From ac3f85debc178c64316ac469c29f3139cddb9b20 Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Tue, 13 Jun 2023 13:18:57 +0530 Subject: [PATCH 1/9] add base suite for repository server controller --- .../repositoryserver/suite_test.go | 108 +++++-- pkg/controllers/repositoryserver/testutils.go | 265 ++++++++++++++++++ 2 files changed, 343 insertions(+), 30 deletions(-) create mode 100644 pkg/controllers/repositoryserver/testutils.go diff --git a/pkg/controllers/repositoryserver/suite_test.go b/pkg/controllers/repositoryserver/suite_test.go index c99de3f93e..703dfeb7bc 100644 --- a/pkg/controllers/repositoryserver/suite_test.go +++ b/pkg/controllers/repositoryserver/suite_test.go @@ -3,6 +3,11 @@ // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at +// Copyright 2023 The Kanister Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // @@ -15,58 +20,101 @@ package repositoryserver import ( - "path/filepath" + "context" "testing" - "time" . "gopkg.in/check.v1" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes/scheme" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" + ctrl "sigs.k8s.io/controller-runtime" - crkanisteriov1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1" + crclientv1alpha1 "github.com/kanisterio/kanister/pkg/client/clientset/versioned/typed/cr/v1alpha1" + "github.com/kanisterio/kanister/pkg/kube" + "github.com/kanisterio/kanister/pkg/resource" ) // Hook up gocheck into the "go test" runner. func Test(t *testing.T) { TestingT(t) } -type ControllerSuite struct { - testEnv *envtest.Environment +type RepoServerControllerSuite struct { + crCli crclientv1alpha1.CrV1alpha1Interface + kubeCli kubernetes.Interface + repoServerControllerNamespace string + repoServerSecrets repositoryServerSecrets } -var _ = Suite(&ControllerSuite{}) +var _ = Suite(&RepoServerControllerSuite{}) -func (s *ControllerSuite) SetUpSuite(c *C) { - c.Log("Bootstrapping test environment with Kanister CRDs") - useExistingCluster := true - s.testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "..", "customresource")}, - ErrorIfCRDPathMissing: true, - UseExistingCluster: &useExistingCluster, - } +func (s *RepoServerControllerSuite) SetUpSuite(c *C) { + config, err := kube.LoadConfig() + c.Assert(err, IsNil) + cli, err := kubernetes.NewForConfig(config) + c.Assert(err, IsNil) + crCli, err := crclientv1alpha1.NewForConfig(config) + c.Assert(err, IsNil) - cfg, err := s.testEnv.Start() + // Make sure the CRD's exist. + err = resource.CreateCustomResources(context.Background(), config) + c.Assert(err, IsNil) + err = resource.CreateRepoServerCustomResource(context.Background(), config) c.Assert(err, IsNil) - c.Assert(cfg, NotNil) - err = crkanisteriov1alpha1.AddToScheme(scheme.Scheme) + s.kubeCli = cli + s.crCli = crCli + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme.Scheme, + Port: 9443, + MetricsBindAddress: "0", + }) c.Assert(err, IsNil) - k8sClient, err := client.New(cfg, client.Options{Scheme: scheme.Scheme}) + err = (&RepositoryServerReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr) c.Assert(err, IsNil) - c.Assert(k8sClient, NotNil) -} -func (s *ControllerSuite) TearDownSuite(c *C) { - if s.testEnv != nil { - c.Log("Tearing down the test environment") - err := s.testEnv.Stop() + go func() { + err = mgr.Start(ctrl.SetupSignalHandler()) c.Assert(err, IsNil) + }() + + ns := &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "repositoryservercontrollertest-", + }, } + ctx := context.Background() + cns, err := s.kubeCli.CoreV1().Namespaces().Create(ctx, ns, metav1.CreateOptions{}) + c.Assert(err, IsNil) + s.repoServerControllerNamespace = cns.Name + s.createRepositoryServerSecrets(c) +} + +func (s *RepoServerControllerSuite) createRepositoryServerSecrets(c *C) { + kopiaTLSSecretData, err := getKopiaTLSSecret() + c.Assert(err, IsNil) + s.repoServerSecrets = repositoryServerSecrets{} + s.repoServerSecrets.serverUserAccess, err = createRepositoryServerUserAccessSecret(s.kubeCli, s.repoServerControllerNamespace, getRepoServerUserAccessSecretData("localhost", DefaultKopiaRepositoryServerAccessPassword)) + c.Assert(err, IsNil) + s.repoServerSecrets.serverAdmin, err = createRepositoryServerAdminSecret(s.kubeCli, s.repoServerControllerNamespace, getRepoServerAdminSecretData(DefaulKopiaRepositoryServerAdminUser, DefaultKopiaRepositoryServerAdminPassword)) + c.Assert(err, IsNil) + s.repoServerSecrets.repositoryPassword, err = createRepositoryPassword(s.kubeCli, s.repoServerControllerNamespace, getRepoPasswordSecretData(DefaultKopiaRepositoryPassword)) + c.Assert(err, IsNil) + s.repoServerSecrets.serverTLS, err = CreateKopiaTLSSecret(s.kubeCli, s.repoServerControllerNamespace, kopiaTLSSecretData) + c.Assert(err, IsNil) + s.repoServerSecrets.storage, err = CreateStorageLocationSecret(s.kubeCli, s.repoServerControllerNamespace, getDefaultS3CompliantStorageLocation()) + c.Assert(err, IsNil) + s.repoServerSecrets.storageCredentials, err = createSecret(s.kubeCli, "test-repository-server-storage-creds-", s.repoServerControllerNamespace, "secrets.kanister.io/aws", getDefaultS3StorageCreds()) + c.Assert(err, IsNil) } -func (s *ControllerSuite) TestWatch(c *C) { - // We give it a few seconds complete it's scan. This isn't required for the - // test, but is a more realistic startup scenario. - time.Sleep(5 * time.Second) +func (s *RepoServerControllerSuite) TearDownSuite(c *C) { + if s.repoServerControllerNamespace != "" { + err := s.kubeCli.CoreV1().Namespaces().Delete(context.TODO(), s.repoServerControllerNamespace, metav1.DeleteOptions{}) + c.Assert(err, IsNil) + } } diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go new file mode 100644 index 0000000000..51ae2eba84 --- /dev/null +++ b/pkg/controllers/repositoryserver/testutils.go @@ -0,0 +1,265 @@ +package repositoryserver + +import ( + "bytes" + "context" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "math/big" + "os" + "time" + + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + + "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1" + crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1" + awsconfig "github.com/kanisterio/kanister/pkg/aws" + "github.com/kanisterio/kanister/pkg/kopia/command" + "github.com/kanisterio/kanister/pkg/kopia/repository" + "github.com/kanisterio/kanister/pkg/secrets/repositoryserver" + "github.com/kanisterio/kanister/pkg/testutil" +) + +const ( + DefaultKopiaRepositoryPath = "kopia-repo-controller-test" + DefaulKopiaRepositoryServerAdminUser = "admin@test" + DefaultKopiaRepositoryServerAdminPassword = "admin1234" + DefaultKopiaRepositoryServerHost = "localhost" + DefaultKopiaRepositoryPassword = "test1234" + DefaultKopiaRepositoryUser = "repository-user" + DefaultKopiaRepositoryServerAccessUser = "kanister-user" + DefaultKopiaRepositoryServerAccessPassword = "test1234" + DefaultKanisterNamespace = "kanister" + DefaultKopiaRepositoryServerContainer = "repo-server-container" +) + +func getKopiaTLSSecret() (map[string][]byte, error) { + ca := &x509.Certificate{ + SerialNumber: big.NewInt(2019), + Subject: pkix.Name{ + Organization: []string{"Test Organization"}, + Country: []string{"Test Country"}, + Province: []string{"Test Province"}, + Locality: []string{"Test Locality"}, + StreetAddress: []string{"Test Street"}, + PostalCode: []string{"123456"}, + }, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(0, 0, 1), + IsCA: true, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, + BasicConstraintsValid: true, + } + caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return nil, err + } + caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey) + if err != nil { + return nil, err + } + + caPEM := new(bytes.Buffer) + err = pem.Encode(caPEM, &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + }) + if err != nil { + return nil, err + } + + caPrivKeyPEM := new(bytes.Buffer) + err = pem.Encode(caPrivKeyPEM, &pem.Block{ + Type: "PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey), + }) + if err != nil { + return nil, err + } + + return map[string][]byte{ + "tls.crt": caPEM.Bytes(), + "tls.key": caPrivKeyPEM.Bytes(), + }, nil +} + +func getDefaultKopiaRepositoryServerCR(namespace string) *crv1alpha1.RepositoryServer { + repositoryServer := &crv1alpha1.RepositoryServer{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "test-kopia-repo-server-", + Namespace: namespace, + }, + Spec: crv1alpha1.RepositoryServerSpec{ + Storage: crv1alpha1.Storage{ + SecretRef: v1.SecretReference{ + Namespace: namespace, + }, + CredentialSecretRef: v1.SecretReference{ + Namespace: namespace, + }, + }, + Repository: crv1alpha1.Repository{ + RootPath: DefaultKopiaRepositoryPath, + Username: DefaultKopiaRepositoryUser, + Hostname: DefaultKopiaRepositoryServerHost, + PasswordSecretRef: v1.SecretReference{ + Namespace: namespace, + }, + }, + Server: crv1alpha1.Server{ + UserAccess: crv1alpha1.UserAccess{ + UserAccessSecretRef: v1.SecretReference{ + Namespace: namespace, + }, + Username: DefaultKopiaRepositoryServerAccessUser, + }, + AdminSecretRef: v1.SecretReference{ + Namespace: namespace, + }, + TLSSecretRef: v1.SecretReference{ + Namespace: namespace, + }, + }, + }, + } + return repositoryServer +} + +func getDefaultS3StorageCreds() map[string][]byte { + key := os.Getenv(awsconfig.AccessKeyID) + val := os.Getenv(awsconfig.SecretAccessKey) + + return map[string][]byte{ + "aws_access_key_id": []byte(key), + "aws_secret_access_key": []byte(val), + } +} + +func getDefaultS3CompliantStorageLocation() map[string][]byte { + return map[string][]byte{ + "type": []byte(crv1alpha1.LocationTypeS3Compliant), + "bucket": []byte(testutil.TestS3BucketName), + "path": []byte(DefaultKopiaRepositoryPath), + "region": []byte(testutil.TestS3Region), + "endpoint": []byte(os.Getenv("LOCATION_ENDPOINT")), + } +} + +func setRepositoryServerSecretsInCR(secrets *repositoryServerSecrets, repoServerCR *crv1alpha1.RepositoryServer) { + if secrets != nil { + if secrets.serverAdmin != nil { + repoServerCR.Spec.Server.AdminSecretRef.Name = secrets.serverAdmin.Name + } + if secrets.repositoryPassword != nil { + repoServerCR.Spec.Repository.PasswordSecretRef.Name = secrets.repositoryPassword.Name + } + + if secrets.serverUserAccess != nil { + repoServerCR.Spec.Server.UserAccess.UserAccessSecretRef.Name = secrets.serverUserAccess.Name + } + if secrets.serverTLS != nil { + repoServerCR.Spec.Server.TLSSecretRef.Name = secrets.serverTLS.Name + } + if secrets.storage != nil { + repoServerCR.Spec.Storage.SecretRef.Name = secrets.storage.Name + } + if secrets.storageCredentials != nil { + repoServerCR.Spec.Storage.CredentialSecretRef.Name = secrets.storageCredentials.Name + } + } +} + +func getRepoPasswordSecretData(password string) map[string][]byte { + return map[string][]byte{ + repoPasswordKey: []byte(password), + } +} + +func getRepoServerAdminSecretData(username, password string) map[string][]byte { + return map[string][]byte{ + "username": []byte(username), + "password": []byte(password), + } +} + +func getRepoServerUserAccessSecretData(hostname, password string) map[string][]byte { + return map[string][]byte{ + hostname: []byte(password), + } +} + +func createKopiaRepository(cli kubernetes.Interface, rs *v1alpha1.RepositoryServer, storageLocation map[string][]byte) error { + contentCacheMB, metadataCacheMB := command.GetGeneralCacheSizeSettings() + + commandArgs := command.RepositoryCommandArgs{ + CommandArgs: &command.CommandArgs{ + RepoPassword: DefaultKopiaRepositoryPassword, + ConfigFilePath: command.DefaultConfigFilePath, + LogDirectory: command.DefaultLogDirectory, + }, + CacheDirectory: command.DefaultCacheDirectory, + Hostname: DefaultKopiaRepositoryServerHost, + ContentCacheMB: contentCacheMB, + MetadataCacheMB: metadataCacheMB, + Username: DefaultKopiaRepositoryUser, + RepoPathPrefix: DefaultKopiaRepositoryPath, + Location: storageLocation, + } + return repository.CreateKopiaRepository( + cli, + DefaultKanisterNamespace, + rs.Status.ServerInfo.PodName, + DefaultKopiaRepositoryServerContainer, + commandArgs, + ) +} + +func createSecret(cli kubernetes.Interface, namespace, name string, secrettype v1.SecretType, data map[string][]byte) (se *v1.Secret, err error) { + secret := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: name, + }, + Data: data, + } + if secrettype != "" { + secret.Type = secrettype + } + + se, err = cli.CoreV1().Secrets(namespace).Create(context.Background(), secret, metav1.CreateOptions{}) + return +} + +func createRepositoryServerAdminSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { + return createSecret(cli, namespace, "test-repository-server-admin-", repositoryserver.RepositoryServerAdminCredentials, data) + +} + +func createRepositoryServerUserAccessSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { + return createSecret(cli, "test-repository-server-user-access-", namespace, "", data) + +} + +func createRepositoryPassword(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { + return createSecret(cli, "test-repository-password-", namespace, repositoryserver.RepositoryPassword, data) +} + +func CreateKopiaTLSSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { + return createSecret(cli, "test-repository-password-", namespace, v1.SecretTypeTLS, data) + +} + +func CreateStorageLocationSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { + return createSecret(cli, "test-repository-server-storage-", namespace, repositoryserver.Location, data) + +} + +func CreateStorageLocationCredentialsSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { + return createSecret(cli, "test-repository-server-storage-", namespace, repositoryserver.Location, data) + +} From 4229e5b3b8418af0fc962cd3c82a76379b42b3e1 Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Tue, 13 Jun 2023 15:41:32 +0530 Subject: [PATCH 2/9] use constants for location secret keys --- .../repositoryserver/suite_test.go | 4 +-- pkg/controllers/repositoryserver/testutils.go | 28 ++++++++++--------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/pkg/controllers/repositoryserver/suite_test.go b/pkg/controllers/repositoryserver/suite_test.go index 703dfeb7bc..665f760db6 100644 --- a/pkg/controllers/repositoryserver/suite_test.go +++ b/pkg/controllers/repositoryserver/suite_test.go @@ -104,9 +104,9 @@ func (s *RepoServerControllerSuite) createRepositoryServerSecrets(c *C) { c.Assert(err, IsNil) s.repoServerSecrets.repositoryPassword, err = createRepositoryPassword(s.kubeCli, s.repoServerControllerNamespace, getRepoPasswordSecretData(DefaultKopiaRepositoryPassword)) c.Assert(err, IsNil) - s.repoServerSecrets.serverTLS, err = CreateKopiaTLSSecret(s.kubeCli, s.repoServerControllerNamespace, kopiaTLSSecretData) + s.repoServerSecrets.serverTLS, err = createKopiaTLSSecret(s.kubeCli, s.repoServerControllerNamespace, kopiaTLSSecretData) c.Assert(err, IsNil) - s.repoServerSecrets.storage, err = CreateStorageLocationSecret(s.kubeCli, s.repoServerControllerNamespace, getDefaultS3CompliantStorageLocation()) + s.repoServerSecrets.storage, err = createStorageLocationSecret(s.kubeCli, s.repoServerControllerNamespace, getDefaultS3CompliantStorageLocation()) c.Assert(err, IsNil) s.repoServerSecrets.storageCredentials, err = createSecret(s.kubeCli, "test-repository-server-storage-creds-", s.repoServerControllerNamespace, "secrets.kanister.io/aws", getDefaultS3StorageCreds()) c.Assert(err, IsNil) diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go index 51ae2eba84..f019108149 100644 --- a/pkg/controllers/repositoryserver/testutils.go +++ b/pkg/controllers/repositoryserver/testutils.go @@ -21,6 +21,7 @@ import ( awsconfig "github.com/kanisterio/kanister/pkg/aws" "github.com/kanisterio/kanister/pkg/kopia/command" "github.com/kanisterio/kanister/pkg/kopia/repository" + "github.com/kanisterio/kanister/pkg/secrets" "github.com/kanisterio/kanister/pkg/secrets/repositoryserver" "github.com/kanisterio/kanister/pkg/testutil" ) @@ -36,6 +37,7 @@ const ( DefaultKopiaRepositoryServerAccessPassword = "test1234" DefaultKanisterNamespace = "kanister" DefaultKopiaRepositoryServerContainer = "repo-server-container" + PathKey = "path" ) func getKopiaTLSSecret() (map[string][]byte, error) { @@ -136,18 +138,18 @@ func getDefaultS3StorageCreds() map[string][]byte { val := os.Getenv(awsconfig.SecretAccessKey) return map[string][]byte{ - "aws_access_key_id": []byte(key), - "aws_secret_access_key": []byte(val), + secrets.AWSAccessKeyID: []byte(key), + secrets.AWSSecretAccessKey: []byte(val), } } func getDefaultS3CompliantStorageLocation() map[string][]byte { return map[string][]byte{ - "type": []byte(crv1alpha1.LocationTypeS3Compliant), - "bucket": []byte(testutil.TestS3BucketName), - "path": []byte(DefaultKopiaRepositoryPath), - "region": []byte(testutil.TestS3Region), - "endpoint": []byte(os.Getenv("LOCATION_ENDPOINT")), + repositoryserver.LocationTypeKey: []byte(crv1alpha1.LocationTypeS3Compliant), + repositoryserver.BucketKey: []byte(testutil.TestS3BucketName), + PathKey: []byte(DefaultKopiaRepositoryPath), + repositoryserver.RegionKey: []byte(testutil.TestS3Region), + repositoryserver.EndpointKey: []byte(os.Getenv("LOCATION_ENDPOINT")), } } @@ -183,8 +185,8 @@ func getRepoPasswordSecretData(password string) map[string][]byte { func getRepoServerAdminSecretData(username, password string) map[string][]byte { return map[string][]byte{ - "username": []byte(username), - "password": []byte(password), + serverAdminUserNameKey: []byte(username), + serverAdminPasswordKey: []byte(password), } } @@ -249,17 +251,17 @@ func createRepositoryPassword(cli kubernetes.Interface, namespace string, data m return createSecret(cli, "test-repository-password-", namespace, repositoryserver.RepositoryPassword, data) } -func CreateKopiaTLSSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { +func createKopiaTLSSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { return createSecret(cli, "test-repository-password-", namespace, v1.SecretTypeTLS, data) } -func CreateStorageLocationSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { +func createStorageLocationSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { return createSecret(cli, "test-repository-server-storage-", namespace, repositoryserver.Location, data) } -func CreateStorageLocationCredentialsSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, "test-repository-server-storage-", namespace, repositoryserver.Location, data) +func createStorageLocationCredentialsSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { + return createSecret(cli, "test-repository-server-storage-creds", namespace, repositoryserver.Location, data) } From dd537d61258e34b930d815dd5b70f9d7b6f48d36 Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Tue, 13 Jun 2023 15:56:22 +0530 Subject: [PATCH 3/9] make the constants local