2022-12-19 16:52:15 +01:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
|
|
|
package helm
|
|
|
|
|
|
|
|
import (
|
2023-08-24 16:40:47 +02:00
|
|
|
"errors"
|
2022-12-19 16:52:15 +01:00
|
|
|
"testing"
|
|
|
|
|
2023-08-24 16:40:47 +02:00
|
|
|
"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
|
|
|
|
"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/compatibility"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/config"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/logger"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/semver"
|
2022-12-19 16:52:15 +01:00
|
|
|
"github.com/stretchr/testify/assert"
|
2023-08-24 16:40:47 +02:00
|
|
|
"github.com/stretchr/testify/mock"
|
|
|
|
"helm.sh/helm/v3/pkg/action"
|
2022-12-19 16:52:15 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestMergeMaps(t *testing.T) {
|
|
|
|
testCases := map[string]struct {
|
|
|
|
vals map[string]any
|
|
|
|
extraVals map[string]any
|
|
|
|
expected map[string]any
|
|
|
|
}{
|
|
|
|
"equal": {
|
|
|
|
vals: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"key1": "foo",
|
|
|
|
"key2": "bar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
extraVals: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"extraKey1": "extraFoo",
|
|
|
|
"extraKey2": "extraBar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expected: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"key1": "foo",
|
|
|
|
"key2": "bar",
|
|
|
|
"extraKey1": "extraFoo",
|
|
|
|
"extraKey2": "extraBar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"missing join-service extraVals": {
|
|
|
|
vals: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"key1": "foo",
|
|
|
|
"key2": "bar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
extraVals: map[string]any{
|
|
|
|
"extraKey1": "extraFoo",
|
|
|
|
"extraKey2": "extraBar",
|
|
|
|
},
|
|
|
|
expected: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"key1": "foo",
|
|
|
|
"key2": "bar",
|
|
|
|
},
|
|
|
|
"extraKey1": "extraFoo",
|
|
|
|
"extraKey2": "extraBar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"missing join-service vals": {
|
|
|
|
vals: map[string]any{
|
|
|
|
"key1": "foo",
|
|
|
|
"key2": "bar",
|
|
|
|
},
|
|
|
|
extraVals: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"extraKey1": "extraFoo",
|
|
|
|
"extraKey2": "extraBar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expected: map[string]any{
|
|
|
|
"key1": "foo",
|
|
|
|
"key2": "bar",
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"extraKey1": "extraFoo",
|
|
|
|
"extraKey2": "extraBar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"key collision": {
|
|
|
|
vals: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"key1": "foo",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
extraVals: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"key1": "bar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expected: map[string]any{
|
|
|
|
"join-service": map[string]any{
|
|
|
|
"key1": "bar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
2023-08-02 15:49:40 +02:00
|
|
|
newVals := mergeMaps(tc.vals, tc.extraVals)
|
2022-12-19 16:52:15 +01:00
|
|
|
assert.Equal(tc.expected, newVals)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2023-08-24 16:40:47 +02:00
|
|
|
|
|
|
|
func TestHelmApply(t *testing.T) {
|
|
|
|
cliVersion := semver.NewFromInt(1, 99, 0, "")
|
|
|
|
csp := cloudprovider.AWS // using AWS since it has an additional chart: aws-load-balancer-controller
|
|
|
|
microserviceCharts := []string{
|
|
|
|
"constellation-services",
|
|
|
|
"constellation-operators",
|
|
|
|
"constellation-csi",
|
|
|
|
}
|
|
|
|
testCases := map[string]struct {
|
|
|
|
clusterMicroServiceVersion string
|
|
|
|
expectedActions []string
|
|
|
|
expectUpgrade bool
|
|
|
|
clusterCertManagerVersion *string
|
|
|
|
clusterAWSLBVersion *string
|
|
|
|
allowDestructive bool
|
|
|
|
expectError bool
|
|
|
|
}{
|
|
|
|
"CLI microservices are 1 minor version newer than cluster ones": {
|
|
|
|
clusterMicroServiceVersion: "v1.98.1",
|
|
|
|
expectedActions: microserviceCharts,
|
|
|
|
expectUpgrade: true,
|
|
|
|
},
|
|
|
|
"CLI microservices are 2 minor versions newer than cluster ones": {
|
|
|
|
clusterMicroServiceVersion: "v1.97.0",
|
|
|
|
expectedActions: []string{},
|
|
|
|
},
|
|
|
|
"cluster microservices are newer than CLI": {
|
|
|
|
clusterMicroServiceVersion: "v1.100.0",
|
|
|
|
},
|
|
|
|
"cluster and CLI microservices have the same version": {
|
|
|
|
clusterMicroServiceVersion: "v1.99.0",
|
|
|
|
expectedActions: []string{},
|
|
|
|
},
|
|
|
|
"cert-manager upgrade is ignored when denying destructive upgrades": {
|
|
