.GetUID()),
"k8s-version:v1alpha1",
}

factory := ops.NewMockSDKFactory(t)
factory.SDK.KongCredentialsAPIKeySDK.EXPECT().
CreateKeyAuthWithConsumer(
mock.Anything,
sdkkonnectops.CreateKeyAuthWithConsumerRequest{
ControlPlaneID: cp.GetKonnectStatus().GetKonnectID(),
ConsumerIDForNestedEntities: consumerID,
KeyAuthWithoutParents: sdkkonnectcomp.KeyAuthWithoutParents{
Key: lo.ToPtr("key"),
Tags: tags,
},
},
).
Return(
&sdkkonnectops.CreateKeyAuthWithConsumerResponse{
KeyAuth: &sdkkonnectcomp.KeyAuth{
ID: lo.ToPtr(keyID),
},
},
nil,
)
factory.SDK.KongCredentialsAPIKeySDK.EXPECT().
UpsertKeyAuthWithConsumer(mock.Anything, mock.Anything, mock.Anything).Maybe().
Return(
&sdkkonnectops.UpsertKeyAuthWithConsumerResponse{
KeyAuth: &sdkkonnectcomp.KeyAuth{
ID: lo.ToPtr(keyID),
},
},
nil,
)

require.NoError(t, manager.SetupCacheIndicesForKonnectTypes(ctx, mgr, false))
reconcilers := []Reconciler{
konnect.NewKonnectEntityReconciler(factory, false, mgr.GetClient(),
konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialAPIKey](konnectInfiniteSyncTime),
),
}

StartReconcilers(ctx, t, mgr, logs, reconcilers...)

assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.True(c, factory.SDK.KongCredentialsAPIKeySDK.AssertExpectations(t))
}, waitTime, tickTime)

factory.SDK.KongCredentialsAPIKeySDK.EXPECT().
DeleteKeyAuthWithConsumer(
mock.Anything,
sdkkonnectops.DeleteKeyAuthWithConsumerRequest{
ControlPlaneID: cp.GetKonnectStatus().GetKonnectID(),
ConsumerIDForNestedEntities: consumerID,
KeyAuthID: keyID,
},
).
Return(
&sdkkonnectops.DeleteKeyAuthWithConsumerResponse{
StatusCode: 200,
},
nil,
)

require.NoError(t, clientNamespaced.Delete(ctx, kongCredentialAPIKey))

assert.EventuallyWithT(t,
func(c *assert.CollectT) {
assert.True(c, k8serrors.IsNotFound(
clientNamespaced.Get(ctx, client.ObjectKeyFromObject(kongCredentialAPIKey), kongCredentialAPIKey),
))
}, waitTime, tickTime,
"KongCredentialAPIKey wasn't deleted but it should have been",
)

assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.True(c, factory.SDK.KongCredentialsAPIKeySDK.AssertExpectations(t))
}, waitTime, tickTime)
}
34 changes: 11 additions & 23 deletions test/envtest/kongconsumercredential_basicauth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
"k8s.io/apimachinery/pkg/watch"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
"sigs.k8s.io/controller-runtime/pkg/client"

"github.com/kong/gateway-operator/controller/konnect"
Expand All @@ -35,10 +35,6 @@ func TestKongConsumerCredential_BasicAuth(t *testing.T) {

mgr, logs := NewManager(t, ctx, cfg, scheme.Get())

clientWithWatch, err := client.NewWithWatch(mgr.GetConfig(), client.Options{
Scheme: scheme.Get(),
})
require.NoError(t, err)
clientNamespaced := client.NewNamespacedClient(mgr.GetClient(), ns.Name)

apiAuth := deploy.KonnectAPIAuthConfigurationWithProgrammed(t, ctx, clientNamespaced)
Expand Down Expand Up @@ -116,7 +112,7 @@ func TestKongConsumerCredential_BasicAuth(t *testing.T) {
require.NoError(t, manager.SetupCacheIndicesForKonnectTypes(ctx, mgr, false))
reconcilers := []Reconciler{
konnect.NewKonnectEntityReconciler(factory, false, mgr.GetClient(),
konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialBasicAuth](konnectSyncTime),
konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialBasicAuth](konnectInfiniteSyncTime),
),
}

