test: Added Unit Test for GetVolumes (ProjectedVolume) with source Se…

…rviceAccountToken (#509)
virtual-kubelet · Mar 31, 2023 · fc44701 · fc44701
1 parent 8bb15cf
commit fc44701
Showing 1 changed file with 144 additions and 29 deletions.
diff --git a/pkg/provider/aci_volumes_test.go b/pkg/provider/aci_volumes_test.go
@@ -20,6 +20,7 @@ import (
  v1 "k8s.io/api/core/v1"
  errors "k8s.io/apimachinery/pkg/api/errors"
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/labels"
 )
 
 var (
@@ -550,33 +551,33 @@ func TestGetVolumesForSecretVolume(t *testing.T) {
  expectedError error
  }{
  {
- description:  "Secret is nil and returns error while Optional is set to false",
+ description: "Secret is nil and returns error while Optional is set to false",
  callSecretMocks: func(secretMock *MockSecretLister) {
  for _, volume := range fakePodVolumes {
  if volume.Name == secretVolumeName {
  mockSecretNamespaceLister := NewMockSecretNamespaceLister(mockCtrl)
  secretMock.EXPECT().Secrets(podNamespace).Return(mockSecretNamespaceLister)
- mockSecretNamespaceLister.EXPECT().Get(volume.Secret.SecretName).Return(nil, errors.NewNotFound(v1.Resource("secret"), secretName)) 
+ mockSecretNamespaceLister.EXPECT().Get(volume.Secret.SecretName).Return(nil, errors.NewNotFound(v1.Resource("secret"), secretName))
  }
  }
  },
  expectedError: fmt.Errorf("secret %s is required by Pod %s and does not exist", secretName, podName),
  },
  {
- description:  "Secret returns a valid value",
+ description: "Secret returns a valid value",
  callSecretMocks: func(secretMock *MockSecretLister) {
  for _, volume := range fakePodVolumes {
  if volume.Name == secretVolumeName {
  mockSecretNamespaceLister := NewMockSecretNamespaceLister(mockCtrl)
  secretMock.EXPECT().Secrets(podNamespace).Return(mockSecretNamespaceLister)
- mockSecretNamespaceLister.EXPECT().Get(volume.Secret.SecretName).Return(&fakeSecret, nil) 
+ mockSecretNamespaceLister.EXPECT().Get(volume.Secret.SecretName).Return(&fakeSecret, nil)
  }
  }
  },
  expectedError: nil,
  },
  }
- 
+
  for _, tc := range cases {
  t.Run(tc.description, func(t *testing.T) {
  mockSecretLister := NewMockSecretLister(mockCtrl)
@@ -592,7 +593,7 @@ func TestGetVolumesForSecretVolume(t *testing.T) {
  t.Fatal("Unable to create test provider", err)
  }
 
- volumes,err := provider.getVolumes(context.Background(), pod)
+ volumes, err := provider.getVolumes(context.Background(), pod)
 
  if tc.expectedError == nil {
  azureStorageAccountName := base64.StdEncoding.EncodeToString([]byte("azureFileStorageAccountName"))
@@ -620,7 +621,7 @@ func TestGetVolumesForConfigMapVolume(t *testing.T) {
  },
  Data: map[string]string{
  configMapName: "fake-ca-data",
- "foo": "bar",
+ "foo":  "bar",
  },
  }
 
@@ -659,38 +660,38 @@ func TestGetVolumesForConfigMapVolume(t *testing.T) {
  aciMocks := createNewACIMock()
 
