Add test for qec spec update

cloudfoundry-incubator · Sep 15, 2020 · 93b66d3 · 93b66d3
1 parent c14011a
commit 93b66d3
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 59 deletions.
diff --git a/e2e/kube/examples_test.go b/e2e/kube/examples_test.go
@@ -24,6 +24,22 @@ var _ = Describe("Examples Directory", func() {
 		kubectl      *cmdHelper.Kubectl
 	)
 
+	replaceString := func(examplePath string, toBeReplaced string, replacedBy string) string {
+		exampleData, err := ioutil.ReadFile(examplePath)
+		Expect(err).ToNot(HaveOccurred())
+
+		newExampleFile, err := ioutil.TempFile(os.TempDir(), "qsec-*")
+		Expect(err).ToNot(HaveOccurred(), "creating new example file in examples dir")
+		_, err = newExampleFile.WriteString(
+			strings.ReplaceAll(
+				string(exampleData), toBeReplaced, replacedBy,
+			))
+		Expect(err).ToNot(HaveOccurred())
+		Expect(newExampleFile.Close()).ToNot(HaveOccurred())
+
+		return newExampleFile.Name()
+	}
+
 	JustBeforeEach(func() {
 		kubectl = cmdHelper.NewKubectl()
 		yamlFilePath = path.Join(example)
@@ -104,7 +120,6 @@ var _ = Describe("Examples Directory", func() {
 
 	Context("quarks-secret copies", func() {
 		var copyNamespace string
-		var tempQSecretFileName string
 
 		BeforeEach(func() {
 			copyNamespace = "qseccopy-" + strconv.Itoa(int(nsIndex)) + "-" +
@@ -117,46 +132,23 @@ var _ = Describe("Examples Directory", func() {
 
 			// Create a copy of the example files with the correct namespaces in them
 			dSecretExample := path.Join(examplesDir, "copy-secret-destination.yaml")
-			dSecret, err := ioutil.ReadFile(dSecretExample)
-			Expect(err).ToNot(HaveOccurred())
-			tmpDSecret, err := ioutil.TempFile(os.TempDir(), "dsecret-*")
-			defer os.Remove(tmpDSecret.Name())
-			Expect(err).ToNot(HaveOccurred(), "creating tmp file")
-			_, err = tmpDSecret.WriteString(
-				strings.ReplaceAll(
-					strings.ReplaceAll(
-						string(dSecret), "COPYNAMESPACE", copyNamespace,
-					), "NAMESPACE", namespace))
-			Expect(err).ToNot(HaveOccurred())
-			Expect(tmpDSecret.Close()).ToNot(HaveOccurred())
+			dSecretPath := replaceString(dSecretExample, "COPYNAMESPACE", copyNamespace)
+			defer os.Remove(dSecretPath)
 
 			// A copy of the QuarkSecret with the correct COPYNAMESPACE in it
 			quarksSecretExample := path.Join(examplesDir, "copies.yaml")
-			qSecret, err := ioutil.ReadFile(quarksSecretExample)
-			Expect(err).ToNot(HaveOccurred())
-			tmpQSecret, err := ioutil.TempFile(os.TempDir(), "qsec-*")
-			tempQSecretFileName = tmpQSecret.Name()
-			Expect(err).ToNot(HaveOccurred(), "creating tmp file in examples dir")
-			_, err = tmpQSecret.WriteString(
-				strings.ReplaceAll(
-					string(qSecret), "COPYNAMESPACE", copyNamespace,
-				))
-			Expect(err).ToNot(HaveOccurred())
-			Expect(tmpQSecret.Close()).ToNot(HaveOccurred())
+			tempQSecretFilePath := replaceString(quarksSecretExample, "COPYNAMESPACE", copyNamespace)
 
 			// Create the destination secret
-			err = cmdHelper.Create(copyNamespace, tmpDSecret.Name())
+			err = cmdHelper.Create(copyNamespace, dSecretPath)
 			Expect(err).ToNot(HaveOccurred())
 
