Skip to content

Commit

Permalink
all tests passing
Browse files Browse the repository at this point in the history
  • Loading branch information
@jaroslaw-pieszka
jaroslaw-pieszka committed Aug 16, 2024
1 parent ba37688 commit 06b32b5
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 13 deletions.
3 changes: 2 additions & 1 deletion internal/process/provisioning/create_runtime_resource_step.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,8 @@ func (s *CreateRuntimeResourceStep) createSecurityConfiguration(operation intern
}

// In Runtime CR logic is positive, so we need to negate the value
security.Networking.Filter.Egress.Enabled = !*operation.ProvisioningParameters.ErsContext.DisableEnterprisePolicyFilter()
disabled := *operation.ProvisioningParameters.ErsContext.DisableEnterprisePolicyFilter()
security.Networking.Filter.Egress.Enabled = !disabled

// Ingress is not supported yet, nevertheless we set it for completeness
security.Networking.Filter.Ingress = &imv1.Ingress{Enabled: false}
Expand Down
41 changes: 29 additions & 12 deletions internal/process/provisioning/create_runtime_resource_step_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_SingleZone_EnforceSeed_ActualCre
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsKIMDriven(t, operation, runtime)
assertSecurityNoEgress(t, runtime)
assertSecurityEgressEnabled(t, runtime)

assert.True(t, *runtime.Spec.Shoot.EnforceSeedLocation)
assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
Expand Down Expand Up @@ -251,9 +251,9 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_SingleZone_DisableEnterpriseFilt
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsKIMDriven(t, operation, runtime)
assertSecurityWithNetworkingFilter(t, runtime, true)

assert.True(t, runtime.Spec.Security.Networking.Filter.Egress.Enabled)
assertSecurityEgressDisabled(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region)
assert.Equal(t, "production", string(runtime.Spec.Shoot.Purpose))
Expand Down Expand Up @@ -350,7 +350,7 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_SingleZone_DryRun_ActualCreation
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsProvisionerDriven(t, operation, runtime)
assertSecurityNoEgress(t, runtime)
assertSecurityEgressEnabled(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region)
Expand Down Expand Up @@ -404,7 +404,7 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_MultiZoneWithNetworking_ActualCr
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsKIMDriven(t, operation, runtime)
assertSecurityNoEgress(t, runtime)
assertSecurityEgressEnabled(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region)
Expand Down Expand Up @@ -454,7 +454,7 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_MultiZone_ActualCreation(t *test
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsKIMDriven(t, operation, runtime)
assertSecurityNoEgress(t, runtime)
assertSecurityEgressEnabled(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region)
Expand Down Expand Up @@ -499,7 +499,7 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ActualCreation(t
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsKIMDriven(t, operation, runtime)
assertSecurityNoEgress(t, runtime)
assertSecurityEgressEnabled(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region)
Expand Down Expand Up @@ -545,7 +545,7 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ActualCreation_Wi
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsKIMDriven(t, operation, runtime)
assertSecurityNoEgress(t, runtime)
assertSecurityEgressEnabled(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region)
Expand All @@ -565,7 +565,7 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ActualCreation_Wi
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsKIMDriven(t, operation, runtime)
assertSecurityNoEgress(t, runtime)
assertSecurityEgressEnabled(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region)
Expand Down Expand Up @@ -708,16 +708,20 @@ func Test_Defaults(t *testing.T) {

func assertSecurityWithDefaultAdministrator(t *testing.T, runtime imv1.Runtime) {
assert.ElementsMatch(t, runtime.Spec.Security.Administrators, []string{"User-operation-01"})
assert.Equal(t, runtime.Spec.Security.Networking.Filter.Egress, imv1.Egress(imv1.Egress{Enabled: false}))
assert.Equal(t, runtime.Spec.Security.Networking.Filter.Egress, imv1.Egress(imv1.Egress{Enabled: true}))
}

func assertSecurityNoEgress(t *testing.T, runtime imv1.Runtime) {
func assertSecurityEgressEnabled(t *testing.T, runtime imv1.Runtime) {
assertSecurityWithNetworkingFilter(t, runtime, true)
}

func assertSecurityEgressDisabled(t *testing.T, runtime imv1.Runtime) {
assertSecurityWithNetworkingFilter(t, runtime, false)
}

func assertSecurityWithNetworkingFilter(t *testing.T, runtime imv1.Runtime, egress bool) {
assert.ElementsMatch(t, runtime.Spec.Security.Administrators, runtimeAdministrators)
assert.Equal(t, runtime.Spec.Security.Networking.Filter.Egress, imv1.Egress(imv1.Egress{Enabled: egress}))
assert.Equal(t, runtime.Spec.Security.Networking.Filter.Egress, imv1.Egress{Enabled: egress})
}

func assertLabelsKIMDriven(t *testing.T, preOperation internal.Operation, runtime imv1.Runtime) {
Expand Down Expand Up @@ -756,6 +760,19 @@ func assertWorkers(t *testing.T, workers []gardener.Worker, machine string, maxi
assert.Equal(t, workers[0].Minimum, int32(minimum))
}

func assertWorkersWithVolume(t *testing.T, workers []gardener.Worker, machine string, maximum, minimum, maxSurge, maxUnavailable int, zoneCount int, zones []string, volumeSize, volumeType string) {
assert.Len(t, workers, 1)
assert.Len(t, workers[0].Zones, zoneCount)
assert.Subset(t, zones, workers[0].Zones)
assert.Equal(t, workers[0].Machine.Type, machine)
assert.Equal(t, workers[0].MaxSurge.IntValue(), maxSurge)
assert.Equal(t, workers[0].MaxUnavailable.IntValue(), maxUnavailable)
assert.Equal(t, workers[0].Maximum, int32(maximum))
assert.Equal(t, workers[0].Minimum, int32(minimum))
assert.Equal(t, workers[0].Volume.VolumeSize, volumeSize)
assert.Equal(t, *workers[0].Volume.Type, volumeType)
}

func assertNetworking(t *testing.T, expected imv1.Networking, actual imv1.Networking) {
assert.True(t, reflect.DeepEqual(expected, actual))
}
Expand Down

0 comments on commit 06b32b5

Please sign in to comment.