  cases := []struct {
- description string
+ description  string
  callConfigMapMocks func(configMapMock *MockConfigMapLister)
- expectedError error
+ expectedError  error
  }{
  {
- description:  "ConfigMap is nil and returns error while Optional is set to false",
+ description: "ConfigMap is nil and returns error while Optional is set to false",
  callConfigMapMocks: func(configMapMock *MockConfigMapLister) {
  for _, volume := range fakePodVolumes {
  if volume.Name == configMapVolumeName {
  mockConfigMapNamespaceLister := NewMockConfigMapNamespaceLister(mockCtrl)
  configMapMock.EXPECT().ConfigMaps(podNamespace).Return(mockConfigMapNamespaceLister)
- mockConfigMapNamespaceLister.EXPECT().Get(volume.ConfigMap.Name).Return(nil, errors.NewNotFound(v1.Resource("ConfigMap"), configMapName)) 
+ mockConfigMapNamespaceLister.EXPECT().Get(volume.ConfigMap.Name).Return(nil, errors.NewNotFound(v1.Resource("ConfigMap"), configMapName))
  }
  }
  },
  expectedError: fmt.Errorf("ConfigMap %s is required by Pod %s and does not exist", configMapName, podName),
  },
  {
- description:  "ConfigMap returns a valid value",
+ description: "ConfigMap returns a valid value",
  callConfigMapMocks: func(configMapMock *MockConfigMapLister) {
  for _, volume := range fakePodVolumes {
  if volume.Name == configMapVolumeName {
  mockConfigMapNamespaceLister := NewMockConfigMapNamespaceLister(mockCtrl)
  configMapMock.EXPECT().ConfigMaps(podNamespace).Return(mockConfigMapNamespaceLister)
- mockConfigMapNamespaceLister.EXPECT().Get(volume.ConfigMap.Name).Return(&fakeConfigMap, nil) 
+ mockConfigMapNamespaceLister.EXPECT().Get(volume.ConfigMap.Name).Return(&fakeConfigMap, nil)
  }
  }
  },
  expectedError: nil,
  },
  }
- 
+
  for _, tc := range cases {
  t.Run(tc.description, func(t *testing.T) {
  mockConfigMapLister := NewMockConfigMapLister(mockCtrl)
@@ -706,7 +707,7 @@ func TestGetVolumesForConfigMapVolume(t *testing.T) {
  t.Fatal("Unable to create test provider", err)
  }
 
- volumes,err := provider.getVolumes(context.Background(), pod)
+ volumes, err := provider.getVolumes(context.Background(), pod)
 
  if tc.expectedError == nil {
  assert.NilError(t, tc.expectedError, err)
@@ -788,33 +789,33 @@ func TestGetVolumesProjectedVolSecretSource(t *testing.T) {
  expectedError error
  }{
  {
- description:  "Secret is nil and returns error while Optional is set to false",
+ description: "Secret is nil and returns error while Optional is set to false",
  callSecretMocks: func(secretMock *MockSecretLister) {
  for _, volume := range fakePodVolumes {
  if volume.Name == projectedVolumeName {
  mockSecretNamespaceLister := NewMockSecretNamespaceLister(mockCtrl)
  secretMock.EXPECT().Secrets(podNamespace).Return(mockSecretNamespaceLister)
- mockSecretNamespaceLister.EXPECT().Get(volume.Projected.Sources[0].Secret.Name).Return(nil, errors.NewNotFound(v1.Resource("secret"), secretName)) 
+ mockSecretNamespaceLister.EXPECT().Get(volume.Projected.Sources[0].Secret.Name).Return(nil, errors.NewNotFound(v1.Resource("secret"), secretName))
  }
  }
  },
  expectedError: fmt.Errorf("projected secret %s is required by pod %s and does not exist", secretName, podName),
  },
  {
- description:  "Secret returns a valid value",
+ description: "Secret returns a valid value",
  callSecretMocks: func(secretMock *MockSecretLister) {
  for _, volume := range fakePodVolumes {
  if volume.Name == projectedVolumeName {
  mockSecretNamespaceLister := NewMockSecretNamespaceLister(mockCtrl)
  secretMock.EXPECT().Secrets(podNamespace).Return(mockSecretNamespaceLister)
- mockSecretNamespaceLister.EXPECT().Get(volume.Projected.Sources[0].Secret.Name).Return(&fakeSecret, nil) 
+ mockSecretNamespaceLister.EXPECT().Get(volume.Projected.Sources[0].Secret.Name).Return(&fakeSecret, nil)
  }
  }
  },
  expectedError: nil,
  },
  }
- 
+
  for _, tc := range cases {
  t.Run(tc.description, func(t *testing.T) {
  mockSecretLister := NewMockSecretLister(mockCtrl)
@@ -830,7 +831,7 @@ func TestGetVolumesProjectedVolSecretSource(t *testing.T) {
  t.Fatal("Unable to create test provider", err)
  }
 
