Skip to content

chore: add additional E2E tests for local user management #1931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: add additional E2E tests for local user management #1931

wants to merge 1 commit into from

Conversation

@jgwest
Copy link
Member

@jgwest jgwest commented Nov 7, 2025
edited by coderabbitai bot
Loading

What type of PR is this?

/kind chore

What does this PR do / why we need it:

  • Adds additional E2E tests to the existing local user management tests

Have you updated the necessary documentation?

  • Documentation update is required by this PR.
  • Documentation has been updated.

Summary by CodeRabbit

  • Tests
    • Added a matcher to assert a Secret does not contain a specific data key
    • Enhanced coverage for local user management with staged reconciliation verification and improved timing checks
    • Added scenarios for manually deleted local user Secrets and token renewal verification
    • Reorganized tests with a reusable verification helper and minor wording tweaks in test logs

@coderabbitai
Copy link

coderabbitai bot commented Nov 7, 2025
edited
Loading

Walkthrough

Adds an exported Secret matcher NotHaveDataKey, refactors a local-user management test into a reusable verification helper that sequences multiple reconciliation scenarios, and tweaks a test step description for clarity.

Changes

Cohort / File(s) Summary
Secret fixture matcher
tests/ginkgo/fixture/secret/fixture.go		 Added exported NotHaveDataKey(key string) matcher.GomegaMatcher which checks that a Secret's .data map does not contain the specified key (uses existing fetchSecret and negation of existence check).
Local user management test refactor
tests/ginkgo/parallel/1-052_validate_local_user_management_test.go		 Added imports (uuid, ptr, secret fixture alias); introduced verifyConfigurationIsAsExpected helper to centralize assertions across stages; reorganized test to validate initial state, after local Secret deletion, after argocd-cm deletion, and after adding a new user; added scenarios to simulate manual Secret creation/deletion and consistent/ eventual checks with explicit time windows.
Test step wording
tests/ginkgo/parallel/1-053_validate_local_user_token_renewal_test.go		 Minor wording change in a By() step: updated message to "verifying the Argo CD instance becomes available".

Sequence Diagram(s)

sequenceDiagram
  participant Test as Ginkgo test
  participant K8s as Kubernetes API
  participant Reconciler as Controller/Reconciler
  participant Fixtures as Test fixtures

  rect rgb(240,248,255)
  Note right of Test: Setup initial resources\n(Secret, ConfigMap, ArgoCD CR)
  Test ->> K8s: Create Secret & ConfigMap
  K8s -->> Test: Resources created
  end

  rect rgb(245,255,240)
  Note right of Reconciler: Reconciliation phases\n(ensure users/config)
  Reconciler ->> K8s: Read resources
  Reconciler ->> K8s: Create/Update managed Secrets & ConfigMap
  K8s -->> Reconciler: ACK
  Test ->> Fixtures: verifyConfigurationIsAsExpected(stage: initial)
  Fixtures -->> Test: assertions pass/fail
  end

  rect rgb(255,250,240)
  Note right of Test: Simulate deletions and changes
  Test ->> K8s: Delete local user Secret (manual)
  Test ->> K8s: Delete/Modify argocd-cm
  K8s -->> Reconciler: informs change
  Reconciler ->> K8s: Recreate/cleanup resources
  Test ->> Fixtures: verifyConfigurationIsAsExpected(stage: after-change)
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–30 minutes

  • Pay attention to:
    • tests/ginkgo/fixture/secret/fixture.go — correctness of NotHaveDataKey behavior and logging side-effects.
    • verifyConfigurationIsAsExpected — coverage of edge cases, timing windows (Eventually/Consistently) and whether assertions match intended reconciliation semantics.
    • Scenarios simulating manual Secret creation/deletion — ownerReference and cleanup expectations.

Poem

🐰 I sniffed a secret, found a key not there,
I hopped through tests with tidy, clever care.
Stages checked, reconciler hums along,
Configs and tokens singing the same song.
Bravo—nibbles of code and carrot-praise flair!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding E2E tests for local user management, which aligns with the file modifications across the fixture and test files.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 7, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
tests/ginkgo/parallel/1-052_validate_local_user_management_test.go (2)

173-176: Remove redundant verification calls.

