Kong · pmalek · Oct 8, 2024 · Oct 7, 2024
@@ -96,7 +96,7 @@ func deleteKongCredentialAPIKey(
 		sdkkonnectops.DeleteKeyAuthWithConsumerRequest{
 			ControlPlaneID:              cpID,
 			ConsumerIDForNestedEntities: cred.Status.Konnect.GetConsumerID(),
-			// BasicAuthID:                 id,
+			KeyAuthID:                   id,
 		})
 	if errWrap := wrapErrIfKonnectOpFailed(err, DeleteOp, cred); errWrap != nil {
 		// Service delete operation returns an SDKError instead of a NotFoundError.

@@ -854,12 +854,6 @@ func handleKongConsumerRef[T constraints.SupportedKonnectEntityType, TEnt constr
 			client.ObjectKeyFromObject(&consumer), constraints.EntityTypeName[T](), client.ObjectKeyFromObject(ent),
 		)
 	}
-	if cred, ok := any(ent).(*configurationv1alpha1.KongCredentialHMAC); ok {
-		if cred.Status.Konnect == nil {
-			cred.Status.Konnect = &konnectv1alpha1.KonnectEntityStatusWithControlPlaneAndConsumerRefs{}
-		}
-		cred.Status.Konnect.ConsumerID = consumer.Status.Konnect.GetKonnectID()
-	}
 
 	if res, errStatus := updateStatusWithCondition(
 		ctx, cl, ent,

@@ -7,9 +7,6 @@ const (
 	// sync period. It's set to 60m that is virtually infinite for the tests.
 	konnectInfiniteSyncTime = time.Minute * 60
 
-	// konnectSyncTime is used for tests that want to verify behavior of the reconcilers relying on the fixed sync.
-	konnectSyncTime = 100 * time.Millisecond
-
 	// waitTime is a generic wait time for the tests' eventual conditions.
 	waitTime = 10 * time.Second
 

@@ -11,7 +11,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
-	"k8s.io/apimachinery/pkg/watch"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/kong/gateway-operator/controller/konnect"
@@ -35,10 +35,6 @@ func TestKongConsumerCredential_ACL(t *testing.T) {
 
 	mgr, logs := NewManager(t, ctx, cfg, scheme.Get())
 
-	clientWithWatch, err := client.NewWithWatch(mgr.GetConfig(), client.Options{
-		Scheme: scheme.Get(),
-	})
-	require.NoError(t, err)
 	clientNamespaced := client.NewNamespacedClient(mgr.GetClient(), ns.Name)
 
 	apiAuth := deploy.KonnectAPIAuthConfigurationWithProgrammed(t, ctx, clientNamespaced)
@@ -114,7 +110,7 @@ func TestKongConsumerCredential_ACL(t *testing.T) {
 	require.NoError(t, manager.SetupCacheIndicesForKonnectTypes(ctx, mgr, false))
 	reconcilers := []Reconciler{
 		konnect.NewKonnectEntityReconciler(factory, false, mgr.GetClient(),
-			konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialACL](konnectSyncTime),
+			konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialACL](konnectInfiniteSyncTime),
 		),
 	}
 
@@ -141,24 +137,16 @@ func TestKongConsumerCredential_ACL(t *testing.T) {
 		)
 	require.NoError(t, clientNamespaced.Delete(ctx, kongCredentialACL))
 
