Add some tests

Author: lucacome

controllers/configmap.go

@@ -9,16 +9,18 @@ import (
 	v1 "k8s.io/api/core/v1"
 )
 
-func (r *NginxIngressControllerReconciler) configMapForNginxIngressController(instance *k8sv1alpha1.NginxIngressController) *v1.ConfigMap {
+func (r *NginxIngressControllerReconciler) configMapForNginxIngressController(instance *k8sv1alpha1.NginxIngressController) (*v1.ConfigMap, error) {
 	cm := &v1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      instance.Name,
 			Namespace: instance.Namespace,
 		},
 		Data: instance.Spec.ConfigMapData,
 	}
-	ctrl.SetControllerReference(instance, cm, r.Scheme)
-	return cm
+	if err := ctrl.SetControllerReference(instance, cm, r.Scheme); err != nil {
+		return nil, err
+	}
+	return cm, nil
 }
 
 func configMapMutateFn(cm *v1.ConfigMap, configMapData map[string]string) controllerutil.MutateFn {

controllers/ingressclass_test.go

@@ -0,0 +1,33 @@
+package controllers
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	k8sv1alpha1 "github.com/nginxinc/nginx-ingress-operator/api/v1alpha1"
+	networking "k8s.io/api/networking/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func TestIngressClassForNginxIngressController(t *testing.T) {
+	instance := &k8sv1alpha1.NginxIngressController{
+		Spec: k8sv1alpha1.NginxIngressControllerSpec{
+			IngressClass: "nginx",
+		},
+	}
+	expected := &networking.IngressClass{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "nginx",
+		},
+		Spec: networking.IngressClassSpec{
+			Controller: "nginx.org/ingress-controller",
+		},
+	}
+
+	rec := &NginxIngressControllerReconciler{}
+
+	result := rec.ingressClassForNginxIngressController(instance)
+	if diff := cmp.Diff(expected, result); diff != "" {
+		t.Errorf("ingressClassForNginxIngressController() mismatch (-want +got):\n%s", diff)
+	}
+}

controllers/nginxingresscontroller_controller.go

@@ -230,7 +230,10 @@ func (r *NginxIngressControllerReconciler) Reconcile(ctx context.Context, req ct
 		return ctrl.Result{}, err
 	}
 
-	cm := r.configMapForNginxIngressController(instance)
+	cm, err := r.configMapForNginxIngressController(instance)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
 	res, err = controllerutil.CreateOrUpdate(ctx, r.Client, cm, configMapMutateFn(cm, instance.Spec.ConfigMapData))
 	log.Info(fmt.Sprintf("ConfigMap %s %s", svc.Name, res))
 	if err != nil {

controllers/rbac_test.go

@@ -0,0 +1,118 @@
+package controllers
+
+import (
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	rbacv1 "k8s.io/api/rbac/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func TestClusterRoleForNginxIngressController(t *testing.T) {
+	name := "my-rcluster-role"
+	expected := &rbacv1.ClusterRole{
+		ObjectMeta: v1.ObjectMeta{
+			Name: name,
+		},
+		Rules: []rbacv1.PolicyRule{
+			{
+				Verbs:     []string{"get", "list", "watch"},
+				APIGroups: []string{""},
+				Resources: []string{"services", "endpoints"},
+			},
+			{
+				Verbs:     []string{"get", "list", "watch"},
+				APIGroups: []string{""},
+				Resources: []string{"secrets"},
+			},
+			{
+				Verbs:     []string{"get", "list", "watch", "update", "create"},
+				APIGroups: []string{""},
+				Resources: []string{"configmaps"},
+			},
+			{
+				Verbs:     []string{"list", "watch"},
+				APIGroups: []string{""},
+				Resources: []string{"pods"},
+			},
+			{
+				Verbs:     []string{"create", "patch"},
+				APIGroups: []string{""},
+				Resources: []string{"events"},
+			},
+			{
+				Verbs:     []string{"get", "list", "watch"},
+				APIGroups: []string{"networking.k8s.io"},
+				Resources: []string{"ingresses"},
+			},
+			{
+				Verbs:     []string{"update"},
+				APIGroups: []string{"networking.k8s.io"},
+				Resources: []string{"ingresses/status"},
+			},
+			{
+				Verbs:     []string{"get", "create"},
+				APIGroups: []string{"networking.k8s.io"},
+				Resources: []string{"ingressclasses"},
+			},
+			{
+				Verbs:     []string{"get", "list", "watch"},
+				APIGroups: []string{"k8s.nginx.org"},
+				Resources: []string{"virtualservers", "virtualserverroutes", "globalconfigurations", "transportservers", "policies"},
+			},
+			{
+				Verbs:     []string{"update"},
+				APIGroups: []string{"k8s.nginx.org"},
+				Resources: []string{"virtualservers/status", "virtualserverroutes/status", "policies/status", "transportservers/status"},
+			},
+			{
+				Verbs:     []string{"get", "list", "watch"},
+				APIGroups: []string{"appprotect.f5.com"},
+				Resources: []string{"aplogconfs", "appolicies", "apusersigs"},
+			},
+		},
+	}
+
+	rec := &NginxIngressControllerReconciler{}
+
+	result := rec.clusterRoleForNginxIngressController(name)
+	if diff := cmp.Diff(expected, result); diff != "" {
+		t.Errorf("clusterRoleForNginxIngressController(%v) mismatch (-want +got):\n%s", name, diff)
+	}
+}
+
+func TestSubjectForServiceAccount(t *testing.T) {
+	name := "my-sa"
+	namespace := "my-nginx-ingress"
+	expected := rbacv1.Subject{
+		Kind:      "ServiceAccount",
+		Name:      name,
+		Namespace: namespace,
+	}
+
+	result := subjectForServiceAccount(namespace, name)
+	if diff := cmp.Diff(expected, result); diff != "" {
+		t.Errorf("subjectForServiceAccount(%v, %v) mismatch (-want +got):\n%s", namespace, name, diff)
+	}
+}
+
+func TestClusterRoleBindingForNginxIngressController(t *testing.T) {
+	name := "my-cluster-role-binding"
+	expected := &rbacv1.ClusterRoleBinding{
+		ObjectMeta: v1.ObjectMeta{
+			Name: name,
+		},
+		RoleRef: rbacv1.RoleRef{
+			Kind:     "ClusterRole",
+			Name:     name,
+			APIGroup: "rbac.authorization.k8s.io",
+		},
+	}
+
+	rec := &NginxIngressControllerReconciler{}
+
+	result := rec.clusterRoleBindingForNginxIngressController(name)
+	if diff := cmp.Diff(expected, result); diff != "" {
+		t.Errorf("clusterRoleBindingForNginxIngressController(%v) mismatch (-want +got):\n%s", name, diff)
+	}
+}

