Skip to content

Commit d43bbc5

Browse files
dkoshkindkoshkin
committed
test: add failing tests when Mirror Secret is missing CA key
1 parent b4bd9cd commit d43bbc5

File tree

1 file changed

+110
-10
lines changed

1 file changed

+110
-10
lines changed

pkg/handlers/generic/mutation/mirrors/inject_test.go

Lines changed: 110 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,8 @@ import (
2222
)
2323

2424
const (
25-
validMirrorCASecretName = "myregistry-mirror-cacert"
25+
validMirrorCASecretName = "myregistry-mirror-cacert"
26+
validMirrorNoCASecretName = "myregistry-mirror-no-cacert"
2627
//nolint:gosec // Does not contain hard coded credentials.
2728
cpRegistryAsMirrorCreds = "kubeadmControlPlaneRegistryAsMirrorCreds"
2829
//nolint:gosec // Does not contain hard coded credentials.
@@ -50,7 +51,7 @@ var _ = Describe("Generate Global mirror patches", func() {
5051

5152
testDefs := []capitest.PatchTestDef{
5253
{
53-
Name: "files added in KubeadmControlPlaneTemplate for registry with mirror without CA Certificate",
54+
Name: "files added in KubeadmControlPlaneTemplate for registry with mirror without CA Certificate secret",
5455
Vars: []runtimehooksv1.Variable{
5556
capitest.VariableWithValue(
5657
v1alpha1.ClusterConfigVariableName,
@@ -65,7 +66,7 @@ var _ = Describe("Generate Global mirror patches", func() {
6566
{
6667
Operation: "add",
6768
Path: "/spec/template/spec/kubeadmConfigSpec/files",
68-
ValueMatcher: gomega.ContainElements(
69+
ValueMatcher: gomega.HaveExactElements(
6970
gomega.HaveKeyWithValue(
7071
"path", "/etc/containerd/certs.d/_default/hosts.toml",
7172
),
@@ -97,7 +98,7 @@ var _ = Describe("Generate Global mirror patches", func() {
9798
{
9899
Operation: "add",
99100
Path: "/spec/template/spec/kubeadmConfigSpec/files",
100-
ValueMatcher: gomega.ContainElements(
101+
ValueMatcher: gomega.HaveExactElements(
101102
gomega.HaveKeyWithValue(
102103
"path", "/etc/containerd/certs.d/_default/hosts.toml",
103104
),
@@ -112,7 +113,39 @@ var _ = Describe("Generate Global mirror patches", func() {
112113
},
113114
},
114115
{
115-
Name: "files added in KubeadmConfigTemplate for registry mirror wihthout CA certificate",
116+
Name: "files added in KubeadmControlPlaneTemplate for registry mirror with secret but missing CA certificate key",
117+
Vars: []runtimehooksv1.Variable{
118+
capitest.VariableWithValue(
119+
v1alpha1.ClusterConfigVariableName,
120+
v1alpha1.GlobalImageRegistryMirror{
121+
URL: "https://registry.example.com",
122+
Credentials: &v1alpha1.RegistryCredentials{
123+
SecretRef: &v1alpha1.LocalObjectReference{
124+
Name: validMirrorNoCASecretName,
125+
},
126+
},
127+
},
128+
v1alpha1.GlobalMirrorVariableName,
129+
),
130+
},
131+
RequestItem: request.NewKubeadmControlPlaneTemplateRequest("", cpRegistryAsMirrorCreds),
132+
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
133+
{
134+
Operation: "add",
135+
Path: "/spec/template/spec/kubeadmConfigSpec/files",
136+
ValueMatcher: gomega.HaveExactElements(
137+
gomega.HaveKeyWithValue(
138+
"path", "/etc/containerd/certs.d/_default/hosts.toml",
139+
),
140+
gomega.HaveKeyWithValue(
141+
"path", "/etc/caren/containerd/patches/registry-config.toml",
142+
),
143+
),
144+
},
145+
},
146+
},
147+
{
148+
Name: "files added in KubeadmConfigTemplate for registry mirror wihthout CA certificate secret",
116149
Vars: []runtimehooksv1.Variable{
117150
capitest.VariableWithValue(
118151
v1alpha1.ClusterConfigVariableName,
@@ -135,7 +168,7 @@ var _ = Describe("Generate Global mirror patches", func() {
135168
{
136169
Operation: "add",
137170
Path: "/spec/template/spec/files",
138-
ValueMatcher: gomega.ContainElements(
171+
ValueMatcher: gomega.HaveExactElements(
139172
gomega.HaveKeyWithValue(
140173
"path", "/etc/containerd/certs.d/_default/hosts.toml",
141174
),
@@ -175,7 +208,7 @@ var _ = Describe("Generate Global mirror patches", func() {
175208
{
176209
Operation: "add",
177210
Path: "/spec/template/spec/files",
178-
ValueMatcher: gomega.ContainElements(
211+
ValueMatcher: gomega.HaveExactElements(
179212
gomega.HaveKeyWithValue(
180213
"path", "/etc/containerd/certs.d/_default/hosts.toml",
181214
),
@@ -189,6 +222,46 @@ var _ = Describe("Generate Global mirror patches", func() {
189222
},
190223
},
191224
},
225+
{
226+
Name: "files added in KubeadmConfigTemplate for registry mirror with secret but missing CA certificate key",
227+
Vars: []runtimehooksv1.Variable{
228+
capitest.VariableWithValue(
229+
v1alpha1.ClusterConfigVariableName,
230+
v1alpha1.GlobalImageRegistryMirror{
231+
URL: "https://registry.example.com",
232+
Credentials: &v1alpha1.RegistryCredentials{
233+
SecretRef: &v1alpha1.LocalObjectReference{
234+
Name: validMirrorNoCASecretName,
235+
},
236+
},
237+
},
238+
v1alpha1.GlobalMirrorVariableName,
239+
),
240+
capitest.VariableWithValue(
241+
"builtin",
242+
map[string]any{
243+
"machineDeployment": map[string]any{
244+
"class": names.SimpleNameGenerator.GenerateName("worker-"),
245+
},
246+
},
247+
),
248+
},
249+
RequestItem: request.NewKubeadmConfigTemplateRequest("", workerRegistryAsMirrorCreds),
250+
ExpectedPatchMatchers: []capitest.JSONPatchMatcher{
251+
{
252+
Operation: "add",
253+
Path: "/spec/template/spec/files",
254+
ValueMatcher: gomega.HaveExactElements(
255+
gomega.HaveKeyWithValue(
256+
"path", "/etc/containerd/certs.d/_default/hosts.toml",
257+
),
258+
gomega.HaveKeyWithValue(
259+
"path", "/etc/caren/containerd/patches/registry-config.toml",
260+
),
261+
),
262+
},
263+
},
264+
},
192265
}
193266

