feat: fixed review comments.

ramekris3163 · ramekris3163 · commit 93ca01804ceb · 2023-01-18T13:04:14.000-05:00
Signed-off-by: raradhakrishnan &lt;raradhakrishnan@guidewire.com&gt;
diff --git a/controllers/configuration_controller.go b/controllers/configuration_controller.go
@@ -588,7 +588,7 @@ func (r *ConfigurationReconciler) preCheck(ctx context.Context, configuration *v
 		}
 	}
 
-	/* validate the follwing secretreferences and config maps.
+	/* validate the following secret references and configmap references.
 	   1. GitCredentialsSecretReference
 	   2. TerraformCredentialsSecretReference
 	   3. TerraformRCConfigMapReference
@@ -672,45 +672,42 @@ func (meta *TFConfigurationMeta) validateSecretAndConfigMap(ctx context.Context,
 		neededKeys    []string
 		errMsg        string
 		keyErrMsg     string
+		errKey        string
 	}{
 		{
 			ref:           meta.GitCredentialsSecretReference,
 			notFoundState: types.InvalidGitCredentialsSecretReference,
 			isSecret:      true,
 			neededKeys:    []string{GitCredsKnownHosts, v1.SSHAuthPrivateKey},
-			errMsg:        "Failed to get git credentials secret",
-			keyErrMsg:     "not in git credentials secret",
+			errKey:        "git credentials",
 		},
 		{
 			ref:           meta.TerraformCredentialsSecretReference,
 			notFoundState: types.InvalidTerraformCredentialsSecretReference,
 			isSecret:      true,
 			neededKeys:    []string{TerraformCredentials},
-			errMsg:        "Failed to get terraform credentials secret",
-			keyErrMsg:     "not in terraform credentials secret",
+			errKey:        "terraform credentials",
 		},
 		{
 			ref:           meta.TerraformRCConfigMapReference,
 			notFoundState: types.InvalidTerraformRCConfigMapReference,
 			isSecret:      false,
 			neededKeys:    []string{TerraformRegistryConfig},
-			errMsg:        "Failed to get the terraform registry config configmap",
-			keyErrMsg:     "not in terraform registry configuration configmap",
+			errKey:        "terraformrc configuration",
 		},
 		{
 			ref:           meta.TerraformCredentialsHelperConfigMapReference,
 			notFoundState: types.InvalidTerraformCredentialsHelperConfigMapReference,
 			isSecret:      false,
 			neededKeys:    []string{},
-			errMsg:        "Failed to get the terraform credentials helper configmap",
-			keyErrMsg:     "",
+			errKey:        "terraform credentials helper",
 		},
 	}
 	for _, check := range secretConfigMapToCheck {
 		if check.ref != nil {
 			var object metav1.Object
 			var err error
-			object, err = GetSecretOrConfigMap(ctx, k8sClient, check.isSecret, check.ref, check.neededKeys, check.errMsg, check.keyErrMsg)
+			object, err = GetSecretOrConfigMap(ctx, k8sClient, check.isSecret, check.ref, check.neededKeys, check.errKey)
 			if object == nil {
 				msg := string(check.notFoundState)
 				if err != nil {
@@ -1010,7 +1007,7 @@ func (meta *TFConfigurationMeta) assembleExecutorVolumes() []v1.Volume {
 	inputTFConfigurationVolume := meta.createConfigurationVolume()
 	tfBackendVolume := meta.createTFBackendVolume()
 	executorVolumes := []v1.Volume{workingVolume, inputTFConfigurationVolume, tfBackendVolume}
-	SecretOrConfigMapReferences := []struct {
+	secretOrConfigMapReferences := []struct {
 		ref        *v1.SecretReference
 		volumeName string
 		isSecret   bool
@@ -1036,7 +1033,7 @@ func (meta *TFConfigurationMeta) assembleExecutorVolumes() []v1.Volume {
 			isSecret:   false,
 		},
 	}
-	for _, ref := range SecretOrConfigMapReferences {
+	for _, ref := range secretOrConfigMapReferences {
 		if ref.ref != nil {
 			executorVolumes = append(executorVolumes, meta.createSecretOrConfigMapVolume(ref.isSecret, ref.ref.Name, ref.volumeName))
 		}
@@ -1483,42 +1480,44 @@ func (meta *TFConfigurationMeta) RenderConfiguration(configuration *v1beta2.Conf
 	}
 }
 
