Update test

Author: clement0010

app/handlers/tests/test_handlers_services.py

@@ -6,7 +6,6 @@
 import yaml
 from kopf._core.intents.causes import Reason
 
-from app.api.tests.factories import BASE64_OF_VALID_CA_CERT
 from app.crds import ResourceType
 from app.handlers.handlers_services import (
     ALLOWED_EXTRA_ANNOTATIONS,
@@ -15,7 +14,6 @@
     service_to_twingate_resource,
     twingate_service_create,
 )
-from app.utils_k8s import get_ca_cert
 
 # Ignore the fact we use _cogs here
 
@@ -173,25 +171,13 @@ def test_with_extra_annotation(
         assert result == expected
 
     def test_kubernetes_resource_type_annotation(
-        self,
-        example_cluster_ip_gateway_service_body,
-        k8s_core_client_mock,
-        k8s_tls_secret_mock,
+        self, example_cluster_ip_gateway_service_body
     ):
         tls_object_name = "gateway-tls"
         namespace = "custom-namespace"
-        k8s_core_client_mock.read_namespaced_secret.return_value = k8s_tls_secret_mock
-
-        with patch(
-            "app.handlers.handlers_services.get_ca_cert", wraps=get_ca_cert
-        ) as get_ca_cert_mock:
-            result = service_to_twingate_resource(
-                example_cluster_ip_gateway_service_body, namespace
-            )
 
-        get_ca_cert_mock.assert_called_once_with(k8s_tls_secret_mock)
-        k8s_core_client_mock.read_namespaced_secret.assert_called_once_with(
-            namespace=namespace, name=tls_object_name
+        result = service_to_twingate_resource(
+            example_cluster_ip_gateway_service_body, namespace
         )
 
         assert result["spec"] == {
@@ -200,7 +186,10 @@ def test_kubernetes_resource_type_annotation(
             "alias": "alias.int",
             "proxy": {
                 "address": "kubernetes-gateway.custom-namespace.svc.cluster.local",
-                "certificateAuthorityCert": BASE64_OF_VALID_CA_CERT,
+                "certificateAuthorityCertSecretRef": {
+                    "name": tls_object_name,
+                    "namespace": namespace,
+                },
             },
             "protocols": {
                 "allowIcmp": False,
@@ -231,19 +220,6 @@ def test_kubernetes_resource_type_annotation_without_tls_secret_annotation(
                 example_cluster_ip_gateway_service_body, "default"
             )
 
-    def test_kubernetes_resource_type_annotation_without_k8s_secret_object(
-        self, example_cluster_ip_gateway_service_body, k8s_core_client_mock
-    ):
-        k8s_core_client_mock.read_namespaced_secret.return_value = None
-
-        with pytest.raises(
-            kopf.PermanentError,
-            match=r"Kubernetes Secret object: gateway-tls is missing.",
-        ):
-            service_to_twingate_resource(
-                example_cluster_ip_gateway_service_body, "default"
-            )
-
     @pytest.mark.parametrize(
         ("status", "expected"),
         [
@@ -255,16 +231,10 @@ def test_kubernetes_resource_type_annotation_without_k8s_secret_object(
         ],
     )
     def test_kubernetes_resource_with_load_balancer_service_type(
-        self,
-        example_load_balancer_gateway_service_body,
-        k8s_core_client_mock,
-        k8s_tls_secret_mock,
-        status,
-        expected,
+        self, example_load_balancer_gateway_service_body, status, expected
     ):
         tls_object_name = "gateway-tls"
         namespace = "default"
-        k8s_core_client_mock.read_namespaced_secret.return_value = k8s_tls_secret_mock
 
         with patch(
             "kopf._cogs.structs.bodies.Body.status",
@@ -275,17 +245,16 @@ def test_kubernetes_resource_with_load_balancer_service_type(
                 example_load_balancer_gateway_service_body, namespace
             )
 
