func (c *FakeSubjectRulesReviews) Create(inObj *authorizationapi.SubjectRulesReview) (*authorizationapi.SubjectRulesReview, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("selfsubjectrulesreviews", c.Namespace, inObj), &authorizationapi.SubjectRulesReview{}) if cast, ok := obj.(*authorizationapi.SubjectRulesReview); ok { return cast, err } return nil, err }
func (c *FakeLocalResourceAccessReviews) Create(inObj *authorizationapi.LocalResourceAccessReview) (*authorizationapi.ResourceAccessReviewResponse, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("localresourceaccessreviews", c.Namespace, inObj), &authorizationapi.ResourceAccessReviewResponse{}) if cast, ok := obj.(*authorizationapi.ResourceAccessReviewResponse); ok { return cast, err } return nil, err }
func (c *FakeRoutes) Create(inObj *routeapi.Route) (*routeapi.Route, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("routes", c.Namespace, inObj), inObj) if obj == nil { return nil, err } return obj.(*routeapi.Route), err }
func (c *FakeImageStreamTags) Create(inObj *imageapi.ImageStreamTag) (*imageapi.ImageStreamTag, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("imagestreamtags", c.Namespace, inObj), inObj) if obj == nil { return nil, err } return obj.(*imageapi.ImageStreamTag), err }
func (c *FakeBackingServiceInstances) Create(inObj *backingserviceinstanceapi.BackingServiceInstance) (*backingserviceinstanceapi.BackingServiceInstance, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("backingserviceinstances", c.Namespace, inObj), inObj) if obj == nil { return nil, err } return obj.(*backingserviceinstanceapi.BackingServiceInstance), err }
func (c *FakeRoleBindings) Create(inObj *authorizationapi.RoleBinding) (*authorizationapi.RoleBinding, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("rolebindings", c.Namespace, inObj), inObj) if obj == nil { return nil, err } return obj.(*authorizationapi.RoleBinding), err }
func (c *FakeTemplateConfigs) Create(inObj *templateapi.Template) (*templateapi.Template, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("templateconfigs", c.Namespace, inObj), inObj) if obj == nil { return nil, err } return obj.(*templateapi.Template), err }
func (c *FakeEgressNetworkPolicy) Create(inObj *sdnapi.EgressNetworkPolicy) (*sdnapi.EgressNetworkPolicy, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("egressnetworkpolicies", c.Namespace, inObj), inObj) if obj == nil { return nil, err } return obj.(*sdnapi.EgressNetworkPolicy), err }
func (c *FakeBuilds) Create(inObj *buildapi.Build) (*buildapi.Build, error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("builds", c.Namespace, inObj), inObj) if obj == nil { return nil, err } return obj.(*buildapi.Build), err }
func (c *FakeDeploymentConfigs) Rollback(inObj *deployapi.DeploymentConfigRollback) (result *deployapi.DeploymentConfig, err error) { obj, err := c.Fake.Invokes(ktestclient.NewCreateAction("deploymentconfigrollbacks", c.Namespace, inObj), inObj) if obj == nil { return nil, err } return obj.(*deployapi.DeploymentConfig), err }
func (c *FakeBuilds) Clone(request *buildapi.BuildRequest) (result *buildapi.Build, err error) { action := ktestclient.NewCreateAction("buildconfigs", c.Namespace, request) action.Subresource = "clone" obj, err := c.Fake.Invokes(action, &buildapi.Build{}) if obj == nil { return nil, err } return obj.(*buildapi.Build), err }
func (c *FakeBuildConfigs) InstantiateBinary(request *buildapi.BinaryBuildRequestOptions, r io.Reader) (result *buildapi.Build, err error) { action := ktestclient.NewCreateAction("buildconfigs", c.Namespace, request) action.Subresource = "instantiatebinary" obj, err := c.Fake.Invokes(action, &buildapi.Build{}) if obj == nil { return nil, err } return obj.(*buildapi.Build), err }
func (f *fixture) expectCreateRCAction(rc *api.ReplicationController) { f.actions = append(f.actions, testclient.NewCreateAction("replicationcontrollers", rc.Namespace, rc)) f.objects.Items = append(f.objects.Items, rc) }
func (c *fakeRc) Create(controller *api.ReplicationController) (*api.ReplicationController, error) { c.Fake.Invokes(testclient.NewCreateAction("replicationcontrollers", controller.Namespace, controller), nil) return controller, nil }
func (c *FakeBackingServiceInstances) CreateBinding(name string, bro *backingserviceinstanceapi.BindingRequestOptions) (err error) { _, err = c.Fake.Invokes(ktestclient.NewCreateAction("backingserviceinstances/binding", c.Namespace, bro), bro) return }
