djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mark untested code paths

Browse Source
This commit is contained in:
Joshua Casey 2023-07-06 17:14:39 -07:00
parent 3d7eb55fc2
commit 183c771d4e
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
internal/controller/impersonatorconfig/impersonator_config.go
View File

@ -256,6 +256,7 @@ func (c *impersonatorConfigController) doSync(syncCtx controllerlib.Context, cre
} }
} else { } else {
if err = c.ensureImpersonatorIsStopped(true); err != nil { if err = c.ensureImpersonatorIsStopped(true); err != nil {
// untested
return nil, err return nil, err
} }
} }
@ -378,6 +379,7 @@ func (c *impersonatorConfigController) serviceExists(serviceName string) (bool,
return false, nil, nil return false, nil, nil
} }
if err != nil { if err != nil {
// untested
return false, nil, err return false, nil, err
} }
return true, service, nil return true, service, nil
@ -390,6 +392,7 @@ func (c *impersonatorConfigController) tlsSecretExists() (bool, *v1.Secret, erro
return false, nil, nil return false, nil, nil
} }
if err != nil { if err != nil {
// untested
return false, nil, err return false, nil, err
} }
return true, secret, nil return true, secret, nil
@ -496,6 +499,7 @@ func (c *impersonatorConfigController) ensureLoadBalancerIsStarted(ctx context.C
func (c *impersonatorConfigController) ensureLoadBalancerIsStopped(ctx context.Context) error { func (c *impersonatorConfigController) ensureLoadBalancerIsStopped(ctx context.Context) error {
running, service, err := c.serviceExists(c.generatedLoadBalancerServiceName) running, service, err := c.serviceExists(c.generatedLoadBalancerServiceName)
if err != nil { if err != nil {
// untested
return err return err
} }
if !running { if !running {
@ -541,6 +545,7 @@ func (c *impersonatorConfigController) ensureClusterIPServiceIsStarted(ctx conte
func (c *impersonatorConfigController) ensureClusterIPServiceIsStopped(ctx context.Context) error { func (c *impersonatorConfigController) ensureClusterIPServiceIsStopped(ctx context.Context) error {
running, service, err := c.serviceExists(c.generatedClusterIPServiceName) running, service, err := c.serviceExists(c.generatedClusterIPServiceName)
if err != nil { if err != nil {
// untested
return err return err
} }
if !running { if !running {
@ -576,6 +581,7 @@ func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context
sort.Strings(desiredAnnotationKeys) sort.Strings(desiredAnnotationKeys)
keysJSONArray, err := json.Marshal(desiredAnnotationKeys) keysJSONArray, err := json.Marshal(desiredAnnotationKeys)
if err != nil { if err != nil {
// untested
return err // This shouldn't really happen. We should always be able to marshal an array of strings. return err // This shouldn't really happen. We should always be able to marshal an array of strings.
} }
// Save the desired annotations to a bookkeeping annotation. // Save the desired annotations to a bookkeeping annotation.
@ -590,6 +596,7 @@ func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context
return err return err
} }
if err != nil { if err != nil {
// untested
return err return err
} }
@ -653,6 +660,7 @@ func (c *impersonatorConfigController) ensureTLSSecret(ctx context.Context, name
secretFromInformer, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.tlsSecretName) secretFromInformer, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.tlsSecretName)
notFound := k8serrors.IsNotFound(err) notFound := k8serrors.IsNotFound(err)
if !notFound && err != nil { if !notFound && err != nil {
// untested
return err return err
} }
@ -722,9 +730,10 @@ func (c *impersonatorConfigController) deleteTLSSecretWhenCertificateDoesNotMatc
} }
if !nameInfo.ready { if !nameInfo.ready {
// We currently have a secret but we are waiting for a load balancer to be assigned an ingress, so // We currently have a secret, but we are waiting for a load balancer to be assigned an ingress, so
// our current secret must be old/unwanted. // our current secret must be old/unwanted.
