From 108cdac29bc6dfc1f09b6b9494ed19b073cf38e4 Mon Sep 17 00:00:00 2001 From: volodymyrZotov Date: Thu, 15 Sep 2022 18:08:56 +0300 Subject: [PATCH 1/7] add "Should not update K8s secret testcase" --- .../onepassworditem_controller_test.go | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/controllers/onepassworditem_controller_test.go b/controllers/onepassworditem_controller_test.go index 3971482..b0ee9fc 100644 --- a/controllers/onepassworditem_controller_test.go +++ b/controllers/onepassworditem_controller_test.go @@ -240,5 +240,58 @@ var _ = Describe("OnePasswordItem controller", func() { return k8sClient.Get(ctx, key, f) }, timeout, interval).ShouldNot(Succeed()) }) + + It("Should not update K8s secret if OnePasswordItem Version or VaultPath has not changed", func() { + ctx := context.Background() + spec := onepasswordv1.OnePasswordItemSpec{ + ItemPath: itemPath, + } + + key := types.NamespacedName{ + Name: "item321", + Namespace: namespace, + } + + toCreate := &onepasswordv1.OnePasswordItem{ + ObjectMeta: metav1.ObjectMeta{ + Name: key.Name, + Namespace: key.Namespace, + }, + Spec: spec, + } + + By("Creating a new OnePasswordItem successfully") + Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) + + item := &onepasswordv1.OnePasswordItem{} + Eventually(func() bool { + err := k8sClient.Get(ctx, key, item) + return err == nil + }, timeout, interval).Should(BeTrue()) + + By("Creating the K8s secret successfully") + createdSecret := &v1.Secret{} + Eventually(func() bool { + err := k8sClient.Get(ctx, key, createdSecret) + return err == nil + }, timeout, interval).Should(BeTrue()) + Expect(createdSecret.Data).Should(Equal(expectedSecretData)) + + By("Updating OnePasswordItem with the same value") + Eventually(func() bool { + item.Type = "Opaque" + // TODO: test fails cause of this + err := k8sClient.Update(ctx, item) + return err == nil + }, timeout, interval).Should(BeTrue()) + + By("Reading the K8s secret secret once again") + createdSecret2 := &v1.Secret{} + Eventually(func() bool { + err := k8sClient.Get(ctx, key, createdSecret2) + return err == nil + }, timeout, interval).Should(BeTrue()) + Expect(createdSecret2.Data).Should(Equal(expectedSecretData)) + }) }) }) From 11b1eae4e1affc2c5eb2096e4111df69c965c136 Mon Sep 17 00:00:00 2001 From: volodymyrZotov Date: Mon, 19 Sep 2022 18:49:57 +0300 Subject: [PATCH 2/7] cover onepassworditem_controller with tests --- .../onepassworditem_controller_test.go | 197 ++++++++++++++++-- 1 file changed, 179 insertions(+), 18 deletions(-) diff --git a/controllers/onepassworditem_controller_test.go b/controllers/onepassworditem_controller_test.go index b0ee9fc..684a33b 100644 --- a/controllers/onepassworditem_controller_test.go +++ b/controllers/onepassworditem_controller_test.go @@ -27,11 +27,12 @@ const ( var _ = Describe("OnePasswordItem controller", func() { BeforeEach(func() { // failed test runs that don't clean up leave resources behind. - k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) - k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) + err := k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) + Expect(err).ToNot(HaveOccurred()) + err2 := k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) + Expect(err2).ToNot(HaveOccurred()) mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { - item := onepassword.Item{} item.Fields = []*onepassword.ItemField{} for k, v := range itemData { @@ -44,13 +45,6 @@ var _ = Describe("OnePasswordItem controller", func() { } }) - // TODO: Implement the following missing tests: - // - K8s secret is not updated if OnePasswordItem Version or VaultPath has not changed - // - Update type of existing K8s Secret using OnePasswordItem - // - Create a custom K8s Secret type using OnePasswordItem (e.g. .dockerconfigjson) - // - Operator should throw an error if secret type is changed - // - Secret from 1Password item with `-`, `_` and `.` - Context("Happy path", func() { It("Should handle 1Password Item and secret correctly", func() { ctx := context.Background() @@ -248,7 +242,7 @@ var _ = Describe("OnePasswordItem controller", func() { } key := types.NamespacedName{ - Name: "item321", + Name: ItemName, Namespace: namespace, } @@ -277,21 +271,188 @@ var _ = Describe("OnePasswordItem controller", func() { }, timeout, interval).Should(BeTrue()) Expect(createdSecret.Data).Should(Equal(expectedSecretData)) - By("Updating OnePasswordItem with the same value") + By("Updating OnePasswordItem type") Eventually(func() bool { - item.Type = "Opaque" - // TODO: test fails cause of this + err1 := k8sClient.Get(ctx, key, item) + if err1 != nil { + return false + } + item.Type = string(v1.SecretTypeOpaque) err := k8sClient.Update(ctx, item) return err == nil }, timeout, interval).Should(BeTrue()) - By("Reading the K8s secret secret once again") - createdSecret2 := &v1.Secret{} + By("Reading K8s secret") + secret := &v1.Secret{} Eventually(func() bool { - err := k8sClient.Get(ctx, key, createdSecret2) + err := k8sClient.Get(ctx, key, secret) return err == nil }, timeout, interval).Should(BeTrue()) - Expect(createdSecret2.Data).Should(Equal(expectedSecretData)) + Expect(secret.Data).Should(Equal(expectedSecretData)) + }) + + It("Should update type of existing K8s Secret using OnePasswordItem", func() { + ctx := context.Background() + spec := onepasswordv1.OnePasswordItemSpec{ + ItemPath: itemPath, + } + + key := types.NamespacedName{ + Name: "test5", + Namespace: namespace, + } + + toCreate := &onepasswordv1.OnePasswordItem{ + ObjectMeta: metav1.ObjectMeta{ + Name: key.Name, + Namespace: key.Namespace, + }, + Spec: spec, + Type: string(v1.SecretTypeBasicAuth), + } + + By("Creating a new OnePasswordItem successfully") + Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) + + By("Reading K8s secret") + secret := &v1.Secret{} + Eventually(func() bool { + err := k8sClient.Get(ctx, key, secret) + return err == nil + }, timeout, interval).Should(BeTrue()) + Expect(secret.Type).Should(Equal(v1.SecretTypeBasicAuth)) + }) + + It("Should create custom K8s Secret type using OnePasswordItem", func() { + const customType = "CustomType" + ctx := context.Background() + spec := onepasswordv1.OnePasswordItemSpec{ + ItemPath: itemPath, + } + + key := types.NamespacedName{ + Name: "test6", + Namespace: namespace, + } + + toCreate := &onepasswordv1.OnePasswordItem{ + ObjectMeta: metav1.ObjectMeta{ + Name: key.Name, + Namespace: key.Namespace, + }, + Spec: spec, + Type: customType, + } + + By("Creating a new OnePasswordItem successfully") + Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) + + By("Reading K8s secret") + secret := &v1.Secret{} + Eventually(func() bool { + err := k8sClient.Get(ctx, key, secret) + if err != nil { + return false + } + return true + }, timeout, interval).Should(BeTrue()) + Expect(secret.Type).Should(Equal(v1.SecretType(customType))) + }) + + It("Should throw an error if K8s Secret type is changed", func() { + ctx := context.Background() + spec := onepasswordv1.OnePasswordItemSpec{ + ItemPath: itemPath, + } + + key := types.NamespacedName{ + Name: "test7", + Namespace: namespace, + } + + toCreate := &onepasswordv1.OnePasswordItem{ + ObjectMeta: metav1.ObjectMeta{ + Name: key.Name, + Namespace: key.Namespace, + }, + Spec: spec, + } + + By("Creating a new OnePasswordItem successfully") + Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) + + By("Reading K8s secret") + secret := &v1.Secret{} + Eventually(func() bool { + err := k8sClient.Get(ctx, key, secret) + if err != nil { + return false + } + return true + }, timeout, interval).Should(BeTrue()) + + By("Updating K8s secret type throw an error") + Eventually(func() bool { + secret.Type = v1.SecretTypeBasicAuth + err := k8sClient.Update(ctx, secret) + if err != nil { + return false + } + return true + }, timeout, interval).Should(BeFalse()) + }) + }) + + Context("Failing part", func() { + When("OnePasswordItem name contains `_`", func() { + It("An error occurred", func() { + ctx := context.Background() + spec := onepasswordv1.OnePasswordItemSpec{ + ItemPath: itemPath, + } + + key := types.NamespacedName{ + Name: "invalid_name", + Namespace: namespace, + } + + toCreate := &onepasswordv1.OnePasswordItem{ + ObjectMeta: metav1.ObjectMeta{ + Name: key.Name, + Namespace: key.Namespace, + }, + Spec: spec, + } + + By("Creating a new OnePasswordItem") + Expect(k8sClient.Create(ctx, toCreate)).To(HaveOccurred()) + + }) + }) + + When("OnePasswordItem name contains capital letters", func() { + It("An error occurred", func() { + ctx := context.Background() + spec := onepasswordv1.OnePasswordItemSpec{ + ItemPath: itemPath, + } + + key := types.NamespacedName{ + Name: "invalidName", + Namespace: namespace, + } + + toCreate := &onepasswordv1.OnePasswordItem{ + ObjectMeta: metav1.ObjectMeta{ + Name: key.Name, + Namespace: key.Namespace, + }, + Spec: spec, + } + + By("Creating a new OnePasswordItem") + Expect(k8sClient.Create(ctx, toCreate)).To(HaveOccurred()) + }) }) }) }) From 256b1e09fd974f83db0c0e600e395575c575c528 Mon Sep 17 00:00:00 2001 From: volodymyrZotov Date: Wed, 21 Sep 2022 12:09:40 +0300 Subject: [PATCH 3/7] added tests for deployment_controller --- controllers/deployment_controller_test.go | 439 ++++++++++++++++++---- controllers/suite_test.go | 17 + 2 files changed, 380 insertions(+), 76 deletions(-) diff --git a/controllers/deployment_controller_test.go b/controllers/deployment_controller_test.go index 509e8d6..493eb78 100644 --- a/controllers/deployment_controller_test.go +++ b/controllers/deployment_controller_test.go @@ -2,10 +2,10 @@ package controllers import ( "context" - "github.com/1Password/connect-sdk-go/onepassword" "github.com/1Password/onepassword-operator/pkg/mocks" op "github.com/1Password/onepassword-operator/pkg/onepassword" + "time" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -19,21 +19,94 @@ import ( onepasswordv1 "github.com/1Password/onepassword-operator/api/v1" ) +const ( + deploymentKind = "Deployment" + deploymentAPIVersion = "v1" + deploymentName = "test-deployment" +) + var _ = Describe("Deployment controller", func() { - const ( - deploymentKind = "Deployment" - deploymentAPIVersion = "v1" - deploymentName = "test-deployment" - ) + var ctx context.Context + var deploymentKey types.NamespacedName + var secretKey types.NamespacedName + var deploymentResource *appsv1.Deployment + createdSecret := &v1.Secret{} - BeforeEach(func() { + MakeDeployment := func() { + ctx = context.Background() + + deploymentKey = types.NamespacedName{ + Name: deploymentName, + Namespace: namespace, + } + + secretKey = types.NamespacedName{ + Name: ItemName, + Namespace: namespace, + } + + By("Deploying a pod with proper annotations successfully") + deploymentResource = &appsv1.Deployment{ + TypeMeta: metav1.TypeMeta{ + Kind: deploymentKind, + APIVersion: deploymentAPIVersion, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: deploymentKey.Name, + Namespace: deploymentKey.Namespace, + Annotations: map[string]string{ + op.ItemPathAnnotation: itemPath, + op.NameAnnotation: ItemName, + }, + }, + Spec: appsv1.DeploymentSpec{ + Template: v1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{"app": deploymentName}, + }, + Spec: v1.PodSpec{ + Containers: []v1.Container{ + { + Name: deploymentName, + Image: "eu.gcr.io/kyma-project/example/http-db-service:0.0.6", + ImagePullPolicy: "IfNotPresent", + }, + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"app": deploymentName}, + }, + }, + } + Expect(k8sClient.Create(ctx, deploymentResource)).Should(Succeed()) + + By("Creating the K8s secret successfully") + time.Sleep(time.Millisecond * 100) + Eventually(func() bool { + err := k8sClient.Get(ctx, secretKey, createdSecret) + if err != nil { + return false + } + return true + }, timeout, interval).Should(BeTrue()) + Expect(createdSecret.Data).Should(Equal(expectedSecretData)) + } + + var CleanK8sResources = func() { // failed test runs that don't clean up leave resources behind. - k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) - k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) - k8sClient.DeleteAllOf(context.Background(), &appsv1.Deployment{}, client.InNamespace(namespace)) + err := k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) + Expect(err).ToNot(HaveOccurred()) + err2 := k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) + Expect(err2).ToNot(HaveOccurred()) + + err3 := k8sClient.DeleteAllOf(context.Background(), &appsv1.Deployment{}, client.InNamespace(namespace)) + Expect(err3).ToNot(HaveOccurred()) + } + + var MockGetItemFunc = func() { mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { - item := onepassword.Item{} item.Fields = []*onepassword.ItemField{} for k, v := range itemData { @@ -44,75 +117,17 @@ var _ = Describe("Deployment controller", func() { item.ID = uuid return &item, nil } - }) + } - // TODO: Implement the following test cases: - // - Updating Existing K8s Secret using Deployment - // - Do not update if Annotations have not changed - // - Delete Deployment where secret is being used in another deployment's container - // - Delete Deployment where secret is being used in another deployment's volumes + BeforeEach(func() { + CleanK8sResources() + MockGetItemFunc() + time.Sleep(time.Second) // TODO: can we achieve that with ginkgo? + MakeDeployment() + }) Context("Deployment with secrets from 1Password", func() { It("Should Handle a deployment correctly", func() { - ctx := context.Background() - - deploymentKey := types.NamespacedName{ - Name: deploymentName, - Namespace: namespace, - } - - secretKey := types.NamespacedName{ - Name: ItemName, - Namespace: namespace, - } - - By("Deploying a pod with proper annotations successfully") - deploymentResource := &appsv1.Deployment{ - TypeMeta: metav1.TypeMeta{ - Kind: deploymentKind, - APIVersion: deploymentAPIVersion, - }, - ObjectMeta: metav1.ObjectMeta{ - Name: deploymentKey.Name, - Namespace: deploymentKey.Namespace, - Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: ItemName, - }, - }, - Spec: appsv1.DeploymentSpec{ - Template: v1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{"app": deploymentName}, - }, - Spec: v1.PodSpec{ - Containers: []v1.Container{ - { - Name: deploymentName, - Image: "eu.gcr.io/kyma-project/example/http-db-service:0.0.6", - ImagePullPolicy: "IfNotPresent", - }, - }, - }, - }, - Selector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"app": deploymentName}, - }, - }, - } - Expect(k8sClient.Create(ctx, deploymentResource)).Should(Succeed()) - - By("Creating the K8s secret successfully") - createdSecret := &v1.Secret{} - Eventually(func() bool { - err := k8sClient.Get(ctx, secretKey, createdSecret) - if err != nil { - return false - } - return true - }, timeout, interval).Should(BeTrue()) - Expect(createdSecret.Data).Should(Equal(expectedSecretData)) - By("Deleting the pod") Eventually(func() error { f := &appsv1.Deployment{} @@ -133,5 +148,277 @@ var _ = Describe("Deployment controller", func() { return k8sClient.Get(ctx, secretKey, f) }, timeout, interval).ShouldNot(Succeed()) }) + + It("Should update existing K8s Secret using deployment", func() { + By("Updating secret") + mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { + item := onepassword.Item{} + item.Fields = []*onepassword.ItemField{} + for k, v := range itemData2 { + item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) + } + item.Version = version2 + item.Vault.ID = vaultUUID + item.ID = uuid + return &item, nil + } + Eventually(func() error { + updatedDeployment := &appsv1.Deployment{ + TypeMeta: metav1.TypeMeta{ + Kind: deploymentKind, + APIVersion: deploymentAPIVersion, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: deploymentKey.Name, + Namespace: deploymentKey.Namespace, + Annotations: map[string]string{ + op.ItemPathAnnotation: itemPath2, + op.NameAnnotation: ItemName, + }, + }, + Spec: appsv1.DeploymentSpec{ + Template: v1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{"app": deploymentName}, + }, + Spec: v1.PodSpec{ + Containers: []v1.Container{ + { + Name: deploymentName, + Image: "eu.gcr.io/kyma-project/example/http-db-service:0.0.6", + ImagePullPolicy: "IfNotPresent", + }, + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"app": deploymentName}, + }, + }, + } + err := k8sClient.Update(ctx, updatedDeployment) + if err != nil { + return err + } + return nil + }, timeout, interval).Should(Succeed()) + + // TODO: can we achieve the same without sleep? + time.Sleep(time.Millisecond * 10) + By("Reading updated K8s secret") + updatedSecret := &v1.Secret{} + Eventually(func() bool { + err := k8sClient.Get(ctx, secretKey, updatedSecret) + if err != nil { + return false + } + return true + }, timeout, interval).Should(BeTrue()) + Expect(updatedSecret.Data).Should(Equal(expectedSecretData2)) + }) + + It("Should not update if Annotations have not changed", func() { + deployment1 := &appsv1.Deployment{} + k8sClient.Get(ctx, deploymentKey, deployment1) + + By("Updating secret without changing annotations") + Eventually(func() error { + updatedDeployment := &appsv1.Deployment{ + TypeMeta: metav1.TypeMeta{ + Kind: deploymentKind, + APIVersion: deploymentAPIVersion, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: deploymentKey.Name, + Namespace: deploymentKey.Namespace, + Annotations: map[string]string{ + op.ItemPathAnnotation: itemPath, + op.NameAnnotation: ItemName, + }, + }, + Spec: appsv1.DeploymentSpec{ + Template: v1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{"app": deploymentName}, + }, + Spec: v1.PodSpec{ + Containers: []v1.Container{ + { + Name: deploymentName, + Image: "eu.gcr.io/kyma-project/example/http-db-service:0.0.6", + ImagePullPolicy: "IfNotPresent", + }, + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"app": deploymentName}, + }, + }, + } + err := k8sClient.Update(ctx, updatedDeployment) + if err != nil { + return err + } + return nil + }, timeout, interval).Should(Succeed()) + + deployment2 := &appsv1.Deployment{} + k8sClient.Get(ctx, deploymentKey, deployment2) + + // TODO: can we achieve the same without sleep? + time.Sleep(time.Millisecond * 10) + By("Reading updated K8s secret") + updatedSecret := &v1.Secret{} + Eventually(func() bool { + err := k8sClient.Get(ctx, secretKey, updatedSecret) + if err != nil { + return false + } + return true + }, timeout, interval).Should(BeTrue()) + Expect(updatedSecret.Data).Should(Equal(expectedSecretData)) + }) + + It("Should not delete secret created via deployment if it's used in another container", func() { + By("Create another POD with created secret") + anotherDeploymentKey := types.NamespacedName{ + Name: "other-deployment", + Namespace: namespace, + } + Eventually(func() error { + anotherDeployment := &appsv1.Deployment{ + TypeMeta: metav1.TypeMeta{ + Kind: deploymentKind, + APIVersion: deploymentAPIVersion, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: anotherDeploymentKey.Name, + Namespace: anotherDeploymentKey.Namespace, + }, + Spec: appsv1.DeploymentSpec{ + Template: v1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{"app": anotherDeploymentKey.Name}, + }, + Spec: v1.PodSpec{ + Containers: []v1.Container{ + { + Name: anotherDeploymentKey.Name, + Image: "eu.gcr.io/kyma-project/example/http-db-service:0.0.6", + ImagePullPolicy: "IfNotPresent", + Env: []v1.EnvVar{ + { + Name: anotherDeploymentKey.Name, + ValueFrom: &v1.EnvVarSource{ + SecretKeyRef: &v1.SecretKeySelector{ + LocalObjectReference: v1.LocalObjectReference{ + Name: secretKey.Name, + }, + Key: "password", + }, + }, + }, + }, + }, + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"app": anotherDeploymentKey.Name}, + }, + }, + } + err := k8sClient.Create(ctx, anotherDeployment) + if err != nil { + return err + } + return nil + }, timeout, interval).Should(Succeed()) + + By("Deleting the pod") + Eventually(func() error { + f := &appsv1.Deployment{} + err := k8sClient.Get(ctx, deploymentKey, f) + if err != nil { + return err + } + return k8sClient.Delete(ctx, f) + }, timeout, interval).Should(Succeed()) + + Eventually(func() error { + f := &v1.Secret{} + return k8sClient.Get(ctx, secretKey, f) + }, timeout, interval).Should(Succeed()) + }) + + It("Should not delete secret created via deployment if it's used in another volume", func() { + By("Create another POD with created secret") + anotherDeploymentKey := types.NamespacedName{ + Name: "other-deployment", + Namespace: namespace, + } + Eventually(func() error { + anotherDeployment := &appsv1.Deployment{ + TypeMeta: metav1.TypeMeta{ + Kind: deploymentKind, + APIVersion: deploymentAPIVersion, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: anotherDeploymentKey.Name, + Namespace: anotherDeploymentKey.Namespace, + }, + Spec: appsv1.DeploymentSpec{ + Template: v1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{"app": anotherDeploymentKey.Name}, + }, + Spec: v1.PodSpec{ + Volumes: []v1.Volume{ + { + Name: anotherDeploymentKey.Name, + VolumeSource: v1.VolumeSource{ + Secret: &v1.SecretVolumeSource{ + SecretName: secretKey.Name, + }, + }, + }, + }, + Containers: []v1.Container{ + { + Name: anotherDeploymentKey.Name, + Image: "eu.gcr.io/kyma-project/example/http-db-service:0.0.6", + ImagePullPolicy: "IfNotPresent", + }, + }, + }, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: map[string]string{"app": anotherDeploymentKey.Name}, + }, + }, + } + err := k8sClient.Create(ctx, anotherDeployment) + if err != nil { + return err + } + return nil + }, timeout, interval).Should(Succeed()) + + By("Deleting the pod") + Eventually(func() error { + f := &appsv1.Deployment{} + err := k8sClient.Get(ctx, deploymentKey, f) + if err != nil { + return err + } + return k8sClient.Delete(ctx, f) + }, timeout, interval).Should(Succeed()) + + Eventually(func() error { + f := &v1.Secret{} + return k8sClient.Get(ctx, secretKey, f) + }, timeout, interval).Should(Succeed()) + }) }) }) diff --git a/controllers/suite_test.go b/controllers/suite_test.go index 1d1a5c5..b779e81 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -63,6 +63,10 @@ var ( "username": username, "password": password, } + itemData2 = map[string]string{ + "username": username2, + "password": password2, + } ) const ( @@ -72,6 +76,12 @@ const ( password = "QmHumKc$mUeEem7caHtbaBaJ" version = 123 + vaultId2 = "hfnjvi6aymbsnfc2xeeoheizd2" + itemId2 = "nwrhuano7bcwddcviubpp4mhf2" + username2 = "test-user2" + password2 = "4zotzqDqXKasLFT2jzTs" + version2 = 456 + annotationRegExpString = "^operator.1password.io\\/[a-zA-Z\\.]+" ) @@ -79,6 +89,7 @@ const ( const ( namespace = "default" ItemName = "test-item" + ItemName2 = "test-item2" timeout = time.Second * 10 duration = time.Second * 10 @@ -94,6 +105,12 @@ var ( "password": []byte(password), "username": []byte(username), } + + itemPath2 = fmt.Sprintf("vaults/%v/items/%v", vaultId2, itemId2) + expectedSecretData2 = map[string][]byte{ + "password": []byte(password2), + "username": []byte(username2), + } ) func TestAPIs(t *testing.T) { From 1a8bd75bc8fc99b57695b9d78b36821b056e5eee Mon Sep 17 00:00:00 2001 From: volodymyrZotov Date: Wed, 21 Sep 2022 12:57:30 +0300 Subject: [PATCH 4/7] refactor tests --- controllers/deployment_controller_test.go | 50 ++++++------- .../onepassworditem_controller_test.go | 72 +++++++++---------- controllers/suite_test.go | 71 +++++++++--------- 3 files changed, 95 insertions(+), 98 deletions(-) diff --git a/controllers/deployment_controller_test.go b/controllers/deployment_controller_test.go index 493eb78..18baced 100644 --- a/controllers/deployment_controller_test.go +++ b/controllers/deployment_controller_test.go @@ -32,7 +32,7 @@ var _ = Describe("Deployment controller", func() { var deploymentResource *appsv1.Deployment createdSecret := &v1.Secret{} - MakeDeployment := func() { + makeDeployment := func() { ctx = context.Background() deploymentKey = types.NamespacedName{ @@ -41,7 +41,7 @@ var _ = Describe("Deployment controller", func() { } secretKey = types.NamespacedName{ - Name: ItemName, + Name: item1.Name, Namespace: namespace, } @@ -55,8 +55,8 @@ var _ = Describe("Deployment controller", func() { Name: deploymentKey.Name, Namespace: deploymentKey.Namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: ItemName, + op.ItemPathAnnotation: item1.Path, + op.NameAnnotation: item1.Name, }, }, Spec: appsv1.DeploymentSpec{ @@ -90,10 +90,10 @@ var _ = Describe("Deployment controller", func() { } return true }, timeout, interval).Should(BeTrue()) - Expect(createdSecret.Data).Should(Equal(expectedSecretData)) + Expect(createdSecret.Data).Should(Equal(item1.SecretData)) } - var CleanK8sResources = func() { + cleanK8sResources := func() { // failed test runs that don't clean up leave resources behind. err := k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) Expect(err).ToNot(HaveOccurred()) @@ -105,14 +105,14 @@ var _ = Describe("Deployment controller", func() { Expect(err3).ToNot(HaveOccurred()) } - var