tests: Add unit tests to image-updater pkg/image

chengfang · chengfang · commit 98befa877b08 · 2024-08-05T10:41:13.000-04:00
Signed-off-by: Cheng Fang &lt;cfang@redhat.com&gt;
diff --git a/pkg/image/credentials_test.go b/pkg/image/credentials_test.go
@@ -1,15 +1,15 @@
 package image
 
 import (
+	"fmt"
 	"os"
 	"path"
+	"strings"
 	"testing"
 
 	"github.com/argoproj-labs/argocd-image-updater/pkg/kube"
-
 	"github.com/argoproj-labs/argocd-image-updater/test/fake"
 	"github.com/argoproj-labs/argocd-image-updater/test/fixture"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -101,6 +101,12 @@ func Test_ParseCredentialAnnotation(t *testing.T) {
 		assert.Equal(t, "DUMMY_SECRET", src.EnvName)
 	})
 
+	t.Run("Parse external script credentials", func(t *testing.T) {
+		src, err := ParseCredentialSource("ext:/tmp/a.sh", false)
+		require.NoError(t, err)
+		assert.Equal(t, CredentialSourceExt, src.Type)
+		assert.Equal(t, "/tmp/a.sh", src.ScriptPath)
+	})
 }
 
 func Test_ParseCredentialReference(t *testing.T) {
@@ -130,6 +136,53 @@ func Test_ParseCredentialReference(t *testing.T) {
 
 }
 
+func Test_FetchCredentialsFromSecret(t *testing.T) {
+	t.Run("Fetch credentials from secret", func(t *testing.T) {
+		secretData := make(map[string][]byte)
+		secretData["username_password"] = []byte(fmt.Sprintf("%s:%s", "foo", "bar"))
+		secret := fixture.NewSecret("test", "test", secretData)
+		clientset := fake.NewFakeClientsetWithResources(secret)
+		credSrc := &CredentialSource{
+			Type:            CredentialSourceSecret,
+			SecretNamespace: "test",
+			SecretName:      "test",
+			SecretField:     "username_password",
+		}
+		creds, err := credSrc.FetchCredentials("NA", &kube.KubernetesClient{Clientset: clientset})
+		require.NoError(t, err)
+		require.NotNil(t, creds)
+		assert.Equal(t, "foo", creds.Username)
+		assert.Equal(t, "bar", creds.Password)
+
+		credSrc.SecretNamespace = "test1" // test with a wrong SecretNamespace
+		creds, err = credSrc.FetchCredentials("NA", &kube.KubernetesClient{Clientset: clientset})
+		require.Error(t, err)
+		require.Nil(t, creds)
+	})
+
+	t.Run("Fetch credentials from secret with invalid config", func(t *testing.T) {
+		secretData := make(map[string][]byte)
+		secretData["username_password"] = []byte(fmt.Sprintf("%s:%s", "foo", "bar"))
+		secret := fixture.NewSecret("test", "test", secretData)
+		clientset := fake.NewFakeClientsetWithResources(secret)
+		credSrc := &CredentialSource{
+			Type:            CredentialSourceSecret,
+			SecretNamespace: "test",
+			SecretName:      "test",
+			SecretField:     "username_password",
+		}
+		creds, err := credSrc.FetchCredentials("NA", nil)
+		require.Error(t, err) // should fail with "could not fetch credentials: no Kubernetes client given"
+		require.Nil(t, creds)
+
+		credSrc.SecretField = "BAD" // test with a wrong SecretField
+		creds, err = credSrc.FetchCredentials("NA", &kube.KubernetesClient{Clientset: clientset})
+		require.Error(t, err)
+		require.Nil(t, creds)
+
+	})
+}
+
 func Test_FetchCredentialsFromPullSecret(t *testing.T) {
 	t.Run("Fetch credentials from pull secret", func(t *testing.T) {
 		dockerJson := fixture.MustReadFile("../../test/testdata/docker/valid-config.json")
@@ -148,6 +201,33 @@ func Test_FetchCredentialsFromPullSecret(t *testing.T) {
 		require.NotNil(t, creds)
 		assert.Equal(t, "foo", creds.Username)
 		assert.Equal(t, "bar", creds.Password)
+
+		credSrc.SecretNamespace = "test1" // test with a wrong SecretNamespace
+		creds, err = credSrc.FetchCredentials("https://registry-1.docker.io", &kube.KubernetesClient{Clientset: clientset})
+		require.Error(t, err)
+		require.Nil(t, creds)
+	})
+
+	t.Run("Fetch credentials from pull secret with invalid config", func(t *testing.T) {
+		dockerJson := fixture.MustReadFile("../../test/testdata/docker/valid-config.json")
+		dockerJson = strings.ReplaceAll(dockerJson, "auths", "BAD-KEY")
+		secretData := make(map[string][]byte)
+		secretData[pullSecretField] = []byte(dockerJson)
+		pullSecret := fixture.NewSecret("test", "test", secretData)
+		clientset := fake.NewFakeClientsetWithResources(pullSecret)
+		credSrc := &CredentialSource{
+			Type:            CredentialSourcePullSecret,
+			Registry:        "https://registry-1.docker.io/v2",
+			SecretNamespace: "test",
+			SecretName:      "test",
+		}
+		creds, err := credSrc.FetchCredentials("https://registry-1.docker.io", &kube.KubernetesClient{Clientset: clientset})
+		require.Error(t, err) // should fail with "no credentials in image pull secret"
+		require.Nil(t, creds)
+
+		creds, err = credSrc.FetchCredentials("https://registry-1.docker.io", nil)
+		require.Error(t, err) // should fail with "could not fetch credentials: no Kubernetes client given"
+		require.Nil(t, creds)
 	})
 
