350 lines
10 KiB
Go
350 lines
10 KiB
Go
// AI generated tests and not yet reviewed.
|
|
package application
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"slices"
|
|
"strings"
|
|
"testing"
|
|
|
|
v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1"
|
|
operatorfake "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/fake"
|
|
operatorinformers "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions"
|
|
authentikapi "goauthentik.io/api/v3"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
"k8s.io/client-go/kubernetes/fake"
|
|
"k8s.io/client-go/tools/cache"
|
|
)
|
|
|
|
func TestController_syncHandler_create(t *testing.T) {
|
|
const wantPK = "42"
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
applicationCreate: func(w http.ResponseWriter, _ *http.Request) {
|
|
writeJSON(t, w, http.StatusCreated, map[string]any{"pk": wantPK})
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, testApplication(), server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: "default", Name: "test-app"})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getApplication(t, ctrl, "default", "test-app")
|
|
if got.Status.PK != wantPK {
|
|
t.Fatalf("status.pk = %q, want %q", got.Status.PK, wantPK)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_ensureFinalizers(t *testing.T) {
|
|
app := testApplication()
|
|
app.Status.PK = "42"
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, app, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: app.Namespace, Name: app.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getApplication(t, ctrl, app.Namespace, app.Name)
|
|
if !slices.Contains(got.Finalizers, DeleteAuthentikApplicationFinalizer) {
|
|
t.Fatalf("finalizers = %v, want %q", got.Finalizers, DeleteAuthentikApplicationFinalizer)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_update(t *testing.T) {
|
|
app := testApplication()
|
|
app.Status.PK = "42"
|
|
app.Finalizers = []string{DeleteAuthentikApplicationFinalizer}
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
applicationRetrieve: func(w http.ResponseWriter, _ *http.Request) {
|
|
writeJSON(t, w, http.StatusOK, map[string]any{"pk": "42"})
|
|
},
|
|
applicationPartialUpdate: func(w http.ResponseWriter, _ *http.Request) {
|
|
writeJSON(t, w, http.StatusOK, map[string]any{"pk": "42"})
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, app, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: app.Namespace, Name: app.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getApplication(t, ctrl, app.Namespace, app.Name)
|
|
if got.Status.PK != "42" {
|
|
t.Fatalf("status.pk = %q, want 42", got.Status.PK)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_update_applicationNotFound(t *testing.T) {
|
|
app := testApplication()
|
|
app.Status.PK = "42"
|
|
app.Finalizers = []string{DeleteAuthentikApplicationFinalizer}
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
applicationRetrieve: func(w http.ResponseWriter, _ *http.Request) {
|
|
http.NotFound(w, nil)
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, app, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: app.Namespace, Name: app.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getApplication(t, ctrl, app.Namespace, app.Name)
|
|
if got.Status.PK != "" {
|
|
t.Fatalf("status.pk = %q, want empty after application not found", got.Status.PK)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_delete(t *testing.T) {
|
|
now := metav1.Now()
|
|
app := testApplication()
|
|
app.Status.PK = "42"
|
|
app.DeletionTimestamp = &now
|
|
app.Finalizers = []string{DeleteAuthentikApplicationFinalizer}
|
|
|
|
var destroyCalled bool
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
applicationDestroy: func(w http.ResponseWriter, r *http.Request) {
|
|
destroyCalled = true
|
|
if r.Method != http.MethodDelete {
|
|
t.Errorf("destroy method = %s, want DELETE", r.Method)
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, app, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: app.Namespace, Name: app.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
if !destroyCalled {
|
|
t.Fatal("expected Authentik destroy call")
|
|
}
|
|
|
|
got := getApplication(t, ctrl, app.Namespace, app.Name)
|
|
if slices.Contains(got.Finalizers, DeleteAuthentikApplicationFinalizer) {
|
|
t.Fatalf("finalizers = %v, want finalizer removed", got.Finalizers)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_delete_providerAlreadyGone(t *testing.T) {
|
|
now := metav1.Now()
|
|
app := testApplication()
|
|
app.Status.PK = "42"
|
|
app.DeletionTimestamp = &now
|
|
app.Finalizers = []string{DeleteAuthentikApplicationFinalizer}
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
applicationDestroy: func(w http.ResponseWriter, _ *http.Request) {
|
|
http.NotFound(w, nil)
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, app, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: app.Namespace, Name: app.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getApplication(t, ctrl, app.Namespace, app.Name)
|
|
if slices.Contains(got.Finalizers, DeleteAuthentikApplicationFinalizer) {
|
|
t.Fatalf("finalizers = %v, want finalizer removed after 404", got.Finalizers)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_notFound(t *testing.T) {
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, nil, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: "default", Name: "missing"})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v, want nil for missing object", err)
|
|
}
|
|
}
|
|
|
|
// --- test helpers ---
|
|
|
|
func testApplication() *v1alpha1.Application {
|
|
return &v1alpha1.Application{
|
|
TypeMeta: metav1.TypeMeta{
|
|
APIVersion: v1alpha1.SchemeGroupVersion.String(),
|
|
Kind: "Application",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "test-app",
|
|
Namespace: "default",
|
|
},
|
|
Spec: v1alpha1.ApplicationSpec{
|
|
Name: "My Application",
|
|
Slug: "my-app",
|
|
Provider: 7,
|
|
},
|
|
}
|
|
}
|
|
|
|
func newTestController(t *testing.T, app *v1alpha1.Application, authentikURL string) (*Controller, context.Context, context.CancelFunc) {
|
|
t.Helper()
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
ctrl, _, stop := newTestControllerWithContext(t, ctx, app, authentikURL)
|
|
return ctrl, ctx, func() {
|
|
cancel()
|
|
stop()
|
|
}
|
|
}
|
|
|
|
func newTestControllerWithContext(t *testing.T, ctx context.Context, app *v1alpha1.Application, authentikURL string) (*Controller, context.Context, func()) {
|
|
t.Helper()
|
|
|
|
authentikClient := newAuthentikAPIClientForTest(t, authentikURL)
|
|
|
|
var objects []runtime.Object
|
|
if app != nil {
|
|
objects = append(objects, app)
|
|
}
|
|
applicationClient := operatorfake.NewSimpleClientset(objects...)
