From 1817db97b5daa712da92f72d9e67019fbf137f52 Mon Sep 17 00:00:00 2001 From: Friedrich Date: Fri, 15 Dec 2023 17:49:25 +0100 Subject: [PATCH 1/2] Cherry pick fixes to release channel (#349) * fix reference to release name (#342) * add missing env vars for IMG and MODULE_REGISTERY (#343) * add missing env vars for IMG and MODULE_REGISTERY * remove arg * add KUSTOMIZE_VERSION * fix wrong token (#344) * add missing env vars for IMG and MODULE_REGISTERY * remove arg * replace the BOT_GITHUB_TOKEN with the GITHUB_TOKEN * remove call of make module-build (#347) * remove call of make module-build We really only need to render the manifests so lets remove module-build. * revert removal of MODULE_REGISTERY * fix spelling of env var name (#348) --- .github/workflows/create-release.yml | 9 ++++++--- scripts/render_and_upload_manifests.sh | 9 ++++----- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 07dd8687..af73a0d3 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -66,10 +66,13 @@ jobs: - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml env: - PULL_BASE_REF: ${{ PULL_BASE_REF }} - BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} + PULL_BASE_REF: ${{ github.event.inputs.name }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.inputs.name }}" + MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned" + KUSTOMIZE_VERSION: "v4.5.6" run: | - ./scripts/render_and_upload_manifests.sh ${{ PULL_BASE_REF }} ${{ BOT_GITHUB_TOKEN }} + ./scripts/render_and_upload_manifests.sh outputs: release_id: ${{ steps.create-draft.outputs.release_id }} diff --git a/scripts/render_and_upload_manifests.sh b/scripts/render_and_upload_manifests.sh index 16a1e773..8ca2f33a 100755 --- a/scripts/render_and_upload_manifests.sh +++ b/scripts/render_and_upload_manifests.sh @@ -8,7 +8,7 @@ set -o pipefail # prevents errors in a pipeline from being masked # Expected variables: # PULL_BASE_REF - name of the tag -# BOT_GITHUB_TOKEN - github token used to upload the template yaml +# GITHUB_TOKEN - github token used to upload the template yaml uploadFile() { filePath=${1} @@ -17,7 +17,7 @@ uploadFile() { echo "Uploading ${filePath} as ${ghAsset}" response=$(curl -s -o output.txt -w "%{http_code}" \ --request POST --data-binary @"$filePath" \ - -H "Authorization: token $BOT_GITHUB_TOKEN" \ + -H "Authorization: token $GITHUB_TOKEN" \ -H "Content-Type: text/yaml" \ $ghAsset) if [[ "$response" != "201" ]]; then @@ -37,8 +37,7 @@ MODULE_VERSION=${PULL_BASE_REF} make render-manifest echo "Generated eventing-manager.yaml:" cat eventing-manager.yaml -MODULE_VERSION=${PULL_BASE_REF} make module-build - +# MODULE_VERSION=${PULL_BASE_REF} make module-build # TODO completly remove the rendering of the module-template from the repository. # echo "Generated moduletemplate.yaml:" # cat module-template.yaml @@ -48,7 +47,7 @@ echo "Updating github release with eventing-manager.yaml" echo "Finding release id for: ${PULL_BASE_REF}" CURL_RESPONSE=$(curl -w "%{http_code}" -sL \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $BOT_GITHUB_TOKEN" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ https://api.github.com/repos/kyma-project/eventing-manager/releases) JSON_RESPONSE=$(sed '$ d' <<<"${CURL_RESPONSE}") HTTP_CODE=$(tail -n1 <<<"${CURL_RESPONSE}") From eba1d2cb6d410989c8c5d4f885ef66e6701af41e Mon Sep 17 00:00:00 2001 From: Mansur Uralov Date: Tue, 19 Dec 2023 08:14:08 +0100 Subject: [PATCH 2/2] Improve EventMesh Tests for Better error comparison (#335) * Improve EventMesh Tests for Better error comparison require.ErrorAs only compares types. Instead erro should be compared properly. * Fix failing unit tests * Fix linting errors * Declare notFoundErr package level --- .../controller/operator/eventing/eventmesh.go | 6 +- .../operator/eventing/eventmesh_test.go | 96 ++++++++++--------- 2 files changed, 54 insertions(+), 48 deletions(-) diff --git a/internal/controller/operator/eventing/eventmesh.go b/internal/controller/operator/eventing/eventmesh.go index 5013f99f..c2fec08a 100644 --- a/internal/controller/operator/eventing/eventmesh.go +++ b/internal/controller/operator/eventing/eventmesh.go @@ -234,7 +234,6 @@ func (r *Reconciler) getOAuth2ClientCredentials(ctx context.Context, secretNames var exists bool var clientID, clientSecret, tokenURL, certsURL []byte - oauth2Secret := new(kcorev1.Secret) oauth2SecretNamespacedName := types.NamespacedName{ Namespace: secretNamespace, Name: r.backendConfig.EventingWebhookAuthSecretName, @@ -242,8 +241,9 @@ func (r *Reconciler) getOAuth2ClientCredentials(ctx context.Context, secretNames r.namedLogger().Infof("Reading secret %s", oauth2SecretNamespacedName.String()) - if getErr := r.Get(ctx, oauth2SecretNamespacedName, oauth2Secret); getErr != nil { - return nil, getErr + var oauth2Secret *kcorev1.Secret + if oauth2Secret, err = r.kubeClient.GetSecret(ctx, oauth2SecretNamespacedName.String()); err != nil { + return nil, err } if clientID, exists = oauth2Secret.Data[secretKeyClientID]; !exists { diff --git a/internal/controller/operator/eventing/eventmesh_test.go b/internal/controller/operator/eventing/eventmesh_test.go index b2765043..3f33ea56 100644 --- a/internal/controller/operator/eventing/eventmesh_test.go +++ b/internal/controller/operator/eventing/eventmesh_test.go @@ -3,6 +3,7 @@ package eventing import ( "context" "errors" + "fmt" "testing" "github.com/stretchr/testify/mock" @@ -10,7 +11,6 @@ import ( kcorev1 "k8s.io/api/core/v1" kmetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/client/fake" "github.com/kyma-project/eventing-manager/api/operator/v1alpha1" "github.com/kyma-project/eventing-manager/internal/label" @@ -33,6 +33,7 @@ const ( var ( ErrFailedToStart = errors.New("failed to start") ErrFailedToStop = errors.New("failed to stop") + errNotFound = errors.New("secret not found") ) //nolint:goerr113 // all tests here need to be fixed, as they use require.ErrorAs and use it wrongly @@ -94,7 +95,13 @@ func Test_reconcileEventMeshSubManager(t *testing.T) { givenManagerFactoryMock: func(_ *submgrmanagermocks.Manager) *submgrmocks.ManagerFactory { return nil }, - wantError: errors.New("failed to sync OAuth secret"), + givenKubeClientMock: func() k8s.Client { + mockKubeClient := new(k8smocks.Client) + mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return( + nil, errNotFound).Once() + return mockKubeClient + }, + wantError: fmt.Errorf("failed to sync OAuth secret: %w", errNotFound), wantHashAfter: int64(0), }, { @@ -115,11 +122,11 @@ func Test_reconcileEventMeshSubManager(t *testing.T) { givenKubeClientMock: func() k8s.Client { mockKubeClient := new(k8smocks.Client) mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return( - utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Once() + utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Once() mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(errors.New("failed to apply patch")).Once() return mockKubeClient }, - wantError: errors.New("failed to sync Publisher Proxy secret"), + wantError: errors.New("failed to sync Publisher Proxy secret: failed to apply patch"), }, { name: "it should do nothing because subscription manager is already started", @@ -143,7 +150,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) { mockKubeClient.On("GetConfigMap", ctx, mock.Anything, mock.Anything).Return(givenConfigMap, nil).Once() mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Once() mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return( - utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Once() + utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Once() return mockKubeClient }, wantHashAfter: int64(4922936597877296700), @@ -174,7 +181,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) { mockKubeClient.On("GetConfigMap", ctx, mock.Anything, mock.Anything).Return(givenConfigMap, nil).Once() mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Once() mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return( - utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Once() + utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Once() return mockKubeClient }, wantAssertCheck: true, @@ -205,7 +212,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) { mockKubeClient := new(k8smocks.Client) mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Twice() mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return( - utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Twice() + utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Twice() return mockKubeClient }, wantAssertCheck: true, @@ -239,7 +246,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) { mockKubeClient := new(k8smocks.Client) mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Twice() mockKubeClient.On("GetSecret", ctx, mock.Anything, mock.Anything).Return( - utils.NewEventMeshSecret("test-secret", givenEventing.Namespace), nil).Twice() + utils.NewOAuthSecret("test-secret", givenEventing.Namespace), nil).Twice() return