2022-03-22 11:03:15 -04:00
|
|
|
package gcp
|
|
|
|
|
|
|
|
|
|
import (
|
2022-05-24 04:04:42 -04:00
|
|
|
"context"
|
2022-03-25 05:55:37 -04:00
|
|
|
"encoding/json"
|
2022-03-22 11:03:15 -04:00
|
|
|
"testing"
|
|
|
|
|
|
2022-05-24 04:04:42 -04:00
|
|
|
"github.com/edgelesssys/constellation/coordinator/cloudprovider/cloudtypes"
|
2022-03-25 05:55:37 -04:00
|
|
|
"github.com/edgelesssys/constellation/coordinator/kubernetes/k8sapi/resources"
|
2022-06-07 08:52:06 -04:00
|
|
|
"github.com/edgelesssys/constellation/internal/gcpshared"
|
2022-03-22 11:03:15 -04:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
"github.com/stretchr/testify/require"
|
2022-03-25 05:55:37 -04:00
|
|
|
k8s "k8s.io/api/core/v1"
|
|
|
|
|
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
2022-03-22 11:03:15 -04:00
|
|
|
)
|
|
|
|
|
|
2022-03-25 05:55:37 -04:00
|
|
|
func TestConfigMaps(t *testing.T) {
|
2022-03-22 11:03:15 -04:00
|
|
|
testCases := map[string]struct {
|
2022-05-24 04:04:42 -04:00
|
|
|
instance cloudtypes.Instance
|
2022-04-26 10:54:05 -04:00
|
|
|
wantConfigMaps resources.ConfigMaps
|
|
|
|
|
wantErr bool
|
2022-03-22 11:03:15 -04:00
|
|
|
}{
|
2022-03-25 05:55:37 -04:00
|
|
|
"ConfigMaps works": {
|
2022-05-24 04:04:42 -04:00
|
|
|
instance: cloudtypes.Instance{ProviderID: "gce://project-id/zone/instanceName-UID-0", Name: "instanceName-UID-0"},
|
2022-04-26 10:54:05 -04:00
|
|
|
wantConfigMaps: resources.ConfigMaps{
|
2022-03-25 05:55:37 -04:00
|
|
|
&k8s.ConfigMap{
|
|
|
|
|
TypeMeta: v1.TypeMeta{
|
|
|
|
|
Kind: "ConfigMap",
|
|
|
|
|
APIVersion: "v1",
|
|
|
|
|
},
|
|
|
|
|
ObjectMeta: v1.ObjectMeta{
|
|
|
|
|
Name: "gceconf",
|
|
|
|
|
Namespace: "kube-system",
|
|
|
|
|
},
|
|
|
|
|
Data: map[string]string{
|
|
|
|
|
"gce.conf": `[global]
|
|
|
|
|
project-id = project-id
|
2022-05-24 04:04:42 -04:00
|
|
|
use-metadata-server = true
|
|
|
|
|
node-tags = constellation-UID
|
2022-03-22 11:03:15 -04:00
|
|
|
`,
|
2022-03-25 05:55:37 -04:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
2022-03-25 05:55:37 -04:00
|
|
|
"invalid providerID fails": {
|
2022-05-24 04:04:42 -04:00
|
|
|
instance: cloudtypes.Instance{ProviderID: "invalid"},
|
2022-04-26 10:54:05 -04:00
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
require := require.New(t)
|
|
|
|
|
|
2022-03-25 05:55:37 -04:00
|
|
|
cloud := CloudControllerManager{}
|
|
|
|
|
configMaps, err := cloud.ConfigMaps(tc.instance)
|
|
|
|
|
|
2022-04-26 10:54:05 -04:00
|
|
|
if tc.wantErr {
|
2022-03-25 05:55:37 -04:00
|
|
|
assert.Error(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
require.NoError(err)
|
2022-04-26 10:54:05 -04:00
|
|
|
assert.Equal(tc.wantConfigMaps, configMaps)
|
2022-03-25 05:55:37 -04:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestSecrets(t *testing.T) {
|
2022-06-07 08:52:06 -04:00
|
|
|
serviceAccountKey := gcpshared.ServiceAccountKey{
|
2022-03-25 05:55:37 -04:00
|
|
|
Type: "type",
|