+	assert.EventuallyWithT(t,
+		func(c *assert.CollectT) {
+			assert.True(c, k8serrors.IsNotFound(
+				clientNamespaced.Get(ctx, client.ObjectKeyFromObject(kongCredentialACL), kongCredentialACL),
+			))
+		}, waitTime, tickTime,
+		"KongCredentialACL wasn't deleted but it should have been",
+	)
+
 	assert.EventuallyWithT(t, func(c *assert.CollectT) {
 		assert.True(c, factory.SDK.KongCredentialsACLSDK.AssertExpectations(t))
 	}, waitTime, tickTime)
-
-	w := setupWatch[configurationv1alpha1.KongCredentialACLList](t, ctx, clientWithWatch, client.InNamespace(ns.Name))
-
-	kongCredentialACL = deploy.KongCredentialACL(t, ctx, clientNamespaced, consumer.Name, aclGroup)
-	t.Logf("redeployed %s KongCredentialACL resource", client.ObjectKeyFromObject(kongCredentialACL))
-	t.Logf("checking if KongConsumer %s removal will delete the associated credentials %s",
-		client.ObjectKeyFromObject(consumer),
-		client.ObjectKeyFromObject(kongCredentialACL),
-	)
-
-	require.NoError(t, clientNamespaced.Delete(ctx, consumer))
-	_ = watchFor(t, ctx, w, watch.Modified,
-		func(c *configurationv1alpha1.KongCredentialACL) bool {
-			return c.Name == kongCredentialACL.Name
-		},
-		"KongCredentialACL wasn't deleted but it should have been",
-	)
 }
@@ -0,0 +1,152 @@
+package envtest
+
+import (
+	"context"
+	"testing"
+
+	sdkkonnectcomp "github.com/Kong/sdk-konnect-go/models/components"
+	sdkkonnectops "github.com/Kong/sdk-konnect-go/models/operations"
+	"github.com/google/uuid"
+	"github.com/samber/lo"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/kong/gateway-operator/controller/konnect"
+	"github.com/kong/gateway-operator/controller/konnect/ops"
+	"github.com/kong/gateway-operator/modules/manager"
+	"github.com/kong/gateway-operator/modules/manager/scheme"
+	"github.com/kong/gateway-operator/test/helpers/deploy"
+
+	configurationv1 "github.com/kong/kubernetes-configuration/api/configuration/v1"
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
+	"github.com/kong/kubernetes-configuration/api/konnect/v1alpha1"
+)
+
+func TestKongConsumerCredential_APIKey(t *testing.T) {
+	t.Parallel()
+	ctx, cancel := Context(t, context.Background())
+	defer cancel()
+
+	// Setup up the envtest environment.
+	cfg, ns := Setup(t, ctx, scheme.Get())
+
+	mgr, logs := NewManager(t, ctx, cfg, scheme.Get())
+
+	clientNamespaced := client.NewNamespacedClient(mgr.GetClient(), ns.Name)
+
+	apiAuth := deploy.KonnectAPIAuthConfigurationWithProgrammed(t, ctx, clientNamespaced)
+	cp := deploy.KonnectGatewayControlPlaneWithID(t, ctx, clientNamespaced, apiAuth)
+
+	consumerID := uuid.NewString()
+	consumer := deploy.KongConsumerWithProgrammed(t, ctx, clientNamespaced, &configurationv1.KongConsumer{
+		Username: "username1",
+		Spec: configurationv1.KongConsumerSpec{
+			ControlPlaneRef: &configurationv1alpha1.ControlPlaneRef{
+				Type: configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef,
+				KonnectNamespacedRef: &configurationv1alpha1.KonnectNamespacedRef{
+					Name: cp.Name,
+				},
+			},
+		},
+	})
+	consumer.Status.Konnect = &v1alpha1.KonnectEntityStatusWithControlPlaneRef{
+		ControlPlaneID: cp.GetKonnectStatus().GetKonnectID(),
+		KonnectEntityStatus: v1alpha1.KonnectEntityStatus{
+			ID:        consumerID,