194267
// Create credentials secret before each test
@@ -197,7 +270,11 @@ var _ = Describe("Generate Global mirror patches", func() {
197270
gomega.Expect(err).To(gomega.BeNil())
198271
gomega.Expect(client.Create(
199272
ctx,
200-
newMirrorSecret(validMirrorCASecretName, request.Namespace),
273+
newMirrorSecretWithCA(validMirrorCASecretName, request.Namespace),
274+
)).To(gomega.BeNil())
275+
gomega.Expect(client.Create(
276+
ctx,
277+
newMirrorSecretWithoutCA(validMirrorNoCASecretName, request.Namespace),
201278
)).To(gomega.BeNil())
202279
})
203280

@@ -207,7 +284,11 @@ var _ = Describe("Generate Global mirror patches", func() {
207284
gomega.Expect(err).To(gomega.BeNil())
208285
gomega.Expect(client.Delete(
209286
ctx,
210-
newMirrorSecret(validMirrorCASecretName, request.Namespace),
287+
newMirrorSecretWithCA(validMirrorCASecretName, request.Namespace),
288+
)).To(gomega.BeNil())
289+
gomega.Expect(client.Delete(
290+
ctx,
291+
newMirrorSecretWithoutCA(validMirrorNoCASecretName, request.Namespace),
211292
)).To(gomega.BeNil())
212293
})
213294

@@ -220,7 +301,7 @@ var _ = Describe("Generate Global mirror patches", func() {
220301
}
221302
})
222303

223-
func newMirrorSecret(name, namespace string) *corev1.Secret {
304+
func newMirrorSecretWithCA(name, namespace string) *corev1.Secret {
224305
secretData := map[string][]byte{
225306
"ca.crt": []byte("myCACert"),
226307
}
@@ -238,6 +319,25 @@ func newMirrorSecret(name, namespace string) *corev1.Secret {
238319
}
239320
}
240321

322+
func newMirrorSecretWithoutCA(name, namespace string) *corev1.Secret {
323+
secretData := map[string][]byte{
324+
"username": []byte("user"),
325+
"password": []byte("pass"),
326+
}
327+
return &corev1.Secret{
328+
TypeMeta: metav1.TypeMeta{
329+
APIVersion: "v1",
330+
Kind: "Secret",
331+
},
332+
ObjectMeta: metav1.ObjectMeta{
333+
Name: name,
334+
Namespace: namespace,
335+
},
336+
Data: secretData,
337+
Type: corev1.SecretTypeOpaque,
338+
}
339+
}
340+
241341
func Test_needContainerdConfiguration(t *testing.T) {
242342
t.Parallel()
243343
tests := []struct {

0 commit comments

Comments
 (0)