diff --git a/cloud/services/compute/firewalls/reconcile_test.go b/cloud/services/compute/firewalls/reconcile_test.go new file mode 100644 index 000000000..cedc2375f --- /dev/null +++ b/cloud/services/compute/firewalls/reconcile_test.go @@ -0,0 +1,310 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package firewalls + +import ( + "context" + "fmt" + "net/http" + "testing" + + "github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud" + "github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta" + "github.com/pkg/errors" + "google.golang.org/api/compute/v1" + "google.golang.org/api/googleapi" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/utils/ptr" + infrav1 "sigs.k8s.io/cluster-api-provider-gcp/api/v1beta1" + "sigs.k8s.io/cluster-api-provider-gcp/cloud/scope" + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" +) + +func init() { + _ = clusterv1.AddToScheme(scheme.Scheme) + _ = infrav1.AddToScheme(scheme.Scheme) +} + +var fakeCluster = &clusterv1.Cluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "default", + }, + Spec: clusterv1.ClusterSpec{}, +} + +var fakeGCPCluster = &infrav1.GCPCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "default", + }, + Spec: infrav1.GCPClusterSpec{ + Project: "my-proj", + Region: "us-central1", + Network: infrav1.NetworkSpec{ + Name: ptr.To("my-network"), + Subnets: infrav1.Subnets{ + infrav1.SubnetSpec{ + Name: "workers", + CidrBlock: "10.0.0.1/28", + Region: "us-central1", + Purpose: ptr.To[string]("INTERNAL_HTTPS_LOAD_BALANCER"), + }, + }, + }, + }, + Status: infrav1.GCPClusterStatus{ + Network: infrav1.Network{ + FirewallRules: map[string]string{ + fmt.Sprintf("allow-%s-healthchecks", "my-cluster"): "test", + }, + }, + }, +} + +var fakeGCPClusterSharedVPC = &infrav1.GCPCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "default", + }, + Spec: infrav1.GCPClusterSpec{ + Project: "my-proj", + Region: "us-central1", + Network: infrav1.NetworkSpec{ + HostProject: ptr.To("my-shared-vpc-project"), + Name: ptr.To("my-network"), + Subnets: infrav1.Subnets{ + infrav1.SubnetSpec{ + Name: "workers", + CidrBlock: "10.0.0.1/28", + Region: "us-central1", + Purpose: ptr.To[string]("INTERNAL_HTTPS_LOAD_BALANCER"), + }, + }, + }, + }, + Status: infrav1.GCPClusterStatus{ + Network: infrav1.Network{ + FirewallRules: map[string]string{ + "my-cluster-apiserver": "test", + "my-cluster-apiintserver": "test", + }, + }, + }, +} + +type testCase struct { + name string + scope func() Scope + mockFirewalls *cloud.MockFirewalls + wantErr bool + assert func(ctx context.Context, t testCase) error +} + +func TestService_Reconcile(t *testing.T) { + fakec := fake.NewClientBuilder(). + WithScheme(scheme.Scheme). + Build() + + clusterScope, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPCluster, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + clusterScopeSharedVpc, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPClusterSharedVPC, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + tests := []testCase{ + { + name: "firewall rule does not exist successful create", + scope: func() Scope { return clusterScope }, + mockFirewalls: &cloud.MockFirewalls{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockFirewallsObj{}, + }, + assert: func(ctx context.Context, t testCase) error { + key := meta.GlobalKey(fmt.Sprintf("allow-%s-healthchecks", fakeGCPCluster.ObjectMeta.Name)) + fwRule, err := t.mockFirewalls.Get(ctx, key) + if err != nil { + return err + } + + if _, ok := fakeGCPCluster.Status.Network.FirewallRules[fwRule.Name]; !ok { + return errors.New("firewall rule was created but with wrong values") + } + return nil + }, + }, + { + name: "firewall rule already exist (should return existing firewall rule)", + scope: func() Scope { return clusterScope }, + mockFirewalls: &cloud.MockFirewalls{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockFirewallsObj{ + *meta.GlobalKey(fmt.Sprintf("allow-%s-healthchecks", fakeGCPCluster.ObjectMeta.Name)): {}, + }, + }, + }, + { + name: "error