386 lines
11 KiB
Go
386 lines
11 KiB
Go
// AI generated tests and not yet reviewed.
|
|
package proxyprovider
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"slices"
|
|
"strings"
|
|
"testing"
|
|
|
|
v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1alpha1"
|
|
operatorfake "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/fake"
|
|
operatorinformers "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions"
|
|
authentikapi "goauthentik.io/api/v3"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
"k8s.io/client-go/kubernetes/fake"
|
|
"k8s.io/client-go/tools/cache"
|
|
)
|
|
|
|
func TestController_syncHandler_create(t *testing.T) {
|
|
const wantPK = 42
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
proxyCreate: func(w http.ResponseWriter, _ *http.Request) {
|
|
writeJSON(t, w, http.StatusCreated, map[string]any{"pk": wantPK})
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, testProxyProvider(), server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: "default", Name: "test-pp"})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getProxyProvider(t, ctrl, "default", "test-pp")
|
|
if got.Status.PK != "42" {
|
|
t.Fatalf("status.pk = %q, want 42", got.Status.PK)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_ensureFinalizers(t *testing.T) {
|
|
pp := testProxyProvider()
|
|
pp.Status.PK = "42"
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, pp, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pp.Namespace, Name: pp.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getProxyProvider(t, ctrl, pp.Namespace, pp.Name)
|
|
if !slices.Contains(got.Finalizers, DeleteAuthentikProxyProviderFinalizer) {
|
|
t.Fatalf("finalizers = %v, want %q", got.Finalizers, DeleteAuthentikProxyProviderFinalizer)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_update(t *testing.T) {
|
|
pp := testProxyProvider()
|
|
pp.Status.PK = "42"
|
|
pp.Finalizers = []string{DeleteAuthentikProxyProviderFinalizer}
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
allRetrieve: func(w http.ResponseWriter, _ *http.Request) {
|
|
writeJSON(t, w, http.StatusOK, map[string]any{"pk": 42})
|
|
},
|
|
proxyPartialUpdate: func(w http.ResponseWriter, _ *http.Request) {
|
|
writeJSON(t, w, http.StatusOK, map[string]any{"pk": 42})
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, pp, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pp.Namespace, Name: pp.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getProxyProvider(t, ctrl, pp.Namespace, pp.Name)
|
|
if got.Status.PK != "42" {
|
|
t.Fatalf("status.pk = %q, want 42", got.Status.PK)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_update_providerNotFound(t *testing.T) {
|
|
pp := testProxyProvider()
|
|
pp.Status.PK = "42"
|
|
pp.Finalizers = []string{DeleteAuthentikProxyProviderFinalizer}
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
allRetrieve: func(w http.ResponseWriter, _ *http.Request) {
|
|
http.NotFound(w, nil)
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, pp, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pp.Namespace, Name: pp.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getProxyProvider(t, ctrl, pp.Namespace, pp.Name)
|
|
if got.Status.PK != "" {
|
|
t.Fatalf("status.pk = %q, want empty after provider not found", got.Status.PK)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_delete(t *testing.T) {
|
|
now := metav1.Now()
|
|
pp := testProxyProvider()
|
|
pp.Status.PK = "42"
|
|
pp.DeletionTimestamp = &now
|
|
pp.Finalizers = []string{DeleteAuthentikProxyProviderFinalizer}
|
|
|
|
var destroyCalled bool
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
proxyDestroy: func(w http.ResponseWriter, r *http.Request) {
|
|
destroyCalled = true
|
|
if r.Method != http.MethodDelete {
|
|
t.Errorf("destroy method = %s, want DELETE", r.Method)
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, pp, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pp.Namespace, Name: pp.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
if !destroyCalled {
|
|
t.Fatal("expected Authentik destroy call")
|
|
}
|
|
|
|
got := getProxyProvider(t, ctrl, pp.Namespace, pp.Name)
|
|
if slices.Contains(got.Finalizers, DeleteAuthentikProxyProviderFinalizer) {
|
|
t.Fatalf("finalizers = %v, want finalizer removed", got.Finalizers)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_delete_providerAlreadyGone(t *testing.T) {
|
|
now := metav1.Now()
|
|
pp := testProxyProvider()
|
|
pp.Status.PK = "42"
|
|
pp.DeletionTimestamp = &now
|
|
pp.Finalizers = []string{DeleteAuthentikProxyProviderFinalizer}
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{
|
|
proxyDestroy: func(w http.ResponseWriter, _ *http.Request) {
|
|
http.NotFound(w, nil)
|
|
},
|
|
})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, pp, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pp.Namespace, Name: pp.Name})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v", err)
|
|
}
|
|
|
|
got := getProxyProvider(t, ctrl, pp.Namespace, pp.Name)
|
|
if slices.Contains(got.Finalizers, DeleteAuthentikProxyProviderFinalizer) {
|
|
t.Fatalf("finalizers = %v, want finalizer removed after 404", got.Finalizers)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_notFound(t *testing.T) {
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, nil, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: "default", Name: "missing"})
|
|
if err != nil {
|
|
t.Fatalf("syncHandler() error = %v, want nil for missing object", err)
|
|
}
|
|
}
|
|
|
|
func TestController_syncHandler_invalidPK(t *testing.T) {
|
|
pp := testProxyProvider()
|
|
pp.Status.PK = "not-a-number"
|
|
pp.Finalizers = []string{DeleteAuthentikProxyProviderFinalizer}
|
|
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, ctx, cancel := newTestController(t, pp, server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pp.Namespace, Name: pp.Name})
|
|
if err == nil {
|
|
t.Fatal("syncHandler() error = nil, want parse error")
|
|
}
|
|
if !strings.Contains(err.Error(), "error parsing PK") {
|
|
t.Fatalf("syncHandler() error = %v, want PK parse error", err)
|
|
}
|
|
}
|
|
|
|
func TestController_enqueueProxyProvider(t *testing.T) {
|
|
server := newAuthentikTestServer(t, authentikTestHandlers{})
|
|
t.Cleanup(server.Close)
|
|
|
|
ctrl, _, cancel := newTestController(t, testProxyProvider(), server.URL)
|
|
t.Cleanup(cancel)
|
|
|
|
ctrl.enqueueProxyProvider(testProxyProvider())
|
|
|
|
if ctrl.workqueue.Len() != 1 {
|
|
t.Fatalf("workqueue length = %d, want 1", ctrl.workqueue.Len())
|
|
}
|
|
}
|
|
|
|
// --- test helpers ---
|
|
|
|
func testProxyProvider() *v1alpha1.ProxyProvider {
|
|
return &v1alpha1.ProxyProvider{
|
|
TypeMeta: metav1.TypeMeta{
|
|
APIVersion: v1alpha1.SchemeGroupVersion.String(),
|
|
Kind: "ProxyProvider",
|
|
},
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: "test-pp",
|
|
Namespace: "default",
|
|
},
|
|
Spec: v1alpha1.ProxyProviderSpec{
|
|
Name: "my-app",
|
|
AuthorizationFlow: "flow-auth",
|
|
InvalidationFlow: "flow-invalidate",
|
|
ExternalHost: "https://app.example.com",
|
|
},
|
|
}
|
|
}
|
|
|
|
func newTestController(t *testing.T, pp *v1alpha1.ProxyProvider, authentikURL string) (*Controller, context.Context, context.CancelFunc) {
|
|
t.Helper()
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
ctrl, _, stop := newTestControllerWithContext(t, ctx, pp, authentikURL)
|
|
return ctrl, ctx, func() {
|
|
cancel()
|
|
stop()
|
|
}
|
|
}
|
|
|
|
func newTestControllerWithContext(t *testing.T, ctx context.Context, pp *v1alpha1.ProxyProvider, authentikURL string) (*Controller, context.Context, func()) {
|
|
t.Helper()
|
|
|
|
authentikClient := newAuthentikAPIClientForTest(t, authentikURL)
|
|
|
|
var objects []runtime.Object
|
|
if pp != nil {
|
|
objects = append(objects, pp)
|
|
}
|
|
proxyClient := operatorfake.NewSimpleClientset(objects...)
