add more tests

Author: CodingWizKid

cmd/main.go

@@ -5,6 +5,7 @@ import (
 	"os"
 
 	"github.com/cert-manager/cert-manager/pkg/acme/webhook/cmd"
+	"github.com/stackitcloud/stackit-cert-manager-webhook/internal/repository"
 	"github.com/stackitcloud/stackit-cert-manager-webhook/internal/resolver"
 	_ "go.uber.org/automaxprocs"
 )
@@ -22,7 +23,14 @@ func main() {
 	// You can register multiple DNS provider implementations with a single
 	// webhook, where the Name() method will be used to disambiguate between
 	// the different implementations.
-	cmd.RunWebhookServer(GroupName,
-		resolver.NewResolver(&http.Client{}),
+	cmd.RunWebhookServer(
+		GroupName,
+		resolver.NewResolver(
+			&http.Client{},
+			repository.NewZoneRepositoryFactory(),
+			repository.NewRRSetRepositoryFactory(),
+			resolver.NewSecretFetcher(),
+			resolver.NewConfigProvider(),
+		),
 	)
 }

internal/resolver/config.go

@@ -14,7 +14,9 @@ type ConfigProvider interface {
 	LoadConfig(cfgJSON *extapi.JSON) (StackitDnsProviderConfig, error)
 }
 
-type defaultConfigProvider struct{}
+type defaultConfigProvider struct {
+	fileNamespaceName string
+}
 
 type StackitDnsProviderConfig struct {
 	ProjectId                string `json:"projectId"`
@@ -41,7 +43,7 @@ func (d defaultConfigProvider) LoadConfig(cfgJSON *extapi.JSON) (StackitDnsProvi
 
 	setDefaultValues(&cfg)
 
-	namespace, err := determineNamespace(cfg.AuthTokenSecretNamespace)
+	namespace, err := determineNamespace(cfg.AuthTokenSecretNamespace, d.fileNamespaceName)
 	if err != nil {
 		return cfg, err
 	}
@@ -78,12 +80,12 @@ func setDefaultValues(cfg *StackitDnsProviderConfig) {
 	}
 }
 
-func determineNamespace(currentNamespace string) (string, error) {
+func determineNamespace(currentNamespace string, fileNamespaceName string) (string, error) {
 	if currentNamespace != "" {
 		return currentNamespace, nil
 	}
 
-	data, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
+	data, err := os.ReadFile(fileNamespaceName)
 	if err != nil {
 		return "", fmt.Errorf("failed to find the webhook pod namespace: %w", err)
 	}
@@ -95,3 +97,9 @@ func determineNamespace(currentNamespace string) (string, error) {
 
 	return namespace, nil
 }
+
+func NewConfigProvider() ConfigProvider {
+	return defaultConfigProvider{
+		fileNamespaceName: "/var/run/secrets/kubernetes.io/serviceaccount/namespace",
+	}
+}

