1 package sequel
2
3 import (
4 "fmt"
5 "testing"
6
7 iamAPI "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/iam/v1beta1"
8 sqlAPI "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/sql/v1beta1"
9 "github.com/davecgh/go-spew/spew"
10 testifyAssert "github.com/stretchr/testify/assert"
11 "gotest.tools/v3/assert"
12 v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
13 "k8s.io/apimachinery/pkg/types"
14 "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
15
16 backendv1 "edge-infra.dev/pkg/edge/apis/sequel/k8s/v1alpha2"
17 "edge-infra.dev/pkg/k8s/testing/kmp"
18 "edge-infra.dev/pkg/lib/uuid"
19 "edge-infra.dev/test/f2"
20 "edge-infra.dev/test/f2/x/ktest"
21 )
22
23 func TestCreateBuiltInUser(t *testing.T) {
24 t.Skip("TODO(pa250194_ncrvoyix): fix errors")
25 namespace := uuid.New().UUID
26 usr := mockDatabaseUser("sequelbuiltinuser", namespace, backendv1.BuiltInUserType)
27
28 sequelUser := f2.NewFeature("BuiltIn User").
29 Test("BuiltIn User reconciles", func(ctx f2.Context, t *testing.T) f2.Context {
30 k := ktest.FromContextT(ctx, t)
31 assert.NilError(t, k.Client.Create(ctx, usr))
32 k.WaitOn(t, k.Check(usr, kmp.IsReady()))
33 return ctx
34 }).
35 Test("Finalizer is added", func(ctx f2.Context, t *testing.T) f2.Context {
36 if controllerutil.ContainsFinalizer(usr, backendv1.SequelFinalizer) {
37 t.Error("finalizer not added to database user", spew.Sprintln(usr))
38 }
39 return ctx
40 }).
41 Test("CloudSQL User created", func(ctx f2.Context, t *testing.T) f2.Context {
42 k := ktest.FromContextT(ctx, t)
43 cloudSQLUsr := &sqlAPI.SQLUser{}
44 assert.NilError(t, k.Client.Get(ctx, types.NamespacedName{
45 Name: usr.Name,
46 Namespace: usr.Namespace,
47 }, cloudSQLUsr))
48 assert.Equal(t, cloudSQLUsr.Name, usr.Name)
49 assert.Equal(t, cloudSQLUsr.Namespace, usr.Namespace)
50 assert.Equal(t, cloudSQLUsr.Spec.Type, backendv1.BuiltInUserType)
51 testifyAssert.Empty(t, cloudSQLUsr)
52 return ctx
53 }).Feature()
54
55 f.Test(t, sequelUser)
56 }
57
58 func TestCreateIAMServiceAccountUser(t *testing.T) {
59 t.Skip("TODO(pa250194_ncrvoyix): fix errors")
60 namespace := uuid.New().UUID
61 usr := mockDatabaseUser("sequeliamsauser", namespace, backendv1.CloudSAUserType)
62
63 sequelUser := f2.NewFeature("IAM Service Account User").
64 Test("IAM Service Account User reconciles", func(ctx f2.Context, t *testing.T) f2.Context {
65 k := ktest.FromContextT(ctx, t)
66 assert.NilError(t, k.Client.Create(ctx, usr))
67 k.WaitOn(t, k.Check(usr, kmp.IsReady()))
68 return ctx
69 }).Test("Finalizer is added", func(ctx f2.Context, t *testing.T) f2.Context {
70 if !controllerutil.ContainsFinalizer(usr, backendv1.SequelFinalizer) {
71 t.Error("finalizer not added to database user", spew.Sprintln(usr))
72 }
73
74 return ctx
75 }).
76 Test("CloudSQL User created", func(ctx f2.Context, t *testing.T) f2.Context {
77 k := ktest.FromContextT(ctx, t)
78 cloudSQLUsr := &sqlAPI.SQLUser{}
79 assert.NilError(t, k.Client.Get(ctx, types.NamespacedName{
80 Name: usr.Name,
81 Namespace: usr.Namespace,
82 }, cloudSQLUsr))
83 assert.Equal(t, cloudSQLUsr.Name, usr.Name)
84 assert.Equal(t, cloudSQLUsr.Namespace, usr.Namespace)
85 assert.Equal(t, cloudSQLUsr.Spec.Type, backendv1.CloudSAUserType)
86 assert.Assert(t, cloudSQLUsr != nil)
87 return ctx
88 }).
89 Test("SQL Client IAM Policy Member created", func(ctx f2.Context, t *testing.T) f2.Context {
90 k := ktest.FromContextT(ctx, t)
91 iamSQLClientPerms := &iamAPI.IAMPolicyMember{}
92 assert.NilError(t, k.Client.Get(ctx, types.NamespacedName{
93 Name: fmt.Sprintf("%s-%s", usr.Name, sqlClientPrefix),
94 Namespace: usr.Namespace,
95 }, iamSQLClientPerms))
96 assert.Equal(t, iamSQLClientPerms.Spec.Role, sqlClientPerms)
97 assert.Equal(t, iamSQLClientPerms.Namespace, usr.Namespace)
98 return ctx
99 }).
100 Test("SQL Instance User IAM Policy Member created", func(ctx f2.Context, t *testing.T) f2.Context {
101 k := ktest.FromContextT(ctx, t)
102 iamSQLUserPerms := &iamAPI.IAMPolicyMember{}
103 assert.NilError(t, k.Client.Get(ctx, types.NamespacedName{
104 Name: fmt.Sprintf("%s-%s", usr.Name, sqlUserPrefix),
105 Namespace: usr.Namespace,
106 }, iamSQLUserPerms))
107 assert.Equal(t, iamSQLUserPerms.Spec.Role, instanceUserPerms)
108 assert.Equal(t, iamSQLUserPerms.Namespace, usr.Namespace)
109 return ctx
110 }).Feature()
111
112 f.Test(t, sequelUser)
113 }
114
115 func mockDatabaseUser(name, namespace, _type string) *backendv1.DatabaseUser {
116 return &backendv1.DatabaseUser{
117 TypeMeta: v1.TypeMeta{
118 APIVersion: backendv1.UserGVK.GroupVersion().String(),
119 Kind: backendv1.UserGVK.Kind,
120 },
121 ObjectMeta: v1.ObjectMeta{
122 Name: name,
123 Namespace: namespace,
124 },
125 Spec: backendv1.UserSpec{
126 Type: _type,
127 InstanceRef: backendv1.InstanceReference{
128 Name: "sequel",
129 ProjectID: "ret-dev-sequel",
130 },
131 Grants: []backendv1.Grant{
132 {
133 Schema: "public",
134 TableGrant: []backendv1.TableGrant{
135 {
136 Table: "clusters",
137 Permissions: []backendv1.Permissions{
138 {
139 Permission: "INSERT",
140 },
141 },
142 },
143 },
144 },
145 },
146 },
147 }
148 }
149
View as plain text