From e63ba7cc57b0c6ebde311ec90d598ee8c7897676 Mon Sep 17 00:00:00 2001
From: Jacob Floyd <cognifloyd@gmail.com>
Date: Wed, 15 Mar 2023 16:04:28 -0500
Subject: [PATCH] enhance(executor tests): Add kubernetes runtime test cases
 for Opts and Secrets tests (#439)

---
 executor/linux/opts_test.go   |  11 ++
 executor/linux/secret_test.go | 272 ++++++++++++++++++++++++++++++++++
 2 files changed, 283 insertions(+)

diff --git a/executor/linux/opts_test.go b/executor/linux/opts_test.go
index d2b30c56..a16be68c 100644
--- a/executor/linux/opts_test.go
+++ b/executor/linux/opts_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/go-vela/types/pipeline"
 	"github.com/go-vela/worker/runtime"
 	"github.com/go-vela/worker/runtime/docker"
+	"github.com/go-vela/worker/runtime/kubernetes"
 	"github.com/sirupsen/logrus"
 )
 
@@ -432,6 +433,11 @@ func TestLinux_Opt_WithRuntime(t *testing.T) {
 		t.Errorf("unable to create docker runtime engine: %v", err)
 	}
 
+	_kubernetes, err := kubernetes.NewMock(testPod(false))
+	if err != nil {
+		t.Errorf("unable to create kubernetes runtime engine: %v", err)
+	}
+
 	// setup tests
 	tests := []struct {
 		name    string
@@ -443,6 +449,11 @@ func TestLinux_Opt_WithRuntime(t *testing.T) {
 			failure: false,
 			runtime: _docker,
 		},
+		{
+			name:    "kubernetes runtime",
+			failure: false,
+			runtime: _kubernetes,
+		},
 		{
 			name:    "nil runtime",
 			failure: true,
diff --git a/executor/linux/secret_test.go b/executor/linux/secret_test.go
index 0043872c..e88d23b2 100644
--- a/executor/linux/secret_test.go
+++ b/executor/linux/secret_test.go
@@ -47,6 +47,11 @@ func TestLinux_Secret_create(t *testing.T) {
 		t.Errorf("unable to create docker runtime engine: %v", err)
 	}
 
+	_kubernetes, err := kubernetes.NewMock(testPod(false))
+	if err != nil {
+		t.Errorf("unable to create kubernetes runtime engine: %v", err)
+	}
+
 	// setup tests
 	tests := []struct {
 		name      string
@@ -68,6 +73,20 @@ func TestLinux_Secret_create(t *testing.T) {
 				Pull:        "not_present",
 			},
 		},
+		{
+			name:    "kubernetes-good image tag",
+			failure: false,
+			runtime: _kubernetes,
+			container: &pipeline.Container{
+				ID:          "secret-github-octocat-1-vault",
+				Directory:   "/vela/src/vcs.company.com/github/octocat",
+				Environment: map[string]string{"FOO": "bar"},
+				Image:       "target/secret-vault:latest",
+				Name:        "vault",
+				Number:      1,
+				Pull:        "not_present",
+			},
+		},
 		{
 			name:    "docker-notfound image tag",
 			failure: true,
@@ -82,6 +101,20 @@ func TestLinux_Secret_create(t *testing.T) {
 				Pull:        "not_present",
 			},
 		},
+		//{
+		//	name:    "kubernetes-notfound image tag",
+		//	failure: true, // FIXME: make Kubernetes mock simulate failure similar to Docker mock
+		//	runtime: _kubernetes,
+		//	container: &pipeline.Container{
+		//		ID:          "secret-github-octocat-1-vault",
+		//		Directory:   "/vela/src/vcs.company.com/github/octocat",
+		//		Environment: map[string]string{"FOO": "bar"},
+		//		Image:       "target/secret-vault:notfound",
+		//		Name:        "vault",
+		//		Number:      1,
+		//		Pull:        "not_present",
+		//	},
+		//},
 	}
 
 	// run tests
@@ -122,6 +155,7 @@ func TestLinux_Secret_delete(t *testing.T) {
 	_repo := testRepo()
 	_user := testUser()
 	_dockerSteps := testSteps(constants.DriverDocker)
+	_kubernetesSteps := testSteps(constants.DriverKubernetes)
 
 	gin.SetMode(gin.TestMode)
 
@@ -137,6 +171,11 @@ func TestLinux_Secret_delete(t *testing.T) {
 		t.Errorf("unable to create docker runtime engine: %v", err)
 	}
 
