Skip to content

Commit

Permalink
test: add unit tests for KMP and CertStore controllers (#1439)
Browse files Browse the repository at this point in the history
  • Loading branch information
binbin-li authored May 8, 2024
1 parent 5781305 commit 51c1c00
Show file tree
Hide file tree
Showing 4 changed files with 371 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,21 @@ import (
"testing"

configv1beta1 "github.com/deislabs/ratify/api/v1beta1"
"github.com/deislabs/ratify/internal/constants"
"github.com/deislabs/ratify/pkg/keymanagementprovider"
"github.com/sirupsen/logrus"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
"sigs.k8s.io/controller-runtime/pkg/reconcile"

test "github.com/deislabs/ratify/pkg/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
)

const (
kmpName = "kmpName"
)

// TestUpdateErrorStatus tests the updateErrorStatus method
Expand Down Expand Up @@ -176,3 +184,100 @@ func TestWriteKMProviderStatus(t *testing.T) {
})
}
}

func TestKMPReconcile(t *testing.T) {
tests := []struct {
name string
description string
provider *configv1beta1.KeyManagementProvider
req *reconcile.Request
expectedErr bool
expectedKMPCount int
}{
{
name: "nonexistent KMP",
description: "Reconciling a non-existent KMP CR, it should be deleted from maps",
req: &reconcile.Request{
NamespacedName: types.NamespacedName{Name: "nonexistent"},
},
provider: &configv1beta1.KeyManagementProvider{
ObjectMeta: metav1.ObjectMeta{
Namespace: constants.EmptyNamespace,
Name: kmpName,
},
Spec: configv1beta1.KeyManagementProviderSpec{
Type: "inline",
},
},
expectedErr: false,
expectedKMPCount: 0,
},
{
name: "invalid params",
description: "Received invalid parameters of the KMP Spec, it should fail the reconcile and return an error",
provider: &configv1beta1.KeyManagementProvider{
ObjectMeta: metav1.ObjectMeta{
Namespace: constants.EmptyNamespace,
Name: kmpName,
},
Spec: configv1beta1.KeyManagementProviderSpec{
Type: "inline",
},
},
expectedErr: true,
expectedKMPCount: 0,
},
{
name: "valid params",
description: "Received a valid KMP manifest, it should be added to the cert map",
provider: &configv1beta1.KeyManagementProvider{
ObjectMeta: metav1.ObjectMeta{
Namespace: constants.EmptyNamespace,
Name: kmpName,
},
Spec: configv1beta1.KeyManagementProviderSpec{
Type: "inline",
Parameters: runtime.RawExtension{
Raw: []byte(`{"type": "inline", "contentType": "certificate", "value": "-----BEGIN CERTIFICATE-----\nMIID2jCCAsKgAwIBAgIQXy2VqtlhSkiZKAGhsnkjbDANBgkqhkiG9w0BAQsFADBvMRswGQYDVQQD\nExJyYXRpZnkuZXhhbXBsZS5jb20xDzANBgNVBAsTBk15IE9yZzETMBEGA1UEChMKTXkgQ29tcGFu\neTEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIzMDIwMTIy\nNDUwMFoXDTI0MDIwMTIyNTUwMFowbzEbMBkGA1UEAxMScmF0aWZ5LmV4YW1wbGUuY29tMQ8wDQYD\nVQQLEwZNeSBPcmcxEzARBgNVBAoTCk15IENvbXBhbnkxEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNV\nBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL10bM81\npPAyuraORABsOGS8M76Bi7Guwa3JlM1g2D8CuzSfSTaaT6apy9GsccxUvXd5cmiP1ffna5z+EFmc\nizFQh2aq9kWKWXDvKFXzpQuhyqD1HeVlRlF+V0AfZPvGt3VwUUjNycoUU44ctCWmcUQP/KShZev3\n6SOsJ9q7KLjxxQLsUc4mg55eZUThu8mGB8jugtjsnLUYvIWfHhyjVpGrGVrdkDMoMn+u33scOmrt\nsBljvq9WVo4T/VrTDuiOYlAJFMUae2Ptvo0go8XTN3OjLblKeiK4C+jMn9Dk33oGIT9pmX0vrDJV\nX56w/2SejC1AxCPchHaMuhlwMpftBGkCAwEAAaNyMHAwDgYDVR0PAQH/BAQDAgeAMAkGA1UdEwQC\nMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHwYDVR0jBBgwFoAU0eaKkZj+MS9jCp9Dg1zdv3v/aKww\nHQYDVR0OBBYEFNHmipGY/jEvYwqfQ4Nc3b97/2isMA0GCSqGSIb3DQEBCwUAA4IBAQBNDcmSBizF\nmpJlD8EgNcUCy5tz7W3+AAhEbA3vsHP4D/UyV3UgcESx+L+Nye5uDYtTVm3lQejs3erN2BjW+ds+\nXFnpU/pVimd0aYv6mJfOieRILBF4XFomjhrJOLI55oVwLN/AgX6kuC3CJY2NMyJKlTao9oZgpHhs\nLlxB/r0n9JnUoN0Gq93oc1+OLFjPI7gNuPXYOP1N46oKgEmAEmNkP1etFrEjFRgsdIFHksrmlOlD\nIed9RcQ087VLjmuymLgqMTFX34Q3j7XgN2ENwBSnkHotE9CcuGRW+NuiOeJalL8DBmFXXWwHTKLQ\nPp5g6m1yZXylLJaFLKz7tdMmO355\n-----END CERTIFICATE-----\n"}`),
},
},
},
expectedErr: false,
expectedKMPCount: 1,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
resetKMP()
scheme, _ := test.CreateScheme()
client := fake.NewClientBuilder().WithScheme(scheme)
client.WithObjects(tt.provider)
r := &KeyManagementProviderReconciler{
Scheme: scheme,
Client: client.Build(),
}
var req reconcile.Request
if tt.req != nil {
req = *tt.req
} else {
req = reconcile.Request{
NamespacedName: test.KeyFor(tt.provider),
}
}

