问题内容
我有一个函数,它接受 aws openidconnectprovider pulumi 资源的输入并创建一个 iam 角色,并附加一个包含来自该 oidc 提供商的信息的 assumerolepolicy。
问题:我正在尝试为此函数编写测试并模拟 oidc 提供程序以作为函数调用的输入。我无法理解如何正确地模拟它,以便测试输出显示我所期望的内容,目前看来模拟的数据没有像我预期的那样出现。
看来我没有正确使用模拟,但我在这里放弃了示例
此处有更多文档
package mypkgimport ( "github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam" "github.com/pulumi/pulumi/sdk/v3/go/pulumi")func createmycustomrole(ctx *pulumi.context, name string, oidcprovider *iam.openidconnectprovider, opts ...pulumi.resourceoption) (*iam.role, error) { role := &iam.role{} componenturn := fmt.sprintf("%s-custom-role", name) err := ctx.registercomponentresource("pkg:aws:mycustomrole", componenturn, role, opts...) if err != nil { return nil, err } url := oidc.url.applyt(func(s string) string { return fmt.sprint(strings.replaceall(s, "https://", ""), ":sub") }).(pulumi.stringoutput) assumerolepolicy := pulumi.sprintf(`{ "version": "2012-10-17", "statement": [{ "effect": "allow", "principal": { "federated": "%s" }, "action": "sts:assumerolewithwebidentity", "condition": { "stringequals": { "%s": [ "system:serviceaccount:kube-system:*", "system:serviceaccount:kube-system:cluster-autoscaler" ] } } }] }`, oidcprovider.arn, url) roleurn := fmt.sprintf("%s-custom-role", name) role, err = iam.newrole(ctx, roleurn, &iam.roleargs{ name: pulumi.string(roleurn), description: pulumi.string("create custom role"), assumerolepolicy: assumerolepolicy, tags: pulumi.tostringmap(map[string]string{"project": "test"}), }) if err != nil { return nil, err } return role, nil}
登录后复制
package mypkgimport ( "sync" "testing" "github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam" "github.com/pulumi/pulumi/sdk/v3/go/common/resource" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/stretchr/testify/assert")type mocks intfunc (mocks) newresource(args pulumi.mockresourceargs) (string, resource.propertymap, error) { return args.name + "_id", args.inputs, nil}func (mocks) call(args pulumi.mockcallargs) (resource.propertymap, error) { outputs := map[string]interface{}{} if args.token == "aws:iam/getopenidconnectprovider:getopenidconnectprovider" { outputs["arn"] = "arn:aws:iam::123:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/abc" outputs["id"] = "abc" outputs["url"] = "https://someurl" } return resource.newpropertymapfrommap(outputs), nil}func testcreatemycustomrole(t *testing.t) { err := pulumi.runerr(func(ctx *pulumi.context) error { // gets the mocked oidc provider to use as input for the createdefaultautoscalerrole oidc, err := iam.getopenidconnectprovider(ctx, "get-test-oidc-provider", pulumi.id("abc"), &iam.openidconnectproviderstate{}) assert.noerror(t, err) infra, err := createmycustomrole(ctx, "role1", oidc}) assert.noerror(t, err) var wg sync.waitgroup wg.add(1) // check 1: assume role policy is formatted correctly pulumi.all(infra.urn(), infra.assumerolepolicy).applyt(func(all []interface{}) error { urn := all[0].(pulumi.urn) assumerolepolicy := all[1].(string) assert.equal(t, `{ "version": "2012-10-17", "statement": [{ "effect": "allow", "principal": { "federated": "arn:aws:iam::123:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/abc" }, "action": "sts:assumerolewithwebidentity", "condition": { "stringequals": { "someurl:sub": [ "system:serviceaccount:kube-system:*", "system:serviceaccount:kube-system:cluster-autoscaler" ] } } }] }`, assumerolepolicy) wg.done() return nil }) wg.wait() return nil }, pulumi.withmocks("project", "stack", mocks(0))) assert.noerror(t, err)}output
登录后复制
diff: --- expected +++ actual @@ -4,3 +4,3 @@ "effect": "allow", - "principal": { "federated": "arn:aws:iam::123:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/abc" }, + "principal": { "federated": "" }, "action": "sts:assumerolewithwebidentity", @@ -8,3 +8,3 @@ "stringequals": { - "someurl:sub": [ + ":sub": [ "system:serviceaccount:kube-system:*", test: testcreatemycustomrole
登录后复制
登录后复制
正确答案
原来我使用了 newresource 错误。
当在测试函数中调用 getopenidconnectprovider 时,它会读取资源并创建一个新的资源输出,从而触发对mocks.newresource的调用
修复方法是使用模拟输出在 newresource 函数调用中为 getopenidconnectprovider openidconnectprovider 返回的资源类型定义一个 if 语句。
func (mocks) newresource(args pulumi.mockresourceargs) (string, resource.propertymap, error) { pulumi.printf(args.typetoken) outputs := args.inputs.mappable() if args.typetoken == "aws:iam/openidconnectprovider:openidconnectprovider" { outputs["arn"] = "arn:aws:iam::123:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/abc" outputs["id"] = "abc" outputs["url"] = "https://someurl" } return args.name + "_id", resource.newpropertymapfrommap(outputs), nil}func (mocks) call(args pulumi.mockcallargs) (resource.propertymap, error) { outputs := map[string]interface{}{} return resource.newpropertymapfrommap(outputs), nil}
登录后复制
下面的代码片段是我更改了 assert 以便它无法显示与上面对 newresource 所做的更改相比现在的差异
Diff: --- Expected Actual @@ -8,3 +8,3 @@ "StringEquals": { - "b:sub": [ + "someurl:sub": [ "system:serviceaccount:kube-system:*",
登录后复制
以上就是如何在 Go 单元测试中模拟 Pulumi 资源?的详细内容,更多请关注【创想鸟】其它相关文章!
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至253000106@qq.com举报,一经查实,本站将立刻删除。
发布者:PHP中文网,转转请注明出处:https://www.chuangxiangniao.com/p/2485511.html