|
|
|
|
ProjectID: "project-id",
|
|
|
|
|
PrivateKeyID: "private-key-id",
|
|
|
|
|
PrivateKey: "private-key",
|
|
|
|
|
ClientEmail: "client-email",
|
|
|
|
|
ClientID: "client-id",
|
|
|
|
|
AuthURI: "auth-uri",
|
|
|
|
|
TokenURI: "token-uri",
|
|
|
|
|
AuthProviderX509CertURL: "auth-provider-x509-cert-url",
|
|
|
|
|
ClientX509CertURL: "client-x509-cert-url",
|
|
|
|
|
}
|
|
|
|
|
rawKey, err := json.Marshal(serviceAccountKey)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
testCases := map[string]struct {
|
2022-05-24 04:04:42 -04:00
|
|
|
instance cloudtypes.Instance
|
2022-03-25 05:55:37 -04:00
|
|
|
cloudServiceAccountURI string
|
2022-04-26 10:54:05 -04:00
|
|
|
wantSecrets resources.Secrets
|
|
|
|
|
wantErr bool
|
2022-03-25 05:55:37 -04:00
|
|
|
}{
|
|
|
|
|
"Secrets works": {
|
|
|
|
|
cloudServiceAccountURI: "serviceaccount://gcp?type=type&project_id=project-id&private_key_id=private-key-id&private_key=private-key&client_email=client-email&client_id=client-id&auth_uri=auth-uri&token_uri=token-uri&auth_provider_x509_cert_url=auth-provider-x509-cert-url&client_x509_cert_url=client-x509-cert-url",
|
2022-04-26 10:54:05 -04:00
|
|
|
wantSecrets: resources.Secrets{
|
2022-03-25 05:55:37 -04:00
|
|
|
&k8s.Secret{
|
|
|
|
|
TypeMeta: v1.TypeMeta{
|
|
|
|
|
Kind: "Secret",
|
|
|
|
|
APIVersion: "v1",
|
|
|
|
|
},
|
|
|
|
|
ObjectMeta: v1.ObjectMeta{
|
|
|
|
|
Name: "gcekey",
|
|
|
|
|
Namespace: "kube-system",
|
|
|
|
|
},
|
|
|
|
|
Data: map[string][]byte{
|
|
|
|
|
"key.json": rawKey,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
"invalid serviceAccountKey fails": {
|
|
|
|
|
cloudServiceAccountURI: "invalid",
|
2022-04-26 10:54:05 -04:00
|
|
|
wantErr: true,
|
2022-03-25 05:55:37 -04:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
require := require.New(t)
|
2022-03-22 11:03:15 -04:00
|
|
|
|
2022-03-25 05:55:37 -04:00
|
|
|
cloud := CloudControllerManager{}
|
2022-05-24 04:04:42 -04:00
|
|
|
secrets, err := cloud.Secrets(context.Background(), tc.instance, tc.cloudServiceAccountURI)
|
2022-04-26 10:54:05 -04:00
|
|
|
if tc.wantErr {
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.Error(err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
require.NoError(err)
|
2022-04-26 10:54:05 -04:00
|
|
|
assert.Equal(tc.wantSecrets, secrets)
|
2022-03-22 11:03:15 -04:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestTrivialCCMFunctions(t *testing.T) {
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
cloud := CloudControllerManager{}
|
|
|
|
|
|
|
|
|
|
assert.NotEmpty(cloud.Image())
|
|
|
|
|
assert.NotEmpty(cloud.Path())
|
|
|
|
|
assert.NotEmpty(cloud.Name())
|
2022-03-25 05:55:37 -04:00
|
|
|
assert.NotEmpty(cloud.ExtraArgs())
|
|
|
|
|
assert.NotEmpty(cloud.Volumes())
|
|
|
|
|
assert.NotEmpty(cloud.VolumeMounts())
|
|
|
|
|
assert.NotEmpty(cloud.Env())
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.True(cloud.Supported())
|
|
|
|
|
}
|
