github.com/kyma-project/kyma-environment-broker@v0.0.1/internal/kubeconfig/builder_test.go (about) 1 package kubeconfig 2 3 import ( 4 "fmt" 5 "testing" 6 7 schema "github.com/kyma-project/control-plane/components/provisioner/pkg/gqlschema" 8 "github.com/kyma-project/kyma-environment-broker/internal" 9 "github.com/kyma-project/kyma-environment-broker/internal/provisioner/automock" 10 11 "github.com/stretchr/testify/require" 12 ) 13 14 const ( 15 globalAccountID = "d9d501c2-bdcb-49f2-8e86-1c4e05b90f5e" 16 runtimeID = "f7d634ae-4ce2-4916-be64-b6fb493155df" 17 18 issuerURL = "https://example.com" 19 clientID = "c1id" 20 ) 21 22 func TestBuilder_Build(t *testing.T) { 23 t.Run("new kubeconfig was build properly", func(t *testing.T) { 24 // given 25 provisionerClient := &automock.Client{} 26 provisionerClient.On("RuntimeStatus", globalAccountID, runtimeID).Return(schema.RuntimeStatus{ 27 RuntimeConfiguration: &schema.RuntimeConfig{ 28 Kubeconfig: skrKubeconfig(), 29 ClusterConfig: &schema.GardenerConfig{ 30 OidcConfig: &schema.OIDCConfig{ 31 ClientID: clientID, 32 GroupsClaim: "gclaim", 33 IssuerURL: issuerURL, 34 SigningAlgs: nil, 35 UsernameClaim: "uclaim", 36 UsernamePrefix: "-", 37 }, 38 }, 39 }, 40 }, nil) 41 defer provisionerClient.AssertExpectations(t) 42 43 builder := NewBuilder(provisionerClient) 44 45 instance := &internal.Instance{ 46 RuntimeID: runtimeID, 47 GlobalAccountID: globalAccountID, 48 } 49 50 // when 51 kubeconfig, err := builder.Build(instance) 52 53 //then 54 require.NoError(t, err) 55 require.Equal(t, kubeconfig, newKubeconfig()) 56 }) 57 58 t.Run("provisioner client returned error", func(t *testing.T) { 59 // given 60 provisionerClient := &automock.Client{} 61 provisionerClient.On("RuntimeStatus", globalAccountID, runtimeID).Return(schema.RuntimeStatus{}, fmt.Errorf("cannot return kubeconfig")) 62 defer provisionerClient.AssertExpectations(t) 63 64 builder := NewBuilder(provisionerClient) 65 instance := &internal.Instance{ 66 RuntimeID: runtimeID, 67 GlobalAccountID: globalAccountID, 68 } 69 70 // when 71 _, err := builder.Build(instance) 72 73 //then 74 require.Error(t, err) 75 require.Contains(t, err.Error(), "while fetching runtime status from provisioner: cannot return kubeconfig") 76 }) 77 78 t.Run("provisioner client returned wrong kubeconfig", func(t *testing.T) { 79 // given 80 provisionerClient := &automock.Client{} 81 provisionerClient.On("RuntimeStatus", globalAccountID, runtimeID).Return(schema.RuntimeStatus{ 82 RuntimeConfiguration: &schema.RuntimeConfig{ 83 Kubeconfig: skrWrongKubeconfig(), 84 }, 85 }, nil) 86 defer provisionerClient.AssertExpectations(t) 87 88 builder := NewBuilder(provisionerClient) 89 instance := &internal.Instance{ 90 RuntimeID: runtimeID, 91 GlobalAccountID: globalAccountID, 92 } 93 94 // when 95 _, err := builder.Build(instance) 96 97 //then 98 require.Error(t, err) 99 require.Contains(t, err.Error(), "while validation kubeconfig fetched by provisioner") 100 }) 101 } 102 103 func TestBuilder_BuildFromAdminKubeconfig(t *testing.T) { 104 t.Run("new kubeconfig was build properly", func(t *testing.T) { 105 // given 106 provisionerClient := &automock.Client{} 107 provisionerClient.On("RuntimeStatus", globalAccountID, runtimeID).Return(schema.RuntimeStatus{ 108 RuntimeConfiguration: &schema.RuntimeConfig{ 109 Kubeconfig: skrKubeconfig(), 110 ClusterConfig: &schema.GardenerConfig{ 111 OidcConfig: &schema.OIDCConfig{ 112 ClientID: clientID, 113 GroupsClaim: "gclaim", 114 IssuerURL: issuerURL, 115 SigningAlgs: nil, 116 UsernameClaim: "uclaim", 117 UsernamePrefix: "-", 118 }, 119 }, 120 }, 121 }, nil) 122 defer provisionerClient.AssertExpectations(t) 123 124 builder := NewBuilder(provisionerClient) 125 126 instance := &internal.Instance{ 127 RuntimeID: runtimeID, 128 GlobalAccountID: globalAccountID, 129 } 130 131 // when 132 kubeconfig, err := builder.BuildFromAdminKubeconfig(instance, adminKubeconfig()) 133 134 //then 135 require.NoError(t, err) 136 require.Equal(t, kubeconfig, newOwnClusterKubeconfig()) 137 }) 138 } 139 140 func skrKubeconfig() *string { 141 kc := ` 142 --- 