github.com/kyma-project/kyma-environment-broker@v0.0.1/internal/process/provisioning/resolve_creds_test.go (about) 1 package provisioning 2 3 import ( 4 "fmt" 5 "testing" 6 "time" 7 8 "github.com/kyma-project/kyma-environment-broker/common/gardener" 9 "github.com/kyma-project/kyma-environment-broker/internal/fixture" 10 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" 11 "k8s.io/apimachinery/pkg/runtime/schema" 12 13 "github.com/pivotal-cf/brokerapi/v8/domain" 14 15 "github.com/kyma-project/kyma-environment-broker/internal" 16 17 "github.com/kyma-project/kyma-environment-broker/internal/broker" 18 19 "github.com/stretchr/testify/require" 20 21 "github.com/kyma-project/kyma-environment-broker/common/hyperscaler" 22 hyperscalerMocks "github.com/kyma-project/kyma-environment-broker/common/hyperscaler/automock" 23 "github.com/kyma-project/kyma-environment-broker/internal/storage" 24 "github.com/sirupsen/logrus" 25 "github.com/stretchr/testify/assert" 26 ) 27 28 const ( 29 namespace = "kyma-dev" 30 tenant = "tenant" 31 ) 32 33 func TestResolveCredentialsStepHappyPath_Run(t *testing.T) { 34 // given 35 log := logrus.New() 36 memoryStorage := storage.NewMemoryStorage() 37 38 operation := fixOperationRuntimeStatus(broker.GCPPlanID, internal.GCP) 39 err := memoryStorage.Operations().InsertOperation(operation) 40 assert.NoError(t, err) 41 42 accountProviderMock := &hyperscalerMocks.AccountProvider{} 43 accountProviderMock.On("GardenerSecretName", hyperscaler.GCP, statusGlobalAccountID, false).Return("gardener-secret-gcp", nil) 44 45 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProviderMock) 46 47 // when 48 operation, repeat, err := step.Run(operation, log) 49 50 assert.NoError(t, err) 51 52 // then 53 assert.NoError(t, err) 54 assert.Equal(t, time.Duration(0), repeat) 55 assert.Equal(t, domain.InProgress, operation.State) 56 require.NotNil(t, operation.ProvisioningParameters.Parameters.TargetSecret) 57 assert.Equal(t, "gardener-secret-gcp", *operation.ProvisioningParameters.Parameters.TargetSecret) 58 } 59 60 func TestResolveCredentialsEUStepHappyPath_Run(t *testing.T) { 61 // given 62 log := logrus.New() 63 memoryStorage := storage.NewMemoryStorage() 64 65 operation := fixOperationRuntimeStatus(broker.AWSPlanID, internal.AWS) 66 operation.ProvisioningParameters.PlatformRegion = "cf-eu11" 67 err := memoryStorage.Operations().InsertOperation(operation) 68 assert.NoError(t, err) 69 70 accountProviderMock := &hyperscalerMocks.AccountProvider{} 71 accountProviderMock.On("GardenerSecretName", hyperscaler.AWS, statusGlobalAccountID, true).Return("gardener-secret-aws", nil) 72 73 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProviderMock) 74 75 // when 76 operation, repeat, err := step.Run(operation, log) 77 78 assert.NoError(t, err) 79 80 // then 81 assert.NoError(t, err) 82 assert.Equal(t, time.Duration(0), repeat) 83 assert.Equal(t, domain.InProgress, operation.State) 84 require.NotNil(t, operation.ProvisioningParameters.Parameters.TargetSecret) 85 assert.Equal(t, "gardener-secret-aws", *operation.ProvisioningParameters.Parameters.TargetSecret) 86 } 87 88 func TestResolveCredentialsCHStepHappyPath_Run(t *testing.T) { 89 // given 90 log := logrus.New() 91 memoryStorage := storage.NewMemoryStorage() 92 93 operation := fixOperationRuntimeStatus(broker.AWSPlanID, internal.Azure) 94 operation.ProvisioningParameters.PlatformRegion = "cf-ch20" 95 err := memoryStorage.Operations().InsertOperation(operation) 96 assert.NoError(t, err) 97 98 accountProviderMock := &hyperscalerMocks.AccountProvider{} 99 accountProviderMock.On("GardenerSecretName", hyperscaler.Azure, statusGlobalAccountID, true).Return("gardener-secret-az", nil) 100 101 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProviderMock) 102 103 // when 104 operation, repeat, err := step.Run(operation, log) 105 106 assert.NoError(t, err) 107 108 // then 109 assert.NoError(t, err) 110 assert.Equal(t, time.Duration(0), repeat) 111 assert.Equal(t, domain.InProgress, operation.State) 112 require.NotNil(t, operation.ProvisioningParameters.Parameters.TargetSecret) 