Skip to content

Increase code coverage of SSABasedGenericKubernetesResourceMatcher #2781

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Increase code coverage of SSABasedGenericKubernetesResourceMatcher #2781

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
91ecdfc
test: Add missing tests for SSABasedGenericKubernetesResourceMatcher
Donnerbart May 2, 2025
33f1f4e
test: Add missing tests for SSABasedGenericKubernetesResourceMatcher
Donnerbart May 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
326 changes: 162 additions & 164 deletions ...dk/operator/processing/dependent/kubernetes/SSABasedGenericKubernetesResourceMatcher.java
View file
Open in desktop

Large diffs are not rendered by default.

213 changes: 168 additions & 45 deletions ...perator/processing/dependent/kubernetes/SSABasedGenericKubernetesResourceMatcherTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package io.javaoperatorsdk.operator.processing.dependent.kubernetes;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

Expand All @@ -11,17 +10,20 @@

import io.fabric8.kubernetes.api.model.ConfigMap;
import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.Secret;
import io.fabric8.kubernetes.api.model.apps.DaemonSet;
import io.fabric8.kubernetes.api.model.apps.Deployment;
import io.fabric8.kubernetes.api.model.apps.ReplicaSet;
import io.fabric8.kubernetes.api.model.apps.StatefulSet;
import io.javaoperatorsdk.operator.MockKubernetesClient;
import io.javaoperatorsdk.operator.OperatorException;
import io.javaoperatorsdk.operator.ReconcilerUtils;
import io.javaoperatorsdk.operator.api.config.ConfigurationService;
import io.javaoperatorsdk.operator.api.config.ControllerConfiguration;
import io.javaoperatorsdk.operator.api.reconciler.Context;

import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

Expand All @@ -45,6 +47,54 @@ void setup() {
when(mockedContext.getControllerConfiguration()).thenReturn(controllerConfiguration);
}

@Test
void noMatchWhenNoMatchingController() {
var desired = loadResource("nginx-deployment.yaml", Deployment.class);
var actual =
loadResource("deployment-with-managed-fields-additional-controller.yaml", Deployment.class);
actual
.getMetadata()
.getManagedFields()
.removeIf(managedFieldsEntry -> managedFieldsEntry.getManager().equals("controller"));

assertThat(matcher.matches(actual, desired, mockedContext)).isFalse();
}

@Test
void exceptionWhenDuplicateController() {
var desired = loadResource("nginx-deployment.yaml", Deployment.class);
var actual =
loadResource("deployment-with-managed-fields-additional-controller.yaml", Deployment.class);
actual.getMetadata().getManagedFields().stream()
.filter(managedFieldsEntry -> managedFieldsEntry.getManager().equals("controller"))
.findFirst()
.ifPresent(
managedFieldsEntry -> actual.getMetadata().getManagedFields().add(managedFieldsEntry));

assertThatThrownBy(() -> matcher.matches(actual, desired, mockedContext))
.isInstanceOf(OperatorException.class)
.hasMessage(
"More than one field manager exists with name: controller in resource: Deployment with"
+ " name: test");
}

@Test
void matchWithSensitiveResource() {
var desired = loadResource("secret-desired.yaml", Secret.class);
var actual = loadResource("secret.yaml", Secret.class);

assertThat(matcher.matches(actual, desired, mockedContext)).isTrue();
}

@Test
void noMatchWithSensitiveResource() {
var desired = loadResource("secret-desired.yaml", Secret.class);
var actual = loadResource("secret.yaml", Secret.class);
actual.getData().put("key1", "dmFsMg==");

assertThat(matcher.matches(actual, desired, mockedContext)).isFalse();
}

@Test
void checksIfAddsNotAddedByController() {
var desired = loadResource("nginx-deployment.yaml", Deployment.class);
Expand All @@ -54,7 +104,40 @@ void checksIfAddsNotAddedByController() {
assertThat(matcher.matches(actual, desired, mockedContext)).isTrue();
}

