Unit tests

Author: lucian-tosa

controllers/operator/clustermongodbrole_controller.go

@@ -49,8 +49,6 @@ func (r *ClusterMongoDBRoleReconciler) Reconcile(ctx context.Context, request ct
 		return reconcile.Result{RequeueAfter: time.Second * util.RetryTimeSec}, nil
 	}
 
-	// res := mdbv1.RoleIsCorrectlyConfigured(role.Spec.MongoDBRole, "8.0.6")
-
 	log.Infow("ClusterMongoDBRole.Spec", "spec", role.Spec)
 
 	if !role.DeletionTimestamp.IsZero() {

controllers/operator/clustermongodbrole_controller_test.go

@@ -0,0 +1,205 @@
+package operator
+
+import (
+	"context"
+	"github.com/mongodb/mongodb-kubernetes/api/v1/mdb"
+	rolev1 "github.com/mongodb/mongodb-kubernetes/api/v1/role"
+	"github.com/mongodb/mongodb-kubernetes/controllers/operator/mock"
+	"github.com/mongodb/mongodb-kubernetes/controllers/operator/workflow"
+	"github.com/mongodb/mongodb-kubernetes/pkg/util"
+	"github.com/stretchr/testify/assert"
+	apiErrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+	"testing"
+)
+
+func TestReconcileClusterMongoDBRole(t *testing.T) {
+	ctx := context.Background()
+	role := DefaultClusterMongoDBRoleBuilder().Build()
+	reconciler, _ := defaultRoleReconciler(ctx, role)
+
+	actual, err := reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+	if err != nil {
+		return
+	}
+
+	expected, _ := workflow.OK().ReconcileResult()
+
+	assert.Nil(t, err, "there should be no error on successful reconciliation")
+	assert.Equal(t, expected, actual, "there should be a successful reconciliation if the password is a valid reference")
+}
+
+func TestEnsureFinalizer(t *testing.T) {
+	ctx := context.Background()
+	role := DefaultClusterMongoDBRoleBuilder().Build()
+	reconciler, fakeClient := defaultRoleReconciler(ctx, role)
+
+	_, err := reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+	assert.NoError(t, err)
+
+	err = fakeClient.Get(ctx, types.NamespacedName{Name: role.Name}, role)
+	assert.NoError(t, err)
+
+	assert.Contains(t, role.GetFinalizers(), util.RoleFinalizer, "the finalizer should be present")
+}
+
+func TestRoleIsRemovedWhenNoReferences(t *testing.T) {
+	ctx := context.Background()
+	role := DefaultClusterMongoDBRoleBuilder().Build()
+	reconciler, fakeClient := defaultRoleReconciler(ctx, role)
+
+	_, err := reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+	assert.NoError(t, err)
+
+	err = fakeClient.Delete(ctx, role)
+	assert.NoError(t, err)
+
+	newResult, err := reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+
+	newExpected, _ := workflow.OK().ReconcileResult()
+
+	assert.Nil(t, err, "there should be no error on successful reconciliation")
+	assert.Equal(t, newExpected, newResult, "there should be a successful reconciliation if the password is a valid reference")
+
+	err = fakeClient.Get(ctx, types.NamespacedName{Name: role.Name}, role)
+	assert.True(t, apiErrors.IsNotFound(err), "the role should not exist")
+}
+
+func TestRoleIsNotRemovedWhenReferenced(t *testing.T) {
+	ctx := context.Background()
+	role := DefaultClusterMongoDBRoleBuilder().Build()
+	reconciler, fakeClient := defaultRoleReconciler(ctx, role)
+
+	_ = fakeClient.Create(ctx, DefaultReplicaSetBuilder().
+		SetRoleRefs([]mdb.MongoDBRoleRef{
+			{
+				Name: role.Name,
+				Kind: util.ClusterMongoDBRoleKind,
+			},
+		}).
+		SetName("my-rs").Build())
+
+	// Add finalizer
+	_, err := reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+	assert.NoError(t, err)
+
+	// Delete resource, should fail since it is still referenced
+	err = fakeClient.Delete(ctx, role)
+	assert.NoError(t, err)
+
+	// Should not remove the finalizer
+	_, _ = reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+
