Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3879 test acme issuer setup #3938

Merged
merged 8 commits into from
May 14, 2021
Merged

3879 test acme issuer setup #3938

merged 8 commits into from
May 14, 2021

Conversation

irbekrm
Copy link
Contributor

@irbekrm irbekrm commented Apr 29, 2021
edited
Loading

This PR adds unit tests for ACME issuer's Setup function.

This follows #3877 , see the comment about testing here .

Some notes:

  • This test is not a particularly good unit test- all the methods of Acme struct should be refactored to make them more testable. However, maybe it would be better if we merged (if we are going to at all) Remove /pkg/issuer in favour of individual controllers. #3695 first. Also maybe already having some unit test in place would make refactoring easier.

  • We usually unit test using test builder, which helps with mocking requests to kubernetes API server. It did not seem to make sense to use the test builder here because Setup does not have access to controller's context etc. This made it difficult to, for example, properly mock requests to create/list secrets. Again, refactoring Setup could help with this.

This PR slightly refactors the Setup function:

  • pulls out some calls to external dependencies, so they can be mocked in tests
  • turns a bunch of string literals into constants:
  • moves the updating of issuer's Ready condition to a deferred function here. As a side-effect of this change issuer's observed generation is updated every time the issuer gets synced- at the moment it ends up in incorrect state when the Setup function is called due to issuer's spec having changed and we hit this code path. (I have seen this when modifying issuer.spec.acme.externalAccountBinding for an already valid issuer). Perhaps this should have been a separate PR?

I think that the easiest way to code-review this PR might be to read through the test cases top to bottom and look at the Setup function's flow in parallel as the test cases are mostly ordered to follow the function's flow (/cc @wallrj ). The test does not cover all the code paths- I think that perhaps more thorough testing could be done after merging this PR when we are in a better position to refactor this function?

/kind cleanup

@jetstack-bot jetstack-bot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. area/acme Indicates a PR directly modifies the ACME Issuer code area/testing Issues relating to testing approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Apr 29, 2021
@irbekrm
Copy link
Contributor Author

irbekrm commented Apr 29, 2021

/release-note-none

@jetstack-bot jetstack-bot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Apr 29, 2021
@irbekrm
Copy link
Contributor Author

irbekrm commented Apr 29, 2021

/test pull-cert-manager-e2e-v1-20

@irbekrm irbekrm requested a review from wallrj April 29, 2021 13:13
@irbekrm irbekrm assigned JoshVanL and unassigned JoshVanL Apr 29, 2021
@irbekrm irbekrm requested a review from JoshVanL April 29, 2021 13:14
@jetstack-bot jetstack-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 7, 2021
irbekrm added 7 commits May 10, 2021 09:51
@irbekrm
Remove direct calls to external deps from Setup function
d8367cb 
Allow the functionality to set up a new ACME client and to retrieve and decode ACME account's key to be stubbed in tests

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Refactor Setup to make it more DRY + use consts instead of string lit…
f438ae3 
…erals

This commit also ensures that issuer's observed generation is updated in cases where the issuer spec has changed, but the re-registration is skipped as the current registration seems already valid

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Fix FakeRegistry.AddClient + ensure that FakeACME implements accounts…
c97b14a 
….Registry

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Adds a fake Secrets client
6318de5 
A simpler implementation than https://github.com/kubernetes/client-go/blob/master/kubernetes/typed/core/v1/fake/fake_secret.go and more suited for unit tests that don't spin up a controller

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Adds functionality to generate issuer conditions to gen
0c751f5 
So they can be generated in tests with less lines of code

Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Adds a few ACME-specific functions to issuer gen
284de09 
Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm
Adds a unit test for ACME issuer Setup function
e82ea35 
Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm irbekrm force-pushed the 3879_test_acme_issuer_setup branch from e0613c3 to e82ea35 Compare May 10, 2021 08:54
@jetstack-bot jetstack-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 10, 2021
@wallrj wallrj self-assigned this May 12, 2021
wallrj
wallrj reviewed May 12, 2021
View reviewed changes
Copy link
Member

@wallrj wallrj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @irbekrm and sorry for delay.
Here's a partial review....more to follow.