 	t.Run("Fetch credentials from pull secret with protocol stripped", func(t *testing.T) {
@@ -266,6 +346,18 @@ func Test_FetchCredentialsFromExt(t *testing.T) {
 	})
 }
 
+func Test_FetchCredentialsFromUnknown(t *testing.T) {
+	t.Run("Fetch credentials from unknown type", func(t *testing.T) {
+		credSrc := &CredentialSource{
+			Type:     CredentialSourceType(-1),
+			Registry: "https://registry-1.docker.io/v2",
+		}
+		creds, err := credSrc.FetchCredentials("https://registry-1.docker.io", nil)
+		require.Error(t, err) // should fail with "unknown credential type"
+		require.Nil(t, creds)
+	})
+}
+
 func Test_ParseDockerConfig(t *testing.T) {
 	t.Run("Parse valid Docker configuration with matching registry", func(t *testing.T) {
 		config := fixture.MustReadFile("../../test/testdata/docker/valid-config.json")
@@ -283,6 +375,22 @@ func Test_ParseDockerConfig(t *testing.T) {
 		assert.Equal(t, "bar", password)
 	})
 
+	t.Run("Parse valid Docker configuration with matching http registry as prefix", func(t *testing.T) {
+		config := fixture.MustReadFile("../../test/testdata/docker/valid-config-noproto.json")
+		username, password, err := parseDockerConfigJson("http://registry-1.docker.io", config)
+		require.NoError(t, err)
+		assert.Equal(t, "foo", username)
+		assert.Equal(t, "bar", password)
+	})
+
+	t.Run("Parse valid Docker configuration with matching no-protocol registry as prefix", func(t *testing.T) {
+		config := fixture.MustReadFile("../../test/testdata/docker/valid-config-noproto.json")
+		username, password, err := parseDockerConfigJson("registry-1.docker.io", config)
+		require.NoError(t, err)
+		assert.Equal(t, "foo", username)
+		assert.Equal(t, "bar", password)
+	})
+
 	t.Run("Parse valid Docker configuration with matching registry as prefix with / in the end", func(t *testing.T) {
 		config := fixture.MustReadFile("../../test/testdata/docker/valid-config-noproto.json")
 		username, password, err := parseDockerConfigJson("https://registry-1.docker.io/", config)
diff --git a/pkg/image/image_test.go b/pkg/image/image_test.go
@@ -5,9 +5,9 @@ import (
 	"time"
 
 	"github.com/argoproj-labs/argocd-image-updater/pkg/tag"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/exp/slices"
 )
 