113 assert.Equal(t, "gardener-secret-az", *operation.ProvisioningParameters.Parameters.TargetSecret) 114 } 115 116 func TestResolveCredentialsStepHappyPathTrialDefaultProvider_Run(t *testing.T) { 117 // given 118 log := logrus.New() 119 memoryStorage := storage.NewMemoryStorage() 120 121 operation := fixOperationRuntimeStatus(broker.TrialPlanID, internal.Azure) 122 err := memoryStorage.Operations().InsertOperation(operation) 123 assert.NoError(t, err) 124 125 accountProviderMock := &hyperscalerMocks.AccountProvider{} 126 accountProviderMock.On("GardenerSharedSecretName", hyperscaler.Azure, false).Return("gardener-secret-azure", nil) 127 128 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProviderMock) 129 130 // when 131 operation, repeat, err := step.Run(operation, log) 132 133 assert.NoError(t, err) 134 135 // then 136 assert.NoError(t, err) 137 assert.Equal(t, time.Duration(0), repeat) 138 assert.Equal(t, domain.InProgress, operation.State) 139 require.NotNil(t, operation.ProvisioningParameters.Parameters.TargetSecret) 140 assert.Equal(t, "gardener-secret-azure", *operation.ProvisioningParameters.Parameters.TargetSecret) 141 } 142 143 func TestResolveCredentialsStepHappyPathTrialGivenProvider_Run(t *testing.T) { 144 // given 145 log := logrus.New() 146 memoryStorage := storage.NewMemoryStorage() 147 148 operation := fixOperationRuntimeStatusWithProvider(broker.TrialPlanID, internal.GCP) 149 150 err := memoryStorage.Operations().InsertOperation(operation) 151 assert.NoError(t, err) 152 153 accountProviderMock := &hyperscalerMocks.AccountProvider{} 154 accountProviderMock.On("GardenerSharedSecretName", hyperscaler.GCP, false).Return("gardener-secret-gcp", nil) 155 156 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProviderMock) 157 158 // when 159 operation, repeat, err := step.Run(operation, log) 160 161 assert.NoError(t, err) 162 163 // then 164 assert.NoError(t, err) 165 assert.Equal(t, time.Duration(0), repeat) 166 assert.Empty(t, operation.State) 167 require.NotNil(t, operation.ProvisioningParameters.Parameters.TargetSecret) 168 assert.Equal(t, "gardener-secret-gcp", *operation.ProvisioningParameters.Parameters.TargetSecret) 169 } 170 171 func TestResolveCredentialsStepRetry_Run(t *testing.T) { 172 // given 173 log := logrus.New() 174 memoryStorage := storage.NewMemoryStorage() 175 176 operation := fixOperationRuntimeStatus(broker.GCPPlanID, internal.GCP) 177 err := memoryStorage.Operations().InsertOperation(operation) 178 assert.NoError(t, err) 179 180 accountProviderMock := &hyperscalerMocks.AccountProvider{} 181 accountProviderMock.On("GardenerSecretName", hyperscaler.GCP, statusGlobalAccountID, false).Return("", fmt.Errorf("Failed!")) 182 183 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProviderMock) 184 185 operation.UpdatedAt = time.Now() 186 187 // when 188 operation, repeat, err := step.Run(operation, log) 189 190 assert.NoError(t, err) 191 192 // then 193 assert.NoError(t, err) 194 assert.Equal(t, 10*time.Second, repeat) 195 assert.Nil(t, operation.ProvisioningParameters.Parameters.TargetSecret) 196 assert.Equal(t, domain.InProgress, operation.State) 197 198 operation, repeat, err = step.Run(operation, log) 199 200 assert.NoError(t, err) 201 assert.Equal(t, 10*time.Second, repeat) 202 assert.Equal(t, domain.InProgress, operation.State) 203 assert.Nil(t, operation.ProvisioningParameters.Parameters.TargetSecret) 204 } 205 206 func TestResolveCredentials_IntegrationAWS(t *testing.T) { 207 // given 208 log := logrus.New() 209 memoryStorage := storage.NewMemoryStorage() 210 gc := gardener.NewDynamicFakeClient( 211 fixSecretBinding("s1aws", "aws"), 212 fixSecretBinding("s1azure", "azure")) 213 accountProvider := hyperscaler.NewAccountProvider(hyperscaler.NewAccountPool(gc, namespace), hyperscaler.NewSharedGardenerAccountPool(gc, namespace)) 214 215 op := fixOperationWithPlatformRegion("cf-us10", internal.AWS) 216 memoryStorage.Operations().InsertOperation(op) 217 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProvider) 218 219 // when 220 operation, backoff, err := step.Run(op, log) 