func TestTokenCreation(t *testing.T) { testcases := map[string]struct { ClientObjects []runtime.Object SecretsSyncPending bool ServiceAccountsSyncPending bool ExistingServiceAccount *api.ServiceAccount ExistingSecrets []*api.Secret AddedServiceAccount *api.ServiceAccount UpdatedServiceAccount *api.ServiceAccount DeletedServiceAccount *api.ServiceAccount AddedSecret *api.Secret UpdatedSecret *api.Secret DeletedSecret *api.Secret ExpectedActions []testclient.Action }{ "new serviceaccount with no secrets": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, AddedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, "new serviceaccount with no secrets with unsynced secret store": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, SecretsSyncPending: true, AddedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, "new serviceaccount with missing secrets": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, AddedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(missingSecretReferences()))), }, }, "new serviceaccount with missing secrets with unsynced secret store": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, SecretsSyncPending: true, AddedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{}, }, "new serviceaccount with non-token secrets": { ClientObjects: []runtime.Object{serviceAccount(regularSecretReferences()), createdTokenSecret(), opaqueSecret()}, AddedServiceAccount: serviceAccount(regularSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(regularSecretReferences()))), }, }, "new serviceaccount with token secrets": { ClientObjects: []runtime.Object{serviceAccount(tokenSecretReferences()), serviceAccountTokenSecret()}, ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()}, AddedServiceAccount: serviceAccount(tokenSecretReferences()), ExpectedActions: []testclient.Action{}, }, "new serviceaccount with no secrets with resource conflict": { ClientObjects: []runtime.Object{updatedServiceAccount(emptySecretReferences()), createdTokenSecret()}, AddedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), }, }, "updated serviceaccount with no secrets": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, UpdatedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, "updated serviceaccount with no secrets with unsynced secret store": { ClientObjects: []runtime.Object{serviceAccount(emptySecretReferences()), createdTokenSecret()}, SecretsSyncPending: true, UpdatedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(emptySecretReferences()))), }, }, "updated serviceaccount with missing secrets": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, UpdatedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(missingSecretReferences()))), }, }, "updated serviceaccount with missing secrets with unsynced secret store": { ClientObjects: []runtime.Object{serviceAccount(missingSecretReferences()), createdTokenSecret()}, SecretsSyncPending: true, UpdatedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{}, }, "updated serviceaccount with non-token secrets": { ClientObjects: []runtime.Object{serviceAccount(regularSecretReferences()), createdTokenSecret(), opaqueSecret()}, UpdatedServiceAccount: serviceAccount(regularSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewCreateAction("secrets", api.NamespaceDefault, createdTokenSecret()), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(addTokenSecretReference(regularSecretReferences()))), }, }, "updated serviceaccount with token secrets": { ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()}, UpdatedServiceAccount: serviceAccount(tokenSecretReferences()), ExpectedActions: []testclient.Action{}, }, "updated serviceaccount with no secrets with resource conflict": { ClientObjects: []runtime.Object{updatedServiceAccount(emptySecretReferences()), createdTokenSecret()}, UpdatedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), }, }, "deleted serviceaccount with no secrets": { DeletedServiceAccount: serviceAccount(emptySecretReferences()), ExpectedActions: []testclient.Action{}, }, "deleted serviceaccount with missing secrets": { DeletedServiceAccount: serviceAccount(missingSecretReferences()), ExpectedActions: []testclient.Action{}, }, "deleted serviceaccount with non-token secrets": { ClientObjects: []runtime.Object{opaqueSecret()}, DeletedServiceAccount: serviceAccount(regularSecretReferences()), ExpectedActions: []testclient.Action{}, }, "deleted serviceaccount with token secrets": { ClientObjects: []runtime.Object{serviceAccountTokenSecret()}, ExistingSecrets: []*api.Secret{serviceAccountTokenSecret()}, DeletedServiceAccount: serviceAccount(tokenSecretReferences()), ExpectedActions: []testclient.Action{ testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"), }, }, "added secret without serviceaccount": { ClientObjects: []runtime.Object{serviceAccountTokenSecret()}, AddedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"), }, }, "added secret with serviceaccount": { ExistingServiceAccount: serviceAccount(tokenSecretReferences()), AddedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{}, }, "added token secret without token