MockGetItemFunc = func() { + mockGetItemFunc := func() { mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { item := onepassword.Item{} item.Fields = []*onepassword.ItemField{} - for k, v := range itemData { + for k, v := range item1.Data { item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) } - item.Version = version + item.Version = item1.Version item.Vault.ID = vaultUUID item.ID = uuid return &item, nil @@ -120,14 +120,14 @@ var _ = Describe("Deployment controller", func() { } BeforeEach(func() { - CleanK8sResources() - MockGetItemFunc() + cleanK8sResources() + mockGetItemFunc() time.Sleep(time.Second) // TODO: can we achieve that with ginkgo? - MakeDeployment() + makeDeployment() }) Context("Deployment with secrets from 1Password", func() { - It("Should Handle a deployment correctly", func() { + It("Should delete secret if deployment is deleted", func() { By("Deleting the pod") Eventually(func() error { f := &appsv1.Deployment{} @@ -154,10 +154,10 @@ var _ = Describe("Deployment controller", func() { mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { item := onepassword.Item{} item.Fields = []*onepassword.ItemField{} - for k, v := range itemData2 { + for k, v := range item2.Data { item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) } - item.Version = version2 + item.Version = item2.Version item.Vault.ID = vaultUUID item.ID = uuid return &item, nil @@ -172,8 +172,8 @@ var _ = Describe("Deployment controller", func() { Name: deploymentKey.Name, Namespace: deploymentKey.Namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath2, - op.NameAnnotation: ItemName, + op.ItemPathAnnotation: item2.Path, + op.NameAnnotation: item1.Name, }, }, Spec: appsv1.DeploymentSpec{ @@ -214,13 +214,10 @@ var _ = Describe("Deployment controller", func() { } return true }, timeout, interval).Should(BeTrue()) - Expect(updatedSecret.Data).Should(Equal(expectedSecretData2)) + Expect(updatedSecret.Data).Should(Equal(item2.SecretData)) }) - It("Should not update if Annotations have not changed", func() { - deployment1 := &appsv1.Deployment{} - k8sClient.Get(ctx, deploymentKey, deployment1) - + It("Should not update secret if Annotations have not changed", func() { By("Updating secret without changing annotations") Eventually(func() error { updatedDeployment := &appsv1.Deployment{ @@ -232,8 +229,8 @@ var _ = Describe("Deployment controller", func() { Name: deploymentKey.Name, Namespace: deploymentKey.Namespace, Annotations: map[string]string{ - op.ItemPathAnnotation: itemPath, - op.NameAnnotation: ItemName, + op.ItemPathAnnotation: item1.Path, + op.NameAnnotation: item1.Name, }, }, Spec: appsv1.DeploymentSpec{ @@ -263,9 +260,6 @@ var _ = Describe("Deployment controller", func() { return nil }, timeout, interval).Should(Succeed()) - deployment2 := &appsv1.Deployment{} - k8sClient.Get(ctx, deploymentKey, deployment2) - // TODO: can we achieve the same without sleep? time.Sleep(time.Millisecond * 10) By("Reading updated K8s secret") @@ -277,7 +271,7 @@ var _ = Describe("Deployment controller", func() { } return true }, timeout, interval).Should(BeTrue()) - Expect(updatedSecret.Data).Should(Equal(expectedSecretData)) + Expect(updatedSecret.Data).Should(Equal(item1.SecretData)) }) It("Should not delete secret created via deployment if it's used in another container", func() { diff --git a/controllers/onepassworditem_controller_test.go b/controllers/onepassworditem_controller_test.go index 684a33b..77ed430 100644 --- a/controllers/onepassworditem_controller_test.go +++ b/controllers/onepassworditem_controller_test.go @@ -24,7 +24,7 @@ const ( iceCream = "freezing blue 20%" ) -var _ = Describe("OnePasswordItem controller", func() { +var _ = Describe("TestItem controller", func() { BeforeEach(func() { // failed test runs that don't clean up leave resources behind. err := k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) @@ -35,10 +35,10 @@ var _ = Describe("OnePasswordItem controller", func() { mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { item := onepassword.Item{} item.Fields = []*onepassword.ItemField{} - for k, v := range itemData { + for k, v := range item1.Data { item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) } - item.Version = version + item.Version = item1.Version item.Vault.ID = vaultUUID item.ID = uuid return &item, nil @@ -49,11 +49,11 @@ var _ = Describe("OnePasswordItem controller", func() { It("Should handle 1Password Item and secret correctly", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemPath: item1.Path, } key := types.NamespacedName{ - Name: ItemName, + Name: item1.Name, Namespace: namespace, } @@ -65,7 +65,7 @@ var _ = Describe("OnePasswordItem controller", func() { Spec: spec, } - By("Creating a new OnePasswordItem successfully") + By("Creating a new TestItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) created := &onepasswordv1.OnePasswordItem{} @@ -86,7 +86,7 @@ var _ = Describe("OnePasswordItem controller", func() { } return true }, timeout, interval).Should(BeTrue()) - Expect(createdSecret.Data).Should(Equal(expectedSecretData)) + Expect(createdSecret.Data).Should(Equal(item1.SecretData)) By("Updating existing secret successfully") newData := map[string]string{ @@ -105,7 +105,7 @@ var _ = Describe("OnePasswordItem controller", func() { for k, v := range newData { item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) } - item.Version = version + 1 + item.Version = item1.Version + 1 item.Vault.ID = vaultUUID item.ID = uuid return &item, nil @@ -123,7 +123,7 @@ var _ = Describe("OnePasswordItem controller", func() { }, timeout, interval).Should(BeTrue()) Expect(updatedSecret.Data).Should(Equal(newDataByte)) - By("Deleting the OnePasswordItem successfully") + By("Deleting the TestItem successfully") Eventually(func() error { f := &onepasswordv1.OnePasswordItem{} err := k8sClient.Get(ctx, key, f) @@ -147,7 +147,7 @@ var _ = Describe("OnePasswordItem controller", func() { It("Should handle 1Password Item with fields and sections that have invalid K8s labels correctly", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemPath: item1.Path, } key := types.NamespacedName{ @@ -185,13 +185,13 @@ var _ = Describe("OnePasswordItem