[KMS]: update envelope caching unit tests

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/envelope_test.go

@@ -83,6 +83,7 @@ func TestEnvelopeCaching(t *testing.T) {
 		desc                     string
 		cacheSize                int
 		simulateKMSPluginFailure bool
+		expectedError            string
 	}{
 		{
 			desc:                     "positive cache size should withstand plugin failure",
@@ -92,6 +93,13 @@ func TestEnvelopeCaching(t *testing.T) {
 		{
 			desc:                     "cache disabled size should not withstand plugin failure",
 			cacheSize:                0,
+			simulateKMSPluginFailure: true,
+			expectedError:            "Envelope service was disabled",
+		},
+		{
+			desc:                     "cache disabled, no plugin failure should succeed",
+			cacheSize:                0,
+			simulateKMSPluginFailure: false,
 		},
 	}
 
@@ -119,13 +127,21 @@ func TestEnvelopeCaching(t *testing.T) {
 			}
 
 			envelopeService.SetDisabledStatus(tt.simulateKMSPluginFailure)
-			// Subsequent read for the same data should work fine due to caching.
 			untransformedData, _, err = envelopeTransformer.TransformFromStorage(ctx, transformedData, dataCtx)
+			if tt.expectedError != "" {
+				if err == nil {
+					t.Fatalf("expected error: %v, got nil", tt.expectedError)
+				}
+				if err.Error() != tt.expectedError {
+					t.Fatalf("expected error: %v, got: %v", tt.expectedError, err)
+				}
+			} else {
 				if err != nil {
-				t.Fatalf("could not decrypt Envelope transformer's encrypted data using just cache: %v", err)
+					t.Fatalf("unexpected error: %v", err)
 				}
 				if !bytes.Equal(untransformedData, originalText) {
-				t.Fatalf("envelopeTransformer transformed data incorrectly using cache. Got: %v, want %v", untransformedData, originalText)
+					t.Fatalf("envelopeTransformer transformed data incorrectly. Expected: %v, got %v", originalText, untransformedData)
+				}
 			}
 		})
 	}

staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2/envelope_test.go

@@ -95,6 +95,7 @@ func TestEnvelopeCaching(t *testing.T) {
 		desc                     string
 		cacheSize                int
 		simulateKMSPluginFailure bool
+		expectedError            string
 	}{
 		{
 			desc:                     "positive cache size should withstand plugin failure",
@@ -104,6 +105,13 @@ func TestEnvelopeCaching(t *testing.T) {
 		{
 			desc:                     "cache disabled size should not withstand plugin failure",
 			cacheSize:                0,
+			simulateKMSPluginFailure: true,
+			expectedError:            "failed to decrypt DEK, error: Envelope service was disabled",
+		},
+		{
+			desc:                     "cache disabled, no plugin failure should succeed",
+			cacheSize:                0,
+			simulateKMSPluginFailure: false,
 		},
 	}
 
@@ -131,13 +139,21 @@ func TestEnvelopeCaching(t *testing.T) {
 			}
 
 			envelopeService.SetDisabledStatus(tt.simulateKMSPluginFailure)
-			// Subsequent read for the same data should work fine due to caching.
 			untransformedData, _, err = envelopeTransformer.TransformFromStorage(ctx, transformedData, dataCtx)
+			if tt.expectedError != "" {
+				if err == nil {
+					t.Fatalf("expected error: %v, got nil", tt.expectedError)
+				}
+				if err.Error() != tt.expectedError {
+					t.Fatalf("expected error: %v, got: %v", tt.expectedError, err)
+				}
+			} else {
 				if err != nil {
-				t.Fatalf("could not decrypt Envelope transformer's encrypted data using just cache: %v", err)
+					t.Fatalf("unexpected error: %v", err)
 				}
 				if !bytes.Equal(untransformedData, originalText) {
-				t.Fatalf("envelopeTransformer transformed data incorrectly using cache. Got: %v, want %v", untransformedData, originalText)
+					t.Fatalf("envelopeTransformer transformed data incorrectly. Expected: %v, got %v", originalText, untransformedData)
+				}
 			}
 		})
 	}