to the package --- .../repositoryserver/suite_test.go | 6 +-- pkg/controllers/repositoryserver/testutils.go | 44 +++++++++---------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/pkg/controllers/repositoryserver/suite_test.go b/pkg/controllers/repositoryserver/suite_test.go index 665f760db6..ceba9813eb 100644 --- a/pkg/controllers/repositoryserver/suite_test.go +++ b/pkg/controllers/repositoryserver/suite_test.go @@ -98,11 +98,11 @@ func (s *RepoServerControllerSuite) createRepositoryServerSecrets(c *C) { kopiaTLSSecretData, err := getKopiaTLSSecret() c.Assert(err, IsNil) s.repoServerSecrets = repositoryServerSecrets{} - s.repoServerSecrets.serverUserAccess, err = createRepositoryServerUserAccessSecret(s.kubeCli, s.repoServerControllerNamespace, getRepoServerUserAccessSecretData("localhost", DefaultKopiaRepositoryServerAccessPassword)) + s.repoServerSecrets.serverUserAccess, err = createRepositoryServerUserAccessSecret(s.kubeCli, s.repoServerControllerNamespace, getRepoServerUserAccessSecretData("localhost", defaultKopiaRepositoryServerAccessPassword)) c.Assert(err, IsNil) - s.repoServerSecrets.serverAdmin, err = createRepositoryServerAdminSecret(s.kubeCli, s.repoServerControllerNamespace, getRepoServerAdminSecretData(DefaulKopiaRepositoryServerAdminUser, DefaultKopiaRepositoryServerAdminPassword)) + s.repoServerSecrets.serverAdmin, err = createRepositoryServerAdminSecret(s.kubeCli, s.repoServerControllerNamespace, getRepoServerAdminSecretData(defaulKopiaRepositoryServerAdminUser, defaultKopiaRepositoryServerAdminPassword)) c.Assert(err, IsNil) - s.repoServerSecrets.repositoryPassword, err = createRepositoryPassword(s.kubeCli, s.repoServerControllerNamespace, getRepoPasswordSecretData(DefaultKopiaRepositoryPassword)) + s.repoServerSecrets.repositoryPassword, err = createRepositoryPassword(s.kubeCli, s.repoServerControllerNamespace, getRepoPasswordSecretData(defaultKopiaRepositoryPassword)) c.Assert(err, IsNil) s.repoServerSecrets.serverTLS, err = createKopiaTLSSecret(s.kubeCli, s.repoServerControllerNamespace, kopiaTLSSecretData) c.Assert(err, IsNil) diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go index f019108149..519eaacec6 100644 --- a/pkg/controllers/repositoryserver/testutils.go +++ b/pkg/controllers/repositoryserver/testutils.go @@ -27,17 +27,17 @@ import ( ) const ( - DefaultKopiaRepositoryPath = "kopia-repo-controller-test" - DefaulKopiaRepositoryServerAdminUser = "admin@test" - DefaultKopiaRepositoryServerAdminPassword = "admin1234" - DefaultKopiaRepositoryServerHost = "localhost" - DefaultKopiaRepositoryPassword = "test1234" - DefaultKopiaRepositoryUser = "repository-user" - DefaultKopiaRepositoryServerAccessUser = "kanister-user" - DefaultKopiaRepositoryServerAccessPassword = "test1234" - DefaultKanisterNamespace = "kanister" - DefaultKopiaRepositoryServerContainer = "repo-server-container" - PathKey = "path" + defaultKopiaRepositoryPath = "kopia-repo-controller-test" + defaulKopiaRepositoryServerAdminUser = "admin@test" + defaultKopiaRepositoryServerAdminPassword = "admin1234" + defaultKopiaRepositoryServerHost = "localhost" + defaultKopiaRepositoryPassword = "test1234" + defaultKopiaRepositoryUser = "repository-user" + defaultKopiaRepositoryServerAccessUser = "kanister-user" + defaultKopiaRepositoryServerAccessPassword = "test1234" + defaultKanisterNamespace = "kanister" + defaultKopiaRepositoryServerContainer = "repo-server-container" + pathKey = "path" ) func getKopiaTLSSecret() (map[string][]byte, error) { @@ -107,9 +107,9 @@ func getDefaultKopiaRepositoryServerCR(namespace string) *crv1alpha1.RepositoryS }, }, Repository: crv1alpha1.Repository{ - RootPath: DefaultKopiaRepositoryPath, - Username: DefaultKopiaRepositoryUser, - Hostname: DefaultKopiaRepositoryServerHost, + RootPath: defaultKopiaRepositoryPath, + Username: defaultKopiaRepositoryUser, + Hostname: defaultKopiaRepositoryServerHost, PasswordSecretRef: v1.SecretReference{ Namespace: namespace, }, @@ -119,7 +119,7 @@ func getDefaultKopiaRepositoryServerCR(namespace string) *crv1alpha1.RepositoryS UserAccessSecretRef: v1.SecretReference{ Namespace: namespace, }, - Username: DefaultKopiaRepositoryServerAccessUser, + Username: defaultKopiaRepositoryServerAccessUser, }, AdminSecretRef: v1.SecretReference{ Namespace: namespace, @@ -147,7 +147,7 @@ func getDefaultS3CompliantStorageLocation() map[string][]byte { return map[string][]byte{ repositoryserver.LocationTypeKey: []byte(crv1alpha1.LocationTypeS3Compliant), repositoryserver.BucketKey: []byte(testutil.TestS3BucketName), - PathKey: []byte(DefaultKopiaRepositoryPath), + pathKey: []byte(defaultKopiaRepositoryPath), repositoryserver.RegionKey: []byte(testutil.TestS3Region), repositoryserver.EndpointKey: []byte(os.Getenv("LOCATION_ENDPOINT")), } @@ -201,23 +201,23 @@ func createKopiaRepository(cli kubernetes.Interface, rs *v1alpha1.RepositoryServ commandArgs := command.RepositoryCommandArgs{ CommandArgs: &command.CommandArgs{ - RepoPassword: DefaultKopiaRepositoryPassword, + RepoPassword: defaultKopiaRepositoryPassword, ConfigFilePath: command.DefaultConfigFilePath, LogDirectory: command.DefaultLogDirectory, }, CacheDirectory: command.DefaultCacheDirectory, - Hostname: DefaultKopiaRepositoryServerHost, + Hostname: defaultKopiaRepositoryServerHost, ContentCacheMB: contentCacheMB, MetadataCacheMB: metadataCacheMB, - Username: DefaultKopiaRepositoryUser, - RepoPathPrefix: DefaultKopiaRepositoryPath, + Username: defaultKopiaRepositoryUser, + RepoPathPrefix: defaultKopiaRepositoryPath, Location: storageLocation, } return repository.CreateKopiaRepository( cli, - DefaultKanisterNamespace, + defaultKanisterNamespace, rs.Status.ServerInfo.PodName, - DefaultKopiaRepositoryServerContainer, + defaultKopiaRepositoryServerContainer, commandArgs, ) } From 5798aaa721a531f5edff000ccd1b38b6803c831e Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Tue, 13 Jun 2023 15:56:55 +0530 Subject: [PATCH 4/9] add licence headers --- pkg/controllers/repositoryserver/testutils.