Skip to content

Commit

Permalink
Unit tests for tagging in 'registry-creds up'
Browse files Browse the repository at this point in the history
  • Loading branch information
PettitWesley committed Feb 28, 2019
1 parent 1f9b745 commit 6aec326
Show file tree
Hide file tree
Showing 3 changed files with 167 additions and 9 deletions.
76 changes: 71 additions & 5 deletions ecs-cli/modules/cli/regcreds/create_task_execution_role_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ func TestCreateTaskExecutionRole(t *testing.T) {

mocks := setupTestController(t)
gomock.InOrder(
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString).Return(*testRoleArn, nil),
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString, nil).Return(*testRoleArn, nil),
mocks.MockIAM.EXPECT().CreateRole(gomock.Any()).Return(&iam.CreateRoleOutput{Role: &iam.Role{Arn: testRoleArn}}, nil),
)
gomock.InOrder(
Expand Down Expand Up @@ -76,7 +76,7 @@ func TestCreateTaskExecutionRole_NoKMSKey(t *testing.T) {

mocks := setupTestController(t)
gomock.InOrder(
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString).Return(*testRoleArn, nil),
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString, nil).Return(*testRoleArn, nil),
mocks.MockIAM.EXPECT().CreateRole(gomock.Any()).Return(&iam.CreateRoleOutput{Role: &iam.Role{Arn: testRoleArn}}, nil),
)
gomock.InOrder(
Expand Down Expand Up @@ -110,7 +110,7 @@ func TestCreateTaskExecutionRole_RoleExists(t *testing.T) {
mocks := setupTestController(t)
gomock.InOrder(
// CreateOrFindRole should return nil if given role already exists
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString).Return("", nil),
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString, nil).Return("", nil),
mocks.MockIAM.EXPECT().CreateRole(gomock.Any()).Return(nil, roleExistsError),
)
gomock.InOrder(
Expand Down Expand Up @@ -140,7 +140,7 @@ func TestCreateTaskExecutionRole_ErrorOnCreateRoleFails(t *testing.T) {

mocks := setupTestController(t)
gomock.InOrder(
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString).Return("", errors.New("something went wrong")),
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString, nil).Return("", errors.New("something went wrong")),
mocks.MockIAM.EXPECT().CreateRole(gomock.Any()).Return(nil, errors.New("something went wrong")),
)

Expand All @@ -166,7 +166,7 @@ func TestCreateTaskExecutionRole_ErrorOnCreatePolicyFails(t *testing.T) {

mocks := setupTestController(t)
gomock.InOrder(
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString).Return(*testRoleArn, nil),
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString, nil).Return(*testRoleArn, nil),
mocks.MockIAM.EXPECT().CreateRole(gomock.Any()).Return(&iam.CreateRoleOutput{Role: &iam.Role{Arn: testRoleArn}}, nil),
)
gomock.InOrder(
Expand All @@ -182,3 +182,69 @@ func TestCreateTaskExecutionRole_ErrorOnCreatePolicyFails(t *testing.T) {
_, err := createTaskExecutionRole(testParams, mocks.MockIAM, mocks.MockKMS)
assert.Error(t, err, "Expected error when CreatePolicy fails")
}

func TestCreateTaskExecutionRoleWithTags(t *testing.T) {
testRegistry := "myreg.test.io"
testRegCredARN := "arn:aws:secret/some-test-arn"
testRegKMSKey := "arn:aws:kms:key/67yt-756yth"

testCreds := map[string]regcredio.CredsOutputEntry{
testRegistry: regcredio.BuildOutputEntry(testRegCredARN, testRegKMSKey, []string{"test"}),
}

testRoleName := "myNginxProjectRole"

testPolicyArn := aws.String("arn:aws:iam::policy/" + testRoleName + "-policy")
testRoleArn := aws.String("arn:aws:iam::role/" + testRoleName)

testParams := executionRoleParams{
CredEntries: testCreds,
RoleName: testRoleName,
Region: "us-west-2",
Tags: map[string]*string{
"Hey": aws.String("Jude"),
"Come": aws.String("Together"),
"Hello": aws.String("Goodbye"),
"Abbey": aws.String("Road"),
},
}

expectedTags := []*iam.Tag{
&iam.Tag{
Key: aws.String("Hey"),
Value: aws.String("Jude"),
},
&iam.Tag{
Key: aws.String("Come"),
Value: aws.String("Together"),
},
&iam.Tag{
Key: aws.String("Hello"),
Value: aws.String("Goodbye"),
},
&iam.Tag{
Key: aws.String("Abbey"),
Value: aws.String("Road"),
},
}

mocks := setupTestController(t)
gomock.InOrder(
mocks.MockIAM.EXPECT().CreateOrFindRole(testRoleName, roleDescriptionString, assumeRolePolicyDocString, gomock.Any()).Do(func(w, x, y, z interface{}) {
tags := z.([]*iam.Tag)
assert.ElementsMatch(t, tags, expectedTags, "Expected Tags to match")
}).Return(*testRoleArn, nil),
mocks.MockIAM.EXPECT().CreateRole(gomock.Any()).Return(&iam.CreateRoleOutput{Role: &iam.Role{Arn: testRoleArn}}, nil),
)
gomock.InOrder(
// If KMSKeyID present, first thing to happen should be verifying its ARN
mocks.MockKMS.EXPECT().GetValidKeyARN(testRegKMSKey).Return(testRegKMSKey, nil),
mocks.MockIAM.EXPECT().CreatePolicy(gomock.Any()).Return(&iam.CreatePolicyOutput{Policy: &iam.Policy{Arn: testPolicyArn}}, nil),
mocks.MockIAM.EXPECT().AttachRolePolicy(getExecutionRolePolicyARN("us-west-2"), testRoleName).Return(nil, nil),
mocks.MockIAM.EXPECT().AttachRolePolicy(*testPolicyArn, testRoleName).Return(nil, nil),
)

