wip

enj · Aug 26, 2019 · d894c2f · d894c2f
1 parent 3dcf7ea
commit d894c2f
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 5 deletions.
diff --git a/pkg/operator/encryption/helpers_test.go b/pkg/operator/encryption/helpers_test.go
@@ -53,14 +53,14 @@ func createEncryptionKeySecretWithKeyFromExistingSecret(targetNS string, gr sche
 	return secret
 }
 
-func createDummyKubeAPIPod(name, namespace string) *corev1.Pod {
+func createDummyKubeAPIPod(name, namespace, revision string) *corev1.Pod {
 	return &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
 			Labels: map[string]string{
 				"apiserver": "true",
-				"revision":  "1",
+				"revision":  revision,
 			},
 		},
 		Status: corev1.PodStatus{

diff --git a/pkg/operator/encryption/pod_state_controller_encryption_test.go b/pkg/operator/encryption/pod_state_controller_encryption_test.go
@@ -44,7 +44,7 @@ func TestEncryptionPodStateController(t *testing.T) {
 				schema.GroupResource{Group: "", Resource: "secrets"}: true,
 			},
 			initialResources: []runtime.Object{
-				createDummyKubeAPIPod("kube-apiserver-1", "kms"),
+				createDummyKubeAPIPod("kube-apiserver-1", "kms", "1"),
 			},
 			initialSecrets: []*corev1.Secret{
 				createEncryptionKeySecretWithRawKey("kms", schema.GroupResource{"", "secrets"}, 1, []byte("61def964fb967f5d7c44a2af8dab6865")),
@@ -78,6 +78,20 @@ func TestEncryptionPodStateController(t *testing.T) {
 				}
 			},
 		},
+
+		// scenario 2: imitates API servers being converging onto a single revision
+		{
+			name:            "checks if PodStateNotConverged condition is set - atm it panics",
+			targetNamespace: "kms",
+			destName:        "encryption-config-kube-apiserver-test",
+			targetGRs: map[schema.GroupResource]bool{
+				schema.GroupResource{Group: "", Resource: "secrets"}: true,
+			},
+			initialResources: []runtime.Object{
+				createDummyKubeAPIPod("kube-apiserver-1", "kms", "1"),
+				createDummyKubeAPIPod("kube-apiserver-2", "kms", "2"),
+			},
+		},
 	}
 
 	for _, scenario := range scenarios {

diff --git a/pkg/operator/encryption/state_controller_encryption_test.go b/pkg/operator/encryption/state_controller_encryption_test.go
@@ -44,7 +44,7 @@ func TestEncryptionStateController(t *testing.T) {
 				schema.GroupResource{Group: "", Resource: "secrets"}: true,
 			},
 			initialResources: []runtime.Object{
-				createDummyKubeAPIPod("kube-apiserver-1", "kms"),
+				createDummyKubeAPIPod("kube-apiserver-1", "kms", "1"),
 			},
 			expectedActions: []string{"list:pods:kms", "list:secrets:openshift-config-managed"},
 		},
@@ -60,7 +60,7 @@ func TestEncryptionStateController(t *testing.T) {
 				schema.GroupResource{Group: "", Resource: "secrets"}: true,
 			},
 			initialResources: []runtime.Object{
-				createDummyKubeAPIPod("kube-apiserver-1", "kms"),
+				createDummyKubeAPIPod("kube-apiserver-1", "kms", "1"),
 				createEncryptionKeySecretWithRawKey("kms", schema.GroupResource{"", "secrets"}, 1, []byte("61def964fb967f5d7c44a2af8dab6865")),
 			},
 			expectedActions:       []string{"list:pods:kms", "list:secrets:openshift-config-managed", "get:secrets:openshift-config-managed", "create:secrets:openshift-config-managed", "create:events:kms"},