Move codes to pkg (#46)

pkg/ingress/kube/annotations/auth_test.go

@@ -0,0 +1,196 @@
+// Copyright (c) 2022 Alibaba Group Holding Ltd.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package annotations
+
+import (
+	"context"
+	"reflect"
+	"testing"
+	"time"
+
+	"istio.io/istio/pilot/pkg/model"
+	"istio.io/istio/pilot/pkg/util/sets"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/informers"
+	"k8s.io/client-go/kubernetes/fake"
+	listerv1 "k8s.io/client-go/listers/core/v1"
+	"k8s.io/client-go/tools/cache"
+
+	"github.com/alibaba/higress/pkg/ingress/kube/util"
+)
+
+func TestAuthParse(t *testing.T) {
+	auth := auth{}
+	inputCases := []struct {
+		input         map[string]string
+		secret        *v1.Secret
+		expect        *AuthConfig
+		watchedSecret string
+	}{
+		{
+			secret: &v1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "bar",
+					Namespace: "foo",
+				},
+				Data: map[string][]byte{
+					"auth": []byte("A:a\nB:b"),
+				},
+			},
+		},
+		{
+			input: map[string]string{
+				buildNginxAnnotationKey(authType): "digest",
+			},
+			expect: nil,
+			secret: &v1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "bar",
+					Namespace: "foo",
+				},
+				Data: map[string][]byte{
+					"auth": []byte("A:a\nB:b"),
+				},
+			},
+		},
+		{
+			input: map[string]string{
+				buildNginxAnnotationKey(authType):    defaultAuthType,
+				buildMSEAnnotationKey(authSecretAnn): "foo/bar",
+			},
+			secret: &v1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "bar",
+					Namespace: "foo",
+				},
+				Data: map[string][]byte{
+					"auth": []byte("A:a\nB:b"),
+				},
+			},
+			expect: &AuthConfig{
+				AuthType: defaultAuthType,
+				AuthSecret: util.ClusterNamespacedName{
+					NamespacedName: model.NamespacedName{
+						Namespace: "foo",
+						Name:      "bar",
+					},
+					ClusterId: "cluster",
+				},
+				Credentials: []string{"A:a", "B:b"},
+			},
+			watchedSecret: "cluster/foo/bar",
+		},
+		{
+			input: map[string]string{
+				buildNginxAnnotationKey(authType):          defaultAuthType,
+				buildMSEAnnotationKey(authSecretAnn):       "foo/bar",
+				buildNginxAnnotationKey(authSecretTypeAnn): string(authMapAuthSecretType),
+			},
+			secret: &v1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "bar",
+					Namespace: "foo",
+				},
+				Data: map[string][]byte{
+					"A": []byte("a"),
+					"B": []byte("b"),
+				},
+			},
+			expect: &AuthConfig{
+				AuthType: defaultAuthType,
+				AuthSecret: util.ClusterNamespacedName{
+					NamespacedName: model.NamespacedName{
+						Namespace: "foo",
+						Name:      "bar",
+					},
+					ClusterId: "cluster",
+				},
+				Credentials: []string{"A:a", "B:b"},
+			},
+			watchedSecret: "cluster/foo/bar",
+		},
+		{
+			input: map[string]string{
+				buildNginxAnnotationKey(authType):          defaultAuthType,
+				buildMSEAnnotationKey(authSecretAnn):       "bar",
+				buildNginxAnnotationKey(authSecretTypeAnn): string(authFileAuthSecretType),
+			},
+			secret: &v1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "bar",
+					Namespace: "default",
+				},
+				Data: map[string][]byte{
+					"auth": []byte("A:a\nB:b"),
+				},
+			},
+			expect: &AuthConfig{
+				AuthType: defaultAuthType,
+				AuthSecret: util.ClusterNamespacedName{
+					NamespacedName: model.NamespacedName{
+						Namespace: "default",
+						Name:      "bar",
+					},
+					ClusterId: "cluster",
+				},
+				Credentials: []string{"A:a", "B:b"},
+			},
+			watchedSecret: "cluster/default/bar",
+		},
+	}
+
+	for _, inputCase := range inputCases {
+		t.Run("", func(t *testing.T) {
+			config := &Ingress{
+				Meta: Meta{
+					Namespace: "default",
+					ClusterId: "cluster",
+				},
+			}
+
+			globalContext, cancel := initGlobalContext(inputCase.secret)
+			defer cancel()
+
+			_ = auth.Parse(inputCase.input, config, globalContext)
+			if !reflect.DeepEqual(inputCase.expect, config.Auth) {
+				t.Fatal("Should be equal")
+			}
+
+			if inputCase.watchedSecret != "" {
+				if !globalContext.WatchedSecrets.Contains(inputCase.watchedSecret) {
+					t.Fatalf("Should watch secret %s", inputCase.watchedSecret)
+				}
+			}
+		})
+	}
+}
+
+func initGlobalContext(secret *v1.Secret) (*GlobalContext, context.CancelFunc) {
+	ctx, cancel := context.WithCancel(context.Background())
+
+	client := fake.NewSimpleClientset(secret)
+	informerFactory := informers.NewSharedInformerFactory(client, time.Hour)
+	secretInformer := informerFactory.Core().V1().Secrets()
+	go secretInformer.Informer().Run(ctx.Done())
+	cache.WaitForCacheSync(ctx.Done(), secretInformer.Informer().HasSynced)
+
+	return &GlobalContext{
+		WatchedSecrets: sets.NewSet(),
+		ClusterSecretLister: map[string]listerv1.SecretLister{
+			"cluster": secretInformer.Lister(),
+		},
+	}, cancel
+}