need rework of mocks

pkg/driver/driver_revoke_bucket_access_test.go

@@ -0,0 +1,105 @@
+package driver_test
+
+// import (
+// 	"context"
+// 	"fmt"
+
+// 	. "github.com/onsi/ginkgo/v2"
+// 	. "github.com/onsi/gomega"
+// 	"github.com/scality/cosi-driver/pkg/driver"
+// 	"github.com/scality/cosi-driver/pkg/util"
+// 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+// 	"k8s.io/apimachinery/pkg/runtime"
+// 	"k8s.io/client-go/kubernetes"
+// 	"k8s.io/client-go/kubernetes/fake"
+// 	k8stesting "k8s.io/client-go/testing"
+// 	bucketv1alpha1 "sigs.k8s.io/container-object-storage-interface-api/apis/objectstorage/v1alpha1"
+// 	bucketclientset "sigs.k8s.io/container-object-storage-interface-api/client/clientset/versioned/fake"
+// 	cosiapi "sigs.k8s.io/container-object-storage-interface-spec"
+// )
+
+// func (m *MockIAMClient) RevokeBucketAccess(ctx context.Context, userName, bucketName string) error {
+// 	if m.RevokeBucketAccessFunc != nil {
+// 		return m.RevokeBucketAccessFunc(ctx, userName, bucketName)
+// 	}
+// 	return nil
+// }
+
+// var _ = Describe("ProvisionerServer DriverRevokeBucketAccess", func() {
+// 	var (
+// 		provisioner          *driver.ProvisionerServer
+// 		ctx                  context.Context
+// 		mockIAMClient        *MockIAMClient
+// 		originalInitClient   func(context.Context, kubernetes.Interface, map[string]string, string) (interface{}, *util.StorageClientParameters, error)
+// 		bucketName, userName string
+// 		iamParams            *util.StorageClientParameters
+// 	)
+
+// 	BeforeEach(func() {
+// 		ctx = context.TODO()
+// 		mockIAMClient = &MockIAMClient{}
+
+// 		// Mock InitializeClient
+// 		originalInitClient = driver.InitializeClient
+// 		driver.InitializeClient = func(ctx context.Context, clientset kubernetes.Interface, parameters map[string]string, service string) (interface{}, *util.StorageClientParameters, error) {
+// 			if service == "IAM" {
+// 				return mockIAMClient, iamParams, nil
+// 			}
+// 			return nil, nil, fmt.Errorf("unsupported service: %s", service)
+// 		}
+
+// 		// Mock BucketClientset with a test bucket
+// 		bucket := &bucketv1alpha1.Bucket{
+// 			ObjectMeta: metav1.ObjectMeta{
+// 				Name:      "test-bucket",
+// 				Namespace: "default",
+// 			},
+// 			Spec: bucketv1alpha1.BucketSpec{
+// 				Parameters: map[string]string{
+// 					"objectStorageSecretName":      "s3-secret-for-cosi",
+// 					"objectStorageSecretNamespace": "default",
+// 				},
+// 			},
+// 		}
+// 		bucketClientset := bucketclientset.NewSimpleClientset(bucket)
+// 		bucketClientset.Fake.PrependReactor("get", "buckets", func(action k8stesting.Action) (bool, runtime.Object, error) {
+// 			getAction := action.(k8stesting.GetAction)
+// 			if getAction.GetName() == bucket.Name {
+// 				return true, bucket, nil
+// 			}
+// 			return true, nil, fmt.Errorf("bucket not found")
+// 		})
+
+// 		provisioner = &driver.ProvisionerServer{
+// 			Clientset:       fake.NewSimpleClientset(),
+// 			BucketClientset: bucketClientset,
+// 		}
+
+// 		bucketName = "test-bucket"
+// 		userName = "test-user"
+// 		iamParams = &util.StorageClientParameters{
+// 			Endpoint: "https://test-iam-endpoint",
+// 			Region:   "us-west-2",
+// 		}
+// 	})
+
+// 	AfterEach(func() {
+// 		driver.InitializeClient = originalInitClient
+// 	})
+
+// 	It("should successfully revoke bucket access", func() {
+// 		mockIAMClient.RevokeBucketAccessFunc = func(ctx context.Context, userName, bucketName string) error {
+// 			if userName == "invalid-user" {
+// 				return fmt.Errorf("user not found")
+// 			}
+// 			return nil
+// 		}
+
+// 		resp, err := provisioner.DriverRevokeBucketAccess(ctx, &cosiapi.DriverRevokeBucketAccessRequest{
+// 			BucketId:  bucketName,
+// 			AccountId: userName,
+// 		})
+// 		Expect(err).To(BeNil())
+// 		Expect(resp).To(BeAssignableToTypeOf(&cosiapi.DriverRevokeBucketAccessResponse{}))
+// 	})
+// })

