diff --git a/pkg/vsphere/actuator/multi_vcenter_test.go b/pkg/vsphere/actuator/multi_vcenter_test.go new file mode 100644 index 0000000000..76af7530b8 --- /dev/null +++ b/pkg/vsphere/actuator/multi_vcenter_test.go @@ -0,0 +1,117 @@ +package actuator + +import ( + "testing" +) + +// TestMultiVCenterSecretFormat_FQDNKeys verifies component secrets use vCenter +// FQDN-keyed format. +// +// Acceptance Criteria: "And component secrets contain credentials keyed by vCenter FQDN" +// +// Test Steps: +// 1. Configure multi-vCenter installation (machineAPI → vcenter1, csiDriver → vcenter2) +// 2. Run CCO secret generation +// 3. Inspect machine-api-vsphere-credentials secret +// 4. Inspect vsphere-csi-credentials secret +// +// Expected Result: +// - machine-api secret contains: +// - vcenter1.example.com.username: +// - vcenter1.example.com.password: +// - csi secret contains: +// - vcenter2.example.com.username: +// - vcenter2.example.com.password: +// - NOT simple username/password keys (that's single-vCenter format) +func TestMultiVCenterSecretFormat_FQDNKeys(t *testing.T) { + t.Skip("Implementation pending - Story #8") + // TODO: Implement test + // 1. Create ComponentCredentials with multi-vCenter configuration + // 2. Call createComponentSecrets() (from Story #5) + // 3. Assert machine-api secret has vcenter1.example.com.username key + // 4. Assert machine-api secret has vcenter1.example.com.password key + // 5. Assert csi secret has vcenter2.example.com.username key + // 6. Assert csi secret has vcenter2.example.com.password key + // 7. Assert secrets do NOT have simple username/password keys +} + +// TestMultiVCenterBinding_MachineAPIToVC1 verifies Machine API connects to +// vcenter1.example.com. +// +// Acceptance Criteria: "And Machine API connects to vcenter1.example.com using +// machine-api credentials" +// +// Test Steps: +// 1. Configure machineAPI with vcenter1.example.com override +// 2. Start Machine API operator +// 3. Monitor Machine API's vSphere client initialization +// 4. Verify connection established to vcenter1.example.com (not default vCenter) +// +// Expected Result: +// - Machine API vSphere client connects to vcenter1.example.com +// - Credentials used: machineAPI username/password from secret +// - No connection attempts to vcenter2.example.com +func TestMultiVCenterBinding_MachineAPIToVC1(t *testing.T) { + t.Skip("Implementation pending - Story #8") + // TODO: Implement test + // 1. Create secret with vcenter1.example.com.username/password keys + // 2. Mock vSphere client initialization + // 3. Simulate Machine API reading secret and connecting + // 4. Assert vSphere client initialized with vcenter1.example.com endpoint + // 5. Assert credentials match machineAPI account +} + +// TestMultiVCenterBinding_CSIToVC2 verifies CSI Driver connects to +// vcenter2.example.com. +// +// Acceptance Criteria: "And CSI Driver connects to vcenter2.example.com using +// csi-driver credentials" +// +// Test Steps: +// 1. Configure csiDriver with vcenter2.example.com override +// 2. Start CSI Driver +// 3. Monitor CSI's vSphere client initialization +// 4. Verify connection established to vcenter2.example.com +// +// Expected Result: +// - CSI vSphere client connects to vcenter2.example.com +// - Credentials used: csiDriver username/password from secret +// - No connection attempts to vcenter1.example.com +func TestMultiVCenterBinding_CSIToVC2(t *testing.T) { + t.Skip("Implementation pending - Story #8") + // TODO: Implement test + // 1. Create secret with vcenter2.example.com.username/password keys + // 2. Mock vSphere client initialization + // 3. Simulate CSI Driver reading secret and connecting + // 4. Assert vSphere client initialized with vcenter2.example.com endpoint + // 5. Assert credentials match csiDriver account +} + +// TestMultiVCenterSecretGeneration_MultipleVCenters verifies CCO generates +// secrets for all referenced vCenters. +// +// Acceptance Criteria: Secret generation for multi-vCenter topologies +// +// Test Steps: +// 1. Configure ComponentCredentials with: +// - machineAPI → vcenter1.example.com +// - csiDriver → vcenter2.example.com +// - cloudController → vcenter1.example.com (shares with machineAPI) +// - diagnostics → vcenter3.example.com +// 2. Run secret generation +// 3. Verify all component secrets contain correct vCenter credentials +// +// Expected Result: +// - machine-api secret: vcenter1.example.com credentials +// - csi secret: vcenter2.example.com credentials +// - ccm secret: vcenter1.example.com credentials +// - diagnostics secret: vcenter3.example.com credentials +// - Secrets with same vCenter share FQDN-keyed credentials +func TestMultiVCenterSecretGeneration_MultipleVCenters(t *testing.T) { + t.Skip("Implementation pending - Story #8") + // TODO: Implement test + // 1. Create ComponentCredentials with 3 different vCenters across 4 components + // 2. Call createComponentSecrets() for all components + // 3. Assert each secret contains FQDN-keyed credentials for its vCenter + // 4. Assert components sharing a vCenter have matching credentials +}