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go index 519eaacec6..4226f4dd1f 100644 --- a/pkg/controllers/repositoryserver/testutils.go +++ b/pkg/controllers/repositoryserver/testutils.go @@ -1,3 +1,22 @@ +// Copyright 2023 The Kanister Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// Copyright 2023 The Kanister Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package repositoryserver import ( From 28a42c8238aa85dbe8aac9acaa0844846ca54131 Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Tue, 13 Jun 2023 16:02:20 +0530 Subject: [PATCH 5/9] fix licence headers --- pkg/controllers/repositoryserver/suite_test.go | 5 ----- pkg/controllers/repositoryserver/testutils.go | 5 ----- 2 files changed, 10 deletions(-) diff --git a/pkg/controllers/repositoryserver/suite_test.go b/pkg/controllers/repositoryserver/suite_test.go index ceba9813eb..b86315cf86 100644 --- a/pkg/controllers/repositoryserver/suite_test.go +++ b/pkg/controllers/repositoryserver/suite_test.go @@ -3,11 +3,6 @@ // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// Copyright 2023 The Kanister Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go index 4226f4dd1f..5fe1cb319f 100644 --- a/pkg/controllers/repositoryserver/testutils.go +++ b/pkg/controllers/repositoryserver/testutils.go @@ -3,11 +3,6 @@ // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at -// Copyright 2023 The Kanister Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // From ce4aa084781d41536a951ff90ce9118b61d0ba9c Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Tue, 13 Jun 2023 16:05:20 +0530 Subject: [PATCH 6/9] fix lint issues --- pkg/controllers/repositoryserver/suite_test.go | 3 +-- pkg/controllers/repositoryserver/testutils.go | 3 --- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/pkg/controllers/repositoryserver/suite_test.go b/pkg/controllers/repositoryserver/suite_test.go index b86315cf86..d72b28e64d 100644 --- a/pkg/controllers/repositoryserver/suite_test.go +++ b/pkg/controllers/repositoryserver/suite_test.go @@ -82,8 +82,7 @@ func (s *RepoServerControllerSuite) SetUpSuite(c *C) { GenerateName: "repositoryservercontrollertest-", }, } - ctx := context.Background() - cns, err := s.kubeCli.CoreV1().Namespaces().Create(ctx, ns, metav1.CreateOptions{}) + cns, err := s.kubeCli.CoreV1().Namespaces().Create(context.Background(), ns, metav1.CreateOptions{}) c.Assert(err, IsNil) s.repoServerControllerNamespace = cns.Name s.createRepositoryServerSecrets(c) diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go index 5fe1cb319f..eb214529d7 100644 --- a/pkg/controllers/repositoryserver/testutils.go +++ b/pkg/controllers/repositoryserver/testutils.go @@ -258,7 +258,6 @@ func createRepositoryServerAdminSecret(cli kubernetes.Interface, namespace strin func createRepositoryServerUserAccessSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { return createSecret(cli, "test-repository-server-user-access-", namespace, "", data) - } func createRepositoryPassword(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { @@ -267,12 +266,10 @@ func createRepositoryPassword(cli kubernetes.Interface, namespace string, data m func createKopiaTLSSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { return createSecret(cli, "test-repository-password-", namespace, v1.SecretTypeTLS, data) - } func createStorageLocationSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { return createSecret(cli, "test-repository-server-storage-", namespace, repositoryserver.Location, data) - } func createStorageLocationCredentialsSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { From 752d40a89bacfb1578d6cd7397ded7d331ea1764 Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Wed, 14 Jun 2023 11:49:36 +0530 Subject: [PATCH 7/9] remove unused functions and move to next PR --- pkg/controllers/repositoryserver/testutils.go | 101 ------------------ 1 file changed, 101 deletions(-) diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go index eb214529d7..9739a68b65 100644 --- a/pkg/controllers/repositoryserver/testutils.go +++ b/pkg/controllers/repositoryserver/testutils.go @@ -30,11 +30,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" - "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1" crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1" awsconfig "github.com/kanisterio/kanister/pkg/aws" - "github.com/kanisterio/kanister/pkg/kopia/command" - "github.com/kanisterio/kanister/pkg/kopia/repository" "github.com/kanisterio/kanister/pkg/secrets" "github.com/kanisterio/kanister/pkg/secrets/repositoryserver" "github.com/kanisterio/kanister/pkg/testutil" @@ -105,48 +102,6 @@ func getKopiaTLSSecret() (map[string][]byte, error) { }, nil } -func getDefaultKopiaRepositoryServerCR(namespace string) *crv1alpha1.RepositoryServer { - repositoryServer := &crv1alpha1.RepositoryServer{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: "test-kopia-repo-server-", - Namespace: namespace, - }, - Spec: crv1alpha1.RepositoryServerSpec{ - Storage: crv1alpha1.Storage{ - SecretRef: v1.SecretReference{ - Namespace: namespace, - }, - CredentialSecretRef: v1.SecretReference{ - Namespace: namespace, - }, - }, - Repository: crv1alpha1.Repository{ - RootPath: defaultKopiaRepositoryPath, - Username: defaultKopiaRepositoryUser, - Hostname: defaultKopiaRepositoryServerHost, - PasswordSecretRef: v1.SecretReference{ - Namespace: namespace, - }, - }, - Server: crv1alpha1.Server{ - UserAccess: crv1alpha1.UserAccess{ - UserAccessSecretRef: v1.SecretReference{ - Namespace: namespace, - }, - Username: defaultKopiaRepositoryServerAccessUser, - }, - AdminSecretRef: v1.SecretReference{ - Namespace: namespace, - }, - TLSSecretRef: v1.SecretReference{ - Namespace: namespace, - }, - }, - }, - } - return repositoryServer -} - func getDefaultS3StorageCreds() map[string][]byte { key := os.Getenv(awsconfig.AccessKeyID) val := os.Getenv(awsconfig.SecretAccessKey) @@ -167,30 +122,6 @@ func getDefaultS3CompliantStorageLocation() map[string][]byte { } } -func setRepositoryServerSecretsInCR(secrets *repositoryServerSecrets, repoServerCR *crv1alpha1.RepositoryServer) { - if secrets != nil { - if secrets.serverAdmin != nil { - repoServerCR.Spec.Server.AdminSecretRef.Name = secrets.serverAdmin.Name - } - if secrets.repositoryPassword != nil { - repoServerCR.Spec.Repository.PasswordSecretRef.Name = secrets.repositoryPassword.Name - } - - if secrets.serverUserAccess != nil { - repoServerCR.Spec.Server.UserAccess.UserAccessSecretRef.Name = secrets.serverUserAccess.Name - } - if