TestHandleK8sDelete tests the behavior of the allocator of handling OnDelete events when master key protection is enabled vs disabled.
(t *testing.T)
| 466 | // TestHandleK8sDelete tests the behavior of the allocator of handling OnDelete events |
| 467 | // when master key protection is enabled vs disabled. |
| 468 | func TestHandleK8sDelete(t *testing.T) { |
| 469 | |
| 470 | masterKeyRecreateMaxInterval = time.Millisecond |
| 471 | backend := newDummyBackend() |
| 472 | |
| 473 | alloc, err := NewAllocator(hivetest.Logger(t), TestAllocatorKey(""), backend) |
| 474 | alloc.idPool = idpool.NewIDPool(1234, 1234) |
| 475 | alloc.enableMasterKeyProtection = true |
| 476 | require.NoError(t, err) |
| 477 | |
| 478 | _, newlyAllocated, first, err := alloc.Allocate(context.Background(), TestAllocatorKey("foo")) |
| 479 | require.NoError(t, err) |
| 480 | require.True(t, first) |
| 481 | require.True(t, newlyAllocated) |
| 482 | |
| 483 | var counter atomic.Uint32 |
| 484 | backend.setUpdateMasterKeyMutator(func(ctx context.Context, id idpool.ID, key AllocatorKey) error { |
| 485 | counter.Add(1) |
| 486 | if counter.Load() <= 2 { |
| 487 | return fmt.Errorf("updateKey failed: %d", counter.Load()) |
| 488 | } |
| 489 | return nil |
| 490 | }) |
| 491 | |
| 492 | assertBackendContains := func(t assert.TestingT, id int, key string) { |
| 493 | k, err := backend.GetByID(context.TODO(), idpool.ID(id)) |
| 494 | assert.NoError(t, err) |
| 495 | assert.Equal(t, key, k.GetKey()) |
| 496 | } |
| 497 | |
| 498 | // 1. Simulate a delete event, where master key protection is enabled |
| 499 | // and the identity is owned locally. |
| 500 | assertBackendContains(t, 1234, "foo") |
| 501 | |
| 502 | alloc.mainCache.OnDelete(1234, TestAllocatorKey("foo")) |
| 503 | // Check that the identity was retried multiple times by master key protection. |
| 504 | assert.EventuallyWithT(t, func(c *assert.CollectT) { |
| 505 | assert.Equal(c, uint32(3), counter.Load()) |
| 506 | }, time.Second, time.Millisecond) |
| 507 | |
| 508 | assert.Contains(t, alloc.mainCache.nextCache, idpool.ID(1234)) |
| 509 | assert.Contains(t, alloc.mainCache.nextKeyCache, "foo") |
| 510 | |
| 511 | // 2. Simulate a delete event, where master key protection is disabled. |
| 512 | alloc.enableMasterKeyProtection = false |
| 513 | alloc.mainCache.OnDelete(1234, TestAllocatorKey("foo")) |
| 514 | assert.NotContains(t, alloc.mainCache.nextCache, idpool.ID(1234)) |
| 515 | assert.NotContains(t, alloc.mainCache.nextKeyCache, "foo") |
| 516 | |
| 517 | // 3. Simulate delete event where master key protection is enabled |
| 518 | // but the identity is not owned locally. |
| 519 | alloc.enableMasterKeyProtection = true |
| 520 | alloc.mainCache.OnUpsert(4321, TestAllocatorKey("bar")) |
| 521 | assert.Contains(t, alloc.mainCache.nextCache, idpool.ID(4321)) |
| 522 | assert.Contains(t, alloc.mainCache.nextKeyCache, "bar") |
| 523 | alloc.mainCache.OnDelete(idpool.ID(4321), TestAllocatorKey("bar")) |
| 524 | assert.NotContains(t, alloc.mainCache.nextCache, idpool.ID(4321)) |
| 525 | assert.NotContains(t, alloc.mainCache.nextKeyCache, "bar") |
nothing calls this directly
no test coverage detected
searching dependent graphs…