@@ -6,13 +6,15 @@ package cluster
66import (
77 "context"
88 "fmt"
9+ "net/http"
910 "strings"
1011 "testing"
1112
1213 "github.com/sirupsen/logrus"
1314 "github.com/stretchr/testify/assert"
1415 "go.uber.org/mock/gomock"
1516
17+ azruntime "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
1618 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
1719
1820 "github.com/Azure/ARO-RP/pkg/api"
@@ -37,6 +39,11 @@ func TestPlatformWorkloadIdentityIDs(t *testing.T) {
3739 identityBarResourceId := fmt .Sprintf ("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.ManagedIdentity/userAssignedIdentities/%s" , subscriptionId , clusterRG , identityBarName )
3840 identityBarClientId := "0ba40ba4-0ba4-0ba4-0ba4-0ba40ba40ba4"
3941 identityBarObjectId := "1ba41ba4-1ba4-1ba4-1ba4-1ba41ba41ba4"
42+ fooTarget := `.properties.platformWorkloadIdentityProfile.platformWorkloadIdentities["foo"]`
43+ unauthorizedErr := azruntime .NewResponseError (& http.Response {StatusCode : http .StatusUnauthorized })
44+ forbiddenErr := azruntime .NewResponseError (& http.Response {StatusCode : http .StatusForbidden })
45+ notFoundErr := azruntime .NewResponseError (& http.Response {StatusCode : http .StatusNotFound })
46+ tooManyRequestsErr := azruntime .NewResponseError (& http.Response {StatusCode : http .StatusTooManyRequests })
4047
4148 validWIClusterDoc := & api.OpenShiftClusterDocument {
4249 ID : clusterId ,
@@ -121,7 +128,99 @@ func TestPlatformWorkloadIdentityIDs(t *testing.T) {
121128 mock .EXPECT ().Get (gomock .Any (), gomock .Any (), gomock .Any (), gomock .Any ()).AnyTimes ().
122129 Return (armmsi.UserAssignedIdentitiesClientGetResponse {}, fmt .Errorf ("some error occurred" ))
123130 },
124- wantErr : "error occured when retrieving platform workload identity 'foo' details: some error occurred" ,
131+ wantErr : "error occurred when retrieving platform workload identity 'foo' details: some error occurred" ,
132+ },
133+ {
134+ name : "error - unauthorized identity lookup becomes invalid platform workload identity" ,
135+ doc : & api.OpenShiftClusterDocument {
136+ ID : clusterId ,
137+ Key : clusterId ,
138+ OpenShiftCluster : & api.OpenShiftCluster {
139+ Properties : api.OpenShiftClusterProperties {
140+ PlatformWorkloadIdentityProfile : & api.PlatformWorkloadIdentityProfile {
141+ PlatformWorkloadIdentities : map [string ]api.PlatformWorkloadIdentity {
142+ identityFooName : {
143+ ResourceID : identityFooResourceId ,
144+ },
145+ },
146+ },
147+ },
148+ },
149+ },
150+ userAssignedIdentitiesClientMocks : func (mock * mock_armmsi.MockUserAssignedIdentitiesClient ) {
151+ mock .EXPECT ().Get (gomock .Any (), gomock .Any (), gomock .Any (), gomock .Any ()).AnyTimes ().
152+ Return (armmsi.UserAssignedIdentitiesClientGetResponse {}, unauthorizedErr )
153+ },
154+ wantErr : api .NewCloudError (http .StatusBadRequest , api .CloudErrorCodeInvalidPlatformWorkloadIdentity , fooTarget , unauthorizedErr .Error ()).Error (),
155+ },
156+ {
157+ name : "error - forbidden identity lookup becomes invalid platform workload identity" ,
158+ doc : & api.OpenShiftClusterDocument {
159+ ID : clusterId ,
160+ Key : clusterId ,
161+ OpenShiftCluster : & api.OpenShiftCluster {
162+ Properties : api.OpenShiftClusterProperties {
163+ PlatformWorkloadIdentityProfile : & api.PlatformWorkloadIdentityProfile {
164+ PlatformWorkloadIdentities : map [string ]api.PlatformWorkloadIdentity {
165+ identityFooName : {
166+ ResourceID : identityFooResourceId ,
167+ },
168+ },
169+ },
170+ },
171+ },
172+ },
173+ userAssignedIdentitiesClientMocks : func (mock * mock_armmsi.MockUserAssignedIdentitiesClient ) {
174+ mock .EXPECT ().Get (gomock .Any (), gomock .Any (), gomock .Any (), gomock .Any ()).AnyTimes ().
175+ Return (armmsi.UserAssignedIdentitiesClientGetResponse {}, forbiddenErr )
176+ },
177+ wantErr : api .NewCloudError (http .StatusBadRequest , api .CloudErrorCodeInvalidPlatformWorkloadIdentity , fooTarget , forbiddenErr .Error ()).Error (),
178+ },
179+ {
180+ name : "error - not found identity lookup becomes invalid platform workload identity" ,
181+ doc : & api.OpenShiftClusterDocument {
182+ ID : clusterId ,
183+ Key : clusterId ,
184+ OpenShiftCluster : & api.OpenShiftCluster {
185+ Properties : api.OpenShiftClusterProperties {
186+ PlatformWorkloadIdentityProfile : & api.PlatformWorkloadIdentityProfile {
187+ PlatformWorkloadIdentities : map [string ]api.PlatformWorkloadIdentity {
188+ identityFooName : {
189+ ResourceID : identityFooResourceId ,
190+ },
191+ },
192+ },
193+ },
194+ },
195+ },
196+ userAssignedIdentitiesClientMocks : func (mock * mock_armmsi.MockUserAssignedIdentitiesClient ) {
197+ mock .EXPECT ().Get (gomock .Any (), gomock .Any (), gomock .Any (), gomock .Any ()).AnyTimes ().
198+ Return (armmsi.UserAssignedIdentitiesClientGetResponse {}, notFoundErr )
199+ },
200+ wantErr : api .NewCloudError (http .StatusBadRequest , api .CloudErrorCodeInvalidPlatformWorkloadIdentity , fooTarget , notFoundErr .Error ()).Error (),
201+ },
202+ {
203+ name : "error - too many requests identity lookup becomes invalid platform workload identity" ,
204+ doc : & api.OpenShiftClusterDocument {
205+ ID : clusterId ,
206+ Key : clusterId ,
207+ OpenShiftCluster : & api.OpenShiftCluster {
208+ Properties : api.OpenShiftClusterProperties {
209+ PlatformWorkloadIdentityProfile : & api.PlatformWorkloadIdentityProfile {
210+ PlatformWorkloadIdentities : map [string ]api.PlatformWorkloadIdentity {
211+ identityFooName : {
212+ ResourceID : identityFooResourceId ,
213+ },
214+ },
215+ },
216+ },
217+ },
218+ },
219+ userAssignedIdentitiesClientMocks : func (mock * mock_armmsi.MockUserAssignedIdentitiesClient ) {
220+ mock .EXPECT ().Get (gomock .Any (), gomock .Any (), gomock .Any (), gomock .Any ()).AnyTimes ().
221+ Return (armmsi.UserAssignedIdentitiesClientGetResponse {}, tooManyRequestsErr )
222+ },
223+ wantErr : api .NewCloudError (http .StatusBadRequest , api .CloudErrorCodeInvalidPlatformWorkloadIdentity , fooTarget , tooManyRequestsErr .Error ()).Error (),
125224 },
126225 {
127226 name : "success - all clientIDs and objectIDs updated in clusterdoc" ,
0 commit comments