kubevela/pkg/controller/utils/capability_test.go

/*
 Copyright 2021 The KubeVela Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.

*/

package utils

import (
	"context"
	"fmt"
	"os"
	"strings"
	"testing"

	"github.com/crossplane/crossplane-runtime/pkg/test"
	"github.com/google/go-cmp/cmp"
	"github.com/stretchr/testify/assert"
	"sigs.k8s.io/controller-runtime/pkg/client"
	"sigs.k8s.io/controller-runtime/pkg/client/fake"

	"github.com/oam-dev/kubevela/apis/core.oam.dev/common"
	"github.com/oam-dev/kubevela/apis/core.oam.dev/v1beta1"
	"github.com/oam-dev/kubevela/pkg/appfile"
	"github.com/oam-dev/kubevela/pkg/oam/util"

	gitssh "github.com/go-git/go-git/v5/plumbing/transport/ssh"
	"golang.org/x/crypto/ssh/testdata"
	corev1 "k8s.io/api/core/v1"
	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

const TestDir = "testdata/definition"

func TestGetOpenAPISchema(t *testing.T) {
	type want struct {
		data string
		err  error
	}
	cases := map[string]struct {
		reason string
		name   string
		data   string
		want   want
	}{
		"parameter in cue is a structure type,": {
			reason: "Prepare a normal parameter cue file",
			name:   "workload1",
			data: `
project: {
	name: string
}

	parameter: {
	min: int
}
`,
			want: want{data: "{\"properties\":{\"min\":{\"title\":\"min\",\"type\":\"integer\"}},\"required\":[\"min\"],\"type\":\"object\"}", err: nil},
		},
		"parameter in cue is a dict type,": {
			reason: "Prepare a normal parameter cue file",
			name:   "workload2",
			data: `
annotations: {
	for k, v in parameter {
		"\(k)": v
	}
}

parameter: [string]: string
`,
			want: want{data: `{"additionalProperties":{"type":"string"},"type":"object"}`, err: nil},
		},
		"parameter in cue is a string type,": {
			reason: "Prepare a normal parameter cue file",
			name:   "workload3",
			data: `
annotations: {
	"test":parameter
}

   parameter:string
`,
			want: want{data: "{\"type\":\"string\"}", err: nil},
		},
		"parameter in cue is a list type,": {
			reason: "Prepare a list parameter cue file",
			name:   "workload4",
			data: `
annotations: {
	"test":parameter
}

   parameter:[...string]
`,
			want: want{data: "{\"items\":{\"type\":\"string\"},\"type\":\"array\"}", err: nil},
		},
		"parameter in cue is an int type,": {
			reason: "Prepare an int parameter cue file",
			name:   "workload5",
			data: `
annotations: {
	"test":parameter
}

   parameter: int
`,
			want: want{data: "{\"type\":\"integer\"}", err: nil},
		},
		"parameter in cue is a float type,": {
			reason: "Prepare a float parameter cue file",
			name:   "workload6",
			data: `
annotations: {
	"test":parameter
}

   parameter: float
`,
			want: want{data: "{\"type\":\"number\"}", err: nil},
		},
		"parameter in cue is a bool type,": {
			reason: "Prepare a bool parameter cue file",
			name:   "workload7",
			data: `
annotations: {
	"test":parameter
}

   parameter: bool
`,
			want: want{data: "{\"type\":\"boolean\"}", err: nil},
		},
		"cue doesn't contain parameter section": {
			reason: "Prepare a cue file which doesn't contain `parameter` section",
			name:   "invalidWorkload",
			data: `
project: {
	name: string
}

noParameter: {
	min: int
}
`,
			want: want{data: "{\"type\":\"object\"}", err: nil},
		},
		"cue doesn't parse other sections except parameter": {
			reason: "Prepare a cue file which contains `context.appName` field",
			name:   "withContextField",
			data: `
patch: {
	spec: template: metadata: labels: {
		for k, v in parameter {
			"\(k)": v
		}
	}
	spec: template: metadata: annotations: {
		"route-name.oam.dev": #routeName
	}
}

