ContainerImage.Pinniped/internal/controller/supervisorconfig/upstreamwatcher/ldap_upstream_watcher_test.go

// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package upstreamwatcher

import (
	"context"
	"testing"

	"github.com/stretchr/testify/require"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/runtime"
	"k8s.io/client-go/informers"
	"k8s.io/client-go/kubernetes/fake"

	"go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"
	pinnipedfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake"
	pinnipedinformers "go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions"
	"go.pinniped.dev/internal/controllerlib"
	"go.pinniped.dev/internal/oidc/provider"
	"go.pinniped.dev/internal/testutil"
	"go.pinniped.dev/internal/upstreamldap"
)

func TestLDAPUpstreamWatcherControllerFilterSecrets(t *testing.T) {
	t.Parallel()

	tests := []struct {
		name       string
		secret     metav1.Object
		wantAdd    bool
		wantUpdate bool
		wantDelete bool
	}{
		{
			name: "a secret of the right type",
			secret: &corev1.Secret{
				Type:       corev1.SecretTypeBasicAuth,
				ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"},
			},
			wantAdd:    true,
			wantUpdate: true,
			wantDelete: true,
		},
		{
			name: "a secret of the wrong type",
			secret: &corev1.Secret{
				Type:       "this-is-the-wrong-type",
				ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"},
			},
		},
		{
			name: "resource of a data type which is not watched by this controller",
			secret: &corev1.Namespace{
				ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"},
			},
		},
	}
	for _, test := range tests {
		test := test
		t.Run(test.name, func(t *testing.T) {
			t.Parallel()

			fakePinnipedClient := pinnipedfake.NewSimpleClientset()
			pinnipedInformers := pinnipedinformers.NewSharedInformerFactory(fakePinnipedClient, 0)
			ldapIDPInformer := pinnipedInformers.IDP().V1alpha1().LDAPIdentityProviders()
			fakeKubeClient := fake.NewSimpleClientset()
			kubeInformers := informers.NewSharedInformerFactory(fakeKubeClient, 0)
			secretInformer := kubeInformers.Core().V1().Secrets()
			withInformer := testutil.NewObservableWithInformerOption()

			NewLDAPUpstreamWatcherController(nil, nil, nil, ldapIDPInformer, secretInformer, withInformer.WithInformer)

			unrelated := corev1.Secret{}
			filter := withInformer.GetFilterForInformer(secretInformer)
			require.Equal(t, test.wantAdd, filter.Add(test.secret))
			require.Equal(t, test.wantUpdate, filter.Update(&unrelated, test.secret))
			require.Equal(t, test.wantUpdate, filter.Update(test.secret, &unrelated))
			require.Equal(t, test.wantDelete, filter.Delete(test.secret))
		})
	}
}

func TestLDAPUpstreamWatcherControllerFilterLDAPIdentityProviders(t *testing.T) {
	t.Parallel()

	tests := []struct {
		name       string
		idp        metav1.Object
		wantAdd    bool
		wantUpdate bool
		wantDelete bool
	}{
		{
			name: "any LDAPIdentityProvider",
			idp: &v1alpha1.LDAPIdentityProvider{
				ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"},
			},
			wantAdd:    true,
			wantUpdate: true,
			wantDelete: true,
		},
	}
	for _, test := range tests {
		test := test
		t.Run(test.name, func(t *testing.T) {
			t.Parallel()

			fakePinnipedClient := pinnipedfake.NewSimpleClientset()
			pinnipedInformers := pinnipedinformers.NewSharedInformerFactory(fakePinnipedClient, 0)
			ldapIDPInformer := pinnipedInformers.IDP().V1alpha1().LDAPIdentityProviders()
			fakeKubeClient := fake.NewSimpleClientset()
			kubeInformers := informers.NewSharedInformerFactory(fakeKubeClient, 0)
			secretInformer := kubeInformers.Core().V1().Secrets()
			withInformer := testutil.NewObservableWithInformerOption()

