Skip to content

Commit

Permalink
Clean up test
Browse files Browse the repository at this point in the history
  • Loading branch information
@aamgayle
aamgayle committed Oct 23, 2023
1 parent d3fefca commit 67324cf
Showing 1 changed file with 28 additions and 33 deletions.
61 changes: 28 additions & 33 deletions pkg/controller/keyvault/ingress_secret_provider_class_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ func TestIngressSecretProviderClassReconcilerIntegration(t *testing.T) {
}

func TestIngressSecretProviderClassReconcilerIntegrationWithoutSPCLabels(t *testing.T) {
// Create the ingress
ing := &netv1.Ingress{}
ing.Name = "test-ingress"
ing.Namespace = "default"
Expand Down Expand Up @@ -184,7 +185,7 @@ func TestIngressSecretProviderClassReconcilerIntegrationWithoutSPCLabels(t *test
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("keyvault-%s", ing.Name),
Namespace: ing.Namespace,
Labels: map[string]string{},
Labels: manifests.GetTopLevelLabels(),
OwnerReferences: []metav1.OwnerReference{{
APIVersion: ing.APIVersion,
Controller: util.BoolPtr(true),
Expand All @@ -195,18 +196,38 @@ func TestIngressSecretProviderClassReconcilerIntegrationWithoutSPCLabels(t *test
},
}

// Prove secret class was not removed after first reconcile
require.False(t, errors.IsNotFound(c.Get(ctx, client.ObjectKeyFromObject(spc), spc)))
assert.Equal(t, len(manifests.GetTopLevelLabels()), len(spc.Labels))

// Update it to blank labels
expected := &secv1.SecretProviderClass{
Spec: secv1.SecretProviderClassSpec{
Provider: "azure",
Parameters: map[string]string{
"keyvaultName": "testvault",
"objects": "{\"array\":[\"{\\\"objectName\\\":\\\"testcert\\\",\\\"objectType\\\":\\\"secret\\\",\\\"objectVersion\\\":\\\"f8982febc6894c0697b884f946fb1a34\\\"}\"]}",
"tenantId": i.config.TenantID,
"useVMManagedIdentity": "true",
"userAssignedIdentityID": i.config.MSIClientID,
},
SecretObjects: []*secv1.SecretObject{{
SecretName: spc.Name,
Type: "kubernetes.io/tls",
Data: []*secv1.SecretObjectData{
{ObjectName: "testcert", Key: "tls.key"},
{ObjectName: "testcert", Key: "tls.crt"},
},
}},
},
}
assert.Equal(t, 0, len(spc.Labels))
assert.Equal(t, expected.Spec, spc.Spec)

// Remove the labels from secret provider class
spc.Labels = map[string]string{}
require.NoError(t, i.client.Update(ctx, spc))
assert.Equal(t, 0, len(spc.Labels))

// Remove the cert annotation from the ingress
ing.Annotations = map[string]string{}
require.NoError(t, i.client.Update(ctx, ing))

// Reconcile both changes
beforeErrCount = testutils.GetErrMetricCount(t, ingressSecretProviderControllerName)
beforeRequestCount = testutils.GetReconcileMetricCount(t, ingressSecretProviderControllerName, metrics.LabelSuccess)
_, err = i.Reconcile(ctx, req)
Expand All @@ -226,32 +247,6 @@ func TestIngressSecretProviderClassReconcilerIntegrationWithoutSPCLabels(t *test
require.NoError(t, err)
require.Equal(t, testutils.GetErrMetricCount(t, ingressSecretProviderControllerName), beforeErrCount)
require.Greater(t, testutils.GetReconcileMetricCount(t, ingressSecretProviderControllerName, metrics.LabelSuccess), beforeRequestCount)

expected := &secv1.SecretProviderClass{
Spec: secv1.SecretProviderClassSpec{
Provider: "azure",
Parameters: map[string]string{
"keyvaultName": "testvault",
"objects": "{\"array\":[\"{\\\"objectName\\\":\\\"testcert\\\",\\\"objectType\\\":\\\"secret\\\",\\\"objectVersion\\\":\\\"f8982febc6894c0697b884f946fb1a34\\\"}\"]}",
"tenantId": i.config.TenantID,
"useVMManagedIdentity": "true",
"userAssignedIdentityID": i.config.MSIClientID,
},
SecretObjects: []*secv1.SecretObject{{
SecretName: spc.Name,
Type: "kubernetes.io/tls",
Data: []*secv1.SecretObjectData{
{ObjectName: "testcert", Key: "tls.key"},
{ObjectName: "testcert", Key: "tls.crt"},
},
}},
},
}
assert.Equal(t, 0, len(spc.Labels))
assert.Equal(t, expected.Spec, spc.Spec)

// Prove secret class was not removed after removing ingress anotations
require.False(t, errors.IsNotFound(c.Get(ctx, client.ObjectKeyFromObject(spc), spc)))
}

func TestIngressSecretProviderClassReconcilerInvalidURL(t *testing.T) {
Expand Down

0 comments on commit 67324cf

Please sign in to comment.