Add tests

vshn · Mar 21, 2024 · dc1e489 · dc1e489
1 parent 8139e31
commit dc1e489
Show file tree

Hide file tree

Showing 7 changed files with 350 additions and 12 deletions.
diff --git a/controllers/database_controller_test.go b/controllers/database_controller_test.go
@@ -0,0 +1,165 @@
+package controllers
+
+import (
+	"context"
+	"github.com/go-logr/logr/testr"
+	"github.com/go-openapi/runtime"
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
+	"github.com/vshn/stardog-userrole-operator/api/v1alpha1"
+	"github.com/vshn/stardog-userrole-operator/api/v1beta1"
+	db2 "github.com/vshn/stardog-userrole-operator/stardogrest/client/db"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/client/roles"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/client/roles_permissions"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/client/users"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/client/users_roles"
+	stardogmock "github.com/vshn/stardog-userrole-operator/stardogrest/mocks"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/models"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/scheme"
+	"testing"
+)
+
+func Test_createCustomUser(t *testing.T) {
+
+	namespace := "namespace-test"
+	stardogInstanceName := "instance-test"
+	secretName := "secret-test"
+	serverURL := "http://url-test.ch"
+	username := "admin"
+	password := "1234"
+	err := v1alpha1.AddToScheme(scheme.Scheme)
+	assert.NoError(t, err)
+	err = v1beta1.AddToScheme(scheme.Scheme)
+	assert.NoError(t, err)
+
+	mockCtrl := gomock.NewController(t)
+	defer mockCtrl.Finish()
+	stardogMocked := stardogmock.NewMockStardogTestClient(mockCtrl)
+	stardogClient := createStardogClientFromMock(stardogMocked)
+	db := createStardogDB("test-db", "hidden-user", v1beta1.StardogInstanceRef{
+		Name:      stardogInstanceName,
+		Namespace: namespace,
+	})
+	org := createOrg("org-test", db.Name, []v1beta1.NamedGraph{{
+		Name:      "graph1",
+		AddHidden: true,
+	}})
+
+	tests := []struct {
+		name                     string
+		stardogInstance          v1alpha1.StardogInstance
+		secret                   v1.Secret
+		stardogDB                *v1beta1.Database
+		stardogOrg               *v1beta1.Organization
+		dr                       DatabaseReconciliation
+		expectedCustomUser       bool
+		expectedCustomRole       bool
+		expectedWritePermissions bool
+	}{
+		{
+			name:            "GivenReconciliationContext_WhenCreateDatabaseWithCustomUser_ThenCreateCustomUser",
+			stardogInstance: *createStardogInstanceWithFinalizers(namespace, stardogInstanceName, secretName, serverURL),
+			secret:          *createFullSecret(namespace, secretName, username, password),
+			stardogDB:       db,
+			stardogOrg:      org,
+			dr: DatabaseReconciliation{
+				resource: db,
+				reconciliationContext: &ReconciliationContext{
+					context:       context.Background(),
+					conditions:    make(map[v1alpha1.StardogConditionType]v1alpha1.StardogCondition),
+					stardogClient: stardogClient,
+				},
+			},
+			expectedCustomUser:       true,
+			expectedCustomRole:       true,
+			expectedWritePermissions: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fakeKubeClient, err := createKubeFakeClientWithSub(tt.stardogDB, &tt.stardogInstance, &tt.secret)