			NewLDAPUpstreamWatcherController(nil, nil, nil, ldapIDPInformer, secretInformer, withInformer.WithInformer)

			unrelated := corev1.Secret{}
			filter := withInformer.GetFilterForInformer(ldapIDPInformer)
			require.Equal(t, test.wantAdd, filter.Add(test.idp))
			require.Equal(t, test.wantUpdate, filter.Update(&unrelated, test.idp))
			require.Equal(t, test.wantUpdate, filter.Update(test.idp, &unrelated))
			require.Equal(t, test.wantDelete, filter.Delete(test.idp))
		})
	}
}

// Wrap the func into a struct so the test can do deep equal assertions on instances of upstreamldap.Provider.
type comparableDialer struct {
	f upstreamldap.LDAPDialerFunc
}

func (d *comparableDialer) Dial(ctx context.Context, hostAndPort string) (upstreamldap.Conn, error) {
	return d.f(ctx, hostAndPort)
}

func TestLDAPUpstreamWatcherControllerSync(t *testing.T) {
	t.Parallel()

	const (
		testNamespace        = "test-namespace"
		testName             = "test-name"
		testSecretName       = "test-client-secret"
		testBindUsername     = "test-bind-username"
		testBindPassword     = "test-bind-password"
		testHost             = "ldap.example.com:123"
		testCABundle         = "test-ca-bundle"
		testUserSearchBase   = "test-user-search-base"
		testUserSearchFilter = "test-user-search-filter"
		testUsernameAttrName = "test-username-attr"
		testUIDAttrName      = "test-uid-attr"
	)
	var (
		testValidSecretData = map[string][]byte{"username": []byte(testBindUsername), "password": []byte(testBindPassword)}
	)

	successfulDialer := &comparableDialer{
		f: func(ctx context.Context, hostAndPort string) (upstreamldap.Conn, error) {
			// TODO return a fake implementation of upstreamldap.Conn, or return an error for testing errors
			return nil, nil
		},
	}

	tests := []struct {
		name                   string
		inputUpstreams         []runtime.Object
		inputSecrets           []runtime.Object
		ldapDialer             upstreamldap.LDAPDialer
		wantErr                string
		wantResultingCache     []*upstreamldap.Provider
		wantResultingUpstreams []v1alpha1.LDAPIdentityProvider
	}{
		{
			name: "no LDAPIdentityProvider upstreams clears the cache",
		},
		{
			name:       "one valid upstream updates the cache to include only that upstream",
			ldapDialer: successfulDialer,
			inputUpstreams: []runtime.Object{&v1alpha1.LDAPIdentityProvider{
				ObjectMeta: metav1.ObjectMeta{Name: testName, Namespace: testNamespace, Generation: 1234},
				Spec: v1alpha1.LDAPIdentityProviderSpec{
					Host: testHost,
					TLS:  &v1alpha1.LDAPIdentityProviderTLSSpec{CertificateAuthorityData: testCABundle},
					Bind: v1alpha1.LDAPIdentityProviderBindSpec{SecretName: testSecretName},
					UserSearch: v1alpha1.LDAPIdentityProviderUserSearchSpec{
						Base:   testUserSearchBase,
						Filter: testUserSearchFilter,
						Attributes: v1alpha1.LDAPIdentityProviderUserSearchAttributesSpec{
							Username: testUsernameAttrName,
							UniqueID: testUIDAttrName,
						},
					},
				},
			}},
			inputSecrets: []runtime.Object{&corev1.Secret{
				ObjectMeta: metav1.ObjectMeta{Name: testSecretName, Namespace: testNamespace},
				Type:       corev1.SecretTypeBasicAuth,
				Data:       testValidSecretData,
			}},
			wantResultingCache: []*upstreamldap.Provider{
				{
					Name:         testName,
					Host:         testHost,
					CABundle:     []byte(testCABundle),
					BindUsername: testBindUsername,
					BindPassword: testBindPassword,
					UserSearch: &upstreamldap.UserSearch{
						Base:              testUserSearchBase,
						Filter:            testUserSearchFilter,
						UsernameAttribute: testUsernameAttrName,
						UIDAttribute:      testUIDAttrName,
					},
					Dialer: successfulDialer, // the dialer passed to the controller's constructor should have been passed through
				},
			},
			wantResultingUpstreams: []v1alpha1.LDAPIdentityProvider{{
				ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName, Generation: 1234},
				Status: v1alpha1.LDAPIdentityProviderStatus{
					Phase: "Ready",
					// TODO Conditions
				},
			}},
		},
	}
	for _, tt := range tests {
		tt := tt
		t.Run(tt.name, func(t *testing.T) {
			t.Parallel()
			fakePinnipedClient := pinnipedfake.NewSimpleClientset(tt.inputUpstreams...)
			pinnipedInformers := pinnipedinformers.NewSharedInformerFactory(fakePinnipedClient, 0)
			fakeKubeClient := fake.NewSimpleClientset(tt.inputSecrets...)
			kubeInformers := informers.NewSharedInformerFactory(fakeKubeClient, 0)
			cache := provider.NewDynamicUpstreamIDPProvider()
			cache.SetLDAPIdentityProviders([]provider.UpstreamLDAPIdentityProviderI{
				&upstreamldap.Provider{Name: "initial-entry"},
			})

