add unit tests

Author: hsong-rh

src/aap_eda/api/views/event_stream.py

@@ -31,7 +31,7 @@
 from aap_eda.api import exceptions as api_exc, filters, serializers
 from aap_eda.core import models
 from aap_eda.core.enums import EventStreamAuthType, ResourceType
-from aap_eda.core.exceptions import GatewayAPIError, MissingCredentials
+from aap_eda.core.exceptions import GatewayAPIError, MissingCredentialsError
 from aap_eda.core.utils import logging_utils
 from aap_eda.services.sync_certs import SyncCertificates
 
@@ -327,5 +327,5 @@ def _sync_certificates(
                     obj.delete(event_stream.id)
                 else:
                     obj.update()
-            except (GatewayAPIError, MissingCredentials) as ex:
-                logger.error("Could not %s certificates %s", action, str(ex))
+            except (GatewayAPIError, MissingCredentialsError) as ex:
+                logger.error("Could not %s certificates: %s", action, str(ex))

src/aap_eda/core/exceptions.py

@@ -53,5 +53,5 @@ class GatewayAPIError(Exception):
     pass
 
 
-class MissingCredentials(Exception):
+class MissingCredentialsError(Exception):
     pass

src/aap_eda/services/signals.py

@@ -0,0 +1,34 @@
+"""Signal handlers for EDA services."""
+from django.db.models.signals import post_save
+from django.dispatch import receiver
+
+from aap_eda.core import enums, models
+from aap_eda.core.exceptions import GatewayAPIError, MissingCredentialsError
+from aap_eda.services.sync_certs import SyncCertificates
+
+
+@receiver(post_save, sender=models.EdaCredential)
+def gw_handler(
+    sender: type[models.EdaCredential],
+    instance: models.EdaCredential,
+    **kwargs,
+) -> None:
+    """Handle updates to EdaCredential object and force a certificate sync."""
+    if (
+        instance.credential_type is not None
+        and instance.credential_type.name
+        == enums.EventStreamCredentialType.MTLS
+        and hasattr(instance, "_request")
+    ):
+        try:
+            objects = models.EventStream.objects.filter(
+                eda_credential_id=instance.id
+            )
+            if len(objects) > 0:
+                SyncCertificates(instance.id).update()
+        except (GatewayAPIError, MissingCredentialsError) as ex:
+            from aap_eda.services import sync_certs
+
+            sync_certs.LOGGER.error(
+                "Couldn't trigger gateway certificate updates %s", str(ex)
+            )

src/aap_eda/services/sync_certs.py

@@ -21,12 +21,10 @@
 import yaml
 from ansible_base.resource_registry import resource_server
 from django.conf import settings
-from django.db.models.signals import post_save
-from django.dispatch import receiver
 from rest_framework import status
 
-from aap_eda.core import enums, models
-from aap_eda.core.exceptions import GatewayAPIError, MissingCredentials
+from aap_eda.core import models
+from aap_eda.core.exceptions import GatewayAPIError, MissingCredentialsError
 
 LOGGER = logging.getLogger(__name__)
 SLUG = "api/gateway/v1/ca_certificates/"
@@ -48,7 +46,7 @@ def __init__(self, eda_credential_id: int):
             id=self.eda_credential_id
         )
 
-    def update(self):
+    def update(self) -> None:
         """Handle creating and updating the certificate in Gateway."""
         inputs = yaml.safe_load(self.eda_credential.inputs.get_secret_value())
         existing_object = self._fetch_from_gateway()
@@ -98,16 +96,22 @@ def update(self):
                 status.HTTP_200_OK,
                 status.HTTP_201_CREATED,
             ]:
-                LOGGER.debug("Certificate updated")
+                LOGGER.debug("Certificate updated successfully")
             elif response.status_code == status.HTTP_400_BAD_REQUEST:
                 LOGGER.error("Update failed")
             else:
-                LOGGER.error("Couldn't update certificate")
+                LOGGER.error(
+                    "Couldn't update certificate. "
+                    "Status code: %s, Response: %s",
+                    response.status_code,
+                    response.text,
+                )
+                raise GatewayAPIError
 
         else:
             LOGGER.debug("No changes detected")
 
-    def delete(self, event_stream_id: Optional[int]):
+    def delete(self, event_stream_id: Optional[int] = None) -> None:
         """Delete the Certificate from Gateway."""
         existing_object = self._fetch_from_gateway()
         if not existing_object:
@@ -121,7 +125,7 @@ def delete(self, event_stream_id: Optional[int]):
         elif len(objects) == 1 and event_stream_id == objects[0].id:
             self._delete_from_gateway(existing_object)
 