+	err = fakeClient.Get(ctx, types.NamespacedName{Name: role.Name}, role)
+	assert.NoError(t, err, "the role should still exist")
+	assert.NotEmpty(t, role.GetFinalizers(), "the finalizer should still be present")
+}
+
+func TestRoleIsRemovedAfterRemovingReference(t *testing.T) {
+	ctx := context.Background()
+	role := DefaultClusterMongoDBRoleBuilder().Build()
+	mdbrs := DefaultReplicaSetBuilder().
+		SetRoleRefs([]mdb.MongoDBRoleRef{
+			{
+				Name: role.Name,
+				Kind: util.ClusterMongoDBRoleKind,
+			},
+		}).
+		SetName("my-rs").Build()
+	reconciler, fakeClient := defaultRoleReconciler(ctx, role)
+
+	_ = fakeClient.Create(ctx, mdbrs)
+
+	// Add finalizer
+	_, _ = reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+
+	// Delete resource, should fail since it is still referenced
+	_ = fakeClient.Delete(ctx, role)
+
+	// Should not remove the finalizer
+	_, _ = reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+
+	err := fakeClient.Get(ctx, types.NamespacedName{Name: role.Name}, role)
+	assert.NoError(t, err, "the role should still exist")
+
+	// Remove reference
+	mdbrs.Spec.Security.RoleRefs = []mdb.MongoDBRoleRef{}
+	err = fakeClient.Update(ctx, mdbrs)
+
+	// Should remove finalizer
+	_, _ = reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: types.NamespacedName{Name: role.Name}})
+
+	// Resource should be removed
+	err = fakeClient.Get(ctx, types.NamespacedName{Name: role.Name}, role)
+	assert.True(t, apiErrors.IsNotFound(err), "the role should not exist")
+
+}
+
+func defaultRoleReconciler(ctx context.Context, role *rolev1.ClusterMongoDBRole) (*ClusterMongoDBRoleReconciler, client.Client) {
+	kubeClient, omConnectionFactory := mock.NewDefaultFakeClient(role)
+	memberClusterMap := getFakeMultiClusterMap(omConnectionFactory)
+	return newClusterMongoDBRoleReconciler(ctx, kubeClient, memberClusterMap), kubeClient
+}
+
+type ClusterMongoDBRoleBuilder struct {
+	name        string
+	finalizers  []string
+	annotations map[string]string
+	mongoDBRole mdb.MongoDBRole
+}
+
+func DefaultClusterMongoDBRoleBuilder() *ClusterMongoDBRoleBuilder {
+	return &ClusterMongoDBRoleBuilder{
+		name:       "default-role",
+		finalizers: []string{},
+		mongoDBRole: mdb.MongoDBRole{
+			Role:                       "default-role",
+			AuthenticationRestrictions: nil,
+			Db:                         "admin",
+			Privileges:                 nil,
+			Roles: []mdb.InheritedRole{
+				{
+					Role: "readWrite",
+					Db:   "admin",
+				},
+			},
+		},
+		annotations: map[string]string{},
+	}
+}
+
+func (b *ClusterMongoDBRoleBuilder) SetName(name string) *ClusterMongoDBRoleBuilder {
+	b.name = name
+	return b
+}
+
+func (b *ClusterMongoDBRoleBuilder) AddFinalizer(finalizer string) *ClusterMongoDBRoleBuilder {
+	b.finalizers = append(b.finalizers, finalizer)
+	return b
+}
+
+func (b *ClusterMongoDBRoleBuilder) SetMongoDBRole(role mdb.MongoDBRole) *ClusterMongoDBRoleBuilder {
+	b.mongoDBRole = role
+	return b
+}
+
+func (b *ClusterMongoDBRoleBuilder) AddAnnotation(key, value string) *ClusterMongoDBRoleBuilder {
+	b.annotations[key] = value
+	return b
+}
+
+func (b *ClusterMongoDBRoleBuilder) Build() *rolev1.ClusterMongoDBRole {
+	return &rolev1.ClusterMongoDBRole{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        b.name,
+			Finalizers:  b.finalizers,
+			Annotations: b.annotations,
+		},
+		Spec: rolev1.ClusterMongoDBRoleSpec{
+			MongoDBRole: b.mongoDBRole,
+		},
+	}
+}

controllers/operator/common_controller_test.go

@@ -265,6 +265,115 @@ func TestReadSubjectNoCertificate(t *testing.T) {
 	assertSubjectFromFileFails(t, "testdata/certificates/just_key")
 }
 
