func (c *FakePolicyBindings) List(opts kapi.ListOptions) (*authorizationapi.PolicyBindingList, error) { obj, err := c.Fake.Invokes(core.NewListAction(policyBindingsResource, c.Namespace, opts), &authorizationapi.PolicyBindingList{}) if obj == nil { return nil, err } return obj.(*authorizationapi.PolicyBindingList), err }
func (c *FakeDeploymentConfigs) List(opts kapi.ListOptions) (*deployapi.DeploymentConfigList, error) { obj, err := c.Fake.Invokes(core.NewListAction(deploymentConfigsResource, c.Namespace, opts), &deployapi.DeploymentConfigList{}) if obj == nil { return nil, err } return obj.(*deployapi.DeploymentConfigList), err }
func (c *FakeTemplates) List(opts kapi.ListOptions) (*templateapi.TemplateList, error) { obj, err := c.Fake.Invokes(core.NewListAction(templatesResource, c.Namespace, opts), &templateapi.TemplateList{}) if obj == nil { return nil, err } return obj.(*templateapi.TemplateList), err }
func (c *FakeBuildConfigs) List(opts kapi.ListOptions) (*buildapi.BuildConfigList, error) { obj, err := c.Fake.Invokes(core.NewListAction(buildConfigsResource, c.Namespace, opts), &buildapi.BuildConfigList{}) if obj == nil { return nil, err } return obj.(*buildapi.BuildConfigList), err }
func (c *FakeAppliedClusterResourceQuotas) List(opts kapi.ListOptions) (*quotaapi.AppliedClusterResourceQuotaList, error) { obj, err := c.Fake.Invokes(core.NewListAction(appliedClusterResourceQuotasResource, c.Namespace, opts), "aapi.AppliedClusterResourceQuotaList{}) if obj == nil { return nil, err } return obj.(*quotaapi.AppliedClusterResourceQuotaList), err }
func (c *FakePodSecurityPolicySubjectReviews) List(opts api.ListOptions) (result *v1.PodSecurityPolicySubjectReviewList, err error) { obj, err := c.Fake. Invokes(core.NewListAction(podsecuritypolicysubjectreviewsResource, c.ns, opts), &v1.PodSecurityPolicySubjectReviewList{}) if obj == nil { return nil, err } return obj.(*v1.PodSecurityPolicySubjectReviewList), err }
// Search returns a list of events matching the specified object. func (c *FakeEvents) Search(objOrRef runtime.Object) (*v1.EventList, error) { action := core.NewRootListAction(eventsResource, api.ListOptions{}) if c.ns != "" { action = core.NewListAction(eventsResource, c.ns, api.ListOptions{}) } obj, err := c.Fake.Invokes(action, &v1.EventList{}) if obj == nil { return nil, err } return obj.(*v1.EventList), err }
func (c *FakePersistentVolumeClaims) List(opts api.ListOptions) (result *api.PersistentVolumeClaimList, err error) { obj, err := c.Fake. Invokes(core.NewListAction(persistentvolumeclaimsResource, c.ns, opts), &api.PersistentVolumeClaimList{}) if obj == nil { return nil, err } label, _, _ := core.ExtractFromListOptions(opts) if label == nil { label = labels.Everything() } list := &api.PersistentVolumeClaimList{} for _, item := range obj.(*api.PersistentVolumeClaimList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakeThirdPartyResources) List(opts api.ListOptions) (result *v1beta1.ThirdPartyResourceList, err error) { obj, err := c.Fake. Invokes(core.NewListAction("thirdpartyresources", c.ns, opts), &v1beta1.ThirdPartyResourceList{}) if obj == nil { return nil, err } label := opts.LabelSelector if label == nil { label = labels.Everything() } list := &v1beta1.ThirdPartyResourceList{} for _, item := range obj.(*v1beta1.ThirdPartyResourceList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakeHorizontalPodAutoscalers) List(opts api.ListOptions) (result *v1beta1.HorizontalPodAutoscalerList, err error) { obj, err := c.Fake. Invokes(core.NewListAction("horizontalpodautoscalers", c.ns, opts), &v1beta1.HorizontalPodAutoscalerList{}) if obj == nil { return nil, err } label := opts.LabelSelector if label == nil { label = labels.Everything() } list := &v1beta1.HorizontalPodAutoscalerList{} for _, item := range obj.