mirror of https://github.com/status-im/consul.git
165 lines
5.9 KiB
Go
165 lines
5.9 KiB
Go
|
// Copyright (c) HashiCorp, Inc.
|
||
|
// SPDX-License-Identifier: BUSL-1.1
|
||
|
|
||
|
package tenancytest
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/stretchr/testify/require"
|
||
|
"github.com/stretchr/testify/suite"
|
||
|
|
||
|
svc "github.com/hashicorp/consul/agent/grpc-external/services/resource"
|
||
|
svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing"
|
||
|
"github.com/hashicorp/consul/internal/controller"
|
||
|
"github.com/hashicorp/consul/internal/resource"
|
||
|
"github.com/hashicorp/consul/internal/resource/demo"
|
||
|
rtest "github.com/hashicorp/consul/internal/resource/resourcetest"
|
||
|
"github.com/hashicorp/consul/internal/tenancy"
|
||
|
"github.com/hashicorp/consul/internal/tenancy/internal/controllers/common"
|
||
|
"github.com/hashicorp/consul/internal/tenancy/internal/controllers/namespace"
|
||
|
"github.com/hashicorp/consul/proto-public/pbresource"
|
||
|
pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1"
|
||
|
pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v1"
|
||
|
"github.com/hashicorp/consul/sdk/testutil"
|
||
|
"github.com/hashicorp/consul/sdk/testutil/retry"
|
||
|
)
|
||
|
|
||
|
// Due to a circular dependency, this test can't reside in the package next to the controller it is testing.
|
||
|
|
||
|
type nsTestSuite struct {
|
||
|
suite.Suite
|
||
|
|
||
|
client *rtest.Client
|
||
|
runtime controller.Runtime
|
||
|
ctx context.Context
|
||
|
registry resource.Registry
|
||
|
}
|
||
|
|
||
|
func (ts *nsTestSuite) SetupTest() {
|
||
|
ts.registry = resource.NewRegistry()
|
||
|
tenancyBridge := tenancy.NewV2TenancyBridge()
|
||
|
config := svc.Config{TenancyBridge: tenancyBridge, Registry: ts.registry, UseV2Tenancy: true}
|
||
|
resourceClient := svctest.RunResourceServiceWithConfig(ts.T(), config, tenancy.RegisterTypes, demo.RegisterTypes)
|
||
|
tenancyBridge.WithClient(resourceClient)
|
||
|
ts.client = rtest.NewClient(resourceClient)
|
||
|
ts.runtime = controller.Runtime{Client: resourceClient, Logger: testutil.Logger(ts.T())}
|
||
|
ts.ctx = testutil.TestContext(ts.T())
|
||
|
|
||
|
mgr := controller.NewManager(ts.client, testutil.Logger(ts.T()))
|
||
|
mgr.Register(namespace.Controller(ts.registry))
|
||
|
mgr.SetRaftLeader(true)
|
||
|
ctx, cancel := context.WithCancel(context.Background())
|
||
|
ts.T().Cleanup(cancel)
|
||
|
go mgr.Run(ctx)
|
||
|
}
|
||
|
|
||
|
func (ts *nsTestSuite) waitForReconciliation(id *pbresource.ID, reason string) {
|
||
|
ts.T().Helper()
|
||
|
|
||
|
retry.Run(ts.T(), func(r *retry.R) {
|
||
|
rsp, err := ts.client.Read(context.Background(), &pbresource.ReadRequest{
|
||
|
Id: id,
|
||
|
})
|
||
|
require.NoError(r, err)
|
||
|
|
||
|
status, found := rsp.Resource.Status[namespace.StatusKey]
|
||
|
require.True(r, found)
|
||
|
require.Len(r, status.Conditions, 1)
|
||
|
require.Equal(r, reason, status.Conditions[0].Reason)
|
||
|
})
|
||
|
}
|
||
|
|
||
|
func (ts *nsTestSuite) TestNamespaceController_HappyPath() {
|
||
|
// Create namespace ns1
|
||
|
ns1 := rtest.Resource(pbtenancy.NamespaceType, "ns1").
|
||
|
// Keep this CE friendly by using default partition
|
||
|
WithTenancy(resource.DefaultPartitionedTenancy()).
|
||
|
WithData(ts.T(), &pbtenancy.Namespace{Description: "namespace ns1"}).
|
||
|
Write(ts.T(), ts.client)
|
||
|
|
||
|
// Wait for it to be accepted
|
||
|
ts.waitForReconciliation(ns1.Id, common.ReasonAcceptedOK)
|
||
|
|
||
|
// Verify namespace finalizer added
|
||
|
ns1 = ts.client.RequireResourceMeta(ts.T(), ns1.Id, resource.FinalizerKey, namespace.StatusKey)
|
||
|
|
||
|
// Add a namespace scoped tenant to the namespace
|
||
|
artist1 := rtest.Resource(demo.TypeV1Artist, "moonchild").
