add test to validate resource schema

pkg/test/utils.go

@@ -15,12 +15,15 @@
 package test
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
 	"testing"
 
+	"sigs.k8s.io/yaml"
+
 	"github.com/google/go-cmp/cmp"
 )
 
@@ -140,3 +143,63 @@ func IgnoreLeadingComments(s string) string {
 	}
 	return strings.TrimSpace(strings.Join(out, "\n")) + "\n"
 }
+
+func CompareGoldenObject(path string, got []byte) error {
+	writeGoldenOutput := os.Getenv("WRITE_GOLDEN_OUTPUT") != ""
+	want, err := os.ReadFile(path)
+	if err != nil {
+		if writeGoldenOutput && os.IsNotExist(err) {
+			// Expected when creating output for the first time
+			if err := os.WriteFile(path, got, 0644); err != nil {
+				return fmt.Errorf("failed to write golden output %s: %w", path, err)
+			}
+			fmt.Printf("wrote updated golden output to %s", path)
+			return nil
+		} else {
+			return fmt.Errorf("failed to read golden file %q: %w", path, err)
+		}
+	}
+	var wantMap, gotMap map[string]interface{}
+	err = yaml.Unmarshal(want, &wantMap)
+	if err != nil {
+		return err
+	}
+	err = yaml.Unmarshal(got, &gotMap)
+	if err != nil {
+		return err
+	}
+	if ok, err := compareNestedFields(wantMap, gotMap); !ok {
+		return err
+	}
+	return nil
+}
+
+func compareNestedFields(wantMap, gotMap map[string]interface{}) (bool, error) {
+	for wantKey := range wantMap {
+		if _, exists := gotMap[wantKey]; !exists {
+			err := fmt.Errorf("field %s in the golden file is missing", wantKey)
+			return false, err
+		}
+	}
+
+	for gotKey := range gotMap {
+		if _, exists := wantMap[gotKey]; !exists {
+			err := fmt.Errorf("field %s does not exist in golden file", gotKey)
+			return false, err
+		}
+	}
+
+	//  Check nested structures recursively
+	for wantKey, wantVal := range wantMap {
+		if gotVal, exists := gotMap[wantKey]; exists {
+			if wantNestedMap, ok1 := wantVal.(map[string]interface{}); ok1 {
+				if gotNestedMap, ok2 := gotVal.(map[string]interface{}); ok2 {
+					if ok, err := compareNestedFields(wantNestedMap, gotNestedMap); !ok {
+						return false, err
+					}
+				}
+			}
+		}
+	}
+	return true, nil
+}

scripts/github-actions/ga-object-schema-test.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+set -o errexit
+set -o nounset
+set -o pipefail
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+source ${REPO_ROOT}/scripts/shared-vars-public.sh
+cd ${REPO_ROOT}
+source ${REPO_ROOT}/scripts/fetch_ext_bins.sh && \
+	fetch_tools && \
+	setup_envs
+
+cd ${REPO_ROOT}/
+echo "Running mock e2e object schema tests..."
+E2E_KUBE_TARGET=envtest \
+	RUN_E2E=1 E2E_GCP_TARGET=mock \
+	go test -test.count=1 -timeout 3600s -v ./tests/e2e -run TestKRMObject/fixtures 2>&1

tests/e2e/export.go

@@ -15,6 +15,7 @@
 package e2e
 
 import (
+	"k8s.io/apimachinery/pkg/types"
 	"path/filepath"
 	"strings"
 
@@ -95,3 +96,13 @@ func exportResourceAsUnstructured(h *create.Harness, obj *unstructured.Unstructu
 	}
 	return u
 }
+
+func getKRMObject(h *create.Harness, obj *unstructured.Unstructured) (*unstructured.Unstructured, error) {
+	u := &unstructured.Unstructured{}
+	u.SetGroupVersionKind(obj.GroupVersionKind())
+	id := types.NamespacedName{Namespace: obj.GetNamespace(), Name: obj.GetName()}
+	if err := h.GetClient().Get(h.Ctx, id, u); err != nil {
+		return nil, err
+	}
+	return u, nil
+}

tests/e2e/golden/object/_apikeyskeybasic.yaml

@@ -0,0 +1,48 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apikeys.cnrm.cloud.google.com/v1alpha1
+kind: APIKeysKey
+metadata:
+  annotations:
+    cnrm.cloud.google.com/management-conflict-prevention-policy: none
+    cnrm.cloud.google.com/state-into-spec: merge
+  finalizers:
+  - cnrm.cloud.google.com/finalizer
+  - cnrm.cloud.google.com/deletion-defender
+  generation: 2
+  labels:
+    cnrm-test: "true"
+  name: apikeyskey-${uniqueId}
+  namespace: ${uniqueId}
+spec:
+  displayName: Example Display Name - Updated
+  projectRef:
+    external: ${projectId}
+  resourceID: apikeyskey${uniqueId}
+  restrictions:
+    apiTargets:
+    - methods:
+      - GET
+      - DELETE
+      service: translate.googleapis.com
+status:
+  conditions:
+  - lastTransitionTime: "1970-01-01T00:00:00Z"
+    message: The resource is up to date
+    reason: UpToDate
+    status: "True"
+    type: Ready
+  keyString: dummy-encrypted-value
+  observedGeneration: 2

