rewrite tests for related resources to be table driven

On-behalf-of: @SAP [email protected]

Author: xrstf

test/crds/backup.go

@@ -0,0 +1,33 @@
+/*
+Copyright 2025 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package crds
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type Backup struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec BackupSpec `json:"spec"`
+}
+
+type BackupSpec struct {
+	Source      string `json:"source"`
+	Destination string `json:"destination"`
+}

test/crds/crontab.go

@@ -0,0 +1,34 @@
+/*
+Copyright 2025 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package crds
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type Crontab struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec CrontabSpec `json:"spec"`
+}
+
+type CrontabSpec struct {
+	CronSpec string `json:"cronSpec"`
+	Image    string `json:"image"`
+	Replicas int    `json:"replicas"`
+}

test/e2e/sync/related_test.go

@@ -31,53 +31,60 @@ import (
 
 	"github.com/kcp-dev/api-syncagent/internal/test/diff"
 	syncagentv1alpha1 "github.com/kcp-dev/api-syncagent/sdk/apis/syncagent/v1alpha1"
+	"github.com/kcp-dev/api-syncagent/test/crds"
 	"github.com/kcp-dev/api-syncagent/test/utils"
 
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
 	ctrlruntime "sigs.k8s.io/controller-runtime"
+	ctrlruntimeclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/kontext"
 )
 
-func TestSyncSecretBackToKcp(t *testing.T) {
-	const (
-		apiExportName = "kcp.example.com"
-		orgWorkspace  = "sync-related-secret-to-kcp"
-	)
+func TestSyncRelatedObjects(t *testing.T) {
+	const apiExportName = "kcp.example.com"
 
-	ctx := context.Background()
 	ctrlruntime.SetLogger(logr.Discard())
 
-	// setup a test environment in kcp
-	orgKubconfig := utils.CreateOrganization(t, ctx, orgWorkspace, apiExportName)
+	testcases := []struct {
+		// the name of this testcase
+		name string
+		//the org workspace everything should happen in
+		workspace logicalcluster.Name
+		// the configuration for the related resource
+		relatedConfig syncagentv1alpha1.RelatedResourceSpec
+		// the primary object created by the user in kcp
+		mainResource crds.Crontab
+		// the original related object (will automatically be created on either the
+		// kcp or service side, depending on the relatedConfig above)
+		sourceRelatedObject corev1.Secret
 
-	// start a service cluster
-	envtestKubeconfig, envtestClient, _ := utils.RunEnvtest(t, []string{
-		"test/crds/crontab.yaml",
-	})
-
-	// publish Crontabs and Backups
-	t.Logf("Publishing CRDs…")
-	prCrontabs := &syncagentv1alpha1.PublishedResource{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "publish-crontabs",
-		},
-		Spec: syncagentv1alpha1.PublishedResourceSpec{
-			Resource: syncagentv1alpha1.SourceResourceDescriptor{
-				APIGroup: "example.com",
-				Version:  "v1",
-				Kind:     "CronTab",
-			},
-			// These rules make finding the local object easier, but should not be used in production.
-			Naming: &syncagentv1alpha1.ResourceNaming{
-				Name:      "$remoteName",
-				Namespace: "synced-$remoteNamespace",
+		// expectation: this is how the copy of the related object should look
+		// like after the sync has completed
+		expectedSyncedRelatedObject corev1.Secret
+		// expectation: how the original primary object should have been updated
+		// (not the primary object's copy, but the source)
+		//
+		// not yet implemented
+		// expectedUpdatedMainObject crds.Crontab
+	}{
+		{
+			name:      "sync referenced Secret up from service cluster to kcp",
+			workspace: "sync-referenced-secret-up",
+			mainResource: crds.Crontab{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "my-crontab",
+					Namespace: "default",
+				},
+				Spec: crds.CrontabSpec{
+					CronSpec: "* * *",
+					Image:    "ubuntu:latest",
+				},
 			},
-			Related: []syncagentv1alpha1.RelatedResourceSpec{{
+			relatedConfig: syncagentv1alpha1.RelatedResourceSpec{
 				Identifier: "credentials",
 				Origin:     "service",
 				Kind:       "Secret",
@@ -101,106 +108,152 @@ func TestSyncSecretBackToKcp(t *testing.T) {
 						},
 					},
 				},
-			}},
+			},
+			sourceRelatedObject: corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "my-credentials",
+					Namespace: "synced-default",
+				},
+				Data: map[string][]byte{
+					"password": []byte("hunter2"),
+				},
+				Type: corev1.SecretTypeOpaque,
+			},
+
+			expectedSyncedRelatedObject: corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "my-credentials",
+					Namespace: "default",
+				},
+				Data: map[string][]byte{
+					"password": []byte("hunter2"),
+				},
+				Type: corev1.SecretTypeOpaque,
+			},
 		},
 	}
 
-	if err := envtestClient.Create(ctx, prCrontabs); err != nil {
-		t.Fatalf("Failed to create PublishedResource: %v", err)
-	}
+	for _, testcase := range testcases {
+		t.Run(testcase.name, func(t *testing.T) {
+			ctx := context.Background()
 
-	// start the agent in the background to update the APIExport with the CronTabs API
-	utils.RunAgent(ctx, t, "bob", orgKubconfig, envtestKubeconfig, apiExportName)
-
-	// wait until the API is available
-	teamCtx := kontext.WithCluster(ctx, logicalcluster.Name(fmt.Sprintf("root:%s:team-1", orgWorkspace)))
-	kcpClient := utils.GetKcpAdminClusterClient(t)
-	utils.WaitForBoundAPI(t, teamCtx, kcpClient, schema.GroupVersionResource{
-		Group:    apiExportName,
-		Version:  "v1",
-		Resource: "crontabs",
-	})
-
-	// create a Crontab object in a team workspace
-	t.Log("Creating CronTab in kcp…")
-	crontab := yamlToUnstructured(t, `
-apiVersion: kcp.example.com/v1
-kind: CronTab
-metadata:
-  namespace: default
-  name: my-crontab
-spec:
-  cronSpec: '* * *'
-  image: ubuntu:latest
-`)
-
-	if err := kcpClient.Create(teamCtx, crontab); err != nil {
-		t.Fatalf("Failed to create CronTab in kcp: %v", err)
-	}
+			// setup a test environment in kcp
+			orgKubconfig := utils.CreateOrganization(t, ctx, testcase.workspace, apiExportName)
 
-	// fake operator: create a credential Secret
-	t.Log("Creating credential Secret in service cluster…")
-	namespace := &corev1.Namespace{}
-	namespace.Name = "synced-default"
+			// start a service cluster
+			envtestKubeconfig, envtestClient, _ := utils.RunEnvtest(t, []string{
+				"test/crds/crontab.yaml",
+			})
 
-	if err := envtestClient.Create(ctx, namespace); err != nil {
-		t.Fatalf("Failed to create namespace in kcp: %v", err)
-	}
+			// publish Crontabs and Backups
+			t.Logf("Publishing CRDs…")
+			prCrontabs := &syncagentv1alpha1.PublishedResource{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "publish-crontabs",
+				},
+				Spec: syncagentv1alpha1.PublishedResourceSpec{
+					Resource: syncagentv1alpha1.SourceResourceDescriptor{
+						APIGroup: "example.com",
+						Version:  "v1",
+						Kind:     "CronTab",
+					},
+					// These rules make finding the local object easier, but should not be used in production.
+					Naming: &syncagentv1alpha1.ResourceNaming{
+						Name:      "$remoteName",
+						Namespace: "synced-$remoteNamespace",
+					},
+					Related: []syncagentv1alpha1.RelatedResourceSpec{testcase.relatedConfig},
+				},
+			}
 
-	credentials := &corev1.Secret{}
-	credentials.Name = "my-credentials"
-	credentials.Namespace = namespace.Name
-	credentials.Labels = map[string]string{
-		"hello": "world",
-	}
-	credentials.Data = map[string][]byte{
-		"password": []byte("hunter2"),
-	}
+			if err := envtestClient.Create(ctx, prCrontabs); err != nil {
+				t.Fatalf("Failed to create PublishedResource: %v", err)
+			}
 
-	if err := envtestClient.Create(ctx, credentials); err != nil {
-		t.Fatalf("Failed to create Secret in service cluster: %v", err)
-	}
+			// start the agent in the background to update the APIExport with the CronTabs API
+			utils.RunAgent(ctx, t, "bob", orgKubconfig, envtestKubeconfig, apiExportName)
 
-	// wait for the agent to sync the object down into the service cluster and
-	// the Secret back up to kcp
-	t.Logf("Wait for CronTab/Secret to be synced…")
-	copy := &unstructured.Unstructured{}
-	copy.SetAPIVersion("example.com/v1")
-	copy.SetKind("CronTab")
-
-	err := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, 30*time.Second, false, func(ctx context.Context) (done bool, err error) {
-		copyKey := types.NamespacedName{Namespace: "synced-default", Name: "my-crontab"}
-		return envtestClient.Get(ctx, copyKey, copy) == nil, nil
-	})
-	if err != nil {
-		t.Fatalf("Failed to wait for CronTab to be synced down: %v", err)
-	}
+			// wait until the API is available
+			teamCtx := kontext.WithCluster(ctx, logicalcluster.Name(fmt.Sprintf("root:%s:team-1", testcase.workspace)))
+			kcpClient := utils.GetKcpAdminClusterClient(t)
+			utils.WaitForBoundAPI(t, teamCtx, kcpClient, schema.GroupVersionResource{
+				Group:    apiExportName,
+				Version:  "v1",
+				Resource: "crontabs",
+			})
 
