105 lines
3.5 KiB
Go
105 lines
3.5 KiB
Go
package kubernetes
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"testing"
|
|
|
|
portainer "github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/datastore"
|
|
"github.com/portainer/portainer/api/http/security"
|
|
"github.com/portainer/portainer/api/internal/authorization"
|
|
"github.com/portainer/portainer/api/internal/testhelpers"
|
|
"github.com/portainer/portainer/api/jwt"
|
|
"github.com/portainer/portainer/api/kubernetes"
|
|
kubeclient "github.com/portainer/portainer/api/kubernetes/cli"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func newNodeTestHandler(t *testing.T) (*Handler, *portainer.User, string) {
|
|
t.Helper()
|
|
|
|
srv := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
_, _ = w.Write([]byte(`{}`))
|
|
}))
|
|
t.Cleanup(srv.Close)
|
|
|
|
_, store := datastore.MustNewTestStore(t, true, true)
|
|
|
|
// KubernetesLocalEnvironment avoids the nil signatureService panic that
|
|
// AgentOnKubernetesEnvironment triggers via buildAgentConfig.
|
|
err := store.Endpoint().Create(&portainer.Endpoint{
|
|
ID: 1,
|
|
Type: portainer.KubernetesLocalEnvironment,
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
u := &portainer.User{Username: "admin", Role: portainer.AdministratorRole}
|
|
err = store.User().Create(u)
|
|
require.NoError(t, err)
|
|
|
|
jwtService, err := jwt.NewService("1h", store)
|
|
require.NoError(t, err)
|
|
|
|
tk, _, err := jwtService.GenerateToken(&portainer.TokenData{ID: u.ID, Username: u.Username, Role: u.Role})
|
|
require.NoError(t, err)
|
|
|
|
kubeClusterAccessService := kubernetes.NewKubeClusterAccessService("", "", "")
|
|
|
|
srvURL, err := url.Parse(srv.URL)
|
|
require.NoError(t, err)
|
|
|
|
cli := testhelpers.NewKubernetesClient()
|
|
factory, err := kubeclient.NewClientFactory(nil, nil, store, "", ":"+srvURL.Port(), "")
|
|
require.NoError(t, err)
|
|
|
|
authorizationService := authorization.NewService(store)
|
|
handler := NewHandler(testhelpers.NewTestRequestBouncer(), authorizationService, store, jwtService, kubeClusterAccessService, factory, cli)
|
|
|
|
return handler, u, tk
|
|
}
|
|
|
|
func newNodeRequest(t *testing.T, method, path string, u *portainer.User, tk string) *http.Request {
|
|
t.Helper()
|
|
|
|
req := httptest.NewRequest(method, path, nil)
|
|
ctx := security.StoreTokenData(req, &portainer.TokenData{ID: u.ID, Username: u.Username, Role: u.Role})
|
|
req = req.WithContext(ctx)
|
|
ctx = security.StoreRestrictedRequestContext(req, &security.RestrictedRequestContext{IsAdmin: true, UserID: u.ID})
|
|
req = req.WithContext(ctx)
|
|
testhelpers.AddTestSecurityCookie(req, tk)
|
|
return req
|
|
}
|
|
|
|
func TestGetKubernetesNodes_ReachesKubernetesLayer(t *testing.T) {
|
|
t.Parallel()
|
|
handler, u, tk := newNodeTestHandler(t)
|
|
|
|
req := newNodeRequest(t, http.MethodGet, "/kubernetes/1/nodes", u, tk)
|
|
|
|
rr := httptest.NewRecorder()
|
|
handler.ServeHTTP(rr, req)
|
|
|
|
// The TLS test server returns "{}" which the k8s client decodes as an empty
|
|
// NodeList, so the handler returns 200 with an empty array.
|
|
assert.NotEqual(t, http.StatusBadRequest, rr.Code, "should not be rejected at the handler layer")
|
|
assert.NotEqual(t, http.StatusNotFound, rr.Code, "route must be registered")
|
|
assert.Equal(t, http.StatusOK, rr.Code)
|
|
}
|
|
|
|
func TestGetKubernetesNodes_WrongMethodReturns404(t *testing.T) {
|
|
t.Parallel()
|
|
handler, u, tk := newNodeTestHandler(t)
|
|
|
|
req := newNodeRequest(t, http.MethodPost, "/kubernetes/1/nodes", u, tk)
|
|
|
|
rr := httptest.NewRecorder()
|
|
handler.ServeHTTP(rr, req)
|
|
|
|
// Gorilla mux returns 404 for unregistered methods when no MethodNotAllowedHandler is set.
|
|
assert.Equal(t, http.StatusNotFound, rr.Code)
|
|
}
|