data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutTokenData()}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), AddedSecret: serviceAccountTokenSecretWithoutTokenData(), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "added token secret without ca data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutCAData()}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), AddedSecret: serviceAccountTokenSecretWithoutCAData(), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "added token secret with mismatched ca data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithCAData([]byte("mismatched"))}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), AddedSecret: serviceAccountTokenSecretWithCAData([]byte("mismatched")), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "updated secret without serviceaccount": { ClientObjects: []runtime.Object{serviceAccountTokenSecret()}, UpdatedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewDeleteAction("secrets", api.NamespaceDefault, "token-secret-1"), }, }, "updated secret with serviceaccount": { ExistingServiceAccount: serviceAccount(tokenSecretReferences()), UpdatedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{}, }, "updated token secret without token data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutTokenData()}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), UpdatedSecret: serviceAccountTokenSecretWithoutTokenData(), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "updated token secret without ca data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithoutCAData()}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), UpdatedSecret: serviceAccountTokenSecretWithoutCAData(), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "updated token secret with mismatched ca data": { ClientObjects: []runtime.Object{serviceAccountTokenSecretWithCAData([]byte("mismatched"))}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), UpdatedSecret: serviceAccountTokenSecretWithCAData([]byte("mismatched")), ExpectedActions: []testclient.Action{ testclient.NewUpdateAction("secrets", api.NamespaceDefault, serviceAccountTokenSecret()), }, }, "deleted secret without serviceaccount": { DeletedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{}, }, "deleted secret with serviceaccount with reference": { ClientObjects: []runtime.Object{serviceAccount(tokenSecretReferences())}, ExistingServiceAccount: serviceAccount(tokenSecretReferences()), DeletedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{ testclient.NewGetAction("serviceaccounts", api.NamespaceDefault, "default"), testclient.NewUpdateAction("serviceaccounts", api.NamespaceDefault, serviceAccount(emptySecretReferences())), }, }, "deleted secret with serviceaccount without reference": { ExistingServiceAccount: serviceAccount(emptySecretReferences()), DeletedSecret: serviceAccountTokenSecret(), ExpectedActions: []testclient.Action{}, }, } for k, tc := range testcases { // Re-seed to reset name generation utilrand.Seed(1) generator := &testGenerator{Token: "ABC"} client := testclient.NewSimpleFake(tc.ClientObjects...) controller := NewTokensController(client, TokensControllerOptions{TokenGenerator: generator, RootCA: []byte("CA Data")}) // Tell the token controller whether its stores have been synced controller.serviceAccountsSynced = func() bool { return !tc.ServiceAccountsSyncPending } controller.secretsSynced = func() bool { return !tc.SecretsSyncPending } if tc.ExistingServiceAccount != nil { controller.serviceAccounts.Add(tc.ExistingServiceAccount) } for _, s := range tc.ExistingSecrets { controller.secrets.Add(s) } if tc.AddedServiceAccount != nil { controller.serviceAccountAdded(tc.AddedServiceAccount) } if tc.UpdatedServiceAccount != nil { controller.serviceAccountUpdated(nil, tc.UpdatedServiceAccount) } if tc.DeletedServiceAccount != nil { controller.serviceAccountDeleted(tc.DeletedServiceAccount) } if tc.AddedSecret != nil { controller.secretAdded(tc.AddedSecret) } if tc.UpdatedSecret != nil { controller.secretUpdated(nil, tc.UpdatedSecret) } if tc.DeletedSecret != nil { controller.secretDeleted(tc.DeletedSecret) } actions := client.Actions() for i, action := range actions { if len(tc.ExpectedActions) < i+1 { t.Errorf("%s: %d unexpected actions: %+v", k, len(actions)-len(tc.ExpectedActions), actions[i:]) break } expectedAction := tc.ExpectedActions[i] if !reflect.DeepEqual(expectedAction, action) { t.Errorf("%s: Expected\n\t%#v\ngot\n\t%#v", k, expectedAction, action) continue } } if len(tc.ExpectedActions) > len(actions) { t.Errorf("%s: %d additional expected actions:%+v", k, len(tc.ExpectedActions)-len(actions), tc.ExpectedActions[len(actions):]) } } }
func (c *FakeImageStreamMappings) Create(inObj *imageapi.ImageStreamMapping) error { _, err := c.Fake.Invokes(ktestclient.NewCreateAction("imagestreammappings", c.Namespace, inObj), inObj) return err }