diff --git a/internal/controller/impersonatorconfig/impersonator_config.go b/internal/controller/impersonatorconfig/impersonator_config.go index 5cc68f35..a05dff37 100644 --- a/internal/controller/impersonatorconfig/impersonator_config.go +++ b/internal/controller/impersonatorconfig/impersonator_config.go @@ -256,6 +256,7 @@ func (c *impersonatorConfigController) doSync(syncCtx controllerlib.Context, cre } } else { if err = c.ensureImpersonatorIsStopped(true); err != nil { + // untested return nil, err } } @@ -378,6 +379,7 @@ func (c *impersonatorConfigController) serviceExists(serviceName string) (bool, return false, nil, nil } if err != nil { + // untested return false, nil, err } return true, service, nil @@ -390,6 +392,7 @@ func (c *impersonatorConfigController) tlsSecretExists() (bool, *v1.Secret, erro return false, nil, nil } if err != nil { + // untested return false, nil, err } return true, secret, nil @@ -496,6 +499,7 @@ func (c *impersonatorConfigController) ensureLoadBalancerIsStarted(ctx context.C func (c *impersonatorConfigController) ensureLoadBalancerIsStopped(ctx context.Context) error { running, service, err := c.serviceExists(c.generatedLoadBalancerServiceName) if err != nil { + // untested return err } if !running { @@ -541,6 +545,7 @@ func (c *impersonatorConfigController) ensureClusterIPServiceIsStarted(ctx conte func (c *impersonatorConfigController) ensureClusterIPServiceIsStopped(ctx context.Context) error { running, service, err := c.serviceExists(c.generatedClusterIPServiceName) if err != nil { + // untested return err } if !running { @@ -576,6 +581,7 @@ func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context sort.Strings(desiredAnnotationKeys) keysJSONArray, err := json.Marshal(desiredAnnotationKeys) if err != nil { + // untested return err // This shouldn't really happen. We should always be able to marshal an array of strings. } // Save the desired annotations to a bookkeeping annotation. @@ -590,6 +596,7 @@ func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context return err } if err != nil { + // untested return err } @@ -653,6 +660,7 @@ func (c *impersonatorConfigController) ensureTLSSecret(ctx context.Context, name secretFromInformer, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.tlsSecretName) notFound := k8serrors.IsNotFound(err) if !notFound && err != nil { + // untested return err } @@ -722,9 +730,10 @@ func (c *impersonatorConfigController) deleteTLSSecretWhenCertificateDoesNotMatc } if !nameInfo.ready { - // We currently have a secret but we are waiting for a load balancer to be assigned an ingress, so + // We currently have a secret, but we are waiting for a load balancer to be assigned an ingress, so // our current secret must be old/unwanted. if err = c.ensureTLSSecretIsRemoved(ctx); err != nil { + // untested return false, err } return true, nil @@ -770,6 +779,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con if secret != nil { err := c.loadTLSCertFromSecret(secret) if err != nil { + // untested return err } return nil @@ -786,6 +796,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con err = c.loadTLSCertFromSecret(newTLSSecret) if err != nil { + // untested return err } @@ -795,6 +806,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con func (c *impersonatorConfigController) ensureCASecretIsCreated(ctx context.Context) (*certauthority.CA, error) { caSecret, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.caSecretName) if err != nil && !k8serrors.IsNotFound(err) { + // untested return nil, err } @@ -816,11 +828,13 @@ func (c *impersonatorConfigController) ensureCASecretIsCreated(ctx context.Conte func (c *impersonatorConfigController) createCASecret(ctx context.Context) (*certauthority.CA, error) { impersonationCA, err := certauthority.New(caCommonName, approximatelyOneHundredYears) if err != nil { + // untested return nil, fmt.Errorf("could not create impersonation CA: %w", err) } caPrivateKeyPEM, err := impersonationCA.PrivateKeyToPEM() if err != nil { + // untested return nil, err } @@ -874,6 +888,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromLoadBalancer() return &certNameInfo{ready: false}, nil } if err != nil { + // untested return nil, err } ingresses := lb.Status.LoadBalancer.Ingress @@ -908,6 +923,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromClusterIPServic return &certNameInfo{ready: false}, nil } if err != nil { + // untested return nil, err } ip := clusterIP.Spec.ClusterIP @@ -924,6 +940,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromClusterIPServic } return &certNameInfo{ready: true, selectedIPs: parsedIPs, clientEndpoint: ip}, nil } + // untested return &certNameInfo{ready: false}, nil } @@ -935,11 +952,13 @@ func (c *impersonatorConfigController) createNewTLSSecret(ctx context.Context, c impersonationCert, err := ca.IssueServerCert(hostnames, ips, approximatelyOneHundredYears) if err != nil { + // untested return nil, fmt.Errorf("could not create impersonation cert: %w", err) } certPEM, keyPEM, err := certauthority.ToPEM(impersonationCert) if err != nil { + // untested return nil, err } @@ -969,6 +988,7 @@ func (c *impersonatorConfigController) loadTLSCertFromSecret(tlsSecret *v1.Secre keyPEM := tlsSecret.Data[v1.TLSPrivateKeyKey] if err := c.tlsServingCertDynamicCertProvider.SetCertKeyContent(certPEM, keyPEM); err != nil { + // untested return fmt.Errorf("could not parse TLS cert PEM data from Secret: %w", err) } @@ -983,6 +1003,7 @@ func (c *impersonatorConfigController) loadTLSCertFromSecret(tlsSecret *v1.Secre func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Context) error { tlsSecretExists, secret, err := c.tlsSecretExists() if err != nil { + // untested return err } if !tlsSecretExists {