policyCreateTime, err := createTaskExecutionRole(testParams, mocks.MockIAM, mocks.MockKMS)
assert.NoError(t, err, "Unexpected error when creating task execution role")
assert.NotNil(t, policyCreateTime, "Expected policy create time to be non-nil")
}
92 changes: 92 additions & 0 deletions ecs-cli/modules/cli/regcreds/regcreds_app_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,11 @@ import (
"github.com/aws/amazon-ecs-cli/ecs-cli/modules/clients/aws/iam/mock"
"github.com/aws/amazon-ecs-cli/ecs-cli/modules/clients/aws/kms/mock"
"github.com/aws/amazon-ecs-cli/ecs-cli/modules/clients/aws/secretsmanager/mock"
"github.com/aws/amazon-ecs-cli/ecs-cli/modules/clients/aws/tagging/mock"
"github.com/aws/amazon-ecs-cli/ecs-cli/modules/utils/regcredio"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/kms"
taggingSDK "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi"
secretsmanager "github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/golang/mock/gomock"
"github.com/pkg/errors"
Expand Down Expand Up @@ -216,6 +218,96 @@ func TestGetOrCreateRegistryCredentials_ErrorOnUpdate(t *testing.T) {
assert.Error(t, err)
}

func TestTagRegistryCredentials(t *testing.T) {
creds := map[string]regcredio.CredsOutputEntry{
"the-who-registry.com": regcredio.CredsOutputEntry{
CredentialARN: "arn:aws:secretsmanager:eu-west-1:111111111111:secret:path/whoareyou-1978",
},
}

tags := map[string]*string{
"Baba": aws.String("O'riley"),
"Eminence": aws.String("Front"),
"My": aws.String("Generation"),
}

ctrl := gomock.NewController(t)

mockTagging := mock_tagging.NewMockClient(ctrl)

gomock.InOrder(
mockTagging.EXPECT().TagResources(gomock.Any()).Do(func(x interface{}) {
input := x.(*taggingSDK.TagResourcesInput)
assert.Equal(t, tags, input.Tags, "Expected tags to match")
}).Return(&taggingSDK.TagResourcesOutput{}, nil),
)

err := tagRegistryCredentials(creds, tags, mockTagging)
assert.NoError(t, err, "Unexpected error calling tagRegistryCredentials")
}

func TestTagRegistryCredentialsError(t *testing.T) {
creds := map[string]regcredio.CredsOutputEntry{
"the-who-registry.com": regcredio.CredsOutputEntry{
CredentialARN: "arn:aws:secretsmanager:eu-west-1:111111111111:secret:path/whoareyou-1978",
},
}

tags := map[string]*string{
"Baba": aws.String("O'riley"),
"Eminence": aws.String("Front"),
"My": aws.String("Generation"),
}

ctrl := gomock.NewController(t)

mockTagging := mock_tagging.NewMockClient(ctrl)

gomock.InOrder(
mockTagging.EXPECT().TagResources(gomock.Any()).Do(func(x interface{}) {
input := x.(*taggingSDK.TagResourcesInput)
assert.Equal(t, tags, input.Tags, "Expected tags to match")
}).Return(nil, fmt.Errorf("Some API error")),
)

err := tagRegistryCredentials(creds, tags, mockTagging)
assert.Error(t, err, "Expected error calling tagRegistryCredentials")
}

func TestTagRegistryCredentialsFailedResources(t *testing.T) {
creds := map[string]regcredio.CredsOutputEntry{
"the-who-registry.com": regcredio.CredsOutputEntry{
CredentialARN: "arn:aws:secretsmanager:eu-west-1:111111111111:secret:path/whoareyou-1978",
},
}

tags := map[string]*string{
"Baba": aws.String("O'riley"),
"Eminence": aws.String("Front"),
"My": aws.String("Generation"),
}

ctrl := gomock.NewController(t)

mockTagging := mock_tagging.NewMockClient(ctrl)

gomock.InOrder(
mockTagging.EXPECT().TagResources(gomock.Any()).Do(func(x interface{}) {
input := x.(*taggingSDK.TagResourcesInput)
assert.Equal(t, tags, input.Tags, "Expected tags to match")
}).Return(&taggingSDK.TagResourcesOutput{
FailedResourcesMap: map[string]*taggingSDK.FailureInfo{
"arn:aws:secretsmanager:eu-west-1:111111111111:secret:path/whoareyou-1978": &taggingSDK.FailureInfo{
ErrorMessage: aws.String("Auth Error: who are you"),
},
},
}, nil),
)

err := tagRegistryCredentials(creds, tags, mockTagging)
assert.Error(t, err, "Expected error calling tagRegistryCredentials")
}

func TestValidateCredsInput_ErrorEmptyCreds(t *testing.T) {
emptyCredMap := make(map[string]regcredio.RegistryCredEntry)
emptyCredsInput := regcredio.ECSRegCredsInput{
Expand Down
8 changes: 4 additions & 4 deletions ecs-cli/modules/clients/aws/iam/mock/client.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 6aec326

Please sign in to comment.