#routeName: "\(context.appName)-\(context.name)"

parameter: [string]: string
`,
			want: want{data: `{"additionalProperties":{"type":"string"},"type":"object"}`, err: nil},
		},
	}

	for name, tc := range cases {
		t.Run(name, func(t *testing.T) {
			schematic := &common.Schematic{
				CUE: &common.CUE{
					Template: tc.data,
				},
			}
			capability, _ := appfile.ConvertTemplateJSON2Object(tc.name, nil, schematic)
			schema, err := getOpenAPISchema(context.Background(), capability)
			if diff := cmp.Diff(tc.want.err, err, test.EquateErrors()); diff != "" {
				t.Errorf("\n%s\ngetOpenAPISchema(...): -want error, +got error:\n%s", tc.reason, diff)
			}
			if tc.want.err == nil {
				assert.Equal(t, string(schema), tc.want.data)
			}
		})
	}
}

func TestNewCapabilityComponentDef(t *testing.T) {
	terraform := &common.Terraform{
		Configuration: "test",
	}
	componentDefinition := &v1beta1.ComponentDefinition{
		Spec: v1beta1.ComponentDefinitionSpec{
			Schematic: &common.Schematic{
				Terraform: terraform,
			},
		},
	}
	def := NewCapabilityComponentDef(componentDefinition)
	assert.Equal(t, def.WorkloadType, util.TerraformDef)
	assert.Equal(t, def.Terraform, terraform)
}

func TestGetOpenAPISchemaFromTerraformComponentDefinition(t *testing.T) {
	type want struct {
		subStr string
		err    error
	}
	cases := map[string]struct {
		configuration string
		want          want
	}{
		"valid": {
			configuration: `
module "rds" {
  source = "terraform-alicloud-modules/rds/alicloud"
  engine = "MySQL"
  engine_version = "8.0"
  instance_type = "rds.mysql.c1.large"
  instance_storage = "20"
  instance_name = var.instance_name
  account_name = var.account_name
  password = var.password
}

output "DB_NAME" {
  value = module.rds.this_db_instance_name
}
output "DB_USER" {
  value = module.rds.this_db_database_account
}
output "DB_PORT" {
  value = module.rds.this_db_instance_port
}
output "DB_HOST" {
  value = module.rds.this_db_instance_connection_string
}
output "DB_PASSWORD" {
  value = module.rds.this_db_instance_port
}

variable "instance_name" {
  description = "RDS instance name"
  type = string
  default = "poc"
}

variable "account_name" {
  description = "RDS instance user account name"
  type = "string"
  default = "oam"
}

variable "password" {
  description = "RDS instance account password"
  type = "string"
  default = "xxx"
}

variable "intVar" {
  type = "number"
}`,
			want: want{
				subStr: `"required":["intVar"]`,
				err:    nil,
			},
		},
		"null type variable": {
			configuration: `
variable "name" {
  default = "abc"
}`,
			want: want{
				subStr: "abc",
				err:    nil,
			},
		},
		"null type variable, while default value is a slice": {
			configuration: `
variable "name" {
  default = [123]
}`,
			want: want{
				subStr: "123",
				err:    nil,
			},
		},
		"null type variable, while default value is a map": {
			configuration: `
variable "name" {
  default = {a = 1}
}`,
			want: want{
				subStr: "a",
				err:    nil,
			},
		},
		"null type variable, while default value is number": {
			configuration: `
variable "name" {
  default = 123
}`,
			want: want{
				subStr: "123",
				err:    nil,
			},
		},
		"complicated list variable": {
			configuration: `
variable "aaa" {
  type = list(object({
    type = string
    sourceArn = string
    config = string
  }))
  default = []
}`,
			want: want{
				subStr: "aaa",
				err:    nil,
			},
		},
		"complicated map variable": {
			configuration: `
variable "bbb" {
  type = map({
    type = string
    sourceArn = string
    config = string
  })
  default = []
}`,
			want: want{
				subStr: "bbb",
				err:    nil,
			},
		},
		"not supported complicated variable": {
			configuration: `
variable "bbb" {
  type = xxxxx(string)
}`,
			want: want{
				subStr: "",
				err:    fmt.Errorf("the type `%s` of variable %s is NOT supported", "xxxxx(string)", "bbb"),
			},
		},
		"any type, slice default": {
			configuration: `
variable "bbb" {
  type = any
  default = []
}`,
			want: want{
				subStr: "bbb",
				err:    nil,
			},
		},
		"any type, map default": {
			configuration: `
variable "bbb" {
  type = any
  default = {}
}`,
			want: want{
				subStr: "bbb",
				err:    nil,
			},
		},
	}

	for name, tc := range cases {
		t.Run(name, func(t *testing.T) {
			schema, err := GetOpenAPISchemaFromTerraformComponentDefinition(tc.configuration)
			if diff := cmp.Diff(tc.want.err, err, test.EquateErrors()); diff != "" {
				t.Errorf("\n%s\nGetOpenAPISchemaFromTerraformComponentDefinition(...): -want error, +got error:\n%s", name, diff)
			}
			if tc.want.err == nil {
				data := string(schema)
				assert.Equal(t, strings.Contains(data, tc.want.subStr), true)
			}
		})
	}
}

