Skip to content

Commit

Permalink
test: fix race condition between registry credentials and mirror tests
Browse files Browse the repository at this point in the history
  • Loading branch information
supershal committed Jan 23, 2024
1 parent d54a86e commit 176d403
Show file tree
Hide file tree
Showing 5 changed files with 314 additions and 193 deletions.
28 changes: 22 additions & 6 deletions common/pkg/testutils/capitest/request/items.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ import (

const (
ClusterName = "test-cluster"
KubeadmConfigTemplateRequestObjectName = "test-kubeadmconfigtemplate"
KubeadmControlPlaneTemplateRequestObjectName = "test-kubeadmcontrolplanetemplate"
kubeadmConfigTemplateRequestObjectName = "test-kubeadmconfigtemplate"
kubeadmControlPlaneTemplateRequestObjectName = "test-kubeadmcontrolplanetemplate"
Namespace = corev1.NamespaceDefault
)

Expand All @@ -45,15 +45,24 @@ func NewRequestItem(
}
}

func NewKubeadmConfigTemplateRequestItem(uid types.UID) runtimehooksv1.GeneratePatchesRequestItem {
func NewKubeadmConfigTemplateRequestItem(
uid types.UID,
) runtimehooksv1.GeneratePatchesRequestItem {
return NewKubeadmConfigTemplateRequest(uid, kubeadmConfigTemplateRequestObjectName)
}

func NewKubeadmConfigTemplateRequest(
uid types.UID,
name string,
) runtimehooksv1.GeneratePatchesRequestItem {
return NewRequestItem(
&bootstrapv1.KubeadmConfigTemplate{
TypeMeta: metav1.TypeMeta{
APIVersion: bootstrapv1.GroupVersion.String(),
Kind: "KubeadmConfigTemplate",
},
ObjectMeta: metav1.ObjectMeta{
Name: KubeadmConfigTemplateRequestObjectName,
Name: name,
Namespace: Namespace,
},
Spec: bootstrapv1.KubeadmConfigTemplateSpec{
Expand All @@ -75,8 +84,9 @@ func NewKubeadmConfigTemplateRequestItem(uid types.UID) runtimehooksv1.GenerateP
)
}

func NewKubeadmControlPlaneTemplateRequestItem(
func NewKubeadmControlPlaneTemplateRequest(
uid types.UID,
name string,
) runtimehooksv1.GeneratePatchesRequestItem {
return NewRequestItem(
&controlplanev1.KubeadmControlPlaneTemplate{
Expand All @@ -85,7 +95,7 @@ func NewKubeadmControlPlaneTemplateRequestItem(
Kind: "KubeadmControlPlaneTemplate",
},
ObjectMeta: metav1.ObjectMeta{
Name: KubeadmControlPlaneTemplateRequestObjectName,
Name: name,
Namespace: Namespace,
},
Spec: controlplanev1.KubeadmControlPlaneTemplateSpec{
Expand Down Expand Up @@ -113,6 +123,12 @@ func NewKubeadmControlPlaneTemplateRequestItem(
)
}

func NewKubeadmControlPlaneTemplateRequestItem(
uid types.UID,
) runtimehooksv1.GeneratePatchesRequestItem {
return NewKubeadmControlPlaneTemplateRequest(uid, kubeadmControlPlaneTemplateRequestObjectName)
}

func NewAWSClusterTemplateRequestItem(
uid types.UID,
existingSpec ...capav1.AWSClusterTemplateSpec,
Expand Down
8 changes: 8 additions & 0 deletions pkg/handlers/aws/mutation/metapatch_handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,14 @@ func TestGeneratePatches(t *testing.T) {
imageregistries.VariableName,
)

imageregistrycredentialstests.TestGenerateMirrorPatches(
t,
metaPatchGeneratorFunc(mgr),
mgr.GetClient(),
clusterconfig.MetaVariableName,
imageregistries.VariableName,
)

amitests.TestControlPlaneGeneratePatches(
t,
metaPatchGeneratorFunc(mgr),
Expand Down
8 changes: 8 additions & 0 deletions pkg/handlers/docker/mutation/metapatch_handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -112,4 +112,12 @@ func TestGeneratePatches(t *testing.T) {
clusterconfig.MetaVariableName,
imageregistries.VariableName,
)

imageregistrycredentialstests.TestGenerateMirrorPatches(
t,
metaPatchGeneratorFunc(mgr),
mgr.GetClient(),
clusterconfig.MetaVariableName,
imageregistries.VariableName,
)
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
// Copyright 2023 D2iQ, Inc. All rights reserved.
// SPDX-License-Identifier: Apache-2.0

package tests

import (
"context"
"fmt"
"testing"

"github.com/onsi/gomega"
"github.com/stretchr/testify/require"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/storage/names"
runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
"sigs.k8s.io/controller-runtime/pkg/client"

"github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1"
"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation"
"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/testutils/capitest"
"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/testutils/capitest/request"
)

const (
validMirrorCredentialsSecretName = "my-mirror-registry-credentials"
validMirrorCASecretName = "myregistry-mirror-cacert"
//nolint:gosec // Does not contain hard coded credentials.
cpRegistryAsMirrorCreds = "kubeadmControlPlaneRegistryAsMirrorCreds"
//nolint:gosec // Does not contain hard coded credentials.
workerRegistryAsMirrorCreds = "kubeadmConfigTemplateRegistryAsMirrorCreds"
registryStaticCredentialsSecretSuffix = "registry-config"
)

func TestGenerateMirrorPatches(
t *testing.T,
generatorFunc func() mutation.GeneratePatches,
fakeClient client.Client,
variableName string,
variablePath ...string,
) {
t.Helper()

require.NoError(
t,
fakeClient.Create(
context.Background(),
newRegistryCredentialsSecret(validMirrorCredentialsSecretName, request.Namespace),
),
)

require.NoError(
t,
fakeClient.Create(
context.Background(),
newMirrorSecret(validMirrorCASecretName, request.Namespace),
),
)