+	_kubernetes, err := kubernetes.NewMock(testPod(false))
+	if err != nil {
+		t.Errorf("unable to create kubernetes runtime engine: %v", err)
+	}
+
 	_step := new(library.Step)
 	_step.SetName("clone")
 	_step.SetNumber(2)
@@ -167,6 +206,22 @@ func TestLinux_Secret_delete(t *testing.T) {
 			step:  new(library.Step),
 			steps: _dockerSteps,
 		},
+		{
+			name:    "kubernetes-running container-empty step",
+			failure: false,
+			runtime: _kubernetes,
+			container: &pipeline.Container{
+				ID:          "secret-github-octocat-1-vault",
+				Directory:   "/vela/src/vcs.company.com/github/octocat",
+				Environment: map[string]string{"FOO": "bar"},
+				Image:       "target/secret-vault:latest",
+				Name:        "vault",
+				Number:      1,
+				Pull:        "always",
+			},
+			step:  new(library.Step),
+			steps: _kubernetesSteps,
+		},
 		{
 			name:    "docker-running container-pending step",
 			failure: false,
@@ -183,6 +238,22 @@ func TestLinux_Secret_delete(t *testing.T) {
 			step:  _step,
 			steps: _dockerSteps,
 		},
+		{
+			name:    "kubernetes-running container-pending step",
+			failure: false,
+			runtime: _kubernetes,
+			container: &pipeline.Container{
+				ID:          "secret-github-octocat-1-vault",
+				Directory:   "/vela/src/vcs.company.com/github/octocat",
+				Environment: map[string]string{"FOO": "bar"},
+				Image:       "target/secret-vault:latest",
+				Name:        "vault",
+				Number:      2,
+				Pull:        "always",
+			},
+			step:  _step,
+			steps: _kubernetesSteps,
+		},
 		{
 			name:    "docker-inspecting container failure due to invalid container id",
 			failure: true,
@@ -199,6 +270,22 @@ func TestLinux_Secret_delete(t *testing.T) {
 			step:  new(library.Step),
 			steps: _dockerSteps,
 		},
+		//{
+		//	name:    "kubernetes-inspecting container failure due to invalid container id",
+		//	failure: true, // FIXME: make Kubernetes mock simulate failure similar to Docker mock
+		//	runtime: _kubernetes,
+		//	container: &pipeline.Container{
+		//		ID:          "secret-github-octocat-1-notfound",
+		//		Directory:   "/vela/src/vcs.company.com/github/octocat",
+		//		Environment: map[string]string{"FOO": "bar"},
+		//		Image:       "target/secret-vault:latest",
+		//		Name:        "notfound",
+		//		Number:      2,
+		//		Pull:        "always",
+		//	},
+		//	step:  new(library.Step),
+		//	steps: _kubernetesSteps,
+		//},
 		{
 			name:    "docker-removing container failure",
 			failure: true,
@@ -215,6 +302,22 @@ func TestLinux_Secret_delete(t *testing.T) {
 			step:  new(library.Step),
 			steps: _dockerSteps,
 		},
+		//{
+		//	name:    "kubernetes-removing container failure",
+		//	failure: true, // FIXME: make Kubernetes mock simulate failure similar to Docker mock
+		//	runtime: _kubernetes,
+		//	container: &pipeline.Container{
+		//		ID:          "secret-github-octocat-1-ignorenotfound",
+		//		Directory:   "/vela/src/vcs.company.com/github/octocat",
+		//		Environment: map[string]string{"FOO": "bar"},
+		//		Image:       "target/secret-vault:latest",
+		//		Name:        "ignorenotfound",
+		//		Number:      2,
+		//		Pull:        "always",
+		//	},
+		//	step:  new(library.Step),
+		//	steps: _kubernetesSteps,
+		//},
 	}
 
 	// run tests
@@ -298,12 +401,24 @@ func TestLinux_Secret_exec(t *testing.T) {
 			runtime:  constants.DriverDocker,
 			pipeline: "testdata/build/secrets/basic.yml",
 		},
+		{
+			name:     "kubernetes-basic secrets pipeline",
+			failure:  false,
+			runtime:  constants.DriverKubernetes,
+			pipeline: "testdata/build/secrets/basic.yml",
+		},
 		{
 			name:     "docker-pipeline with secret name not found",
 			failure:  true,
 			runtime:  constants.DriverDocker,
 			pipeline: "testdata/build/secrets/name_notfound.yml",
 		},
+		//{
+		//	name:     "kubernetes-pipeline with secret name not found",
+		//	failure:  true, // FIXME:  make Kubernetes mock simulate failure similar to Docker mock
+		//	runtime:  constants.DriverKubernetes,
+		//	pipeline: "testdata/build/secrets/name_notfound.yml",
+		//},
 	}
 
 	// run tests
@@ -406,6 +521,11 @@ func TestLinux_Secret_pull(t *testing.T) {
 		t.Errorf("unable to create docker runtime engine: %v", err)
 	}
 