controller", func() { for k, v := range testData { item.Fields = append(item.Fields, &onepassword.ItemField{Label: k, Value: v}) } - item.Version = version + 1 + item.Version = item1.Version + 1 item.Vault.ID = vaultUUID item.ID = uuid return &item, nil } - By("Creating a new OnePasswordItem successfully") + By("Creating a new TestItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) created := &onepasswordv1.OnePasswordItem{} @@ -214,7 +214,7 @@ var _ = Describe("OnePasswordItem controller", func() { }, timeout, interval).Should(BeTrue()) Expect(createdSecret.Data).Should(Equal(expectedData)) - By("Deleting the OnePasswordItem successfully") + By("Deleting the TestItem successfully") Eventually(func() error { f := &onepasswordv1.OnePasswordItem{} err := k8sClient.Get(ctx, key, f) @@ -235,14 +235,14 @@ var _ = Describe("OnePasswordItem controller", func() { }, timeout, interval).ShouldNot(Succeed()) }) - It("Should not update K8s secret if OnePasswordItem Version or VaultPath has not changed", func() { + It("Should not update K8s secret if TestItem Version or VaultPath has not changed", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemPath: item1.Path, } key := types.NamespacedName{ - Name: ItemName, + Name: item1.Name, Namespace: namespace, } @@ -254,7 +254,7 @@ var _ = Describe("OnePasswordItem controller", func() { Spec: spec, } - By("Creating a new OnePasswordItem successfully") + By("Creating a new TestItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) item := &onepasswordv1.OnePasswordItem{} @@ -269,9 +269,9 @@ var _ = Describe("OnePasswordItem controller", func() { err := k8sClient.Get(ctx, key, createdSecret) return err == nil }, timeout, interval).Should(BeTrue()) - Expect(createdSecret.Data).Should(Equal(expectedSecretData)) + Expect(createdSecret.Data).Should(Equal(item1.SecretData)) - By("Updating OnePasswordItem type") + By("Updating TestItem type") Eventually(func() bool { err1 := k8sClient.Get(ctx, key, item) if err1 != nil { @@ -288,13 +288,13 @@ var _ = Describe("OnePasswordItem controller", func() { err := k8sClient.Get(ctx, key, secret) return err == nil }, timeout, interval).Should(BeTrue()) - Expect(secret.Data).Should(Equal(expectedSecretData)) + Expect(secret.Data).Should(Equal(item1.SecretData)) }) - It("Should update type of existing K8s Secret using OnePasswordItem", func() { + It("Should update type of existing K8s Secret using TestItem", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemPath: item1.Path, } key := types.NamespacedName{ @@ -311,7 +311,7 @@ var _ = Describe("OnePasswordItem controller", func() { Type: string(v1.SecretTypeBasicAuth), } - By("Creating a new OnePasswordItem successfully") + By("Creating a new TestItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) By("Reading K8s secret") @@ -323,11 +323,11 @@ var _ = Describe("OnePasswordItem controller", func() { Expect(secret.Type).Should(Equal(v1.SecretTypeBasicAuth)) }) - It("Should create custom K8s Secret type using OnePasswordItem", func() { + It("Should create custom K8s Secret type using TestItem", func() { const customType = "CustomType" ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemPath: item1.Path, } key := types.NamespacedName{ @@ -344,7 +344,7 @@ var _ = Describe("OnePasswordItem controller", func() { Type: customType, } - By("Creating a new OnePasswordItem successfully") + By("Creating a new TestItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) By("Reading K8s secret") @@ -358,11 +358,13 @@ var _ = Describe("OnePasswordItem controller", func() { }, timeout, interval).Should(BeTrue()) Expect(secret.Type).Should(Equal(v1.SecretType(customType))) }) + }) + Context("Failing part", func() { It("Should throw an error if K8s Secret type is changed", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemPath: item1.Path, } key := types.NamespacedName{ @@ -378,7 +380,7 @@ var _ = Describe("OnePasswordItem controller", func() { Spec: spec, } - By("Creating a new OnePasswordItem successfully") + By("Creating a new TestItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) By("Reading K8s secret") @@ -401,14 +403,12 @@ var _ = Describe("OnePasswordItem controller", func() { return true }, timeout, interval).Should(BeFalse()) }) - }) - Context("Failing part", func() { - When("OnePasswordItem name contains `_`", func() { + When("TestItem name contains `_`", func() { It("An error occurred", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemPath: item1.Path, } key := types.NamespacedName{ @@ -424,17 +424,17 @@ var _ = Describe("OnePasswordItem controller", func() { Spec: spec, } - By("Creating a new OnePasswordItem") + By("Creating a new TestItem") Expect(k8sClient.Create(ctx, toCreate)).To(HaveOccurred()) }) }) - When("OnePasswordItem name contains capital letters", func() { + When("TestItem name contains capital letters", func() { It("An error occurred", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: itemPath, + ItemPath: item1.Path, } key := types.NamespacedName{ @@ -450,7 +450,7 @@ var _ = Describe("OnePasswordItem controller", func() { Spec: spec, } - By("Creating a new OnePasswordItem") + By("Creating a new TestItem") Expect(k8sClient.Create(ctx, toCreate)).To(HaveOccurred()) }) }) diff --git a/controllers/suite_test.go b/controllers/suite_test.go index b779e81..6c6b632 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -26,7 +26,6 @@ package controllers import ( "context" - "fmt" "path/filepath" "regexp" "testing" @@ -52,35 +51,12 @@ import ( // These tests use Ginkgo (BDD-style Go testing framework). Refer to // http://onsi.github.io/ginkgo/ to learn more about Ginkgo. -var ( - cfg *rest.Config - k8sClient client.Client - testEnv *envtest.Environment - ctx context.Context - cancel context.CancelFunc - - itemData = map[string]string{ - "username": username, - "password": password, - } - itemData2 = map[string]string{ - "username": username2, - "password": password2, - } -) - const ( - vaultId = "hfnjvi6aymbsnfc2xeeoheizda" - itemId = "nwrhuano7bcwddcviubpp4mhfq" username = "test-user" password = "QmHumKc$mUeEem7caHtbaBaJ" - version = 123 - vaultId2 = "hfnjvi6aymbsnfc2xeeoheizd2" - itemId2 = "nwrhuano7bcwddcviubpp4mhf2" username2 = "test-user2" password2 = "4zotzqDqXKasLFT2jzTs" - version2 = 456 annotationRegExpString = "^operator.1password.io\\/[a-zA-Z\\.]