Example #1
0
func (c *FakePolicyBindings) List(opts kapi.ListOptions) (*authorizationapi.PolicyBindingList, error) {
	obj, err := c.Fake.Invokes(core.NewListAction(policyBindingsResource, c.Namespace, opts), &authorizationapi.PolicyBindingList{})
	if obj == nil {
		return nil, err
	}

	return obj.(*authorizationapi.PolicyBindingList), err
}
func (c *FakeDeploymentConfigs) List(opts kapi.ListOptions) (*deployapi.DeploymentConfigList, error) {
	obj, err := c.Fake.Invokes(core.NewListAction(deploymentConfigsResource, c.Namespace, opts), &deployapi.DeploymentConfigList{})
	if obj == nil {
		return nil, err
	}

	return obj.(*deployapi.DeploymentConfigList), err
}
Example #3
0
func (c *FakeTemplates) List(opts kapi.ListOptions) (*templateapi.TemplateList, error) {
	obj, err := c.Fake.Invokes(core.NewListAction(templatesResource, c.Namespace, opts), &templateapi.TemplateList{})
	if obj == nil {
		return nil, err
	}

	return obj.(*templateapi.TemplateList), err
}
Example #4
0
func (c *FakeBuildConfigs) List(opts kapi.ListOptions) (*buildapi.BuildConfigList, error) {
	obj, err := c.Fake.Invokes(core.NewListAction(buildConfigsResource, c.Namespace, opts), &buildapi.BuildConfigList{})
	if obj == nil {
		return nil, err
	}

	return obj.(*buildapi.BuildConfigList), err
}
func (c *FakeAppliedClusterResourceQuotas) List(opts kapi.ListOptions) (*quotaapi.AppliedClusterResourceQuotaList, error) {
	obj, err := c.Fake.Invokes(core.NewListAction(appliedClusterResourceQuotasResource, c.Namespace, opts), &quotaapi.AppliedClusterResourceQuotaList{})
	if obj == nil {
		return nil, err
	}

	return obj.(*quotaapi.AppliedClusterResourceQuotaList), err
}
func (c *FakePodSecurityPolicySubjectReviews) List(opts api.ListOptions) (result *v1.PodSecurityPolicySubjectReviewList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction(podsecuritypolicysubjectreviewsResource, c.ns, opts), &v1.PodSecurityPolicySubjectReviewList{})

	if obj == nil {
		return nil, err
	}
	return obj.(*v1.PodSecurityPolicySubjectReviewList), err
}
// Search returns a list of events matching the specified object.
func (c *FakeEvents) Search(objOrRef runtime.Object) (*v1.EventList, error) {
	action := core.NewRootListAction(eventsResource, api.ListOptions{})
	if c.ns != "" {
		action = core.NewListAction(eventsResource, c.ns, api.ListOptions{})
	}
	obj, err := c.Fake.Invokes(action, &v1.EventList{})
	if obj == nil {
		return nil, err
	}

	return obj.(*v1.EventList), err
}
func (c *FakePersistentVolumeClaims) List(opts api.ListOptions) (result *api.PersistentVolumeClaimList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction(persistentvolumeclaimsResource, c.ns, opts), &api.PersistentVolumeClaimList{})

	if obj == nil {
		return nil, err
	}

	label, _, _ := core.ExtractFromListOptions(opts)
	if label == nil {
		label = labels.Everything()
	}
	list := &api.PersistentVolumeClaimList{}
	for _, item := range obj.(*api.PersistentVolumeClaimList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
func (c *FakeThirdPartyResources) List(opts api.ListOptions) (result *v1beta1.ThirdPartyResourceList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction("thirdpartyresources", c.ns, opts), &v1beta1.ThirdPartyResourceList{})

	if obj == nil {
		return nil, err
	}

	label := opts.LabelSelector
	if label == nil {
		label = labels.Everything()
	}
	list := &v1beta1.ThirdPartyResourceList{}
	for _, item := range obj.(*v1beta1.ThirdPartyResourceList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
func (c *FakeHorizontalPodAutoscalers) List(opts api.ListOptions) (result *v1beta1.HorizontalPodAutoscalerList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction("horizontalpodautoscalers", c.ns, opts), &v1beta1.HorizontalPodAutoscalerList{})