Lines 173-174 and lines 175-176 perform identical checks for argocdSecret existence. The second pair is redundant.

Apply this diff to remove the duplicate checks:

 By("verifying argocd-secret Secret contains token for bob")
 Eventually(argocdSecret).Should(k8sFixture.ExistByName())
 Consistently(argocdSecret, "5s", "1s").Should(k8sFixture.ExistByName())
-Eventually(argocdSecret).Should(k8sFixture.ExistByName())
-Consistently(argocdSecret, "5s", "1s").Should(k8sFixture.ExistByName())
 Eventually(argocdSecret).Should(secretFixture.HaveNonEmptyKeyValue("accounts.bob.tokens"))
 Consistently(argocdSecret, "5s", "1s").Should(secretFixture.HaveNonEmptyKeyValue("accounts.bob.tokens"))

225-231: Remove unnecessary type conversions.

Lines 229-230 use string() casts on string literals, which is redundant since the literals are already strings.

Apply this diff:

 configmap.Update(argocdCMConfigMap, func(cm *corev1.ConfigMap) {
   if cm.Data == nil {
     cm.Data = map[string]string{}
   }
-  cm.Data["accounts.alice"] = string("apiKey")
-  cm.Data["accounts.alice.enabled"] = string("true")
+  cm.Data["accounts.alice"] = "apiKey"
+  cm.Data["accounts.alice.enabled"] = "true"
 })
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2a10f87 and 8a023e1.

📒 Files selected for processing (3)
  • tests/ginkgo/fixture/secret/fixture.go (1 hunks)
  • tests/ginkgo/parallel/1-052_validate_local_user_management_test.go (2 hunks)
  • tests/ginkgo/parallel/1-053_validate_local_user_token_renewal_test.go (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
tests/ginkgo/parallel/1-052_validate_local_user_management_test.go (5)
tests/ginkgo/fixture/argocd/fixture.go (1)
  • Update (23-44)
tests/ginkgo/fixture/k8s/fixture.go (3)
  • ExistByName (101-118)
  • Update (144-161)
  • NotExistByName (122-141)
tests/ginkgo/fixture/secret/fixture.go (4)
  • HaveStringDataKeyValue (74-87)
  • HaveNonEmptyKeyValue (58-71)
  • Update (19-35)
  • NotHaveDataKey (102-109)
tests/ginkgo/fixture/configmap/fixture.go (3)
  • HaveStringDataKeyValue (49-74)
  • Update (20-36)
  • NotHaveStringDataKey (77-83)
tests/ginkgo/fixture/fixture.go (1)
  • CreateRandomE2ETestNamespaceWithCleanupFunc (118-122)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: build-operator
  • GitHub Check: build
  • GitHub Check: Run end-to-end tests (v1.27.1)
  • GitHub Check: Run golangci-lint and gosec
🔇 Additional comments (5)
tests/ginkgo/fixture/secret/fixture.go (1)

101-109: LGTM!

The NotHaveDataKey matcher correctly implements negative assertion for Secret data keys, following the established pattern of other matchers in this file and mirroring the NotHaveStringDataKey matcher in the ConfigMap fixture.

tests/ginkgo/parallel/1-053_validate_local_user_token_renewal_test.go (1)

70-70: LGTM!

Improved wording for clarity.

tests/ginkgo/parallel/1-052_validate_local_user_management_test.go (3)

26-27: LGTM!

The new imports support UUID generation for unique test data and pointer utilities for Kubernetes API fields, both used appropriately in the test scenarios.

Also applies to: 33-33, 36-36

95-134: Well-structured refactoring!

The verifyConfigurationIsAsExpected helper function effectively reduces code duplication and makes the test flow clearer. The use of Eventually and Consistently matchers is appropriate for E2E testing, ensuring resources are not only created but remain stable.

244-282: Excellent test coverage for reconciler cleanup behavior!

The manually crafted Secret with proper labels, owner references, and realistic data effectively validates that the reconciler correctly removes orphaned local user resources. The use of ptr.To() for bool pointers and uuid.NewUUID() for unique test data follows Kubernetes best practices.

