test: E2E tests for all kinds

Author: yamaceay

internal/clients/hana/auditpolicy/auditpolicy_client.go

@@ -155,7 +155,14 @@ func (c Client) Delete(ctx context.Context, parameters *v1alpha1.AuditPolicyPara
 	return nil
 }
 
+func TrimAllUsersFromAction(action string) string {
+	return strings.ReplaceAll(action, " FOR PRINCIPALS ALL USERS", "")
+}
+
 func OptimizeAuditActions(actionStrings []string) []string {
+	if len(actionStrings) == 0 {
+		return actionStrings
+	}
 	for i := range actionStrings {
 		actionStrings[i] = strings.ReplaceAll(actionStrings[i], " FOR PRINCIPALS ALL USERS", "")
 	}
@@ -239,39 +246,6 @@ func parseUsersList(usersPart string) ([]parsedPrincipal, error) {
 	return parsedUsers, nil
 }
 
-func parseIntoActions(action string) ([]parsedAction, error) {
-	actions := []parsedAction{}
-	actionNames := action
-
-	partialAction := parsedAction{}
-	if exceptForParts := strings.SplitN(action, " EXCEPT FOR ", 2); len(exceptForParts) == 2 {
-		actionNames = exceptForParts[0]
-		afterExceptFor := exceptForParts[1]
-		partialUsers, err := parseUsersList(afterExceptFor)
-		if err != nil {
-			return nil, err
-		}
-		partialAction.auditExceptFor = partialUsers
-	} else if forParts := strings.SplitN(exceptForParts[0], " FOR ", 2); len(forParts) == 2 {
-		actionNames = forParts[0]
-		afterFor := forParts[1]
-		partialUsers, err := parseUsersList(afterFor)
-		if err != nil {
-			return nil, err
-		}
-		partialAction.auditFor = partialUsers
-	}
-	for _, actionName := range strings.Split(actionNames, ",") {
-		action := parsedAction{
-			actionNames:    []string{strings.ToUpper(strings.TrimSpace(actionName))},
-			auditFor:       partialAction.auditFor,
-			auditExceptFor: partialAction.auditExceptFor,
-		}
-		actions = append(actions, action)
-	}
-	return actions, nil
-}
-
 func getUniqueString(input []string) string {
 	sorted := make([]string, len(input))
 	copy(sorted, input)
@@ -281,23 +255,6 @@ func getUniqueString(input []string) string {
 	return uniqueString
 }
 
-func updatePrincipals(actionNames []string, principals []parsedPrincipal, principalMap map[string][]string, principalSelfMap map[string][]parsedPrincipal) {
-	users := []string{}
-	usergroups := []string{}
-	for _, principal := range principals {
-		if principal.user != "" {
-			users = append(users, principal.user)
-		} else if principal.usergroup != "" {
-			usergroups = append(usergroups, principal.usergroup)
-		}
-	}
-	uniqueUsersString := getUniqueString(users)
-	uniqueUsergroupsString := getUniqueString(usergroups)
-	uniqueString := uniqueUsersString + ";" + uniqueUsergroupsString
-	principalMap[uniqueString] = append(principalMap[uniqueString], actionNames...)
-	principalSelfMap[uniqueString] = principals
-}
-
 func splitActions(actions []parsedAction) (noUserMap []string, forPrincipalsMap map[string][]string, forPrincipalsSelfMap map[string][]parsedPrincipal, exceptForPrincipalsMap map[string][]string, exceptForPrincipalsSelfMap map[string][]parsedPrincipal) {
 	noUserMap = []string{}
 	forPrincipalsMap = make(map[string][]string)
@@ -371,6 +328,56 @@ func stringifyParsedAction(pa parsedAction) string {
 	return actionStr
 }
 
