Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
126 changes: 126 additions & 0 deletions pkg/util/cluster_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -550,3 +550,129 @@ func TestObtainClusterID(t *testing.T) {
})
}
}

func TestIsClusterReady(t *testing.T) {
tests := []struct {
name string
clusterStatus *clusterv1alpha1.ClusterStatus
want bool
}{
{
name: "no conditions",
clusterStatus: &clusterv1alpha1.ClusterStatus{},
want: false,
},
{
name: "Ready condition is True",
clusterStatus: &clusterv1alpha1.ClusterStatus{
Conditions: []metav1.Condition{
{
Type: clusterv1alpha1.ClusterConditionReady,
Status: metav1.ConditionTrue,
},
},
},
want: true,
},
{
name: "Ready condition is False",
clusterStatus: &clusterv1alpha1.ClusterStatus{
Conditions: []metav1.Condition{
{
Type: clusterv1alpha1.ClusterConditionReady,
Status: metav1.ConditionFalse,
},
},
},
want: false,
},
{
name: "Ready condition is Unknown",
clusterStatus: &clusterv1alpha1.ClusterStatus{
Conditions: []metav1.Condition{
{
Type: clusterv1alpha1.ClusterConditionReady,
Status: metav1.ConditionUnknown,
},
},
},
want: false,
},
{
name: "Ready condition absent but other conditions present",
clusterStatus: &clusterv1alpha1.ClusterStatus{
Conditions: []metav1.Condition{
{
Type: "SomeOtherCondition",
Status: metav1.ConditionTrue,
},
Comment on lines +605 to +608
},
},
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := IsClusterReady(tt.clusterStatus); got != tt.want {
t.Errorf("IsClusterReady() = %v, want %v", got, tt.want)
}
})
}
}

func TestClusterAccessCredentialChanged(t *testing.T) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The ClusterAccessCredentialChanged function in pkg/util/cluster.go currently does not check if SecretRef or ImpersonatorSecretRef has changed. If a user updates these references to point to a different secret, the function will incorrectly return false (assuming other fields like APIEndpoint are identical). This means credential changes might not be detected.

Consider updating ClusterAccessCredentialChanged in pkg/util/cluster.go to include these fields, and then add corresponding test cases here to verify that behavior.

tests := []struct {
name string
newSpec clusterv1alpha1.ClusterSpec
oldSpec clusterv1alpha1.ClusterSpec
want bool
}{
{
name: "identical specs — no change",
newSpec: clusterv1alpha1.ClusterSpec{APIEndpoint: "https://k8s.example.com"},
oldSpec: clusterv1alpha1.ClusterSpec{APIEndpoint: "https://k8s.example.com"},
want: false,
},
{
name: "APIEndpoint changed",
newSpec: clusterv1alpha1.ClusterSpec{APIEndpoint: "https://new.example.com"},
oldSpec: clusterv1alpha1.ClusterSpec{APIEndpoint: "https://old.example.com"},
want: true,
},
{
name: "InsecureSkipTLSVerification changed",
newSpec: clusterv1alpha1.ClusterSpec{InsecureSkipTLSVerification: true},
oldSpec: clusterv1alpha1.ClusterSpec{InsecureSkipTLSVerification: false},
want: true,
},
{
name: "ProxyURL changed",
newSpec: clusterv1alpha1.ClusterSpec{ProxyURL: "http://proxy.new.example.com"},
oldSpec: clusterv1alpha1.ClusterSpec{ProxyURL: "http://proxy.old.example.com"},
want: true,
},
{
name: "ProxyHeader changed",
newSpec: clusterv1alpha1.ClusterSpec{
ProxyHeader: map[string]string{"X-Auth": "new-token"},
},
oldSpec: clusterv1alpha1.ClusterSpec{
ProxyHeader: map[string]string{"X-Auth": "old-token"},
},
want: true,
},
{
name: "empty specs — no change",
newSpec: clusterv1alpha1.ClusterSpec{},
oldSpec: clusterv1alpha1.ClusterSpec{},
want: false,
},
Comment on lines +664 to +669

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

It is important to verify that changes to non-credential fields (such as SyncMode, Provider, Region, etc.) do not trigger a credential change detection. Adding a test case for this ensures that ClusterAccessCredentialChanged only returns true for actual credential-related changes.

		{
			name:    "empty specs — no change",
			newSpec: clusterv1alpha1.ClusterSpec{},
			oldSpec: clusterv1alpha1.ClusterSpec{},
			want:    false,
		},
		{
			name:    "non-credential fields changed — no change",
			newSpec: clusterv1alpha1.ClusterSpec{
				APIEndpoint: "https://k8s.example.com",
				SyncMode:    clusterv1alpha1.Push,
			},
			oldSpec: clusterv1alpha1.ClusterSpec{
				APIEndpoint: "https://k8s.example.com",
				SyncMode:    clusterv1alpha1.Pull,
			},
			want:    false,
		},

Comment on lines +664 to +669
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := ClusterAccessCredentialChanged(tt.newSpec, tt.oldSpec); got != tt.want {
t.Errorf("ClusterAccessCredentialChanged() = %v, want %v", got, tt.want)
}
})
}
}