constellation/bootstrapper/cloudprovider/azure/ccm_test.go

package azure

import (
	"context"
	"errors"
	"testing"

	"github.com/edgelesssys/constellation/bootstrapper/internal/kubernetes/k8sapi/resources"
	"github.com/edgelesssys/constellation/internal/cloud/metadata"
	"github.com/edgelesssys/constellation/internal/versions"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	k8s "k8s.io/api/core/v1"
	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func TestSecrets(t *testing.T) {
	someErr := errors.New("some error")
	testCases := map[string]struct {
		providerID             string
		metadata               ccmMetadata
		cloudServiceAccountURI string
		wantSecrets            resources.Secrets
		wantErr                bool
	}{
		"Secrets works for scale sets": {
			providerID:             "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/scale-set-name/virtualMachines/instance-id",
			cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",
			metadata:               &ccmMetadataStub{loadBalancerName: "load-balancer-name", networkSecurityGroupName: "network-security-group-name"},
			wantSecrets: resources.Secrets{
				&k8s.Secret{
					TypeMeta: meta.TypeMeta{
						Kind:       "Secret",
						APIVersion: "v1",
					},
					ObjectMeta: meta.ObjectMeta{
						Name:      "azureconfig",
						Namespace: "kube-system",
					},
					Data: map[string][]byte{
						"azure.json": []byte(`{"cloud":"AzurePublicCloud","tenantId":"tenant-id","subscriptionId":"subscription-id","resourceGroup":"resource-group","location":"location","securityGroupName":"network-security-group-name","loadBalancerName":"load-balancer-name","loadBalancerSku":"standard","useInstanceMetadata":true,"vmType":"vmss","aadClientId":"client-id","aadClientSecret":"client-secret"}`),
					},
				},
			},
		},
		"cannot get load balancer Name": {
			providerID:             "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/scale-set-name/virtualMachines/instance-id",
			cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",
			metadata:               &ccmMetadataStub{getLoadBalancerNameErr: someErr},
			wantErr:                true,
		},
		"cannot get network security group name": {
			providerID:             "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/scale-set-name/virtualMachines/instance-id",
			cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",
			metadata:               &ccmMetadataStub{getNetworkSecurityGroupNameErr: someErr},
			wantErr:                true,
		},
		"invalid providerID fails": {
			providerID: "invalid",
			metadata:   &ccmMetadataStub{},
			wantErr:    true,
		},
		"invalid cloudServiceAccountURI fails": {
			providerID:             "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachines/instance-name",
			metadata:               &ccmMetadataStub{},
			cloudServiceAccountURI: "invalid",
			wantErr:                true,
		},
	}

	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			assert := assert.New(t)
			require := require.New(t)

			cloud := NewCloudControllerManager(tc.metadata)
			secrets, err := cloud.Secrets(context.Background(), tc.providerID, tc.cloudServiceAccountURI)
			if tc.wantErr {
				assert.Error(err)
				return
			}
			require.NoError(err)
			assert.Equal(tc.wantSecrets, secrets)
		})
	}
}

func TestTrivialCCMFunctions(t *testing.T) {
	assert := assert.New(t)
	cloud := CloudControllerManager{}

	assert.NotEmpty(cloud.Image(versions.Latest))
	assert.NotEmpty(cloud.Path())
	assert.NotEmpty(cloud.Name())
	assert.NotEmpty(cloud.ExtraArgs())
	assert.Empty(cloud.ConfigMaps(metadata.InstanceMetadata{}))
	assert.NotEmpty(cloud.Volumes())
	assert.NotEmpty(cloud.VolumeMounts())
	assert.Empty(cloud.Env())
	assert.True(cloud.Supported())
}

type ccmMetadataStub struct {
	networkSecurityGroupName string
	loadBalancerName         string

	getNetworkSecurityGroupNameErr error
	getLoadBalancerNameErr         error
}

func (c *ccmMetadataStub) GetNetworkSecurityGroupName(ctx context.Context) (string, error) {
	return c.networkSecurityGroupName, c.getNetworkSecurityGroupNameErr
}

func (c *ccmMetadataStub) GetLoadBalancerName(ctx context.Context) (string, error) {
	return c.loadBalancerName, c.getLoadBalancerNameErr
}
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`package azure`

			`import (`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`"context"`
			`"errors"`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`"testing"`

Rename coordinator to bootstrapper and rename roles 2022-06-29 09:26:29 -04:00			`"github.com/edgelesssys/constellation/bootstrapper/internal/kubernetes/k8sapi/resources"`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`"github.com/edgelesssys/constellation/internal/cloud/metadata"`
AB#2255: Fix kubeadm version incompatibility (#293) * Update image version * Introduce 'ValidK8sVersion' type. Ensures that consumers of the k8sVersion receive a valid version, without having to do their own validation. * Add testcase to check that kubeadm accepts the currently provided version. 2022-07-22 09:05:04 -04:00			`"github.com/edgelesssys/constellation/internal/versions"`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`k8s "k8s.io/api/core/v1"`
			`meta "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`)`