+func TestFailWhenRoleAndRoleRefsAreConfigured(t *testing.T) {
+	ctx := context.Background()
+	customRole := mdbv1.MongoDBRole{
+		Role:                       "foo",
+		AuthenticationRestrictions: []mdbv1.AuthenticationRestriction{},
+		Db:                         "admin",
+		Roles: []mdbv1.InheritedRole{{
+			Db:   "admin",
+			Role: "readWriteAnyDatabase",
+		}},
+	}
+	roleResource := DefaultClusterMongoDBRoleBuilder().Build()
+	roleRef := mdbv1.MongoDBRoleRef{
+		Name: roleResource.Name,
+		Kind: util.ClusterMongoDBRoleKind,
+	}
+	assert.Nil(t, customRole.Privileges)
+	rs := DefaultReplicaSetBuilder().SetRoles([]mdbv1.MongoDBRole{customRole}).SetRoleRefs([]mdbv1.MongoDBRoleRef{roleRef}).Build()
+
+	kubeClient, omConnectionFactory := mock.NewDefaultFakeClient()
+	controller := NewReconcileCommonController(ctx, kubeClient)
+	mockOm, _ := prepareConnection(ctx, controller, omConnectionFactory.GetConnectionFunc, t)
+
+	result := controller.ensureRoles(ctx, rs.Spec.Security.Roles, rs.Spec.Security.RoleRefs, mockOm, kube.ObjectKeyFromApiObject(rs), &zap.SugaredLogger{})
+	assert.False(t, result.IsOK())
+	assert.Equal(t, status.PhaseFailed, result.Phase())
+
+	ac, err := mockOm.ReadAutomationConfig()
+	assert.NoError(t, err)
+	roles, ok := ac.Deployment["roles"].([]mdbv1.MongoDBRole)
+	assert.False(t, ok)
+	assert.Empty(t, roles)
+}
+
+func TestRoleRefsAreAdded(t *testing.T) {
+	ctx := context.Background()
+	roleResource := DefaultClusterMongoDBRoleBuilder().Build()
+	roleRef := mdbv1.MongoDBRoleRef{
+		Name: roleResource.Name,
+		Kind: util.ClusterMongoDBRoleKind,
+	}
+	rs := DefaultReplicaSetBuilder().SetRoleRefs([]mdbv1.MongoDBRoleRef{roleRef}).Build()
+
+	kubeClient, omConnectionFactory := mock.NewDefaultFakeClient()
+	controller := NewReconcileCommonController(ctx, kubeClient)
+	mockOm, _ := prepareConnection(ctx, controller, omConnectionFactory.GetConnectionFunc, t)
+
+	_ = kubeClient.Create(ctx, roleResource)
+
+	controller.ensureRoles(ctx, rs.Spec.Security.Roles, rs.Spec.Security.RoleRefs, mockOm, kube.ObjectKeyFromApiObject(rs), &zap.SugaredLogger{})
+
+	ac, err := mockOm.ReadAutomationConfig()
+	assert.NoError(t, err)
+	roles, ok := ac.Deployment["roles"].([]mdbv1.MongoDBRole)
+	assert.True(t, ok)
+	assert.NotNil(t, roles[0].Privileges)
+	assert.Len(t, roles, 1)
+}
+
+func TestErrorWhenRoleDoesNotExist(t *testing.T) {
+	ctx := context.Background()
+	roleResource := DefaultClusterMongoDBRoleBuilder().Build()
+	roleRef := mdbv1.MongoDBRoleRef{
+		Name: roleResource.Name,
+		Kind: "WrongMongoDBRoleReference",
+	}
+	rs := DefaultReplicaSetBuilder().SetRoleRefs([]mdbv1.MongoDBRoleRef{roleRef}).Build()
+
+	kubeClient, omConnectionFactory := mock.NewDefaultFakeClient()
+	controller := NewReconcileCommonController(ctx, kubeClient)
+	mockOm, _ := prepareConnection(ctx, controller, omConnectionFactory.GetConnectionFunc, t)
+
+	_ = kubeClient.Create(ctx, roleResource)
+
+	result := controller.ensureRoles(ctx, rs.Spec.Security.Roles, rs.Spec.Security.RoleRefs, mockOm, kube.ObjectKeyFromApiObject(rs), &zap.SugaredLogger{})
+	assert.False(t, result.IsOK())
+	assert.Equal(t, status.PhaseFailed, result.Phase())
+
+	ac, err := mockOm.ReadAutomationConfig()
+	assert.NoError(t, err)
+	roles, ok := ac.Deployment["roles"].([]mdbv1.MongoDBRole)
+	assert.False(t, ok)
+	assert.Empty(t, roles)
+}
+
+func TestErrorWhenRoleRefIsWrong(t *testing.T) {
+	ctx := context.Background()
+	roleResource := DefaultClusterMongoDBRoleBuilder().Build()
+	roleRef := mdbv1.MongoDBRoleRef{
+		Name: roleResource.Name,
+		Kind: util.ClusterMongoDBRoleKind,
+	}
+	rs := DefaultReplicaSetBuilder().SetRoleRefs([]mdbv1.MongoDBRoleRef{roleRef}).Build()
+
+	kubeClient, omConnectionFactory := mock.NewDefaultFakeClient()
+	controller := NewReconcileCommonController(ctx, kubeClient)
+	mockOm, _ := prepareConnection(ctx, controller, omConnectionFactory.GetConnectionFunc, t)
+
+	result := controller.ensureRoles(ctx, rs.Spec.Security.Roles, rs.Spec.Security.RoleRefs, mockOm, kube.ObjectKeyFromApiObject(rs), &zap.SugaredLogger{})
+	assert.False(t, result.IsOK())
+	assert.Equal(t, status.PhaseFailed, result.Phase())
+
+	ac, err := mockOm.ReadAutomationConfig()
+	assert.NoError(t, err)
+	roles, ok := ac.Deployment["roles"].([]mdbv1.MongoDBRole)
+	assert.False(t, ok)
+	assert.Empty(t, roles)
+}
+
 func TestDontSendNilPrivileges(t *testing.T) {
 	ctx := context.Background()
 	customRole := mdbv1.MongoDBRole{