_, err := r.Reconcile(context.Background(), req)
if tt.expectedErr != (err != nil) {
t.Fatalf("Reconcile() expected error %v, actual %v", tt.expectedErr, err)
}
certs, _ := keymanagementprovider.GetCertificatesFromMap(context.Background(), kmpName)
if len(certs) != tt.expectedKMPCount {
t.Fatalf("Cert map expected size %v, actual %v", tt.expectedKMPCount, len(certs))
}
})
}
}

func resetKMP() {
keymanagementprovider.DeleteCertificatesFromMap(storeName)
}
101 changes: 101 additions & 0 deletions pkg/controllers/namespaceresource/certificatestore_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,23 @@ limitations under the License.
package namespaceresource

import (
"context"
"fmt"
"testing"

configv1beta1 "github.com/deislabs/ratify/api/v1beta1"
"github.com/deislabs/ratify/internal/constants"
"github.com/deislabs/ratify/pkg/certificateprovider"
"github.com/deislabs/ratify/pkg/certificateprovider/inline"
"github.com/deislabs/ratify/pkg/controllers"
test "github.com/deislabs/ratify/pkg/utils"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
"sigs.k8s.io/controller-runtime/pkg/reconcile"

ctxUtils "github.com/deislabs/ratify/internal/context"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
)

func TestGetCertStoreConfig_ValidConfig(t *testing.T) {
Expand Down Expand Up @@ -183,3 +191,96 @@ func TestGetCertificateProvider(t *testing.T) {
t.Fatalf("Getting unregistered provider should returns an error")
}
}