	if obj == nil {
		return nil, err
	}

	label := opts.LabelSelector
	if label == nil {
		label = labels.Everything()
	}
	list := &v1beta1.HorizontalPodAutoscalerList{}
	for _, item := range obj.(*v1beta1.HorizontalPodAutoscalerList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
func (c *FakeDaemonSets) List(opts api.ListOptions) (result *extensions.DaemonSetList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction("daemonsets", c.ns, opts), &extensions.DaemonSetList{})

	if obj == nil {
		return nil, err
	}

	label := opts.LabelSelector
	if label == nil {
		label = labels.Everything()
	}
	list := &extensions.DaemonSetList{}
	for _, item := range obj.(*extensions.DaemonSetList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
Example #12
0
func (c *FakeTestTypes) List(opts api.ListOptions) (result *testgroup_k8s_io.TestTypeList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction("testtypes", c.ns, opts), &testgroup_k8s_io.TestTypeList{})

	if obj == nil {
		return nil, err
	}

	label := opts.LabelSelector
	if label == nil {
		label = labels.Everything()
	}
	list := &testgroup_k8s_io.TestTypeList{}
	for _, item := range obj.(*testgroup_k8s_io.TestTypeList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
Example #13
0
func (c *FakeIngresses) List(opts api.ListOptions) (result *extensions.IngressList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction(ingressesResource, c.ns, opts), &extensions.IngressList{})

	if obj == nil {
		return nil, err
	}

	label, _, _ := core.ExtractFromListOptions(opts)
	if label == nil {
		label = labels.Everything()
	}
	list := &extensions.IngressList{}
	for _, item := range obj.(*extensions.IngressList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
func (c *FakePodDisruptionBudgets) List(opts api.ListOptions) (result *policy.PodDisruptionBudgetList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction(poddisruptionbudgetsResource, c.ns, opts), &policy.PodDisruptionBudgetList{})

	if obj == nil {
		return nil, err
	}

	label, _, _ := core.ExtractFromListOptions(opts)
	if label == nil {
		label = labels.Everything()
	}
	list := &policy.PodDisruptionBudgetList{}
	for _, item := range obj.(*policy.PodDisruptionBudgetList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
Example #15
0
func (c *FakePods) List(opts api.ListOptions) (result *api.PodList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction(podsResource, c.ns, opts), &api.PodList{})

	if obj == nil {
		return nil, err
	}

	label := opts.LabelSelector
	if label == nil {
		label = labels.Everything()
	}
	list := &api.PodList{}
	for _, item := range obj.(*api.PodList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
func (c *FakeHorizontalPodAutoscalers) List(opts api.ListOptions) (result *autoscaling.HorizontalPodAutoscalerList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction(horizontalpodautoscalersResource, c.ns, opts), &autoscaling.HorizontalPodAutoscalerList{})

	if obj == nil {
		return nil, err
	}

	label, _, _ := core.ExtractFromListOptions(opts)
	if label == nil {
		label = labels.Everything()
	}
	list := &autoscaling.HorizontalPodAutoscalerList{}
	for _, item := range obj.(*autoscaling.HorizontalPodAutoscalerList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
Example #17
0
func (c *FakeConfigMaps) List(opts v1.ListOptions) (result *v1.ConfigMapList, err error) {
	obj, err := c.Fake.
		Invokes(core.NewListAction(configmapsResource, c.ns, opts), &v1.ConfigMapList{})

	if obj == nil {
		return nil, err
	}

	label, _, _ := core.ExtractFromListOptions(opts)
	if label == nil {
		label = labels.Everything()
	}
	list := &v1.ConfigMapList{}
	for _, item := range obj.(*v1.ConfigMapList).Items {
		if label.Matches(labels.Set(item.Labels)) {
			list.Items = append(list.Items, item)
		}
	}
	return list, err
}
func TestGetClient(t *testing.T) {
	testCases := []struct {
		name       string
		clientName string
		kubeClient *fake.Clientset
		osClient   *ostestclient.Fake

