github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/pkg/controller/plan/tls_utils_test.go (about) 1 /* 2 Copyright (C) 2022-2023 ApeCloud Co., Ltd 3 4 This file is part of KubeBlocks project 5 6 This program is free software: you can redistribute it and/or modify 7 it under the terms of the GNU Affero General Public License as published by 8 the Free Software Foundation, either version 3 of the License, or 9 (at your option) any later version. 10 11 This program is distributed in the hope that it will be useful 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 GNU Affero General Public License for more details. 15 16 You should have received a copy of the GNU Affero General Public License 17 along with this program. If not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 package plan 21 22 import ( 23 "context" 24 "fmt" 25 26 . "github.com/onsi/ginkgo/v2" 27 . "github.com/onsi/gomega" 28 29 "github.com/golang/mock/gomock" 30 corev1 "k8s.io/api/core/v1" 31 apierrors "k8s.io/apimachinery/pkg/api/errors" 32 "k8s.io/apimachinery/pkg/runtime/schema" 33 "sigs.k8s.io/controller-runtime/pkg/client" 34 35 appsv1alpha1 "github.com/1aal/kubeblocks/apis/apps/v1alpha1" 36 "github.com/1aal/kubeblocks/pkg/constant" 37 "github.com/1aal/kubeblocks/pkg/controller/factory" 38 testutil "github.com/1aal/kubeblocks/pkg/testutil/k8s" 39 ) 40 41 var _ = Describe("TLSUtilsTest", func() { 42 const namespace = "foo" 43 44 Context("ComposeTLSSecret function", func() { 45 It("should work well", func() { 46 clusterName := "bar" 47 componentName := "test" 48 secret, err := ComposeTLSSecret(namespace, clusterName, componentName) 49 Expect(err).Should(BeNil()) 50 Expect(secret).ShouldNot(BeNil()) 51 Expect(secret.Name).Should(Equal(fmt.Sprintf("%s-%s-tls-certs", clusterName, componentName))) 52 Expect(secret.Labels).ShouldNot(BeNil()) 53 Expect(secret.Labels[constant.AppInstanceLabelKey]).Should(Equal(clusterName)) 54 Expect(secret.Labels[constant.KBManagedByKey]).Should(Equal(constant.AppName)) 55 Expect(secret.StringData).ShouldNot(BeNil()) 56 Expect(secret.StringData[factory.CAName]).ShouldNot(BeZero()) 57 Expect(secret.StringData[factory.CertName]).ShouldNot(BeZero()) 58 Expect(secret.StringData[factory.KeyName]).ShouldNot(BeZero()) 59 }) 60 }) 61 62 Context("CheckTLSSecretRef function", func() { 63 It("should work well", func() { 64 ctx := context.Background() 65 name := "bar" 66 secretRef := &appsv1alpha1.TLSSecretRef{ 67 Name: name, 68 CA: "caName", 69 Cert: "certName", 70 Key: "keyName", 71 } 72 controller, k8sMock := testutil.SetupK8sMock() 73 defer controller.Finish() 74 75 By("secret not found") 76 k8sMock.EXPECT(). 77 Get(gomock.Any(), gomock.Any(), &corev1.Secret{}, gomock.Any()). 78 DoAndReturn(func(_ context.Context, objKey client.ObjectKey, obj *corev1.Secret, _ ...client.GetOption) error { 79 return apierrors.NewNotFound(schema.GroupResource{}, obj.Name) 80 }).Times(1) 81 err := CheckTLSSecretRef(ctx, k8sMock, namespace, secretRef) 82 Expect(apierrors.IsNotFound(err)).Should(BeTrue()) 83 84 By("set stringData to nil") 85 k8sMock.EXPECT(). 86 Get(gomock.Any(), gomock.Any(), &corev1.Secret{}, gomock.Any()). 87 DoAndReturn(func(_ context.Context, objKey client.ObjectKey, obj *corev1.Secret, _ ...client.GetOption) error { 88 Expect(obj).ShouldNot(BeNil()) 89 obj.Namespace = objKey.Namespace 90 obj.Name = objKey.Name 91 return nil 92 }).Times(1) 93 err = CheckTLSSecretRef(ctx, k8sMock, namespace, secretRef) 94 Expect(err).ShouldNot(BeNil()) 95 Expect(err.Error()).Should(ContainSubstring("tls secret's data field shouldn't be nil")) 96 97 By("set no CA key in map stringData") 98 k8sMock.EXPECT(). 99 Get(gomock.Any(), gomock.Any(), &corev1.Secret{}, gomock.Any()). 100 DoAndReturn(func(_ context.Context, objKey client.ObjectKey, obj *corev1.Secret, _ ...client.GetOption) error { 101 Expect(obj).ShouldNot(BeNil()) 102 obj.Namespace = objKey.Namespace 103 obj.Name = objKey.Name 104 obj.StringData = map[string]string{ 105 secretRef.Cert: "foo", 106 secretRef.Key: "bar", 107 } 108 return nil 109 }).Times(1) 110 err = CheckTLSSecretRef(ctx, k8sMock, namespace, secretRef) 111 Expect(err).ShouldNot(BeNil()) 112 Expect(err.Error()).Should(ContainSubstring(secretRef.CA)) 113 114 By("set everything ok") 115 k8sMock.EXPECT(). 116 Get(gomock.Any(), gomock.Any(), &corev1.Secret{}, gomock.Any()). 117 DoAndReturn(func(_ context.Context, objKey client.ObjectKey, obj *corev1.Secret, _ ...client.GetOption) error { 118 Expect(obj).ShouldNot(BeNil()) 119 obj.Namespace = objKey.Namespace 120 obj.Name = objKey.Name 121 obj.StringData = map[string]string{ 122 secretRef.Cert: "foo", 123 secretRef.Key: "bar", 124 secretRef.CA: "ca", 125 } 126 return nil 127 }).Times(1) 128 Expect(CheckTLSSecretRef(ctx, k8sMock, namespace, secretRef)).Should(Succeed()) 129 }) 130 131 Context("GetTLSKeyWord function", func() { 132 It("should work well", func() { 133 suite := []struct { 134 input string 135 expected string 136 }{ 137 {input: "mysql", expected: "ssl_cert"}, 138 {input: "postgresql", expected: "ssl_cert_file"}, 139 {input: "redis", expected: "tls-cert-file"}, 140 {input: "others", expected: "unsupported-character-type"}, 141 } 142 143 for _, s := range suite { 144 Expect(GetTLSKeyWord(s.input)).Should(Equal(s.expected)) 145 } 146 }) 147 }) 148 }) 149 })