-    def _delete_from_gateway(self, existing_object: dict):
+    def _delete_from_gateway(self, existing_object: dict) -> None:
         slug = f"{SLUG}/{existing_object['id']}/"
         url = urljoin(self.gateway_url, slug)
         headers = self._prep_headers()
@@ -132,14 +136,19 @@ def _delete_from_gateway(self, existing_object: dict):
             timeout=DEFAULT_TIMEOUT,
         )
         if response.status_code == status.HTTP_200_OK:
-            LOGGER.debug("Certificate object deleted")
-        if response.status_code == status.HTTP_404_NOT_FOUND:
+            LOGGER.debug("Certificate object deleted successfully")
+        elif response.status_code == status.HTTP_404_NOT_FOUND:
             LOGGER.warning("Certificate object missing during delete")
         else:
-            LOGGER.error("Couldn't delete certificate object in gateway")
+            LOGGER.error(
+                "Couldn't delete certificate object. "
+                "Status code: %s, Response: %s",
+                response.status_code,
+                response.text,
+            )
             raise GatewayAPIError
 
-    def _fetch_from_gateway(self):
+    def _fetch_from_gateway(self) -> dict:
         slug = f"{SLUG}/?remote_id={self._get_remote_id()}"
         url = urljoin(self.gateway_url, slug)
         headers = self._prep_headers()
@@ -161,37 +170,20 @@ def _fetch_from_gateway(self):
             LOGGER.debug("Certificate object does not exist in gateway")
             return {}
 
-        LOGGER.error("Error fetching certificate object")
+        LOGGER.error(
+            "Error fetching certificate object. Status code: %s, Response: %s",
+            response.status_code,
+            response.text,
+        )
         raise GatewayAPIError
 
     def _get_remote_id(self) -> str:
         return f"eda_{self.eda_credential_id}"
 
-    def _prep_headers(self) -> dict:
+    def _prep_headers(self) -> dict[str, str]:
         token = resource_server.get_service_token()
         if token:
             return {SERVICE_TOKEN_HEADER: token}
 
         LOGGER.error("Cannot connect to gateway service token")
-        raise MissingCredentials
-
-
-@receiver(post_save, sender=models.EdaCredential)
-def gw_handler(sender, instance, **kwargs):
-    """Handle updates to EdaCredential object and force a certificate sync."""
-    if (
-        instance.credential_type is not None
-        and instance.credential_type.name
-        == enums.EventStreamCredentialType.MTLS
-        and hasattr(instance, "_request")
-    ):
-        try:
-            objects = models.EventStream.objects.filter(
-                eda_credential_id=instance.id
-            )
-            if len(objects) > 0:
-                SyncCertificates(instance.id).update()
-        except (GatewayAPIError, MissingCredentials) as ex:
-            LOGGER.error(
-                "Couldn't trigger gateway certificate updates %s", str(ex)
-            )
+        raise MissingCredentialsError