|
||
|
WithTenancy(&pbresource.Tenancy{
|
||
|
Partition: resource.DefaultPartitionName,
|
||
|
Namespace: ns1.Id.Name,
|
||
|
PeerName: resource.DefaultPeerName,
|
||
|
}).
|
||
|
WithData(ts.T(), &pbdemo.Artist{Name: "Moonchild"}).
|
||
|
Write(ts.T(), ts.client)
|
||
|
|
||
|
// Delete the namespace
|
||
|
_, err := ts.client.Delete(ts.ctx, &pbresource.DeleteRequest{Id: ns1.Id})
|
||
|
require.NoError(ts.T(), err)
|
||
|
|
||
|
// Wait for the namespace to be deleted
|
||
|
ts.client.WaitForDeletion(ts.T(), ns1.Id)
|
||
|
|
||
|
// Verify tenants deleted.
|
||
|
ts.client.RequireResourceNotFound(ts.T(), artist1.Id)
|
||
|
}
|
||
|
|
||
|
func (ts *nsTestSuite) TestNamespaceController_DeleteBlockedByTenantsWithFinalizers() {
|
||
|
// Create namespace ns1
|
||
|
ns1 := rtest.Resource(pbtenancy.NamespaceType, "ns1").
|
||
|
WithTenancy(resource.DefaultPartitionedTenancy()).
|
||
|
WithData(ts.T(), &pbtenancy.Namespace{Description: "namespace ns1"}).
|
||
|
Write(ts.T(), ts.client)
|
||
|
|
||
|
// Wait for it to be accepted
|
||
|
ts.waitForReconciliation(ns1.Id, common.ReasonAcceptedOK)
|
||
|
|
||
|
// Add artist to namespace
|
||
|
_ = rtest.Resource(demo.TypeV1Artist, "weezer").
|
||
|
WithTenancy(&pbresource.Tenancy{
|
||
|
Partition: resource.DefaultPartitionName,
|
||
|
Namespace: ns1.Id.Name,
|
||
|
PeerName: resource.DefaultPeerName,
|
||
|
}).
|
||
|
WithData(ts.T(), &pbdemo.Artist{Name: "Weezer"}).
|
||
|
Write(ts.T(), ts.client)
|
||
|
|
||
|
// Add another artist to namespace with a finalizer so that is blocks namespace deletion.
|
||
|
artist2 := rtest.Resource(demo.TypeV1Artist, "foofighters").
|
||
|
WithTenancy(&pbresource.Tenancy{
|
||
|
Partition: resource.DefaultPartitionName,
|
||
|
Namespace: ns1.Id.Name,
|
||
|
PeerName: resource.DefaultPeerName,
|
||
|
}).
|
||
|
WithData(ts.T(), &pbdemo.Artist{Name: "Foo Fighters"}).
|
||
|
WithMeta(resource.FinalizerKey, "finalizer2").
|
||
|
Write(ts.T(), ts.client)
|
||
|
|
||
|
// Delete the namespace - this activates the controller logic to delete all tenants
|
||
|
ts.client.Delete(ts.ctx, &pbresource.DeleteRequest{Id: ns1.Id})
|
||
|
|
||
|
// Delete should be blocked by artist2 tenant with finalizer
|
||
|
ts.client.WaitForStatusConditionAnyGen(ts.T(), ns1.Id, namespace.StatusKey, &pbresource.Condition{
|
||
|
Type: common.ConditionDeleted,
|
||
|
State: pbresource.Condition_STATE_FALSE,
|
||
|
Reason: common.ReasonDeletionInProgress,
|
||
|
Message: common.ErrStillHasTenants.Error(),
|
||
|
})
|
||
|
|
||
|
// Remove the finalizer on artist2 to unblock deletion of ns1
|
||
|
artist2 = ts.client.RequireResourceExists(ts.T(), artist2.Id)
|
||
|
resource.RemoveFinalizer(artist2, "finalizer2")
|
||
|
_, err := ts.client.Write(ts.ctx, &pbresource.WriteRequest{Resource: artist2})
|
||
|
require.NoError(ts.T(), err)
|
||
|
|
||
|
// The final reconcile should delete artist since it was marked for deletion and
|
||
|
// and has no finalizers. Given no more tenants, wait for namespace to be deleted.
|
||
|
ts.client.WaitForDeletion(ts.T(), ns1.Id)
|
||
|
}
|
||
|
|
||
|
func TestNamespaceControllerSuite(t *testing.T) {
|
||
|
suite.Run(t, new(nsTestSuite))
|
||
|
}
|