			`func TestSecrets(t *testing.T) {`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`someErr := errors.New("some error")`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`testCases := map[string]struct {`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`providerID string`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`metadata ccmMetadata`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`cloudServiceAccountURI string`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantSecrets resources.Secrets`
			`wantErr bool`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`}{`
Set vmType in azure cloud config Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-03-29 07:28:23 -04:00			`"Secrets works for scale sets": {`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`providerID: "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/scale-set-name/virtualMachines/instance-id",`
AB#1877 Set location in azure cloud config Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-03-29 11:31:18 -04:00			`cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`metadata: &ccmMetadataStub{loadBalancerName: "load-balancer-name", networkSecurityGroupName: "network-security-group-name"},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantSecrets: resources.Secrets{`
Set vmType in azure cloud config Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-03-29 07:28:23 -04:00			`&k8s.Secret{`
			`TypeMeta: meta.TypeMeta{`
			`Kind: "Secret",`
			`APIVersion: "v1",`
			`},`
			`ObjectMeta: meta.ObjectMeta{`
			`Name: "azureconfig",`
			`Namespace: "kube-system",`
			`},`
			`Data: map[string][]byte{`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			"azure.json": []byte(`{"cloud":"AzurePublicCloud","tenantId":"tenant-id","subscriptionId":"subscription-id","resourceGroup":"resource-group","location":"location","securityGroupName":"network-security-group-name","loadBalancerName":"load-balancer-name","loadBalancerSku":"standard","useInstanceMetadata":true,"vmType":"vmss","aadClientId":"client-id","aadClientSecret":"client-secret"}`),
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`},`
			`},`
			`},`
			`},`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`"cannot get load balancer Name": {`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`providerID: "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/scale-set-name/virtualMachines/instance-id",`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",`
			`metadata: &ccmMetadataStub{getLoadBalancerNameErr: someErr},`
			`wantErr: true,`
			`},`
			`"cannot get network security group name": {`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`providerID: "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachineScaleSets/scale-set-name/virtualMachines/instance-id",`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`cloudServiceAccountURI: "serviceaccount://azure?tenant_id=tenant-id&client_id=client-id&client_secret=client-secret&location=location",`
			`metadata: &ccmMetadataStub{getNetworkSecurityGroupNameErr: someErr},`
			`wantErr: true,`
			`},`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`"invalid providerID fails": {`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`providerID: "invalid",`
			`metadata: &ccmMetadataStub{},`
			`wantErr: true,`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`},`
			`"invalid cloudServiceAccountURI fails": {`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`providerID: "azure:///subscriptions/subscription-id/resourceGroups/resource-group/providers/Microsoft.Compute/virtualMachines/instance-name",`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`metadata: &ccmMetadataStub{},`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`cloudServiceAccountURI: "invalid",`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantErr: true,`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`},`
			`}`

			`for name, tc := range testCases {`
			`t.Run(name, func(t *testing.T) {`
			`assert := assert.New(t)`
			`require := require.New(t)`

replace flannel with cilium 2022-05-24 04:04:42 -04:00			`cloud := NewCloudControllerManager(tc.metadata)`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`secrets, err := cloud.Secrets(context.Background(), tc.providerID, tc.cloudServiceAccountURI)`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`if tc.wantErr {`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`assert.Error(err)`
			`return`
			`}`
			`require.NoError(err)`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`assert.Equal(tc.wantSecrets, secrets)`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`})`
			`}`
			`}`

			`func TestTrivialCCMFunctions(t *testing.T) {`
			`assert := assert.New(t)`
			`cloud := CloudControllerManager{}`

AB#2255: Fix kubeadm version incompatibility (#293) * Update image version * Introduce 'ValidK8sVersion' type. Ensures that consumers of the k8sVersion receive a valid version, without having to do their own validation. * Add testcase to check that kubeadm accepts the currently provided version. 2022-07-22 09:05:04 -04:00			`assert.NotEmpty(cloud.Image(versions.Latest))`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`assert.NotEmpty(cloud.Path())`
			`assert.NotEmpty(cloud.Name())`
			`assert.NotEmpty(cloud.ExtraArgs())`
Refactor provider metadata 2022-06-28 10:08:05 -04:00			`assert.Empty(cloud.ConfigMaps(metadata.InstanceMetadata{}))`
Cloud provider Azure: adopt changes to CCM / CNM for Azure 2022-03-28 06:24:41 -04:00			`assert.NotEmpty(cloud.Volumes())`
			`assert.NotEmpty(cloud.VolumeMounts())`
			`assert.Empty(cloud.Env())`
			`assert.True(cloud.Supported())`
			`}`
replace flannel with cilium 2022-05-24 04:04:42 -04:00
			`type ccmMetadataStub struct {`
			`networkSecurityGroupName string`
			`loadBalancerName string`

			`getNetworkSecurityGroupNameErr error`
			`getLoadBalancerNameErr error`
			`}`

			`func (c *ccmMetadataStub) GetNetworkSecurityGroupName(ctx context.Context) (string, error) {`
			`return c.networkSecurityGroupName, c.getNetworkSecurityGroupNameErr`
			`}`

			`func (c *ccmMetadataStub) GetLoadBalancerName(ctx context.Context) (string, error) {`
			`return c.loadBalancerName, c.getLoadBalancerNameErr`
			`}`