Add fuzzing test to app-orch-tenant controller (#29)

Author: scottmbaker

.github/workflows/go-fuzz.yaml

@@ -0,0 +1,35 @@
+---
+# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+name: Go Fuzzing Tests
+
+on:
+  workflow_dispatch:
+    inputs:
+      run_tenant_controller:
+        description: 'Run Tenant Controller fuzzing tests'
+        required: false
+        type: boolean
+        default: true
+      fuzz_seconds_tenant_controller:
+        description: 'Duration per test case in secs. Total duration is secs x # of test cases'
+        required: false
+        type: number
+        default: 60
+  # Scheduled workflows will only run on the default branch. Input values from workflow_dispatch will be null when schedule event is triggered
+  schedule:
+    - cron: "0 0 * * 6"   # every week, at 00:00 on Saturday
+
+permissions:
+  contents: read
+
+jobs:
+  go-fuzz-tenant-controller:
+    if: ${{ inputs.run_tenant_controller || github.event_name == 'schedule' }}
+    name: Tenant Controller Go Fuzzing Tests
+    uses: open-edge-platform/orch-ci/.github/workflows/apporch-go-fuzz.yml@4c94cdd01e58beab5f822f1eeb0439a523018a55 # v0.1.5
+    with:
+      # Declare 4800 secs duration since schedule event will not pick up input values from workflow_dispatch
+      fuzz_seconds: ${{ fromJSON(inputs.fuzz_seconds_tenant_controller || 4800) }}
+      test_data_dir: ./internal/nexus/testdata/fuzz

Makefile

@@ -24,6 +24,8 @@ DOCKER_REGISTRY         ?= registry-rs.edgeorchestration.intel.com
 PUBLISH_SUB_PROJ        ?= app
 PUBLISH_CHART_PREFIX    ?= charts
 
+FUZZ_SECONDS            ?= 60
+
 DOCKER_TAG              := $(PUBLISH_REGISTRY)/$(PUBLISH_REPOSITORY)/$(PUBLISH_SUB_PROJ)/$(PUBLISH_NAME):$(VERSION)
 DOCKER_BUILD_COMMAND    := docker buildx build
 
@@ -104,6 +106,18 @@ go-test: ## Runs test stage
 	$(GOCMD) test -race -gcflags=-l `go list  $(PKG)/pkg/... | grep -v "/mocks" | grep -v "/test/"`
 	@echo "---END MAKEFILE TEST---"
 
+FUZZ_FUNCS ?= FuzzCreateProject FuzzDeleteProject
+FUZZ_FUNC_PATH := ./internal/nexus
+
+.PHONY: go-fuzz
+go-fuzz: ## GO fuzz tests
+	for func in $(FUZZ_FUNCS); do \
+		$(GOCMD) test $(FUZZ_FUNC_PATH) -fuzz $$func -fuzztime=${FUZZ_SECONDS}s -v; \
+	done
+
+go-format: ## Help: Formats go source files
+	@go fmt $(shell sh -c "go list ./...")
+
 .PHONY: go-cover-dependency
 go-cover-dependency: ## installs the gocover tool
 	go tool cover -V || go install golang.org/x/tools/cmd/cover@${GOLANG_COVER_VERSION}

VERSION

@@ -1 +1 @@
-0.3.2
+0.3.3

deploy/charts/app-orch-tenant-controller/Chart.yaml

@@ -5,8 +5,8 @@
 apiVersion: v2
 description: Tenant Controller
 name: app-orch-tenant-controller
-version: 0.3.2
+version: 0.3.3
 annotations:
   revision: ""
   created: ""
-appVersion: "0.3.2"
+appVersion: "0.3.3"

internal/manager/manager.go

@@ -10,7 +10,6 @@ import (
 	nexushook "github.com/open-edge-platform/app-orch-tenant-controller/internal/nexus"
 	"github.com/open-edge-platform/app-orch-tenant-controller/internal/plugins"
 	"github.com/open-edge-platform/orch-library/go/dazl"
-	nexus "github.com/open-edge-platform/orch-utils/tenancy-datamodel/build/nexus-client"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/health"
 	"google.golang.org/grpc/health/grpc_health_v1"
@@ -162,7 +161,7 @@ func (m *Manager) handleProjectEvent(event plugins.Event) error {
 	return err
 }
 
