Mark untested code paths

internal/controller/impersonatorconfig/impersonator_config.go

@@ -256,6 +256,7 @@ func (c *impersonatorConfigController) doSync(syncCtx controllerlib.Context, cre
 		}
 	} else {
 		if err = c.ensureImpersonatorIsStopped(true); err != nil {
+			// untested
 			return nil, err
 		}
 	}
@@ -378,6 +379,7 @@ func (c *impersonatorConfigController) serviceExists(serviceName string) (bool,
 		return false, nil, nil
 	}
 	if err != nil {
+		// untested
 		return false, nil, err
 	}
 	return true, service, nil
@@ -390,6 +392,7 @@ func (c *impersonatorConfigController) tlsSecretExists() (bool, *v1.Secret, erro
 		return false, nil, nil
 	}
 	if err != nil {
+		// untested
 		return false, nil, err
 	}
 	return true, secret, nil
@@ -496,6 +499,7 @@ func (c *impersonatorConfigController) ensureLoadBalancerIsStarted(ctx context.C
 func (c *impersonatorConfigController) ensureLoadBalancerIsStopped(ctx context.Context) error {
 	running, service, err := c.serviceExists(c.generatedLoadBalancerServiceName)
 	if err != nil {
+		// untested
 		return err
 	}
 	if !running {
@@ -541,6 +545,7 @@ func (c *impersonatorConfigController) ensureClusterIPServiceIsStarted(ctx conte
 func (c *impersonatorConfigController) ensureClusterIPServiceIsStopped(ctx context.Context) error {
 	running, service, err := c.serviceExists(c.generatedClusterIPServiceName)
 	if err != nil {
+		// untested
 		return err
 	}
 	if !running {
@@ -576,6 +581,7 @@ func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context
 		sort.Strings(desiredAnnotationKeys)
 		keysJSONArray, err := json.Marshal(desiredAnnotationKeys)
 		if err != nil {
+			// untested
 			return err // This shouldn't really happen. We should always be able to marshal an array of strings.
 		}
 		// Save the desired annotations to a bookkeeping annotation.
@@ -590,6 +596,7 @@ func (c *impersonatorConfigController) createOrUpdateService(ctx context.Context
 		return err
 	}
 	if err != nil {
+		// untested
 		return err
 	}
 
@@ -653,6 +660,7 @@ func (c *impersonatorConfigController) ensureTLSSecret(ctx context.Context, name
 	secretFromInformer, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.tlsSecretName)
 	notFound := k8serrors.IsNotFound(err)
 	if !notFound && err != nil {
+		// untested
 		return err
 	}
 
@@ -722,9 +730,10 @@ func (c *impersonatorConfigController) deleteTLSSecretWhenCertificateDoesNotMatc
 	}
 
 	if !nameInfo.ready {
-		// We currently have a secret but we are waiting for a load balancer to be assigned an ingress, so
+		// We currently have a secret, but we are waiting for a load balancer to be assigned an ingress, so
 		// our current secret must be old/unwanted.
 		if err = c.ensureTLSSecretIsRemoved(ctx); err != nil {
+			// untested
 			return false, err
 		}
 		return true, nil
@@ -770,6 +779,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con
 	if secret != nil {
 		err := c.loadTLSCertFromSecret(secret)
 		if err != nil {
+			// untested
 			return err
 		}
 		return nil
@@ -786,6 +796,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con
 
 	err = c.loadTLSCertFromSecret(newTLSSecret)
 	if err != nil {
+		// untested
 		return err
 	}
 
@@ -795,6 +806,7 @@ func (c *impersonatorConfigController) ensureTLSSecretIsCreatedAndLoaded(ctx con
 func (c *impersonatorConfigController) ensureCASecretIsCreated(ctx context.Context) (*certauthority.CA, error) {
 	caSecret, err := c.secretsInformer.Lister().Secrets(c.namespace).Get(c.caSecretName)
 	if err != nil && !k8serrors.IsNotFound(err) {
+		// untested
 		return nil, err
 	}
 
@@ -816,11 +828,13 @@ func (c *impersonatorConfigController) ensureCASecretIsCreated(ctx context.Conte
 func (c *impersonatorConfigController) createCASecret(ctx context.Context) (*certauthority.CA, error) {
 	impersonationCA, err := certauthority.New(caCommonName, approximatelyOneHundredYears)
 	if err != nil {
+		// untested
 		return nil, fmt.Errorf("could not create impersonation CA: %w", err)
 	}
 
 	caPrivateKeyPEM, err := impersonationCA.PrivateKeyToPEM()
 	if err != nil {
+		// untested
 		return nil, err
 	}
 
@@ -874,6 +888,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromLoadBalancer()
 		return &certNameInfo{ready: false}, nil
 	}
 	if err != nil {
+		// untested
 		return nil, err
 	}
 	ingresses := lb.Status.LoadBalancer.Ingress
@@ -908,6 +923,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromClusterIPServic
 		return &certNameInfo{ready: false}, nil
 	}
 	if err != nil {
+		// untested
 		return nil, err
 	}
 	ip := clusterIP.Spec.ClusterIP
@@ -924,6 +940,7 @@ func (c *impersonatorConfigController) findTLSCertificateNameFromClusterIPServic
 		}
 		return &certNameInfo{ready: true, selectedIPs: parsedIPs, clientEndpoint: ip}, nil
 	}
+	// untested
 	return &certNameInfo{ready: false}, nil
 }
 
@@ -935,11 +952,13 @@ func (c *impersonatorConfigController) createNewTLSSecret(ctx context.Context, c
 
 	impersonationCert, err := ca.IssueServerCert(hostnames, ips, approximatelyOneHundredYears)
 	if err != nil {
+		// untested
 		return nil, fmt.Errorf("could not create impersonation cert: %w", err)
 	}
 
 	certPEM, keyPEM, err := certauthority.ToPEM(impersonationCert)
 	if err != nil {
+		// untested
 		return nil, err
 	}
 
@@ -969,6 +988,7 @@ func (c *impersonatorConfigController) loadTLSCertFromSecret(tlsSecret *v1.Secre
 	keyPEM := tlsSecret.Data[v1.TLSPrivateKeyKey]
 
 	if err := c.tlsServingCertDynamicCertProvider.SetCertKeyContent(certPEM, keyPEM); err != nil {
+		// untested
 		return fmt.Errorf("could not parse TLS cert PEM data from Secret: %w", err)
 	}
 
@@ -983,6 +1003,7 @@ func (c *impersonatorConfigController) loadTLSCertFromSecret(tlsSecret *v1.Secre
 func (c *impersonatorConfigController) ensureTLSSecretIsRemoved(ctx context.Context) error {
 	tlsSecretExists, secret, err := c.tlsSecretExists()
 	if err != nil {
+		// untested
 		return err
 	}
 	if !tlsSecretExists {