+	_kubernetes, err := kubernetes.NewMock(testPod(false))
+	if err != nil {
+		t.Errorf("unable to create kubernetes runtime engine: %v", err)
+	}
+
 	// setup tests
 	tests := []struct {
 		name    string
@@ -426,6 +546,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-success with org secret",
+			failure: false,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "github/foo",
+				Engine: "native",
+				Type:   "org",
+				Origin: &pipeline.Container{},
+			},
+		},
 		{
 			name:    "docker-failure with invalid org secret",
 			failure: true,
@@ -439,6 +572,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-failure with invalid org secret",
+			failure: true,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "foo/foo/foo",
+				Engine: "native",
+				Type:   "org",
+				Origin: &pipeline.Container{},
+			},
+		},
 		{
 			name:    "docker-failure with org secret key not found",
 			failure: true,
@@ -452,6 +598,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-failure with org secret key not found",
+			failure: true,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "not-found",
+				Engine: "native",
+				Type:   "org",
+				Origin: &pipeline.Container{},
+			},
+		},
 		{
 			name:    "docker-success with repo secret",
 			failure: false,
@@ -465,6 +624,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-success with repo secret",
+			failure: false,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "github/octocat/foo",
+				Engine: "native",
+				Type:   "repo",
+				Origin: &pipeline.Container{},
+			},
+		},
 		{
 			name:    "docker-failure with invalid repo secret",
 			failure: true,
@@ -478,6 +650,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-failure with invalid repo secret",
+			failure: true,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "foo/foo/foo/foo",
+				Engine: "native",
+				Type:   "repo",
+				Origin: &pipeline.Container{},
+			},
+		},
 		{
 			name:    "docker-failure with repo secret key not found",
 			failure: true,
@@ -491,6 +676,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-failure with repo secret key not found",
+			failure: true,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "not-found",
+				Engine: "native",
+				Type:   "repo",
+				Origin: &pipeline.Container{},
+			},
+		},
 		{
 			name:    "docker-success with shared secret",
 			failure: false,
@@ -504,6 +702,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-success with shared secret",
+			failure: false,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "github/octokitties/foo",
+				Engine: "native",
+				Type:   "shared",
+				Origin: &pipeline.Container{},
+			},
+		},
 		{
 			name:    "docker-failure with shared secret key not found",
 			failure: true,
@@ -517,6 +728,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-failure with shared secret key not found",
+			failure: true,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "not-found",
+				Engine: "native",
+				Type:   "shared",
+				Origin: &pipeline.Container{},
+			},
+		},
 		{
 			name:    "docker-failure with invalid type",
 			failure: true,
@@ -530,6 +754,19 @@ func TestLinux_Secret_pull(t *testing.T) {
 				Origin: &pipeline.Container{},
 			},
 		},
+		{
+			name:    "kubernetes-failure with invalid type",
+			failure: true,
+			runtime: _kubernetes,
+			secret: &pipeline.Secret{
+				Name:   "foo",
+				Value:  "bar",
+				Key:    "github/octokitties/foo",
+				Engine: "native",
+				Type:   "invalid",
+				Origin: &pipeline.Container{},
+			},
+		},
 	}
 
 	// run tests
@@ -585,6 +822,11 @@ func TestLinux_Secret_stream(t *testing.T) {
 		t.Errorf("unable to create docker runtime engine: %v", err)
 	}
 
+	_kubernetes, err := kubernetes.NewMock(testPod(false))
+	if err != nil {
+		t.Errorf("unable to create kubernetes runtime engine: %v", err)
+	}
+
 	// setup tests
 	tests := []struct {
 		name      string
@@ -608,6 +850,21 @@ func TestLinux_Secret_stream(t *testing.T) {
 				Pull:        "always",
 			},
 		},
+		{
+			name:    "kubernetes-container step succeeds",
+			failure: false,
+			runtime: _kubernetes,
+			logs:    new(library.Log),
+			container: &pipeline.Container{
+				ID:          "step-github-octocat-1-init",
+				Directory:   "/home/github/octocat",
+				Environment: map[string]string{"FOO": "bar"},
+				Image:       "#init",
+				Name:        "init",
+				Number:      1,
+				Pull:        "always",
+			},
+		},
 		{
 			name:    "docker-container step fails because of invalid container id",
 			failure: true,
@@ -623,6 +880,21 @@ func TestLinux_Secret_stream(t *testing.T) {
 				Pull:        "always",
 			},
 		},
+		//{
+		//	name:    "kubernetes-container step fails because of invalid container id",
+		//	failure: true, // FIXME: make Kubernetes mock simulate failure similar to Docker mock
+		//	runtime: _kubernetes,
+		//	logs:    new(library.Log),
+		//	container: &pipeline.Container{
+		//		ID:          "secret-github-octocat-1-notfound",
+		//		Directory:   "/vela/src/vcs.company.com/github/octocat",
+		//		Environment: map[string]string{"FOO": "bar"},
+		//		Image:       "target/secret-vault:latest",
+		//		Name:        "notfound",
+		//		Number:      2,
+		//		Pull:        "always",
+		//	},
+		//},
 	}
 
 	// run tests