-	copySecret := &corev1.Secret{}
+			// create a Crontab object in a team workspace
+			t.Log("Creating CronTab in kcp…")
 
-	err = wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, 30*time.Second, false, func(ctx context.Context) (done bool, err error) {
-		copyKey := types.NamespacedName{Namespace: "default", Name: "my-credentials"}
-		return kcpClient.Get(teamCtx, copyKey, copySecret) == nil, nil
-	})
-	if err != nil {
-		t.Fatalf("Failed to wait for Secret to be synced up: %v", err)
-	}
+			crontab := utils.ToUnstructured(t, &testcase.mainResource)
+			crontab.SetAPIVersion("kcp.example.com/v1")
+			crontab.SetKind("CronTab")
 
-	// ensure the secret in kcp does not have any sync-related metadata
-	maps.DeleteFunc(copySecret.Labels, func(k, v string) bool {
-		return strings.HasPrefix(k, "claimed.internal.apis.kcp.io/")
-	})
+			if err := kcpClient.Create(teamCtx, crontab); err != nil {
+				t.Fatalf("Failed to create CronTab in kcp: %v", err)
+			}
 
-	if changes := diff.ObjectDiff(credentials.Labels, copySecret.Labels); changes != "" {
-		t.Errorf("Secret in kcp has unexpected labels:\n%s", changes)
-	}
+			// fake operator: create a credential Secret
+			t.Logf("Creating credential Secret on the %s side…", testcase.relatedConfig.Origin)
+
+			originClient := envtestClient
+			originContext := ctx
+			destClient := kcpClient
+			destContext := teamCtx
 
-	delete(copySecret.Annotations, "kcp.io/cluster")
-	if len(copySecret.Annotations) == 0 {
-		copySecret.Annotations = nil
+			if testcase.relatedConfig.Origin == "kcp" {
+				originClient, destClient = destClient, originClient
+				originContext, destContext = destContext, originContext
+			}
+
+			ensureNamespace(t, originContext, originClient, testcase.sourceRelatedObject.Namespace)
+
+			if err := originClient.Create(originContext, &testcase.sourceRelatedObject); err != nil {
+				t.Fatalf("Failed to create Secret: %v", err)
+			}
+
+			// wait for the agent to do its magic
+			t.Log("Wait for Secret to be synced…")
+			copySecret := &corev1.Secret{}
+			err := wait.PollUntilContextTimeout(destContext, 500*time.Millisecond, 30*time.Second, false, func(ctx context.Context) (done bool, err error) {
+				copyKey := ctrlruntimeclient.ObjectKeyFromObject(&testcase.expectedSyncedRelatedObject)
+				return destClient.Get(ctx, copyKey, copySecret) == nil, nil
+			})
+			if err != nil {
+				t.Fatalf("Failed to wait for Secret to be synced: %v", err)
+			}
+
+			// ensure the secret in kcp does not have any sync-related metadata
+			maps.DeleteFunc(copySecret.Labels, func(k, v string) bool {
+				return strings.HasPrefix(k, "claimed.internal.apis.kcp.io/")
+			})
+
+			delete(copySecret.Annotations, "kcp.io/cluster")
+			if len(copySecret.Annotations) == 0 {
+				copySecret.Annotations = nil
+			}
+
+			orig := testcase.expectedSyncedRelatedObject
+			copySecret.CreationTimestamp = orig.CreationTimestamp
+			copySecret.Generation = orig.Generation
+			copySecret.ResourceVersion = orig.ResourceVersion
+			copySecret.ManagedFields = orig.ManagedFields
+			copySecret.UID = orig.UID
+
+			if changes := diff.ObjectDiff(orig, copySecret); changes != "" {
+				t.Errorf("Synced secret does not match expected Secret:\n%s", changes)
+			}
+		})
 	}
+}
+
+func ensureNamespace(t *testing.T, ctx context.Context, client ctrlruntimeclient.Client, name string) {
+	namespace := &corev1.Namespace{}
+	namespace.Name = name
 
-	if changes := diff.ObjectDiff(credentials.Annotations, copySecret.Annotations); changes != "" {
-		t.Errorf("Secret in kcp has unexpected annotations:\n%s", changes)
+	if err := client.Create(ctx, namespace); err != nil {
+		if !apierrors.IsAlreadyExists(err) {
+			t.Fatalf("Failed to create namespace %s in kcp: %v", name, err)
+		}
 	}
 }