internal/resolver/config_test.go

@@ -0,0 +1,136 @@
+package resolver
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"go.uber.org/mock/gomock"
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+)
+
+func TestLoadConfig(t *testing.T) {
+	t.Parallel()
+	ctrl := gomock.NewController(t)
+	t.Cleanup(ctrl.Finish)
+
+	d := defaultConfigProvider{}
+
+	t.Run("nil cfgJSON", func(t *testing.T) {
+		t.Parallel()
+
+		cfg, err := d.LoadConfig(nil)
+		assert.Error(t, err)
+		assert.Equal(t, "no configProvider provided", err.Error())
+		assert.Equal(t, StackitDnsProviderConfig{}, cfg)
+	})
+
+	t.Run("valid cfgJSON", func(t *testing.T) {
+		t.Parallel()
+
+		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test", "authTokenSecretNamespace": "test"}`)}
+
+		cfg, err := d.LoadConfig(rawCfg)
+		assert.NoError(t, err)
+		assert.Equal(t, "test", cfg.ProjectId)
+	})
+
+	t.Run("not parsable cfgJSON", func(t *testing.T) {
+		t.Parallel()
+
+		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":}`)}
+		cfg, err := d.LoadConfig(rawCfg)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "error decoding solver configProvider")
+		assert.Equal(t, StackitDnsProviderConfig{}, cfg)
+	})
+
+	t.Run("invalid cfgJSON", func(t *testing.T) {
+		t.Parallel()
+
+		rawCfg := &v1.JSON{Raw: []byte(`{"projectId": ""}`)}
+		cfg, err := d.LoadConfig(rawCfg)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "projectId must be specified")
+		assert.Equal(t, StackitDnsProviderConfig{}, cfg)
+	})
+
+	t.Run("missing projectId", func(t *testing.T) {
+		t.Parallel()
+
+		rawCfg := &v1.JSON{Raw: []byte(`{}`)}
+		cfg, err := d.LoadConfig(rawCfg)
+		assert.Error(t, err)
+		assert.Equal(t, "projectId must be specified", err.Error())
+		assert.Equal(t, StackitDnsProviderConfig{}, cfg)
+	})
+
+	t.Run("default values set", func(t *testing.T) {
+		t.Parallel()
+
+		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test", "authTokenSecretNamespace": "test"}`)} // Only projectId provided
+		cfg, err := d.LoadConfig(rawCfg)
+		assert.NoError(t, err)
+		assert.Equal(t, "test", cfg.ProjectId)
+		assert.Equal(t, "https://dns.api.stackit.cloud", cfg.ApiBasePath)
+		assert.Equal(t, "stackit-cert-manager-webhook", cfg.AuthTokenSecretRef)
+		assert.Equal(t, "auth-token", cfg.AuthTokenSecretKey)
+	})
+}
+
+func TestDefaultConfigProvider_LoadConfigNamespaceFile(t *testing.T) {
+	t.Parallel()
+
+	ctrl := gomock.NewController(t)
+	t.Cleanup(ctrl.Finish)
+
+	d := defaultConfigProvider{}
+
+	t.Run("determine namespace from file", func(t *testing.T) {
+		t.Parallel()
+
+		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test"}`)}
+
+		f, err := os.CreateTemp("", "example")
+		assert.NoError(t, err)
+		defer os.Remove(f.Name())
+		_, err = f.Write([]byte("test-namespace"))
+		assert.NoError(t, err)
+		err = f.Close()
+		assert.NoError(t, err)
+
+		dcp := defaultConfigProvider{fileNamespaceName: f.Name()}
+		cfg, err := dcp.LoadConfig(rawCfg)
+		assert.NoError(t, err)
+		assert.Equal(t, "test-namespace", cfg.AuthTokenSecretNamespace)
+	})
+
+	t.Run("fail determine namespace from file, no content", func(t *testing.T) {
+		t.Parallel()
+
+		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test"}`)}
+
+		f, err := os.CreateTemp("", "example")
+		assert.NoError(t, err)
+		defer os.Remove(f.Name())
+		_, err = f.Write([]byte(""))
+		assert.NoError(t, err)
+		err = f.Close()
+		assert.NoError(t, err)
+
+		dcp := defaultConfigProvider{fileNamespaceName: f.Name()}
+		_, err = dcp.LoadConfig(rawCfg)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "invalid webhook pod namespace provided")
+	})
+
+	t.Run("fail to determine namespace from file", func(t *testing.T) {
+		t.Parallel()
+
+		rawCfg := &v1.JSON{Raw: []byte(`{"projectId":"test"}`)}
+
+		_, err := d.LoadConfig(rawCfg)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "failed to find the webhook pod namespace")
+	})
+}

internal/resolver/resolver.go

@@ -16,14 +16,20 @@ import (
 
 const typeTxtRecord = "TXT"
 
-func NewResolver(httpClient *http.Client) webhook.Solver {
+func NewResolver(
+	httpClient *http.Client,
+	zoneRepositoryFactory repository.ZoneRepositoryFactory,
+	rrSetRepositoryFactory repository.RRSetRepositoryFactory,
+	secretFetcher SecretFetcher,
+	configProvider ConfigProvider,
+) webhook.Solver {
 	return &stackitDnsProviderResolver{
 		ctx:                    context.Background(),
 		httpClient:             httpClient,
-		configProvider:         defaultConfigProvider{},
-		secretFetcher:          &kubeSecretFetcher{},
-		zoneRepositoryFactory:  repository.NewZoneRepositoryFactory(),
-		rrSetRepositoryFactory: repository.NewRRSetRepositoryFactory(),
+		configProvider:         configProvider,
+		secretFetcher:          secretFetcher,
+		zoneRepositoryFactory:  zoneRepositoryFactory,
+		rrSetRepositoryFactory: rrSetRepositoryFactory,
 	}
 }
 