(*v1beta1.HorizontalPodAutoscalerList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakeDaemonSets) List(opts api.ListOptions) (result *extensions.DaemonSetList, err error) { obj, err := c.Fake. Invokes(core.NewListAction("daemonsets", c.ns, opts), &extensions.DaemonSetList{}) if obj == nil { return nil, err } label := opts.LabelSelector if label == nil { label = labels.Everything() } list := &extensions.DaemonSetList{} for _, item := range obj.(*extensions.DaemonSetList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakeTestTypes) List(opts api.ListOptions) (result *testgroup_k8s_io.TestTypeList, err error) { obj, err := c.Fake. Invokes(core.NewListAction("testtypes", c.ns, opts), &testgroup_k8s_io.TestTypeList{}) if obj == nil { return nil, err } label := opts.LabelSelector if label == nil { label = labels.Everything() } list := &testgroup_k8s_io.TestTypeList{} for _, item := range obj.(*testgroup_k8s_io.TestTypeList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakeIngresses) List(opts api.ListOptions) (result *extensions.IngressList, err error) { obj, err := c.Fake. Invokes(core.NewListAction(ingressesResource, c.ns, opts), &extensions.IngressList{}) if obj == nil { return nil, err } label, _, _ := core.ExtractFromListOptions(opts) if label == nil { label = labels.Everything() } list := &extensions.IngressList{} for _, item := range obj.(*extensions.IngressList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakePodDisruptionBudgets) List(opts api.ListOptions) (result *policy.PodDisruptionBudgetList, err error) { obj, err := c.Fake. Invokes(core.NewListAction(poddisruptionbudgetsResource, c.ns, opts), &policy.PodDisruptionBudgetList{}) if obj == nil { return nil, err } label, _, _ := core.ExtractFromListOptions(opts) if label == nil { label = labels.Everything() } list := &policy.PodDisruptionBudgetList{} for _, item := range obj.(*policy.PodDisruptionBudgetList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakePods) List(opts api.ListOptions) (result *api.PodList, err error) { obj, err := c.Fake. Invokes(core.NewListAction(podsResource, c.ns, opts), &api.PodList{}) if obj == nil { return nil, err } label := opts.LabelSelector if label == nil { label = labels.Everything() } list := &api.PodList{} for _, item := range obj.(*api.PodList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakeHorizontalPodAutoscalers) List(opts api.ListOptions) (result *autoscaling.HorizontalPodAutoscalerList, err error) { obj, err := c.Fake. Invokes(core.NewListAction(horizontalpodautoscalersResource, c.ns, opts), &autoscaling.HorizontalPodAutoscalerList{}) if obj == nil { return nil, err } label, _, _ := core.ExtractFromListOptions(opts) if label == nil { label = labels.Everything() } list := &autoscaling.HorizontalPodAutoscalerList{} for _, item := range obj.(*autoscaling.HorizontalPodAutoscalerList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func (c *FakeConfigMaps) List(opts v1.ListOptions) (result *v1.ConfigMapList, err error) { obj, err := c.Fake. Invokes(core.NewListAction(configmapsResource, c.ns, opts), &v1.ConfigMapList{}) if obj == nil { return nil, err } label, _, _ := core.ExtractFromListOptions(opts) if label == nil { label = labels.Everything() } list := &v1.ConfigMapList{} for _, item := range obj.(*v1.ConfigMapList).Items { if label.Matches(labels.Set(item.Labels)) { list.Items = append(list.Items, item) } } return list, err }
func TestGetClient(t *testing.T) { testCases := []struct { name string clientName string kubeClient *fake.Clientset osClient *ostestclient.Fake expectedDelegation bool expectedErr string expectedClient *oauthapi.OAuthClient expectedKubeActions []core.Action expectedOSActions []ktestclient.Action }{ { name: "delegate", clientName: "not:serviceaccount", kubeClient: fake.NewSimpleClientset(), osClient: ostestclient.NewSimpleFake(), expectedDelegation: true, expectedKubeActions: []core.Action{}, expectedOSActions: []ktestclient.Action{}, }, { name: "missing sa", clientName: "system:serviceaccount:ns-01:missing-sa", kubeClient: fake.NewSimpleClientset(), osClient: ostestclient.NewSimpleFake(), expectedErr: `ServiceAccount "missing-sa" not found`, expectedKubeActions: []core.Action{core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "missing-sa")}, expectedOSActions: []ktestclient.Action{}, }, { name: "sa no redirects", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{}, }, }), osClient: ostestclient.NewSimpleFake(), expectedErr: `system:serviceaccount:ns-01:default has no redirectURIs; set serviceaccounts.openshift.io/oauth-redirecturi.