+func parseIntoActions(action string) ([]parsedAction, error) {
+	actions := []parsedAction{}
+	actionNames := action
+
+	partialAction := parsedAction{}
+	if exceptForParts := strings.SplitN(action, " EXCEPT FOR ", 2); len(exceptForParts) == 2 {
+		actionNames = exceptForParts[0]
+		afterExceptFor := exceptForParts[1]
+		partialUsers, err := parseUsersList(afterExceptFor)
+		if err != nil {
+			return nil, err
+		}
+		partialAction.auditExceptFor = partialUsers
+	} else if forParts := strings.SplitN(exceptForParts[0], " FOR ", 2); len(forParts) == 2 {
+		actionNames = forParts[0]
+		afterFor := forParts[1]
+		partialUsers, err := parseUsersList(afterFor)
+		if err != nil {
+			return nil, err
+		}
+		partialAction.auditFor = partialUsers
+	}
+	for _, actionName := range strings.Split(actionNames, ",") {
+		action := parsedAction{
+			actionNames:    []string{strings.ToUpper(strings.TrimSpace(actionName))},
+			auditFor:       partialAction.auditFor,
+			auditExceptFor: partialAction.auditExceptFor,
+		}
+		actions = append(actions, action)
+	}
+	return actions, nil
+}
+
+func updatePrincipals(actionNames []string, principals []parsedPrincipal, principalMap map[string][]string, principalSelfMap map[string][]parsedPrincipal) {
+	users := []string{}
+	usergroups := []string{}
+	for _, principal := range principals {
+		if principal.user != "" {
+			users = append(users, principal.user)
+		} else if principal.usergroup != "" {
+			usergroups = append(usergroups, principal.usergroup)
+		}
+	}
+	uniqueUsersString := getUniqueString(users)
+	uniqueUsergroupsString := getUniqueString(usergroups)
+	uniqueString := uniqueUsersString + ";" + uniqueUsergroupsString
+	principalMap[uniqueString] = append(principalMap[uniqueString], actionNames...)
+	principalSelfMap[uniqueString] = principals
+}
+
 func prepareCreateSql(parameters *v1alpha1.AuditPolicyParameters) []string {
 	queryLeft := fmt.Sprintf(`CREATE AUDIT POLICY "%s" AUDITING %s`, utils.EscapeDoubleQuotes(parameters.PolicyName), parameters.AuditStatus)
 	queryRight := fmt.Sprintf("LEVEL %s TRAIL TYPE TABLE RETENTION %d", parameters.AuditLevel, *parameters.AuditTrailRetention)

internal/clients/hana/privilege/privilege.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/SAP/crossplane-provider-hana/apis/admin/v1alpha1"
 	"github.com/SAP/crossplane-provider-hana/internal/clients/xsql"
+	"github.com/SAP/crossplane-provider-hana/internal/utils"
 )
 
 const (
@@ -493,7 +494,7 @@ func groupPrivilegesByTypeAndIdentifier(privileges []Privilege) []PrivilegeGroup
 }
 
 func GetDefaultPrivilege(defaultSchema string) string {
-	return fmt.Sprintf(`CREATE ANY ON SCHEMA %s WITH GRANT OPTION`, defaultSchema)
+	return fmt.Sprintf(`CREATE ANY ON SCHEMA "%s" WITH GRANT OPTION`, utils.EscapeDoubleQuotes(defaultSchema))
 }
 
 // FilterManagedPrivileges filters the observed privileges based on the management policy

internal/controller/user/reconciler.go

@@ -568,6 +568,8 @@ func (c *external) transformParameters(parameters map[string]string) map[string]
 
 func (c *external) buildDesiredParameters(cr *v1alpha1.User) *v1alpha1.UserParameters {
 	parameters := handleDefaults(cr)
+
+	parameters.Parameters = c.transformParameters(parameters.Parameters)
 	return parameters
 }
 