secrets.serverTLS != nil { - repoServerCR.Spec.Server.TLSSecretRef.Name = secrets.serverTLS.Name - } - if secrets.storage != nil { - repoServerCR.Spec.Storage.SecretRef.Name = secrets.storage.Name - } - if secrets.storageCredentials != nil { - repoServerCR.Spec.Storage.CredentialSecretRef.Name = secrets.storageCredentials.Name - } - } -} - func getRepoPasswordSecretData(password string) map[string][]byte { return map[string][]byte{ repoPasswordKey: []byte(password), @@ -210,32 +141,6 @@ func getRepoServerUserAccessSecretData(hostname, password string) map[string][]b } } -func createKopiaRepository(cli kubernetes.Interface, rs *v1alpha1.RepositoryServer, storageLocation map[string][]byte) error { - contentCacheMB, metadataCacheMB := command.GetGeneralCacheSizeSettings() - - commandArgs := command.RepositoryCommandArgs{ - CommandArgs: &command.CommandArgs{ - RepoPassword: defaultKopiaRepositoryPassword, - ConfigFilePath: command.DefaultConfigFilePath, - LogDirectory: command.DefaultLogDirectory, - }, - CacheDirectory: command.DefaultCacheDirectory, - Hostname: defaultKopiaRepositoryServerHost, - ContentCacheMB: contentCacheMB, - MetadataCacheMB: metadataCacheMB, - Username: defaultKopiaRepositoryUser, - RepoPathPrefix: defaultKopiaRepositoryPath, - Location: storageLocation, - } - return repository.CreateKopiaRepository( - cli, - defaultKanisterNamespace, - rs.Status.ServerInfo.PodName, - defaultKopiaRepositoryServerContainer, - commandArgs, - ) -} - func createSecret(cli kubernetes.Interface, namespace, name string, secrettype v1.SecretType, data map[string][]byte) (se *v1.Secret, err error) { secret := &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -253,7 +158,6 @@ func createSecret(cli kubernetes.Interface, namespace, name string, secrettype v func createRepositoryServerAdminSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { return createSecret(cli, namespace, "test-repository-server-admin-", repositoryserver.RepositoryServerAdminCredentials, data) - } func createRepositoryServerUserAccessSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { @@ -271,8 +175,3 @@ func createKopiaTLSSecret(cli kubernetes.Interface, namespace string, data map[s func createStorageLocationSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { return createSecret(cli, "test-repository-server-storage-", namespace, repositoryserver.Location, data) } - -func createStorageLocationCredentialsSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, "test-repository-server-storage-creds", namespace, repositoryserver.Location, data) - -} From 63d231f41efd7d22fbd094844132c0e724d16049 Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Fri, 23 Jun 2023 15:58:29 +0530 Subject: [PATCH 8/9] fix build issues --- pkg/controllers/repositoryserver/testutils.go | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go index 9739a68b65..ad401be104 100644 --- a/pkg/controllers/repositoryserver/testutils.go +++ b/pkg/controllers/repositoryserver/testutils.go @@ -33,7 +33,7 @@ import ( crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1" awsconfig "github.com/kanisterio/kanister/pkg/aws" "github.com/kanisterio/kanister/pkg/secrets" - "github.com/kanisterio/kanister/pkg/secrets/repositoryserver" + reposerver "github.com/kanisterio/kanister/pkg/secrets/repositoryserver" "github.com/kanisterio/kanister/pkg/testutil" ) @@ -114,24 +114,24 @@ func getDefaultS3StorageCreds() map[string][]byte { func getDefaultS3CompliantStorageLocation() map[string][]byte { return map[string][]byte{ - repositoryserver.LocationTypeKey: []byte(crv1alpha1.LocationTypeS3Compliant), - repositoryserver.BucketKey: []byte(testutil.TestS3BucketName), - pathKey: []byte(defaultKopiaRepositoryPath), - repositoryserver.RegionKey: []byte(testutil.TestS3Region), - repositoryserver.EndpointKey: []byte(os.Getenv("LOCATION_ENDPOINT")), + reposerver.TypeKey: []byte(crv1alpha1.LocationTypeS3Compliant), + reposerver.BucketKey: []byte(testutil.TestS3BucketName), + pathKey: []byte(defaultKopiaRepositoryPath), + reposerver.RegionKey: []byte(testutil.TestS3Region), + reposerver.EndpointKey: []byte(os.Getenv("LOCATION_ENDPOINT")), } } func getRepoPasswordSecretData(password string) map[string][]byte { return map[string][]byte{ - repoPasswordKey: []byte(password), + reposerver.RepoPasswordKey: []byte(password), } } func getRepoServerAdminSecretData(username, password string) map[string][]byte { return map[string][]byte{ - serverAdminUserNameKey: []byte(username), - serverAdminPasswordKey: []byte(password), + reposerver.AdminUsernameKey: []byte(username), + reposerver.AdminPasswordKey: []byte(password), } } @@ -157,7 +157,7 @@ func createSecret(cli kubernetes.Interface, namespace, name string, secrettype v } func createRepositoryServerAdminSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, namespace, "test-repository-server-admin-", repositoryserver.RepositoryServerAdminCredentials, data) + return createSecret(cli, namespace, "test-repository-server-admin-", reposerver.AdminCredentialsSecret, data) } func createRepositoryServerUserAccessSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { @@ -165,7 +165,7 @@ func createRepositoryServerUserAccessSecret(cli kubernetes.Interface, namespace } func createRepositoryPassword(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, "test-repository-password-", namespace, repositoryserver.RepositoryPassword, data) + return createSecret(cli, "test-repository-password-", namespace, reposerver.RepositoryPasswordSecret, data) } func createKopiaTLSSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { @@ -173,5 +173,5 @@ func createKopiaTLSSecret(cli kubernetes.Interface, namespace string, data map[s } func createStorageLocationSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, "test-repository-server-storage-", namespace, repositoryserver.Location, data) + return createSecret(cli, "test-repository-server-storage-", namespace, reposerver.Location, data) } From 8d92463eec4b5ddb699a7d658b21a31019c02610 Mon Sep 17 00:00:00 2001 From: Amruta Kale Date: Fri, 23 Jun 2023 16:55:01 +0530 Subject: [PATCH 9/9] move secret creation utils under test suite --- .../repositoryserver/suite_test.go | 49 ++++++-- pkg/controllers/repositoryserver/testutils.go | 118 ------------------ pkg/testutil/testutil.go | 95 ++++++++++++++ 3 files changed, 137 insertions(+), 125 deletions(-) diff --git a/pkg/controllers/repositoryserver/suite_test.go b/pkg/controllers/repositoryserver/suite_test.go index d72b28e64d..54e2d4b374 100644 --- a/pkg/controllers/repositoryserver/suite_test.go +++ b/pkg/controllers/repositoryserver/suite_test.go @@ -28,6 +28,9 @@ import ( crclientv1alpha1 "github.com/kanisterio/kanister/pkg/client/clientset/versioned/typed/cr/v1alpha1" "github.com/kanisterio/kanister/pkg/kube" "github.com/kanisterio/kanister/pkg/resource" + "github.com/kanisterio/kanister/pkg/secrets" + reposerver "github.com/kanisterio/kanister/pkg/secrets/repositoryserver" + "github.com/kanisterio/kanister/pkg/testutil" ) // Hook up gocheck into the "go test" runner. @@ -89,23 +92,55 @@ func (s *RepoServerControllerSuite) SetUpSuite(c *C) { } func (s *RepoServerControllerSuite) createRepositoryServerSecrets(c *C) { - kopiaTLSSecretData, err := getKopiaTLSSecret() + kopiaTLSSecretData, err := testutil.GetKopiaTLSSecretData() c.Assert(err, IsNil) s.repoServerSecrets = repositoryServerSecrets{} - s.repoServerSecrets.serverUserAccess, err = createRepositoryServerUserAccessSecret(s.kubeCli, s.repoServerControllerNamespace, getRepoServerUserAccessSecretData("localhost", defaultKopiaRepositoryServerAccessPassword)) + s.repoServerSecrets.serverUserAccess, err = s.CreateRepositoryServerUserAccessSecret(testutil.GetRepoServerUserAccessSecretData("localhost", defaultKopiaRepositoryServerAccessPassword)) c.Assert(err, IsNil) - s.repoServerSecrets.serverAdmin, err = createRepositoryServerAdminSecret(s.kubeCli, s.repoServerControllerNamespace, getRepoServerAdminSecretData(defaulKopiaRepositoryServerAdminUser, defaultKopiaRepositoryServerAdminPassword)) + s.repoServerSecrets.serverAdmin, err = s.CreateRepositoryServerAdminSecret(testutil.GetRepoServerAdminSecretData(defaulKopiaRepositoryServerAdminUser, defaultKopiaRepositoryServerAdminPassword)) c.Assert(err, IsNil) - s.repoServerSecrets.repositoryPassword, err = createRepositoryPassword(s.kubeCli, s.repoServerControllerNamespace, getRepoPasswordSecretData(defaultKopiaRepositoryPassword)) + s.repoServerSecrets.repositoryPassword, err = s.CreateRepositoryPasswordSecret(testutil.GetRepoPasswordSecretData(defaultKopiaRepositoryPassword)) c.Assert(err, IsNil) - s.repoServerSecrets.serverTLS, err = createKopiaTLSSecret(s.kubeCli, s.repoServerControllerNamespace, kopiaTLSSecretData) + s.repoServerSecrets.serverTLS, err = s.CreateKopiaTLSSecret(kopiaTLSSecretData) c.Assert(err, IsNil) - s.repoServerSecrets.storage, err = createStorageLocationSecret(s.kubeCli, s.repoServerControllerNamespace, getDefaultS3CompliantStorageLocation()) + s.repoServerSecrets.storage, err = s.CreateStorageLocationSecret(getDefaultS3CompliantStorageLocation()) c.Assert(err, IsNil) - s.repoServerSecrets.storageCredentials, err = createSecret(s.kubeCli, "test-repository-server-storage-creds-", s.repoServerControllerNamespace, "secrets.kanister.io/aws", getDefaultS3StorageCreds()) + s.repoServerSecrets.storageCredentials, err = s.CreateAWSStorageCredentialsSecret(getDefaultS3StorageCreds()) c.Assert(err, IsNil) } +func (s *RepoServerControllerSuite) CreateRepositoryServerAdminSecret(data map[string][]byte) (se *v1.Secret, err error) { + return testutil.CreateSecret(s.kubeCli, s.repoServerControllerNamespace, "test-repository-server-admin-", reposerver.AdminCredentialsSecret, data) +} + +func (s *RepoServerControllerSuite) CreateRepositoryServerUserAccessSecret(data map[string][]byte) (se *v1.Secret, err error) { + return testutil.CreateSecret(s.kubeCli, s.repoServerControllerNamespace, "test-repository-server-user-access-", "", data) +} + +func (s *RepoServerControllerSuite) CreateRepositoryPasswordSecret(data map[string][]byte) (se *v1.Secret, err error) { + return testutil.CreateSecret(s.kubeCli, s.repoServerControllerNamespace, "test-repository-password-", reposerver.RepositoryPasswordSecret, data) +} + +func (s *RepoServerControllerSuite) CreateKopiaTLSSecret(data map[string][]byte) (se *v1.Secret, err error) { + return testutil.CreateSecret(s.kubeCli, s.repoServerControllerNamespace, "test-kopia-tls-", v1.SecretTypeTLS, data) +} + +func (s *RepoServerControllerSuite) CreateStorageLocationSecret(data map[string][]byte) (se *v1.Secret, err error) { + return testutil.CreateSecret(s.kubeCli, "test-repository-server-storage-", s.repoServerControllerNamespace, reposerver.Location, data) +} + +func (s *RepoServerControllerSuite) CreateAWSStorageCredentialsSecret(data map[string][]byte) (se *v1.Secret, err error) { + return testutil.CreateSecret(s.kubeCli, "test-repository-server-storage-creds-", s.repoServerControllerNamespace, v1.SecretType(secrets.AWSSecretType), data) +} + +func (s *RepoServerControllerSuite) CreateAzureStorageCredentialsSecret(data map[string][]byte) (se *v1.Secret, err error) { + return testutil.CreateSecret(s.kubeCli, "test-repository-server-storage-creds-", s.repoServerControllerNamespace, v1.SecretType(secrets.AzureSecretType), data) +} + +func (s *RepoServerControllerSuite) CreateGCPStorageCredentialsSecret(data map[string][]byte) (se *v1.Secret, err error) { + return testutil.CreateSecret(s.kubeCli, "test-repository-server-storage-creds-", s.repoServerControllerNamespace, v1.SecretType(secrets.GCPSecretType), data) +} + func (s *RepoServerControllerSuite) TearDownSuite(c *C) { if s.repoServerControllerNamespace != "" { err := s.kubeCli.CoreV1().Namespaces().Delete(context.TODO(), s.repoServerControllerNamespace, metav1.DeleteOptions{}) diff --git a/pkg/controllers/repositoryserver/testutils.go b/pkg/controllers/repositoryserver/testutils.go index ad401be104..bed0857c8e 100644 --- a/pkg/controllers/repositoryserver/testutils.go +++ b/pkg/controllers/repositoryserver/testutils.go @@ -15,20 +15,7 @@ package repositoryserver import ( - "bytes" - "context" - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "math/big" "os" - "time" - - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1" awsconfig "github.com/kanisterio/kanister/pkg/aws" @@ -51,57 +38,6 @@ const ( pathKey = "path" ) -func getKopiaTLSSecret() (map[string][]byte, error) { - ca := &x509.Certificate{ - SerialNumber: big.NewInt(2019), - Subject: