open-cluster-management.io/governance-policy-propagator@v0.13.0/controllers/complianceeventsapi/complianceeventsapi_controller_test.go (about) 1 package complianceeventsapi 2 3 import ( 4 "net/url" 5 "os" 6 "path" 7 "strings" 8 "testing" 9 10 . "github.com/onsi/gomega" 11 corev1 "k8s.io/api/core/v1" 12 ) 13 14 func TestParseDBSecret(t *testing.T) { 15 t.Parallel() 16 17 const caContent = "some-ca" 18 19 tests := []struct { 20 name string 21 secret corev1.Secret 22 expected string 23 }{ 24 { 25 name: "connectionURL-no-ssl", 26 secret: corev1.Secret{ 27 Data: map[string][]byte{ 28 "connectionURL": []byte("postgresql://grc:grc@localhost/db?sslmode=disable"), 29 }, 30 }, 31 expected: "postgresql://grc:grc@localhost/db?sslmode=disable&connect_timeout=5", 32 }, 33 { 34 name: "connectionURL-newline", 35 secret: corev1.Secret{ 36 Data: map[string][]byte{ 37 "connectionURL": []byte("postgresql://grc:grc@localhost/db?sslmode=disable\n"), 38 }, 39 }, 40 expected: "postgresql://grc:grc@localhost/db?sslmode=disable&connect_timeout=5", 41 }, 42 { 43 name: "connectionURL-ssl-ca", 44 secret: corev1.Secret{ 45 Data: map[string][]byte{ 46 "ca": []byte(caContent), 47 "connectionURL": []byte("postgresql://grc:grc@localhost/db?sslmode=verify-full"), 48 }, 49 }, 50 expected: "postgresql://grc:grc@localhost/db?sslmode=verify-full&connect_timeout=5", 51 }, 52 { 53 name: "connectionURL-custom-connect_timeout", 54 secret: corev1.Secret{ 55 Data: map[string][]byte{ 56 "connectionURL": []byte("postgresql://grc:grc@localhost/db?connect_timeout=30"), 57 }, 58 }, 59 expected: "postgresql://grc:grc@localhost/db?connect_timeout=30", 60 }, 61 { 62 name: "separate-with-defaults", 63 secret: corev1.Secret{ 64 Data: map[string][]byte{ 65 "user": []byte("grc"), 66 "password": []byte("grc"), 67 "host": []byte("localhost"), 68 "dbname": []byte("db"), 69 }, 70 }, 71 expected: "postgresql://grc:grc@localhost:5432/db?sslmode=verify-full&connect_timeout=5", 72 }, 73 { 74 name: "separate-no-defaults", 75 secret: corev1.Secret{ 76 Data: map[string][]byte{ 77 "user": []byte("grc"), 78 "password": []byte("grc"), 79 "host": []byte("localhost"), 80 "port": []byte("1234"), 81 "dbname": []byte("db"), 82 "sslmode": []byte("disable"), 83 }, 84 }, 85 expected: "postgresql://grc:grc@localhost:1234/db?sslmode=disable&connect_timeout=5", 86 }, 87 { 88 name: "separate-with-ca", 89 secret: corev1.Secret{ 90 Data: map[string][]byte{ 91 "user": []byte("grc"), 92 "password": []byte("grc"), 93 "host": []byte("localhost"), 94 "dbname": []byte("db"), 95 "ca": []byte(caContent), 96 }, 97 }, 98 expected: "postgresql://grc:grc@localhost:5432/db?sslmode=verify-full&connect_timeout=5", 99 }, 100 } 101 102 for _, test := range tests { 103 test := test 104 105 t.Run( 106 test.name, 107 func(t *testing.T) { 108 t.Parallel() 109 110 g := NewWithT(t) 111 112 tempDir, err := os.MkdirTemp("", "test-compliance-events-store") 113 g.Expect(err).ToNot(HaveOccurred()) 114 115 defer os.RemoveAll(tempDir) 116 117 connectionURL, err := ParseDBSecret(&test.secret, tempDir) 118 g.Expect(err).ToNot(HaveOccurred()) 119 120 caPath := path.Join(tempDir, "db-ca.crt") 121 122 if strings.Contains(connectionURL, "sslrootcert") { 123 g.Expect(connectionURL).To(Equal(test.expected + "&sslrootcert=" + url.QueryEscape(caPath))) 124 125 readCA, err := os.ReadFile(caPath) 126 g.Expect(err).ToNot(HaveOccurred()) 127 g.Expect(string(readCA)).To(Equal(caContent)) 128 } else { 129 g.Expect(connectionURL).To(Equal(test.expected)) 130 _, err := os.Stat(caPath) 131 g.Expect(err).To(MatchError(os.ErrNotExist)) 132 } 133 }, 134 ) 135 } 136 } 137 138 func TestParseDBSecretErrors(t *testing.T) { 139 t.Parallel() 140 141 tests := []struct { 142 name string 143 secret corev1.Secret 144 expectedSubStr string 145 }{ 146 { 147 name: "missing-all", 148 secret: corev1.Secret{ 149 Data: map[string][]byte{}, 150 }, 151 expectedSubStr: "no user value was provided", 152 }, 153 { 154 name: "missing-user", 155 secret: corev1.Secret{ 156 Data: map[string][]byte{ 157 "password": []byte("grc"), 158 "host": []byte("localhost"), 159 "dbname": []byte("db"), 160 }, 161 }, 162 expectedSubStr: "no user value was provided", 163 }, 164 { 165 name: "missing-password", 166 secret: corev1.Secret{ 167 Data: map[string][]byte{ 168 "user": []byte("grc"), 169 "host": []byte("localhost"), 170 "dbname": []byte("db"), 171 }, 172 }, 173 expectedSubStr: "no password value was provided", 174 }, 175 { 176 name: "missing-host", 177 secret: corev1.Secret{ 178 Data: map[string][]byte{ 179 "user": []byte("grc"), 180 "password": []byte("grc"), 181 "dbname": []byte("db"), 182 }, 183 }, 184 expectedSubStr: "no host value was provided", 185 }, 186 { 187 name: "missing-host", 188 secret: corev1.Secret{ 189 Data: map[string][]byte{ 190 "user": []byte("grc"), 191 "password": []byte("grc"), 192 "host": []byte("localhost"), 193 }, 194 }, 195 expectedSubStr: "no dbname value was provided", 196 }, 197 } 198 199 for _, test := range tests { 200 test := test 201 202 t.Run( 203 test.name, 204 func(t *testing.T) { 205 t.Parallel() 206 207 g := NewWithT(t) 208 _, err := ParseDBSecret(&test.secret, "") 209 g.Expect(err).To(MatchError(ErrInvalidDBSecret)) 210 g.Expect(err.Error()).To(ContainSubstring(test.expectedSubStr)) 211 }, 212 ) 213 } 214 }