apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Like Prometheus, but for logs.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7420 Commits
839 Branches
309 Tags
649 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 976d8ab81c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '976d8ab81c'
${ noResults }
loki/operator/internal/handlers/lokistack_check_cert_expiry...

187 lines
5.4 KiB
Raw Blame History

package handlers
import (
"context"
"errors"
"testing"
"time"
"github.com/stretchr/testify/require"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
"k8s.io/utils/ptr"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
lokiv1 "github.com/grafana/loki/operator/api/loki/v1"
"github.com/grafana/loki/operator/internal/certrotation"
"github.com/grafana/loki/operator/internal/external/k8s/k8sfakes"
)
func TestCheckCertExpiry_WhenGetReturnsNotFound_DoesNotError(t *testing.T) {
sw := &k8sfakes.FakeStatusWriter{}
k := &k8sfakes.FakeClient{}
r := ctrl.Request{
NamespacedName: types.NamespacedName{
Name: "my-stack",
Namespace: "some-ns",
},
}
k.GetStub = func(ctx context.Context, name types.NamespacedName, object client.Object, _ ...client.GetOption) error {
return apierrors.NewNotFound(schema.GroupResource{}, "something wasn't found")
}
k.StatusStub = func() client.StatusWriter { return sw }
err := CheckCertExpiry(context.TODO(), logger, r, k, featureGates)
require.NoError(t, err)
// make sure create was NOT called because the Get failed
require.Zero(t, k.CreateCallCount())
}
func TestCheckCertExpiry_WhenGetReturnsAnErrorOtherThanNotFound_ReturnsTheError(t *testing.T) {
sw := &k8sfakes.FakeStatusWriter{}
k := &k8sfakes.FakeClient{}
r := ctrl.Request{
NamespacedName: types.NamespacedName{
Name: "my-stack",
Namespace: "some-ns",
},
}
badRequestErr := apierrors.NewBadRequest("you do not belong here")
k.GetStub = func(ctx context.Context, name types.NamespacedName, object client.Object, _ ...client.GetOption) error {
return badRequestErr
}
k.StatusStub = func() client.StatusWriter { return sw }
err := CheckCertExpiry(context.TODO(), logger, r, k, featureGates)
require.Equal(t, badRequestErr, errors.Unwrap(err))
// make sure create was NOT called because the Get failed
require.Zero(t, k.CreateCallCount())
}
func TestCheckCertExpiry_WhenGetOptionsReturnsSignerNotFound_DoesNotError(t *testing.T) {
sw := &k8sfakes.FakeStatusWriter{}
k := &k8sfakes.FakeClient{}
r := ctrl.Request{
NamespacedName: types.NamespacedName{
Name: "my-stack",
Namespace: "some-ns",
},
}
stack := lokiv1.LokiStack{
TypeMeta: metav1.TypeMeta{
Kind: "LokiStack",
},
ObjectMeta: metav1.ObjectMeta{
Name: "my-stack",
Namespace: "some-ns",
UID: "b23f9a38-9672-499f-8c29-15ede74d3ece",
},
}
k.GetStub = func(ctx context.Context, name types.NamespacedName, object client.Object, _ ...client.GetOption) error {
if name.Name == r.Name && name.Namespace == r.Namespace {
k.SetClientObject(object, &stack)
return nil
}
return apierrors.NewNotFound(schema.GroupResource{}, "something wasn't found")
}
k.StatusStub = func() client.StatusWriter { return sw }
err := CheckCertExpiry(context.TODO(), logger, r, k, featureGates)
require.NoError(t, err)
// make sure create was NOT called because the Get failed
require.Zero(t, k.CreateCallCount())
}
func TestCheckCertExpiry_WhenGetOptionsReturnsCABUndleNotFound_DoesNotError(t *testing.T) {
validNotAfter := time.Now().Add(600 * 24 * time.Hour).UTC().Format(time.RFC3339)
validNotBefore := time.Now().Add(600 * 24 * time.Hour).UTC().Format(time.RFC3339)
sw := &k8sfakes.FakeStatusWriter{}
k := &k8sfakes.FakeClient{}
r := ctrl.Request{
NamespacedName: types.NamespacedName{
Name: "my-stack",
Namespace: "some-ns",
},
}
stack := lokiv1.LokiStack{
TypeMeta: metav1.TypeMeta{
Kind: "LokiStack",
},
ObjectMeta: metav1.ObjectMeta{
Name: "my-stack",
Namespace: "some-ns",
UID: "b23f9a38-9672-499f-8c29-15ede74d3ece",
},
}
signer := corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: "my-stack-signing-ca",
Namespace: "some-ns",
Labels: map[string]string{
"app.kubernetes.io/name": "loki",
"app.kubernetes.io/provider": "openshift",
"loki.grafana.com/name": "my-stack",
// Add custom label to fake semantic not equal
"test": "test",
},
Annotations: map[string]string{
certrotation.CertificateIssuer: "dev_ns@signing-ca@10000",
certrotation.CertificateNotAfterAnnotation: validNotAfter,
certrotation.CertificateNotBeforeAnnotation: validNotBefore,
},
OwnerReferences: []metav1.OwnerReference{
{
APIVersion: "loki.grafana.com/v1",
Kind: "LokiStack",
Name: "my-stack",
UID: "b23f9a38-9672-499f-8c29-15ede74d3ece",
Controller: ptr.To(true),
BlockOwnerDeletion: ptr.To(true),
},
},
},
}
k.GetStub = func(ctx context.Context, name types.NamespacedName, object client.Object, _ ...client.GetOption) error {
if name.Name == r.Name && name.Namespace == r.Namespace {
k.SetClientObject(object, &stack)
return nil
}
if name.Name == signer.Name && name.Namespace == signer.Namespace {
k.SetClientObject(object, &signer)
return nil
}
return apierrors.NewNotFound(schema.GroupResource{}, "something wasn't found")
}
k.StatusStub = func() client.StatusWriter { return sw }
err := CheckCertExpiry(context.TODO(), logger, r, k, featureGates)
require.NoError(t, err)
// make sure create was NOT called because the Get failed
require.Zero(t, k.CreateCallCount())
}