221 222 // then 223 assert.Zero(t, backoff) 224 assert.NoError(t, err) 225 assert.Equal(t, "s1aws", *operation.ProvisioningParameters.Parameters.TargetSecret) 226 } 227 228 func TestResolveCredentials_IntegrationAWSEuAccess(t *testing.T) { 229 // given 230 log := logrus.New() 231 memoryStorage := storage.NewMemoryStorage() 232 gc := gardener.NewDynamicFakeClient( 233 fixSecretBinding("aws", "aws"), 234 fixSecretBinding("azure", "azure"), 235 fixEuAccessSecretBinding("awseu", "aws"), 236 fixEuAccessSecretBinding("azureeu", "azure")) 237 accountProvider := hyperscaler.NewAccountProvider(hyperscaler.NewAccountPool(gc, namespace), hyperscaler.NewSharedGardenerAccountPool(gc, namespace)) 238 239 op := fixOperationWithPlatformRegion("cf-eu11", internal.AWS) 240 memoryStorage.Operations().InsertOperation(op) 241 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProvider) 242 243 // when 244 operation, backoff, err := step.Run(op, log) 245 246 // then 247 assert.Zero(t, backoff) 248 assert.NoError(t, err) 249 assert.Equal(t, "awseu", *operation.ProvisioningParameters.Parameters.TargetSecret) 250 } 251 252 func TestResolveCredentials_IntegrationAzure(t *testing.T) { 253 // given 254 log := logrus.New() 255 memoryStorage := storage.NewMemoryStorage() 256 gc := gardener.NewDynamicFakeClient( 257 fixSecretBinding("s1aws", "aws"), 258 fixSecretBinding("s1azure", "azure")) 259 accountProvider := hyperscaler.NewAccountProvider(hyperscaler.NewAccountPool(gc, namespace), hyperscaler.NewSharedGardenerAccountPool(gc, namespace)) 260 261 op := fixOperationWithPlatformRegion("cf-eu21", internal.Azure) 262 memoryStorage.Operations().InsertOperation(op) 263 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProvider) 264 265 // when 266 operation, backoff, err := step.Run(op, log) 267 268 // then 269 assert.Zero(t, backoff) 270 assert.NoError(t, err) 271 assert.Equal(t, "s1azure", *operation.ProvisioningParameters.Parameters.TargetSecret) 272 } 273 274 func TestResolveCredentials_IntegrationAzureEuAccess(t *testing.T) { 275 // given 276 log := logrus.New() 277 memoryStorage := storage.NewMemoryStorage() 278 gc := gardener.NewDynamicFakeClient( 279 fixSecretBinding("aws", "aws"), 280 fixSecretBinding("azure", "azure"), 281 fixEuAccessSecretBinding("awseu", "aws"), 282 fixEuAccessSecretBinding("azureeu", "azure")) 283 accountProvider := hyperscaler.NewAccountProvider(hyperscaler.NewAccountPool(gc, namespace), hyperscaler.NewSharedGardenerAccountPool(gc, namespace)) 284 285 op := fixOperationWithPlatformRegion("cf-ch20", internal.Azure) 286 memoryStorage.Operations().InsertOperation(op) 287 step := NewResolveCredentialsStep(memoryStorage.Operations(), accountProvider) 288 289 // when 290 operation, backoff, err := step.Run(op, log) 291 292 // then 293 assert.Zero(t, backoff) 294 assert.NoError(t, err) 295 assert.Equal(t, "azureeu", *operation.ProvisioningParameters.Parameters.TargetSecret) 296 } 297 298 func fixOperationWithPlatformRegion(platformRegion string, provider internal.CloudProvider) internal.Operation { 299 o := fixture.FixProvisioningOperationWithProvider(statusOperationID, statusInstanceID, provider) 300 o.ProvisioningParameters.PlatformRegion = platformRegion 301 302 return o 303 } 304 305 var gvk = schema.GroupVersionKind{Group: "core.gardener.cloud", Version: "v1beta1", Kind: "SecretBinding"} 306 307 func fixSecretBinding(name, hyperscalerType string) *unstructured.Unstructured { 308 o := &unstructured.Unstructured{ 309 Object: map[string]interface{}{ 310 "metadata": map[string]interface{}{ 311 "name": name, 312 "namespace": namespace, 313 "labels": map[string]interface{}{ 314 "hyperscalerType": hyperscalerType, 315 }, 316 }, 317 "secretRef": map[string]interface{}{ 318 "name": name, 319 "namespace": namespace, 320 }, 321 }, 322 } 323 o.SetGroupVersionKind(gvk) 324 return o 325 } 326 327 func fixEuAccessSecretBinding(name, hyperscalerType string) *unstructured.Unstructured { 328 o := fixSecretBinding(name, hyperscalerType) 329 labels := o.GetLabels() 330 labels["euAccess"] = "true" 331 o.SetLabels(labels) 332 return o 333 }