if err = c.ensureTLSSecretIsRemoved(ctx); err != nil { if err = c.ensureTLSSecretIsRemoved(ctx); err != nil {
// untested
return false, err return false, err
} }
return true, nil return true, nil
@ -770,6 +779,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con
if secret != nil { if secret != nil {
err := c.loadTLSCertFromSecret(secret) err := c.loadTLSCertFromSecret(secret)
if err != nil { if err != nil {
// untested
return err return err
} }
return nil return nil
@ -786,6 +796,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con
err = c.loadTLSCertFromSecret(newTLSSecret) err = c.loadTLSCertFromSecret(newTLSSecret)
if err != nil { if err != nil {
// untested
return err return err
} }
@ -795,6 +806,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con
func (c *impersonatorConfigController) ensureCASecretIsCreated(ctx context.Context) (*certauthority.CA, error) { func (c *impersonatorConfigController) ensureCASecretIsCreated(ctx context.Context) (*certauthority.CA, error) {
caSecret, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.caSecretName) caSecret, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.caSecretName)
if err != nil && !k8serrors.IsNotFound(err) { if err != nil && !k8serrors.IsNotFound(err) {
// untested
return nil, err return nil, err
} }
@ -816,11 +828,13 @@ func (c *impersonatorConfigController) ensureCASecretIsCreated(ctx context.Conte
func (c *impersonatorConfigController) createCASecret(ctx context.Context) (*certauthority.CA, error) { func (c *impersonatorConfigController) createCASecret(ctx context.Context) (*certauthority.CA, error) {
impersonationCA, err := certauthority.New(caCommonName, approximatelyOneHundredYears) impersonationCA, err := certauthority.New(caCommonName, approximatelyOneHundredYears)
if err != nil { if err != nil {
// untested
return nil, fmt.Errorf("could not create impersonation CA: %w", err) return nil, fmt.Errorf("could not create impersonation CA: %w", err)
} }
caPrivateKeyPEM, err := impersonationCA.PrivateKeyToPEM() caPrivateKeyPEM, err := impersonationCA.PrivateKeyToPEM()
if err != nil { if err != nil {
// untested
return nil, err return nil, err
} }
@ -874,6 +888,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromLoadBalancer()
return &certNameInfo{ready: false}, nil return &certNameInfo{ready: false}, nil
} }
if err != nil { if err != nil {
// untested
return nil, err return nil, err
} }
ingresses := lb.Status.LoadBalancer.Ingress ingresses := lb.Status.LoadBalancer.Ingress
@ -908,6 +923,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromClusterIPServic
return &certNameInfo{ready: false}, nil return &certNameInfo{ready: false}, nil
} }
if err != nil { if err != nil {
// untested
return nil, err return nil, err
} }
ip := clusterIP.Spec.ClusterIP ip := clusterIP.Spec.ClusterIP
@ -924,6 +940,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromClusterIPServic
} }
return &certNameInfo{ready: true, selectedIPs: parsedIPs, clientEndpoint: ip}, nil return &certNameInfo{ready: true, selectedIPs: parsedIPs, clientEndpoint: ip}, nil
} }
// untested
return &certNameInfo{ready: false}, nil return &certNameInfo{ready: false}, nil
} }
@ -935,11 +952,13 @@ func (c *impersonatorConfigController) createNewTLSSecret(ctx context.Context, c
impersonationCert, err := ca.IssueServerCert(hostnames, ips, approximatelyOneHundredYears) impersonationCert, err := ca.IssueServerCert(hostnames, ips, approximatelyOneHundredYears)
if err != nil { if err != nil {
// untested
return nil, fmt.Errorf("could not create impersonation cert: %w", err) return nil, fmt.Errorf("could not create impersonation cert: %w", err)
} }
certPEM, keyPEM, err := certauthority.ToPEM(impersonationCert) certPEM, keyPEM, err := certauthority.ToPEM(impersonationCert)
if err != nil { if err != nil {
// untested
return nil, err return nil, err
} }
@ -969,6 +988,7 @@ func (c *impersonatorConfigController) loadTLSCertFromSecret(tlsSecret *v1.Secre
keyPEM := tlsSecret.Data[v1.TLSPrivateKeyKey] keyPEM := tlsSecret.Data[v1.TLSPrivateKeyKey]
if err := c.tlsServingCertDynamicCertProvider.SetCertKeyContent(certPEM, keyPEM); err != nil { if err := c.tlsServingCertDynamicCertProvider.SetCertKeyContent(certPEM, keyPEM); err != nil {
// untested
return fmt.Errorf("could not parse TLS cert PEM data from Secret: %w", err) return fmt.Errorf("could not parse TLS cert PEM data from Secret: %w", err)
} }
@ -983,6 +1003,7 @@ func (c *impersonatorConfigController) loadTLSCertFromSecret(tlsSecret *v1.Secre
func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Context) error { func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Context) error {
tlsSecretExists, secret, err := c.tlsSecretExists() tlsSecretExists, secret, err := c.tlsSecretExists()
if err != nil { if err != nil {
// untested
return err return err
} }
if !tlsSecretExists { if !tlsSecretExists {