143 apiVersion: v1 144 kind: Config 145 current-context: shoot--kyma-dev--ac0d8d9 146 clusters: 147 - name: shoot--kyma-dev--ac0d8d9 148 cluster: 149 certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURUSUZJQ0FURS0tLS0tCg== 150 server: https://api.ac0d8d9.kyma-dev.shoot.canary.k8s-hana.ondemand.com 151 contexts: 152 - name: shoot--kyma-dev--ac0d8d9 153 context: 154 cluster: shoot--kyma-dev--ac0d8d9 155 user: shoot--kyma-dev--ac0d8d9-token 156 users: 157 - name: shoot--kyma-dev--ac0d8d9-token 158 user: 159 token: DKPAe2Lt06a8dlUlE81kaWdSSDVSSf38x5PIj6cwQkqHMrw4UldsUr1guD6Thayw 160 ` 161 return &kc 162 } 163 164 func newKubeconfig() string { 165 return fmt.Sprintf(` 166 --- 167 apiVersion: v1 168 kind: Config 169 current-context: shoot--kyma-dev--ac0d8d9 170 clusters: 171 - name: shoot--kyma-dev--ac0d8d9 172 cluster: 173 certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURUSUZJQ0FURS0tLS0tCg== 174 server: https://api.ac0d8d9.kyma-dev.shoot.canary.k8s-hana.ondemand.com 175 contexts: 176 - name: shoot--kyma-dev--ac0d8d9 177 context: 178 cluster: shoot--kyma-dev--ac0d8d9 179 user: shoot--kyma-dev--ac0d8d9 180 users: 181 - name: shoot--kyma-dev--ac0d8d9 182 user: 183 exec: 184 apiVersion: client.authentication.k8s.io/v1beta1 185 args: 186 - get-token 187 - "--oidc-issuer-url=%s" 188 - "--oidc-client-id=%s" 189 - "--oidc-extra-scope=email" 190 - "--oidc-extra-scope=openid" 191 command: kubectl-oidc_login 192 installHint: | 193 kubelogin plugin is required to proceed with authentication 194 # Homebrew (macOS and Linux) 195 brew install int128/kubelogin/kubelogin 196 197 # Krew (macOS, Linux, Windows and ARM) 198 kubectl krew install oidc-login 199 200 # Chocolatey (Windows) 201 choco install kubelogin 202 `, issuerURL, clientID, 203 ) 204 } 205 206 func newOwnClusterKubeconfig() string { 207 return fmt.Sprintf(` 208 --- 209 apiVersion: v1 210 kind: Config 211 current-context: shoot--kyma-dev--admin 212 clusters: 213 - name: shoot--kyma-dev--admin 214 cluster: 215 certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURUSUZJQ0FURS0tLS0tCg== 216 server: https://api.ac0d8d9.kyma-dev.shoot.canary.k8s-hana.ondemand.com 217 contexts: 218 - name: shoot--kyma-dev--admin 219 context: 220 cluster: shoot--kyma-dev--admin 221 user: shoot--kyma-dev--admin 222 users: 223 - name: shoot--kyma-dev--admin 224 user: 225 exec: 226 apiVersion: client.authentication.k8s.io/v1beta1 227 args: 228 - get-token 229 - "--oidc-issuer-url=%s" 230 - "--oidc-client-id=%s" 231 - "--oidc-extra-scope=email" 232 - "--oidc-extra-scope=openid" 233 command: kubectl-oidc_login 234 installHint: | 235 kubelogin plugin is required to proceed with authentication 236 # Homebrew (macOS and Linux) 237 brew install int128/kubelogin/kubelogin 238 239 # Krew (macOS, Linux, Windows and ARM) 240 kubectl krew install oidc-login 241 242 # Chocolatey (Windows) 243 choco install kubelogin 244 `, issuerURL, clientID, 245 ) 246 } 247 248 func skrWrongKubeconfig() *string { 249 kc := ` 250 --- 251 apiVersion: v1 252 kind: Config 253 current-context: shoot--kyma-dev--ac0d8d9 254 clusters: 255 - name: shoot--kyma-dev--ac0d8d9 256 contexts: 257 - name: shoot--kyma-dev--ac0d8d9 258 context: 259 cluster: shoot--kyma-dev--ac0d8d9 260 user: shoot--kyma-dev--ac0d8d9-token 261 users: 262 - name: shoot--kyma-dev--ac0d8d9-token 263 user: 264 token: DKPAe2Lt06a8dlUlE81kaWdSSDVSSf38x5PIj6cwQkqHMrw4UldsUr1guD6Thayw 265 ` 266 return &kc 267 } 268 269 func adminKubeconfig() string { 270 return ` 271 --- 272 apiVersion: v1 273 kind: Config 274 current-context: shoot--kyma-dev--admin 275 clusters: 276 - name: shoot--kyma-dev--admin 277 cluster: 278 certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURUSUZJQ0FURS0tLS0tCg== 279 server: https://api.ac0d8d9.kyma-dev.shoot.canary.k8s-hana.ondemand.com 280 contexts: 281 - name: shoot--kyma-dev--admin 282 context: 283 cluster: shoot--kyma-dev--admin 284 user: shoot--kyma-dev--admin-token 285 users: 286 - name: shoot--kyma-dev--admin-token 287 user: 288 token: DKPAe2Lt06a8dlUlE81kaWdSSDVSSf38x5PIj6cwQkqHMrw4UldsUr1guD6Thayw 289 290 ` 291 }