...

Source file src/edge-infra.dev/pkg/edge/webhooks/edge-injector/pod_injector_test.go

Documentation: edge-infra.dev/pkg/edge/webhooks/edge-injector

     1  package edgeinjector
     2  
     3  import (
     4  	"context"
     5  	"testing"
     6  
     7  	"github.com/stretchr/testify/assert"
     8  	corev1 "k8s.io/api/core/v1"
     9  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    10  
    11  	"edge-infra.dev/pkg/edge/datasync/couchdb"
    12  	"edge-infra.dev/pkg/lib/fog"
    13  )
    14  
    15  func TestInjectSecretDirect(t *testing.T) {
    16  	ctx := context.Background()
    17  	log := fog.New()
    18  	ctx = fog.IntoContext(ctx, log)
    19  	containers := []corev1.Container{
    20  		{
    21  			Name:  "nginx",
    22  			Image: "nginx:10",
    23  		},
    24  		{
    25  			Name:  "busybox",
    26  			Image: "busybox:2.1",
    27  		},
    28  		{
    29  			Name:  "podinfo",
    30  			Image: "podinfo:10.4",
    31  		},
    32  	}
    33  	pod := &corev1.Pod{
    34  		ObjectMeta: metav1.ObjectMeta{
    35  			Labels: map[string]string{
    36  				"injector.edge.ncr.com/couchdb-user":         couchdb.ReadOnlyUser,
    37  				"injector.edge.ncr.com/add-node-information": "true",
    38  				"injector.edge.ncr.com/type":                 "direct",
    39  				"injector.edge.ncr.com/node-secret":          "node-secret-1",
    40  				"injector.edge.ncr.com/couchdb-secret":       "couch-secret-1",
    41  			},
    42  			Annotations: map[string]string{
    43  				"injector.edge.ncr.com/containers": "nginx,podinfo", // labels can't contains comma
    44  			},
    45  		},
    46  		Spec: corev1.PodSpec{
    47  			InitContainers: containers,
    48  			Containers:     containers,
    49  		},
    50  	}
    51  
    52  	// CouchDB User Secret Injection
    53  	InjectSecret(ctx, pod, CouchDBSecret, map[string]string{
    54  		string(Username): couchdb.SecretUsername,
    55  		string(Password): couchdb.SecretPassword,
    56  		string(URI):      couchdb.SecretURI,
    57  	})
    58  
    59  	secretName := SecretLabelValue(pod, CouchDBSecret)
    60  
    61  	optional := false
    62  	expected := []corev1.EnvVar{
    63  		{
    64  			Name: string(Username),
    65  			ValueFrom: &corev1.EnvVarSource{
    66  				SecretKeyRef: &corev1.SecretKeySelector{
    67  					LocalObjectReference: corev1.LocalObjectReference{
    68  						Name: secretName,
    69  					},
    70  					Key:      couchdb.SecretUsername,
    71  					Optional: &optional,
    72  				},
    73  			},
    74  		},
    75  		{
    76  			Name: string(Password),
    77  			ValueFrom: &corev1.EnvVarSource{
    78  				SecretKeyRef: &corev1.SecretKeySelector{
    79  					LocalObjectReference: corev1.LocalObjectReference{
    80  						Name: secretName,
    81  					},
    82  					Key:      couchdb.SecretPassword,
    83  					Optional: &optional,
    84  				},
    85  			},
    86  		},
    87  		{
    88  			Name: string(URI),
    89  			ValueFrom: &corev1.EnvVarSource{
    90  				SecretKeyRef: &corev1.SecretKeySelector{
    91  					LocalObjectReference: corev1.LocalObjectReference{
    92  						Name: secretName,
    93  					},
    94  					Key:      couchdb.SecretURI,
    95  					Optional: &optional,
    96  				},
    97  			},
    98  		},
    99  	}
   100  
   101  	container0 := pod.Spec.Containers[0].Env