 func Test_ParseImageTags(t *testing.T) {
@@ -160,9 +160,65 @@ func Test_ContainerList(t *testing.T) {
 		for _, n := range image_names {
 			images = append(images, NewFromIdentifier(n))
 		}
+		withKustomizeOverride := NewFromIdentifier("k1/k2:k3")
+		withKustomizeOverride.KustomizeImage = images[0]
+		images = append(images, withKustomizeOverride)
+
 		assert.NotNil(t, images.ContainsImage(NewFromIdentifier(image_names[0]), false))
 		assert.NotNil(t, images.ContainsImage(NewFromIdentifier(image_names[1]), false))
 		assert.NotNil(t, images.ContainsImage(NewFromIdentifier(image_names[2]), false))
 		assert.Nil(t, images.ContainsImage(NewFromIdentifier("foo/bar"), false))
+
+		imageMatch := images.ContainsImage(withKustomizeOverride, false)
+		assert.Equal(t, images[0], imageMatch)
 	})
 }
+
+func Test_getImageDigestFromTag(t *testing.T) {
+	tagAndDigest := "test-tag@sha256:abcde"
+	tagName, tagDigest := getImageDigestFromTag(tagAndDigest)
+	assert.Equal(t, "test-tag", tagName)
+	assert.Equal(t, "sha256:abcde", tagDigest)
+
+	tagAndDigest = "test-tag"
+	tagName, tagDigest = getImageDigestFromTag(tagAndDigest)
+	assert.Equal(t, "test-tag", tagName)
+	assert.Empty(t, tagDigest)
+}
+
+func Test_ContainerImageList_String_Originals(t *testing.T) {
+	images := make(ContainerImageList, 0)
+	originals := []string{}
+
+	assert.Equal(t, "", images.String())
+	assert.True(t, slices.Equal(originals, images.Originals()))
+
+	images = append(images, NewFromIdentifier("foo/bar:0.1"))
+	originals = append(originals, "foo/bar:0.1")
+	assert.Equal(t, "foo/bar:0.1", images.String())
+	assert.True(t, slices.Equal(originals, images.Originals()))
+
+	images = append(images, NewFromIdentifier("alias=foo/bar:0.2"))
+	originals = append(originals, "alias=foo/bar:0.2")
+	assert.Equal(t, "foo/bar:0.1,alias=foo/bar:0.2", images.String())
+	assert.True(t, slices.Equal(originals, images.Originals()))
+}
+
+func TestContainerImage_DiffersFrom(t *testing.T) {
+	foo1 := NewFromIdentifier("x/foo:1")
+	foo2 := NewFromIdentifier("x/foo:2")
+	bar1 := NewFromIdentifier("x/bar:1")
+	bar1WithRegistry := NewFromIdentifier("docker.io/x/bar:1")
+
+	assert.False(t, foo1.DiffersFrom(foo1, true))
+	assert.False(t, foo1.DiffersFrom(foo2, false))
+	assert.True(t, foo1.DiffersFrom(foo2, true))
+
+	assert.True(t, foo1.DiffersFrom(bar1, false))
+	assert.True(t, bar1.DiffersFrom(foo1, false))
+	assert.True(t, foo1.DiffersFrom(bar1, true))
+	assert.True(t, bar1.DiffersFrom(foo1, true))
+	assert.True(t, bar1.DiffersFrom(bar1WithRegistry, false))
+
+	assert.False(t, foo1.IsUpdatable("0.1", "^1.0"))
+}
diff --git a/pkg/image/kustomize_test.go b/pkg/image/kustomize_test.go
@@ -0,0 +1,26 @@
+package image
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_KustomizeImages_Find(t *testing.T) {
+	images := KustomizeImages{
+		"a/b:1.0",
+		"a/b@sha256:aabb",
+		"a/b:latest@sha256:aabb",
+		"x/y=busybox",
+		"x/y=foo.bar/a/c:0.23",
+	}
+	for _, image := range images {
+		assert.True(t, images.Find(image) >= 0)
+	}
+	for _, image := range []string{"a/b:2", "x/y=foo.bar"} {
+		assert.True(t, images.Find(KustomizeImage(image)) >= 0)
+	}
+	for _, image := range []string{"a/b", "x", "x/y"} {
+		assert.Equal(t, -1, images.Find(KustomizeImage(image)))
+	}
+}
diff --git a/pkg/image/options_test.go b/pkg/image/options_test.go
@@ -8,7 +8,6 @@ import (
 
 	"github.com/argoproj-labs/argocd-image-updater/pkg/common"
 	"github.com/argoproj-labs/argocd-image-updater/pkg/options"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -64,14 +63,18 @@ func Test_GetHelmOptions(t *testing.T) {
 }
 
 func Test_GetKustomizeOptions(t *testing.T) {
-	t.Run("Get Helm parameter for configured application", func(t *testing.T) {
+	t.Run("Get Kustomize parameter for configured application", func(t *testing.T) {
 		annotations := map[string]string{
 			fmt.Sprintf(common.KustomizeApplicationNameAnnotation, "dummy"): "argoproj/argo-cd",
 		}
 
 		img := NewFromIdentifier("dummy=foo/bar:1.12")
 		paramName := img.GetParameterKustomizeImageName(annotations)
 		assert.Equal(t, "argoproj/argo-cd", paramName)
+
+		img = NewFromIdentifier("dummy2=foo2/bar2:1.12")
+		paramName = img.GetParameterKustomizeImageName(annotations)
+		assert.Equal(t, "", paramName)
 	})
 }
 