-func GetSecretOrConfigMap(ctx context.Context, k8sClient client.Client, isSecret bool, ref *v1.SecretReference, neededKeys []string, errMsg string, keyErrMsg string) (metav1.Object, error) {
+func GetSecretOrConfigMap(ctx context.Context, k8sClient client.Client, isSecret bool, ref *v1.SecretReference, neededKeys []string, errKey string) (metav1.Object, error) {
 	secret := &v1.Secret{}
 	configMap := &v1.ConfigMap{}
 	var err error
+	// key to determine if it is a secret or config map
+	var typeKey string
 	if isSecret {
 		namespacedName := client.ObjectKey{Name: ref.Name, Namespace: ref.Namespace}
 		err = k8sClient.Get(ctx, namespacedName, secret)
+		typeKey = "secret"
 	} else {
 		namespacedName := client.ObjectKey{Name: ref.Name, Namespace: ref.Namespace}
 		err = k8sClient.Get(ctx, namespacedName, configMap)
+		typeKey = "configmap"
 	}
+	errMsg := fmt.Sprintf("Failed to get %s %s", errKey, typeKey)
 	if err != nil {
 		klog.ErrorS(err, errMsg, "Name", ref.Name, "Namespace", ref.Namespace)
 		return nil, errors.Wrap(err, errMsg)
 	}
-	if len(neededKeys) > 0 {
-		for _, key := range neededKeys {
-			var keyErr bool
-			if isSecret {
-				if _, ok := secret.Data[key]; !ok {
-					keyErr = true
-				}
-			} else {
-				if _, ok := configMap.Data[key]; !ok {
-					keyErr = true
-				}
+	for _, key := range neededKeys {
+		var keyErr bool
+		if isSecret {
+			if _, ok := secret.Data[key]; !ok {
+				keyErr = true
 			}
-			if keyErr {
-				keyErr := errors.Errorf("'%s' %s", key, keyErrMsg)
-				return nil, keyErr
+		} else {
+			if _, ok := configMap.Data[key]; !ok {
+				keyErr = true
 			}
 		}
+		if keyErr {
+			keyErr := errors.Errorf("'%s' %s", key, fmt.Sprintf("not in %s %s", errKey, typeKey))
+			return nil, keyErr
+		}
 	}
 	if isSecret {
 		return secret, nil
 	}
-
 	return configMap, nil
 }
diff --git a/controllers/configuration_controller_test.go b/controllers/configuration_controller_test.go
@@ -1639,7 +1639,7 @@ func TestAssembleTerraformJobWithGitCredentialsSecretRef(t *testing.T) {
 	assert.Contains(t, spec.Volumes, gitAuthSecretVolume)
 }
 
-func TestAssembleTerraformJobWithTerraformRegistryConfigAndCredentialsSecretRef(t *testing.T) {
+func TestAssembleTerraformJobWithTerraformRCAndCredentials(t *testing.T) {
 	meta := &TFConfigurationMeta{
 		Name:                "a",
 		ConfigurationCMName: "b",
@@ -1656,6 +1656,10 @@ func TestAssembleTerraformJobWithTerraformRegistryConfigAndCredentialsSecretRef(
 			Namespace: "default",
 			Name:      "terraform-credentials",
 		},
+		TerraformCredentialsHelperConfigMapReference: &corev1.SecretReference{
+			Namespace: "default",
+			Name:      "terraform-credentials-helper",
+		},
 	}
 
 	job := meta.assembleTerraformJob(TerraformApply)
@@ -1686,15 +1690,33 @@ func TestAssembleTerraformJobWithTerraformRegistryConfigAndCredentialsSecretRef(
 		MountPath: TerraformCredentialsConfigVolumeMountPath,
 	}
 