-			example = tempQSecretFileName
+			example = tempQSecretFilePath
 		})
 
 		AfterEach(func() {
 			err := cmdHelper.DeleteNamespace(copyNamespace)
 			Expect(err).ToNot(HaveOccurred())
-
-			err = os.Remove(tempQSecretFileName)
-			Expect(err).ToNot(HaveOccurred())
 		})
 
 		It("are created if everything is setup correctly", func() {
@@ -287,6 +279,38 @@ var _ = Describe("Examples Directory", func() {
 		})
 	})
 
+	Context("certificate example", func() {
+		BeforeEach(func() {
+			example = filepath.Join(examplesDir, "certificate.yaml")
+		})
+
+		When("quarks secret spec is updated", func() {
+			It("should update the generated certificate", func() {
+				expectedSecretName := "gen-certificate"
+				err := kubectl.WaitForSecret(namespace, expectedSecretName)
+				Expect(err).ToNot(HaveOccurred())
+
+				By("Checking the old generated certificate")
+				oldCertificateData, err := cmdHelper.GetData(namespace, "secret", expectedSecretName, "go-template={{.data.certificate}}")
+				Expect(err).ToNot(HaveOccurred())
+
+				newExampleFile := replaceString(example, "foo.com", "bar.com")
+				err = cmdHelper.Apply(namespace, newExampleFile)
+				Expect(err).ToNot(HaveOccurred())
+
+				By("Waiting for new secret to be generated")
+				time.Sleep(60 * time.Second)
+
+				By("Checking the new generated certificate")
+				Eventually(func() bool {
+					newCertificateData, err := cmdHelper.GetData(namespace, "secret", expectedSecretName, "go-template={{.data.certificate}}")
+					Expect(err).ToNot(HaveOccurred())
+					return string(newCertificateData) == string(oldCertificateData)
+				}, 60*time.Second).Should(Equal(true))
+			})
+		})
+	})
+
 	Context("rsa keys example", func() {
 		var (
 			privateKey []byte

diff --git a/pkg/kube/controllers/quarkssecret/quarkssecret_controller.go b/pkg/kube/controllers/quarkssecret/quarkssecret_controller.go
@@ -3,6 +3,7 @@ package quarkssecret
 import (
 	"context"
 	"fmt"
+	"reflect"
 
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
@@ -63,7 +64,7 @@ func AddQuarksSecret(ctx context.Context, config *config.Config, mgr manager.Man
 			n := e.ObjectNew.(*qsv1a1.QuarksSecret)
 			o := e.ObjectOld.(*qsv1a1.QuarksSecret)
 
-			if reconcileForGenerated(o.Status, n.Status) {
+			if reconcileForGenerated(o.Status, n.Status) || !reflect.DeepEqual(o.Spec, n.Spec) {
 				if n.Status.IsCopied() == o.Status.IsCopied() {
 					ctxlog.NewPredicateEvent(e.ObjectNew).Debug(
 						ctx, e.MetaNew, "qsv1a1.QuarksSecret",
@@ -88,25 +89,26 @@ func AddQuarksSecret(ctx context.Context, config *config.Config, mgr manager.Man
 // | old   | new   | reconcile? |
 // | ----- | ----- | ---------- |
 // | true  | true  | false      |
-// | false | true  | false      |
-// | nil   | true  | false      |
-// | true  | false | true       |
+// | false | true  | true       |
+// | nil   | true  | true       |
+// | true  | false | false      |
 // | false | false | true       |
 // | nil   | false | true       |
 // | true  | nil   | false      |
 // | false | nil   | true       |
 // | nil   | nil   | true       |
 func reconcileForGenerated(o, n qsv1a1.QuarksSecretStatus) bool {
+	var resultN bool
 	if n.Generated != nil {
 		// new generated is set
-		return !*n.Generated
+		resultN = !*n.Generated
 	}
 	if o.Generated != nil && *o.Generated {
 		// old generated is true
 		return false
 	}
 	// old is either nil or false
-	return true
+	return resultN || true
 }
 