-func (m *Manager) CreateProject(organizationName string, projectName string, projectUUID string, project *nexus.RuntimeprojectRuntimeProject) {
+func (m *Manager) CreateProject(organizationName string, projectName string, projectUUID string, project nexushook.NexusProjectInterface) {
 	log.Debugf("Creating project with organizationName=%s; projectName=%s; projectUUID=%s", organizationName, projectName, projectUUID)
 	e := plugins.Event{
 		EventType:    "create",
@@ -174,7 +173,7 @@ func (m *Manager) CreateProject(organizationName string, projectName string, pro
 	m.eventChan <- e
 }
 
-func (m *Manager) DeleteProject(organizationName string, projectName string, projectUUID string, project *nexus.RuntimeprojectRuntimeProject) {
+func (m *Manager) DeleteProject(organizationName string, projectName string, projectUUID string, project nexushook.NexusProjectInterface) {
 	log.Debugf("Deleting project with organizationName=%s; projectName=%s; projectUUID=%s", organizationName, projectName, projectUUID)
 	e := plugins.Event{
 		EventType:    "delete",

internal/nexus/mock-nexus_test.go

@@ -0,0 +1,81 @@
+// SPDX-FileCopyrightText: (C) 2024 Intel Corporation
+// SPDX-License-Identifier: Apache-2.0
+
+package nexus
+
+import (
+	"context"
+	projectActiveWatcherv1 "github.com/open-edge-platform/orch-utils/tenancy-datamodel/build/apis/projectactivewatcher.edge-orchestrator.intel.com/v1"
+	nexus "github.com/open-edge-platform/orch-utils/tenancy-datamodel/build/nexus-client"
+)
+
+// This module contains mocks for the Nexus client. It maintains an in-memory list of watchers.
+
+type MockNexusOrganization struct {
+}
+
+func (o *MockNexusOrganization) DisplayName() string {
+	return "MockNexusOrganization"
+}
+
+type MockNexusFolder struct {
+	parent *MockNexusOrganization
+}
+
+func (f *MockNexusFolder) GetParent(ctx context.Context) (NexusOrganizationInterface, error) {
+	_ = ctx
+	return f.parent, nil
+}
+
+type MockNexusProject struct {
+	isDeleted      bool
+	displayName    string
+	uid            string
+	parent         *MockNexusFolder
+	activeWatchers map[string]*nexus.ProjectactivewatcherProjectActiveWatcher
+}
+
+func (p *MockNexusProject) GetActiveWatchers(ctx context.Context, name string) (*nexus.ProjectactivewatcherProjectActiveWatcher, error) {
+	_ = ctx
+	return p.activeWatchers[name], nil
+}
+
+func (p *MockNexusProject) AddActiveWatchers(ctx context.Context, watcher *projectActiveWatcherv1.ProjectActiveWatcher) (*nexus.ProjectactivewatcherProjectActiveWatcher, error) {
+	_ = ctx
+	p.activeWatchers[watcher.Name] = &nexus.ProjectactivewatcherProjectActiveWatcher{ProjectActiveWatcher: watcher}
+
+	return p.activeWatchers[watcher.Name], nil
+}
+
+func (p *MockNexusProject) DeleteActiveWatchers(ctx context.Context, name string) error {
+	_ = ctx
+	_ = name
+	return nil
+}
+
+func (p *MockNexusProject) GetParent(ctx context.Context) (NexusFolderInterface, error) {
+	_ = ctx
+	return p.parent, nil
+}
+
+func (p *MockNexusProject) DisplayName() string {
+	return p.displayName
+}
+
+func (p *MockNexusProject) GetUID() string {
+	return p.uid
+}
+
+func (p *MockNexusProject) IsDeleted() bool {
+	return p.isDeleted
+}
+
+func NewMockNexusProject(name string, uid string) *MockNexusProject {
+	return &MockNexusProject{
+		isDeleted:      false,
+		displayName:    name,
+		uid:            uid,
+		parent:         &MockNexusFolder{},
+		activeWatchers: make(map[string]*nexus.ProjectactivewatcherProjectActiveWatcher),
+	}
+}

