[KMS]: update envelope caching unit tests

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2025-07-23 11:50:44 +00:00 · 2022-09-15 18:01:48 +00:00 · 2022-09-15 18:01:48 +00:00 · 92dce5de71
commit 92dce5de71
parent 661899f1a1
2 changed files with 48 additions and 16 deletions
--- a/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope_test.go
@ -83,6 +83,7 @@ func TestEnvelopeCaching(t *testing.T) {
 		desc                     string
 		cacheSize                int
 		simulateKMSPluginFailure bool
+		expectedError            string
 	}{
 		{
 			desc:                     "positive cache size should withstand plugin failure",
@ -90,8 +91,15 @@ func TestEnvelopeCaching(t *testing.T) {
 			simulateKMSPluginFailure: true,
 		},
 		{
-			desc:      "cache disabled size should not withstand plugin failure",
-			cacheSize: 0,
+			desc:                     "cache disabled size should not withstand plugin failure",
+			cacheSize:                0,
+			simulateKMSPluginFailure: true,
+			expectedError:            "Envelope service was disabled",
+		},
+		{
+			desc:                     "cache disabled, no plugin failure should succeed",
+			cacheSize:                0,
+			simulateKMSPluginFailure: false,
 		},
 	}

@ -119,13 +127,21 @@ func TestEnvelopeCaching(t *testing.T) {
 			}

 			envelopeService.SetDisabledStatus(tt.simulateKMSPluginFailure)
-			// Subsequent read for the same data should work fine due to caching.
 			untransformedData, _, err = envelopeTransformer.TransformFromStorage(ctx, transformedData, dataCtx)
-			if err != nil {
-				t.Fatalf("could not decrypt Envelope transformer's encrypted data using just cache: %v", err)
-			}
-			if !bytes.Equal(untransformedData, originalText) {
-				t.Fatalf("envelopeTransformer transformed data incorrectly using cache. Got: %v, want %v", untransformedData, originalText)
+			if tt.expectedError != "" {
+				if err == nil {
+					t.Fatalf("expected error: %v, got nil", tt.expectedError)
+				}
+				if err.Error() != tt.expectedError {
+					t.Fatalf("expected error: %v, got: %v", tt.expectedError, err)
+				}
+			} else {
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+				if !bytes.Equal(untransformedData, originalText) {
+					t.Fatalf("envelopeTransformer transformed data incorrectly. Expected: %v, got %v", originalText, untransformedData)
+				}
 			}
 		})
 	}
--- a/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope_test.go
@ -95,6 +95,7 @@ func TestEnvelopeCaching(t *testing.T) {
 		desc                     string
 		cacheSize                int
 		simulateKMSPluginFailure bool
+		expectedError            string
 	}{
 		{
 			desc:                     "positive cache size should withstand plugin failure",
@ -102,8 +103,15 @@ func TestEnvelopeCaching(t *testing.T) {
 			simulateKMSPluginFailure: true,
 		},
 		{
-			desc:      "cache disabled size should not withstand plugin failure",
-			cacheSize: 0,
+			desc:                     "cache disabled size should not withstand plugin failure",
+			cacheSize:                0,
+			simulateKMSPluginFailure: true,
+			expectedError:            "failed to decrypt DEK, error: Envelope service was disabled",
+		},
+		{
+			desc:                     "cache disabled, no plugin failure should succeed",
+			cacheSize:                0,
+			simulateKMSPluginFailure: false,
 		},
 	}

@ -131,13 +139,21 @@ func TestEnvelopeCaching(t *testing.T) {
 			}

 			envelopeService.SetDisabledStatus(tt.simulateKMSPluginFailure)
-			// Subsequent read for the same data should work fine due to caching.
 			untransformedData, _, err = envelopeTransformer.TransformFromStorage(ctx, transformedData, dataCtx)
-			if err != nil {
-				t.Fatalf("could not decrypt Envelope transformer's encrypted data using just cache: %v", err)
-			}
-			if !bytes.Equal(untransformedData, originalText) {
-				t.Fatalf("envelopeTransformer transformed data incorrectly using cache. Got: %v, want %v", untransformedData, originalText)
+			if tt.expectedError != "" {
+				if err == nil {
+					t.Fatalf("expected error: %v, got nil", tt.expectedError)
+				}
+				if err.Error() != tt.expectedError {
+					t.Fatalf("expected error: %v, got: %v", tt.expectedError, err)
+				}
+			} else {
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+				if !bytes.Equal(untransformedData, originalText) {
+					t.Fatalf("envelopeTransformer transformed data incorrectly. Expected: %v, got %v", originalText, untransformedData)
+				}
 			}
 		})
 	}