github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/caas/kubernetes/provider/proxy/info_test.go (about) 1 // Copyright 2021 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package proxy_test 5 6 import ( 7 "context" 8 "time" 9 10 "github.com/juju/clock/testclock" 11 jc "github.com/juju/testing/checkers" 12 gc "gopkg.in/check.v1" 13 core "k8s.io/api/core/v1" 14 meta "k8s.io/apimachinery/pkg/apis/meta/v1" 15 "k8s.io/apimachinery/pkg/labels" 16 "k8s.io/client-go/kubernetes/fake" 17 18 "github.com/juju/juju/caas/kubernetes/provider/proxy" 19 ) 20 21 type infoSuite struct { 22 client *fake.Clientset 23 clock *testclock.Clock 24 } 25 26 var _ = gc.Suite(&infoSuite{}) 27 28 func (i *infoSuite) SetUpTest(c *gc.C) { 29 i.clock = testclock.NewClock(time.Time{}) 30 31 i.client = fake.NewSimpleClientset() 32 _, err := i.client.CoreV1().Namespaces().Create(context.TODO(), 33 &core.Namespace{ 34 ObjectMeta: meta.ObjectMeta{ 35 Name: testNamespace, 36 }, 37 }, 38 meta.CreateOptions{}, 39 ) 40 c.Assert(err, jc.ErrorIsNil) 41 } 42 43 func (i *infoSuite) TestHasControllerProxyFalse(c *gc.C) { 44 has, err := proxy.HasControllerProxy("test", 45 i.client.CoreV1().ConfigMaps(testNamespace), 46 ) 47 c.Assert(err, jc.ErrorIsNil) 48 c.Assert(has, jc.IsFalse) 49 } 50 51 func (i *infoSuite) TestHasControllerProxy(c *gc.C) { 52 config := proxy.ControllerProxyConfig{ 53 Name: "controller-proxy", 54 Namespace: testNamespace, 55 RemotePort: "17707", 56 TargetService: "controller-service", 57 } 58 59 // fake k8s client does not populate the token for secret, so we have to do it manually. 60 _, err := i.client.CoreV1().Secrets(testNamespace).Create(context.TODO(), &core.Secret{ 61 ObjectMeta: meta.ObjectMeta{ 62 Labels: labels.Set{}, 63 Name: config.Name, 64 Annotations: map[string]string{ 65 core.ServiceAccountNameKey: config.Name, 66 }, 67 }, 68 Type: core.SecretTypeServiceAccountToken, 69 Data: map[string][]byte{ 70 core.ServiceAccountTokenKey: []byte("token"), 71 }, 72 }, meta.CreateOptions{}) 73 c.Assert(err, jc.ErrorIsNil) 74 err = proxy.CreateControllerProxy( 75 context.Background(), 76 config, 77 labels.Set{}, 78 i.clock, 79 i.client.CoreV1().ConfigMaps(testNamespace), 80 i.client.RbacV1().Roles(testNamespace), 81 i.client.RbacV1().RoleBindings(testNamespace), 82 i.client.CoreV1().ServiceAccounts(testNamespace), 83 i.client.CoreV1().Secrets(testNamespace), 84 ) 85 c.Assert(err, jc.ErrorIsNil) 86 87 has, err := proxy.HasControllerProxy(config.Name, 88 i.client.CoreV1().ConfigMaps(testNamespace), 89 ) 90 c.Assert(err, jc.ErrorIsNil) 91 c.Assert(has, jc.IsTrue) 92 } 93 94 func (i *infoSuite) TestGetControllerProxier(c *gc.C) { 95 config := proxy.ControllerProxyConfig{ 96 Name: "controller-proxy", 97 Namespace: testNamespace, 98 RemotePort: "17707", 99 TargetService: "controller-service", 100 } 101 102 // fake k8s client does not populate the token for secret, so we have to do it manually. 103 _, err := i.client.CoreV1().Secrets(testNamespace).Create(context.TODO(), &core.Secret{ 104 ObjectMeta: meta.ObjectMeta{ 105 Labels: labels.Set{}, 106 Name: config.Name, 107 Annotations: map[string]string{ 108 core.ServiceAccountNameKey: config.Name, 109 }, 110 }, 111 Type: core.SecretTypeServiceAccountToken, 112 Data: map[string][]byte{ 113 core.ServiceAccountTokenKey: []byte("token"), 114 }, 115 }, meta.CreateOptions{}) 116 c.Assert(err, jc.ErrorIsNil) 117 err = proxy.CreateControllerProxy( 118 context.Background(), 119 config, 120 labels.Set{}, 121 i.clock, 122 i.client.CoreV1().ConfigMaps(testNamespace), 123 i.client.RbacV1().Roles(testNamespace), 124 i.client.RbacV1().RoleBindings(testNamespace), 125 i.client.CoreV1().ServiceAccounts(testNamespace), 126 i.client.CoreV1().Secrets(testNamespace), 127 ) 128 c.Assert(err, jc.ErrorIsNil) 129 130 _, err = proxy.GetControllerProxy( 131 config.Name, 132 "https://localhost:8123", 133 i.client.CoreV1().ConfigMaps(testNamespace), 134 i.client.CoreV1().ServiceAccounts(testNamespace), 135 i.client.CoreV1().Secrets(testNamespace), 136 ) 137 c.Assert(err, jc.ErrorIsNil) 138 }