		expectedDelegation  bool
		expectedErr         string
		expectedClient      *oauthapi.OAuthClient
		expectedKubeActions []core.Action
		expectedOSActions   []ktestclient.Action
	}{
		{
			name:                "delegate",
			clientName:          "not:serviceaccount",
			kubeClient:          fake.NewSimpleClientset(),
			osClient:            ostestclient.NewSimpleFake(),
			expectedDelegation:  true,
			expectedKubeActions: []core.Action{},
			expectedOSActions:   []ktestclient.Action{},
		},
		{
			name:                "missing sa",
			clientName:          "system:serviceaccount:ns-01:missing-sa",
			kubeClient:          fake.NewSimpleClientset(),
			osClient:            ostestclient.NewSimpleFake(),
			expectedErr:         `ServiceAccount "missing-sa" not found`,
			expectedKubeActions: []core.Action{core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "missing-sa")},
			expectedOSActions:   []ktestclient.Action{},
		},
		{
			name:       "sa no redirects",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace:   "ns-01",
						Name:        "default",
						Annotations: map[string]string{},
					},
				}),
			osClient:            ostestclient.NewSimpleFake(),
			expectedErr:         `system:serviceaccount:ns-01:default has no redirectURIs; set serviceaccounts.openshift.io/oauth-redirecturi.<some-value>`,
			expectedKubeActions: []core.Action{core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default")},
			expectedOSActions:   []ktestclient.Action{},
		},
		{
			name:       "sa no tokens",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace:   "ns-01",
						Name:        "default",
						Annotations: map[string]string{OAuthRedirectModelAnnotationURIPrefix + "one": "http://anywhere"},
					},
				}),
			osClient:    ostestclient.NewSimpleFake(),
			expectedErr: `system:serviceaccount:ns-01:default has no tokens`,
			expectedKubeActions: []core.Action{
				core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"),
				core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}),
			},
			expectedOSActions: []ktestclient.Action{},
		},
		{
			name:       "good SA",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace:   "ns-01",
						Name:        "default",
						UID:         types.UID("any"),
						Annotations: map[string]string{OAuthRedirectModelAnnotationURIPrefix + "one": "http://anywhere"},
					},
				},
				&kapi.Secret{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						Annotations: map[string]string{
							kapi.ServiceAccountNameKey: "default",
							kapi.ServiceAccountUIDKey:  "any",
						},
					},
					Type: kapi.SecretTypeServiceAccountToken,
					Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")},
				}),
			osClient: ostestclient.NewSimpleFake(),
			expectedClient: &oauthapi.OAuthClient{
				ObjectMeta:        kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"},
				ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"),
				AdditionalSecrets: []string{"foo"},
				RedirectURIs:      []string{"http://anywhere"},
				GrantMethod:       oauthapi.GrantHandlerPrompt,
			},
			expectedKubeActions: []core.Action{
				core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"),
				core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}),
			},
			expectedOSActions: []ktestclient.Action{},
		},
		{
			name:       "good SA with valid, simple route redirects",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						UID:       types.UID("any"),
						Annotations: map[string]string{
							OAuthRedirectModelAnnotationURIPrefix + "one":     "http://anywhere",
							OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""),
						},
					},
				},
				&kapi.Secret{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						Annotations: map[string]string{
							kapi.ServiceAccountNameKey: "default",
							kapi.ServiceAccountUIDKey:  "any",
						},
					},
					Type: kapi.SecretTypeServiceAccountToken,
					Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")},
				}),
			osClient: ostestclient.NewSimpleFake(
				&routeapi.Route{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "route1",
						UID:       types.UID("route1"),
					},
					Spec: routeapi.RouteSpec{
						Path: "/defaultpath",
						TLS:  &routeapi.TLSConfig{},
					},
					Status: routeapi.RouteStatus{
						Ingress: []routeapi.RouteIngress{
							{Host: "example1.com", Conditions: buildValidRouteIngressCondition()},
						},
					},
				},
			),
			expectedClient: &oauthapi.OAuthClient{
				ObjectMeta:        kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"},
				ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"),
				AdditionalSecrets: []string{"foo"},
				RedirectURIs:      []string{"http://anywhere", "https://example1.com/defaultpath"},
				GrantMethod:       oauthapi.GrantHandlerPrompt,
			},
			expectedKubeActions: []core.Action{
				core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"),
				core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}),
			},
			expectedOSActions: []ktestclient.Action{
				ktestclient.NewGetAction("routes", "ns-01", "route1"),
			},
		},
		{
			name:       "good SA with invalid route redirects",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						UID:       types.UID("any"),
						Annotations: map[string]string{
							OAuthRedirectModelAnnotationURIPrefix + "one":     "http://anywhere",
							OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", "wronggroup"),
