sigs.k8s.io/cluster-api-provider-aws@v1.5.5/api/v1beta1/awsclusterroleidentity_webhook_test.go (about) 1 /* 2 Copyright 2021 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1beta1 18 19 import ( 20 "context" 21 "testing" 22 23 . "github.com/onsi/gomega" 24 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 26 clusterv1 "sigs.k8s.io/cluster-api/cmd/clusterctl/api/v1alpha3" 27 ) 28 29 func TestAWSClusterRoleValidateCreate(t *testing.T) { 30 tests := []struct { 31 name string 32 identity *AWSClusterRoleIdentity 33 wantError bool 34 }{ 35 { 36 name: "do not allow nil sourceIdentityRef", 37 identity: &AWSClusterRoleIdentity{ 38 ObjectMeta: metav1.ObjectMeta{ 39 Name: "test", 40 }, 41 }, 42 wantError: true, 43 }, 44 { 45 name: "successfully create AWSClusterRoleIdentity", 46 identity: &AWSClusterRoleIdentity{ 47 ObjectMeta: metav1.ObjectMeta{ 48 Name: "role", 49 }, 50 Spec: AWSClusterRoleIdentitySpec{ 51 SourceIdentityRef: &AWSIdentityReference{ 52 Name: "another-role", 53 Kind: ClusterRoleIdentityKind, 54 }, 55 }, 56 }, 57 wantError: false, 58 }, 59 } 60 for _, tt := range tests { 61 t.Run(tt.name, func(t *testing.T) { 62 identity := tt.identity.DeepCopy() 63 identity.TypeMeta = metav1.TypeMeta{ 64 APIVersion: GroupVersion.String(), 65 Kind: "AWSClusterRoleIdentity", 66 } 67 ctx := context.TODO() 68 if err := testEnv.Create(ctx, identity); (err != nil) != tt.wantError { 69 t.Errorf("ValidateCreate() error = %v, wantErr %v", err, tt.wantError) 70 } 71 testEnv.Delete(ctx, identity) 72 }) 73 } 74 } 75 76 func TestCreateAWSClusterRoleIdentityLabelSelectorAsSelectorValidation(t *testing.T) { 77 tests := []struct { 78 name string 79 selectors map[string]string 80 wantError bool 81 }{ 82 { 83 name: "should not return error for valid selector", 84 selectors: map[string]string{"foo": "bar"}, 85 wantError: false, 86 }, 87 { 88 name: "should return error for invalid selector", 89 selectors: map[string]string{"-123-foo": "bar"}, 90 wantError: true, 91 }, 92 } 93 for _, tt := range tests { 94 t.Run(tt.name, func(t *testing.T) { 95 identity := &AWSClusterRoleIdentity{ 96 ObjectMeta: metav1.ObjectMeta{ 97 Name: "role", 98 }, 99 Spec: AWSClusterRoleIdentitySpec{ 100 AWSClusterIdentitySpec: AWSClusterIdentitySpec{ 101 AllowedNamespaces: &AllowedNamespaces{ 102 Selector: metav1.LabelSelector{ 103 MatchLabels: tt.selectors, 104 }, 105 }, 106 }, 107 SourceIdentityRef: &AWSIdentityReference{ 108 Name: "another-role", 109 Kind: ClusterRoleIdentityKind, 110 }, 111 }, 112 } 113 114 ctx := context.TODO() 115 if err := testEnv.Create(ctx, identity); (err != nil) != tt.wantError { 116 t.Errorf("ValidateCreate() error = %v, wantErr %v", err, tt.wantError) 117 } 118 testEnv.Delete(ctx, identity) 119 }) 120 } 121 } 122 123 func TestAWSClusterRoleValidateUpdate(t *testing.T) { 124 roleIdentity := &AWSClusterRoleIdentity{ 125 TypeMeta: metav1.TypeMeta{ 126 APIVersion: GroupVersion.String(), 127 Kind: string(ClusterRoleIdentityKind), 128 }, 129 ObjectMeta: metav1.ObjectMeta{ 130 Name: "role", 131 }, 132 Spec: AWSClusterRoleIdentitySpec{ 133 SourceIdentityRef: &AWSIdentityReference{ 134 Name: "another-role", 135 Kind: ClusterRoleIdentityKind, 136 }, 137 }, 138 } 139 140 ctx := context.TODO() 141 defer testEnv.Delete(ctx, roleIdentity) 142 143 if err := testEnv.Create(ctx, roleIdentity); err != nil { 144 t.Errorf("roleIdentity creation failed %v", err) 145 } 146 147 roleIdentity.Spec = AWSClusterRoleIdentitySpec{} 148 if err := testEnv.Update(ctx, roleIdentity); err == nil { 149 t.Errorf("roleIdentity is updated with nil sourceIdentityRef %v", err) 150 } 151 } 152 153 func TestAWSClusterRoleIdentityUpdateValidation(t *testing.T) { 154 roleIdentity := &AWSClusterRoleIdentity{ 155 TypeMeta: metav1.TypeMeta{ 156 APIVersion: GroupVersion.String(), 157 Kind: string(ClusterRoleIdentityKind), 158 }, 159 ObjectMeta: metav1.ObjectMeta{ 160 Name: "role", 161 }, 162 Spec: AWSClusterRoleIdentitySpec{ 163 AWSClusterIdentitySpec: AWSClusterIdentitySpec{ 164 AllowedNamespaces: &AllowedNamespaces{ 165 Selector: metav1.LabelSelector{ 166 MatchLabels: map[string]string{"foo": "bar"}, 167 }, 168 }, 169 }, 170 SourceIdentityRef: &AWSIdentityReference{ 171 Name: "another-role", 172 Kind: ClusterRoleIdentityKind, 173 }, 174 }, 175 } 176 177 ctx := context.TODO() 178 defer testEnv.Delete(ctx, roleIdentity) 179 180 if err := testEnv.Create(ctx, roleIdentity); err != nil { 181 t.Errorf("roleIdentity creation failed %v", err) 182 } 183 184 tests := []struct { 185 name string 186 identity *AWSClusterRoleIdentity 187 wantError bool 188 }{ 189 { 190 name: "should not return error for valid selector", 191 identity: roleIdentity, 192 wantError: false, 193 }, 194 { 195 name: "should return error for invalid selector", 196 identity: &AWSClusterRoleIdentity{ 197 ObjectMeta: metav1.ObjectMeta{ 198 Name: "role", 199 }, 200 Spec: AWSClusterRoleIdentitySpec{ 201 AWSClusterIdentitySpec: AWSClusterIdentitySpec{ 202 AllowedNamespaces: &AllowedNamespaces{ 203 Selector: metav1.LabelSelector{ 204 MatchLabels: map[string]string{"-foo-123": "bar"}, 205 }, 206 }, 207 }, 208 SourceIdentityRef: &AWSIdentityReference{ 209 Name: "another-role", 210 Kind: ClusterRoleIdentityKind, 211 }, 212 }, 213 }, 214 wantError: true, 215 }, 216 } 217 for _, tt := range tests { 218 t.Run(tt.name, func(t *testing.T) { 219 identity := tt.identity.DeepCopy() 220 ctx := context.TODO() 221 if err := testEnv.Update(ctx, identity); (err != nil) != tt.wantError { 222 t.Errorf("ValidateUpdate() error = %v, wantErr %v", err, tt.wantError) 223 } 224 }) 225 } 226 } 227 228 func TestAWSClusterRoleIdentity_Default(t *testing.T) { 229 g := NewWithT(t) 230 tests := []struct { 231 name string 232 beforeAWSClusterRoleIdentity *AWSClusterRoleIdentity 233 afterAWSClusterRoleIdentity *AWSClusterRoleIdentity 234 }{ 235 { 236 name: "Set label while creating AWSClusterRoleIdentity if labels are undefined", 237 beforeAWSClusterRoleIdentity: &AWSClusterRoleIdentity{ 238 ObjectMeta: metav1.ObjectMeta{ 239 Name: "default", 240 }, 241 Spec: AWSClusterRoleIdentitySpec{ 242 SourceIdentityRef: &AWSIdentityReference{ 243 Name: "another-role", 244 Kind: ClusterRoleIdentityKind, 245 }, 246 }, 247 }, 248 afterAWSClusterRoleIdentity: &AWSClusterRoleIdentity{ 249 ObjectMeta: metav1.ObjectMeta{ 250 Name: "default", 251 Labels: map[string]string{ 252 clusterv1.ClusterctlMoveHierarchyLabelName: "", 253 }, 254 }, 255 Spec: AWSClusterRoleIdentitySpec{ 256 SourceIdentityRef: &AWSIdentityReference{ 257 Name: "another-role", 258 Kind: ClusterRoleIdentityKind, 259 }, 260 }, 261 }, 262 }, 263 { 264 name: "Not update any label while creating AWSClusterRoleIdentity if labels are already defined", 265 beforeAWSClusterRoleIdentity: &AWSClusterRoleIdentity{ 266 ObjectMeta: metav1.ObjectMeta{ 267 Name: "default", 268 Labels: map[string]string{ 269 clusterv1.ClusterctlMoveHierarchyLabelName: "abc", 270 }, 271 }, 272 Spec: AWSClusterRoleIdentitySpec{ 273 SourceIdentityRef: &AWSIdentityReference{ 274 Name: "another-role", 275 Kind: ClusterRoleIdentityKind, 276 }, 277 }, 278 }, 279 afterAWSClusterRoleIdentity: &AWSClusterRoleIdentity{ 280 ObjectMeta: metav1.ObjectMeta{ 281 Name: "default", 282 Labels: map[string]string{ 283 clusterv1.ClusterctlMoveHierarchyLabelName: "abc", 284 }, 285 }, 286 Spec: AWSClusterRoleIdentitySpec{ 287 SourceIdentityRef: &AWSIdentityReference{ 288 Name: "another-role", 289 Kind: ClusterRoleIdentityKind, 290 }, 291 }, 292 }, 293 }, 294 } 295 296 for _, tt := range tests { 297 t.Run(tt.name, func(t *testing.T) { 298 ctx := context.TODO() 299 awsClusterRoleIdentity := tt.beforeAWSClusterRoleIdentity.DeepCopy() 300 g.Expect(testEnv.Create(ctx, awsClusterRoleIdentity)).To(Succeed()) 301 g.Expect(len(awsClusterRoleIdentity.ObjectMeta.Labels)).To(Not(Equal(0))) 302 g.Expect(awsClusterRoleIdentity.ObjectMeta.Labels[clusterv1.ClusterctlMoveHierarchyLabelName]).To(Equal(tt.afterAWSClusterRoleIdentity.ObjectMeta.Labels[clusterv1.ClusterctlMoveHierarchyLabelName])) 303 g.Expect(testEnv.Delete(ctx, awsClusterRoleIdentity)).To(Succeed()) 304 }) 305 } 306 }