// Server side apply does not work with the fake client, hack around it by pre-creating empty Secrets
// https://github.com/kubernetes-sigs/controller-runtime/issues/2341
require.NoError(
t,
fakeClient.Create(
context.Background(),
newEmptySecret(
fmt.Sprintf(
"%s-%s",
cpRegistryAsMirrorCreds,
registryStaticCredentialsSecretSuffix,
),
request.Namespace,
),
),
)

require.NoError(
t,
fakeClient.Create(
context.Background(),
newEmptySecret(
fmt.Sprintf(
"%s-%s",
workerRegistryAsMirrorCreds,
registryStaticCredentialsSecretSuffix,
),
request.Namespace,
),
),
)

capitest.ValidateGeneratePatches(
t,
generatorFunc,
capitest.PatchTestDef{
Name: "files added in KubeadmControlPlaneTemplate for registry with mirror without CA Certificate",
Vars: []runtimehooksv1.Variable{
capitest.VariableWithValue(
variableName,
v1alpha1.ImageRegistries{
v1alpha1.ImageRegistry{
URL: "https://123456789.dkr.ecr.us-east-1.amazonaws.com",
Mirror: &v1alpha1.RegistryMirror{},
},
},
variablePath...,
),
},
RequestItem: request.NewKubeadmControlPlaneTemplateRequestItem(""),
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
{
Operation: "add",
Path: "/spec/template/spec/kubeadmConfigSpec/files",
ValueMatcher: gomega.ContainElements(
gomega.HaveKeyWithValue(
"path", "/etc/containerd/certs.d/_default/hosts.toml",
),
),
},
},
},
capitest.PatchTestDef{
Name: "files added in KubeadmControlPlaneTemplate for registry with mirror with CA Certificate",
Vars: []runtimehooksv1.Variable{
capitest.VariableWithValue(
variableName,
v1alpha1.ImageRegistries{
v1alpha1.ImageRegistry{
URL: "https://mirror-registry.com",
Credentials: &v1alpha1.ImageCredentials{
SecretRef: &corev1.ObjectReference{
Name: validSecretName,
},
},
Mirror: &v1alpha1.RegistryMirror{
SecretRef: &corev1.ObjectReference{
Name: validMirrorCASecretName,
},
},
},
},
variablePath...,
),
},
RequestItem: request.NewKubeadmControlPlaneTemplateRequest("", cpRegistryAsMirrorCreds),
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
{
Operation: "add",
Path: "/spec/template/spec/kubeadmConfigSpec/files",
ValueMatcher: gomega.ContainElements(
gomega.HaveKeyWithValue(
"path", "/etc/containerd/certs.d/_default/hosts.toml",
),
gomega.HaveKeyWithValue(
"path", "/etc/certs/mirror.pem",
),
),
},
},
},
capitest.PatchTestDef{
Name: "files added in KubeadmConfigTemplate for registry mirror wihthout CA certificate",
Vars: []runtimehooksv1.Variable{
capitest.VariableWithValue(
variableName,
v1alpha1.ImageRegistries{
v1alpha1.ImageRegistry{
URL: "https://123456789.dkr.ecr.us-east-1.amazonaws.com",
Mirror: &v1alpha1.RegistryMirror{},
},
},
variablePath...,
),
capitest.VariableWithValue(
"builtin",
map[string]any{
"machineDeployment": map[string]any{
"class": names.SimpleNameGenerator.GenerateName("worker-"),
},
},
),
},
RequestItem: request.NewKubeadmConfigTemplateRequestItem(""),
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
{
Operation: "add",
Path: "/spec/template/spec/files",
ValueMatcher: gomega.ContainElements(
gomega.HaveKeyWithValue(
"path", "/etc/containerd/certs.d/_default/hosts.toml",
),
),
},
},
},
capitest.PatchTestDef{
Name: "files added in KubeadmConfigTemplate for registry mirror with secret for CA certificate",
Vars: []runtimehooksv1.Variable{
capitest.VariableWithValue(
variableName,
v1alpha1.ImageRegistries{
v1alpha1.ImageRegistry{
URL: "https://mirror-registry.io",
Credentials: &v1alpha1.ImageCredentials{
SecretRef: &corev1.ObjectReference{
Name: validSecretName,
},
},
Mirror: &v1alpha1.RegistryMirror{
SecretRef: &corev1.ObjectReference{
Name: validMirrorCASecretName,
},
},
},
},
variablePath...,
),
capitest.VariableWithValue(
"builtin",
map[string]any{
"machineDeployment": map[string]any{
"class": names.SimpleNameGenerator.GenerateName("worker-"),
},
},
),
},
RequestItem: request.NewKubeadmConfigTemplateRequest("", workerRegistryAsMirrorCreds),
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
{
Operation: "add",
Path: "/spec/template/spec/files",
ValueMatcher: gomega.ContainElements(
gomega.HaveKeyWithValue(
"path", "/etc/containerd/certs.d/_default/hosts.toml",
),
gomega.HaveKeyWithValue(
"path", "/etc/certs/mirror.pem",
),
),
},
},
},
)
}

func newMirrorSecret(name, namespace string) *corev1.Secret {
secretData := map[string][]byte{
"ca.crt": []byte("myCACert"),
}
return &corev1.Secret{
TypeMeta: metav1.TypeMeta{
APIVersion: "v1",
Kind: "Secret",
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
},
Data: secretData,
Type: corev1.SecretTypeOpaque,
}
}
Loading

0 comments on commit 176d403

Please sign in to comment.