							OAuthRedirectModelAnnotationReferencePrefix + "2": buildRedirectObjectReferenceString("wrongkind", "route1", ""),
						},
					},
				},
				&kapi.Secret{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						Annotations: map[string]string{
							kapi.ServiceAccountNameKey: "default",
							kapi.ServiceAccountUIDKey:  "any",
						},
					},
					Type: kapi.SecretTypeServiceAccountToken,
					Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")},
				}),
			osClient: ostestclient.NewSimpleFake(
				&routeapi.Route{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "route1",
						UID:       types.UID("route1"),
					},
					Spec: routeapi.RouteSpec{
						Path: "/defaultpath",
						TLS:  &routeapi.TLSConfig{},
					},
					Status: routeapi.RouteStatus{
						Ingress: []routeapi.RouteIngress{
							{Host: "example1.com", Conditions: buildValidRouteIngressCondition()},
							{Host: "example2.com", Conditions: buildValidRouteIngressCondition()},
							{Host: "example3.com", Conditions: buildValidRouteIngressCondition()},
						},
					},
				},
			),
			expectedClient: &oauthapi.OAuthClient{
				ObjectMeta:        kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"},
				ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"),
				AdditionalSecrets: []string{"foo"},
				RedirectURIs:      []string{"http://anywhere"},
				GrantMethod:       oauthapi.GrantHandlerPrompt,
			},
			expectedKubeActions: []core.Action{
				core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"),
				core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}),
			},
			expectedOSActions: []ktestclient.Action{},
		},
		{
			name:       "good SA with a route that don't have a host",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						UID:       types.UID("any"),
						Annotations: map[string]string{
							OAuthRedirectModelAnnotationURIPrefix + "one":     "http://anywhere",
							OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""),
						},
					},
				},
				&kapi.Secret{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						Annotations: map[string]string{
							kapi.ServiceAccountNameKey: "default",
							kapi.ServiceAccountUIDKey:  "any",
						},
					},
					Type: kapi.SecretTypeServiceAccountToken,
					Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")},
				}),
			osClient: ostestclient.NewSimpleFake(
				&routeapi.Route{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "route1",
						UID:       types.UID("route1"),
					},
					Spec: routeapi.RouteSpec{
						Path: "/defaultpath",
						TLS:  &routeapi.TLSConfig{},
					},
					Status: routeapi.RouteStatus{
						Ingress: []routeapi.RouteIngress{
							{Host: "", Conditions: buildValidRouteIngressCondition()},
						},
					},
				},
			),
			expectedClient: &oauthapi.OAuthClient{
				ObjectMeta:        kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"},
				ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"),
				AdditionalSecrets: []string{"foo"},
				RedirectURIs:      []string{"http://anywhere"},
				GrantMethod:       oauthapi.GrantHandlerPrompt,
			},
			expectedKubeActions: []core.Action{
				core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"),
				core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}),
			},
			expectedOSActions: []ktestclient.Action{
				ktestclient.NewGetAction("routes", "ns-01", "route1"),
			},
		},
		{
			name:       "good SA with routes that don't have hosts, some of which are empty or duplicates",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						UID:       types.UID("any"),
						Annotations: map[string]string{
							OAuthRedirectModelAnnotationURIPrefix + "one":     "http://anywhere",
							OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""),
							OAuthRedirectModelAnnotationReferencePrefix + "2": buildRedirectObjectReferenceString(routeKind, "route2", ""),
							OAuthRedirectModelAnnotationReferencePrefix + "3": buildRedirectObjectReferenceString(routeKind, "missingroute", ""),
						},
					},
				},
				&kapi.Secret{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						Annotations: map[string]string{
							kapi.ServiceAccountNameKey: "default",
							kapi.ServiceAccountUIDKey:  "any",
						},
					},
					Type: kapi.SecretTypeServiceAccountToken,
					Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")},
				}),
			osClient: ostestclient.NewSimpleFake(
				&routeapi.Route{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "route1",
						UID:       types.UID("route1"),
					},
					Spec: routeapi.RouteSpec{
						Path: "/defaultpath",
						TLS:  &routeapi.TLSConfig{},
					},
					Status: routeapi.RouteStatus{
						Ingress: []routeapi.RouteIngress{
							{Host: "", Conditions: buildValidRouteIngressCondition()},
							{Host: "a.com", Conditions: buildValidRouteIngressCondition()},
							{Host: ""},
							{Host: "a.com", Conditions: buildValidRouteIngressCondition()},
							{Host: "b.com", Conditions: buildValidRouteIngressCondition()},
						},
					},
				},
				&routeapi.Route{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "route2",
						UID:       types.UID("route2"),
					},
					Spec: routeapi.RouteSpec{
						Path: "/path2",
						TLS:  &routeapi.TLSConfig{},
					},
					Status: routeapi.RouteStatus{
						Ingress: []routeapi.RouteIngress{
							{Host: "a.com", Conditions: buildValidRouteIngressCondition()},
							{Host: "", Conditions: buildValidRouteIngressCondition()},