-        k8s_core_client_mock.read_namespaced_secret.assert_called_once_with(
-            namespace=namespace, name=tls_object_name
-        )
-
         assert result["spec"] == {
             "name": "kubernetes-gateway-resource",
             "address": "kubernetes.default.svc.cluster.local",
             "alias": "alias.int",
             "proxy": {
                 "address": expected,
-                "certificateAuthorityCert": BASE64_OF_VALID_CA_CERT,
+                "certificateAuthorityCertSecretRef": {
+                    "name": tls_object_name,
+                    "namespace": namespace,
+                },
             },
             "protocols": {
                 "allowIcmp": False,

tests_integration/test_resource_flows.py

@@ -164,6 +164,7 @@ def test_kubernetes_resource_flows(
           tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBM2kxTlZmSnZPY2N2a2pWZVZ5NUxPTzE2T3IxdmZhSWp6cXRwaWhrYWVta1VIYW1MCmtzZ3I0a1NrbkJRSGh5S1hJbzNGbXhnaEdCY1VXTFZkNWMzbmJPaHlOVXVmNlg5SmFPcUl2YmVBWW1oOEN2NSsKMTNxTXdmbmprVUNZZDkzOE9xUmFQek04UEdjRTZxVHR0YVdlRWs2NGNvS09tSVFoaGlMM0tuaHprcWluUzd5eAp2WmlTZ2JVVktoWWhYN2pvL3FiU1c0VzJYbVJWaWNPUVd5VnlWWC9zOTZBY2dMK0MzQlJ6clczSnVZa1hPak9xCnprVE96MGJOWi9ZNlRaV1BNRHZPM3czVmZxT3NRWDg1V05TWE9wYjVSdysyNkFxVkdtN1dVWVlJTTV6Ry9vRHQKajRHTU5zU2hqd1pyL2hEdzBRTlB2N2xEZmI5dmpnQ0VQeWhvcFFJREFRQUJBb0lCQUNEYldrQ0hwZU5KamNOMQptUW9Ua3BSTXFuTGRhUXVQV3ZSSmJVWTdDQ3RxTnN0Y000UDFqbWZiOXV3T0dqN2w0cXY5ZzJlNFhjeU9QVGdSCk9sMnQ0YmU5ZUlaaE5MajNWZ2ZxQjJibktGbGxVbExkNkN3OXQydElaVnNwem1LTHRhMkdlTUkzOVlTSlI3VGIKeHp2QnptcXVzYUJkcG5EdnVYVjQza3l0bTRub21LcXp4aW12NXNIcE5yakJiWWExeVFLUjNPR1VUb3JsdSttdQp3cW03enRraDdXbFBoNENFcVFibytSZmJ6dUNKd2pWMXRiSDhpQTFmdDRkckd0dC9rRmhnKytZa3BmSi9sb1hXCkxodlVwdTdDL0Z3enVpWFA5V2VpMkVjbnd3b3lPNFVBcTk5VWFNN1BFUWlzZG5QQzNUZ0tlN2pEeE1NaTVZZXQKNEpubS9kRUNnWUVBNzlNR3VSVDR3VVlpdmhLYXRWdFdhWkNtQjZSckRia1hITGl4Y2lPV3MxZTVtN201aU1VVQphZWlMaGU3bGFZNm1qRTF1UGVLbEh6OVB3bkUxTWM2a1lZdmc1QzYvZUpsaE0wbGMraU9kWUlHN3hCVzFRWkY0CjU5WkFEVWQxeVFva0lnQlBJNDJyRjQ1RHhFa1lOWU81ZmFBdW5ZYmQ0Ni9ZSVY4M1BtUEdRbWNDZ1lFQTdTbVEKY1BYTmpjY0pMelZGeTRaYmlEQ0t5bW03NGorTXBWYkNJUE56ZU0vbWVZUWl4MHFDS3lLYWtxWC9SUnhrdmQ3dQp3akQ2ejd5T29mZHNqaTl0SFY5dSs5UGxxRC9lMEU3QWFhQ3kzSjFWNVR2cW5Ud1prWmg4K0wzOXpnOXlYWmRJClJUTXJ0d2VZYmV1cGo0bldocWozcklsZy9JU3h1SjAxNE1CenpSTUNnWUJRMjRWWXdZbGRJSmgySFMrc0ZhOTgKeUJneVcyejhvM3IzWkEzdnZiQUJwNEljenZHTysyTjJrY0Q0MXlMaUJBYURKMWdUNVdabXNxSGhuT21pY1ZsYQp5aDU0MElvZHp4akdnZVduTUhyUEh1NS9uaElPbVUxNlhQSWJpQXhlUzkwQzJiZlU5TjdLZ2x5MndTNDRYTUVkCmFmUk5pRHNubVJIMXJuU2h4R0lENFFLQmdRREF6NWJuejE3alVock1iNUlqeWtMbU1SalZRU3NINE1TV3N6YzIKbE5hZk5ON2FraXU0UElJaFVZdTdpQXRHQTdSL2pSd3RjcWFtZDFTNnB5NXhWbXR1Z3VUM0JhbmpwTEdnUnpZMQphZm1nVktXOXJYMnJnVzRFS2FZSWtHWWt2ZmdyME05bnV4ZGlRV0dTbEJLUmFPMnBJdnZoSVB0aHNQdlA3TGdkCjFqa1BVd0tCZ1FESVNRZGlUWW1HTkdaS2dSa2hoOFZndm1WZUJVdy82bEJzNnVzMEMzM2NkYWpJbGtYZ3lEOEMKZHJ0a2QvUXdBeDBCcmliZWxCUzl2VVhNOFZIUlJwZzFqVy9yTHpKTzhBc2g0Q1ZCSG55eXFnb2hwdC9iV0RXQQo4bkhRdHViY2JpOGE3OFhuM3krOXRKVnMyWllGYjNzOWRGNCt2SHYveDk4c0dSRityOTg3MWc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
     """
 