+" ) @@ -88,8 +64,6 @@ const ( // Define utility constants for object names and testing timeouts/durations and intervals. const ( namespace = "default" - ItemName = "test-item" - ItemName2 = "test-item2" timeout = time.Second * 10 duration = time.Second * 10 @@ -97,22 +71,51 @@ const ( ) var ( + cfg *rest.Config + k8sClient client.Client + testEnv *envtest.Environment + ctx context.Context + cancel context.CancelFunc onePasswordItemReconciler *OnePasswordItemReconciler deploymentReconciler *DeploymentReconciler - itemPath = fmt.Sprintf("vaults/%v/items/%v", vaultId, itemId) - expectedSecretData = map[string][]byte{ - "password": []byte(password), - "username": []byte(username), + item1 = &TestItem{ + Name: "test-item", + Version: 123, + Path: "vaults/hfnjvi6aymbsnfc2xeeoheizda/items/nwrhuano7bcwddcviubpp4mhfq", + Data: map[string]string{ + "username": username, + "password": password, + }, + SecretData: map[string][]byte{ + "password": []byte(password), + "username": []byte(username), + }, } - itemPath2 = fmt.Sprintf("vaults/%v/items/%v", vaultId2, itemId2) - expectedSecretData2 = map[string][]byte{ - "password": []byte(password2), - "username": []byte(username2), + item2 = &TestItem{ + Name: "test-item2", + Path: "vaults/hfnjvi6aymbsnfc2xeeoheizd2/items/nwrhuano7bcwddcviubpp4mhf2", + Version: 456, + Data: map[string]string{ + "username": username2, + "password": password2, + }, + SecretData: map[string][]byte{ + "password": []byte(password2), + "username": []byte(username2), + }, } ) +type TestItem struct { + Name string + Version int + Path string + Data map[string]string + SecretData map[string][]byte +} + func TestAPIs(t *testing.T) { RegisterFailHandler(Fail) From 20f81f5b0f2bff8b38534683fe2f1ada62d59e38 Mon Sep 17 00:00:00 2001 From: volodymyrZotov Date: Thu, 20 Oct 2022 11:08:56 +0300 Subject: [PATCH 5/7] update tests --- controllers/deployment_controller_test.go | 12 +-- .../onepassworditem_controller_test.go | 74 ++++++------------- 2 files changed, 27 insertions(+), 59 deletions(-) diff --git a/controllers/deployment_controller_test.go b/controllers/deployment_controller_test.go index 18baced..1481d79 100644 --- a/controllers/deployment_controller_test.go +++ b/controllers/deployment_controller_test.go @@ -98,11 +98,11 @@ var _ = Describe("Deployment controller", func() { err := k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) Expect(err).ToNot(HaveOccurred()) - err2 := k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) - Expect(err2).ToNot(HaveOccurred()) + err = k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) + Expect(err).ToNot(HaveOccurred()) - err3 := k8sClient.DeleteAllOf(context.Background(), &appsv1.Deployment{}, client.InNamespace(namespace)) - Expect(err3).ToNot(HaveOccurred()) + err = k8sClient.DeleteAllOf(context.Background(), &appsv1.Deployment{}, client.InNamespace(namespace)) + Expect(err).ToNot(HaveOccurred()) } mockGetItemFunc := func() { @@ -275,7 +275,7 @@ var _ = Describe("Deployment controller", func() { }) It("Should not delete secret created via deployment if it's used in another container", func() { - By("Create another POD with created secret") + By("Creating another POD with created secret") anotherDeploymentKey := types.NamespacedName{ Name: "other-deployment", Namespace: namespace, @@ -347,7 +347,7 @@ var _ = Describe("Deployment controller", func() { }) It("Should not delete secret created via deployment if it's used in another volume", func() { - By("Create another POD with created secret") + By("Creating another POD with created secret") anotherDeploymentKey := types.NamespacedName{ Name: "other-deployment", Namespace: namespace, diff --git a/controllers/onepassworditem_controller_test.go b/controllers/onepassworditem_controller_test.go index 77ed430..4f37339 100644 --- a/controllers/onepassworditem_controller_test.go +++ b/controllers/onepassworditem_controller_test.go @@ -24,13 +24,13 @@ const ( iceCream = "freezing blue 20%" ) -var _ = Describe("TestItem controller", func() { +var _ = Describe("OnePasswordItem controller", func() { BeforeEach(func() { // failed test runs that don't clean up leave resources behind. err := k8sClient.DeleteAllOf(context.Background(), &onepasswordv1.OnePasswordItem{}, client.InNamespace(namespace)) Expect(err).ToNot(HaveOccurred()) - err2 := k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) - Expect(err2).ToNot(HaveOccurred()) + err = k8sClient.DeleteAllOf(context.Background(), &v1.Secret{}, client.InNamespace(namespace)) + Expect(err).ToNot(HaveOccurred()) mocks.DoGetItemFunc = func(uuid string, vaultUUID string) (*onepassword.Item, error) { item := onepassword.Item{} @@ -65,7 +65,7 @@ var _ = Describe("TestItem controller", func() { Spec: spec, } - By("Creating a new TestItem successfully") + By("Creating a new OnePasswordItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) created := &onepasswordv1.OnePasswordItem{} @@ -123,7 +123,7 @@ var _ = Describe("TestItem controller", func() { }, timeout, interval).Should(BeTrue()) Expect(updatedSecret.Data).Should(Equal(newDataByte)) - By("Deleting the TestItem successfully") + By("Deleting the OnePasswordItem successfully") Eventually(func() error { f := &onepasswordv1.OnePasswordItem{} err := k8sClient.Get(ctx, key, f) @@ -191,7 +191,7 @@ var _ = Describe("TestItem controller", func() { return &item, nil } - By("Creating a new TestItem successfully") + By("Creating a new OnePasswordItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) created := &onepasswordv1.OnePasswordItem{} @@ -214,7 +214,7 @@ var _ = Describe("TestItem controller", func() { }, timeout, interval).Should(BeTrue()) Expect(createdSecret.Data).Should(Equal(expectedData)) - By("Deleting the TestItem successfully") + By("Deleting the OnePasswordItem successfully") Eventually(func() error { f := &onepasswordv1.OnePasswordItem{} err := k8sClient.Get(ctx, key, f) @@ -235,7 +235,7 @@ var _ = Describe("TestItem controller", func() { }, timeout, interval).ShouldNot(Succeed()) }) - It("Should not update K8s secret if TestItem Version or VaultPath has not changed", func() { + It("Should not update K8s