							{Host: "b.com", Conditions: buildValidRouteIngressCondition()},
							{Host: "b.com"},
							{Host: ""},
						},
					},
				},
			),
			expectedClient: &oauthapi.OAuthClient{
				ObjectMeta:        kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"},
				ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"),
				AdditionalSecrets: []string{"foo"},
				RedirectURIs:      []string{"http://anywhere", "https://a.com/defaultpath", "https://a.com/path2", "https://b.com/defaultpath", "https://b.com/path2"},
				GrantMethod:       oauthapi.GrantHandlerPrompt,
			},
			expectedKubeActions: []core.Action{
				core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"),
				core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}),
			},
			expectedOSActions: []ktestclient.Action{
				ktestclient.NewListAction("routes", "ns-01", kapi.ListOptions{}),
			},
		},
		{
			name:       "host overrides route data",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						UID:       types.UID("any"),
						Annotations: map[string]string{
							OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""),
							OAuthRedirectModelAnnotationURIPrefix + "1":       "//redhat.com",
							OAuthRedirectModelAnnotationReferencePrefix + "2": buildRedirectObjectReferenceString(routeKind, "route2", ""),
							OAuthRedirectModelAnnotationURIPrefix + "2":       "//google.com",
						},
					},
				},
				&kapi.Secret{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						Annotations: map[string]string{
							kapi.ServiceAccountNameKey: "default",
							kapi.ServiceAccountUIDKey:  "any",
						},
					},
					Type: kapi.SecretTypeServiceAccountToken,
					Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")},
				}),
			osClient: ostestclient.NewSimpleFake(
				&routeapi.Route{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "route1",
						UID:       types.UID("route1"),
					},
					Spec: routeapi.RouteSpec{
						Path: "/defaultpath",
						TLS:  &routeapi.TLSConfig{},
					},
					Status: routeapi.RouteStatus{
						Ingress: []routeapi.RouteIngress{
							{Host: ""},
						},
					},
				},
				&routeapi.Route{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "route2",
						UID:       types.UID("route2"),
					},
					Spec: routeapi.RouteSpec{
						Path: "/otherpath",
						TLS:  &routeapi.TLSConfig{},
					},
					Status: routeapi.RouteStatus{
						Ingress: []routeapi.RouteIngress{
							{Host: "ignored.com", Conditions: buildValidRouteIngressCondition()},
							{Host: "alsoignored.com", Conditions: buildValidRouteIngressCondition()},
						},
					},
				},
			),
			expectedClient: &oauthapi.OAuthClient{
				ObjectMeta:        kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"},
				ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"),
				AdditionalSecrets: []string{"foo"},
				RedirectURIs:      []string{"https://google.com/otherpath", "https://redhat.com/defaultpath"},
				GrantMethod:       oauthapi.GrantHandlerPrompt,
			},
			expectedKubeActions: []core.Action{
				core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"),
				core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}),
			},
			expectedOSActions: []ktestclient.Action{
				ktestclient.NewListAction("routes", "ns-01", kapi.ListOptions{}),
			},
		},
		{
			name:       "good SA with valid, route redirects using the same route twice",
			clientName: "system:serviceaccount:ns-01:default",
			kubeClient: fake.NewSimpleClientset(
				&kapi.ServiceAccount{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						UID:       types.UID("any"),
						Annotations: map[string]string{
							OAuthRedirectModelAnnotationURIPrefix + "1":       "/awesomepath",
							OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""),
							OAuthRedirectModelAnnotationURIPrefix + "2":       "//:8000",
							OAuthRedirectModelAnnotationReferencePrefix + "2": buildRedirectObjectReferenceString(routeKind, "route1", ""),
						},
					},
				},
				&kapi.Secret{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "default",
						Annotations: map[string]string{
							kapi.ServiceAccountNameKey: "default",
							kapi.ServiceAccountUIDKey:  "any",
						},
					},
					Type: kapi.SecretTypeServiceAccountToken,
					Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")},
				}),
			osClient: ostestclient.NewSimpleFake(
				&routeapi.Route{
					ObjectMeta: kapi.ObjectMeta{
						Namespace: "ns-01",
						Name:      "route1",
						UID:       types.UID("route1"),
					},
					Spec: routeapi.RouteSpec{
						TLS: &routeapi.TLSConfig{},
					},
					Status: routeapi.RouteStatus{
						Ingress: []routeapi.RouteIngress{
							{Host: "woot.com", Conditions: buildValidRouteIngressCondition()},
						},
					},
				},
			),
			expectedClient: &oauthapi.OAuthClient{
				ObjectMeta:        kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"},
				ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"),
				AdditionalSecrets: []string{"foo"},
				RedirectURIs:      []string{"https://woot.com/awesomepath", "https://woot.com:8000"},
				GrantMethod:       oauthapi.GrantHandlerPrompt,
			},
			expectedKubeActions: []core.Action{
				core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"),
				core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}),
			},
			expectedOSActions: []ktestclient.Action{
				ktestclient.NewGetAction("routes", "ns-01", "route1"),
			},
		},
	}