|
|
|
|
informerFactory := operatorinformers.NewSharedInformerFactory(applicationClient, 0)
|
|
applicationInformer := informerFactory.Application().V1alpha1().Applications()
|
|
|
|
ctrl := NewController(ctx, fake.NewClientset(), applicationClient, authentikClient, applicationInformer)
|
|
|
|
informerFactory.Start(ctx.Done())
|
|
for informerType, synced := range informerFactory.WaitForCacheSync(ctx.Done()) {
|
|
if !synced {
|
|
t.Fatalf("informer %v failed to sync", informerType)
|
|
}
|
|
}
|
|
|
|
return ctrl, ctx, func() {}
|
|
}
|
|
|
|
func newAuthentikAPIClientForTest(t *testing.T, serverURL string) *authentikapi.APIClient {
|
|
t.Helper()
|
|
|
|
u, err := url.Parse(serverURL)
|
|
if err != nil {
|
|
t.Fatalf("parse server URL: %v", err)
|
|
}
|
|
|
|
cfg := authentikapi.NewConfiguration()
|
|
cfg.Scheme = u.Scheme
|
|
cfg.Host = u.Host
|
|
|
|
return authentikapi.NewAPIClient(cfg)
|
|
}
|
|
|
|
type authentikTestHandlers struct {
|
|
applicationCreate http.HandlerFunc
|
|
applicationRetrieve http.HandlerFunc
|
|
applicationPartialUpdate http.HandlerFunc
|
|
applicationDestroy http.HandlerFunc
|
|
}
|
|
|
|
func newAuthentikTestServer(t *testing.T, handlers authentikTestHandlers) *httptest.Server {
|
|
t.Helper()
|
|
|
|
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
path := r.URL.Path
|
|
|
|
switch {
|
|
case path == "/api/v3/core/applications/" && r.Method == http.MethodPost:
|
|
if handlers.applicationCreate != nil {
|
|
handlers.applicationCreate(w, r)
|
|
return
|
|
}
|
|
http.NotFound(w, r)
|
|
|
|
case strings.HasPrefix(path, "/api/v3/core/applications/") && strings.HasSuffix(path, "/"):
|
|
slugPath := strings.TrimPrefix(path, "/api/v3/core/applications/")
|
|
if slugPath == "" {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
if handlers.applicationRetrieve != nil {
|
|
handlers.applicationRetrieve(w, r)
|
|
return
|
|
}
|
|
http.NotFound(w, r)
|
|
case http.MethodPatch:
|
|
if handlers.applicationPartialUpdate != nil {
|
|
handlers.applicationPartialUpdate(w, r)
|
|
return
|
|
}
|
|
http.NotFound(w, r)
|
|
case http.MethodDelete:
|
|
if handlers.applicationDestroy != nil {
|
|
handlers.applicationDestroy(w, r)
|
|
return
|
|
}
|
|
http.NotFound(w, r)
|
|
default:
|
|
http.Error(w, "unexpected method on application instance", http.StatusMethodNotAllowed)
|
|
}
|
|
|
|
default:
|
|
http.NotFound(w, r)
|
|
}
|
|
})
|
|
|
|
return httptest.NewServer(handler)
|
|
}
|
|
|
|
func writeJSON(t *testing.T, w http.ResponseWriter, status int, body any) {
|
|
t.Helper()
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(status)
|
|
if err := json.NewEncoder(w).Encode(body); err != nil {
|
|
t.Fatalf("write JSON response: %v", err)
|
|
}
|
|
}
|
|
|
|
func getApplication(t *testing.T, ctrl *Controller, namespace, name string) *v1alpha1.Application {
|
|
t.Helper()
|
|
|
|
got, err := ctrl.applicationClientset.ApplicationV1alpha1().Applications(namespace).Get(
|
|
context.Background(), name, metav1.GetOptions{},
|
|
)
|
|
if err != nil {
|
|
t.Fatalf("get Application: %v", err)
|
|
}
|
|
return got
|
|
}
|