			controller := NewLDAPUpstreamWatcherController(
				cache,
				successfulDialer,
				fakePinnipedClient,
				pinnipedInformers.IDP().V1alpha1().LDAPIdentityProviders(),
				kubeInformers.Core().V1().Secrets(),
				controllerlib.WithInformer,
			)

			ctx, cancel := context.WithCancel(context.Background())
			defer cancel()

			pinnipedInformers.Start(ctx.Done())
			kubeInformers.Start(ctx.Done())
			controllerlib.TestRunSynchronously(t, controller)

			syncCtx := controllerlib.Context{Context: ctx, Key: controllerlib.Key{}}

			if err := controllerlib.TestSync(t, controller, syncCtx); tt.wantErr != "" {
				require.EqualError(t, err, tt.wantErr)
			} else {
				require.NoError(t, err)
			}

			actualIDPList := cache.GetLDAPIdentityProviders()
			require.Equal(t, len(tt.wantResultingCache), len(actualIDPList))
			for i := range actualIDPList {
				actualIDP := actualIDPList[i].(*upstreamldap.Provider)
				require.Equal(t, tt.wantResultingCache[i], actualIDP)
			}

			actualUpstreams, err := fakePinnipedClient.IDPV1alpha1().LDAPIdentityProviders(testNamespace).List(ctx, metav1.ListOptions{})
			require.NoError(t, err)

			// TODO maybe use something like the normalizeUpstreams() helper to make assertions about what was updated
			_ = actualUpstreams
			// require.ElementsMatch(t, tt.wantResultingUpstreams, actualUpstreams.Items)

			// Running the sync() a second time should be idempotent, and should return the same error.
			if err := controllerlib.TestSync(t, controller, syncCtx); tt.wantErr != "" {
				require.EqualError(t, err, tt.wantErr)
			} else {
				require.NoError(t, err)
			}
		})
	}
}
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`

			`package upstreamwatcher`

			`import (`
			`"context"`
			`"testing"`

			`"github.com/stretchr/testify/require"`
			`corev1 "k8s.io/api/core/v1"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`"k8s.io/apimachinery/pkg/runtime"`
			`"k8s.io/client-go/informers"`
			`"k8s.io/client-go/kubernetes/fake"`

			`"go.pinniped.dev/generated/latest/apis/supervisor/idp/v1alpha1"`
			`pinnipedfake "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned/fake"`
			`pinnipedinformers "go.pinniped.dev/generated/latest/client/supervisor/informers/externalversions"`
			`"go.pinniped.dev/internal/controllerlib"`
			`"go.pinniped.dev/internal/oidc/provider"`
			`"go.pinniped.dev/internal/testutil"`
			`"go.pinniped.dev/internal/upstreamldap"`
			`)`

			`func TestLDAPUpstreamWatcherControllerFilterSecrets(t *testing.T) {`
			`t.Parallel()`

			`tests := []struct {`
			`name string`
			`secret metav1.Object`
			`wantAdd bool`
			`wantUpdate bool`
			`wantDelete bool`
			`}{`
			`{`
			`name: "a secret of the right type",`
			`secret: &corev1.Secret{`
			`Type: corev1.SecretTypeBasicAuth,`
			`ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"},`
			`},`
			`wantAdd: true,`
			`wantUpdate: true,`
			`wantDelete: true,`
			`},`
			`{`
			`name: "a secret of the wrong type",`
			`secret: &corev1.Secret{`
			`Type: "this-is-the-wrong-type",`
			`ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"},`
			`},`
			`},`
			`{`
			`name: "resource of a data type which is not watched by this controller",`
			`secret: &corev1.Namespace{`
			`ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"},`
			`},`
			`},`
			`}`
			`for _, test := range tests {`
			`test := test`
			`t.Run(test.name, func(t *testing.T) {`
			`t.Parallel()`

			`fakePinnipedClient := pinnipedfake.NewSimpleClientset()`
			`pinnipedInformers := pinnipedinformers.NewSharedInformerFactory(fakePinnipedClient, 0)`
			`ldapIDPInformer := pinnipedInformers.IDP().V1alpha1().LDAPIdentityProviders()`
			`fakeKubeClient := fake.NewSimpleClientset()`
			`kubeInformers := informers.NewSharedInformerFactory(fakeKubeClient, 0)`
			`secretInformer := kubeInformers.Core().V1().Secrets()`
			`withInformer := testutil.NewObservableWithInformerOption()`

			`NewLDAPUpstreamWatcherController(nil, nil, nil, ldapIDPInformer, secretInformer, withInformer.WithInformer)`

			`unrelated := corev1.Secret{}`
			`filter := withInformer.GetFilterForInformer(secretInformer)`
			`require.Equal(t, test.wantAdd, filter.Add(test.secret))`
			`require.Equal(t, test.wantUpdate, filter.Update(&unrelated, test.secret))`
			`require.Equal(t, test.wantUpdate, filter.Update(test.secret, &unrelated))`
			`require.Equal(t, test.wantDelete, filter.Delete(test.secret))`
			`})`
			`}`
			`}`

			`func TestLDAPUpstreamWatcherControllerFilterLDAPIdentityProviders(t *testing.T) {`
			`t.Parallel()`

			`tests := []struct {`
			`name string`
			`idp metav1.Object`
			`wantAdd bool`
			`wantUpdate bool`
			`wantDelete bool`
			`}{`
			`{`
			`name: "any LDAPIdentityProvider",`
			`idp: &v1alpha1.LDAPIdentityProvider{`
			`ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"},`
			`},`
			`wantAdd: true,`
			`wantUpdate: true,`
			`wantDelete: true,`
			`},`
			`}`
			`for _, test := range tests {`
			`test := test`
			`t.Run(test.name, func(t *testing.T) {`
			`t.Parallel()`

			`fakePinnipedClient := pinnipedfake.NewSimpleClientset()`
			`pinnipedInformers := pinnipedinformers.NewSharedInformerFactory(fakePinnipedClient, 0)`
			`ldapIDPInformer := pinnipedInformers.IDP().V1alpha1().LDAPIdentityProviders()`
			`fakeKubeClient := fake.NewSimpleClientset()`
			`kubeInformers := informers.NewSharedInformerFactory(fakeKubeClient, 0)`
			`secretInformer := kubeInformers.Core().V1().Secrets()`
			`withInformer := testutil.NewObservableWithInformerOption()`

			`NewLDAPUpstreamWatcherController(nil, nil, nil, ldapIDPInformer, secretInformer, withInformer.WithInformer)`

			`unrelated := corev1.Secret{}`
			`filter := withInformer.GetFilterForInformer(ldapIDPInformer)`
			`require.Equal(t, test.wantAdd, filter.Add(test.idp))`
			`require.Equal(t, test.wantUpdate, filter.Update(&unrelated, test.idp))`
			`require.Equal(t, test.wantUpdate, filter.Update(test.idp, &unrelated))`
			`require.Equal(t, test.wantDelete, filter.Delete(test.idp))`
			`})`
			`}`
			`}`

Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`// Wrap the func into a struct so the test can do deep equal assertions on instances of upstreamldap.Provider.`
			`type comparableDialer struct {`
			`f upstreamldap.LDAPDialerFunc`
			`}`

			`func (d *comparableDialer) Dial(ctx context.Context, hostAndPort string) (upstreamldap.Conn, error) {`
			`return d.f(ctx, hostAndPort)`
			`}`

More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`func TestLDAPUpstreamWatcherControllerSync(t *testing.T) {`
			`t.Parallel()`

Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`const (`
			`testNamespace = "test-namespace"`
			`testName = "test-name"`
			`testSecretName = "test-client-secret"`
			`testBindUsername = "test-bind-username"`
			`testBindPassword = "test-bind-password"`
			`testHost = "ldap.example.com:123"`
			`testCABundle = "test-ca-bundle"`
			`testUserSearchBase = "test-user-search-base"`
			`testUserSearchFilter = "test-user-search-filter"`
			`testUsernameAttrName = "test-username-attr"`
			`testUIDAttrName = "test-uid-attr"`
			`)`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`var (`
			`testValidSecretData = map[string][]byte{"username": []byte(testBindUsername), "password": []byte(testBindPassword)}`
			`)`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00
			`successfulDialer := &comparableDialer{`
			`f: func(ctx context.Context, hostAndPort string) (upstreamldap.Conn, error) {`
			`// TODO return a fake implementation of upstreamldap.Conn, or return an error for testing errors`
			`return nil, nil`
			`},`
			`}`

More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`tests := []struct {`
			`name string`
			`inputUpstreams []runtime.Object`
			`inputSecrets []runtime.Object`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`ldapDialer upstreamldap.LDAPDialer`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`wantErr string`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`wantResultingCache []*upstreamldap.Provider`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`wantResultingUpstreams []v1alpha1.LDAPIdentityProvider`
			`}{`
			`{`
			`name: "no LDAPIdentityProvider upstreams clears the cache",`
			`},`
			`{`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`name: "one valid upstream updates the cache to include only that upstream",`
			`ldapDialer: successfulDialer,`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`inputUpstreams: []runtime.Object{&v1alpha1.LDAPIdentityProvider{`
			`ObjectMeta: metav1.ObjectMeta{Name: testName, Namespace: testNamespace, Generation: 1234},`
			`Spec: v1alpha1.LDAPIdentityProviderSpec{`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`Host: testHost,`
			`TLS: &v1alpha1.LDAPIdentityProviderTLSSpec{CertificateAuthorityData: testCABundle},`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`Bind: v1alpha1.LDAPIdentityProviderBindSpec{SecretName: testSecretName},`
			`UserSearch: v1alpha1.LDAPIdentityProviderUserSearchSpec{`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`Base: testUserSearchBase,`
			`Filter: testUserSearchFilter,`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`Attributes: v1alpha1.LDAPIdentityProviderUserSearchAttributesSpec{`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`Username: testUsernameAttrName,`
			`UniqueID: testUIDAttrName,`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`},`
			`},`
			`},`
			`}},`
			`inputSecrets: []runtime.Object{&corev1.Secret{`
			`ObjectMeta: metav1.ObjectMeta{Name: testSecretName, Namespace: testNamespace},`
			`Type: corev1.SecretTypeBasicAuth,`
			`Data: testValidSecretData,`
			`}},`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`wantResultingCache: []*upstreamldap.Provider{`
			`{`
			`Name: testName,`
			`Host: testHost,`
			`CABundle: []byte(testCABundle),`
			`BindUsername: testBindUsername,`
			`BindPassword: testBindPassword,`
			`UserSearch: &upstreamldap.UserSearch{`
			`Base: testUserSearchBase,`
			`Filter: testUserSearchFilter,`
			`UsernameAttribute: testUsernameAttrName,`
			`UIDAttribute: testUIDAttrName,`
			`},`
			`Dialer: successfulDialer, // the dialer passed to the controller's constructor should have been passed through`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`},`
			`},`
			`wantResultingUpstreams: []v1alpha1.LDAPIdentityProvider{{`
			`ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName, Generation: 1234},`
			`Status: v1alpha1.LDAPIdentityProviderStatus{`
			`Phase: "Ready",`
			`// TODO Conditions`
			`},`
			`}},`
			`},`
			`}`
			`for _, tt := range tests {`
			`tt := tt`
			`t.Run(tt.name, func(t *testing.T) {`
			`t.Parallel()`
			`fakePinnipedClient := pinnipedfake.NewSimpleClientset(tt.inputUpstreams...)`
			`pinnipedInformers := pinnipedinformers.NewSharedInformerFactory(fakePinnipedClient, 0)`
			`fakeKubeClient := fake.NewSimpleClientset(tt.inputSecrets...)`
			`kubeInformers := informers.NewSharedInformerFactory(fakeKubeClient, 0)`
			`cache := provider.NewDynamicUpstreamIDPProvider()`
			`cache.SetLDAPIdentityProviders([]provider.UpstreamLDAPIdentityProviderI{`
			`&upstreamldap.Provider{Name: "initial-entry"},`
			`})`

			`controller := NewLDAPUpstreamWatcherController(`
			`cache,`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`successfulDialer,`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`fakePinnipedClient,`
			`pinnipedInformers.IDP().V1alpha1().LDAPIdentityProviders(),`
			`kubeInformers.Core().V1().Secrets(),`
			`controllerlib.WithInformer,`
			`)`

			`ctx, cancel := context.WithCancel(context.Background())`
			`defer cancel()`

			`pinnipedInformers.Start(ctx.Done())`
			`kubeInformers.Start(ctx.Done())`
			`controllerlib.TestRunSynchronously(t, controller)`

			`syncCtx := controllerlib.Context{Context: ctx, Key: controllerlib.Key{}}`

			`if err := controllerlib.TestSync(t, controller, syncCtx); tt.wantErr != "" {`
			`require.EqualError(t, err, tt.wantErr)`
			`} else {`
			`require.NoError(t, err)`
			`}`

			`actualIDPList := cache.GetLDAPIdentityProviders()`
			`require.Equal(t, len(tt.wantResultingCache), len(actualIDPList))`
			`for i := range actualIDPList {`
			`actualIDP := actualIDPList[i].(*upstreamldap.Provider)`
Add a little more logic to ldap_upstream_watcher.go 2021-04-12 18:23:08 +00:00			`require.Equal(t, tt.wantResultingCache[i], actualIDP)`
More LDAP WIP: started controller and LDAP server connection code Both are unfinished works in progress. 2021-04-10 01:49:43 +00:00			`}`

			`actualUpstreams, err := fakePinnipedClient.IDPV1alpha1().LDAPIdentityProviders(testNamespace).List(ctx, metav1.ListOptions{})`
			`require.NoError(t, err)`

			`// TODO maybe use something like the normalizeUpstreams() helper to make assertions about what was updated`
			`_ = actualUpstreams`
			`// require.ElementsMatch(t, tt.wantResultingUpstreams, actualUpstreams.Items)`

			`// Running the sync() a second time should be idempotent, and should return the same error.`
			`if err := controllerlib.TestSync(t, controller, syncCtx); tt.wantErr != "" {`
			`require.EqualError(t, err, tt.wantErr)`
			`} else {`
			`require.NoError(t, err)`
			`}`
			`})`
			`}`
			`}`