|
|
clusterMicroServiceVersion: "v1.99.0",
|
|
|
|
clusterCertManagerVersion: toPtr("v1.9.0"),
|
|
|
|
allowDestructive: false,
|
|
|
|
expectError: true,
|
|
|
|
},
|
|
|
|
"both microservices and cert-manager are upgraded in destructive mode": {
|
|
|
|
clusterMicroServiceVersion: "v1.98.1",
|
|
|
|
clusterCertManagerVersion: toPtr("v1.9.0"),
|
|
|
|
expectedActions: append(microserviceCharts, "cert-manager"),
|
|
|
|
expectUpgrade: true,
|
|
|
|
allowDestructive: true,
|
|
|
|
},
|
|
|
|
"only missing aws-load-balancer-controller is installed": {
|
|
|
|
clusterMicroServiceVersion: "v1.99.0",
|
|
|
|
clusterAWSLBVersion: toPtr(""),
|
|
|
|
expectedActions: []string{"aws-load-balancer-controller"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
cfg := config.Default()
|
|
|
|
cfg.RemoveProviderAndAttestationExcept(csp)
|
2023-09-08 23:09:02 +02:00
|
|
|
cfg.MicroserviceVersion = cliVersion
|
2023-08-24 16:40:47 +02:00
|
|
|
log := logger.NewTest(t)
|
|
|
|
options := Options{
|
|
|
|
Conformance: false,
|
|
|
|
HelmWaitMode: WaitModeWait,
|
|
|
|
AllowDestructive: true,
|
|
|
|
Force: false,
|
|
|
|
}
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
2023-09-08 23:09:02 +02:00
|
|
|
lister := &releaseVersionMock{}
|
2023-08-24 16:40:47 +02:00
|
|
|
sut := Client{
|
2023-09-08 23:09:02 +02:00
|
|
|
factory: newActionFactory(nil, lister, &action.Configuration{}, log),
|
2023-08-24 16:40:47 +02:00
|
|
|
log: log,
|
|
|
|
cliVersion: cliVersion,
|
|
|
|
}
|
|
|
|
awsLbVersion := "v1.5.4" // current version
|
|
|
|
if tc.clusterAWSLBVersion != nil {
|
|
|
|
awsLbVersion = *tc.clusterAWSLBVersion
|
|
|
|
}
|
|
|
|
|
|
|
|
certManagerVersion := "v1.10.0" // current version
|
|
|
|
if tc.clusterCertManagerVersion != nil {
|
|
|
|
certManagerVersion = *tc.clusterCertManagerVersion
|
|
|
|
}
|
|
|
|
helmListVersion(lister, "cilium", "v1.12.1")
|
|
|
|
helmListVersion(lister, "cert-manager", certManagerVersion)
|
|
|
|
helmListVersion(lister, "constellation-services", tc.clusterMicroServiceVersion)
|
|
|
|
helmListVersion(lister, "constellation-operators", tc.clusterMicroServiceVersion)
|
|
|
|
helmListVersion(lister, "constellation-csi", tc.clusterMicroServiceVersion)
|
|
|
|
helmListVersion(lister, "aws-load-balancer-controller", awsLbVersion)
|
|
|
|
|
|
|
|
options.AllowDestructive = tc.allowDestructive
|
2023-09-19 13:50:00 +02:00
|
|
|
ex, includesUpgrade, err := sut.PrepareApply(cfg,
|
2023-08-24 16:40:47 +02:00
|
|
|
clusterid.File{UID: "testuid", MeasurementSalt: []byte("measurementSalt")}, options,
|
|
|
|
fakeTerraformOutput(csp), fakeServiceAccURI(csp),
|
|
|
|
uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")})
|
|
|
|
var upgradeErr *compatibility.InvalidUpgradeError
|
|
|
|
if tc.expectError {
|
|
|
|
assert.Error(t, err)
|
|
|
|
} else {
|
|
|
|
assert.True(t, err == nil || errors.As(err, &upgradeErr))
|
|
|
|
}
|
|
|
|
assert.Equal(t, tc.expectUpgrade, includesUpgrade)
|
|
|
|
chartExecutor, ok := ex.(*ChartApplyExecutor)
|
|
|
|
assert.True(t, ok)
|
|
|
|
assert.ElementsMatch(t, tc.expectedActions, getActionReleaseNames(chartExecutor.actions))
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func fakeTerraformOutput(csp cloudprovider.Provider) terraform.ApplyOutput {
|
|
|
|
switch csp {
|
|
|
|
case cloudprovider.AWS:
|
|
|
|
return terraform.ApplyOutput{}
|
|
|
|
case cloudprovider.GCP:
|
|
|
|
return terraform.ApplyOutput{GCP: &terraform.GCPApplyOutput{}}
|
|
|
|
default:
|
|
|
|
panic("invalid csp")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func getActionReleaseNames(actions []applyAction) []string {
|
|
|
|
releaseActionNames := []string{}
|
|
|
|
for _, action := range actions {
|
|
|
|
releaseActionNames = append(releaseActionNames, action.ReleaseName())
|
|
|
|
}
|
|
|
|
return releaseActionNames
|
|
|
|
}
|
|
|
|
|
2023-09-08 23:09:02 +02:00
|
|
|
func helmListVersion(l *releaseVersionMock, releaseName string, installedVersion string) {
|
2023-08-24 16:40:47 +02:00
|
|
|
if installedVersion == "" {
|
|
|
|
l.On("currentVersion", releaseName).Return(semver.Semver{}, errReleaseNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
v, _ := semver.New(installedVersion)
|
|
|
|
l.On("currentVersion", releaseName).Return(v, nil)
|
|
|
|
}
|
|
|
|
|
2023-09-08 23:09:02 +02:00
|
|
|
type releaseVersionMock struct {
|
2023-08-24 16:40:47 +02:00
|
|
|
mock.Mock
|
|
|
|
}
|
|
|
|
|
2023-09-08 23:09:02 +02:00
|
|
|
func (s *releaseVersionMock) currentVersion(release string) (semver.Semver, error) {
|
2023-08-24 16:40:47 +02:00
|
|
|
args := s.Called(release)
|
|
|
|
return args.Get(0).(semver.Semver), args.Error(1)
|
|
|
|
}
|