test/e2e/audit_policy_test.go

@@ -0,0 +1,141 @@
+//go:build e2e
+
+package e2e
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/SAP/crossplane-provider-hana/apis/admin/v1alpha1"
+	"github.com/crossplane-contrib/xp-testing/pkg/resources"
+
+	"sigs.k8s.io/e2e-framework/klient/decoder"
+	"sigs.k8s.io/e2e-framework/klient/k8s"
+	k8sresources "sigs.k8s.io/e2e-framework/klient/k8s/resources"
+	"sigs.k8s.io/e2e-framework/klient/wait"
+	"sigs.k8s.io/e2e-framework/klient/wait/conditions"
+	"sigs.k8s.io/e2e-framework/pkg/envconf"
+	"sigs.k8s.io/e2e-framework/pkg/features"
+)
+
+type AuditPolicyTestConfig struct {
+	TestConfig *resources.ResourceTestConfig
+	Resource   *k8sresources.Resources
+	Objects    []k8s.Object
+}
+
+func TestAuditPolicy(t *testing.T) {
+	testConfig := resources.NewResourceTestConfig(nil, "AuditPolicy")
+
+	c := &AuditPolicyTestConfig{
+		TestConfig: testConfig,
+	}
+
+	fB := features.New(fmt.Sprintf("%v", testConfig.Kind))
+	fB.WithLabel("kind", testConfig.Kind)
+	fB.Setup(c.SetupAuditPolicy)
+
+	fB.Assess("create", testConfig.AssessCreate)
+
+	fB.Assess("update", c.assessUpdate)
+
+	fB.Assess("delete", testConfig.AssessDelete)
+
+	fB.Teardown(testConfig.Teardown)
+
+	testenv.Test(t, fB.Feature())
+}
+
+func (c *AuditPolicyTestConfig) assessUpdate(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
+	for _, obj := range c.Objects {
+		if err := c.Resource.Get(ctx, obj.GetName(), obj.GetNamespace(), obj); err != nil {
+			t.Errorf("failed to get audit policy: %v", err)
+			return ctx
+		}
+
+		auditPolicy, ok := obj.(*v1alpha1.AuditPolicy)
+		if !ok {
+			t.Errorf("failed to cast object to AuditPolicy: %v", obj)
+			return ctx
+		}
+
+		auditPolicy.Spec.ForProvider.AuditActions = append(auditPolicy.Spec.ForProvider.AuditActions,
+			"REVOKE ANY",
+		)
+		res := cfg.Client().Resources()
+
+		err := res.Update(ctx, auditPolicy)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		var fn = func(u k8s.Object) bool {
+			return u.GetName() == auditPolicy.GetName() && u.GetNamespace() == auditPolicy.GetNamespace()
+		}
+
+		var areAuditActionsUpToDate = func(observed, desired []string) bool {
+			if len(observed) != len(desired) {
+				return false
+			}
+			for i, action := range observed {
+				if action != desired[i] {
+					return false
+				}
+			}
+			return true
+		}
+
+		err = wait.For(
+			conditions.New(res).ResourceMatch(auditPolicy, fn),
+		)
+		if err != nil {
+			t.Error(err)
+		}
+		if err := res.Get(ctx, auditPolicy.GetName(), auditPolicy.GetNamespace(), auditPolicy); err != nil {
+			t.Errorf("failed to get audit policy after update: %v", err)
+		} else if !areAuditActionsUpToDate(auditPolicy.Spec.ForProvider.AuditActions, auditPolicy.Spec.ForProvider.AuditActions) {
+			t.Errorf("audit policy update failed, expected audit actions to be [GRANT ANY, REVOKE ANY], got %v", auditPolicy.Spec.ForProvider.AuditActions)
+		}
+	}
+
+	return ctx
+}
+
+// Setup creates the resource in the cluster
+func (c *AuditPolicyTestConfig) SetupAuditPolicy(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
+	t.Logf("Apply AuditPolicy")
+
+	resources.ImportResources(ctx, t, cfg, c.TestConfig.ResourceDirectory)
+
+	objects := make([]k8s.Object, 0)
+	err := decoder.DecodeEachFile(
+		ctx, os.DirFS(c.TestConfig.ResourceDirectory), "*",
+		func(ctx context.Context, obj k8s.Object) error {
+			objects = append(objects, obj)
+			return nil
+		},
+		decoder.MutateNamespace(cfg.Namespace()),
+	)
+	if err != nil {
+		t.Errorf("failed to decode files: %v", err)
+		return ctx
+	}
+
+	if c.Resource, err = k8sresources.New(cfg.Client().RESTConfig()); err != nil {
+		t.Errorf("failed to create resource client: %v", err)
+		return ctx
+	}
+
+	for _, obj := range objects {
+		if _, ok := obj.(*v1alpha1.AuditPolicy); !ok {
+			t.Errorf("failed to cast object to AuditPolicy: %v", obj)
+			return ctx
+		}
+
+		c.Objects = append(c.Objects, obj)
+	}
+
+	return ctx
+}

test/e2e/crs/AuditPolicy/auditpolicy.yaml

@@ -0,0 +1,15 @@
+apiVersion: admin.hana.sap.crossplane.io/v1alpha1
+kind: AuditPolicy
+metadata:
+  name: example-auditpolicy
+spec:
+  forProvider:
+    policyName: E2E_EXAMPLE_AUDIT_POLICY
+    auditStatus: UNSUCCESSFUL
+    auditLevel: INFO
+    auditActions:
+      - GRANT ANY
+    auditTrailRetention: 30
+    enabled: true
+  providerConfigRef:
+    name: example

test/e2e/crs/DbSchema/dbSchema.yaml

@@ -4,7 +4,7 @@ metadata:
   name: example-schema
 spec:
   forProvider:
-    schemaName: EXAMPLE
+    schemaName: E2E_EXAMPLE_SCHEMA
     owner: DBADMIN
   providerConfigRef:
-    name: example
+    name: example

test/e2e/crs/Role/role.yaml

@@ -0,0 +1,9 @@
+apiVersion: admin.hana.sap.crossplane.io/v1alpha1
+kind: Role
+metadata:
+  name: example-role
+spec:
+  forProvider:
+    roleName: E2E_EXAMPLE_ROLE
+  providerConfigRef:
+    name: example

test/e2e/crs/User/user.yaml

@@ -11,6 +11,6 @@ spec:
           key: password
           name: e2e-test-user-secret
           namespace: default
-    username: E2ETESTUSER
+    username: E2E_EXAMPLE_USER
   providerConfigRef:
-    name: example
+    name: example

test/e2e/crs/Usergroup/usergroup.yaml

@@ -0,0 +1,9 @@
+apiVersion: admin.hana.sap.crossplane.io/v1alpha1
+kind: Usergroup
+metadata:
+  name: example-usergroup
+spec:
+  forProvider:
+    usergroupName: E2E_EXAMPLE_USERGROUP
+  providerConfigRef:
+    name: example