secret if OnePasswordItem Version or VaultPath has not changed", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ ItemPath: item1.Path, @@ -254,7 +254,7 @@ var _ = Describe("TestItem controller", func() { Spec: spec, } - By("Creating a new TestItem successfully") + By("Creating a new OnePasswordItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) item := &onepasswordv1.OnePasswordItem{} @@ -271,7 +271,7 @@ var _ = Describe("TestItem controller", func() { }, timeout, interval).Should(BeTrue()) Expect(createdSecret.Data).Should(Equal(item1.SecretData)) - By("Updating TestItem type") + By("Updating OnePasswordItem type") Eventually(func() bool { err1 := k8sClient.Get(ctx, key, item) if err1 != nil { @@ -291,39 +291,7 @@ var _ = Describe("TestItem controller", func() { Expect(secret.Data).Should(Equal(item1.SecretData)) }) - It("Should update type of existing K8s Secret using TestItem", func() { - ctx := context.Background() - spec := onepasswordv1.OnePasswordItemSpec{ - ItemPath: item1.Path, - } - - key := types.NamespacedName{ - Name: "test5", - Namespace: namespace, - } - - toCreate := &onepasswordv1.OnePasswordItem{ - ObjectMeta: metav1.ObjectMeta{ - Name: key.Name, - Namespace: key.Namespace, - }, - Spec: spec, - Type: string(v1.SecretTypeBasicAuth), - } - - By("Creating a new TestItem successfully") - Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) - - By("Reading K8s secret") - secret := &v1.Secret{} - Eventually(func() bool { - err := k8sClient.Get(ctx, key, secret) - return err == nil - }, timeout, interval).Should(BeTrue()) - Expect(secret.Type).Should(Equal(v1.SecretTypeBasicAuth)) - }) - - It("Should create custom K8s Secret type using TestItem", func() { + It("Should create custom K8s Secret type using OnePasswordItem", func() { const customType = "CustomType" ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ @@ -344,7 +312,7 @@ var _ = Describe("TestItem controller", func() { Type: customType, } - By("Creating a new TestItem successfully") + By("Creating a new OnePasswordItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) By("Reading K8s secret") @@ -360,7 +328,7 @@ var _ = Describe("TestItem controller", func() { }) }) - Context("Failing part", func() { + Context("Unhappy part", func() { It("Should throw an error if K8s Secret type is changed", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ @@ -380,7 +348,7 @@ var _ = Describe("TestItem controller", func() { Spec: spec, } - By("Creating a new TestItem successfully") + By("Creating a new OnePasswordItem successfully") Expect(k8sClient.Create(ctx, toCreate)).Should(Succeed()) By("Reading K8s secret") @@ -393,7 +361,7 @@ var _ = Describe("TestItem controller", func() { return true }, timeout, interval).Should(BeTrue()) - By("Updating K8s secret type throw an error") + By("Failing to update K8s secret") Eventually(func() bool { secret.Type = v1.SecretTypeBasicAuth err := k8sClient.Update(ctx, secret) @@ -404,8 +372,8 @@ var _ = Describe("TestItem controller", func() { }, timeout, interval).Should(BeFalse()) }) - When("TestItem name contains `_`", func() { - It("An error occurred", func() { + When("OnePasswordItem name contains `_`", func() { + It("Should fail creating a OnePasswordItem resource", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ ItemPath: item1.Path, @@ -424,14 +392,14 @@ var _ = Describe("TestItem controller", func() { Spec: spec, } - By("Creating a new TestItem") + By("Creating a new OnePasswordItem") Expect(k8sClient.Create(ctx, toCreate)).To(HaveOccurred()) }) }) - When("TestItem name contains capital letters", func() { - It("An error occurred", func() { + When("OnePasswordItem name contains capital letters", func() { + It("Should fail creating a OnePasswordItem resource", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ ItemPath: item1.Path, @@ -450,7 +418,7 @@ var _ = Describe("TestItem controller", func() { Spec: spec, } - By("Creating a new TestItem") + By("Creating a new OnePasswordItem") Expect(k8sClient.Create(ctx, toCreate)).To(HaveOccurred()) }) }) From 1d1d824ff4dd7cb4430001acc26d829890239240 Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Mon, 24 Oct 2022 13:57:31 +0200 Subject: [PATCH 6/7] Adjust context --- controllers/onepassworditem_controller_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/onepassworditem_controller_test.go b/controllers/onepassworditem_controller_test.go index 4f37339..e24dddf 100644 --- a/controllers/onepassworditem_controller_test.go +++ b/controllers/onepassworditem_controller_test.go @@ -328,7 +328,7 @@ var _ = Describe("OnePasswordItem controller", func() { }) }) - Context("Unhappy part", func() { + Context("Unhappy path", func() { It("Should throw an error if K8s Secret type is changed", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ From d8bfa318f2fd2cbc369ca01fd194b1d5242d2ce7 Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Mon, 24 Oct 2022 14:09:17 +0200 Subject: [PATCH 7/7] Adjust code --- controllers/onepassworditem_controller_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/controllers/onepassworditem_controller_test.go b/controllers/onepassworditem_controller_test.go index e24dddf..7a1f01d 100644 --- a/controllers/onepassworditem_controller_test.go +++ b/controllers/onepassworditem_controller_test.go @@ -157,7 +157,7 @@ var _ = Describe("OnePasswordItem controller", func() { toCreate := &onepasswordv1.OnePasswordItem{ ObjectMeta: metav1.ObjectMeta{ - Name: "my-secret-it3m", + Name: key.Name, Namespace: key.Namespace, }, Spec: spec, @@ -372,7 +372,7 @@ var _ = Describe("OnePasswordItem controller", func() { }, timeout, interval).Should(BeFalse()) }) - When("OnePasswordItem name contains `_`", func() { + When("OnePasswordItem resource name contains `_`", func() { It("Should fail creating a OnePasswordItem resource", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{ @@ -398,7 +398,7 @@ var _ = Describe("OnePasswordItem controller", func() { }) }) - When("OnePasswordItem name contains capital letters", func() { + When("OnePasswordItem resource name contains capital letters", func() { It("Should fail creating a OnePasswordItem resource", func() { ctx := context.Background() spec := onepasswordv1.OnePasswordItemSpec{