pkg/driver/provisioner_server_impl_test.go

@@ -16,13 +16,18 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/iam"
+	iamclient "github.com/scality/cosi-driver/pkg/clients/iam"
 	s3client "github.com/scality/cosi-driver/pkg/clients/s3"
 	"github.com/scality/cosi-driver/pkg/driver"
 	"github.com/scality/cosi-driver/pkg/util"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
+	k8stesting "k8s.io/client-go/testing"
+	bucketv1alpha1 "sigs.k8s.io/container-object-storage-interface-api/apis/objectstorage/v1alpha1"
+	bucketclientset "sigs.k8s.io/container-object-storage-interface-api/client/clientset/versioned/fake"
 	cosiapi "sigs.k8s.io/container-object-storage-interface-spec"
 )
 
@@ -38,10 +43,26 @@ func (m *MockS3Client) CreateBucket(ctx context.Context, input *s3.CreateBucketI
 }
 
 type MockIAMClient struct {
+	CreateAccessKeyFunc    func(ctx context.Context, input *iam.CreateAccessKeyInput, opts ...func(*iam.Options)) (*iam.CreateAccessKeyOutput, error)
+	RevokeBucketAccessFunc func(ctx context.Context, userName, bucketName string) error
 	CreateBucketAccessFunc func(ctx context.Context, userName, bucketName string) (*iam.CreateAccessKeyOutput, error)
+	CreateUserFunc         func(ctx context.Context, input *iam.CreateUserInput, opts ...func(*iam.Options)) (*iam.CreateUserOutput, error)
 }
 
-// Mock CreateBucketAccess
+// Implement CreateAccessKey
+func (m *MockIAMClient) CreateAccessKey(ctx context.Context, input *iam.CreateAccessKeyInput, opts ...func(*iam.Options)) (*iam.CreateAccessKeyOutput, error) {
+	if m.CreateAccessKeyFunc != nil {
+		return m.CreateAccessKeyFunc(ctx, input, opts...)
+	}
+	return &iam.CreateAccessKeyOutput{
+		AccessKey: &iamtypes.AccessKey{
+			AccessKeyId:     aws.String("mock-access-key-id"),
+			SecretAccessKey: aws.String("mock-secret-access-key"),
+		},
+	}, nil
+}
+
+// Implement CreateBucketAccess
 func (m *MockIAMClient) CreateBucketAccess(ctx context.Context, userName, bucketName string) (*iam.CreateAccessKeyOutput, error) {
 	if m.CreateBucketAccessFunc != nil {
 		return m.CreateBucketAccessFunc(ctx, userName, bucketName)
@@ -54,6 +75,27 @@ func (m *MockIAMClient) CreateBucketAccess(ctx context.Context, userName, bucket
 	}, nil
 }
 