	for _, tc := range testCases {
		delegate := &fakeDelegate{}
		getter := NewServiceAccountOAuthClientGetter(tc.kubeClient.Core(), tc.kubeClient.Core(), tc.osClient, delegate, oauthapi.GrantHandlerPrompt)
		client, err := getter.GetClient(kapi.NewContext(), tc.clientName)
		switch {
		case len(tc.expectedErr) == 0 && err == nil:
		case len(tc.expectedErr) == 0 && err != nil,
			len(tc.expectedErr) > 0 && err == nil,
			len(tc.expectedErr) > 0 && err != nil && !strings.Contains(err.Error(), tc.expectedErr):
			t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedErr, err)
			continue
		}

		if tc.expectedDelegation != delegate.called {
			t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedDelegation, delegate.called)
			continue
		}

		if !kapi.Semantic.DeepEqual(tc.expectedClient, client) {
			t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedClient, client)
			continue
		}

		if !reflect.DeepEqual(tc.expectedKubeActions, tc.kubeClient.Actions()) {
			t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedKubeActions, tc.kubeClient.Actions())
			continue
		}

		if !reflect.DeepEqual(tc.expectedOSActions, tc.osClient.Actions()) {
			t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedOSActions, tc.osClient.Actions())
			continue
		}
	}

