fixed resource naming, added negative test.

kiwigrid · Jun 14, 2022 · 347808a · 347808a
1 parent d1da522
commit 347808a
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 22 deletions.
diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml
@@ -68,7 +68,8 @@ jobs:
 
         wait_for_pod_ready "sidecar"
         wait_for_pod_ready "sidecar-5xx"
-        wait_for_pod_ready "sidecar-api_key"
+        wait_for_pod_ready "sidecar-api-key"
+        wait_for_pod_ready "sidecar-api-key-fails"
         wait_for_pod_ready "dummy-server-pod"
 
     - name: Install Configmaps and Secrets
@@ -81,8 +82,9 @@ jobs:
     - name: Retrieve pod logs
       run: |
         kubectl logs sidecar > /tmp/sidecar.log
-        kubectl logs sidecar > /tmp/sidecar-api_key.log
         kubectl logs sidecar-5xx > /tmp/sidecar-5xx.log
+        kubectl logs sidecar-api-key > /tmp/sidecar-api-key.log
+        kubectl logs sidecar-api-key-fails > /tmp/sidecar-api-key-fails.log
         kubectl logs dummy-server-pod > /tmp/dummy-server.log
     - name: Upload artifacts
       uses: actions/upload-artifact@v3
@@ -111,12 +113,15 @@ jobs:
         kubectl cp sidecar-5xx:/tmp-5xx/relative/relative.txt /tmp/5xx/relative.txt
         kubectl cp sidecar-5xx:/tmp-5xx/500.txt /tmp/5xx/500.txt
 
-        echo "Downloading resource files from sidecar-api_key..."
-        kubectl cp sidecar-api_key:/tmp/api_key.txt /tmp/api-key/api_key.txt || true
+        echo "Downloading resource files from sidecar-api-key..."
+        kubectl cp sidecar-api-key:/tmp/api-key.txt /tmp/api-key/api-key.txt || true
+        
+        echo "Downloading resource files from sidecar-api-key-fails..."
+        kubectl cp sidecar-api-key-fails:/tmp/api-key.txt /tmp/api-key-fails/api-key.txt || true
 
     - name: Verify files
       run: |
-        echo "Verifying file content from sidecar and sidecar-5xx ..."
+        echo "Verifying file content from different sidecar pods ..."
         # this needs to be the last statement so that it defines the script exit code
         echo -n "Hello World!" | diff - /tmp/hello.world &&
           diff test/kubelogo.png /tmp/cm-kubelogo.png &&
@@ -132,5 +137,6 @@ jobs:
           echo -n "This relatively exists" | diff - /tmp/5xx/relative.txt &&
           echo -n "500" | diff - /tmp/5xx/500.txt &&
           ls /tmp/5xx/script_result &&
-          [ -f /tmp/api-key/api_key.txt ] && echo "api_key used for aouthentication"
-          
+          grep "200" /tmp/api-key/api-key.txt && echo "api-key used successfully for authentication" &&
+          grep "Forbidden" /tmp/api-key-fails/api-key.txt && echo "api-key-fails expectedly with wrong credentials" 
+          
diff --git a/test/resources/resources.yaml b/test/resources/resources.yaml
@@ -55,8 +55,8 @@ data:
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: url-configmap-api_key
+  name: url-configmap-api-key
   labels:
     findme: "sure"
 data:
-  api_key.txt.url: "http://dummy-server/200/api_key"
+  api-key.txt.url: "http://dummy-server/200/api-key"
diff --git a/test/resources/sidecar.yaml b/test/resources/sidecar.yaml
@@ -111,12 +111,13 @@ metadata:
 type: Opaque
 data:
     REQ_TOKEN_KEY: private_token
+    #REQ_TOKEN_VALUE: base64 enc "super-duper-secret"
     REQ_TOKEN_VALUE: c3VwZXItZHVwZXItc2VjcmV0
 ---
 apiVersion: v1
 kind: Pod
 metadata:
-  name: sidecar-api_key
+  name: sidecar-api-key
   namespace: default
 spec:
   serviceAccountName: sample-acc
@@ -126,9 +127,6 @@ spec:
     volumeMounts:
     - name: shared-volume
       mountPath: /tmp/
-    - name: script-volume
-      mountPath: /opt/script.sh
-      subPath: script.sh
     envFrom:
     - secretRef:
         name: token-auth-sample-secret      
@@ -138,16 +136,47 @@ spec:
     - name: FOLDER
       value: /tmp/
     - name: RESOURCE
-      value: both
-    - name: SCRIPT
-      value: "/opt/script.sh"
+      value: configmap
+  volumes:
+  - name: shared-volume
+    emptyDir: {}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: token-auth-sample-secret-fails
+type: Opaque
+data:
+    REQ_TOKEN_KEY: private_token
+    #REQ_TOKEN_VALUE base64 enc "I-will-fail"
+    REQ_TOKEN_VALUE: SS13aWxsLWZhaWw=
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: sidecar-api-key-fails
+  namespace: default
+spec:
+  serviceAccountName: sample-acc
+  containers:
+  - name: sidecar
+    image: kiwigrid/k8s-sidecar:testing
+    volumeMounts:
+    - name: shared-volume
+      mountPath: /tmp/
+    envFrom:
+    - secretRef:
+        name: token-auth-sample-secret-fails      
+    env:
+    - name: LABEL
+      value: "findme"
+    - name: FOLDER
+      value: /tmp/
+    - name: RESOURCE
+      value: configmap
   volumes:
   - name: shared-volume
     emptyDir: {}
-  - name: script-volume
-    configMap:
-      name: script-configmap
-      defaultMode: 0777
 ---
 apiVersion: v1
 kind: Pod

diff --git a/test/server/server.py b/test/server/server.py
@@ -40,7 +40,6 @@ async def read_item():
     return 503
 
 
-@app.get("/200/api_key")
+@app.get("/200/api-key")
 def read_root(api_key: APIKey = Depends(get_api_key)):
     return 200
-