Add remaining cert-manager tests

pdabelf5 · pdabelf5 · commit c125aa6edf8e · 2026-01-13T16:52:58.000Z
diff --git a/internal/certmanager/cm_controller_test.go b/internal/certmanager/cm_controller_test.go
@@ -22,6 +22,7 @@ import (
 	"testing"
 	"time"
 
+	cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	cmclient "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned"
 	controllerpkg "github.com/cert-manager/cert-manager/pkg/controller"
 	testpkg "github.com/nginx/kubernetes-ingress/internal/certmanager/test_files"
@@ -44,6 +45,16 @@ func Test_controller_Register(t *testing.T) {
 		givenCall         func(*testing.T, cmclient.Interface, k8s_nginx.Interface)
 		expectRequeueKey  string
 	}{
+		{
+			name: "virtualserver is re-queued when an 'Added' event is received for this virtualserver",
+			givenCall: func(t *testing.T, _ cmclient.Interface, c k8s_nginx.Interface) {
+				_, err := c.K8sV1().VirtualServers("namespace-1").Create(context.Background(), &vsapi.VirtualServer{ObjectMeta: metav1.ObjectMeta{
+					Namespace: "namespace-1", Name: "vs-1", UID: "vs-uid-1",
+				}}, metav1.CreateOptions{})
+				require.NoError(t, err)
+			},
+			expectRequeueKey: "namespace-1/vs-1",
+		},
 		{
 			name: "virtualserver is re-queued when an 'Updated' event is received for this virtualserver",
 			existingVsObjects: []runtime.Object{&vsapi.VirtualServer{ObjectMeta: metav1.ObjectMeta{
@@ -57,6 +68,63 @@ func Test_controller_Register(t *testing.T) {
 			},
 			expectRequeueKey: "namespace-1/vs-1",
 		},
+		{
+			name: "virtualserver is re-queued when a 'Deleted' event is received for this ingress",
+			existingVsObjects: []runtime.Object{&vsapi.VirtualServer{ObjectMeta: metav1.ObjectMeta{
+				Namespace: "namespace-1", Name: "vs-1",
+			}}},
+			givenCall: func(t *testing.T, _ cmclient.Interface, c k8s_nginx.Interface) {
+				err := c.K8sV1().VirtualServers("namespace-1").Delete(context.Background(), "vs-1", metav1.DeleteOptions{})
+				require.NoError(t, err)
+			},
+			expectRequeueKey: "namespace-1/vs-1",
+		},
+		{
+			name: "virtualserver is re-queued when an 'Added' event is received for its child Certificate",
+			givenCall: func(t *testing.T, c cmclient.Interface, _ k8s_nginx.Interface) {
+				_, err := c.CertmanagerV1().Certificates("namespace-1").Create(context.Background(), &cmapi.Certificate{ObjectMeta: metav1.ObjectMeta{
+					Namespace: "namespace-1", Name: "cert-1",
+					OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(&vsapi.VirtualServer{ObjectMeta: metav1.ObjectMeta{
+						Namespace: "namespace-1", Name: "vs-2",
+					}}, vsGVK)},
+				}}, metav1.CreateOptions{})
+				require.NoError(t, err)
+			},
+			expectRequeueKey: "namespace-1/vs-2",
+		},
+		{
+			name: "virtualserver is re-queued when an 'Updated' event is received for its child Certificate",
+			existingCMObjects: []runtime.Object{&cmapi.Certificate{ObjectMeta: metav1.ObjectMeta{
+				Namespace: "namespace-1", Name: "cert-1",
+				OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(&vsapi.VirtualServer{ObjectMeta: metav1.ObjectMeta{
+					Namespace: "namespace-1", Name: "vs-2",
+				}}, vsGVK)},
+			}}},
+			givenCall: func(t *testing.T, c cmclient.Interface, _ k8s_nginx.Interface) {
+				_, err := c.CertmanagerV1().Certificates("namespace-1").Update(context.Background(), &cmapi.Certificate{ObjectMeta: metav1.ObjectMeta{
+					Namespace: "namespace-1", Name: "cert-1",
+					OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(&vsapi.VirtualServer{ObjectMeta: metav1.ObjectMeta{
+						Namespace: "namespace-1", Name: "vs-2",
+					}}, vsGVK)},
+				}}, metav1.UpdateOptions{})
+				require.NoError(t, err)
+			},
+			expectRequeueKey: "namespace-1/vs-2",
+		},
+		{
+			name: "virtualserver is re-queued when a 'Deleted' event is received for its child Certificate",
+			existingCMObjects: []runtime.Object{&cmapi.Certificate{ObjectMeta: metav1.ObjectMeta{
+				Namespace: "namespace-1", Name: "cert-1",
+				OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(&vsapi.VirtualServer{ObjectMeta: metav1.ObjectMeta{
+					Namespace: "namespace-1", Name: "vs-2",
+				}}, vsGVK)},
+			}}},
+			givenCall: func(t *testing.T, c cmclient.Interface, _ k8s_nginx.Interface) {
+				err := c.CertmanagerV1().Certificates("namespace-1").Delete(context.Background(), "cert-1", metav1.DeleteOptions{})
+				require.NoError(t, err)
+			},
+			expectRequeueKey: "namespace-1/vs-2",
+		},
 	}
 
