2016-08-16 03:04:56 +00:00
|
|
|
/*
|
|
|
|
|
Copyright 2016 The Kubernetes Authors.
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package secret
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2016-08-19 21:02:40 +00:00
|
|
|
"reflect"
|
2016-08-16 03:04:56 +00:00
|
|
|
"testing"
|
|
|
|
|
"time"
|
|
|
|
|
|
2016-11-30 07:27:27 +00:00
|
|
|
federationapi "k8s.io/kubernetes/federation/apis/federation/v1beta1"
|
|
|
|
|
fakefedclientset "k8s.io/kubernetes/federation/client/clientset_generated/federation_release_1_5/fake"
|
2016-11-05 09:08:08 +00:00
|
|
|
"k8s.io/kubernetes/federation/pkg/federation-controller/util"
|
|
|
|
|
"k8s.io/kubernetes/federation/pkg/federation-controller/util/deletionhelper"
|
2016-08-23 16:33:04 +00:00
|
|
|
. "k8s.io/kubernetes/federation/pkg/federation-controller/util/test"
|
2016-11-30 07:27:27 +00:00
|
|
|
apiv1 "k8s.io/kubernetes/pkg/api/v1"
|
2016-09-07 23:07:53 +00:00
|
|
|
kubeclientset "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_5"
|
2016-11-30 07:27:27 +00:00
|
|
|
fakekubeclientset "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_5/fake"
|
2016-08-16 03:04:56 +00:00
|
|
|
"k8s.io/kubernetes/pkg/runtime"
|
2016-11-01 22:53:46 +00:00
|
|
|
"k8s.io/kubernetes/pkg/types"
|
2016-10-03 02:44:05 +00:00
|
|
|
"k8s.io/kubernetes/pkg/util/wait"
|
2016-08-16 03:04:56 +00:00
|
|
|
|
2016-11-22 20:09:38 +00:00
|
|
|
"github.com/golang/glog"
|
2016-08-16 03:04:56 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestSecretController(t *testing.T) {
|
2016-11-30 07:27:27 +00:00
|
|
|
cluster1 := NewCluster("cluster1", apiv1.ConditionTrue)
|
|
|
|
|
cluster2 := NewCluster("cluster2", apiv1.ConditionTrue)
|
2016-08-16 03:04:56 +00:00
|
|
|
|
2016-11-30 07:27:27 +00:00
|
|
|
fakeClient := &fakefedclientset.Clientset{}
|
|
|
|
|
RegisterFakeList("clusters", &fakeClient.Fake, &federationapi.ClusterList{Items: []federationapi.Cluster{*cluster1}})
|
|
|
|
|
RegisterFakeList("secrets", &fakeClient.Fake, &apiv1.SecretList{Items: []apiv1.Secret{}})
|
2016-08-23 16:33:04 +00:00
|
|
|
secretWatch := RegisterFakeWatch("secrets", &fakeClient.Fake)
|
2016-11-05 09:08:08 +00:00
|
|
|
secretUpdateChan := RegisterFakeCopyOnUpdate("secrets", &fakeClient.Fake, secretWatch)
|
2016-08-23 16:33:04 +00:00
|
|
|
clusterWatch := RegisterFakeWatch("clusters", &fakeClient.Fake)
|
2016-08-19 22:51:41 +00:00
|
|
|
|
2016-11-30 07:27:27 +00:00
|
|
|
cluster1Client := &fakekubeclientset.Clientset{}
|
2016-08-23 16:33:04 +00:00
|
|
|
cluster1Watch := RegisterFakeWatch("secrets", &cluster1Client.Fake)
|
2016-11-30 07:27:27 +00:00
|
|
|
RegisterFakeList("secrets", &cluster1Client.Fake, &apiv1.SecretList{Items: []apiv1.Secret{}})
|
2016-08-23 16:33:04 +00:00
|
|
|
cluster1CreateChan := RegisterFakeCopyOnCreate("secrets", &cluster1Client.Fake, cluster1Watch)
|
2016-11-22 20:09:38 +00:00
|
|
|