pkg/issuer/acme/setup.go Show resolved Hide resolved
pkg/issuer/acme/setup.go Show resolved Hide resolved
pkg/issuer/acme/setup.go Show resolved Hide resolved
pkg/issuer/acme/setup.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup.go Outdated
Comment on lines 66 to 88
apiutil.SetIssuerCondition(a.issuer, a.issuer.GetGeneration(), v1.IssuerConditionReady, cmmeta.ConditionFalse, "InvalidConfig",
fmt.Sprintf("Your ACME server URL is set to a v1 endpoint (%s). "+
"You should update the spec.acme.server field to %q", a.issuer.GetSpec().ACME.Server, newURL))
reason = errorInvalidConfig
msg = fmt.Sprintf(messageTemplateUpdateToV2, a.issuer.GetSpec().ACME.Server, newURL)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idea: Should we / do we have API validation to prevent people using these v1 endpoints? If not, perhaps we should.

pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Show resolved Hide resolved
wallrj
wallrj requested changes May 12, 2021
View reviewed changes
Copy link
Member

@wallrj wallrj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again @irbekrm

Here are some further remarks and suggestions which you can address or answer as you please.

I note there are still one or two areas of untested code in the Setup function, but the new coverage is great.

acme Go Coverage Report.pdf

pkg/issuer/acme/setup.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup.go Show resolved Hide resolved
pkg/issuer/acme/setup.go Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Outdated Show resolved Hide resolved
pkg/issuer/acme/setup_test.go Show resolved Hide resolved
@wallrj wallrj removed their assignment May 12, 2021
@wallrj wallrj mentioned this pull request May 12, 2021
Merged
@irbekrm
Copy link
Contributor Author

irbekrm commented May 13, 2021

/test pull-cert-manager-e2e-v1-20-feature-issuers-venafi-tpp

@irbekrm irbekrm mentioned this pull request May 13, 2021
Merged
@irbekrm irbekrm force-pushed the 3879_test_acme_issuer_setup branch from 3e4ac47 to c55f81b Compare May 14, 2021 09:23
@irbekrm irbekrm mentioned this pull request May 14, 2021
Closed
@irbekrm
Implement feedback from code review
9ecf896 
Signed-off-by: irbekrm <irbekrm@gmail.com>
@irbekrm irbekrm force-pushed the 3879_test_acme_issuer_setup branch from c55f81b to 9ecf896 Compare May 14, 2021 11:41
@jetstack-bot jetstack-bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels May 14, 2021
@irbekrm irbekrm mentioned this pull request May 14, 2021
Closed
@irbekrm
Copy link
Contributor Author

irbekrm commented May 14, 2021

Thank you very much for the code review @wallrj !

I have tried to address all the comments, in some cases by creating new issues.

Thank you for the coverage, this is very useful. I have added one new test case and created #4006 for testing the functionality for updating ACME account email.
The other sections that aren't covered by tests are namespace checking (I think perhaps the namespace should be set on Acme in caller), removal of ACME URI from Issuer status (this seems to be an intermittent step, not sure if there is a value in testing it) and some functionality in the helper functions (I think there needs to be a refactor of Setup which may change how helpers behave, not sure if it's worth testing them in depth in this test).

wallrj
wallrj approved these changes May 14, 2021
View reviewed changes
Copy link
Member

@wallrj wallrj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for all those followup issues and extra comments etc

/lgtm

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label May 14, 2021
@jetstack-bot jetstack-bot merged commit e941307 into cert-manager:master May 14, 2021
@jetstack-bot jetstack-bot added this to the v1.4 milestone May 14, 2021
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: irbekrm, wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@irbekrm irbekrm deleted the 3879_test_acme_issuer_setup branch May 14, 2021 12:49
@irbekrm irbekrm mentioned this pull request May 19, 2021
Closed
@maelvls maelvls mentioned this pull request Mar 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wallrj wallrj wallrj approved these changes

@JoshVanL JoshVanL Awaiting requested review from JoshVanL

Assignees

@wallrj wallrj

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme Indicates a PR directly modifies the ACME Issuer code area/testing Issues relating to testing dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
v1.4
Development

Successfully merging this pull request may close these issues.
4 participants
@irbekrm @jetstack-bot @wallrj @JoshVanL