- volumes,err := provider.getVolumes(context.Background(), pod)
+ volumes, err := provider.getVolumes(context.Background(), pod)
 
  if tc.expectedError == nil {
  azureStorageAccountName := base64.StdEncoding.EncodeToString([]byte("azureFileStorageAccountName"))
@@ -860,7 +861,7 @@ func TestGetVolumesProjectedVolConfMapSource(t *testing.T) {
  },
  Data: map[string]string{
  configMapName: "fake-ca-data",
- "foo": "bar",
+ "foo":  "bar",
  },
  }
 
@@ -906,31 +907,31 @@ func TestGetVolumesProjectedVolConfMapSource(t *testing.T) {
  aciMocks := createNewACIMock()
 
  cases := []struct {
- description string
+ description  string
  callConfigMapMocks func(configMapMock *MockConfigMapLister)
- expectedError error
+ expectedError  error
  }{
  {
- description:  "ConfigMap is nil and returns error while Optional is set to false",
+ description: "ConfigMap is nil and returns error while Optional is set to false",
  callConfigMapMocks: func(configMapMock *MockConfigMapLister) {
  for _, volume := range fakePodVolumes {
  if volume.Name == projectedVolumeName {
  mockConfigMapNamespaceLister := NewMockConfigMapNamespaceLister(mockCtrl)
  configMapMock.EXPECT().ConfigMaps(podNamespace).Return(mockConfigMapNamespaceLister)
- mockConfigMapNamespaceLister.EXPECT().Get(volume.Projected.Sources[0].ConfigMap.Name).Return(nil, errors.NewNotFound(v1.Resource("ConfigMap"), configMapName)) 
+ mockConfigMapNamespaceLister.EXPECT().Get(volume.Projected.Sources[0].ConfigMap.Name).Return(nil, errors.NewNotFound(v1.Resource("ConfigMap"), configMapName))
  }
  }
  },
  expectedError: fmt.Errorf("projected configMap %s is required by pod %s and does not exist", configMapName, podName),
  },
  {
- description:  "ConfigMap returns a valid value",
+ description: "ConfigMap returns a valid value",
  callConfigMapMocks: func(configMapMock *MockConfigMapLister) {
  for _, volume := range fakePodVolumes {
  if volume.Name == projectedVolumeName {
  mockConfigMapNamespaceLister := NewMockConfigMapNamespaceLister(mockCtrl)
  configMapMock.EXPECT().ConfigMaps(podNamespace).Return(mockConfigMapNamespaceLister)
- mockConfigMapNamespaceLister.EXPECT().Get(volume.Projected.Sources[0].ConfigMap.Name).Return(&fakeConfigMap, nil) 
+ mockConfigMapNamespaceLister.EXPECT().Get(volume.Projected.Sources[0].ConfigMap.Name).Return(&fakeConfigMap, nil)
  }
  }
  },
@@ -953,7 +954,7 @@ func TestGetVolumesProjectedVolConfMapSource(t *testing.T) {
  t.Fatal("Unable to create test provider", err)
  }
 
- volumes,err := provider.getVolumes(context.Background(), pod)
+ volumes, err := provider.getVolumes(context.Background(), pod)
 
  if tc.expectedError == nil {
  assert.NilError(t, tc.expectedError, err)
@@ -968,3 +969,117 @@ func TestGetVolumesProjectedVolConfMapSource(t *testing.T) {
  }
 