cluster1UpdateChan := RegisterFakeCopyOnUpdate("secrets", &cluster1Client.Fake, cluster1Watch)
|
2016-08-19 22:51:41 +00:00
|
|
|
|
2016-11-30 07:27:27 +00:00
|
|
|
cluster2Client := &fakekubeclientset.Clientset{}
|
2016-08-23 16:33:04 +00:00
|
|
|
cluster2Watch := RegisterFakeWatch("secrets", &cluster2Client.Fake)
|
2016-11-30 07:27:27 +00:00
|
|
|
RegisterFakeList("secrets", &cluster2Client.Fake, &apiv1.SecretList{Items: []apiv1.Secret{}})
|
2016-08-23 16:33:04 +00:00
|
|
|
cluster2CreateChan := RegisterFakeCopyOnCreate("secrets", &cluster2Client.Fake, cluster2Watch)
|
2016-08-16 03:04:56 +00:00
|
|
|
|
|
|
|
|
secretController := NewSecretController(fakeClient)
|
2016-11-30 07:27:27 +00:00
|
|
|
informerClientFactory := func(cluster *federationapi.Cluster) (kubeclientset.Interface, error) {
|
2016-08-16 03:04:56 +00:00
|
|
|
switch cluster.Name {
|
|
|
|
|
case cluster1.Name:
|
|
|
|
|
return cluster1Client, nil
|
|
|
|
|
case cluster2.Name:
|
|
|
|
|
return cluster2Client, nil
|
|
|
|
|
default:
|
|
|
|
|
return nil, fmt.Errorf("Unknown cluster")
|
|
|
|
|
}
|
2016-11-05 09:08:08 +00:00
|
|
|
}
|
|
|
|
|
setClientFactory(secretController.secretFederatedInformer, informerClientFactory)
|
2016-08-16 03:04:56 +00:00
|
|
|
|
|
|
|
|
secretController.clusterAvailableDelay = time.Second
|
|
|
|
|
secretController.secretReviewDelay = 50 * time.Millisecond
|
|
|
|
|
secretController.smallDelay = 20 * time.Millisecond
|
|
|
|
|
secretController.updateTimeout = 5 * time.Second
|
|
|
|
|
|
|
|
|
|
stop := make(chan struct{})
|
|
|
|
|
secretController.Run(stop)
|
|
|
|
|
|
2016-11-30 07:27:27 +00:00
|
|
|
secret1 := apiv1.Secret{
|
|
|
|
|
ObjectMeta: apiv1.ObjectMeta{
|
2016-08-19 21:02:40 +00:00
|
|
|
Name: "test-secret",
|
2016-08-30 15:30:29 +00:00
|
|
|
Namespace: "ns",
|
|
|
|
|
SelfLink: "/api/v1/namespaces/ns/secrets/test-secret",
|
2016-08-16 03:04:56 +00:00
|
|
|
},
|
2016-08-19 21:02:40 +00:00
|
|
|
Data: map[string][]byte{
|
|
|
|
|
"A": []byte("ala ma kota"),
|
|
|
|
|
"B": []byte("quick brown fox"),
|
|
|
|
|
},
|
2016-11-30 07:27:27 +00:00
|
|
|
Type: apiv1.SecretTypeOpaque,
|
2016-08-16 03:04:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test add federated secret.
|
|
|
|
|
secretWatch.Add(&secret1)
|
2016-11-05 09:08:08 +00:00
|
|
|
// There should be 2 updates to add both the finalizers.
|
|
|
|
|
updatedSecret := GetSecretFromChan(secretUpdateChan)
|
|
|
|
|
assert.True(t, secretController.hasFinalizerFunc(updatedSecret, deletionhelper.FinalizerDeleteFromUnderlyingClusters))
|
|
|
|
|
updatedSecret = GetSecretFromChan(secretUpdateChan)
|
2016-11-30 07:27:27 +00:00
|
|
|
assert.True(t, secretController.hasFinalizerFunc(updatedSecret, apiv1.FinalizerOrphan))
|
2016-11-05 09:08:08 +00:00
|
|
|
secret1 = *updatedSecret
|
|
|
|
|
|
|
|
|
|
// Verify that the secret is created in underlying cluster1.