<some-value>`, expectedKubeActions: []core.Action{core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default")}, expectedOSActions: []ktestclient.Action{}, }, { name: "sa no tokens", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{OAuthRedirectModelAnnotationURIPrefix + "one": "http://anywhere"}, }, }), osClient: ostestclient.NewSimpleFake(), expectedErr: `system:serviceaccount:ns-01:default has no tokens`, expectedKubeActions: []core.Action{ core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"), core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}), }, expectedOSActions: []ktestclient.Action{}, }, { name: "good SA", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", UID: types.UID("any"), Annotations: map[string]string{OAuthRedirectModelAnnotationURIPrefix + "one": "http://anywhere"}, }, }, &kapi.Secret{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{ kapi.ServiceAccountNameKey: "default", kapi.ServiceAccountUIDKey: "any", }, }, Type: kapi.SecretTypeServiceAccountToken, Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")}, }), osClient: ostestclient.NewSimpleFake(), expectedClient: &oauthapi.OAuthClient{ ObjectMeta: kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"}, ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"), AdditionalSecrets: []string{"foo"}, RedirectURIs: []string{"http://anywhere"}, GrantMethod: oauthapi.GrantHandlerPrompt, }, expectedKubeActions: []core.Action{ core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"), core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}), }, expectedOSActions: []ktestclient.Action{}, }, { name: "good SA with valid, simple route redirects", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", UID: types.UID("any"), Annotations: map[string]string{ OAuthRedirectModelAnnotationURIPrefix + "one": "http://anywhere", OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""), }, }, }, &kapi.Secret{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{ kapi.ServiceAccountNameKey: "default", kapi.ServiceAccountUIDKey: "any", }, }, Type: kapi.SecretTypeServiceAccountToken, Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")}, }), osClient: ostestclient.NewSimpleFake( &routeapi.Route{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "route1", UID: types.UID("route1"), }, Spec: routeapi.RouteSpec{ Path: "/defaultpath", TLS: &routeapi.TLSConfig{}, }, Status: routeapi.RouteStatus{ Ingress: []routeapi.RouteIngress{ {Host: "example1.com", Conditions: buildValidRouteIngressCondition()}, }, }, }, ), expectedClient: &oauthapi.OAuthClient{ ObjectMeta: kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"}, ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"), AdditionalSecrets: []string{"foo"}, RedirectURIs: []string{"http://anywhere", "https://example1.com/defaultpath"}, GrantMethod: oauthapi.GrantHandlerPrompt, }, expectedKubeActions: []core.Action{ core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"), core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}), }, expectedOSActions: []ktestclient.Action{ ktestclient.NewGetAction("routes", "ns-01", "route1"), }, }, { name: "good SA with invalid route redirects", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", UID: types.UID("any"), Annotations: map[string]string{ OAuthRedirectModelAnnotationURIPrefix + "one": "http://anywhere", OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", "wronggroup"), OAuthRedirectModelAnnotationReferencePrefix + "2": buildRedirectObjectReferenceString("wrongkind", "route1", ""), }, }, }, &kapi.Secret{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{ kapi.ServiceAccountNameKey: "default", kapi.ServiceAccountUIDKey: "any", }, }, Type: kapi.SecretTypeServiceAccountToken, Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")}, }), osClient: ostestclient.NewSimpleFake( &routeapi.Route{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "route1", UID: types.UID("route1"), }, Spec: routeapi.RouteSpec{ Path: "/defaultpath", TLS: &routeapi.TLSConfig{}, }, Status: routeapi.RouteStatus{ Ingress: []routeapi.RouteIngress{ {Host: "example1.com", Conditions: buildValidRouteIngressCondition()}, {Host: "example2.com", Conditions: buildValidRouteIngressCondition()}, {Host: "example3.com", Conditions: buildValidRouteIngressCondition()}, }, }, }, ), expectedClient: &oauthapi.OAuthClient{ ObjectMeta: kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"}, ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"), AdditionalSecrets: []string{"foo"}, RedirectURIs: []string{"http://anywhere"}, GrantMethod: oauthapi.GrantHandlerPrompt, }, expectedKubeActions: []core.Action{ core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"), core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}), }, expectedOSActions: []ktestclient.Action{}, }, { name: "good SA with a route that don't have a host", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", UID: types.UID("any"), Annotations: map[string]string{ OAuthRedirectModelAnnotationURIPrefix + "one": "http://anywhere", OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""), }, }, }, &kapi.Secret{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{ kapi.ServiceAccountNameKey: "default", kapi.ServiceAccountUIDKey: "any", }, }, Type: kapi.SecretTypeServiceAccountToken, Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")}, }), osClient: ostestclient.NewSimpleFake( &routeapi.Route{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "route1", UID: types.UID("route1"), }, Spec: routeapi.RouteSpec{ Path: "/defaultpath", TLS: &routeapi.TLSConfig{}, }, Status: routeapi.RouteStatus{ Ingress: []routeapi.RouteIngress{ {Host: "", Conditions: buildValidRouteIngressCondition()}, }, }, }, ), expectedClient: &oauthapi.OAuthClient{ ObjectMeta: kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"}, ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"), AdditionalSecrets: []string{"foo"}, RedirectURIs: []string{"http://anywhere"}, GrantMethod: oauthapi.GrantHandlerPrompt, }, expectedKubeActions: []core.Action{ core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"), core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}), }, expectedOSActions: []ktestclient.Action{ ktestclient.NewGetAction("routes", "ns-01", "route1"), }, }, { name: "good SA with routes that don't have hosts, some of which are empty or duplicates", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", UID: types.UID("any"), Annotations: map[string]string{ OAuthRedirectModelAnnotationURIPrefix + "one": "http://anywhere", OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""), OAuthRedirectModelAnnotationReferencePrefix + "2": buildRedirectObjectReferenceString(routeKind, "route2", ""), OAuthRedirectModelAnnotationReferencePrefix + "3": buildRedirectObjectReferenceString(routeKind, "missingroute", ""), }, }, }, &kapi.Secret{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{ kapi.ServiceAccountNameKey: "default", kapi.ServiceAccountUIDKey: "any", }, }, Type: kapi.SecretTypeServiceAccountToken, Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")}, }), osClient: ostestclient.NewSimpleFake( &routeapi.Route{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "route1", UID: types.UID("route1"), }, Spec: routeapi.RouteSpec{ Path: "/defaultpath", TLS: &routeapi.TLSConfig{}, }, Status: routeapi.RouteStatus{ Ingress: []routeapi.RouteIngress{ {Host: "", Conditions: buildValidRouteIngressCondition()}, {Host: "a.com", Conditions: buildValidRouteIngressCondition()}, {Host: ""}, {Host: "a.com", Conditions: buildValidRouteIngressCondition()}, {Host: "b.com", Conditions: buildValidRouteIngressCondition()}, }, }, }, &routeapi.Route{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "route2", UID: types.UID("route2"), }, Spec: routeapi.RouteSpec{ Path: "/path2", TLS: &routeapi.TLSConfig{}, }, Status: routeapi.RouteStatus{ Ingress: []routeapi.RouteIngress{ {Host: "a.com", Conditions: buildValidRouteIngressCondition()}, {Host: "", Conditions: buildValidRouteIngressCondition()}, {Host: "b.com", Conditions: buildValidRouteIngressCondition()}, {Host: "b.com"}, {Host: ""}, }, }, }, ), expectedClient: &oauthapi.OAuthClient{ ObjectMeta: kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"}, ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"), AdditionalSecrets: []string{"foo"}, RedirectURIs: []string{"http://anywhere", "https://a.com/defaultpath", "https://a.com/path2", "https://b.com/defaultpath", "https://b.com/path2"}, GrantMethod: oauthapi.GrantHandlerPrompt, }, expectedKubeActions: []core.Action{ core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"), core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}), }, expectedOSActions: []ktestclient.Action{ ktestclient.NewListAction("routes", "ns-01", kapi.ListOptions{}), }, }, { name: "host overrides route data", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", UID: types.UID("any"), Annotations: map[string]string{ OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""), OAuthRedirectModelAnnotationURIPrefix + "1": "//redhat.com", OAuthRedirectModelAnnotationReferencePrefix + "2": buildRedirectObjectReferenceString(routeKind, "route2", ""), OAuthRedirectModelAnnotationURIPrefix + "2": "//google.com", }, }, }, &kapi.Secret{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{ kapi.ServiceAccountNameKey: "default", kapi.ServiceAccountUIDKey: "any", }, }, Type: kapi.SecretTypeServiceAccountToken, Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")}, }), osClient: ostestclient.NewSimpleFake( &routeapi.Route{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "route1", UID: types.UID("route1"), }, Spec: routeapi.RouteSpec{ Path: "/defaultpath", TLS: &routeapi.TLSConfig{}, }, Status: routeapi.RouteStatus{ Ingress: []routeapi.RouteIngress{ {Host: ""}, }, }, }, &routeapi.Route{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "route2", UID: types.UID("route2"), }, Spec: routeapi.RouteSpec{ Path: "/otherpath", TLS: &routeapi.TLSConfig{}, }, Status: routeapi.RouteStatus{ Ingress: []routeapi.RouteIngress{ {Host: "ignored.com", Conditions: buildValidRouteIngressCondition()}, {Host: "alsoignored.com", Conditions: buildValidRouteIngressCondition()}, }, }, }, ), expectedClient: &oauthapi.OAuthClient{ ObjectMeta: kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"}, ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"), AdditionalSecrets: []string{"foo"}, RedirectURIs: []string{"https://google.com/otherpath", "https://redhat.com/defaultpath"}, GrantMethod: oauthapi.GrantHandlerPrompt, }, expectedKubeActions: []core.Action{ core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"), core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}), }, expectedOSActions: []ktestclient.Action{ ktestclient.NewListAction("routes", "ns-01", kapi.ListOptions{}), }, }, { name: "good SA with valid, route redirects using the same route twice", clientName: "system:serviceaccount:ns-01:default", kubeClient: fake.NewSimpleClientset( &kapi.ServiceAccount{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", UID: types.UID("any"), Annotations: map[string]string{ OAuthRedirectModelAnnotationURIPrefix + "1": "/awesomepath", OAuthRedirectModelAnnotationReferencePrefix + "1": buildRedirectObjectReferenceString(routeKind, "route1", ""), OAuthRedirectModelAnnotationURIPrefix + "2": "//:8000", OAuthRedirectModelAnnotationReferencePrefix + "2": buildRedirectObjectReferenceString(routeKind, "route1", ""), }, }, }, &kapi.Secret{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "default", Annotations: map[string]string{ kapi.ServiceAccountNameKey: "default", kapi.ServiceAccountUIDKey: "any", }, }, Type: kapi.SecretTypeServiceAccountToken, Data: map[string][]byte{kapi.ServiceAccountTokenKey: []byte("foo")}, }), osClient: ostestclient.NewSimpleFake( &routeapi.Route{ ObjectMeta: kapi.ObjectMeta{ Namespace: "ns-01", Name: "route1", UID: types.UID("route1"), }, Spec: routeapi.RouteSpec{ TLS: &routeapi.TLSConfig{}, }, Status: routeapi.RouteStatus{ Ingress: []routeapi.RouteIngress{ {Host: "woot.com", Conditions: buildValidRouteIngressCondition()}, }, }, }, ), expectedClient: &oauthapi.OAuthClient{ ObjectMeta: kapi.ObjectMeta{Name: "system:serviceaccount:ns-01:default"}, ScopeRestrictions: getScopeRestrictionsFor("ns-01", "default"), AdditionalSecrets: []string{"foo"}, RedirectURIs: []string{"https://woot.com/awesomepath", "https://woot.com:8000"}, GrantMethod: oauthapi.GrantHandlerPrompt, }, expectedKubeActions: []core.Action{ core.NewGetAction(unversioned.GroupVersionResource{Resource: "serviceaccounts"}, "ns-01", "default"), core.NewListAction(unversioned.GroupVersionResource{Resource: "secrets"}, "ns-01", kapi.ListOptions{}), }, expectedOSActions: []ktestclient.Action{ ktestclient.NewGetAction("routes", "ns-01", "route1"), }, }, } for _, tc := range testCases { delegate := &fakeDelegate{} getter := NewServiceAccountOAuthClientGetter(tc.kubeClient.Core(), tc.kubeClient.Core(), tc.osClient, delegate, oauthapi.GrantHandlerPrompt) client, err := getter.GetClient(kapi.NewContext(), tc.clientName) switch { case len(tc.expectedErr) == 0 && err == nil: case len(tc.expectedErr) == 0 && err != nil, len(tc.expectedErr) > 0 && err == nil, len(tc.expectedErr) > 0 && err != nil && !strings.Contains(err.Error(), tc.expectedErr): t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedErr, err) continue } if tc.expectedDelegation != delegate.called { t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedDelegation, delegate.called) continue } if !kapi.Semantic.DeepEqual(tc.expectedClient, client) { t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedClient, client) continue } if !reflect.DeepEqual(tc.expectedKubeActions, tc.kubeClient.Actions()) { t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedKubeActions, tc.kubeClient.Actions()) continue } if !reflect.DeepEqual(tc.expectedOSActions, tc.osClient.Actions()) { t.Errorf("%s: expected %#v, got %#v", tc.name, tc.expectedOSActions, tc.osClient.Actions()) continue } } }
func (f *fixture) expectListPodAction(namespace string, opt api.ListOptions) { f.actions = append(f.actions, core.NewListAction(unversioned.GroupVersionResource{Resource: "pods"}, namespace, opt)) }
func TestStop(t *testing.T) { var ( deploymentConfigsResource = unversioned.GroupVersionResource{Resource: "deploymentconfigs"} replicationControllersResource = unversioned.GroupVersionResource{Resource: "replicationcontrollers"} ) pause := func(d *deployapi.DeploymentConfig) *deployapi.DeploymentConfig { d.Spec.Paused = true return d } fakeDC := map[string]*deployapi.DeploymentConfig{ "simple-stop": deploytest.OkDeploymentConfig(1), "legacy-simple-stop": deploytest.OkDeploymentConfig(1), "multi-stop": deploytest.OkDeploymentConfig(5), "legacy-multi-stop": deploytest.OkDeploymentConfig(5), "no-deployments": deploytest.OkDeploymentConfig(5), "legacy-no-deployments": deploytest.OkDeploymentConfig(5), } tests := []struct { testName string namespace string name string oc *testclient.Fake kc *fake.Clientset expected []core.Action kexpected []core.Action err bool }{ { testName: "simple stop", namespace: "default", name: "config", oc: testclient.NewSimpleFake(fakeDC["simple-stop"]), kc: fake.NewSimpleClientset(mkdeploymentlist(1)), expected: []core.Action{ core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewUpdateAction(deploymentConfigsResource, "default", pause(fakeDC["simple-stop"])), core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewDeleteAction(deploymentConfigsResource, "default", "config"), }, kexpected: []core.Action{ core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewDeleteAction(replicationControllersResource, "default", "config-1"), }, err: false, }, { testName: "legacy simple stop", namespace: "default", name: "config", oc: testclient.NewSimpleFake(fakeDC["legacy-simple-stop"]), kc: fake.NewSimpleClientset(mkdeploymentlist(1)), expected: []core.Action{ core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewUpdateAction(deploymentConfigsResource, "default", nil), core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewDeleteAction(deploymentConfigsResource, "default", "config"), }, kexpected: []core.Action{ core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewDeleteAction(replicationControllersResource, "default", "config-1"), }, err: false, }, { testName: "stop multiple controllers", namespace: "default", name: "config", oc: testclient.NewSimpleFake(fakeDC["multi-stop"]), kc: fake.NewSimpleClientset(mkdeploymentlist(1, 2, 3, 4, 5)), expected: []core.Action{ core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewUpdateAction(deploymentConfigsResource, "default", pause(fakeDC["multi-stop"])), core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewDeleteAction(deploymentConfigsResource, "default", "config"), }, kexpected: []core.Action{ core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewDeleteAction(replicationControllersResource, "default", "config-1"), core.NewGetAction(replicationControllersResource, "default", "config-2"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-2"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-2"), core.NewDeleteAction(replicationControllersResource, "default", "config-2"), core.NewGetAction(replicationControllersResource, "default", "config-3"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-3"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-3"), core.NewDeleteAction(replicationControllersResource, "default", "config-3"), core.NewGetAction(replicationControllersResource, "default", "config-4"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-4"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-4"), core.NewDeleteAction(replicationControllersResource, "default", "config-4"), core.NewGetAction(replicationControllersResource, "default", "config-5"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-5"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-5"), core.NewDeleteAction(replicationControllersResource, "default", "config-5"), }, err: false, }, { testName: "legacy stop multiple controllers", namespace: "default", name: "config", oc: testclient.NewSimpleFake(fakeDC["legacy-multi-stop"]), kc: fake.NewSimpleClientset(mkdeploymentlist(1, 2, 3, 4, 5)), expected: []core.Action{ core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewUpdateAction(deploymentConfigsResource, "default", nil), core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewDeleteAction(deploymentConfigsResource, "default", "config"), }, kexpected: []core.Action{ core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewDeleteAction(replicationControllersResource, "default", "config-1"), core.NewGetAction(replicationControllersResource, "default", "config-2"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-2"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-2"), core.NewDeleteAction(replicationControllersResource, "default", "config-2"), core.NewGetAction(replicationControllersResource, "default", "config-3"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-3"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-3"), core.NewDeleteAction(replicationControllersResource, "default", "config-3"), core.NewGetAction(replicationControllersResource, "default", "config-4"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-4"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-4"), core.NewDeleteAction(replicationControllersResource, "default", "config-4"), core.NewGetAction(replicationControllersResource, "default", "config-5"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-5"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-5"), core.NewDeleteAction(replicationControllersResource, "default", "config-5"), }, err: false, }, { testName: "no config, some deployments", namespace: "default", name: "config", oc: testclient.NewSimpleFake(), kc: fake.NewSimpleClientset(mkdeploymentlist(1)), expected: []core.Action{ core.NewGetAction(deploymentConfigsResource, "default", "config"), }, kexpected: []core.Action{ core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{LabelSelector: labels.SelectorFromSet(map[string]string{"openshift.io/deployment-config.name": "config"})}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewUpdateAction(replicationControllersResource, "default", nil), core.NewGetAction(replicationControllersResource, "default", "config-1"), core.NewDeleteAction(replicationControllersResource, "default", "config-1"), }, err: false, }, { testName: "no config, no deployments", namespace: "default", name: "config", oc: testclient.NewSimpleFake(), kc: fake.NewSimpleClientset(&kapi.ReplicationControllerList{}), expected: []core.Action{ core.NewGetAction(deploymentConfigsResource, "default", "config"), }, kexpected: []core.Action{ core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), }, err: true, }, { testName: "config, no deployments", namespace: "default", name: "config", oc: testclient.NewSimpleFake(fakeDC["no-deployments"]), kc: fake.NewSimpleClientset(&kapi.ReplicationControllerList{}), expected: []core.Action{ core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewUpdateAction(deploymentConfigsResource, "default", pause(fakeDC["no-deployments"])), core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewDeleteAction(deploymentConfigsResource, "default", "config"), }, kexpected: []core.Action{ core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), }, err: false, }, { testName: "legacy config, no deployments", namespace: "default", name: "config", oc: testclient.NewSimpleFake(fakeDC["legacy-no-deployments"]), kc: fake.NewSimpleClientset(&kapi.ReplicationControllerList{}), expected: []core.Action{ core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewUpdateAction(deploymentConfigsResource, "default", nil), core.NewGetAction(deploymentConfigsResource, "default", "config"), core.NewDeleteAction(deploymentConfigsResource, "default", "config"), }, kexpected: []core.Action{ core.NewListAction(replicationControllersResource, "default", kapi.ListOptions{}), }, err: false, }, } for _, test := range tests { reaper := &DeploymentConfigReaper{oc: test.oc, kc: test.kc, pollInterval: time.Millisecond, timeout: time.Millisecond} err := reaper.Stop(test.namespace, test.name, 1*time.Second, nil) if !test.err && err != nil { t.Errorf("%s: unexpected error: %v", test.testName, err) } if test.err && err == nil { t.Errorf("%s: expected an error", test.testName) } if len(test.oc.Actions()) != len(test.expected) { t.Errorf("%s: unexpected actions: %s", test.testName, diff.ObjectReflectDiff(test.oc.Actions(), test.expected)) continue } for j, actualAction := range test.oc.Actions() { e, a := test.expected[j], actualAction switch a.(type) { case core.UpdateAction: if e.GetVerb() != a.GetVerb() || e.GetNamespace() != a.GetNamespace() || e.GetResource() != a.GetResource() || e.GetSubresource() != a.GetSubresource() { t.Errorf("%s: unexpected action[%d]: %s, expected %s", test.testName, j, a, e) } default: if !reflect.DeepEqual(actualAction, test.expected[j]) { t.Errorf("%s: unexpected action: %s", test.testName, diff.ObjectReflectDiff(actualAction, test.expected[j])) } } } if len(test.kc.Actions()) != len(test.kexpected) { t.Errorf("%s: unexpected actions: %s", test.testName, diff.ObjectReflectDiff(test.kc.Actions(), test.kexpected)) continue } for j, actualAction := range test.kc.Actions() { e, a := test.kexpected[j], actualAction if e.GetVerb() != a.GetVerb() || e.GetNamespace() != a.GetNamespace() || e.GetResource() != a.GetResource() || e.GetSubresource() != a.GetSubresource() { t.Errorf("%s: unexpected action[%d]: %s, expected %s", test.testName, j, a, e) } switch a.(type) { case core.GetAction, core.DeleteAction: if !reflect.DeepEqual(e, a) { t.Errorf("%s: unexpected action[%d]: %s, expected %s", test.testName, j, a, e) } } } } }