+// Implement RevokeBucketAccess
+func (m *MockIAMClient) RevokeBucketAccess(ctx context.Context, userName, bucketName string) error {
+	if m.RevokeBucketAccessFunc != nil {
+		return m.RevokeBucketAccessFunc(ctx, userName, bucketName)
+	}
+	return nil
+}
+
+// Implement CreateUser
+func (m *MockIAMClient) CreateUser(ctx context.Context, input *iam.CreateUserInput, opts ...func(*iam.Options)) (*iam.CreateUserOutput, error) {
+	if m.CreateUserFunc != nil {
+		return m.CreateUserFunc(ctx, input, opts...)
+	}
+	return &iam.CreateUserOutput{
+		User: &iamtypes.User{
+			UserName: aws.String("mock-user-name"),
+			UserId:   aws.String("mock-user-id"),
+		},
+	}, nil
+}
+
 var _ = Describe("ProvisionerServer DriverCreateBucket", Ordered, func() {
 	var (
 		mockS3                   *MockS3Client
@@ -568,3 +610,84 @@ var _ = Describe("ProvisionerServer DriverGrantBucketAccess", func() {
 		Expect(err.Error()).To(ContainSubstring("failed to initialize object storage provider IAM client"))
 	})
 })
+
+var _ = Describe("ProvisionerServer DriverRevokeBucketAccess", func() {
+	var (
+		provisioner          *driver.ProvisionerServer
+		ctx                  context.Context
+		mockIAMClient        *MockIAMClient
+		originalInitClient   func(context.Context, kubernetes.Interface, map[string]string, string) (interface{}, *util.StorageClientParameters, error)
+		bucketName, userName string
+		iamParams            *util.StorageClientParameters
+	)
+
+	BeforeEach(func() {
+		ctx = context.TODO()
+		mockIAMClient = &MockIAMClient{}
+
+		// Mock InitializeClient
+		originalInitClient = driver.InitializeClient
+		driver.InitializeClient = func(ctx context.Context, clientset kubernetes.Interface, parameters map[string]string, service string) (interface{}, *util.StorageClientParameters, error) {
+			if service == "IAM" {
+				return &iamclient.IAMClient{
+					IAMService: mockIAMClient,
+				}, iamParams, nil
+			}
+			return nil, nil, fmt.Errorf("unsupported service: %s", service)
+		}
+
+		// Mock BucketClientset with a test bucket
+		bucket := &bucketv1alpha1.Bucket{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "test-bucket",
+				Namespace: "default",
+			},
+			Spec: bucketv1alpha1.BucketSpec{
+				Parameters: map[string]string{
+					"objectStorageSecretName":      "s3-secret-for-cosi",
+					"objectStorageSecretNamespace": "default",
+				},
+			},
+		}
+		bucketClientset := bucketclientset.NewSimpleClientset(bucket)
+		bucketClientset.Fake.PrependReactor("get", "buckets", func(action k8stesting.Action) (bool, runtime.Object, error) {
+			getAction := action.(k8stesting.GetAction)
+			if getAction.GetName() == bucket.Name {
+				return true, bucket, nil
+			}
+			return true, nil, fmt.Errorf("bucket not found")
+		})
+
+		provisioner = &driver.ProvisionerServer{
+			Clientset:       fake.NewSimpleClientset(),
+			BucketClientset: bucketClientset,
+		}
+
+		bucketName = "test-bucket"
+		userName = "test-user"
+		iamParams = &util.StorageClientParameters{
+			Endpoint: "https://test-iam-endpoint",
+			Region:   "us-west-2",
+		}
+	})
+
+	AfterEach(func() {
+		driver.InitializeClient = originalInitClient
+	})
+
+	It("should successfully revoke bucket access", func() {
+		mockIAMClient.RevokeBucketAccessFunc = func(ctx context.Context, userName, bucketName string) error {
+			if userName == "invalid-user" {
+				return fmt.Errorf("user not found")
+			}
+			return nil
+		}
+
+		resp, err := provisioner.DriverRevokeBucketAccess(ctx, &cosiapi.DriverRevokeBucketAccessRequest{
+			BucketId:  bucketName,
+			AccountId: userName,
+		})
+		Expect(err).To(BeNil())
+		Expect(resp).To(BeAssignableToTypeOf(&cosiapi.DriverRevokeBucketAccessResponse{}))
+	})
+})