mockKubeClient }, wantAssertCheck: true, @@ -300,7 +307,7 @@ func Test_reconcileEventMeshSubManager(t *testing.T) { // then if tc.wantError != nil { require.Error(t, err) - require.ErrorAs(t, err, &tc.wantError) + require.Equal(t, err.Error(), tc.wantError.Error()) } else { require.NoError(t, err) require.NotNil(t, testEnv.Reconciler.eventMeshSubManager) @@ -371,6 +378,7 @@ func Test_reconcileEventMeshSubManager_ReadClusterDomain(t *testing.T) { }, givenKubeClientMock: func() (k8s.Client, *k8smocks.Client) { mockKubeClient := new(k8smocks.Client) + mockKubeClient.On("GetSecret", mock.Anything, mock.Anything).Return(givenOauthSecret, nil).Once() mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Once() return mockKubeClient, mockKubeClient }, @@ -401,6 +409,7 @@ func Test_reconcileEventMeshSubManager_ReadClusterDomain(t *testing.T) { }, givenKubeClientMock: func() (k8s.Client, *k8smocks.Client) { mockKubeClient := new(k8smocks.Client) + mockKubeClient.On("GetSecret", mock.Anything, mock.Anything).Return(givenOauthSecret, nil).Once() mockKubeClient.On("GetConfigMap", ctx, mock.Anything, mock.Anything).Return(givenConfigMap, nil).Once() mockKubeClient.On("PatchApply", ctx, mock.Anything).Return(nil).Once() return mockKubeClient, mockKubeClient @@ -702,7 +711,7 @@ func Test_GetSecretForPublisher(t *testing.T) { func Test_getOAuth2ClientCredentials(t *testing.T) { testCases := []struct { name string - givenSecrets []*kcorev1.Secret + givenSecret *kcorev1.Secret wantError bool wantClientID []byte wantClientSecret []byte @@ -710,42 +719,36 @@ func Test_getOAuth2ClientCredentials(t *testing.T) { wantCertsURL []byte }{ { - name: "secret does not exist", - givenSecrets: nil, - wantError: true, + name: "secret does not exist", + givenSecret: nil, + wantError: true, }, { name: "secret exists with missing data", - givenSecrets: []*kcorev1.Secret{ - // required secret - { - ObjectMeta: kmetav1.ObjectMeta{ - Name: defaultEventingWebhookAuthSecretName, - Namespace: defaultEventingWebhookAuthSecretNamespace, - }, - Data: map[string][]byte{ - secretKeyClientID: []byte("test-client-id-0"), - // missing data - }, + givenSecret: &kcorev1.Secret{ + ObjectMeta: kmetav1.ObjectMeta{ + Name: defaultEventingWebhookAuthSecretName, + Namespace: defaultEventingWebhookAuthSecretNamespace, + }, + Data: map[string][]byte{ + secretKeyClientID: []byte("test-client-id-0"), + // missing data }, }, wantError: true, }, { name: "secret exists with all data", - givenSecrets: []*kcorev1.Secret{ - // required secret - { - ObjectMeta: kmetav1.ObjectMeta{ - Name: defaultEventingWebhookAuthSecretName, - Namespace: defaultEventingWebhookAuthSecretNamespace, - }, - Data: map[string][]byte{ - secretKeyClientID: []byte("test-client-id-0"), - secretKeyClientSecret: []byte("test-client-secret-0"), - secretKeyTokenURL: []byte("test-token-url-0"), - secretKeyCertsURL: []byte("test-certs-url-0"), - }, + givenSecret: &kcorev1.Secret{ + ObjectMeta: kmetav1.ObjectMeta{ + Name: defaultEventingWebhookAuthSecretName, + Namespace: defaultEventingWebhookAuthSecretNamespace, + }, + Data: map[string][]byte{ + secretKeyClientID: []byte("test-client-id-0"), + secretKeyClientSecret: []byte("test-client-secret-0"), + secretKeyTokenURL: []byte("test-token-url-0"), + secretKeyCertsURL: []byte("test-certs-url-0"), }, }, wantError: false, @@ -764,20 +767,23 @@ func Test_getOAuth2ClientCredentials(t *testing.T) { t.Run(tc.name, func(t *testing.T) { // given ctx := context.Background() + + kubeClient := new(k8smocks.Client) + + if tc.givenSecret != nil { + kubeClient.On("GetSecret", mock.Anything, mock.Anything).Return(tc.givenSecret, nil).Once() + } else { + kubeClient.On("GetSecret", mock.Anything, mock.Anything).Return(nil, errNotFound).Once() + } + r := Reconciler{ - Client: fake.NewClientBuilder().WithObjects().Build(), - logger: l, + kubeClient: kubeClient, + logger: l, backendConfig: env.BackendConfig{ EventingWebhookAuthSecretName: defaultEventingWebhookAuthSecretName, EventingWebhookAuthSecretNamespace: defaultEventingWebhookAuthSecretNamespace, }, } - if len(tc.givenSecrets) > 0 { - for _, secret := range tc.givenSecrets { - err := r.Client.Create(ctx, secret) - require.NoError(t, err) - } - } // when credentials, err := r.getOAuth2ClientCredentials(ctx, defaultEventingWebhookAuthSecretNamespace)