add test

SeldonIO · Aug 23, 2023 · 3e1b1d7 · 3e1b1d7
1 parent 2b904a4
commit 3e1b1d7
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 2 deletions.
diff --git a/scheduler/pkg/kafka/config/oauth/k8s_secret.go b/scheduler/pkg/kafka/config/oauth/k8s_secret.go
@@ -41,7 +41,7 @@ type OAUTHSecretHandler struct {
 	oauthConfig OAUTHConfig
 }
 
-func NewOAUTHSecretHandler(secretName string, clientset kubernetes.Interface, namespace string, prefix string, locationSuffix string, logger log.FieldLogger) (*OAUTHSecretHandler, error) {
+func NewOAUTHSecretHandler(secretName string, clientset kubernetes.Interface, namespace string, prefix string, logger log.FieldLogger) (*OAUTHSecretHandler, error) {
 	if clientset == nil {
 		var err error
 		clientset, err = k8s.CreateClientset()

diff --git a/scheduler/pkg/kafka/config/oauth/store.go b/scheduler/pkg/kafka/config/oauth/store.go
@@ -100,7 +100,7 @@ func NewOAUTHStore(opt ...OAUTHStoreOption) (OAUTHStore, error) {
 		if !ok {
 			return nil, fmt.Errorf("Namespace env var %s not found and needed for OAUTH secret", envNamespace)
 		}
-		ps, err := NewOAUTHSecretHandler(secretName, opts.clientset, namespace, opts.prefix, opts.locationSuffix, logger)
+		ps, err := NewOAUTHSecretHandler(secretName, opts.clientset, namespace, opts.prefix, logger)
 		if err != nil {
 			return nil, err
 		}

diff --git a/scheduler/pkg/kafka/config/oauth/store_test.go b/scheduler/pkg/kafka/config/oauth/store_test.go
@@ -0,0 +1,94 @@
+/*
+Copyright 2023 Seldon Technologies Ltd.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package oauth
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/ghodss/yaml"
+
+	. "github.com/onsi/gomega"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/fake"
+)
+
+func unMarshallYamlStrict(data []byte, msg interface{}) error {
+	jsonData, err := yaml.YAMLToJSON(data)
+	if err != nil {
+		return err
+	}
+	d := json.NewDecoder(bytes.NewReader(jsonData))
+	d.DisallowUnknownFields() // So we fail if not exactly as required in schema
+	err = d.Decode(msg)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func moveStringDataToData(secret *v1.Secret) {
+	secret.Data = make(map[string][]byte)
+	for key, val := range secret.StringData {
+		secret.Data[key] = []byte(val)
+	}
+}
+
+func TestNewPasswordStoreWithSecret(t *testing.T) {
+	g := NewGomegaWithT(t)
+	secretData, err := os.ReadFile("testdata/k8s_secret.yaml")
+	g.Expect(err).To(BeNil())
+
+	secret := &v1.Secret{}
+	err = unMarshallYamlStrict(secretData, secret)
+	g.Expect(err).To(BeNil())
+
+	moveStringDataToData(secret)
+
+	prefix := "prefix"
+
+	t.Setenv(fmt.Sprintf("%s%s", prefix, envSecretSuffix), secret.Name)
+	t.Setenv(envNamespace, secret.Namespace)
+
+	clientset := fake.NewSimpleClientset(secret)
+	ps, err := NewOAUTHStore(Prefix(prefix), ClientSet(clientset))
+	g.Expect(err).To(BeNil())
+
+	oauthConfig := ps.GetOAUTHConfig()
+	g.Expect(oauthConfig.Method).To(Equal("OIDC"))
+	g.Expect(oauthConfig.ClientID).To(Equal("test-client-id"))
+	g.Expect(oauthConfig.ClientSecret).To(Equal("test-client-secret"))
+	g.Expect(oauthConfig.TokenEndpointURL).To(Equal("https://keycloak.example.com/auth/realms/example-realm/protocol/openid-connect/token"))
+	g.Expect(oauthConfig.Extensions).To(Equal("logicalCluster=logic-1234,identityPoolId=pool-1234"))
+
+	newClientID := "new-client-id"
+	secret.Data["client_id"] = []byte(newClientID)
+
+	_, err = clientset.CoreV1().Secrets(secret.Namespace).Update(context.Background(), secret, metav1.UpdateOptions{})
+	g.Expect(err).To(BeNil())
+	time.Sleep(time.Millisecond * 500)
+
+	oauthConfig = ps.GetOAUTHConfig()
+	g.Expect(oauthConfig.ClientID).To(Equal("new-client-id"))
+	ps.Stop()
+}
diff --git a/scheduler/pkg/kafka/config/oauth/testdata/k8s_secret.yaml b/scheduler/pkg/kafka/config/oauth/testdata/k8s_secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cc-oauth-test-secret
+  namespace: default
+type: Opaque
+stringData:
+  method: OIDC
+  client_id: test-client-id
+  client_secret: test-client-secret
+  token_endpoint_url: https://keycloak.example.com/auth/realms/example-realm/protocol/openid-connect/token
+  extensions: logicalCluster=logic-1234,identityPoolId=pool-1234