// In the example the owner reference in a list is referenced by "k:", while all the fields are
@Test
void throwExceptionWhenManagedListEntryNotFound() {
var desired = loadResource("nginx-deployment.yaml", Deployment.class);
var actual =
loadResource("deployment-with-managed-fields-additional-controller.yaml", Deployment.class);
final var container = actual.getSpec().getTemplate().getSpec().getContainers().get(0);
container.setName("foobar");

assertThatThrownBy(() -> matcher.matches(actual, desired, mockedContext))
.isInstanceOf(IllegalStateException.class)
.hasMessage(
"Cannot find list element for key: {\"name\":\"nginx\"} in map: [[image,"
+ " imagePullPolicy, name, ports, resources, terminationMessagePath,"
+ " terminationMessagePolicy]]");
}

@Test
void throwExceptionWhenDuplicateManagedListEntryFound() {
var desired = loadResource("nginx-deployment.yaml", Deployment.class);
var actual =
loadResource("deployment-with-managed-fields-additional-controller.yaml", Deployment.class);
final var container = actual.getSpec().getTemplate().getSpec().getContainers().get(0);
actual.getSpec().getTemplate().getSpec().getContainers().add(container);

assertThatThrownBy(() -> matcher.matches(actual, desired, mockedContext))
.isInstanceOf(IllegalStateException.class)
.hasMessage(
"More targets found in list element for key: {\"name\":\"nginx\"} in map: [[image,"
+ " imagePullPolicy, name, ports, resources, terminationMessagePath,"
+ " terminationMessagePolicy], [image, imagePullPolicy, name, ports, resources,"
+ " terminationMessagePath, terminationMessagePolicy]]");
}

// in the example the owner reference in a list is referenced by "k:", while all the fields are
// managed but not listed
@Test
void emptyListElementMatchesAllFields() {
Expand Down Expand Up @@ -116,45 +199,11 @@ void addedLabelInDesiredMakesMatchFail() {
}

@Test
@SuppressWarnings("unchecked")
void sortListItemsTest() {
var nestedMap1 = new HashMap<String, Object>();
nestedMap1.put("z", 26);
nestedMap1.put("y", 25);

var nestedMap2 = new HashMap<String, Object>();
nestedMap2.put("b", 26);
nestedMap2.put("c", 25);
nestedMap2.put("a", 24);

var unsortedListItems = List.<Object>of(1, nestedMap1, nestedMap2);
var sortedListItems = matcher.sortListItems(unsortedListItems);
assertThat(sortedListItems).element(0).isEqualTo(1);

var sortedNestedMap1 = (Map<String, Object>) sortedListItems.get(1);
assertThat(sortedNestedMap1.keySet()).containsExactly("y", "z");
void withFinalizer() {
var desired = loadResource("secret-with-finalizer-desired.yaml", Secret.class);
var actual = loadResource("secret-with-finalizer.yaml", Secret.class);

var sortedNestedMap2 = (Map<String, Object>) sortedListItems.get(2);
assertThat(sortedNestedMap2.keySet()).containsExactly("a", "b", "c");
}

@Test
@SuppressWarnings("unchecked")
void testSortMapWithNestedMap() {
var nestedMap = new HashMap<String, Object>();
nestedMap.put("z", 26);
nestedMap.put("y", 25);

var unsortedMap = new HashMap<String, Object>();
unsortedMap.put("b", nestedMap);
unsortedMap.put("a", 1);
unsortedMap.put("c", 2);

var sortedMap = matcher.sortMap(unsortedMap);
assertThat(sortedMap.keySet()).containsExactly("a", "b", "c");

var sortedNestedMap = (Map<String, Object>) sortedMap.get("b");
assertThat(sortedNestedMap.keySet()).containsExactly("y", "z");
assertThat(matcher.matches(actual, desired, mockedContext)).isTrue();
}

@ParameterizedTest
Expand Down Expand Up @@ -203,6 +252,23 @@ void testSanitizeState_statefulSetWithResources_withMismatch() {
assertThat(matcher.matches(actualStatefulSet, desiredStatefulSet, mockedContext)).isFalse();
}