internal/resolver/resolver_test.go

@@ -0,0 +1,78 @@
+package resolver_test
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
+	repository_mock "github.com/stackitcloud/stackit-cert-manager-webhook/internal/repository/mock"
+	"github.com/stackitcloud/stackit-cert-manager-webhook/internal/resolver"
+	resolver_mock "github.com/stackitcloud/stackit-cert-manager-webhook/internal/resolver/mock"
+	"github.com/stretchr/testify/assert"
+	"go.uber.org/mock/gomock"
+	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/client-go/rest"
+)
+
+func TestName(t *testing.T) {
+	t.Parallel()
+
+	r := resolver.NewResolver(nil, nil, nil, nil, nil)
+
+	assert.Equal(t, r.Name(), "stackit")
+}
+
+func TestInitialize(t *testing.T) {
+	t.Parallel()
+
+	r := resolver.NewResolver(nil, nil, nil, nil, nil)
+
+	t.Run("successful init", func(t *testing.T) {
+		t.Parallel()
+
+		kubeConfig := &rest.Config{}
+		err := r.Initialize(kubeConfig, nil)
+		assert.NoError(t, err)
+	})
+
+	t.Run("unsuccessful init", func(t *testing.T) {
+		t.Parallel()
+
+		kubeConfig := &rest.Config{Burst: -1, RateLimiter: nil, QPS: 1}
+		err := r.Initialize(kubeConfig, nil)
+		assert.Error(t, err)
+	})
+}
+
+func TestStackitDnsProviderResolver_Present(t *testing.T) {
+	t.Parallel()
+
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	mockSecretFetcher := resolver_mock.NewMockSecretFetcher(ctrl)
+	mockConfigProvider := resolver_mock.NewMockConfigProvider(ctrl)
+	mockZoneRepositoryFactory := repository_mock.NewMockZoneRepositoryFactory(ctrl)
+	mockRRSetRepositoryFactory := repository_mock.NewMockRRSetRepositoryFactory(ctrl)
+
+	configJson := &v1.JSON{Raw: []byte(`{"projectId":"test"}`)}
+	mockConfigProvider.EXPECT().
+		LoadConfig(configJson).
+		Return(resolver.StackitDnsProviderConfig{}, fmt.Errorf("error decoding solver configProvider"))
+
+	r := resolver.NewResolver(
+		&http.Client{},
+		mockZoneRepositoryFactory,
+		mockRRSetRepositoryFactory,
+		mockSecretFetcher,
+		mockConfigProvider,
+	)
+
+	ch := &v1alpha1.ChallengeRequest{
+		Config: configJson,
+	}
+
+	err := r.Present(ch)
+	assert.Error(t, err)
+}

internal/resolver/secrets.go

@@ -14,7 +14,7 @@ type SecretFetcher interface {
 }
 
 type kubeSecretFetcher struct {
-	client *kubernetes.Clientset
+	client kubernetes.Interface
 	ctx    context.Context
 }
 
@@ -32,3 +32,7 @@ func (k *kubeSecretFetcher) StringFromSecret(namespace, secretName, key string)
 
 	return string(binary), nil
 }
+
+func NewSecretFetcher() SecretFetcher {
+	return &kubeSecretFetcher{}
+}

internal/resolver/secrets_test.go

@@ -0,0 +1,44 @@
+package resolver
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/fake"
+)
+
+func TestStringFromSecret(t *testing.T) {
+	t.Parallel()
+
+	client := fake.NewSimpleClientset(&corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test-secret",
+			Namespace: "test-namespace",
+		},
+		Data: map[string][]byte{
+			"test-key": []byte("test-value"),
+		},
+	})
+
+	fetcher := &kubeSecretFetcher{
+		client: client,
+		ctx:    context.TODO(),
+	}
+
+	// check for expected value
+	value, err := fetcher.StringFromSecret("test-namespace", "test-secret", "test-key")
+	assert.NoError(t, err)
+	assert.Equal(t, "test-value", value)
+
+	// check for a non-existent key
+	_, err = fetcher.StringFromSecret("test-namespace", "test-secret", "non-existent-key")
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "key `\"non-existent-key\"` not found in secretFetcher `test-namespace/test-secret`")
+
+	// check for a non-existent secret
+	_, err = fetcher.StringFromSecret("test-namespace", "non-existent-secret", "test-key")
+	assert.Error(t, err)
+}