blob: 8c31768c658b3d112c1e6929d397d5b239dbe960 [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one or more
// contributor license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright ownership.
// The ASF licenses this file to You under the Apache License, Version 2.0
// (the "License"); you may not use this file except in compliance with
// the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1
import (
"context"
"testing"
"github.com/stretchr/testify/require"
corev1 "k8s.io/api/core/v1"
networkingv1 "k8s.io/api/networking/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
"sigs.k8s.io/controller-runtime/pkg/client/fake"
apisixv2 "github.com/apache/apisix-ingress-controller/api/v2"
"github.com/apache/apisix-ingress-controller/internal/controller/config"
)
func buildApisixConsumerValidator(t *testing.T, objects ...runtime.Object) *ApisixConsumerCustomValidator {
t.Helper()
scheme := runtime.NewScheme()
require.NoError(t, clientgoscheme.AddToScheme(scheme))
require.NoError(t, networkingv1.AddToScheme(scheme))
require.NoError(t, apisixv2.AddToScheme(scheme))
managed := []runtime.Object{
&networkingv1.IngressClass{
ObjectMeta: metav1.ObjectMeta{
Name: "apisix",
Annotations: map[string]string{
"ingressclass.kubernetes.io/is-default-class": "true",
},
},
Spec: networkingv1.IngressClassSpec{
Controller: config.ControllerConfig.ControllerName,
},
},
}
allObjects := append(managed, objects...)
builder := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(allObjects...)
return NewApisixConsumerCustomValidator(builder.Build())
}
func TestApisixConsumerValidator_MissingBasicAuthSecret(t *testing.T) {
consumer := &apisixv2.ApisixConsumer{
ObjectMeta: metav1.ObjectMeta{
Name: "demo",
Namespace: "default",
},
Spec: apisixv2.ApisixConsumerSpec{
IngressClassName: "apisix",
AuthParameter: apisixv2.ApisixConsumerAuthParameter{
BasicAuth: &apisixv2.ApisixConsumerBasicAuth{
SecretRef: &corev1.LocalObjectReference{Name: "basic-auth"},
},
},
},
}
validator := buildApisixConsumerValidator(t)
warnings, err := validator.ValidateCreate(context.Background(), consumer)
require.NoError(t, err)
require.Equal(t, 1, len(warnings))
require.Equal(t, "Referenced Secret 'default/basic-auth' not found", warnings[0])
}
func TestApisixConsumerValidator_MultipleSecretWarnings(t *testing.T) {
consumer := &apisixv2.ApisixConsumer{
ObjectMeta: metav1.ObjectMeta{
Name: "demo",
Namespace: "default",
},
Spec: apisixv2.ApisixConsumerSpec{
IngressClassName: "apisix",
AuthParameter: apisixv2.ApisixConsumerAuthParameter{
BasicAuth: &apisixv2.ApisixConsumerBasicAuth{
SecretRef: &corev1.LocalObjectReference{Name: "basic-auth"},
},
JwtAuth: &apisixv2.ApisixConsumerJwtAuth{
SecretRef: &corev1.LocalObjectReference{Name: "jwt-auth"},
},
HMACAuth: &apisixv2.ApisixConsumerHMACAuth{
SecretRef: &corev1.LocalObjectReference{Name: "hmac-auth"},
},
},
},
}
basicAuthSecret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "basic-auth",
Namespace: "default",
},
}
validator := buildApisixConsumerValidator(t, basicAuthSecret)
warnings, err := validator.ValidateCreate(context.Background(), consumer)
require.NoError(t, err)
require.Len(t, warnings, 2)
require.ElementsMatch(t, []string{
"Referenced Secret 'default/jwt-auth' not found",
"Referenced Secret 'default/hmac-auth' not found",
}, warnings)
}
func TestApisixConsumerValidator_NoWarningsWhenSecretsExist(t *testing.T) {
consumer := &apisixv2.ApisixConsumer{
ObjectMeta: metav1.ObjectMeta{
Name: "demo",
Namespace: "default",
},
Spec: apisixv2.ApisixConsumerSpec{
IngressClassName: "apisix",
AuthParameter: apisixv2.ApisixConsumerAuthParameter{
KeyAuth: &apisixv2.ApisixConsumerKeyAuth{
SecretRef: &corev1.LocalObjectReference{Name: "key-auth"},
},
WolfRBAC: &apisixv2.ApisixConsumerWolfRBAC{
SecretRef: &corev1.LocalObjectReference{Name: "wolf-rbac"},
},
},
},
}
secrets := []runtime.Object{
&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "key-auth", Namespace: "default"}},
&corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "wolf-rbac", Namespace: "default"}},
}
validator := buildApisixConsumerValidator(t, secrets...)
warnings, err := validator.ValidateCreate(context.Background(), consumer)
require.NoError(t, err)
require.Empty(t, warnings)
}