+	terraformCredentialsHelperConfigVolume := corev1.Volume{Name: TerraformCredentialsHelperConfigVolumeName}
+	terraformCredentialsHelperConfigVolume.ConfigMap = &corev1.ConfigMapVolumeSource{
+		LocalObjectReference: corev1.LocalObjectReference{
+			Name: "terraform-credentials-helper",
+		},
+		DefaultMode: &terraformSecretDefaultMode,
+	}
+
+	terraformCredentialsHelperConfigVolumeMount := corev1.VolumeMount{
+		Name:      TerraformCredentialsHelperConfigVolumeName,
+		MountPath: TerraformCredentialsHelperConfigVolumeMountPath,
+	}
+
+	assert.Contains(t, spec.InitContainers[0].VolumeMounts, terraformCredentialsHelperConfigVolumeMount)
+	assert.Contains(t, spec.Volumes, terraformCredentialsHelperConfigVolume)
+
 	assert.Contains(t, spec.InitContainers[0].VolumeMounts, terraformRegistryConfigVolumeMount)
 	assert.Contains(t, spec.Volumes, terraformRegistryConfigMapVolume)
 
 	assert.Contains(t, spec.InitContainers[0].VolumeMounts, terraformCredentialsSecretVolumeMount)
 	assert.Contains(t, spec.Volumes, terraformCredentialsSecretVolume)
 
+	assert.Contains(t, spec.InitContainers[0].VolumeMounts, terraformRegistryConfigVolumeMount)
+	assert.Contains(t, spec.Volumes, terraformRegistryConfigMapVolume)
 }
 
-func TestAssembleTerraformJobWithTerraformRegistryConfigAndCredentialsHelperConfigMapRef(t *testing.T) {
+func TestAssembleTerraformJobWithTerraformRCAndCredentialsHelper(t *testing.T) {
 	meta := &TFConfigurationMeta{
 		Name:                "a",
 		ConfigurationCMName: "b",
@@ -2757,12 +2779,11 @@ func TestCheckGitCredentialsSecretReference(t *testing.T) {
 		},
 	}
 	neededKeys := []string{GitCredsKnownHosts, corev1.SSHAuthPrivateKey}
-	errMsg := "Failed to get git credentials secret"
-	keyErrMsg := "not in git credentials secret"
+	errKey := "git credentials"
 
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
-			sec, err := GetSecretOrConfigMap(ctx, tc.args.k8sClient, true, tc.args.GitCredentialsSecretReference, neededKeys, errMsg, keyErrMsg)
+			sec, err := GetSecretOrConfigMap(ctx, tc.args.k8sClient, true, tc.args.GitCredentialsSecretReference, neededKeys, errKey)
 			if err != nil {
 				assert.EqualError(t, err, tc.want.errMsg)
 			}
@@ -2830,11 +2851,11 @@ func TestCheckTerraformCredentialsSecretReference(t *testing.T) {
 				k8sClient: k8sClient,
 				TerraformCredentialsSecretReference: &corev1.SecretReference{
 					Namespace: "default",
-					Name:      "terraform-credentials",
+					Name:      "secret-not-exists",
 				},
 			},
 			want: want{
-				errMsg: "Failed to get terraform credentials secret: secrets \"terraform-credentials\" not found",
+				errMsg: "Failed to get terraform credentials secret: secrets \"secret-not-exists\" not found",
 			},
 		},
 		{
@@ -2866,12 +2887,11 @@ func TestCheckTerraformCredentialsSecretReference(t *testing.T) {
 	}
 
 	neededKeys := []string{TerraformCredentials}
-	errMsg := "Failed to get terraform credentials secret"
-	keyErrMsg := "not in terraform credentials secret"
+	errKey := "terraform credentials"
 
