github.com/secure-build/gitlab-runner@v12.5.0+incompatible/executors/kubernetes/overwrites_test.go (about) 1 package kubernetes 2 3 import ( 4 "os" 5 "testing" 6 7 "github.com/sirupsen/logrus" 8 "github.com/stretchr/testify/assert" 9 10 "gitlab.com/gitlab-org/gitlab-runner/common" 11 ) 12 13 func buildOverwriteVariables(namespace, serviceAccount, bearerToken string, podAnnotations map[string]string) common.JobVariables { 14 variables := make(common.JobVariables, 4) 15 16 if namespace != "" { 17 variables = append(variables, common.JobVariable{Key: NamespaceOverwriteVariableName, Value: namespace}) 18 } 19 20 if serviceAccount != "" { 21 variables = append(variables, common.JobVariable{Key: ServiceAccountOverwriteVariableName, Value: serviceAccount}) 22 } 23 24 if bearerToken != "" { 25 variables = append(variables, common.JobVariable{Key: BearerTokenOverwriteVariableValue, Value: bearerToken}) 26 } 27 28 for k, v := range podAnnotations { 29 variables = append(variables, common.JobVariable{Key: k, Value: v}) 30 } 31 return variables 32 } 33 34 func stdoutLogger() common.BuildLogger { 35 return common.NewBuildLogger(&common.Trace{Writer: os.Stdout}, logrus.WithFields(logrus.Fields{})) 36 } 37 38 func TestOverwrites(t *testing.T) { 39 logger := stdoutLogger() 40 overwritesAllowedConfig := &common.KubernetesConfig{ 41 NamespaceOverwriteAllowed: ".*", 42 ServiceAccountOverwriteAllowed: ".*", 43 BearerTokenOverwriteAllowed: true, 44 PodAnnotationsOverwriteAllowed: ".*", 45 PodAnnotations: map[string]string{ 46 "test1": "test1", 47 "test2": "test2", 48 "test3": "test3", 49 "org.gitlab/runner-version": "v10.4.0", 50 "org.gitlab/gitlab-host": "https://gitlab.example.com", 51 "iam.amazonaws.com/role": "arn:aws:iam::123456789012:role/", 52 }, 53 } 54 55 tests := []struct { 56 Name string 57 Config *common.KubernetesConfig 58 NamespaceOverwriteVariableValue string 59 ServiceAccountOverwriteVariableValue string 60 BearerTokenOverwriteVariableValue string 61 PodAnnotationsOverwriteValues map[string]string 62 Expected *overwrites 63 Error bool 64 }{ 65 { 66 Name: "Empty Configuration", 67 Config: &common.KubernetesConfig{}, 68 Expected: &overwrites{}, 69 }, 70 { 71 Name: "All overwrites allowed", 72 Config: overwritesAllowedConfig, 73 NamespaceOverwriteVariableValue: "my_namespace", 74 ServiceAccountOverwriteVariableValue: "my_service_account", 75 BearerTokenOverwriteVariableValue: "my_bearer_token", 76 PodAnnotationsOverwriteValues: map[string]string{ 77 "KUBERNETES_POD_ANNOTATIONS_1": "test3=test3=1", 78 "KUBERNETES_POD_ANNOTATIONS_2": "test4=test4", 79 "KUBERNETES_POD_ANNOTATIONS_gilabversion": "org.gitlab/runner-version=v10.4.0-override", 80 "KUBERNETES_POD_ANNOTATIONS_kube2iam": "iam.amazonaws.com/role=arn:aws:iam::kjcbs;dkjbck=jxzweopiu:role/", 81 }, 82 Expected: &overwrites{ 83 namespace: "my_namespace", 84 serviceAccount: "my_service_account", 85 bearerToken: "my_bearer_token", 86 podAnnotations: map[string]string{ 87 "test1": "test1", 88 "test2": "test2", 89 "test3": "test3=1", 90 "test4": "test4", 91 "org.gitlab/runner-version": "v10.4.0-override", 92 "org.gitlab/gitlab-host": "https://gitlab.example.com", 93 "iam.amazonaws.com/role": "arn:aws:iam::kjcbs;dkjbck=jxzweopiu:role/", 94 }, 95 }, 96 }, 97 { 98 Name: "No overwrites allowed", 99 Config: &common.KubernetesConfig{ 100 Namespace: "my_namespace", 101 ServiceAccount: "my_service_account", 102 BearerToken: "my_bearer_token", 103 PodAnnotations: map[string]string{ 104 "test1": "test1", 105 "test2": "test2", 106 }, 107 }, 108 NamespaceOverwriteVariableValue: "another_namespace", 109 ServiceAccountOverwriteVariableValue: "another_service_account", 110 BearerTokenOverwriteVariableValue: "another_bearer_token", 111 PodAnnotationsOverwriteValues: map[string]string{ 112 "KUBERNETES_POD_ANNOTATIONS_1": "test3=test3", 113 "KUBERNETES_POD_ANNOTATIONS_2": "test4=test4", 114 }, 115 Expected: &overwrites{ 116 namespace: "my_namespace", 117 serviceAccount: "my_service_account", 118 bearerToken: "my_bearer_token", 119 podAnnotations: map[string]string{ 120 "test1": "test1", 121 "test2": "test2", 122 }, 123 }, 124 }, 125 { 126 Name: "Namespace failure", 127 Config: &common.KubernetesConfig{ 128 NamespaceOverwriteAllowed: "not-a-match", 129 }, 130 NamespaceOverwriteVariableValue: "my_namespace", 131 Error: true, 132 }, 133 { 134 Name: "ServiceAccount failure", 135 Config: &common.KubernetesConfig{ 136 ServiceAccountOverwriteAllowed: "not-a-match", 137 }, 138 ServiceAccountOverwriteVariableValue: "my_service_account", 139 Error: true, 140 }, 141 { 142 Name: "PodAnnotations failure", 143 Config: &common.KubernetesConfig{ 144 PodAnnotationsOverwriteAllowed: "not-a-match", 145 }, 146 PodAnnotationsOverwriteValues: map[string]string{ 147 "KUBERNETES_POD_ANNOTATIONS_1": "test1=test1", 148 }, 149 Error: true, 150 }, 151 { 152 Name: "PodAnnotations malformed key", 153 Config: &common.KubernetesConfig{ 154 PodAnnotationsOverwriteAllowed: ".*", 155 }, 156 PodAnnotationsOverwriteValues: map[string]string{ 157 "KUBERNETES_POD_ANNOTATIONS_1": "test1", 158 }, 159 Error: true, 160 }, 161 } 162 163 for _, test := range tests { 164 t.Run(test.Name, func(t *testing.T) { 165 assert := assert.New(t) 166 variables := buildOverwriteVariables(test.NamespaceOverwriteVariableValue, test.ServiceAccountOverwriteVariableValue, test.BearerTokenOverwriteVariableValue, test.PodAnnotationsOverwriteValues) 167 values, err := createOverwrites(test.Config, variables, logger) 168 if test.Error { 169 assert.Error(err) 170 assert.Contains(err.Error(), "does not match") 171 } else { 172 assert.NoError(err) 173 assert.Equal(test.Expected, values) 174 } 175 }) 176 } 177 }