func TestCertStoreReconcile(t *testing.T) {
tests := []struct {
name string
description string
provider *configv1beta1.CertificateStore
req *reconcile.Request
expectedErr bool
expectedCertCount int
}{
{
name: "nonexistent store",
description: "Reconciling a non-existent certStore CR, it should be deleted from map",
req: &reconcile.Request{
NamespacedName: types.NamespacedName{Name: "nonexistent"},
},
provider: &configv1beta1.CertificateStore{
ObjectMeta: metav1.ObjectMeta{
Namespace: testNamespace,
Name: storeName,
},
Spec: configv1beta1.CertificateStoreSpec{
Provider: "inline",
},
},
expectedErr: false,
expectedCertCount: 0,
},
{
name: "invalid params",
description: "Received invalid parameters of the certStore Spec, it should fail the reconcile and return an error",
provider: &configv1beta1.CertificateStore{
ObjectMeta: metav1.ObjectMeta{
Namespace: testNamespace,
Name: storeName,
},
Spec: configv1beta1.CertificateStoreSpec{
Provider: "inline",
},
},
expectedErr: true,
expectedCertCount: 0,
},
{
name: "valid params",
description: "Received invalid parameters of the certStore Spec, it should fail the reconcile and return an error",
provider: &configv1beta1.CertificateStore{
ObjectMeta: metav1.ObjectMeta{
Namespace: testNamespace,
Name: storeName,
},
Spec: configv1beta1.CertificateStoreSpec{
Provider: "inline",
Parameters: runtime.RawExtension{
Raw: []byte(`{"value": "-----BEGIN CERTIFICATE-----\nMIID2jCCAsKgAwIBAgIQXy2VqtlhSkiZKAGhsnkjbDANBgkqhkiG9w0BAQsFADBvMRswGQYDVQQD\nExJyYXRpZnkuZXhhbXBsZS5jb20xDzANBgNVBAsTBk15IE9yZzETMBEGA1UEChMKTXkgQ29tcGFu\neTEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIzMDIwMTIy\nNDUwMFoXDTI0MDIwMTIyNTUwMFowbzEbMBkGA1UEAxMScmF0aWZ5LmV4YW1wbGUuY29tMQ8wDQYD\nVQQLEwZNeSBPcmcxEzARBgNVBAoTCk15IENvbXBhbnkxEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNV\nBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL10bM81\npPAyuraORABsOGS8M76Bi7Guwa3JlM1g2D8CuzSfSTaaT6apy9GsccxUvXd5cmiP1ffna5z+EFmc\nizFQh2aq9kWKWXDvKFXzpQuhyqD1HeVlRlF+V0AfZPvGt3VwUUjNycoUU44ctCWmcUQP/KShZev3\n6SOsJ9q7KLjxxQLsUc4mg55eZUThu8mGB8jugtjsnLUYvIWfHhyjVpGrGVrdkDMoMn+u33scOmrt\nsBljvq9WVo4T/VrTDuiOYlAJFMUae2Ptvo0go8XTN3OjLblKeiK4C+jMn9Dk33oGIT9pmX0vrDJV\nX56w/2SejC1AxCPchHaMuhlwMpftBGkCAwEAAaNyMHAwDgYDVR0PAQH/BAQDAgeAMAkGA1UdEwQC\nMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHwYDVR0jBBgwFoAU0eaKkZj+MS9jCp9Dg1zdv3v/aKww\nHQYDVR0OBBYEFNHmipGY/jEvYwqfQ4Nc3b97/2isMA0GCSqGSIb3DQEBCwUAA4IBAQBNDcmSBizF\nmpJlD8EgNcUCy5tz7W3+AAhEbA3vsHP4D/UyV3UgcESx+L+Nye5uDYtTVm3lQejs3erN2BjW+ds+\nXFnpU/pVimd0aYv6mJfOieRILBF4XFomjhrJOLI55oVwLN/AgX6kuC3CJY2NMyJKlTao9oZgpHhs\nLlxB/r0n9JnUoN0Gq93oc1+OLFjPI7gNuPXYOP1N46oKgEmAEmNkP1etFrEjFRgsdIFHksrmlOlD\nIed9RcQ087VLjmuymLgqMTFX34Q3j7XgN2ENwBSnkHotE9CcuGRW+NuiOeJalL8DBmFXXWwHTKLQ\nPp5g6m1yZXylLJaFLKz7tdMmO355\n-----END CERTIFICATE-----\n"}`),
},
},
},
expectedErr: false,
expectedCertCount: 1,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
scheme, _ := test.CreateScheme()
client := fake.NewClientBuilder().WithScheme(scheme)
client.WithObjects(tt.provider)
r := &CertificateStoreReconciler{
Scheme: scheme,
Client: client.Build(),
}
var req reconcile.Request
if tt.req != nil {
req = *tt.req
} else {
req = reconcile.Request{
NamespacedName: test.KeyFor(tt.provider),
}
}

