1 package edgeinjector
2
3 import (
4 "context"
5 "testing"
6
7 "github.com/stretchr/testify/assert"
8 corev1 "k8s.io/api/core/v1"
9 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
10
11 "edge-infra.dev/pkg/edge/datasync/couchdb"
12 "edge-infra.dev/pkg/lib/fog"
13 )
14
15 func TestInjectSecretDirect(t *testing.T) {
16 ctx := context.Background()
17 log := fog.New()
18 ctx = fog.IntoContext(ctx, log)
19 containers := []corev1.Container{
20 {
21 Name: "nginx",
22 Image: "nginx:10",
23 },
24 {
25 Name: "busybox",
26 Image: "busybox:2.1",
27 },
28 {
29 Name: "podinfo",
30 Image: "podinfo:10.4",
31 },
32 }
33 pod := &corev1.Pod{
34 ObjectMeta: metav1.ObjectMeta{
35 Labels: map[string]string{
36 "injector.edge.ncr.com/couchdb-user": couchdb.ReadOnlyUser,
37 "injector.edge.ncr.com/add-node-information": "true",
38 "injector.edge.ncr.com/type": "direct",
39 "injector.edge.ncr.com/node-secret": "node-secret-1",
40 "injector.edge.ncr.com/couchdb-secret": "couch-secret-1",
41 },
42 Annotations: map[string]string{
43 "injector.edge.ncr.com/containers": "nginx,podinfo",
44 },
45 },
46 Spec: corev1.PodSpec{
47 InitContainers: containers,
48 Containers: containers,
49 },
50 }
51
52
53 InjectSecret(ctx, pod, CouchDBSecret, map[string]string{
54 string(Username): couchdb.SecretUsername,
55 string(Password): couchdb.SecretPassword,
56 string(URI): couchdb.SecretURI,
57 })
58
59 secretName := SecretLabelValue(pod, CouchDBSecret)
60
61 optional := false
62 expected := []corev1.EnvVar{
63 {
64 Name: string(Username),
65 ValueFrom: &corev1.EnvVarSource{
66 SecretKeyRef: &corev1.SecretKeySelector{
67 LocalObjectReference: corev1.LocalObjectReference{
68 Name: secretName,
69 },
70 Key: couchdb.SecretUsername,
71 Optional: &optional,
72 },
73 },
74 },
75 {
76 Name: string(Password),
77 ValueFrom: &corev1.EnvVarSource{
78 SecretKeyRef: &corev1.SecretKeySelector{
79 LocalObjectReference: corev1.LocalObjectReference{
80 Name: secretName,
81 },
82 Key: couchdb.SecretPassword,
83 Optional: &optional,
84 },
85 },
86 },
87 {
88 Name: string(URI),
89 ValueFrom: &corev1.EnvVarSource{
90 SecretKeyRef: &corev1.SecretKeySelector{
91 LocalObjectReference: corev1.LocalObjectReference{
92 Name: secretName,
93 },
94 Key: couchdb.SecretURI,
95 Optional: &optional,
96 },
97 },
98 },
99 }
100
101 container0 := pod.Spec.Containers[0].Env
102 initContainer0 := pod.Spec.InitContainers[0].Env
103 assertEnvVars(t, container0, expected)
104 assertEnvVars(t, initContainer0, expected)
105
106 assert.Len(t, pod.Spec.Containers[1].Env, 0)
107 assert.Len(t, pod.Spec.InitContainers[1].Env, 0)
108
109 container2 := pod.Spec.Containers[2].Env
110 initContainer2 := pod.Spec.InitContainers[2].Env
111 assertEnvVars(t, container2, expected)
112 assertEnvVars(t, initContainer2, expected)
113
114
115 InjectSecret(ctx, pod, NodeSecret)
116
117 secretName = SecretLabelValue(pod, NodeSecret)
118
119 container0 = pod.Spec.Containers[0].Env
120 initContainer0 = pod.Spec.InitContainers[0].Env
121 assertEnvVars(t, container0, expected)
122 assertEnvVars(t, initContainer0, expected)
123
124 assert.Len(t, pod.Spec.Containers[1].Env, 0)
125 assert.Len(t, pod.Spec.InitContainers[1].Env, 0)
126
127 container2 = pod.Spec.Containers[2].Env
128 initContainer2 = pod.Spec.InitContainers[2].Env
129 assertEnvVars(t, container2, expected)
130 assertEnvVars(t, initContainer2, expected)
131
132
133 assertEnvFrom(t, pod.Spec.Containers[0].EnvFrom, []corev1.EnvFromSource{{
134 SecretRef: &corev1.SecretEnvSource{
135 LocalObjectReference: corev1.LocalObjectReference{
136 Name: secretName,
137 },
138 },
139 }})
140 assertEnvFrom(t, pod.Spec.InitContainers[0].EnvFrom, []corev1.EnvFromSource{{
141 SecretRef: &corev1.SecretEnvSource{
142 LocalObjectReference: corev1.LocalObjectReference{
143 Name: secretName,
144 },
145 },
146 }})
147
148 assert.Len(t, pod.Spec.Containers[1].EnvFrom, 0)
149 assert.Len(t, pod.Spec.InitContainers[1].EnvFrom, 0)
150
151 assertEnvFrom(t, pod.Spec.Containers[2].EnvFrom, []corev1.EnvFromSource{{
152 SecretRef: &corev1.SecretEnvSource{
153 LocalObjectReference: corev1.LocalObjectReference{
154 Name: secretName,
155 },
156 },
157 }})
158 assertEnvFrom(t, pod.Spec.InitContainers[2].EnvFrom, []corev1.EnvFromSource{{
159 SecretRef: &corev1.SecretEnvSource{
160 LocalObjectReference: corev1.LocalObjectReference{
161 Name: secretName,
162 },
163 },
164 }})
165 }
166
167 func assertEnvVars(t *testing.T, actual, expected []corev1.EnvVar) {
168 outer:
169 for _, expectedEnv := range expected {
170 for _, actualEnv := range actual {
171 if expectedEnv.Name == actualEnv.Name {
172 assert.Equal(t, expectedEnv, actualEnv)
173 continue outer
174 }
175 }
176 t.Errorf("expected env variable not found: %s", expectedEnv.Name)
177 }
178 }
179
180 func assertEnvFrom(t *testing.T, actual, expected []corev1.EnvFromSource) {
181 outer:
182 for _, expectedEnv := range expected {
183 for _, actualEnv := range actual {
184 if expectedEnv.SecretRef.Name == actualEnv.SecretRef.Name {
185 assert.Equal(t, expectedEnv, actualEnv)
186 continue outer
187 }
188 }
189 t.Errorf("expected env from not found: %v", expectedEnv.SecretRef)
190 }
191 }
192
View as plain text