@Test
void testSanitizeState_statefulSet_withResourceTypeMismatch() {
var desiredReplicaSet = loadResource("sample-rs-resources-desired.yaml", ReplicaSet.class);
var actualStatefulSet = loadResource("sample-sts-resources.yaml", StatefulSet.class);

assertThat(matcher.matches(actualStatefulSet, desiredReplicaSet, mockedContext)).isFalse();
}

@Test
void testSanitizeState_deployment_withResourceTypeMismatch() {
var desiredReplicaSet = loadResource("sample-rs-resources-desired.yaml", ReplicaSet.class);
var actualDeployment =
loadResource("deployment-with-managed-fields-additional-controller.yaml", Deployment.class);

assertThat(matcher.matches(actualDeployment, desiredReplicaSet, mockedContext)).isFalse();
}

@Test
void testSanitizeState_replicaSetWithResources() {
var desiredReplicaSet = loadResource("sample-rs-resources-desired.yaml", ReplicaSet.class);
Expand All @@ -220,6 +286,14 @@ void testSanitizeState_replicaSetWithResources_withMismatch() {
assertThat(matcher.matches(actualReplicaSet, desiredReplicaSet, mockedContext)).isFalse();
}

@Test
void testSanitizeState_replicaSet_withResourceTypeMismatch() {
var desiredDaemonSet = loadResource("sample-ds-resources-desired.yaml", DaemonSet.class);
var actualReplicaSet = loadResource("sample-rs-resources.yaml", ReplicaSet.class);

assertThat(matcher.matches(actualReplicaSet, desiredDaemonSet, mockedContext)).isFalse();
}

@Test
void testSanitizeState_daemonSetWithResources() {
var desiredDaemonSet = loadResource("sample-ds-resources-desired.yaml", DaemonSet.class);
Expand All @@ -236,6 +310,14 @@ void testSanitizeState_daemonSetWithResources_withMismatch() {
assertThat(matcher.matches(actualDaemonSet, desiredDaemonSet, mockedContext)).isFalse();
}

@Test
void testSanitizeState_daemonSet_withResourceTypeMismatch() {
var desiredReplicaSet = loadResource("sample-rs-resources-desired.yaml", ReplicaSet.class);
var actualDaemonSet = loadResource("sample-ds-resources.yaml", DaemonSet.class);

assertThat(matcher.matches(actualDaemonSet, desiredReplicaSet, mockedContext)).isFalse();
}

@ParameterizedTest
@ValueSource(booleans = {true, false})
void testCustomMatcher_returnsExpectedMatchBasedOnReadOnlyLabel(boolean readOnly) {
Expand All @@ -250,6 +332,52 @@ void testCustomMatcher_returnsExpectedMatchBasedOnReadOnlyLabel(boolean readOnly
.isEqualTo(readOnly);
}

@Test
void keepOnlyManagedFields_withInvalidManagedFieldsKey() {
assertThatThrownBy(
() ->
SSABasedGenericKubernetesResourceMatcher.keepOnlyManagedFields(
Map.of(),
Map.of(),
Map.of("invalid", 1),
mockedContext.getClient().getKubernetesSerialization())) //
.isInstanceOf(IllegalStateException.class) //
.hasMessage("Key: invalid has no prefix: f:");
}

@Test
@SuppressWarnings("unchecked")
void testSortMap() {
final var unsortedMap = Map.of("b", Map.of("z", 26, "y", 25), "a", List.of("w", "v"), "c", 2);

var sortedMap = SSABasedGenericKubernetesResourceMatcher.sortMap(unsortedMap);
assertThat(sortedMap.keySet()).containsExactly("a", "b", "c");

var sortedNestedMap = (Map<String, Object>) sortedMap.get("b");
assertThat(sortedNestedMap.keySet()).containsExactly("y", "z");
}

@Test
@SuppressWarnings("unchecked")
void testSortListItems() {
final var unsortedList =
List.of(1, Map.of("z", 26, "y", 25), Map.of("b", 26, "c", 25, "a", 24), List.of("w", "v"));

var sortedListItems = SSABasedGenericKubernetesResourceMatcher.sortListItems(unsortedList);
assertThat(sortedListItems).element(0).isEqualTo(1);

var sortedNestedMap1 = (Map<String, Object>) sortedListItems.get(1);
assertThat(sortedNestedMap1.keySet()).containsExactly("y", "z");

var sortedNestedMap2 = (Map<String, Object>) sortedListItems.get(2);
assertThat(sortedNestedMap2.keySet()).containsExactly("a", "b", "c");
}

private static <R> R loadResource(String fileName, Class<R> clazz) {
return ReconcilerUtils.loadYaml(
clazz, SSABasedGenericKubernetesResourceMatcherTest.class, fileName);
}

private static class ReadOnlyAwareMatcher<T extends HasMetadata>
extends SSABasedGenericKubernetesResourceMatcher<T> {
@Override
Expand All @@ -266,9 +394,4 @@ protected boolean matches(
return actualMap.equals(desiredMap);
}
}

private static <R> R loadResource(String fileName, Class<R> clazz) {
return ReconcilerUtils.loadYaml(
clazz, SSABasedGenericKubernetesResourceMatcherTest.class, fileName);
}
}
2 changes: 0 additions & 2 deletions ...sdk/operator/processing/dependent/kubernetes/configmap.empty-owner-reference-desired.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,3 @@ metadata:
uid: 1ef74cb4-dbbd-45ef-9caf-aa76186594ea
data:
key1: "val1"


1 change: 1 addition & 0 deletions ...processing/dependent/kubernetes/deployment-with-managed-fields-additional-controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ metadata:
f:image: {}
f:name: {}
f:ports:
.: {}
k:{"containerPort":80,"protocol":"TCP"}:
.: {}
f:containerPort: {}
Expand Down
2 changes: 1 addition & 1 deletion ...javaoperatorsdk/operator/processing/dependent/kubernetes/multi-container-pod-desired.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,4 @@ spec:
- name: shared-data
mountPath: /data
command: ["/bin/sh"]
args: ["-c", "echo Level Up Blue Team! > /data/index.html"]
args: ["-c", "echo Level Up Blue Team! > /data/index.html"]
2 changes: 1 addition & 1 deletion ...rces/io/javaoperatorsdk/operator/processing/dependent/kubernetes/multi-container-pod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,4 +211,4 @@ status:
podIPs:
- ip: 10.244.0.3
qosClass: BestEffort
startTime: "2023-06-08T11:50:59Z"
startTime: "2023-06-08T11:50:59Z"
7 changes: 7 additions & 0 deletions ...resources/io/javaoperatorsdk/operator/processing/dependent/kubernetes/secret-desired.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: test1
namespace: default
data:
key1: "dmFsMQ=="
9 changes: 9 additions & 0 deletions ...vaoperatorsdk/operator/processing/dependent/kubernetes/secret-with-finalizer-desired.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
finalizers:
- test-finalizer
name: test1
namespace: default
data:
key1: "dmFsMQ=="
25 changes: 25 additions & 0 deletions ...es/io/javaoperatorsdk/operator/processing/dependent/kubernetes/secret-with-finalizer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
apiVersion: v1
data:
key1: "dmFsMQ=="
kind: Secret
metadata:
creationTimestamp: "2023-06-07T11:08:34Z"
finalizers:
- test-finalizer
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
f:key1: {}
f:metadata:
f:finalizers:
.: {}
v:"test-finalizer": {}
manager: controller
operation: Apply
time: "2023-06-07T11:08:34Z"
name: test1
namespace: default
resourceVersion: "400"
uid: 1d47f98f-ff1e-46d8-bbb5-6658ec488ae2
19 changes: 19 additions & 0 deletions ...rc/test/resources/io/javaoperatorsdk/operator/processing/dependent/kubernetes/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: v1
data:
key1: "dmFsMQ=="
kind: Secret
metadata:
creationTimestamp: "2023-06-07T11:08:34Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
f:key1: {}
manager: controller
operation: Apply
time: "2023-06-07T11:08:34Z"
name: test1
namespace: default
resourceVersion: "400"
uid: 1d47f98f-ff1e-46d8-bbb5-6658ec488ae2
Loading