+			assert.NoError(t, err)
+			r := DatabaseReconciler{
+				Log:    testr.New(t),
+				Scheme: scheme.Scheme,
+				Client: fakeKubeClient,
+			}
+
+			customUserExists := false
+			writePermissions := false
+			stardogMocked.EXPECT().
+				SetTransport(gomock.Any()).
+				AnyTimes()
+			stardogMocked.EXPECT().
+				ListDatabases(gomock.Any(), gomock.Any(), gomock.Any()).
+				Return(&db2.ListDatabasesOK{Payload: &models.Databases{}}, nil).
+				Times(1)
+			stardogMocked.EXPECT().
+				CreateNewDatabase(gomock.Any(), gomock.Any(), gomock.Any()).
+				Return(db2.NewCreateNewDatabaseCreated(), nil).
+				Times(1)
+			stardogMocked.EXPECT().
+				ListUsers(gomock.Any(), gomock.Any()).
+				Return(&users.ListUsersOK{Payload: &models.Users{}}, nil).
+				Times(1)
+			stardogMocked.EXPECT().
+				CreateUser(gomock.Any(), gomock.Any(), gomock.Any()).
+				DoAndReturn(func(params *users.CreateUserParams, authInfo runtime.ClientAuthInfoWriter, opts ...users.ClientOption) (*users.CreateUserCreated, error) {
+					if *params.User.Username == "hidden-user" {
+						customUserExists = true
+					}
+					return users.NewCreateUserCreated(), nil
+				}).
+				Times(3)
+			stardogMocked.EXPECT().
+				ListRoles(gomock.Any(), gomock.Any()).
+				Return(&roles.ListRolesOK{Payload: &models.Roles{}}, nil).
+				Times(1)
+			stardogMocked.EXPECT().
+				CreateRole(gomock.Any(), gomock.Any(), gomock.Any()).
+				Return(roles.NewCreateRoleCreated(), nil).
+				Times(3)
+			stardogMocked.EXPECT().
+				ListRolePermissions(gomock.Any(), gomock.Any()).
+				Return(&roles_permissions.ListRolePermissionsOK{Payload: &models.Permissions{}}, nil).
+				Times(3)
+			stardogMocked.EXPECT().
+				ListUserRoles(gomock.Any(), gomock.Any()).
+				Return(&users_roles.ListUserRolesOK{Payload: &models.Roles{}}, nil).
+				Times(3)
+			stardogMocked.EXPECT().
+				AddRole(gomock.Any(), gomock.Any()).
+				Return(users_roles.NewAddRoleNoContent(), nil).
+				Times(3)
+			stardogMocked.EXPECT().
+				AddRolePermission(gomock.Any(), gomock.Any(), gomock.Any()).
+				DoAndReturn(func(params *roles_permissions.AddRolePermissionParams, authInfo runtime.ClientAuthInfoWriter, opts ...users_roles.ClientOption) (*roles_permissions.AddRolePermissionCreated, error) {
+					if *params.Permission.Action == "WRITE" && params.Role == "hidden-user" {
+						writePermissions = true
+					}
+					return roles_permissions.NewAddRolePermissionCreated(), nil
+				}).AnyTimes()
+
+			_, err = r.reconcileDatabase(&tt.dr)
+			assert.Equal(t, tt.expectedCustomUser, customUserExists)
+			assert.Equal(t, tt.expectedWritePermissions, writePermissions)
+		})
+	}
+}
+
+func createStardogDB(name, hiddenUser string, instanceRef v1beta1.StardogInstanceRef) *v1beta1.Database {
+	return &v1beta1.Database{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Spec: v1beta1.DatabaseSpec{
+			DatabaseName:              name,
+			AddUserForNonHiddenGraphs: hiddenUser,
+			StardogInstanceRefs:       []v1beta1.StardogInstanceRef{instanceRef},
+			NamedGraphPrefix:          "https://graph.ch",
+		},
+	}
+}
diff --git a/controllers/organization_controller.go b/controllers/organization_controller.go
@@ -179,7 +179,7 @@ func (r *OrganizationReconciler) validateSpecification(ctx context.Context, orga
 }
 