tests/unit/services/test_sync_certs.py

@@ -0,0 +1,136 @@
+from unittest.mock import MagicMock, patch
+
+import pytest
+from django.conf import settings
+from rest_framework import status
+
+from aap_eda.core import models
+from aap_eda.core.exceptions import GatewayAPIError, MissingCredentialsError
+from aap_eda.services.sync_certs import SyncCertificates
+
+
+@pytest.fixture
+def mock_eda_credential():
+    credential = MagicMock(spec=models.EdaCredential)
+    credential.id = 1
+    credential.name = "test-credential"
+    credential.inputs.get_secret_value.return_value = "certificate: test-cert"
+    return credential
+
+
+@pytest.fixture
+def sync_certs(mock_eda_credential):
+    with patch("aap_eda.core.models.EdaCredential.objects.get") as mock_get:
+        mock_get.return_value = mock_eda_credential
+        return SyncCertificates(eda_credential_id=1)
+
+
+def test_init(sync_certs, mock_eda_credential):
+    assert sync_certs.eda_credential_id == 1
+    assert sync_certs.eda_credential == mock_eda_credential
+    assert sync_certs.gateway_url == settings.RESOURCE_SERVER["URL"]
+
+
+@patch("aap_eda.services.sync_certs.requests.patch")
+@patch("aap_eda.services.sync_certs.SyncCertificates._fetch_from_gateway")
+@patch("aap_eda.services.sync_certs.SyncCertificates._prep_headers")
+def test_update_existing_cert(
+    mock_prep_headers, mock_fetch, mock_patch, sync_certs
+):
+    mock_fetch.return_value = {"id": 1, "sha256": "old-hash"}
+    mock_prep_headers.return_value = {"X-ANSIBLE-SERVICE-AUTH": "token"}
+    mock_response = MagicMock()
+    mock_response.status_code = status.HTTP_200_OK
+    mock_patch.return_value = mock_response
+
+    sync_certs.update()
+    mock_patch.assert_called_once()
+
+
+@patch("aap_eda.services.sync_certs.requests.post")
+@patch("aap_eda.services.sync_certs.SyncCertificates._fetch_from_gateway")
+@patch("aap_eda.services.sync_certs.SyncCertificates._prep_headers")
+def test_update_new_cert(mock_prep_headers, mock_fetch, mock_post, sync_certs):
+    mock_fetch.return_value = {}
+    mock_prep_headers.return_value = {"X-ANSIBLE-SERVICE-AUTH": "token"}
+    mock_response = MagicMock()
+    mock_response.status_code = status.HTTP_201_CREATED
+    mock_post.return_value = mock_response
+
+    sync_certs.update()
+    mock_post.assert_called_once()
+
+
+@patch("aap_eda.services.sync_certs.requests.delete")
+@patch("aap_eda.services.sync_certs.SyncCertificates._fetch_from_gateway")
+@patch("aap_eda.services.sync_certs.SyncCertificates._prep_headers")
+@patch("aap_eda.core.models.EdaCredential.objects.get")
+@patch("aap_eda.core.models.EventStream.objects.filter")
+def test_delete(
+    mock_filter,
+    mock_get,
+    mock_prep_headers,
+    mock_fetch,
+    mock_delete,
+    sync_certs,
+    mock_eda_credential,
+):
+    mock_get.return_value = mock_eda_credential
+    mock_fetch.return_value = {"id": 1}
+    mock_prep_headers.return_value = {"X-ANSIBLE-SERVICE-AUTH": "token"}
+    mock_response = MagicMock()
+    mock_response.status_code = status.HTTP_200_OK
+    mock_delete.return_value = mock_response
+    mock_filter.return_value = MagicMock()
+    mock_filter.return_value.__len__.return_value = 0
+
+    sync_certs.delete()
+    mock_delete.assert_called_once()
+
+
+@patch("aap_eda.services.sync_certs.requests.get")
+@patch("aap_eda.services.sync_certs.SyncCertificates._prep_headers")
+def test_fetch_from_gateway(mock_prep_headers, mock_get, sync_certs):
+    mock_prep_headers.return_value = {"X-ANSIBLE-SERVICE-AUTH": "token"}
+    mock_response = MagicMock()
+    mock_response.status_code = status.HTTP_200_OK
+    mock_response.json.return_value = {"count": 1, "results": [{"id": 1}]}
+    mock_get.return_value = mock_response
+
+    result = sync_certs._fetch_from_gateway()
+    assert result == {"id": 1}
+
+
+def test_get_remote_id(sync_certs):
+    assert sync_certs._get_remote_id() == "eda_1"
+
+
+@patch("aap_eda.services.sync_certs.resource_server.get_service_token")
+def test_prep_headers(mock_get_token, sync_certs):
+    mock_get_token.return_value = "test-token"
+    headers = sync_certs._prep_headers()
+    assert headers == {"X-ANSIBLE-SERVICE-AUTH": "test-token"}
+
+
+@patch("aap_eda.services.sync_certs.resource_server.get_service_token")
+def test_prep_headers_missing_credentials(mock_get_token, sync_certs):
+    mock_get_token.return_value = None
+    with pytest.raises(MissingCredentialsError):
+        sync_certs._prep_headers()
+
+
+@patch("aap_eda.services.sync_certs.requests.patch")
+@patch("aap_eda.services.sync_certs.SyncCertificates._fetch_from_gateway")
+@patch("aap_eda.services.sync_certs.SyncCertificates._prep_headers")
+def test_update_error_handling(
+    mock_prep_headers, mock_fetch, mock_patch, sync_certs
+):
+    mock_fetch.return_value = {"id": 1, "sha256": "old-hash"}
+    mock_prep_headers.return_value = {"X-ANSIBLE-SERVICE-AUTH": "token"}
+    mock_response = MagicMock()
+    mock_response.status_code = status.HTTP_500_INTERNAL_SERVER_ERROR
+    mock_response.text = "Server error"
+    mock_patch.return_value = mock_response
+
+    with pytest.raises(GatewayAPIError):
+        sync_certs.update()