|
|
|
|
informerFactory := operatorinformers.NewSharedInformerFactory(proxyClient, 0)
|
|
proxyInformer := informerFactory.Proxyprovider().V1alpha1().ProxyProviders()
|
|
|
|
ctrl := NewController(ctx, fake.NewClientset(), proxyClient, authentikClient, proxyInformer)
|
|
|
|
informerFactory.Start(ctx.Done())
|
|
for informerType, synced := range informerFactory.WaitForCacheSync(ctx.Done()) {
|
|
if !synced {
|
|
t.Fatalf("informer %v failed to sync", informerType)
|
|
}
|
|
}
|
|
|
|
return ctrl, ctx, func() {}
|
|
}
|
|
|
|
func newAuthentikAPIClientForTest(t *testing.T, serverURL string) *authentikapi.APIClient {
|
|
t.Helper()
|
|
|
|
u, err := url.Parse(serverURL)
|
|
if err != nil {
|
|
t.Fatalf("parse server URL: %v", err)
|
|
}
|
|
|
|
cfg := authentikapi.NewConfiguration()
|
|
cfg.Scheme = u.Scheme
|
|
cfg.Host = u.Host
|
|
|
|
return authentikapi.NewAPIClient(cfg)
|
|
}
|
|
|
|
type authentikTestHandlers struct {
|
|
proxyCreate http.HandlerFunc
|
|
proxyDestroy http.HandlerFunc
|
|
proxyPartialUpdate http.HandlerFunc
|
|
allRetrieve http.HandlerFunc
|
|
}
|
|
|
|
func newAuthentikTestServer(t *testing.T, handlers authentikTestHandlers) *httptest.Server {
|
|
t.Helper()
|
|
|
|
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
path := r.URL.Path
|
|
|
|
switch {
|
|
case path == "/api/v3/providers/proxy/" && r.Method == http.MethodPost:
|
|
if handlers.proxyCreate != nil {
|
|
handlers.proxyCreate(w, r)
|
|
return
|
|
}
|
|
http.NotFound(w, r)
|
|
|
|
case strings.HasPrefix(path, "/api/v3/providers/proxy/") && strings.HasSuffix(path, "/"):
|
|
idPath := strings.TrimPrefix(path, "/api/v3/providers/proxy/")
|
|
if idPath == "" {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
switch r.Method {
|
|
case http.MethodDelete:
|
|
if handlers.proxyDestroy != nil {
|
|
handlers.proxyDestroy(w, r)
|
|
return
|
|
}
|
|
http.NotFound(w, r)
|
|
case http.MethodPatch:
|
|
if handlers.proxyPartialUpdate != nil {
|
|
handlers.proxyPartialUpdate(w, r)
|
|
return
|
|
}
|
|
http.NotFound(w, r)
|
|
default:
|
|
http.Error(w, "unexpected method on proxy instance", http.StatusMethodNotAllowed)
|
|
}
|
|
|
|
case strings.HasPrefix(path, "/api/v3/providers/all/") && strings.HasSuffix(path, "/"):
|
|
if r.Method == http.MethodGet && handlers.allRetrieve != nil {
|
|
handlers.allRetrieve(w, r)
|
|
return
|
|
}
|
|
http.NotFound(w, r)
|
|
|
|
default:
|
|
http.NotFound(w, r)
|
|
}
|
|
})
|
|
|
|
return httptest.NewServer(handler)
|
|
}
|
|
|
|
func writeJSON(t *testing.T, w http.ResponseWriter, status int, body any) {
|
|
t.Helper()
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(status)
|
|
if err := json.NewEncoder(w).Encode(body); err != nil {
|
|
t.Fatalf("write JSON response: %v", err)
|
|
}
|
|
}
|
|
|
|
func getProxyProvider(t *testing.T, ctrl *Controller, namespace, name string) *v1alpha1.ProxyProvider {
|
|
t.Helper()
|
|
|
|
got, err := ctrl.proxyProviderClientset.ProxyproviderV1alpha1().ProxyProviders(namespace).Get(
|
|
context.Background(), name, metav1.GetOptions{},
|
|
)
|
|
if err != nil {
|
|
t.Fatalf("get ProxyProvider: %v", err)
|
|
}
|
|
return got
|
|
}
|