+			ServerURL: cp.GetKonnectStatus().GetServerURL(),
+			OrgID:     cp.GetKonnectStatus().GetOrgID(),
+		},
+	}
+	require.NoError(t, clientNamespaced.Status().Update(ctx, consumer))
+
+	kongCredentialAPIKey := deploy.KongCredentialAPIKey(t, ctx, clientNamespaced, consumer.Name)
+	keyID := uuid.NewString()
+	tags := []string{
+		"k8s-generation:1",
+		"k8s-group:configuration.konghq.com",
+		"k8s-kind:KongCredentialAPIKey",
+		"k8s-name:" + kongCredentialAPIKey.Name,
+		"k8s-namespace:" + ns.Name,
+		"k8s-uid:" + string(kongCredentialAPIKey.GetUID()),
+		"k8s-version:v1alpha1",
+	}
+
+	factory := ops.NewMockSDKFactory(t)
+	factory.SDK.KongCredentialsAPIKeySDK.EXPECT().
+		CreateKeyAuthWithConsumer(
+			mock.Anything,
+			sdkkonnectops.CreateKeyAuthWithConsumerRequest{
+				ControlPlaneID:              cp.GetKonnectStatus().GetKonnectID(),
+				ConsumerIDForNestedEntities: consumerID,
+				KeyAuthWithoutParents: sdkkonnectcomp.KeyAuthWithoutParents{
+					Key:  lo.ToPtr("key"),
+					Tags: tags,
+				},
+			},
+		).
+		Return(
+			&sdkkonnectops.CreateKeyAuthWithConsumerResponse{
+				KeyAuth: &sdkkonnectcomp.KeyAuth{
+					ID: lo.ToPtr(keyID),
+				},
+			},
+			nil,
+		)
+	factory.SDK.KongCredentialsAPIKeySDK.EXPECT().
+		UpsertKeyAuthWithConsumer(mock.Anything, mock.Anything, mock.Anything).Maybe().
+		Return(
+			&sdkkonnectops.UpsertKeyAuthWithConsumerResponse{
+				KeyAuth: &sdkkonnectcomp.KeyAuth{
+					ID: lo.ToPtr(keyID),
+				},
+			},
+			nil,
+		)
+
+	require.NoError(t, manager.SetupCacheIndicesForKonnectTypes(ctx, mgr, false))
+	reconcilers := []Reconciler{
+		konnect.NewKonnectEntityReconciler(factory, false, mgr.GetClient(),
+			konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialAPIKey](konnectInfiniteSyncTime),
+		),
+	}
+
+	StartReconcilers(ctx, t, mgr, logs, reconcilers...)
+
+	assert.EventuallyWithT(t, func(c *assert.CollectT) {
+		assert.True(c, factory.SDK.KongCredentialsAPIKeySDK.AssertExpectations(t))
+	}, waitTime, tickTime)
+
+	factory.SDK.KongCredentialsAPIKeySDK.EXPECT().
+		DeleteKeyAuthWithConsumer(
+			mock.Anything,
+			sdkkonnectops.DeleteKeyAuthWithConsumerRequest{
+				ControlPlaneID:              cp.GetKonnectStatus().GetKonnectID(),
+				ConsumerIDForNestedEntities: consumerID,
+				KeyAuthID:                   keyID,
+			},
+		).
+		Return(
+			&sdkkonnectops.DeleteKeyAuthWithConsumerResponse{
+				StatusCode: 200,
+			},
+			nil,
+		)
+
+	require.NoError(t, clientNamespaced.Delete(ctx, kongCredentialAPIKey))
+
+	assert.EventuallyWithT(t,
+		func(c *assert.CollectT) {
+			assert.True(c, k8serrors.IsNotFound(
+				clientNamespaced.Get(ctx, client.ObjectKeyFromObject(kongCredentialAPIKey), kongCredentialAPIKey),
+			))
+		}, waitTime, tickTime,
+		"KongCredentialAPIKey wasn't deleted but it should have been",
+	)
+
+	assert.EventuallyWithT(t, func(c *assert.CollectT) {
+		assert.True(c, factory.SDK.KongCredentialsAPIKeySDK.AssertExpectations(t))
+	}, waitTime, tickTime)
+}
@@ -11,7 +11,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
-	"k8s.io/apimachinery/pkg/watch"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/kong/gateway-operator/controller/konnect"
@@ -35,10 +35,6 @@ func TestKongConsumerCredential_BasicAuth(t *testing.T) {
 