tests/e2e/golden/object/_billingaccountiampolicy.yaml

@@ -0,0 +1,47 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicy
+metadata:
+  annotations:
+    cnrm.cloud.google.com/deletion-policy: abandon
+    cnrm.cloud.google.com/state-into-spec: merge
+  finalizers:
+  - cnrm.cloud.google.com/finalizer
+  - cnrm.cloud.google.com/deletion-defender
+  generation: 1
+  labels:
+    cnrm-test: "true"
+  name: iamexternalonlyref-${uniqueId}
+  namespace: ${uniqueId}
+spec:
+  bindings:
+  - members:
+    - group:[email protected]
+    - serviceAccount:[email protected]
+    - user:[email protected]
+    role: roles/billing.admin
+  resourceRef:
+    apiVersion: billing.cnrm.cloud.google.com/v1beta1
+    external: 123456-777777-000002
+    kind: BillingAccount
+status:
+  conditions:
+  - lastTransitionTime: "1970-01-01T00:00:00Z"
+    message: The resource is up to date
+    reason: UpToDate
+    status: "True"
+    type: Ready
+  observedGeneration: 1

tests/e2e/golden/object/_billingaccountiampolicymember.yaml

@@ -0,0 +1,42 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicyMember
+metadata:
+  annotations:
+    cnrm.cloud.google.com/state-into-spec: merge
+  finalizers:
+  - cnrm.cloud.google.com/finalizer
+  - cnrm.cloud.google.com/deletion-defender
+  generation: 1
+  labels:
+    cnrm-test: "true"
+  name: iamexternalonlyref-${uniqueId}
+  namespace: ${uniqueId}
+spec:
+  member: serviceAccount:extonly-${uniqueId}@${projectId}.iam.gserviceaccount.com
+  resourceRef:
+    apiVersion: billing.cnrm.cloud.google.com/v1beta1
+    external: 123456-777777-000001
+    kind: BillingAccount
+  role: roles/billing.viewer
+status:
+  conditions:
+  - lastTransitionTime: "1970-01-01T00:00:00Z"
+    message: The resource is up to date
+    reason: UpToDate
+    status: "True"
+    type: Ready
+  observedGeneration: 1

tests/e2e/golden/object/_certificatemanagercertificatemanageddns.yaml

@@ -0,0 +1,53 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: certificatemanager.cnrm.cloud.google.com/v1beta1
+kind: CertificateManagerCertificate
+metadata:
+  annotations:
+    cnrm.cloud.google.com/management-conflict-prevention-policy: none
+    cnrm.cloud.google.com/observed-secret-versions: (removed)
+    cnrm.cloud.google.com/state-into-spec: merge
+  finalizers:
+  - cnrm.cloud.google.com/finalizer
+  - cnrm.cloud.google.com/deletion-defender
+  generation: 3
+  labels:
+    cnrm-test: "true"
+    label-one: value-two
+  name: certificatemanagercertificate-${uniqueId}
+  namespace: ${uniqueId}
+spec:
+  description: updated description of a managed cert for kcc
+  location: global
+  managed:
+    dnsAuthorizationsRefs:
+    - name: certificatemanagerdnsauthorization-1-${uniqueId}
+    - name: certificatemanagerdnsauthorization-2-${uniqueId}
+    domains:
+    - ${uniqueId}1.hashicorptest.com
+    - ${uniqueId}2.hashicorptest.com
+    state: STATE_UNSPECIFIED
+  projectRef:
+    external: ${projectId}
+  resourceID: certificatemanagercertificate${uniqueId}
+  scope: EDGE_CACHE
+status:
+  conditions:
+  - lastTransitionTime: "1970-01-01T00:00:00Z"
+    message: The resource is up to date
+    reason: UpToDate
+    status: "True"
+    type: Ready
+  observedGeneration: 3

tests/e2e/golden/object/_certificatemanagercertificatemap.yaml

@@ -0,0 +1,42 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: certificatemanager.cnrm.cloud.google.com/v1beta1
+kind: CertificateManagerCertificateMap
+metadata:
+  annotations:
+    cnrm.cloud.google.com/management-conflict-prevention-policy: none
+    cnrm.cloud.google.com/state-into-spec: merge
+  finalizers:
+  - cnrm.cloud.google.com/finalizer
+  - cnrm.cloud.google.com/deletion-defender
+  generation: 2
+  labels:
+    cnrm-test: "true"
+    value: cert-map-2
+  name: certificatemanagercertificatemap-${uniqueId}
+  namespace: ${uniqueId}
+spec:
+  description: updated sample certificate map
+  projectRef:
+    external: ${projectId}
+  resourceID: certificatemanagercertificatemap${uniqueId}
+status:
+  conditions:
+  - lastTransitionTime: "1970-01-01T00:00:00Z"
+    message: The resource is up to date
+    reason: UpToDate
+    status: "True"
+    type: Ready
+  observedGeneration: 2