 func (r *OrganizationReconciler) syncOrganization(or *OrganizationReconciliation) error {
-	dbInstances := or.database.Status.StardogInstanceRefs
+	dbInstances := or.database.Spec.StardogInstanceRefs
 	orgInstances := or.resource.Status.StardogInstanceRefs
 
 	// Create an organization for each instance in spec.StardogInstanceRefs

diff --git a/controllers/organization_controller_test.go b/controllers/organization_controller_test.go
@@ -0,0 +1,164 @@
+package controllers
+
+import (
+	"context"
+	"github.com/go-logr/logr/testr"
+	"github.com/go-openapi/runtime"
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
+	"github.com/vshn/stardog-userrole-operator/api/v1alpha1"
+	"github.com/vshn/stardog-userrole-operator/api/v1beta1"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/client/roles"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/client/roles_permissions"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/client/users"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/client/users_roles"
+	stardogmock "github.com/vshn/stardog-userrole-operator/stardogrest/mocks"
+	"github.com/vshn/stardog-userrole-operator/stardogrest/models"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/scheme"
+	"testing"
+)
+
+func Test_createHiddenGraph(t *testing.T) {
+
+	namespace := "namespace-test"
+	stardogInstanceName := "instance-test"
+	secretName := "secret-test"
+	serverURL := "http://url-test.ch"
+	username := "admin"
+	password := "1234"
+	action := "READ"
+	resourceTypeNG := "named-graph"
+	resourceTypeMeta := "metadata"
+	resourceTypeDB := "db"
+	err := v1alpha1.AddToScheme(scheme.Scheme)
+	assert.NoError(t, err)
+	err = v1beta1.AddToScheme(scheme.Scheme)
+	assert.NoError(t, err)
+
+	mockCtrl := gomock.NewController(t)
+	defer mockCtrl.Finish()
+	stardogMocked := stardogmock.NewMockStardogTestClient(mockCtrl)
+	stardogClient := createStardogClientFromMock(stardogMocked)
+	db := createStardogDB("test-db", "hidden-user", v1beta1.StardogInstanceRef{
+		Name:      stardogInstanceName,
+		Namespace: namespace,
+	})
+	org := createOrg("org-test", db.Name, []v1beta1.NamedGraph{{
+		Name:      "graph1",
+		AddHidden: true,
+	}})
+
+	tests := []struct {
+		name                string
+		stardogInstance     v1alpha1.StardogInstance
+		secret              v1.Secret
+		stardogDB           *v1beta1.Database
+		stardogOrg          *v1beta1.Organization
+		or                  OrganizationReconciliation
+		expectedPermissions []models.Permission
+	}{
+		{
+			name:            "GivenReconciliationContext_WhenCreateOrgWithHiddenGraphs_ThenCreateHiddenGraphs",
+			stardogInstance: *createStardogInstanceWithFinalizers(namespace, stardogInstanceName, secretName, serverURL),
+			secret:          *createFullSecret(namespace, secretName, username, password),
+			stardogDB:       db,
+			stardogOrg:      org,
+			or: OrganizationReconciliation{
+				database: db,
+				resource: org,
+				reconciliationContext: &ReconciliationContext{
+					context:       context.Background(),
+					conditions:    make(map[v1alpha1.StardogConditionType]v1alpha1.StardogCondition),
+					stardogClient: stardogClient,
+				},
+			},
+			expectedPermissions: []models.Permission{
+				{
+					Action:       &action,
+					Resource:     []string{"test-db"},
+					ResourceType: &resourceTypeDB,
+				},
+				{
+					Action:       &action,
+					Resource:     []string{"test-db"},
+					ResourceType: &resourceTypeMeta,
+				},
+				{
+					Action:       &action,
+					Resource:     []string{"test-db", "https://graph.ch/org-test/graph1"},
+					ResourceType: &resourceTypeNG,
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fakeKubeClient, err := createKubeFakeClientWithSub(tt.stardogOrg, tt.stardogDB, &tt.stardogInstance, &tt.secret)
+			assert.NoError(t, err)
+			r := OrganizationReconciler{
+				Log:    testr.New(t),
+				Scheme: scheme.Scheme,
+				Client: fakeKubeClient,
+			}
+
+			stardogMocked.EXPECT().
+				SetTransport(gomock.Any()).
+				AnyTimes()
+			stardogMocked.EXPECT().
+				ListUsers(gomock.Any(), gomock.Any()).
+				Return(&users.ListUsersOK{Payload: &models.Users{}}, nil).
+				Times(1)
+			stardogMocked.EXPECT().
+				CreateUser(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).
+				Return(users.NewCreateUserCreated(), nil)
+			stardogMocked.EXPECT().
+				ListRoles(gomock.Any(), gomock.Any()).Times(1).
+				Return(&roles.ListRolesOK{Payload: &models.Roles{}}, nil)
+			stardogMocked.EXPECT().
+				CreateRole(gomock.Any(), gomock.Any(), gomock.Any()).Times(1).
+				Return(roles.NewCreateRoleCreated(), nil)
+			stardogMocked.EXPECT().
+				ListRolePermissions(gomock.Any(), gomock.Any()).AnyTimes().
+				Return(&roles_permissions.ListRolePermissionsOK{Payload: &models.Permissions{}}, nil)
+			stardogMocked.EXPECT().
+				ListUserRoles(gomock.Any(), gomock.Any()).AnyTimes().
+				Return(&users_roles.ListUserRolesOK{Payload: &models.Roles{}}, nil)
+			stardogMocked.EXPECT().
+				AddRole(gomock.Any(), gomock.Any()).AnyTimes().
+				Return(users_roles.NewAddRoleNoContent(), nil)
+
+			hiddenRoleExists := false
+			var permHiddenRole []models.Permission
+			stardogMocked.EXPECT().
+				AddRolePermission(gomock.Any(), gomock.Any(), gomock.Any()).
+				DoAndReturn(func(params *roles_permissions.AddRolePermissionParams, authInfo runtime.ClientAuthInfoWriter, opts ...users_roles.ClientOption) (*roles_permissions.AddRolePermissionCreated, error) {
+					if params.Role == "hidden-user" {
+						hiddenRoleExists = true
+						permHiddenRole = append(permHiddenRole, *params.Permission)
+					}
+					return roles_permissions.NewAddRolePermissionCreated(), nil
+				}).AnyTimes()
+
+			_, err = r.reconcileOrganization(&tt.or)
+			assert.True(t, hiddenRoleExists, "hidden graph exists")
+			assert.Equal(t, tt.expectedPermissions, permHiddenRole)
+		})
+	}
+}
+
+func createOrg(name, dbRef string, ngs []v1beta1.NamedGraph) *v1beta1.Organization {
+	return &v1beta1.Organization{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Spec: v1beta1.OrganizationSpec{
+			Name:        name,
+			DisplayName: name,
+			DatabaseRef: dbRef,
+			NamedGraphs: ngs,
+		},
+	}
+}
diff --git a/controllers/reconciliation_types_test.go b/controllers/reconciliation_types_test.go
@@ -185,12 +185,28 @@ func createPartialSecret(namespace, name, username, password string) *v1.Secret
 }
 