 	mgr, logs := NewManager(t, ctx, cfg, scheme.Get())
 
-	clientWithWatch, err := client.NewWithWatch(mgr.GetConfig(), client.Options{
-		Scheme: scheme.Get(),
-	})
-	require.NoError(t, err)
 	clientNamespaced := client.NewNamespacedClient(mgr.GetClient(), ns.Name)
 
 	apiAuth := deploy.KonnectAPIAuthConfigurationWithProgrammed(t, ctx, clientNamespaced)
@@ -116,7 +112,7 @@ func TestKongConsumerCredential_BasicAuth(t *testing.T) {
 	require.NoError(t, manager.SetupCacheIndicesForKonnectTypes(ctx, mgr, false))
 	reconcilers := []Reconciler{
 		konnect.NewKonnectEntityReconciler(factory, false, mgr.GetClient(),
-			konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialBasicAuth](konnectSyncTime),
+			konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialBasicAuth](konnectInfiniteSyncTime),
 		),
 	}
 
@@ -143,24 +139,16 @@ func TestKongConsumerCredential_BasicAuth(t *testing.T) {
 		)
 	require.NoError(t, clientNamespaced.Delete(ctx, kongCredentialBasicAuth))
 
+	assert.EventuallyWithT(t,
+		func(c *assert.CollectT) {
+			assert.True(c, k8serrors.IsNotFound(
+				clientNamespaced.Get(ctx, client.ObjectKeyFromObject(kongCredentialBasicAuth), kongCredentialBasicAuth),
+			))
+		}, waitTime, tickTime,
+		"KongCredentialBasicAuth wasn't deleted but it should have been",
+	)
+
 	assert.EventuallyWithT(t, func(c *assert.CollectT) {
 		assert.True(c, factory.SDK.KongCredentialsBasicAuthSDK.AssertExpectations(t))
 	}, waitTime, tickTime)
-
-	w := setupWatch[configurationv1alpha1.KongCredentialBasicAuthList](t, ctx, clientWithWatch, client.InNamespace(ns.Name))
-
-	kongCredentialBasicAuth = deploy.KongCredentialBasicAuth(t, ctx, clientNamespaced, consumer.Name, username, password)
-	t.Logf("redeployed %s KongCredentialBasicAuth resource", client.ObjectKeyFromObject(kongCredentialBasicAuth))
-	t.Logf("checking if KongConsumer %s removal will delete the associated credentials %s",
-		client.ObjectKeyFromObject(consumer),
-		client.ObjectKeyFromObject(kongCredentialBasicAuth),
-	)
-
-	require.NoError(t, clientNamespaced.Delete(ctx, consumer))
-	_ = watchFor(t, ctx, w, watch.Modified,
-		func(c *configurationv1alpha1.KongCredentialBasicAuth) bool {
-			return c.Name == kongCredentialBasicAuth.Name
-		},
-		"KongCredentialBasicAuth wasn't deleted but it should have been",
-	)
 }
@@ -11,7 +11,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
-	"k8s.io/apimachinery/pkg/watch"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/kong/gateway-operator/controller/konnect"
@@ -35,10 +35,6 @@ func TestKongConsumerCredential_HMAC(t *testing.T) {
 
 	mgr, logs := NewManager(t, ctx, cfg, scheme.Get())
 
-	clientWithWatch, err := client.NewWithWatch(mgr.GetConfig(), client.Options{
-		Scheme: scheme.Get(),
-	})
-	require.NoError(t, err)
 	clientNamespaced := client.NewNamespacedClient(mgr.GetClient(), ns.Name)
 
 	apiAuth := deploy.KonnectAPIAuthConfigurationWithProgrammed(t, ctx, clientNamespaced)
@@ -113,7 +109,7 @@ func TestKongConsumerCredential_HMAC(t *testing.T) {
 	require.NoError(t, manager.SetupCacheIndicesForKonnectTypes(ctx, mgr, false))
 	reconcilers := []Reconciler{
 		konnect.NewKonnectEntityReconciler(factory, false, mgr.GetClient(),
-			konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialHMAC](konnectSyncTime),
+			konnect.WithKonnectEntitySyncPeriod[configurationv1alpha1.KongCredentialHMAC](konnectInfiniteSyncTime),
 		),
 	}
 
@@ -140,24 +136,16 @@ func TestKongConsumerCredential_HMAC(t *testing.T) {
 		)
 	require.NoError(t, clientNamespaced.Delete(ctx, kongCredentialHMAC))
 
+	assert.EventuallyWithT(t,
+		func(c *assert.CollectT) {
+			assert.True(c, k8serrors.IsNotFound(
+				clientNamespaced.Get(ctx, client.ObjectKeyFromObject(kongCredentialHMAC), kongCredentialHMAC),
+			))
+		}, waitTime, tickTime,
+		"KongCredentialHMAC wasn't deleted but it should have been",
+	)
+
 	assert.EventuallyWithT(t, func(c *assert.CollectT) {
 		assert.True(c, factory.SDK.KongCredentialsHMACSDK.AssertExpectations(t))
 	}, waitTime, tickTime)
-
-	w := setupWatch[configurationv1alpha1.KongCredentialHMACList](t, ctx, clientWithWatch, client.InNamespace(ns.Name))
-
-	kongCredentialHMAC = deploy.KongCredentialHMAC(t, ctx, clientNamespaced, consumer.Name)
-	t.Logf("redeployed %s KongCredentialHMAC resource", client.ObjectKeyFromObject(kongCredentialHMAC))
-	t.Logf("checking if KongConsumer %s removal will delete the associated credentials %s",
-		client.ObjectKeyFromObject(consumer),
-		client.ObjectKeyFromObject(kongCredentialHMAC),
-	)
-
-	require.NoError(t, clientNamespaced.Delete(ctx, consumer))
-	_ = watchFor(t, ctx, w, watch.Modified,
-		func(c *configurationv1alpha1.KongCredentialHMAC) bool {
-			return c.Name == kongCredentialHMAC.Name
-		},
-		"KongCredentialHMAC wasn't deleted but it should have been",
-	)
 }