getting instance with non 404 error code (should return an error)", + scope: func() Scope { return clusterScope }, + mockFirewalls: &cloud.MockFirewalls{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockFirewallsObj{}, + GetHook: func(_ context.Context, _ *meta.Key, _ *cloud.MockFirewalls, _ ...cloud.Option) (bool, *compute.Firewall, error) { + return true, &compute.Firewall{}, &googleapi.Error{Code: http.StatusBadRequest} + }, + }, + wantErr: true, + }, + { + name: "firewall rule creation fails (should return an error)", + scope: func() Scope { return clusterScope }, + mockFirewalls: &cloud.MockFirewalls{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockFirewallsObj{}, + InsertError: map[meta.Key]error{ + *meta.GlobalKey(fmt.Sprintf("allow-%s-healthchecks", fakeGCPCluster.ObjectMeta.Name)): &googleapi.Error{Code: http.StatusBadRequest}, + }, + }, + wantErr: true, + }, + { + name: "firewall return no error using shared vpc", + scope: func() Scope { return clusterScopeSharedVpc }, + mockFirewalls: &cloud.MockFirewalls{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockFirewallsObj{ + *meta.GlobalKey(fmt.Sprintf("allow-%s-healthchecks", fakeGCPCluster.ObjectMeta.Name)): {}, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ctx := context.TODO() + s := New(tt.scope()) + s.firewalls = tt.mockFirewalls + err := s.Reconcile(ctx) + if (err != nil) != tt.wantErr { + t.Errorf("Service.Reconcile() error = %v, wantErr %v", err, tt.wantErr) + return + } + if tt.assert != nil { + err = tt.assert(ctx, tt) + if err != nil { + t.Errorf("firewall rule was not created as expected: %v", err) + return + } + } + }) + } +} + +func TestService_Delete(t *testing.T) { + fakec := fake.NewClientBuilder(). + WithScheme(scheme.Scheme). + Build() + + clusterScope, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPCluster, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + clusterScopeSharedVpc, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPClusterSharedVPC, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + tests := []testCase{ + { + name: "firewall rule does not exist, should do nothing", + scope: func() Scope { return clusterScope }, + mockFirewalls: &cloud.MockFirewalls{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + DeleteError: map[meta.Key]error{ + *meta.GlobalKey(fmt.Sprintf("allow-%s-healthchecks", fakeGCPCluster.ObjectMeta.Name)): &googleapi.Error{Code: http.StatusNotFound}, + }, + }, + }, + { + name: "error deleting firewall rule, should return error", + scope: func() Scope { return clusterScope }, + mockFirewalls: &cloud.MockFirewalls{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + DeleteError: map[meta.Key]error{ + *meta.GlobalKey(fmt.Sprintf("allow-%s-healthchecks", fakeGCPCluster.ObjectMeta.Name)): &googleapi.Error{Code: http.StatusBadRequest}, + }, + }, + wantErr: true, + }, + { + name: "firewall rule deletion with shared vpc", + scope: func() Scope { return clusterScopeSharedVpc }, + mockFirewalls: &cloud.MockFirewalls{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + DeleteError: map[meta.Key]error{ + *meta.GlobalKey(fmt.Sprintf("allow-%s-healthchecks", *fakeGCPCluster.Spec.Network.Name)): &googleapi.Error{Code: http.StatusNotFound}, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ctx := context.TODO() + s := New(tt.scope()) + s.firewalls = tt.mockFirewalls + err := s.Delete(ctx) + if (err != nil) != tt.wantErr { + t.Errorf("Service.Delete() error = %v, wantErr %v", err, tt.wantErr) + return + } + }) + } +} diff --git a/cloud/services/compute/networks/reconcile_test.go b/cloud/services/compute/networks/reconcile_test.go new file mode 100644 index 000000000..002fac586 --- /dev/null +++ b/cloud/services/compute/networks/reconcile_test.go @@ -0,0 +1,403 @@ +/* +Copyright 2024 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package networks + +import ( + "context" + "fmt" + "net/http" + "testing" + + "github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud" + "github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta" + "google.golang.org/api/compute/v1" + "google.golang.org/api/googleapi" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/utils/ptr" + infrav1 "sigs.k8s.io/cluster-api-provider-gcp/api/v1beta1" + "sigs.k8s.io/cluster-api-provider-gcp/cloud/scope" + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" +) + +func init() { + _ = clusterv1.AddToScheme(scheme.Scheme) + _ = infrav1.AddToScheme(scheme.Scheme) +} + +var fakeCluster = &clusterv1.Cluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "default", + }, + Spec: clusterv1.ClusterSpec{}, +} + +var fakeGCPCluster = &infrav1.GCPCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "default", + }, + Spec: infrav1.GCPClusterSpec{ + Project: "my-proj", + Region: "us-central1", + Network: infrav1.NetworkSpec{ + Name: ptr.To("my-network"), + Subnets: infrav1.Subnets{ + infrav1.SubnetSpec{ + Name: "workers", + CidrBlock: "10.0.0.1/28", + Region: "us-central1", + Purpose: ptr.To[string]("INTERNAL_HTTPS_LOAD_BALANCER"), + }, + }, + }, + }, +} + +var fakeGCPClusterSharedVPC = &infrav1.GCPCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "default", + }, + Spec: infrav1.GCPClusterSpec{ + Project: "my-proj", + Region: "us-central1", + Network: infrav1.NetworkSpec{ + HostProject: ptr.To("my-shared-vpc-project"), + Name: ptr.To("my-network"), + Subnets: infrav1.Subnets{ + infrav1.SubnetSpec{ + Name: "workers", + CidrBlock: "10.0.0.1/28", + Region: "us-central1", + Purpose: ptr.To[string]("INTERNAL_HTTPS_LOAD_BALANCER"), + }, + }, + }, + }, +} + +type testCase struct { + name string + scope func() Scope + mockNetwork *cloud.MockNetworks + mockRouter *cloud.MockRouters + wantErr bool + assert func(ctx context.Context, t testCase) error +} + +func TestService_createOrGetNetwork(t *testing.T) { + fakec := fake.NewClientBuilder(). + WithScheme(scheme.Scheme). + Build() + + clusterScope, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPCluster, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + clusterScopeSharedVpc, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPClusterSharedVPC, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + tests := []testCase{ + { + name: "network already exist (should return existing network)", + scope: func() Scope { return clusterScope }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockNetworksObj{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): {}, + }, + }, + }, + { + name: "error getting network instance with non 404 error code (should return an error)", + scope: func() Scope { return clusterScope }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockNetworksObj{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): {}, + }, + GetHook: func(_ context.Context, _ *meta.Key, _ *cloud.MockNetworks, _ ...cloud.Option) (bool, *compute.Network, error) { + return true, &compute.Network{}, &googleapi.Error{Code: http.StatusBadRequest} + }, + }, + wantErr: true, + }, + { + name: "network list error find issue shared vpc", + scope: func() Scope { return clusterScopeSharedVpc }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockNetworksObj{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): {}, + }, + GetHook: func(_ context.Context, _ *meta.Key, _ *cloud.MockNetworks, _ ...cloud.Option) (bool, *compute.Network, error) { + return true, &compute.Network{}, &googleapi.Error{Code: http.StatusNotFound} + }, + }, + wantErr: true, + }, + { + name: "network creation fails (should return an error)", + scope: func() Scope { return clusterScope }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockNetworksObj{}, + GetHook: func(_ context.Context, _ *meta.Key, _ *cloud.MockNetworks, _ ...cloud.Option) (bool, *compute.Network, error) { + return true, &compute.Network{}, &googleapi.Error{Code: http.StatusNotFound} + }, + InsertError: map[meta.Key]error{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): &googleapi.Error{Code: http.StatusBadRequest}, + }, + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ctx := context.TODO() + s := New(tt.scope()) + s.networks = tt.mockNetwork + _, err := s.createOrGetNetwork(ctx) + if (err != nil) != tt.wantErr { + t.Errorf("Service.createOrGetNetwork error = %v, wantErr %v", err, tt.wantErr) + return + } + if tt.assert != nil { + err = tt.assert(ctx, tt) + if err != nil { + t.Errorf("network was not created as expected: %v", err) + return + } + } + }) + } +} + +func TestService_createOrGetRouter(t *testing.T) { + fakec := fake.NewClientBuilder(). + WithScheme(scheme.Scheme). + Build() + + clusterScope, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPCluster, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + clusterScopeSharedVpc, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPClusterSharedVPC, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + tests := []testCase{ + { + name: "error getting router instance with non 404 error code (should return an error)", + scope: func() Scope { return clusterScope }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockNetworksObj{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): {}, + }, + }, + mockRouter: &cloud.MockRouters{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockRoutersObj{ + *meta.RegionalKey(fmt.Sprintf("%s-%s", *fakeGCPCluster.Spec.Network.Name, "router"), fakeGCPCluster.Spec.Region): {}, + }, + GetHook: func(_ context.Context, _ *meta.Key, _ *cloud.MockRouters, _ ...cloud.Option) (bool, *compute.Router, error) { + return true, &compute.Router{}, &googleapi.Error{Code: http.StatusBadRequest} + }, + }, + wantErr: true, + }, + { + name: "router list error find issue shared vpc", + scope: func() Scope { return clusterScopeSharedVpc }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockNetworksObj{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): {}, + }, + }, + mockRouter: &cloud.MockRouters{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockRoutersObj{ + *meta.RegionalKey(fmt.Sprintf("%s-%s", *fakeGCPCluster.Spec.Network.Name, "router"), fakeGCPCluster.Spec.Region): {}, + }, + GetHook: func(_ context.Context, _ *meta.Key, _ *cloud.MockRouters, _ ...cloud.Option) (bool, *compute.Router, error) { + return true, &compute.Router{}, &googleapi.Error{Code: http.StatusBadRequest} + }, + }, + wantErr: true, + }, + { + name: "router creation fails (should return an error)", + scope: func() Scope { return clusterScope }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockNetworksObj{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): {}, + }, + }, + mockRouter: &cloud.MockRouters{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockRoutersObj{}, + GetHook: func(_ context.Context, _ *meta.Key, _ *cloud.MockRouters, _ ...cloud.Option) (bool, *compute.Router, error) { + return true, &compute.Router{}, &googleapi.Error{Code: http.StatusNotFound} + }, + InsertError: map[meta.Key]error{ + *meta.RegionalKey(fmt.Sprintf("%s-%s", *fakeGCPCluster.Spec.Network.Name, "router"), fakeGCPCluster.Spec.Region): &googleapi.Error{Code: http.StatusBadRequest}, + }, + }, + wantErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ctx := context.TODO() + s := New(tt.scope()) + s.networks = tt.mockNetwork + s.routers = tt.mockRouter + + network, err := s.createOrGetNetwork(ctx) + if err != nil { + t.Errorf("Service.createOrGetNetwork error = %v", err) + return + } + + _, err = s.createOrGetRouter(ctx, network) + if (err != nil) != tt.wantErr { + t.Errorf("Service.createOrGetRouter error = %v, wantErr %v", err, tt.wantErr) + return + } + if tt.assert != nil { + err = tt.assert(ctx, tt) + if err != nil { + t.Errorf("router was not created as expected: %v", err) + return + } + } + }) + } +} + +func TestService_Delete(t *testing.T) { + fakec := fake.NewClientBuilder(). + WithScheme(scheme.Scheme). + Build() + + clusterScope, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPCluster, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + clusterScopeSharedVpc, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPClusterSharedVPC, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + + tests := []testCase{ + { + name: "network does not exist, should do nothing", + scope: func() Scope { return clusterScope }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + GetError: map[meta.Key]error{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): &googleapi.Error{Code: http.StatusNotFound}, + }, + }, + }, + { + name: "error deleting network, should return error", + scope: func() Scope { return clusterScope }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + GetError: map[meta.Key]error{ + *meta.GlobalKey(*fakeGCPCluster.Spec.Network.Name): &googleapi.Error{Code: http.StatusBadGateway}, + }, + }, + wantErr: true, + }, + { + name: "network shared vpc, should do nothing", + scope: func() Scope { return clusterScopeSharedVpc }, + mockNetwork: &cloud.MockNetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ctx := context.TODO() + s := New(tt.scope()) + s.networks = tt.mockNetwork + err := s.Delete(ctx) + if (err != nil) != tt.wantErr { + t.Errorf("Service.Delete() error = %v, wantErr %v", err, tt.wantErr) + return + } + }) + } +} diff --git a/cloud/services/compute/subnets/reconcile_test.go b/cloud/services/compute/subnets/reconcile_test.go index ebc23aa68..bedf141ec 100644 --- a/cloud/services/compute/subnets/reconcile_test.go +++ b/cloud/services/compute/subnets/reconcile_test.go @@ -1,5 +1,5 @@ /* -Copyright 2022 The Kubernetes Authors. +Copyright 2024 The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -72,6 +72,28 @@ var fakeGCPCluster = &infrav1.GCPCluster{ }, } +var fakeGCPClusterSharedVPC = &infrav1.GCPCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "default", + }, + Spec: infrav1.GCPClusterSpec{ + Project: "my-proj", + Region: "us-central1", + Network: infrav1.NetworkSpec{ + HostProject: ptr.To("my-shared-vpc-project"), + Subnets: infrav1.Subnets{ + infrav1.SubnetSpec{ + Name: "workers", + CidrBlock: "10.0.0.1/28", + Region: "us-central1", + Purpose: ptr.To[string]("INTERNAL_HTTPS_LOAD_BALANCER"), + }, + }, + }, + }, +} + type testCase struct { name string scope func() Scope @@ -97,6 +119,18 @@ func TestService_Reconcile(t *testing.T) { t.Fatal(err) } + clusterScopeSharedVpc, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPClusterSharedVPC, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + tests := []testCase{ { name: "subnet already exist (should return existing subnet)", @@ -155,6 +189,18 @@ func TestService_Reconcile(t *testing.T) { }, wantErr: true, }, + { + name: "subnet list error find issue shared vpc", + scope: func() Scope { return clusterScopeSharedVpc }, + mockSubnetworks: &cloud.MockSubnetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + Objects: map[meta.Key]*cloud.MockSubnetworksObj{}, + GetHook: func(_ context.Context, _ *meta.Key, _ *cloud.MockSubnetworks, _ ...cloud.Option) (bool, *compute.Subnetwork, error) { + return true, &compute.Subnetwork{}, &googleapi.Error{Code: http.StatusBadRequest} + }, + }, + wantErr: true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -194,6 +240,18 @@ func TestService_Delete(t *testing.T) { t.Fatal(err) } + clusterScopeSharedVpc, err := scope.NewClusterScope(context.TODO(), scope.ClusterScopeParams{ + Client: fakec, + Cluster: fakeCluster, + GCPCluster: fakeGCPClusterSharedVPC, + GCPServices: scope.GCPServices{ + Compute: &compute.Service{}, + }, + }) + if err != nil { + t.Fatal(err) + } + tests := []testCase{ { name: "subnet does not exist, should do nothing", @@ -233,6 +291,15 @@ func TestService_Delete(t *testing.T) { }, wantErr: false, }, + name: "subnet deletion with shared vpc", + scope: func() Scope { return clusterScopeSharedVpc }, + mockSubnetworks: &cloud.MockSubnetworks{ + ProjectRouter: &cloud.SingleProjectRouter{ID: "my-proj"}, + DeleteError: map[meta.Key]error{ + *meta.RegionalKey(fakeGCPCluster.Spec.Network.Subnets[0].Name, fakeGCPCluster.Spec.Region): &googleapi.Error{Code: http.StatusNotFound}, + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {