test:Add unit tests for certificate and webhook CA bundle handling #634
Conversation
…st.go Signed-off-by: adity1raut <[email protected]>
|
@adity1raut: The label(s) DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Welcome @adity1raut! It looks like this is your first PR to volcano-sh/kthena 🎉 |
Summary of ChangesHello @adity1raut, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the test coverage for the Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds unit tests for the cert package, which is a great step towards improving code quality and reliability. The tests cover certificate generation, secret creation/reuse, and webhook CA bundle updates using a fake client.
My review focuses on improving the robustness and completeness of these new tests. I've identified a few areas for improvement:
- There's a recurring pattern of ignoring errors during the setup phase of the tests. Handling these errors would make the tests more reliable and easier to debug.
- The tests for updating webhook configurations (
ValidatingWebhookConfigurationandMutatingWebhookConfiguration) currently only check if the update function returns an error. They should be extended to verify that the CA bundle is actually written to the webhook objects. I've also suggested adding test cases for scenarios where the CA bundle is already present to ensure the update is correctly skipped.
Overall, this is a valuable contribution. Addressing these points will make the tests even more effective.
…st.go Signed-off-by: adity1raut <[email protected]>
|
/cc @hzxuzhonghu |
There was a problem hiding this comment.
Pull request overview
This PR adds unit tests for the cert package to validate certificate generation, Kubernetes Secret handling, and admission webhook CA bundle updates. The tests use client-go's fake client to test the functionality without requiring a live Kubernetes cluster.
Key changes:
- Adds comprehensive unit tests for certificate and webhook operations
- Tests both happy path scenarios (secret creation, reuse, webhook updates)
- Uses fake Kubernetes client for isolated testing
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
pkg/webhook/cert/secret_test.go
Outdated
|
|
||
| err := UpdateValidatingWebhookCABundle(ctx, client, "test-validating", []byte("ca")) | ||
| if err != nil { | ||
| t.Fatalf("unexpected error: %v", err) | ||
| } |
There was a problem hiding this comment.
The test doesn't verify that the CA bundle was actually set on the webhook configuration after the update. Consider adding an assertion to get the updated webhook configuration and verify that the CABundle field is correctly set to the expected value.
pkg/webhook/cert/secret_test.go
Outdated
| mwc := &admissionv1.MutatingWebhookConfiguration{ | ||
| ObjectMeta: metav1.ObjectMeta{ | ||
| Name: "test-mutating", |
There was a problem hiding this comment.
Error from webhook configuration creation is being ignored. While this may succeed in the test, it's better to check the error to ensure the test setup is correct and to catch any unexpected issues during test execution.
|
@hzxuzhonghu PTAL Thanks You |
hzxuzhonghu
left a comment
hzxuzhonghu
left a comment
There was a problem hiding this comment.
YOu can first try to understand the EnsureCertificate, we designed it for multi servers operate concurrently to make sure all instances share same certs. you can test this meaningful case.
Signed-off-by: adity1raut <[email protected]>
Signed-off-by: adity1raut <[email protected]>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: adity1raut <[email protected]>
|
/assign @git-malu |
|
/assign @hzxuzhonghu |
4 participants
What type of PR is this?
/kind testing
What this PR does / why we need it:
This PR adds unit tests for the cert package to validate certificate generation,
Kubernetes Secret handling, and admission webhook CA bundle updates.
The tests use the client-go fake client to ensure correctness without requiring
a live Kubernetes cluster.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
NONE