_, err := r.Reconcile(context.Background(), req)
if tt.expectedErr != (err != nil) {
t.Fatalf("Reconcile() expected error %v, actual %v", tt.expectedErr, err)
}
ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace)
certs, _ := controllers.NamespacedCertStores.GetCertsFromStore(ctx, testNamespace+constants.NamespaceSeperator+storeName)
if len(certs) != tt.expectedCertCount {
t.Fatalf("Store map expected size %v, actual %v", tt.expectedCertCount, len(certs))
}
})
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,19 @@ import (
"github.com/deislabs/ratify/pkg/keymanagementprovider"
"github.com/sirupsen/logrus"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
"sigs.k8s.io/controller-runtime/pkg/reconcile"

"github.com/deislabs/ratify/internal/constants"
ctxUtils "github.com/deislabs/ratify/internal/context"
test "github.com/deislabs/ratify/pkg/utils"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
)

const (
kmpName = "kmpName"
)

// TestUpdateErrorStatus tests the updateErrorStatus method
Expand Down Expand Up @@ -176,3 +185,96 @@ func TestWriteKMProviderStatus(t *testing.T) {
})
}
}

func TestKMPReconcile(t *testing.T) {
tests := []struct {
name string
description string
provider *configv1beta1.NamespacedKeyManagementProvider
req *reconcile.Request
expectedErr bool
expectedKMPCount int
}{
{
name: "nonexistent KMP",
description: "Reconciling a non-existent KMP CR, it should be deleted from maps",
req: &reconcile.Request{
NamespacedName: types.NamespacedName{Name: "nonexistent"},
},
provider: &configv1beta1.NamespacedKeyManagementProvider{
ObjectMeta: metav1.ObjectMeta{
Namespace: testNamespace,
Name: kmpName,
},
Spec: configv1beta1.NamespacedKeyManagementProviderSpec{
Type: "inline",
},
},
expectedErr: false,
expectedKMPCount: 0,
},
{
name: "invalid params",
description: "Received invalid parameters of the KMP Spec, it should fail the reconcile and return an error",
provider: &configv1beta1.NamespacedKeyManagementProvider{
ObjectMeta: metav1.ObjectMeta{
Namespace: testNamespace,
Name: kmpName,
},
Spec: configv1beta1.NamespacedKeyManagementProviderSpec{
Type: "inline",
},
},
expectedErr: true,
expectedKMPCount: 0,
},
{
name: "valid params",
description: "Received a valid KMP manifest, it should be added to the cert map",
provider: &configv1beta1.NamespacedKeyManagementProvider{
ObjectMeta: metav1.ObjectMeta{
Namespace: testNamespace,
Name: kmpName,
},
Spec: configv1beta1.NamespacedKeyManagementProviderSpec{
Type: "inline",
Parameters: runtime.RawExtension{