controllers/operator/mongodbreplicaset_controller_test.go

@@ -1081,6 +1081,14 @@ func (b *ReplicaSetBuilder) SetRoles(roles []mdbv1.MongoDBRole) *ReplicaSetBuild
 	return b
 }
 
+func (b *ReplicaSetBuilder) SetRoleRefs(roleRefs []mdbv1.MongoDBRoleRef) *ReplicaSetBuilder {
+	if b.Spec.Security == nil {
+		b.Spec.Security = &mdbv1.Security{}
+	}
+	b.Spec.Security.RoleRefs = roleRefs
+	return b
+}
+
 func (b *ReplicaSetBuilder) EnableAuth() *ReplicaSetBuilder {
 	b.Spec.Security.Authentication.Enabled = true
 	return b

controllers/operator/mongodbuser_controller_test.go

@@ -2,6 +2,7 @@ package operator
 
 import (
 	"context"
+	apiErrors "k8s.io/apimachinery/pkg/api/errors"
 	"testing"
 	"time"
 
@@ -497,7 +498,8 @@ func TestFinalizerIsRemoved_WhenUserIsDeleted(t *testing.T) {
 	assert.Nil(t, err, "there should be no error on successful reconciliation")
 	assert.Equal(t, newExpected, newResult, "there should be a successful reconciliation if the password is a valid reference")
 
-	assert.Empty(t, user.GetFinalizers())
+	err = client.Get(ctx, kube.ObjectKey(user.Namespace, user.Name), user)
+	assert.True(t, apiErrors.IsNotFound(err), "the user should not exist")
 }
 
 // BuildAuthenticationEnabledReplicaSet returns a AutomationConfig after creating a Replica Set with a set of