+    # The CA cert stored in the K8s TLS secret object above
     CA_CERT = r"-----BEGIN CERTIFICATE-----\nMIIDJjCCAg6gAwIBAgIQCusAnz9lDpg1cwyNheSN9TANBgkqhkiG9w0BAQsFADAt\nMSswKQYDVQQDEyJsb2NhbC1rdWJlcm5ldGVzLWFjY2Vzcy1nYXRld2F5LWNhMB4X\nDTI1MTAwODE1MzI0N1oXDTI2MDEwNjE1MzI0N1owLTErMCkGA1UEAxMibG9jYWwt\na3ViZXJuZXRlcy1hY2Nlc3MtZ2F0ZXdheS1jYTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAOvSFQGMz6mFxX0UCqsdMfL1KaPu+GRikLdD2LiC87Wi+uwu\nr9qi+R71NwTWxqaRxvepNsW0adF+v8gwG76nJju6Kwo5Uw3q0Ih7Yjxqql7KZxbe\nCL3BXK8muoJnNrRkz32CLSXj6TQsYrSFqFZmnNI/fkhQOvhXo9JWmhlnav6X+RDe\nagjsoDwedWbvyvndzTwVhuRBGECzXESGRAy2GUk5z1y65f3MP7NV+u0Z0vNw0KRk\nQrcST05WKyEfXeJC8s5s6YVosdMqFtsgWkO847MNGvXsMrctS7XMRGMy4pUIzTB5\ntr+ra4Cde60dZM4sI83/Vhznu9zxbuAFLdU6GFMCAwEAAaNCMEAwDgYDVR0PAQH/\nBAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIelwwlXcgS/kjFYchjC\nYYMs4QCoMA0GCSqGSIb3DQEBCwUAA4IBAQAI6WrbS06LGqD9xT7SnxXf9zbT+Dhj\n6ChXNosR8BJ6xD/v0SsDWvn6GHxV4dGzarpU7Q9JK3Gv6Rarbz3j+Sk27b61Df6k\nDc5AD77XQIZ/911Rn+pY7syFhouuZctSIAtK95aVsFy3nZI7PU6sMlZ3ODnbXJNF\nLBF0zf1aR+u98cfEXB1XRgyeIj3SuCbAVR61YcHy4FS6gQ38dGadjQg6SxAfrRZZ\nDytJ2/v3vbB4QbaWY8sNL0qEZcPd5xvUNWP9VbnveUmNepanYZmrFWwF2Q7WWgeh\nUJzt5vg1D5TTrq4x6uiEL/yCeqciO/HRHI7pFMwZyEY62JsN4NBz92mf\n-----END CERTIFICATE-----"
 
     # fmt: off