|
2016-08-16 03:04:56 +00:00
|
|
|
createdSecret := GetSecretFromChan(cluster1CreateChan)
|
|
|
|
|
assert.NotNil(t, createdSecret)
|
2016-08-19 21:02:40 +00:00
|
|
|
assert.Equal(t, secret1.Namespace, createdSecret.Namespace)
|
2016-08-16 03:04:56 +00:00
|
|
|
assert.Equal(t, secret1.Name, createdSecret.Name)
|
2016-11-05 09:08:08 +00:00
|
|
|
assert.True(t, secretsEqual(secret1, *createdSecret),
|
|
|
|
|
fmt.Sprintf("expected: %v, actual: %v", secret1, *createdSecret))
|
2016-08-16 03:04:56 +00:00
|
|
|
|
2016-10-03 02:44:05 +00:00
|
|
|
// Wait for the secret to appear in the informer store
|
|
|
|
|
err := WaitForStoreUpdate(
|
|
|
|
|
secretController.secretFederatedInformer.GetTargetStore(),
|
2016-11-01 22:53:46 +00:00
|
|
|
cluster1.Name, types.NamespacedName{Namespace: secret1.Namespace, Name: secret1.Name}.String(), wait.ForeverTestTimeout)
|
2016-10-03 02:44:05 +00:00
|
|
|
assert.Nil(t, err, "secret should have appeared in the informer store")
|
|
|
|
|
|
2016-11-22 20:09:38 +00:00
|
|
|
checkAll := func(expected apiv1.Secret) CheckingFunction {
|
|
|
|
|
return func(obj runtime.Object) error {
|
|
|
|
|
glog.V(4).Infof("Checking %v", obj)
|
|
|
|
|
s := obj.(*apiv1.Secret)
|
|
|
|
|
if err := CompareObjectMeta(expected.ObjectMeta, s.ObjectMeta); err != nil {
|
|
|
|
|
return err
|
2016-11-09 20:22:36 +00:00
|
|
|
}
|
2016-11-22 20:09:38 +00:00
|
|
|
if !reflect.DeepEqual(expected.Data, s.Data) {
|
|
|
|
|
return fmt.Errorf("Data is different expected:%v actual:%v", expected.Data, s.Data)
|
|
|
|
|
}
|
|
|
|
|
if expected.Type != s.Type {
|
|
|
|
|
return fmt.Errorf("Type is different expected:%v actual:%v", expected.Type, s.Type)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test update federated secret.
|
|
|
|
|
secret1.Annotations = map[string]string{
|
|
|
|
|
"A": "B",
|
|
|
|
|
}
|
|
|
|
|
secretWatch.Modify(&secret1)
|
|
|
|
|
err = CheckObjectFromChan(cluster1UpdateChan, checkAll(secret1))
|
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
// Wait for the secret to be updated in the informer store.
|
|
|
|
|
err = WaitForSecretStoreUpdate(
|
|
|
|
|
secretController.secretFederatedInformer.GetTargetStore(),
|
|
|
|
|
cluster1.Name, types.NamespacedName{Namespace: secret1.Namespace, Name: secret1.Name}.String(),
|
|
|
|
|
&secret1, wait.ForeverTestTimeout)
|
|
|
|
|
assert.NoError(t, err, "secret should have been updated in the informer store")
|
|
|
|
|
|
|
|
|
|
// Test update federated secret.