   102  	initContainer0 := pod.Spec.InitContainers[0].Env
   103  	assertEnvVars(t, container0, expected)
   104  	assertEnvVars(t, initContainer0, expected)
   105  
   106  	assert.Len(t, pod.Spec.Containers[1].Env, 0)
   107  	assert.Len(t, pod.Spec.InitContainers[1].Env, 0)
   108  
   109  	container2 := pod.Spec.Containers[2].Env
   110  	initContainer2 := pod.Spec.InitContainers[2].Env
   111  	assertEnvVars(t, container2, expected)
   112  	assertEnvVars(t, initContainer2, expected)
   113  
   114  	// Node Secret Injection
   115  	InjectSecret(ctx, pod, NodeSecret)
   116  
   117  	secretName = SecretLabelValue(pod, NodeSecret)
   118  
   119  	container0 = pod.Spec.Containers[0].Env
   120  	initContainer0 = pod.Spec.InitContainers[0].Env
   121  	assertEnvVars(t, container0, expected)
   122  	assertEnvVars(t, initContainer0, expected)
   123  
   124  	assert.Len(t, pod.Spec.Containers[1].Env, 0)
   125  	assert.Len(t, pod.Spec.InitContainers[1].Env, 0)
   126  
   127  	container2 = pod.Spec.Containers[2].Env
   128  	initContainer2 = pod.Spec.InitContainers[2].Env
   129  	assertEnvVars(t, container2, expected)
   130  	assertEnvVars(t, initContainer2, expected)
   131  
   132  	// Node Secrets uses env from
   133  	assertEnvFrom(t, pod.Spec.Containers[0].EnvFrom, []corev1.EnvFromSource{{
   134  		SecretRef: &corev1.SecretEnvSource{
   135  			LocalObjectReference: corev1.LocalObjectReference{
   136  				Name: secretName,
   137  			},
   138  		},
   139  	}})
   140  	assertEnvFrom(t, pod.Spec.InitContainers[0].EnvFrom, []corev1.EnvFromSource{{
   141  		SecretRef: &corev1.SecretEnvSource{
   142  			LocalObjectReference: corev1.LocalObjectReference{
   143  				Name: secretName,
   144  			},
   145  		},
   146  	}})
   147  
   148  	assert.Len(t, pod.Spec.Containers[1].EnvFrom, 0)
   149  	assert.Len(t, pod.Spec.InitContainers[1].EnvFrom, 0)
   150  
   151  	assertEnvFrom(t, pod.Spec.Containers[2].EnvFrom, []corev1.EnvFromSource{{
   152  		SecretRef: &corev1.SecretEnvSource{
   153  			LocalObjectReference: corev1.LocalObjectReference{
   154  				Name: secretName,
   155  			},
   156  		},
   157  	}})
   158  	assertEnvFrom(t, pod.Spec.InitContainers[2].EnvFrom, []corev1.EnvFromSource{{
   159  		SecretRef: &corev1.SecretEnvSource{
   160  			LocalObjectReference: corev1.LocalObjectReference{
   161  				Name: secretName,
   162  			},
   163  		},
   164  	}})
   165  }
   166  
   167  func assertEnvVars(t *testing.T, actual, expected []corev1.EnvVar) {
   168  outer:
   169  	for _, expectedEnv := range expected {
   170  		for _, actualEnv := range actual {
   171  			if expectedEnv.Name == actualEnv.Name {
   172  				assert.Equal(t, expectedEnv, actualEnv)
   173  				continue outer
   174  			}
   175  		}
   176  		t.Errorf("expected env variable not found: %s", expectedEnv.Name)
   177  	}
   178  }
   179  
   180  func assertEnvFrom(t *testing.T, actual, expected []corev1.EnvFromSource) {
   181  outer:
   182  	for _, expectedEnv := range expected {
   183  		for _, actualEnv := range actual {
   184  			if expectedEnv.SecretRef.Name == actualEnv.SecretRef.Name {
   185  				assert.Equal(t, expectedEnv, actualEnv)
   186  				continue outer
   187  			}
   188  		}
   189  		t.Errorf("expected env from not found: %v", expectedEnv.SecretRef)
   190  	}
   191  }
   192  

View as plain text