}
func (f *fixture) expectListPodAction(namespace string, opt api.ListOptions) {
	f.actions = append(f.actions, core.NewListAction(unversioned.GroupVersionResource{Resource: "pods"}, namespace, opt))
}
Example #20
0
func TestStop(t *testing.T) {
	var (
		deploymentConfigsResource      = unversioned.GroupVersionResource{Resource: "deploymentconfigs"}
		replicationControllersResource = unversioned.GroupVersionResource{Resource: "replicationcontrollers"}
	)

	pause := func(d *deployapi.DeploymentConfig) *deployapi.DeploymentConfig {
		d.Spec.Paused = true
		return d
	}

	fakeDC := map[string]*deployapi.DeploymentConfig{
		"simple-stop":           deploytest.OkDeploymentConfig(1),
		"legacy-simple-stop":    deploytest.OkDeploymentConfig(1),
		"multi-stop":            deploytest.OkDeploymentConfig(5),
		"legacy-multi-stop":     deploytest.OkDeploymentConfig(5),
		"no-deployments":        deploytest.OkDeploymentConfig(5),
		"legacy-no-deployments": deploytest.OkDeploymentConfig(5),
	}

	tests := []struct {
		testName  string
		namespace string
		name      string
		oc        *testclient.Fake
		kc        *fake.Clientset
		expected  []core.Action
		kexpected []core.Action
		err       bool
	}{
		{
			testName:  "simple stop",
			namespace: "default",
			name:      "config",
			oc:        testclient.NewSimpleFake(fakeDC["simple-stop"]),
			kc:        fake.NewSimpleClientset(mkdeploymentlist(1)),
			expected: []core.Action{
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewUpdateAction(deploymentConfigsResource, "default", pause(fakeDC["simple-stop"])),
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewDeleteAction(deploymentConfigsResource, "default", "config"),
			},
			kexpected: []core.Action{
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-1"),
			},
			err: false,
		},
		{
			testName:  "legacy simple stop",
			namespace: "default",
			name:      "config",
			oc:        testclient.NewSimpleFake(fakeDC["legacy-simple-stop"]),
			kc:        fake.NewSimpleClientset(mkdeploymentlist(1)),
			expected: []core.Action{
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewUpdateAction(deploymentConfigsResource, "default", nil),
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewDeleteAction(deploymentConfigsResource, "default", "config"),
			},
			kexpected: []core.Action{
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-1"),
			},
			err: false,
		},
		{
			testName:  "stop multiple controllers",
			namespace: "default",
			name:      "config",
			oc:        testclient.NewSimpleFake(fakeDC["multi-stop"]),
			kc:        fake.NewSimpleClientset(mkdeploymentlist(1, 2, 3, 4, 5)),
			expected: []core.Action{
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewUpdateAction(deploymentConfigsResource, "default", pause(fakeDC["multi-stop"])),
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewDeleteAction(deploymentConfigsResource, "default", "config"),
			},
			kexpected: []core.Action{
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-1"),
				core.NewGetAction(replicationControllersResource, "default", "config-2"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-2"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-2"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-2"),
				core.NewGetAction(replicationControllersResource, "default", "config-3"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-3"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-3"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-3"),
				core.NewGetAction(replicationControllersResource, "default", "config-4"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-4"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-4"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-4"),
				core.NewGetAction(replicationControllersResource, "default", "config-5"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-5"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-5"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-5"),
			},
			err: false,
		},
		{
			testName:  "legacy stop multiple controllers",
			namespace: "default",
			name:      "config",
			oc:        testclient.NewSimpleFake(fakeDC["legacy-multi-stop"]),
			kc:        fake.NewSimpleClientset(mkdeploymentlist(1, 2, 3, 4, 5)),
			expected: []core.Action{
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewUpdateAction(deploymentConfigsResource, "default", nil),
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewDeleteAction(deploymentConfigsResource, "default", "config"),
			},
			kexpected: []core.Action{
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-1"),
				core.NewGetAction(replicationControllersResource, "default", "config-2"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-2"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-2"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-2"),
				core.NewGetAction(replicationControllersResource, "default", "config-3"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-3"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-3"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-3"),
				core.NewGetAction(replicationControllersResource, "default", "config-4"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-4"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-4"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-4"),
				core.NewGetAction(replicationControllersResource, "default", "config-5"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-5"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-5"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-5"),
			},
			err: false,
		},
		{
			testName:  "no config, some deployments",
			namespace: "default",
			name:      "config",
			oc:        testclient.NewSimpleFake(),
			kc:        fake.NewSimpleClientset(mkdeploymentlist(1)),
			expected: []core.Action{
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
			},
			kexpected: []core.Action{
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewUpdateAction(replicationControllersResource, "default", nil),
				core.NewGetAction(replicationControllersResource, "default", "config-1"),
				core.NewDeleteAction(replicationControllersResource, "default", "config-1"),
			},
			err: false,
		},
		{
			testName:  "no config, no deployments",
			namespace: "default",
			name:      "config",
			oc:        testclient.NewSimpleFake(),
			kc:        fake.NewSimpleClientset(&kapi.ReplicationControllerList{}),
			expected: []core.Action{
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
			},
			kexpected: []core.Action{
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
			},
			err: true,
		},
		{
			testName:  "config, no deployments",
			namespace: "default",
			name:      "config",
			oc:        testclient.NewSimpleFake(fakeDC["no-deployments"]),
			kc:        fake.NewSimpleClientset(&kapi.ReplicationControllerList{}),
			expected: []core.Action{
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewUpdateAction(deploymentConfigsResource, "default", pause(fakeDC["no-deployments"])),
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewDeleteAction(deploymentConfigsResource, "default", "config"),
			},
			kexpected: []core.Action{
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
			},
			err: false,
		},
		{
			testName:  "legacy config, no deployments",
			namespace: "default",
			name:      "config",
			oc:        testclient.NewSimpleFake(fakeDC["legacy-no-deployments"]),
			kc:        fake.NewSimpleClientset(&kapi.ReplicationControllerList{}),
			expected: []core.Action{
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewUpdateAction(deploymentConfigsResource, "default", nil),
				core.NewGetAction(deploymentConfigsResource, "default", "config"),
				core.NewDeleteAction(deploymentConfigsResource, "default", "config"),
			},
			kexpected: []core.Action{
				core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}),
			},
			err: false,
		},
	}