Raw: []byte(`{"type": "inline", "contentType": "certificate", "value": "-----BEGIN CERTIFICATE-----\nMIID2jCCAsKgAwIBAgIQXy2VqtlhSkiZKAGhsnkjbDANBgkqhkiG9w0BAQsFADBvMRswGQYDVQQD\nExJyYXRpZnkuZXhhbXBsZS5jb20xDzANBgNVBAsTBk15IE9yZzETMBEGA1UEChMKTXkgQ29tcGFu\neTEQMA4GA1UEBxMHUmVkbW9uZDELMAkGA1UECBMCV0ExCzAJBgNVBAYTAlVTMB4XDTIzMDIwMTIy\nNDUwMFoXDTI0MDIwMTIyNTUwMFowbzEbMBkGA1UEAxMScmF0aWZ5LmV4YW1wbGUuY29tMQ8wDQYD\nVQQLEwZNeSBPcmcxEzARBgNVBAoTCk15IENvbXBhbnkxEDAOBgNVBAcTB1JlZG1vbmQxCzAJBgNV\nBAgTAldBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL10bM81\npPAyuraORABsOGS8M76Bi7Guwa3JlM1g2D8CuzSfSTaaT6apy9GsccxUvXd5cmiP1ffna5z+EFmc\nizFQh2aq9kWKWXDvKFXzpQuhyqD1HeVlRlF+V0AfZPvGt3VwUUjNycoUU44ctCWmcUQP/KShZev3\n6SOsJ9q7KLjxxQLsUc4mg55eZUThu8mGB8jugtjsnLUYvIWfHhyjVpGrGVrdkDMoMn+u33scOmrt\nsBljvq9WVo4T/VrTDuiOYlAJFMUae2Ptvo0go8XTN3OjLblKeiK4C+jMn9Dk33oGIT9pmX0vrDJV\nX56w/2SejC1AxCPchHaMuhlwMpftBGkCAwEAAaNyMHAwDgYDVR0PAQH/BAQDAgeAMAkGA1UdEwQC\nMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHwYDVR0jBBgwFoAU0eaKkZj+MS9jCp9Dg1zdv3v/aKww\nHQYDVR0OBBYEFNHmipGY/jEvYwqfQ4Nc3b97/2isMA0GCSqGSIb3DQEBCwUAA4IBAQBNDcmSBizF\nmpJlD8EgNcUCy5tz7W3+AAhEbA3vsHP4D/UyV3UgcESx+L+Nye5uDYtTVm3lQejs3erN2BjW+ds+\nXFnpU/pVimd0aYv6mJfOieRILBF4XFomjhrJOLI55oVwLN/AgX6kuC3CJY2NMyJKlTao9oZgpHhs\nLlxB/r0n9JnUoN0Gq93oc1+OLFjPI7gNuPXYOP1N46oKgEmAEmNkP1etFrEjFRgsdIFHksrmlOlD\nIed9RcQ087VLjmuymLgqMTFX34Q3j7XgN2ENwBSnkHotE9CcuGRW+NuiOeJalL8DBmFXXWwHTKLQ\nPp5g6m1yZXylLJaFLKz7tdMmO355\n-----END CERTIFICATE-----\n"}`),
},
},
},
expectedErr: false,
expectedKMPCount: 1,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
scheme, _ := test.CreateScheme()
client := fake.NewClientBuilder().WithScheme(scheme)
client.WithObjects(tt.provider)
r := &KeyManagementProviderReconciler{
Scheme: scheme,
Client: client.Build(),
}
var req reconcile.Request
if tt.req != nil {
req = *tt.req
} else {
req = reconcile.Request{
NamespacedName: test.KeyFor(tt.provider),
}
}

_, err := r.Reconcile(context.Background(), req)
if tt.expectedErr != (err != nil) {
t.Fatalf("Reconcile() expected error %v, actual %v", tt.expectedErr, err)
}
ctx := ctxUtils.SetContextWithNamespace(context.Background(), testNamespace)
certs, _ := keymanagementprovider.GetCertificatesFromMap(ctx, testNamespace+constants.NamespaceSeperator+kmpName)
if len(certs) != tt.expectedKMPCount {
t.Fatalf("Cert map expected size %v, actual %v", tt.expectedKMPCount, len(certs))
}
})
}
}
Loading

0 comments on commit 51c1c00

Please sign in to comment.