github.com/spotahome/redis-operator@v1.2.4/service/k8s/rbac_test.go (about) 1 package k8s_test 2 3 import ( 4 "errors" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 rbacv1 "k8s.io/api/rbac/v1" 9 kubeerrors "k8s.io/apimachinery/pkg/api/errors" 10 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 11 "k8s.io/apimachinery/pkg/runtime" 12 "k8s.io/apimachinery/pkg/runtime/schema" 13 kubernetes "k8s.io/client-go/kubernetes/fake" 14 kubetesting "k8s.io/client-go/testing" 15 16 "github.com/spotahome/redis-operator/log" 17 "github.com/spotahome/redis-operator/metrics" 18 "github.com/spotahome/redis-operator/service/k8s" 19 ) 20 21 var ( 22 rbGroup = schema.GroupVersionResource{Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "rolebindings"} 23 ) 24 25 func newRBUpdateAction(ns string, rb *rbacv1.RoleBinding) kubetesting.UpdateActionImpl { 26 return kubetesting.NewUpdateAction(rbGroup, ns, rb) 27 } 28 29 func newRBGetAction(ns, name string) kubetesting.GetActionImpl { 30 return kubetesting.NewGetAction(rbGroup, ns, name) 31 } 32 33 func newRBCreateAction(ns string, rb *rbacv1.RoleBinding) kubetesting.CreateActionImpl { 34 return kubetesting.NewCreateAction(rbGroup, ns, rb) 35 } 36 func newRBDeleteAction(ns string, name string) kubetesting.DeleteActionImpl { 37 return kubetesting.NewDeleteAction(rbGroup, ns, name) 38 } 39 40 func TestRBACServiceGetCreateOrUpdateRoleBinding(t *testing.T) { 41 testRB := &rbacv1.RoleBinding{ 42 ObjectMeta: metav1.ObjectMeta{ 43 Name: "test1", 44 ResourceVersion: "15", 45 }, 46 RoleRef: rbacv1.RoleRef{ 47 Name: "test1", 48 }, 49 } 50 51 testns := "testns" 52 53 tests := []struct { 54 name string 55 rb *rbacv1.RoleBinding 56 getRBResult *rbacv1.RoleBinding 57 errorOnGet error 58 errorOnCreation error 59 expActions []kubetesting.Action 60 expErr bool 61 }{ 62 { 63 name: "A new role binding should create a new role binding.", 64 rb: testRB, 65 getRBResult: nil, 66 errorOnGet: kubeerrors.NewNotFound(schema.GroupResource{}, ""), 67 errorOnCreation: nil, 68 expActions: []kubetesting.Action{ 69 newRBGetAction(testns, testRB.ObjectMeta.Name), 70 newRBCreateAction(testns, testRB), 71 }, 72 expErr: false, 73 }, 74 { 75 name: "A new role binding should error when create a new role binding fails.", 76 rb: testRB, 77 getRBResult: nil, 78 errorOnGet: kubeerrors.NewNotFound(schema.GroupResource{}, ""), 79 errorOnCreation: errors.New("wanted error"), 80 expActions: []kubetesting.Action{ 81 newRBGetAction(testns, testRB.ObjectMeta.Name), 82 newRBUpdateAction(testns, testRB), 83 }, 84 expErr: true, 85 }, 86 { 87 name: "An existent role binding should update the role binding.", 88 rb: testRB, 89 getRBResult: testRB, 90 errorOnGet: nil, 91 errorOnCreation: nil, 92 expActions: []kubetesting.Action{ 93 newRBGetAction(testns, testRB.ObjectMeta.Name), 94 newRBUpdateAction(testns, testRB), 95 }, 96 expErr: false, 97 }, 98 { 99 name: "An change in role reference inside binding should recreate the role binding.", 100 rb: testRB, 101 getRBResult: &rbacv1.RoleBinding{ 102 ObjectMeta: metav1.ObjectMeta{ 103 Name: "test1", 104 ResourceVersion: "15", 105 }, 106 RoleRef: rbacv1.RoleRef{ 107 Name: "oldroleRef", 108 }, 109 }, 110 errorOnGet: nil, 111 errorOnCreation: nil, 112 expActions: []kubetesting.Action{ 113 newRBGetAction(testns, testRB.ObjectMeta.Name), 114 newRBDeleteAction(testns, testRB.Name), 115 newRBCreateAction(testns, testRB), 116 }, 117 expErr: false, 118 }, 119 } 120 121 for _, test := range tests { 122 t.Run(test.name, func(t *testing.T) { 123 assert := assert.New(t) 124 125 // Mock. 126 mcli := &kubernetes.Clientset{} 127 mcli.AddReactor("get", "rolebindings", func(action kubetesting.Action) (bool, runtime.Object, error) { 128 return true, test.getRBResult, test.errorOnGet 129 }) 130 mcli.AddReactor("create", "rolebindings", func(action kubetesting.Action) (bool, runtime.Object, error) { 131 return true, nil, test.errorOnCreation 132 }) 133 134 service := k8s.NewRBACService(mcli, log.Dummy, metrics.Dummy) 135 err := service.CreateOrUpdateRoleBinding(testns, test.rb) 136 137 if test.expErr { 138 assert.Error(err) 139 } else { 140 assert.NoError(err) 141 // Check calls to kubernetes. 142 assert.Equal(test.expActions, mcli.Actions()) 143 } 144 }) 145 } 146 }