updating unit test for binding generation delay

Signed-off-by: Jaydip Gabani <[email protected]>
open-policy-agent · Oct 7, 2024 · c469b6f · c469b6f
1 parent 84bde0a
commit c469b6f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/pkg/controller/constraint/constraint_controller.go b/pkg/controller/constraint/constraint_controller.go
@@ -68,7 +68,7 @@ import (
 var (
 	log                      = logf.Log.V(logging.DebugLevel).WithName("controller").WithValues(logging.Process, "constraint_controller")
 	discoveryErr             *apiutil.ErrResourceDiscoveryFailed
-	defaultWaitForGeneration = flag.Int("default-wait-for-generation", 30, "Wait to generate ValidatingAdmissionPolicyBinding after the constraint is created. Defaults to 30 seconds.")
+	DefaultWaitForGeneration = flag.Int("default-wait-for-generation", 30, "Wait to generate ValidatingAdmissionPolicyBinding after the constraint is created. Defaults to 30 seconds.")
 	DefaultGenerateVAPB      = flag.Bool("default-create-vap-binding-for-constraints", false, "Create VAPBinding resource for constraint of the template containing VAP-style CEL source. Allowed values are false: do not create Validating Admission Policy Binding, true: create Validating Admission Policy Binding.")
 	DefaultGenerateVAP       = flag.Bool("default-create-vap-for-templates", false, "Create VAP resource for template containing VAP-style CEL source. Allowed values are false: do not create Validating Admission Policy unless generateVAP: true is set on constraint template explicitly, true: create Validating Admission Policy unless generateVAP: false is set on constraint template explicitly.")
 )
@@ -377,7 +377,7 @@ func (r *ReconcileConstraint) Reconcile(ctx context.Context, request reconcile.R
 						return reconcile.Result{}, err
 					}
 
-					if currentVapBinding == nil && instance.GetCreationTimestamp().Add(time.Duration(*defaultWaitForGeneration)).Before(time.Now()) {
+					if currentVapBinding == nil && instance.GetCreationTimestamp().Add(time.Duration(*DefaultWaitForGeneration)).Before(time.Now()) {
 						log.Info("creating vapbinding")
 						if err := r.writer.Create(ctx, newVapBinding); err != nil {
 							return reconcile.Result{}, r.reportErrorOnConstraintStatus(ctx, status, err, fmt.Sprintf("could not create ValidatingAdmissionPolicyBinding: %s", vapBindingName))

diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go
@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"strings"
 	"testing"
+	"time"
 
 	templatesv1 "github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1"
@@ -622,9 +623,9 @@ func TestReconcile(t *testing.T) {
 		}
 	})
 
-	t.Run("VapBinding should be created with VAP enforcement Point", func(t *testing.T) {
+	t.Run("VapBinding should be created with VAP enforcement Point after default wait", func(t *testing.T) {
 		suffix := "VapBindingShouldBeCreatedWithVAPEnforcementPoint"
-		logger.Info("Running test: VapBinding should be created with VAP enforcement point")
+		logger.Info("Running test: VapBinding should be created with VAP enforcement point after default wait")
 		constraint.DefaultGenerateVAPB = ptr.To[bool](false)
 		constraintTemplate := makeReconcileConstraintTemplateForVap(suffix, ptr.To[bool](true))
 		cstr := newDenyAllCstrWithScopedEA(suffix, util.VAPEnforcementPoint)
@@ -644,10 +645,16 @@ func TestReconcile(t *testing.T) {
 			return true
 		}, func() error {
 			// check if vapbinding resource exists now
+			if err := c.Get(ctx, types.NamespacedName{Name: cstr.GetName()}, cstr); err != nil {
+				return err
+			}
 			vapBinding := &admissionregistrationv1beta1.ValidatingAdmissionPolicyBinding{}
 			if err := c.Get(ctx, types.NamespacedName{Name: vapBindingName}, vapBinding); err != nil {
 				return err
 			}
+			if time.Now().Before(cstr.GetCreationTimestamp().Add(time.Duration(*constraint.DefaultWaitForGeneration))) {
+				return fmt.Errorf("VAPBinding should not be created before default wait")
+			}
 			return nil
 		})
 		if err != nil {
@@ -910,7 +917,7 @@ func TestReconcile(t *testing.T) {
 		}
 	})
 
-	t.Run("Revew request initiated from an enforcement point not supported by client should result in error", func(t *testing.T) {
+	t.Run("Review request initiated from an enforcement point not supported by client should result in error", func(t *testing.T) {
 		suffix := "ReviewResultsInError"
 
 		logger.Info("Running test: Review request initiated from an enforcement point not supported by client should result in error")