@@ -155,6 +158,15 @@ func Test_GetSortOption(t *testing.T) {
 		sortMode := img.GetParameterUpdateStrategy(annotations)
 		assert.Equal(t, StrategyNewestBuild, sortMode)
 	})
+
+	t.Run("Get update strategy option digest from application-wide annotation", func(t *testing.T) {
+		annotations := map[string]string{
+			common.ApplicationWideUpdateStrategyAnnotation: "digest",
+		}
+		img := NewFromIdentifier("dummy=foo/bar:1.12")
+		sortMode := img.GetParameterUpdateStrategy(annotations)
+		assert.Equal(t, StrategyDigest, sortMode)
+	})
 }
 
 func Test_GetMatchOption(t *testing.T) {
@@ -190,6 +202,15 @@ func Test_GetMatchOption(t *testing.T) {
 		assert.Nil(t, matchArgs)
 	})
 
+	t.Run("No match option for configured application", func(t *testing.T) {
+		annotations := map[string]string{}
+		img := NewFromIdentifier("dummy=foo/bar:1.12")
+		matchFunc, matchArgs := img.GetParameterMatch(annotations)
+		require.NotNil(t, matchFunc)
+		require.Equal(t, true, matchFunc("", nil))
+		assert.Equal(t, "", matchArgs)
+	})
+
 	t.Run("Prefer match option from image-specific annotation", func(t *testing.T) {
 		annotations := map[string]string{
 			fmt.Sprintf(common.AllowTagsOptionAnnotation, "dummy"): "regexp:^[0-9]",
@@ -241,6 +262,13 @@ func Test_GetSecretOption(t *testing.T) {
 		require.Nil(t, credSrc)
 	})
 
+	t.Run("Missing pull secret in annotation", func(t *testing.T) {
+		annotations := map[string]string{}
+		img := NewFromIdentifier("dummy=foo/bar:1.12")
+		credSrc := img.GetParameterPullSecret(annotations)
+		require.Nil(t, credSrc)
+	})
+
 	t.Run("Prefer cred source from image-specific annotation", func(t *testing.T) {
 		annotations := map[string]string{
 			fmt.Sprintf(common.PullSecretAnnotation, "dummy"): "pullsecret:image/specific",
@@ -283,6 +311,13 @@ func Test_GetIgnoreTags(t *testing.T) {
 		assert.Equal(t, "tag4", tags[3])
 	})
 
+	t.Run("No tags to ignore from image-specific annotation", func(t *testing.T) {
+		annotations := map[string]string{}
+		img := NewFromIdentifier("dummy=foo/bar:1.12")
+		tags := img.GetParameterIgnoreTags(annotations)
+		require.Nil(t, tags)
+	})
+
 	t.Run("Prefer list of tags to ignore from image-specific annotation", func(t *testing.T) {
 		annotations := map[string]string{
 			fmt.Sprintf(common.IgnoreTagsOptionAnnotation, "dummy"): "tag1, tag2",
@@ -412,3 +447,36 @@ func Test_GetPlatformOptions(t *testing.T) {
 		assert.False(t, opts.WantsPlatform(runtime.GOOS, runtime.GOARCH, variant))
 	})
 }
+
+func Test_ContainerImage_ParseMatchfunc(t *testing.T) {
+	img := NewFromIdentifier("dummy=foo/bar:1.12")
+	matchFunc, pattern := img.ParseMatchfunc("any")
+	assert.True(t, matchFunc("MatchFuncAny any tag name", pattern))
+	assert.Nil(t, pattern)
+
+	matchFunc, pattern = img.ParseMatchfunc("ANY")
+	assert.True(t, matchFunc("MatchFuncAny any tag name", pattern))
+	assert.Nil(t, pattern)
+
+	matchFunc, pattern = img.ParseMatchfunc("other")
+	assert.False(t, matchFunc("MatchFuncNone any tag name", pattern))
+	assert.Nil(t, pattern)
+
+	matchFunc, pattern = img.ParseMatchfunc("not-regexp:a-z")
+	assert.False(t, matchFunc("MatchFuncNone any tag name", pattern))
+	assert.Nil(t, pattern)
+
+	matchFunc, pattern = img.ParseMatchfunc("regexp:[aA-zZ]")
+	assert.True(t, matchFunc("MatchFuncRegexp-tag-name", pattern))
+	compiledRegexp, _ := regexp.Compile("[aA-zZ]")
+	assert.Equal(t, compiledRegexp, pattern)
+
+	matchFunc, pattern = img.ParseMatchfunc("RegExp:[aA-zZ]")
+	assert.True(t, matchFunc("MatchFuncRegexp-tag-name", pattern))
+	compiledRegexp, _ = regexp.Compile("[aA-zZ]")
+	assert.Equal(t, compiledRegexp, pattern)
+
+	matchFunc, pattern = img.ParseMatchfunc("regexp:[aA-zZ") //invalid regexp: missing end ]
+	assert.False(t, matchFunc("MatchFuncNone-tag-name", pattern))
+	assert.Nil(t, pattern)
+}
diff --git a/pkg/image/version_test.go b/pkg/image/version_test.go