pkix.Name{ - Organization: []string{"Test Organization"}, - Country: []string{"Test Country"}, - Province: []string{"Test Province"}, - Locality: []string{"Test Locality"}, - StreetAddress: []string{"Test Street"}, - PostalCode: []string{"123456"}, - }, - NotBefore: time.Now(), - NotAfter: time.Now().AddDate(0, 0, 1), - IsCA: true, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, - KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, - BasicConstraintsValid: true, - } - caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) - if err != nil { - return nil, err - } - caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey) - if err != nil { - return nil, err - } - - caPEM := new(bytes.Buffer) - err = pem.Encode(caPEM, &pem.Block{ - Type: "CERTIFICATE", - Bytes: caBytes, - }) - if err != nil { - return nil, err - } - - caPrivKeyPEM := new(bytes.Buffer) - err = pem.Encode(caPrivKeyPEM, &pem.Block{ - Type: "PRIVATE KEY", - Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey), - }) - if err != nil { - return nil, err - } - - return map[string][]byte{ - "tls.crt": caPEM.Bytes(), - "tls.key": caPrivKeyPEM.Bytes(), - }, nil -} - func getDefaultS3StorageCreds() map[string][]byte { key := os.Getenv(awsconfig.AccessKeyID) val := os.Getenv(awsconfig.SecretAccessKey) @@ -121,57 +57,3 @@ func getDefaultS3CompliantStorageLocation() map[string][]byte { reposerver.EndpointKey: []byte(os.Getenv("LOCATION_ENDPOINT")), } } - -func getRepoPasswordSecretData(password string) map[string][]byte { - return map[string][]byte{ - reposerver.RepoPasswordKey: []byte(password), - } -} - -func getRepoServerAdminSecretData(username, password string) map[string][]byte { - return map[string][]byte{ - reposerver.AdminUsernameKey: []byte(username), - reposerver.AdminPasswordKey: []byte(password), - } -} - -func getRepoServerUserAccessSecretData(hostname, password string) map[string][]byte { - return map[string][]byte{ - hostname: []byte(password), - } -} - -func createSecret(cli kubernetes.Interface, namespace, name string, secrettype v1.SecretType, data map[string][]byte) (se *v1.Secret, err error) { - secret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - GenerateName: name, - }, - Data: data, - } - if secrettype != "" { - secret.Type = secrettype - } - - se, err = cli.CoreV1().Secrets(namespace).Create(context.Background(), secret, metav1.CreateOptions{}) - return -} - -func createRepositoryServerAdminSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, namespace, "test-repository-server-admin-", reposerver.AdminCredentialsSecret, data) -} - -func createRepositoryServerUserAccessSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, "test-repository-server-user-access-", namespace, "", data) -} - -func createRepositoryPassword(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, "test-repository-password-", namespace, reposerver.RepositoryPasswordSecret, data) -} - -func createKopiaTLSSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, "test-repository-password-", namespace, v1.SecretTypeTLS, data) -} - -func createStorageLocationSecret(cli kubernetes.Interface, namespace string, data map[string][]byte) (se *v1.Secret, err error) { - return createSecret(cli, "test-repository-server-storage-", namespace, reposerver.Location, data) -} diff --git a/pkg/testutil/testutil.go b/pkg/testutil/testutil.go index 968f39e109..582ffd5290 100644 --- a/pkg/testutil/testutil.go +++ b/pkg/testutil/testutil.go @@ -15,9 +15,17 @@ package testutil import ( + "bytes" "context" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" "fmt" + "math/big" "os" + "time" "golang.org/x/oauth2/google" compute "google.golang.org/api/compute/v1" @@ -25,11 +33,13 @@ import ( v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1" awsconfig "github.com/kanisterio/kanister/pkg/aws" "github.com/kanisterio/kanister/pkg/blockstorage" "github.com/kanisterio/kanister/pkg/consts" + reposerver "github.com/kanisterio/kanister/pkg/secrets/repositoryserver" ) const ( @@ -340,3 +350,88 @@ func BlueprintWithConfigMap(bp *crv1alpha1.Blueprint) *crv1alpha1.Blueprint { } return bp } + +func CreateSecret(cli kubernetes.Interface, namespace, name string, secrettype v1.SecretType, data map[string][]byte) (se *v1.Secret, err error) { + secret := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: name, + }, + Data: data, + } + if secrettype != "" { + secret.Type = secrettype + } + + se, err = cli.CoreV1().Secrets(namespace).Create(context.Background(), secret, metav1.CreateOptions{}) + return +} + +func GetRepoPasswordSecretData(password string) map[string][]byte { + return map[string][]byte{ + reposerver.RepoPasswordKey: []byte(password), + } +} + +func GetRepoServerAdminSecretData(username, password string) map[string][]byte { + return map[string][]byte{ + reposerver.AdminUsernameKey: []byte(username), + reposerver.AdminPasswordKey: []byte(password), + } +} + +func GetRepoServerUserAccessSecretData(hostname, password string) map[string][]byte { + return map[string][]byte{ + hostname: []byte(password), + } +} + +func GetKopiaTLSSecretData() (map[string][]byte, error) { + ca := &x509.Certificate{ + SerialNumber: big.NewInt(2019), + Subject: pkix.Name{ + Organization: []string{"Test Organization"}, + Country: []string{"Test Country"}, + Province: []string{"Test Province"}, + Locality: []string{"Test Locality"}, + StreetAddress: []string{"Test Street"}, + PostalCode: []string{"123456"}, + }, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(0, 0, 1), + IsCA: true, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, + BasicConstraintsValid: true, + } + caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return nil, err + } + caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey) + if err != nil { + return nil, err + } + + caPEM := new(bytes.Buffer) + err = pem.Encode(caPEM, &pem.Block{ + Type: "CERTIFICATE", + Bytes: caBytes, + }) + if err != nil { + return nil, err + } + + caPrivKeyPEM := new(bytes.Buffer) + err = pem.Encode(caPrivKeyPEM, &pem.Block{ + Type: "PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey), + }) + if err != nil { + return nil, err + } + + return map[string][]byte{ + "tls.crt": caPEM.Bytes(), + "tls.key": caPrivKeyPEM.Bytes(), + }, nil +}