sigs.k8s.io/cluster-api-provider-aws@v1.5.5/api/v1beta1/awsmachinetemplate_webhook_test.go (about) 1 /* 2 Copyright 2021 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1beta1 18 19 import ( 20 "context" 21 "testing" 22 23 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 "k8s.io/utils/pointer" 25 ) 26 27 func TestAWSMachineTemplateValidateCreate(t *testing.T) { 28 tests := []struct { 29 name string 30 inputTemplate *AWSMachineTemplate 31 wantError bool 32 }{ 33 { 34 name: "don't allow providerID", 35 inputTemplate: &AWSMachineTemplate{ 36 ObjectMeta: metav1.ObjectMeta{}, 37 Spec: AWSMachineTemplateSpec{ 38 Template: AWSMachineTemplateResource{ 39 Spec: AWSMachineSpec{ 40 ProviderID: pointer.StringPtr("something"), 41 }, 42 }, 43 }, 44 }, 45 wantError: true, 46 }, 47 { 48 name: "don't allow secretARN", 49 inputTemplate: &AWSMachineTemplate{ 50 ObjectMeta: metav1.ObjectMeta{}, 51 Spec: AWSMachineTemplateSpec{ 52 Template: AWSMachineTemplateResource{ 53 Spec: AWSMachineSpec{ 54 CloudInit: CloudInit{ 55 SecretPrefix: "something", 56 }, 57 }, 58 }, 59 }, 60 }, 61 wantError: true, 62 }, 63 } 64 for _, tt := range tests { 65 t.Run(tt.name, func(t *testing.T) { 66 template := tt.inputTemplate.DeepCopy() 67 template.ObjectMeta = metav1.ObjectMeta{ 68 GenerateName: "template-", 69 Namespace: "default", 70 } 71 ctx := context.TODO() 72 if err := testEnv.Create(ctx, template); (err != nil) != tt.wantError { 73 t.Errorf("ValidateCreate() error = %v, wantErr %v", err, tt.wantError) 74 } 75 }) 76 } 77 } 78 79 func TestAWSMachineTemplateValidateUpdate(t *testing.T) { 80 tests := []struct { 81 name string 82 modifiedTemplate *AWSMachineTemplate 83 wantError bool 84 }{ 85 { 86 name: "don't allow ssm parameter store", 87 modifiedTemplate: &AWSMachineTemplate{ 88 ObjectMeta: metav1.ObjectMeta{}, 89 Spec: AWSMachineTemplateSpec{ 90 Template: AWSMachineTemplateResource{ 91 Spec: AWSMachineSpec{ 92 CloudInit: CloudInit{ 93 SecureSecretsBackend: SecretBackendSSMParameterStore, 94 }, 95 InstanceType: "test", 96 }, 97 }, 98 }, 99 }, 100 wantError: true, 101 }, 102 { 103 name: "allow secrets manager", 104 modifiedTemplate: &AWSMachineTemplate{ 105 ObjectMeta: metav1.ObjectMeta{}, 106 Spec: AWSMachineTemplateSpec{ 107 Template: AWSMachineTemplateResource{ 108 Spec: AWSMachineSpec{ 109 CloudInit: CloudInit{ 110 SecureSecretsBackend: SecretBackendSecretsManager, 111 }, 112 InstanceType: "test", 113 }, 114 }, 115 }, 116 }, 117 wantError: false, 118 }, 119 } 120 for _, tt := range tests { 121 t.Run(tt.name, func(t *testing.T) { 122 ctx := context.TODO() 123 template := &AWSMachineTemplate{ 124 ObjectMeta: metav1.ObjectMeta{ 125 GenerateName: "template-", 126 Namespace: "default", 127 }, 128 Spec: AWSMachineTemplateSpec{ 129 Template: AWSMachineTemplateResource{ 130 Spec: AWSMachineSpec{ 131 CloudInit: CloudInit{}, 132 InstanceType: "test", 133 }, 134 }, 135 }, 136 } 137 138 if err := testEnv.Create(ctx, template); err != nil { 139 t.Errorf("failed to create template: %v", err) 140 } 141 template.Spec = tt.modifiedTemplate.Spec 142 if err := testEnv.Update(ctx, template); (err != nil) != tt.wantError { 143 t.Errorf("ValidateUpdate() error = %v, wantErr %v", err, tt.wantError) 144 } 145 }, 146 ) 147 } 148 }