 	for _, test := range tests {
diff --git a/internal/certmanager/test_files/context_builder.go b/internal/certmanager/test_files/context_builder.go
@@ -26,7 +26,9 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
+	"k8s.io/apimachinery/pkg/watch"
 	kubeinformers "k8s.io/client-go/informers"
 	kubefake "k8s.io/client-go/kubernetes/fake"
 	"k8s.io/client-go/rest"
@@ -38,9 +40,11 @@ import (
 	cmfake "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/fake"
 	informers "github.com/cert-manager/cert-manager/pkg/client/informers/externalversions"
 	"github.com/cert-manager/cert-manager/pkg/util"
+	confv1 "github.com/nginx/kubernetes-ingress/pkg/apis/configuration/v1"
 	k8s_nginx "github.com/nginx/kubernetes-ingress/pkg/client/clientset/versioned"
 	vsfake "github.com/nginx/kubernetes-ingress/pkg/client/clientset/versioned/fake"
 	vsinformers "github.com/nginx/kubernetes-ingress/pkg/client/informers/externalversions"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientfeatures "k8s.io/client-go/features"
 	clienttesting "k8s.io/client-go/features/testing"
 )
@@ -105,11 +109,39 @@ func (b *Builder) Init() {
 	b.requiredReactors = make(map[string]bool)
 	b.Client = kubefake.NewClientset(b.KubeObjects...)
 	b.CMClient = cmfake.NewClientset(b.CertManagerObjects...)
-	b.VSClient = vsfake.NewClientset(b.VSObjects...)
+	b.VSClient = vsfake.NewClientset()
 	b.Recorder = new(FakeRecorder)
 	b.FakeKubeClient().PrependReactor("create", "*", b.generateNameReactor)
 	b.FakeCMClient().PrependReactor("create", "*", b.generateNameReactor)
 	b.FakeVSClient().PrependReactor("create", "*", b.generateNameReactor)
+	// Build a scheme/codecs for VS CRD and use a simple tracker to avoid typed SMD conversion
+	scheme := runtime.NewScheme()
+	utilruntime.Must(confv1.AddToScheme(scheme))
+	codecs := serializer.NewCodecFactory(scheme)
+
+	st := coretesting.NewObjectTracker(scheme, codecs.UniversalDecoder())
+	for _, obj := range b.VSObjects {
+		_ = st.Add(obj)
+	}
+
+	// Intercept VirtualServer CRUD via simple tracker
+	b.FakeVSClient().PrependReactor("*", "virtualservers", coretesting.ObjectReaction(st))
+
+	// Intercept VirtualServer watch via simple tracker
+	b.FakeVSClient().PrependWatchReactor("virtualservers", func(action coretesting.Action) (bool, watch.Interface, error) {
+		var opts metav1.ListOptions
+		if wa, ok := action.(coretesting.WatchActionImpl); ok {
+			opts = wa.ListOptions
+		}
+		gvr := action.GetResource()
+		ns := action.GetNamespace()
+		w, err := st.Watch(gvr, ns, opts)
+		if err != nil {
+			return false, nil, err
+		}
+		return true, w, nil
+	})
+
 	// Borrowed from cert-manager to disable WatchListClient feature gate
 	// FIXME: It seems like we need to disable the WatchListClient feature gate until our gateway-api dependency is bumped to K8s 1.35
 	clienttesting.SetFeatureDuringTest(b.T, clientfeatures.WatchListClient, false)