	for _, test := range tests {
		reaper := &DeploymentConfigReaper{oc: test.oc, kc: test.kc, pollInterval: time.Millisecond, timeout: time.Millisecond}
		err := reaper.Stop(test.namespace, test.name, 1*time.Second, nil)

		if !test.err && err != nil {
			t.Errorf("%s: unexpected error: %v", test.testName, err)
		}
		if test.err && err == nil {
			t.Errorf("%s: expected an error", test.testName)
		}
		if len(test.oc.Actions()) != len(test.expected) {
			t.Errorf("%s: unexpected actions: %s", test.testName, diff.ObjectReflectDiff(test.oc.Actions(), test.expected))
			continue
		}
		for j, actualAction := range test.oc.Actions() {
			e, a := test.expected[j], actualAction
			switch a.(type) {
			case core.UpdateAction:
				if e.GetVerb() != a.GetVerb() ||
					e.GetNamespace() != a.GetNamespace() ||
					e.GetResource() != a.GetResource() ||
					e.GetSubresource() != a.GetSubresource() {
					t.Errorf("%s: unexpected action[%d]: %s, expected %s", test.testName, j, a, e)
				}
			default:
				if !reflect.DeepEqual(actualAction, test.expected[j]) {
					t.Errorf("%s: unexpected action: %s", test.testName, diff.ObjectReflectDiff(actualAction, test.expected[j]))
				}
			}
		}
		if len(test.kc.Actions()) != len(test.kexpected) {
			t.Errorf("%s: unexpected actions: %s", test.testName, diff.ObjectReflectDiff(test.kc.Actions(), test.kexpected))
			continue
		}
		for j, actualAction := range test.kc.Actions() {
			e, a := test.kexpected[j], actualAction
			if e.GetVerb() != a.GetVerb() ||
				e.GetNamespace() != a.GetNamespace() ||
				e.GetResource() != a.GetResource() ||
				e.GetSubresource() != a.GetSubresource() {
				t.Errorf("%s: unexpected action[%d]: %s, expected %s", test.testName, j, a, e)
			}

			switch a.(type) {
			case core.GetAction, core.DeleteAction:
				if !reflect.DeepEqual(e, a) {
					t.Errorf("%s: unexpected action[%d]: %s, expected %s", test.testName, j, a, e)
				}
			}
		}
	}
}