Expand All @@ -143,24 +139,16 @@ func TestKongConsumerCredential_BasicAuth(t *testing.T) {
)
require.NoError(t, clientNamespaced.Delete(ctx, kongCredentialBasicAuth))

assert.EventuallyWithT(t,
func(c *assert.CollectT) {
assert.True(c, k8serrors.IsNotFound(
clientNamespaced.Get(ctx, client.ObjectKeyFromObject(kongCredentialBasicAuth), kongCredentialBasicAuth),
))
}, waitTime, tickTime,
"KongCredentialBasicAuth wasn't deleted but it should have been",
)

assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.True(c, factory.SDK.KongCredentialsBasicAuthSDK.AssertExpectations(t))
}, waitTime, tickTime)

w := setupWatch[configurationv1alpha1.KongCredentialBasicAuthList](t, ctx, clientWithWatch, client.InNamespace(ns.Name))

kongCredentialBasicAuth = deploy.KongCredentialBasicAuth(t, ctx, clientNamespaced, consumer.Name, username, password)
t.Logf("redeployed %s KongCredentialBasicAuth resource", client.ObjectKeyFromObject(kongCredentialBasicAuth))
t.Logf("checking if KongConsumer %s removal will delete the associated credentials %s",
client.ObjectKeyFromObject(consumer),
client.ObjectKeyFromObject(kongCredentialBasicAuth),
)

require.NoError(t, clientNamespaced.Delete(ctx, consumer))
_ = watchFor(t, ctx, w, watch.Modified,
func(c *configurationv1alpha1.KongCredentialBasicAuth) bool {
return c.Name == kongCredentialBasicAuth.Name
},
"KongCredentialBasicAuth wasn't deleted but it should have been",
)
}
34 changes: 11 additions & 23 deletions test/envtest/kongconsumercredential_hmac_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
"k8s.io/apimachinery/pkg/watch"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
"sigs.k8s.io/controller-runtime/pkg/client"

"github.com/kong/gateway-operator/controller/konnect"
Expand All @@ -35,10 +35,6 @@ func TestKongConsumerCredential_HMAC(t *testing.T) {

mgr, logs := NewManager(t, ctx, cfg, scheme.Get())

clientWithWatch, err := client.NewWithWatch(mgr.GetConfig(), client.Options{
Scheme: scheme.Get(),
})
require.NoError(t, err)
clientNamespaced := client.NewNamespacedClient(mgr.GetClient(), ns.Name)

apiAuth := deploy.KonnectAPIAuthConfigurationWithProgrammed(t, ctx, clientNamespaced)
Expand Down Expand Up @@ -113,7 +109,7 @@ func TestKongConsumerCredential_HMAC(t *testing.T) {
require.NoError(t, manager.SetupCacheIndicesForKonnectTypes(ctx, mgr, false))
reconcilers := []Reconciler{
konnect.NewKonnectEntityReconciler(factory, false, mgr.GetClient(),
konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialHMAC](konnectSyncTime),
konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialHMAC](konnectInfiniteSyncTime),
),
}

Expand All @@ -140,24 +136,16 @@ func TestKongConsumerCredential_HMAC(t *testing.T) {
)
require.NoError(t, clientNamespaced.Delete(ctx, kongCredentialHMAC))

assert.EventuallyWithT(t,
func(c *assert.CollectT) {
assert.True(c, k8serrors.IsNotFound(
clientNamespaced.Get(ctx, client.ObjectKeyFromObject(kongCredentialHMAC), kongCredentialHMAC),
))
}, waitTime, tickTime,
"KongCredentialHMAC wasn't deleted but it should have been",
)

assert.EventuallyWithT(t, func(c *assert.CollectT) {
assert.True(c, factory.SDK.KongCredentialsHMACSDK.AssertExpectations(t))
}, waitTime, tickTime)

w := setupWatch[configurationv1alpha1.KongCredentialHMACList](t, ctx, clientWithWatch, client.InNamespace(ns.Name))

kongCredentialHMAC = deploy.KongCredentialHMAC(t, ctx, clientNamespaced, consumer.Name)
t.Logf("redeployed %s KongCredentialHMAC resource", client.ObjectKeyFromObject(kongCredentialHMAC))
t.Logf("checking if KongConsumer %s removal will delete the associated credentials %s",
client.ObjectKeyFromObject(consumer),
client.ObjectKeyFromObject(kongCredentialHMAC),
)

require.NoError(t, clientNamespaced.Delete(ctx, consumer))
_ = watchFor(t, ctx, w, watch.Modified,
func(c *configurationv1alpha1.KongCredentialHMAC) bool {
return c.Name == kongCredentialHMAC.Name
},
"KongCredentialHMAC wasn't deleted but it should have been",
)
}
Loading

0 comments on commit 15fce4a

Please sign in to comment.