github.com/ironcore-dev/gardener-extension-provider-ironcore@v0.3.2-0.20240314231816-8336447fb9a0/pkg/admission/validator/secretbinding_test.go (about) 1 // SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and IronCore contributors 2 // SPDX-License-Identifier: Apache-2.0 3 4 package validator_test 5 6 import ( 7 "context" 8 "fmt" 9 10 extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook" 11 "github.com/gardener/gardener/pkg/apis/core" 12 mockclient "github.com/gardener/gardener/pkg/mock/controller-runtime/client" 13 mockmanager "github.com/gardener/gardener/pkg/mock/controller-runtime/manager" 14 . "github.com/onsi/ginkgo/v2" 15 . "github.com/onsi/gomega" 16 "go.uber.org/mock/gomock" 17 corev1 "k8s.io/api/core/v1" 18 "sigs.k8s.io/controller-runtime/pkg/client" 19 20 "github.com/ironcore-dev/gardener-extension-provider-ironcore/pkg/admission/validator" 21 ) 22 23 var _ = Describe("SecretBinding validator", func() { 24 25 Describe("#Validate", func() { 26 const ( 27 namespace = "garden-dev" 28 name = "my-provider-account" 29 ) 30 31 var ( 32 secretBindingValidator extensionswebhook.Validator 33 34 ctrl *gomock.Controller 35 apiReader *mockclient.MockReader 36 37 secretBinding = &core.SecretBinding{ 38 SecretRef: corev1.SecretReference{ 39 Name: name, 40 Namespace: namespace, 41 }, 42 } 43 fakeErr = fmt.Errorf("fake err") 44 45 mgr *mockmanager.MockManager 46 ) 47 48 BeforeEach(func() { 49 ctrl = gomock.NewController(GinkgoT()) 50 51 apiReader = mockclient.NewMockReader(ctrl) 52 53 mgr = mockmanager.NewMockManager(ctrl) 54 mgr.EXPECT().GetAPIReader().Return(apiReader) 55 56 secretBindingValidator = validator.NewSecretBindingValidator(mgr) 57 }) 58 59 AfterEach(func() { 60 ctrl.Finish() 61 }) 62 63 It("should return err when obj is not a SecretBinding", func() { 64 err := secretBindingValidator.Validate(context.TODO(), &corev1.Secret{}, nil) 65 Expect(err).To(MatchError("wrong object type *v1.Secret")) 66 }) 67 68 It("should return err when oldObj is not a SecretBinding", func() { 69 err := secretBindingValidator.Validate(context.TODO(), &core.SecretBinding{}, &corev1.Secret{}) 70 Expect(err).To(MatchError("wrong object type *v1.Secret for old object")) 71 }) 72 73 It("should return err if it fails to get the corresponding Secret", func() { 74 apiReader.EXPECT().Get(context.TODO(), client.ObjectKey{Namespace: namespace, Name: name}, gomock.AssignableToTypeOf(&corev1.Secret{})).Return(fakeErr) 75 76 err := secretBindingValidator.Validate(context.TODO(), secretBinding, nil) 77 Expect(err).To(MatchError(fakeErr)) 78 }) 79 80 It("should return err when the corresponding Secret is not valid", func() { 81 apiReader.EXPECT().Get(context.TODO(), client.ObjectKey{Namespace: namespace, Name: name}, gomock.AssignableToTypeOf(&corev1.Secret{})). 82 DoAndReturn(func(_ context.Context, _ client.ObjectKey, obj *corev1.Secret, _ ...client.GetOption) error { 83 secret := &corev1.Secret{Data: map[string][]byte{ 84 "namespace": []byte("foo"), 85 }} 86 *obj = *secret 87 return nil 88 }) 89 90 err := secretBindingValidator.Validate(context.TODO(), secretBinding, nil) 91 Expect(err).To(MatchError("missing field: token in cloud provider secret")) 92 }) 93 94 It("should return nil when the corresponding Secret is valid", func() { 95 apiReader.EXPECT().Get(context.TODO(), client.ObjectKey{Namespace: namespace, Name: name}, gomock.AssignableToTypeOf(&corev1.Secret{})). 96 DoAndReturn(func(_ context.Context, _ client.ObjectKey, obj *corev1.Secret, _ ...client.GetOption) error { 97 secret := &corev1.Secret{Data: map[string][]byte{ 98 "namespace": []byte("default"), 99 "token": []byte("abcd"), 100 "username": []byte("admin"), 101 }} 102 *obj = *secret 103 return nil 104 }) 105 106 err := secretBindingValidator.Validate(context.TODO(), secretBinding, nil) 107 Expect(err).NotTo(HaveOccurred()) 108 }) 109 }) 110 111 })