 func createKubeFakeClient(initObjs ...runtime.Object) (client.Client, error) {
+	s := scheme.Scheme
 	err := stardogv1alpha1.AddToScheme(scheme.Scheme)
+	err = v1beta1.AddToScheme(scheme.Scheme)
 	if err != nil {
 		return nil, err
 	}
 	return fake.NewClientBuilder().
-		WithScheme(scheme.Scheme).
+		WithScheme(s).
 		WithRuntimeObjects(initObjs...).
 		Build(), nil
 }
+
+func createKubeFakeClientWithSub(initObjs ...client.Object) (client.Client, error) {
+	s := scheme.Scheme
+	err := stardogv1alpha1.AddToScheme(scheme.Scheme)
+	err = v1beta1.AddToScheme(scheme.Scheme)
+	if err != nil {
+		return nil, err
+	}
+	return fake.NewClientBuilder().
+		WithScheme(s).
+		WithObjects(initObjs...).
+		WithStatusSubresource(&v1beta1.Organization{}, &v1beta1.Database{}).
+		Build(), nil
+}
diff --git a/controllers/stardoginstance_controller_test.go b/controllers/stardoginstance_controller_test.go
@@ -695,7 +695,7 @@ func Test_ReconcileStardogInstance(t *testing.T) {
 func createStardogInstance(namespace, name, secretName, serverURL string) *v1alpha1.StardogInstance {
 	return &v1alpha1.StardogInstance{
 		TypeMeta:   metav1.TypeMeta{Kind: "StardogInstance", APIVersion: "v1alpha1"},
-		ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace},
+		ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, Finalizers: make([]string, 0)},
 		Spec: v1alpha1.StardogInstanceSpec{
 			AdminCredentials: v1alpha1.StardogUserCredentialsSpec{
 				Namespace: namespace,
@@ -710,6 +710,7 @@ func createDeletedStardogInstance(namespace, name, secretName, serverURL string)
 	stardogInstace := createStardogInstance(namespace, name, secretName, serverURL)
 	newTime := metav1.NewTime(time.Now())
 	stardogInstace.SetDeletionTimestamp(&newTime)
+	stardogInstace.SetFinalizers([]string{"finalizer"})
 	return stardogInstace
 }
 

diff --git a/controllers/stardogrole_controller_test.go b/controllers/stardogrole_controller_test.go
@@ -910,6 +910,7 @@ func createDeletedStardogRole(namespace, stardogRoleName, stardogInstanceRef str
 	stardogRole := createStardogRole(namespace, stardogRoleName, stardogInstanceRef, permissions)
 	newTime := metav1.NewTime(time.Now())
 	stardogRole.SetDeletionTimestamp(&newTime)
+	stardogRole.SetFinalizers([]string{"finalizer"})
 	return stardogRole
 }