package bootstrap import "testing" func TestDefaultBootstrapConfigIsEmptyAndDisabled(t *testing.T) { config := GetDefaultBootstrapConfig() if config.Enabled { t.Fatal("default bootstrap config must be disabled") } if len(config.Users) != 0 || len(config.Registries) != 0 || len(config.Clusters) != 0 { t.Fatalf("default bootstrap config must not include seeded data: %#v", config) } } func TestLoadBootstrapConfigFromEnv(t *testing.T) { t.Setenv("BOOTSTRAP_ADMIN_USER", "root") t.Setenv("BOOTSTRAP_ADMIN_PASS", "secret") t.Setenv("BOOTSTRAP_ADMIN_EMAIL", "root@example.com") t.Setenv("BOOTSTRAP_REGISTRY_NAME", "harbor") t.Setenv("BOOTSTRAP_REGISTRY_URL", "https://harbor.example.com") t.Setenv("BOOTSTRAP_REGISTRY_DESC", "test registry") t.Setenv("BOOTSTRAP_REGISTRY_USER", "robot") t.Setenv("BOOTSTRAP_REGISTRY_PASS", "robot-secret") t.Setenv("BOOTSTRAP_REGISTRY_ROBOT_USER", "robot$ocdp") t.Setenv("BOOTSTRAP_REGISTRY_ROBOT_PASS", "robot-token") t.Setenv("BOOTSTRAP_REGISTRY_INSECURE", "true") t.Setenv("BOOTSTRAP_ENABLE_CLUSTERS", "true") t.Setenv("BOOTSTRAP_CLUSTERS", "cluster1,gpu-prod") t.Setenv("BOOTSTRAP_CLUSTER_CLUSTER1_HOST", "https://cluster1.example.com:6443") t.Setenv("BOOTSTRAP_CLUSTER_CLUSTER1_DESC", "cluster one") t.Setenv("BOOTSTRAP_CLUSTER_CLUSTER1_CA", "ca-data") t.Setenv("BOOTSTRAP_CLUSTER_CLUSTER1_CERT", "cert-data") t.Setenv("BOOTSTRAP_CLUSTER_CLUSTER1_KEY", "key-data") t.Setenv("BOOTSTRAP_CLUSTER_GPU_PROD_HOST", "https://gpu.example.com:6443") t.Setenv("BOOTSTRAP_CLUSTER_GPU_PROD_TOKEN", "bearer-token") config, ok := loadBootstrapConfigFromEnv() if !ok { t.Fatal("expected bootstrap config from environment") } if len(config.Users) != 1 || config.Users[0].Username != "root" || config.Users[0].Password != "secret" { t.Fatalf("unexpected users: %#v", config.Users) } if len(config.Registries) != 1 { t.Fatalf("expected one registry, got %d", len(config.Registries)) } registry := config.Registries[0] if registry.Name != "harbor" || registry.URL != "https://harbor.example.com" || !registry.Insecure { t.Fatalf("unexpected registry: %#v", registry) } if registry.Username != "robot$ocdp" || registry.Password != "robot-token" { t.Fatalf("expected robot registry credentials, got %#v", registry) } if len(config.Clusters) != 2 { t.Fatalf("expected two clusters, got %d: %#v", len(config.Clusters), config.Clusters) } clusterByName := map[string]ClusterSeed{} for _, cluster := range config.Clusters { clusterByName[cluster.Name] = cluster } if clusterByName["cluster1"].Host != "https://cluster1.example.com:6443" { t.Fatalf("unexpected cluster1: %#v", clusterByName["cluster1"]) } if clusterByName["gpu_prod"].Token != "bearer-token" { t.Fatalf("unexpected gpu_prod: %#v", clusterByName["gpu_prod"]) } } func TestBootstrapClustersRequireExplicitEnable(t *testing.T) { t.Setenv("BOOTSTRAP_ADMIN_USER", "root") t.Setenv("BOOTSTRAP_ADMIN_PASS", "secret") t.Setenv("BOOTSTRAP_CLUSTERS", "cluster1") t.Setenv("BOOTSTRAP_CLUSTER_CLUSTER1_HOST", "https://cluster1.example.com:6443") t.Setenv("BOOTSTRAP_CLUSTER_CLUSTER1_TOKEN", "token") config, ok := loadBootstrapConfigFromEnv() if !ok { t.Fatal("expected bootstrap config from environment") } if len(config.Clusters) != 0 { t.Fatalf("bootstrap clusters must be disabled unless BOOTSTRAP_ENABLE_CLUSTERS=true, got %#v", config.Clusters) } } func TestBootstrapEnvDoesNotCreateDefaultAdmin(t *testing.T) { t.Setenv("BOOTSTRAP_REGISTRY_URL", "https://harbor.example.com") config, ok := loadBootstrapConfigFromEnv() if !ok { t.Fatal("expected bootstrap config from environment") } if len(config.Users) != 0 { t.Fatalf("expected no users without explicit admin credentials, got %#v", config.Users) } if len(config.Registries) != 1 { t.Fatalf("expected one registry, got %d", len(config.Registries)) } }