Add test for credential loader ordering

micronaut-projects · Dec 10, 2024 · ce8bcea · ce8bcea
1 parent 163a195
commit ce8bcea
Show file tree

Hide file tree

Showing 2 changed files with 138 additions and 3 deletions.
diff --git a/...mmon/src/main/java/io/micronaut/kubernetes/client/openapi/KubernetesHttpClientFilter.java b/...mmon/src/main/java/io/micronaut/kubernetes/client/openapi/KubernetesHttpClientFilter.java
@@ -47,7 +47,7 @@
 final class KubernetesHttpClientFilter {
 
     private Provider<KubeConfig> kubeConfigProvider;
-    private final Provider<List<KubernetesTokenLoader>> kubernetesTokenLoaders;
+    private final Provider<Collection<KubernetesTokenLoader>> kubernetesTokenLoaders;
 
     KubernetesHttpClientFilter(Provider<KubeConfigLoader> kubeConfigLoader,
                                ApplicationContext applicationContext) {
@@ -56,8 +56,7 @@ final class KubernetesHttpClientFilter {
         this.kubeConfigProvider = ProviderUtils.memoized(
             () -> kubeConfigLoader.get().getKubeConfig());
         this.kubernetesTokenLoaders = ProviderUtils.memoized(
-            () -> applicationContext.getBeansOfType(KubernetesTokenLoader.class)
-                .stream().sorted(Comparator.comparing(Ordered::getOrder)).toList());
+            () -> applicationContext.getBeansOfType(KubernetesTokenLoader.class));
     }
 
     @RequestFilter

diff --git a/.../src/test/groovy/io/micronaut/kubernetes/client/openapi/ClientCredentialLoaderSpec.groovy b/.../src/test/groovy/io/micronaut/kubernetes/client/openapi/ClientCredentialLoaderSpec.groovy
@@ -0,0 +1,136 @@
+package io.micronaut.kubernetes.client.openapi
+
+import io.micronaut.context.ApplicationContext
+import io.micronaut.context.annotation.BootstrapContextCompatible
+import io.micronaut.context.annotation.Requires
+import io.micronaut.http.annotation.Controller
+import io.micronaut.http.annotation.Get
+import io.micronaut.http.annotation.Header
+import io.micronaut.kubernetes.client.openapi.api.CoreV1Api
+import io.micronaut.kubernetes.client.openapi.credential.KubernetesTokenLoader
+import io.micronaut.kubernetes.client.openapi.model.V1Pod
+import io.micronaut.kubernetes.client.openapi.model.V1PodList
+import io.micronaut.runtime.server.EmbeddedServer
+import jakarta.inject.Singleton
+import spock.lang.AutoCleanup
+import spock.lang.Shared
+import spock.lang.Specification
+
+import java.nio.file.Files
+import java.nio.file.Path
+
+class ClientCredentialLoaderSpec extends Specification {
+
+    static final String KUBE_CONFIG = """\
+apiVersion: v1
+kind: Config
+clusters:
+  - name: test-cluster
+    cluster:
+      server: %s
+users:
+  - name: test-user
+    user:
+      token: test-user
+contexts:
+  - name: test-context
+    context:
+      cluster: test-cluster
+      user: test-user
+current-context: test-context
+"""
+
+    @AutoCleanup
+    EmbeddedServer server = ApplicationContext.run(EmbeddedServer, [
+            'spec.name': 'ClientCredentialLoaderSpec-Server',
+            'kubernetes.client.enabled': false
+    ])
+
+    @Shared
+    Path kubeConfigDir = Files.createTempDirectory("kube-temp-")
+
+    @Shared
+    Path kubeConfigFile = kubeConfigDir.resolve("config")
+
+    def cleanupSpec() {
+        if (kubeConfigFile != null) {
+            Files.deleteIfExists(kubeConfigFile)
+        }
+        if (kubeConfigDir) {
+            Files.deleteIfExists(kubeConfigDir)
+        }
+    }
+
+    def 'list pods when basic authentication is used'() {
+        given:
+        kubeConfigFile.toFile().text = KUBE_CONFIG.formatted(server.URL)
+        ApplicationContext clientContext = ApplicationContext.run([
+                'spec.name': 'ClientCredentialLoaderSpec-Client',
+                'kubernetes.client.kube-config-path': "file:" + kubeConfigFile.toString()
+        ])
+
+        when:
+        V1PodList response = clientContext.getBean(CoreV1Api.class).listPodForAllNamespaces(
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null,
+                null)
+
+        then:
+        response.getItems() != null
+        response.getItems().size() == 1
+
+        cleanup:
+        clientContext.close()
+    }
+
+    @Singleton
+    @Requires(property = 'spec.name', value = 'ClientCredentialLoaderSpec-Client')
+    @BootstrapContextCompatible
+    static class FirstCredentialLoader implements KubernetesTokenLoader {
+
+        @Override
+        String getToken() {
+            return "first"
+        }
+
+        @Override
+        int getOrder() {
+            return -1
+        }
+    }
+
+    @Singleton
+    @Requires(property = 'spec.name', value = 'ClientCredentialLoaderSpec-Client')
+    @BootstrapContextCompatible
+    static class SecondCredentialLoader implements KubernetesTokenLoader {
+
+        @Override
+        String getToken() {
+            return "second"
+        }
+
+        @Override
+        int getOrder() {
+            return 0
+        }
+    }
+
+    @Controller
+    @Requires(property = 'spec.name', value = 'ClientCredentialLoaderSpec-Server')
+    static class BasicAuthController {
+        @Get("/api/v1/pods")
+        V1PodList auth(@Header('Authorization') String authorization) {
+            return authorization == "Bearer first"
+                    ? new V1PodList(Arrays.asList(new V1Pod()))
+                    : new V1PodList(Collections.emptyList())
+        }
+    }
+}