func TestGetGitSSHPublicKey(t *testing.T) {
	sshAuth := make(map[string][]byte)
	sshAuth[corev1.SSHAuthPrivateKey] = testdata.PEMBytes["rsa"]
	sshAuth[GitCredsKnownHosts] = []byte(`github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa
	+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7
	VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKr
	TJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==`)

	pubKey, err := gitssh.NewPublicKeys("git", sshAuth[corev1.SSHAuthPrivateKey], "")
	assert.NoError(t, err)

	k8sClient := fake.NewClientBuilder().Build()
	ctx := context.Background()

	secret := corev1.Secret{
		ObjectMeta: v1.ObjectMeta{
			Name:      "git-ssh-auth",
			Namespace: "default",
		},
		Data: sshAuth,
		Type: corev1.SecretTypeSSHAuth,
	}
	err = k8sClient.Create(ctx, &secret)
	assert.NoError(t, err)

	secret = corev1.Secret{
		ObjectMeta: v1.ObjectMeta{
			Name:      "git-ssh-auth-no-ssh-privatekey",
			Namespace: "default",
		},
		Data: map[string][]byte{
			GitCredsKnownHosts: sshAuth[GitCredsKnownHosts],
		},
	}
	err = k8sClient.Create(ctx, &secret)
	assert.NoError(t, err)

	secret = corev1.Secret{
		ObjectMeta: v1.ObjectMeta{
			Name:      "git-ssh-auth-no-known_hosts",
			Namespace: "default",
		},
		Data: map[string][]byte{
			corev1.SSHAuthPrivateKey: sshAuth[corev1.SSHAuthPrivateKey],
		},
		Type: corev1.SecretTypeSSHAuth,
	}
	err = k8sClient.Create(ctx, &secret)
	assert.NoError(t, err)

	type args struct {
		k8sClient                     client.Client
		GitCredentialsSecretReference *corev1.SecretReference
	}
	type want struct {
		publicKey *gitssh.PublicKeys
		err       string
	}
	cases := []struct {
		name string
		args args
		want want
	}{
		{
			name: "git credentials secret does not exist",
			args: args{
				k8sClient: k8sClient,
				GitCredentialsSecretReference: &corev1.SecretReference{
					Name:      "git-ssh-auth-secret-not-exist",
					Namespace: "default",
				},
			},
			want: want{
				publicKey: nil,
				err:       "failed to  get git credentials secret: secrets \"git-ssh-auth-secret-not-exist\" not found",
			},
		},
		{
			name: "ssh-privatekey not in git credentials secret",
			args: args{
				k8sClient: k8sClient,
				GitCredentialsSecretReference: &corev1.SecretReference{
					Name:      "git-ssh-auth-no-ssh-privatekey",
					Namespace: "default",
				},
			},
			want: want{
				publicKey: nil,
				err:       fmt.Sprintf("'%s' not in git credentials secret", corev1.SSHAuthPrivateKey),
			},
		},
		{
			name: "known_hosts not in git credentials secret",
			args: args{
				k8sClient: k8sClient,
				GitCredentialsSecretReference: &corev1.SecretReference{
					Name:      "git-ssh-auth-no-known_hosts",
					Namespace: "default",
				},
			},
			want: want{
				publicKey: nil,
				err:       fmt.Sprintf("'%s' not in git credentials secret", GitCredsKnownHosts),
			},
		},
		{
			name: "valid git credentials secret found",
			args: args{
				k8sClient: k8sClient,
				GitCredentialsSecretReference: &corev1.SecretReference{
					Name:      "git-ssh-auth",
					Namespace: "default",
				},
			},
			want: want{
				publicKey: pubKey,
			},
		},
	}

	for _, tc := range cases {
		t.Run(tc.name, func(t *testing.T) {
			publicKey, err := GetGitSSHPublicKey(ctx, tc.args.k8sClient, tc.args.GitCredentialsSecretReference)

			if len(tc.want.err) > 0 {
				assert.Error(t, err, tc.want.err)
			}

			if tc.want.publicKey != nil {
				assert.Equal(t, publicKey.Signer.PublicKey().Marshal(), tc.want.publicKey.Signer.PublicKey().Marshal())
				assert.Equal(t, publicKey.User, tc.want.publicKey.User)
				known_hosts_filepath := os.Getenv("SSH_KNOWN_HOSTS")
				known_hosts, err := os.ReadFile(known_hosts_filepath)
				assert.NoError(t, err)
				assert.Equal(t, known_hosts, sshAuth[GitCredsKnownHosts])
			}
		})
	}
}