controllers/scc_test.go

@@ -0,0 +1,66 @@
+package controllers
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	secv1 "github.com/openshift/api/security/v1"
+	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func TestSccForNginxIngressController(t *testing.T) {
+	var uid int64 = 101
+	name := "my-nginx-ingress"
+	allowPrivilegeEscalation := true
+
+	expected := &secv1.SecurityContextConstraints{
+		ObjectMeta: v1.ObjectMeta{
+			Name: name,
+		},
+		AllowHostPorts:           false,
+		AllowPrivilegedContainer: false,
+		RunAsUser: secv1.RunAsUserStrategyOptions{
+			Type: "MustRunAs",
+			UID:  &uid,
+		},
+		Users:                    nil,
+		AllowHostDirVolumePlugin: false,
+		AllowHostIPC:             false,
+		SELinuxContext: secv1.SELinuxContextStrategyOptions{
+			Type: "MustRunAs",
+		},
+		ReadOnlyRootFilesystem: false,
+		FSGroup: secv1.FSGroupStrategyOptions{
+			Type: "MustRunAs",
+		},
+		SupplementalGroups: secv1.SupplementalGroupsStrategyOptions{
+			Type: "MustRunAs",
+		},
+		Volumes:                  []secv1.FSType{"secret"},
+		AllowHostPID:             false,
+		AllowHostNetwork:         false,
+		AllowPrivilegeEscalation: &allowPrivilegeEscalation,
+		RequiredDropCapabilities: []corev1.Capability{"ALL"},
+		DefaultAddCapabilities:   []corev1.Capability{"NET_BIND_SERVICE"},
+		AllowedCapabilities:      nil,
+	}
+	rec := &NginxIngressControllerReconciler{}
+
+	result := rec.sccForNginxIngressController(name)
+	if diff := cmp.Diff(expected, result); diff != "" {
+		t.Errorf("sccForNginxIngressController() mismatch (-want +got):\n%s", diff)
+	}
+}
+
+func TestUserForSCC(t *testing.T) {
+	namespace := "my-nginx-ingress"
+	name := "my-nginx-ingress-controller"
+	expected := fmt.Sprintf("system:serviceaccount:%v:%v", namespace, name)
+
+	result := userForSCC(namespace, name)
+	if expected != result {
+		t.Errorf("userForSCC(%v, %v) returned %v but expected %v", namespace, name, result, expected)
+	}
+}

controllers/service.go

@@ -58,13 +58,3 @@ func serviceMutateFn(svc *corev1.Service, serviceType string, labels map[string]
 		return nil
 	}
 }
-
-func updateService(svc *corev1.Service, instance *k8sv1alpha1.NginxIngressController) *corev1.Service {
-	svc.Spec.Type = corev1.ServiceType(instance.Spec.ServiceType)
-	if instance.Spec.Service != nil {
-		svc.Labels = instance.Spec.Service.ExtraLabels
-	} else {
-		svc.Labels = nil
-	}
-	return svc
-}