 }
+
+func TestGetVolumesProjectedVolSvcAcctTokenSource(t *testing.T) {
+ projectedVolumeName := "ProjectedVolume"
+ secretName := "ServiceAccountToken"
+ serviceAccountName := "fake-service-account"
+ fakeVolumeSecret := "fake-volume-secret"
+
+ fakeSecret2 := v1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: secretName,
+ Namespace: podNamespace,
+ Annotations: map[string]string{
+ "kubernetes.io/service-account.name": serviceAccountName,
+ },
+ },
+ Type: v1.SecretTypeServiceAccountToken,
+ Data: map[string][]byte{
+ secretName: []byte("fake-svc-acct-token-data"),
+ },
+ }
+
+ fakeSecret1 := v1.Secret{
+ ObjectMeta: metav1.ObjectMeta{
+ Name: fakeVolumeSecret,
+ Namespace: podNamespace,
+ },
+ Data: map[string][]byte{
+ azureFileStorageAccountName: []byte("azureFileStorageAccountName"),
+ azureFileStorageAccountKey: []byte("azureFileStorageAccountKey")},
+ }
+
+ fakeSecrets := []*v1.Secret{&fakeSecret1, &fakeSecret2}
+
+ setOptional := new(bool)
+ *setOptional = false
+
+ fakePodVolumes := []v1.Volume{
+ {
+ Name: emptyVolumeName,
+ VolumeSource: v1.VolumeSource{
+ EmptyDir: &v1.EmptyDirVolumeSource{},
+ },
+ },
+ {
+ Name: projectedVolumeName,
+ VolumeSource: v1.VolumeSource{
+ Projected: &v1.ProjectedVolumeSource{
+ Sources: []v1.VolumeProjection{
+ {
+ ServiceAccountToken: &v1.ServiceAccountTokenProjection{
+ Path: serviceAccountSecretMountPath,
+ },
+ },
+ },
+ },
+ },
+ },
+ }
+
+ mockCtrl := gomock.NewController(t)
+ defer mockCtrl.Finish()
+
+ aciMocks := createNewACIMock()
+
+ cases := []struct {
+ description string
+ callSecretMocks func(secretMock *MockSecretLister)
+ expectedError error
+ }{
+ {
+ description: "GetVolumes successfully retrives ServiceAccountToken from Projected ServiceAccountToken Volume Source",
+ callSecretMocks: func(secretMock *MockSecretLister) {
+ for _, volume := range fakePodVolumes {
+ if volume.Name == projectedVolumeName {
+ mockSecretNamespaceLister := NewMockSecretNamespaceLister(mockCtrl)
+ secretMock.EXPECT().Secrets(podNamespace).Return(mockSecretNamespaceLister)
+ mockSecretNamespaceLister.EXPECT().List(labels.Everything()).Return(fakeSecrets, nil)
+ }
+ }
+ },
+ expectedError: nil,
+ },
+ }
+
+ for _, tc := range cases {
+ t.Run(tc.description, func(t *testing.T) {
+ mockSecretLister := NewMockSecretLister(mockCtrl)
+
+ pod := testsutil.CreatePodObj(podName, podNamespace)
+ tc.callSecretMocks(mockSecretLister)
+
+ pod.Spec.Volumes = fakePodVolumes
+
+ pod.Spec.ServiceAccountName = serviceAccountName
+
+ provider, err := createTestProvider(aciMocks, NewMockConfigMapLister(mockCtrl),
+ mockSecretLister, NewMockPodLister(mockCtrl))
+ if err != nil {
+ t.Fatal("Unable to create test provider", err)
+ }
+
+ volumes, err := provider.getVolumes(context.Background(), pod)
+
+ if tc.expectedError == nil {
+ fakeServiceAccountData := base64.StdEncoding.EncodeToString([]byte("fake-svc-acct-token-data"))
+ assert.NilError(t, tc.expectedError, err)
+ assert.DeepEqual(t, *volumes[1].Secret[secretName], fakeServiceAccountData)
+ } else {
+ assert.Equal(t, tc.expectedError.Error(), err.Error())
+ }
+ })
+ }
+
+}