@jgwest
chore: add additional E2E tests for local user management
db89e22 
Signed-off-by: Jonathan West <jonwest@redhat.com>
@jgwest jgwest force-pushed the add-local-user-tests-oct-2025 branch from 8a023e1 to db89e22 Compare November 7, 2025 16:45
coderabbitai[bot]
coderabbitai bot reviewed Nov 7, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
tests/ginkgo/parallel/1-052_validate_local_user_management_test.go (2)

102-102: Fix spacing in By statement concatenations.

The string concatenations are missing a space before the dash, resulting in messages like "initial creation- verifying..." instead of "initial creation - verifying...".

Apply this diff:

-		By(description + "- verifying Argo CD argocd-cm ConfigMap references user, and user is enabled")
+		By(description + " - verifying Argo CD argocd-cm ConfigMap references user, and user is enabled")
-		By(description + "- verifying argocd-secret Secret contains token for user")
+		By(description + " - verifying argocd-secret Secret contains token for user")

Also applies to: 108-108

136-180: LGTM: Comprehensive user switching verification.

The test thoroughly validates that switching from alice to bob properly removes old resources and creates new ones in both ConfigMap and Secret.

Minor consistency suggestion: Consider adding explicit timeouts to all Consistently calls (lines 163-164, 179) to match the pattern used elsewhere ("5s", "1s"), though the default timeout is acceptable.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8a023e1 and db89e22.

📒 Files selected for processing (3)
  • tests/ginkgo/fixture/secret/fixture.go (1 hunks)
  • tests/ginkgo/parallel/1-052_validate_local_user_management_test.go (2 hunks)
  • tests/ginkgo/parallel/1-053_validate_local_user_token_renewal_test.go (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • tests/ginkgo/fixture/secret/fixture.go
  • tests/ginkgo/parallel/1-053_validate_local_user_token_renewal_test.go
🧰 Additional context used
🧬 Code graph analysis (1)
tests/ginkgo/parallel/1-052_validate_local_user_management_test.go (5)
tests/ginkgo/fixture/argocd/fixture.go (2)
  • BeAvailable (47-49)
  • Update (23-44)
tests/ginkgo/fixture/k8s/fixture.go (3)
  • ExistByName (101-118)
  • Update (144-161)
  • NotExistByName (122-141)
tests/ginkgo/fixture/secret/fixture.go (4)
  • HaveStringDataKeyValue (74-87)
  • HaveNonEmptyKeyValue (58-71)
  • Update (19-35)
  • NotHaveDataKey (102-109)
tests/ginkgo/fixture/configmap/fixture.go (3)
  • HaveStringDataKeyValue (49-74)
  • Update (20-36)
  • NotHaveStringDataKey (77-83)
tests/ginkgo/fixture/fixture.go (1)
  • CreateRandomE2ETestNamespaceWithCleanupFunc (118-122)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: build
  • GitHub Check: Run golangci-lint and gosec
  • GitHub Check: build-operator
  • GitHub Check: Run end-to-end tests (v1.27.1)
🔇 Additional comments (5)
tests/ginkgo/parallel/1-052_validate_local_user_management_test.go (5)

26-27: LGTM: New imports are properly utilized.

The new imports (uuid, ptr, and secretFixture alias) are appropriately used throughout the expanded test scenarios for generating unique tokens, creating owner references, and Secret-related assertions.

Also applies to: 35-35

73-73: LGTM: Improved test step clarity.

The wording adjustment enhances readability and consistency with other test steps.

95-133: LGTM: Excellent refactoring with the verification helper.

The verifyConfigurationIsAsExpected helper effectively eliminates duplication and provides consistent verification logic across multiple test stages. The staged verification approach (initial creation, after deletions) demonstrates good test design.

183-195: LGTM: Proper cleanup verification when localUsers is removed.

The test correctly validates that removing the localUsers field cleans up the user Secret while preserving the argocd-cm ConfigMap.

198-279: LGTM: Comprehensive leftover resource cleanup test.

This new test case provides excellent coverage for ensuring the reconciler properly cleans up manually created resources that don't correspond to ArgoCD CR configuration. The ArgoCD CRD API version at line 254 (argoproj.io/v1beta1) is the current version, having been upgraded from v1alpha1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jgwest