 // listSecrets gets all Secrets owned by the QuarksSecret

diff --git a/pkg/kube/controllers/quarkssecret/quarkssecret_reconciler.go b/pkg/kube/controllers/quarkssecret/quarkssecret_reconciler.go
@@ -210,13 +210,6 @@ func (r *ReconcileQuarksSecret) updateStatus(ctx context.Context, qsec *qsv1a1.Q
 // * secret is already generated according to qsecs status field
 // * secret exists, but was not generated (user created secret)
 func (r *ReconcileQuarksSecret) skipCreation(ctx context.Context, qsec *qsv1a1.QuarksSecret) (bool, error) {
-	if qsec.Status.Generated != nil && *qsec.Status.Generated {
-		ctxlog.Debugf(ctx, "Existing secret %s/%s has already been generated",
-			qsec.Namespace,
-			qsec.Spec.SecretName,
-		)
-		return true, nil
-	}
 	secretName := qsec.Spec.SecretName
 	existingSecret := &corev1.Secret{}
 	err := r.client.Get(ctx, types.NamespacedName{Name: secretName, Namespace: qsec.GetNamespace()}, existingSecret)

diff --git a/pkg/kube/controllers/quarkssecret/quarkssecret_reconciler_test.go b/pkg/kube/controllers/quarkssecret/quarkssecret_reconciler_test.go
@@ -29,7 +29,6 @@ import (
 	qscontroller "code.cloudfoundry.org/quarks-secret/pkg/kube/controllers/quarkssecret"
 	cfcfg "code.cloudfoundry.org/quarks-utils/pkg/config"
 	"code.cloudfoundry.org/quarks-utils/pkg/ctxlog"
-	"code.cloudfoundry.org/quarks-utils/pkg/pointers"
 	helper "code.cloudfoundry.org/quarks-utils/testing/testhelper"
 )
 
@@ -661,19 +660,6 @@ var _ = Describe("ReconcileQuarksSecret", func() {
 			Expect(reconcile.Result{}).To(Equal(result))
 		})
 
-		It("Skips generation of a secret when quarksSecret's `generated` status is true", func() {
-			secret.Labels = map[string]string{
-				qsv1a1.LabelKind: qsv1a1.GeneratedSecretKind,
-			}
-			qSecret.Status.Generated = pointers.Bool(true)
-
-			result, err := reconciler.Reconcile(request)
-			Expect(err).ToNot(HaveOccurred())
-			Expect(client.CreateCallCount()).To(Equal(0))
-			Expect(client.UpdateCallCount()).To(Equal(0))
-			Expect(reconcile.Result{}).To(Equal(result))
-		})
-
 		It("Regenerates a secret when the existing secret has a `generated` label", func() {
 			qSecret.Spec.SecretLabels[qsv1a1.LabelKind] = qsv1a1.GeneratedSecretKind
 			secret.Labels = qSecret.Spec.SecretLabels

diff --git a/pkg/kube/controllers/quarkssecret/reconcile_generated_test.go b/pkg/kube/controllers/quarkssecret/reconcile_generated_test.go
@@ -63,9 +63,9 @@ var _ = Describe("Status.Generated", func() {
 		It("should honor results from the table in documentation", func() {
 			tests := []test{
 				newTest(true, true, false),
-				newTest(false, true, false),
-				newTestP(nil, pointers.Bool(true), false),
-				newTest(true, false, true),
+				newTest(false, true, true),
+				newTestP(nil, pointers.Bool(true), true),
+				newTest(true, false, false),
 				newTest(false, false, true),
 				newTestP(nil, pointers.Bool(false), true),
 				newTestP(pointers.Bool(true), nil, false),