|
|
|
|
|
secret1.Data = map[string][]byte{
|
|
|
|
|
"config": []byte("myconfigurationfile"),
|
|
|
|
|
}
|
|
|
|
|
secretWatch.Modify(&secret1)
|
|
|
|
|
err = CheckObjectFromChan(cluster1UpdateChan, checkAll(secret1))
|
|
|
|
|
assert.NoError(t, err)
|
2016-08-23 12:42:51 +00:00
|
|
|
|
2016-08-16 03:04:56 +00:00
|
|
|
// Test add cluster
|
|
|
|
|
clusterWatch.Add(cluster2)
|
|
|
|
|
createdSecret2 := GetSecretFromChan(cluster2CreateChan)
|
|
|
|
|
assert.NotNil(t, createdSecret2)
|
|
|
|
|
assert.Equal(t, secret1.Name, createdSecret2.Name)
|
2016-08-19 21:02:40 +00:00
|
|
|
assert.Equal(t, secret1.Namespace, createdSecret2.Namespace)
|
2016-11-05 09:08:08 +00:00
|
|
|
assert.True(t, secretsEqual(secret1, *createdSecret2),
|
|
|
|
|
fmt.Sprintf("expected: %v, actual: %v", secret1, *createdSecret2))
|
2016-08-16 03:04:56 +00:00
|
|
|
|
|
|
|
|
close(stop)
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-30 07:27:27 +00:00
|
|
|
func setClientFactory(informer util.FederatedInformer, informerClientFactory func(*federationapi.Cluster) (kubeclientset.Interface, error)) {
|
2016-11-05 09:08:08 +00:00
|
|
|
testInformer := ToFederatedInformerForTestOnly(informer)
|
|
|
|
|
testInformer.SetClientFactory(informerClientFactory)
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-30 07:27:27 +00:00
|
|
|
func secretsEqual(a, b apiv1.Secret) bool {
|
2016-11-05 09:08:08 +00:00
|
|
|
// Clear the SelfLink and ObjectMeta.Finalizers since they will be different
|
|
|
|
|
// in resoure in federation control plane and resource in underlying cluster.
|
2016-08-30 15:30:29 +00:00
|
|
|
a.SelfLink = ""
|
|
|
|
|
b.SelfLink = ""
|
2016-11-05 09:08:08 +00:00
|
|
|
a.ObjectMeta.Finalizers = []string{}
|
|
|
|
|
b.ObjectMeta.Finalizers = []string{}
|
2016-08-30 15:30:29 +00:00
|
|
|
return reflect.DeepEqual(a, b)
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-30 07:27:27 +00:00
|
|
|
func GetSecretFromChan(c chan runtime.Object) *apiv1.Secret {
|
|
|
|
|
secret := GetObjectFromChan(c).(*apiv1.Secret)
|
2016-08-23 16:33:04 +00:00
|
|
|
return secret
|
2016-08-16 03:04:56 +00:00
|
|
|
}
|
2016-11-08 22:08:59 +00:00
|
|
|
|
|
|
|
|
// Wait till the store is updated with latest secret.
|
2016-11-30 07:27:27 +00:00
|
|
|
func WaitForSecretStoreUpdate(store util.FederatedReadOnlyStore, clusterName, key string, desiredSecret *apiv1.Secret, timeout time.Duration) error {
|
2016-11-22 20:09:38 +00:00
|
|
|
retryInterval := 200 * time.Millisecond
|
2016-11-08 22:08:59 +00:00
|
|
|
err := wait.PollImmediate(retryInterval, timeout, func() (bool, error) {
|
|
|
|
|
obj, found, err := store.GetByKey(clusterName, key)
|
|
|
|
|
if !found || err != nil {
|
2016-11-22 20:09:38 +00:00
|
|
|
glog.Infof("%s is not in the store", key)
|
2016-11-08 22:08:59 +00:00
|
|
|
return false, err
|
|
|
|
|
}
|
2016-11-30 07:27:27 +00:00
|
|
|
equal := secretsEqual(*obj.(*apiv1.Secret), *desiredSecret)
|
2016-11-22 20:09:38 +00:00
|
|
|
if !equal {
|
|
|
|
|
glog.Infof("wrong content in the store expected:\n%v\nactual:\n%v\n", *desiredSecret, *obj.(*apiv1.Secret))
|
|
|
|
|
}
|
2016-11-08 22:08:59 +00:00
|
|
|
return equal, err
|
|
|
|
|
})
|
|
|
|
|
return err
|
|
|
|
|
}
|