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
-			sec, err := GetSecretOrConfigMap(ctx, tc.args.k8sClient, true, tc.args.TerraformCredentialsSecretReference, neededKeys, errMsg, keyErrMsg)
+			sec, err := GetSecretOrConfigMap(ctx, tc.args.k8sClient, true, tc.args.TerraformCredentialsSecretReference, neededKeys, errKey)
 
 			if err != nil {
 				assert.EqualError(t, err, tc.want.errMsg)
@@ -2937,11 +2957,11 @@ func TestCheckTerraformRCConfigMapReference(t *testing.T) {
 				k8sClient: k8sClient,
 				TerraformRCConfigMapReference: &corev1.SecretReference{
 					Namespace: "default",
-					Name:      "terraform-registry",
+					Name:      "configmap-not-exists",
 				},
 			},
 			want: want{
-				errMsg: "Failed to get the terraform registry config configmap: configmaps \"terraform-registry\" not found",
+				errMsg: "Failed to get terraformrc configuration configmap: configmaps \"configmap-not-exists\" not found",
 			},
 		},
 		{
@@ -2954,7 +2974,7 @@ func TestCheckTerraformRCConfigMapReference(t *testing.T) {
 				},
 			},
 			want: want{
-				errMsg: fmt.Sprintf("'%s' not in terraform registry configuration configmap", TerraformRegistryConfig),
+				errMsg: fmt.Sprintf("'%s' not in terraformrc configuration configmap", TerraformRegistryConfig),
 			},
 		},
 		{
@@ -2973,12 +2993,11 @@ func TestCheckTerraformRCConfigMapReference(t *testing.T) {
 	}
 
 	neededKeys := []string{TerraformRegistryConfig}
-	errMsg := "Failed to get the terraform registry config configmap"
-	keyErrMsg := "not in terraform registry configuration configmap"
+	errKey := "terraformrc configuration"
 
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
-			configMap, err := GetSecretOrConfigMap(ctx, tc.args.k8sClient, false, tc.args.TerraformRCConfigMapReference, neededKeys, errMsg, keyErrMsg)
+			configMap, err := GetSecretOrConfigMap(ctx, tc.args.k8sClient, false, tc.args.TerraformRCConfigMapReference, neededKeys, errKey)
 
 			if err != nil {
 				assert.EqualError(t, err, tc.want.errMsg)
@@ -3034,7 +3053,7 @@ func TestTerraformCredentialsHelperConfigMap(t *testing.T) {
 				},
 			},
 			want: want{
-				errMsg: "Failed to get the terraform credentials helper configmap: configmaps \"terraform-registry\" not found",
+				errMsg: "Failed to get terraform credentials helper configmap: configmaps \"terraform-registry\" not found",
 			},
 		},
 		{
@@ -3053,12 +3072,11 @@ func TestTerraformCredentialsHelperConfigMap(t *testing.T) {
 	}
 
 	neededKeys := []string{}
-	errMsg := "Failed to get the terraform credentials helper configmap"
-	keyErrMsg := ""
+	errKey := "terraform credentials helper"
 
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
-			configMap, err := GetSecretOrConfigMap(ctx, tc.args.k8sClient, false, tc.args.TerraformCredentialsHelperConfigMapReference, neededKeys, errMsg, keyErrMsg)
+			configMap, err := GetSecretOrConfigMap(ctx, tc.args.k8sClient, false, tc.args.TerraformCredentialsHelperConfigMapReference, neededKeys, errKey)
 
 			if err != nil {
 				assert.EqualError(t, err, tc.want.errMsg)
@@ -3214,7 +3232,7 @@ func TestCheckValidateSecretAndConfigMap(t *testing.T) {
 				},
 			},
 			want: want{
-				errMsg: "Failed to get the terraform credentials helper configmap: configmaps \"terraform-registry\" not found",
+				errMsg: "Failed to get terraform credentials helper configmap: configmaps \"terraform-registry\" not found",
 			},
 		},
 		{
@@ -3248,7 +3266,7 @@ func TestCheckValidateSecretAndConfigMap(t *testing.T) {
 				},
 			},
 			want: want{
-				errMsg: "Failed to get the terraform registry config configmap: configmaps \"terraform-registry\" not found",
+				errMsg: "Failed to get terraformrc configuration configmap: configmaps \"terraform-registry\" not found",
 			},
 		},
 	}