internal/nexus/nexus-abstract.go

@@ -0,0 +1,71 @@
+// SPDX-FileCopyrightText: (C) 2024 Intel Corporation
+// SPDX-License-Identifier: Apache-2.0
+
+package nexus
+
+import (
+	"context"
+	projectActiveWatcherv1 "github.com/open-edge-platform/orch-utils/tenancy-datamodel/build/apis/projectactivewatcher.edge-orchestrator.intel.com/v1"
+	nexus "github.com/open-edge-platform/orch-utils/tenancy-datamodel/build/nexus-client"
+)
+
+// This module creates an inferface and abstraction layer for the Nexus API that allows it to easily be mocked.
+
+type NexusOrganizationInterface interface { // nolint:revive
+	DisplayName() string
+}
+
+type NexusFolderInterface interface { // nolint:revive
+	GetParent(ctx context.Context) (NexusOrganizationInterface, error)
+}
+
+type NexusProjectInterface interface { // nolint:revive
+	GetActiveWatchers(ctx context.Context, name string) (*nexus.ProjectactivewatcherProjectActiveWatcher, error)
+	AddActiveWatchers(ctx context.Context, watcher *projectActiveWatcherv1.ProjectActiveWatcher) (*nexus.ProjectactivewatcherProjectActiveWatcher, error)
+	DeleteActiveWatchers(ctx context.Context, name string) error
+	GetParent(ctx context.Context) (NexusFolderInterface, error)
+	DisplayName() string
+	GetUID() string
+	IsDeleted() bool
+}
+
+// NexusFolder is a wrapper around the Nexus RuntimefolderRuntimeFolder type
+
+type NexusFolder nexus.RuntimefolderRuntimeFolder // nolint:revive
+
+func (f *NexusFolder) GetParent(ctx context.Context) (NexusOrganizationInterface, error) {
+	return (*nexus.RuntimefolderRuntimeFolder)(f).GetParent(ctx)
+}
+
+// NexusProject is a wrapper around the Nexus RuntimeprojectRuntimeProject type
+
+type NexusProject nexus.RuntimeprojectRuntimeProject // nolint:revive
+
+func (p *NexusProject) GetActiveWatchers(ctx context.Context, name string) (*nexus.ProjectactivewatcherProjectActiveWatcher, error) {
+	return (*nexus.RuntimeprojectRuntimeProject)(p).GetActiveWatchers(ctx, name)
+}
+
+func (p *NexusProject) AddActiveWatchers(ctx context.Context, watcher *projectActiveWatcherv1.ProjectActiveWatcher) (*nexus.ProjectactivewatcherProjectActiveWatcher, error) {
+	return (*nexus.RuntimeprojectRuntimeProject)(p).AddActiveWatchers(ctx, watcher)
+}
+
+func (p *NexusProject) DeleteActiveWatchers(ctx context.Context, name string) error {
+	return (*nexus.RuntimeprojectRuntimeProject)(p).DeleteActiveWatchers(ctx, name)
+}
+
+func (p *NexusProject) GetParent(ctx context.Context) (NexusFolderInterface, error) {
+	folder, err := (*nexus.RuntimeprojectRuntimeProject)(p).GetParent(ctx)
+	return (*NexusFolder)(folder), err
+}
+
+func (p *NexusProject) DisplayName() string {
+	return (*nexus.RuntimeprojectRuntimeProject)(p).DisplayName()
+}
+
+func (p *NexusProject) GetUID() string {
+	return string((*nexus.RuntimeprojectRuntimeProject)(p).UID)
+}
+
+func (p *NexusProject) IsDeleted() bool {
+	return p.Spec.Deleted
+}

internal/nexus/nexus-hook.go

@@ -22,8 +22,8 @@ const (
 )
 
 type ProjectManager interface {
-	CreateProject(orgName string, projectName string, projectUUID string, project *nexus.RuntimeprojectRuntimeProject)
-	DeleteProject(orgName string, projectName string, projectUUID string, project *nexus.RuntimeprojectRuntimeProject)
+	CreateProject(orgName string, projectName string, projectUUID string, project NexusProjectInterface)
+	DeleteProject(orgName string, projectName string, projectUUID string, project NexusProjectInterface)
 }
 
 type Hook struct {
@@ -65,12 +65,12 @@ func (h *Hook) Subscribe() error {
 	// API to subscribe and register a callback function that is invoked when a Project is added in the datamodel.
 	// Register*Callback() has the effect of subscription and also invoking a callback to the application code
 	// when there are datamodel changes to the objects of interest.
-	if _, err := h.nexusClient.TenancyMultiTenancy().Runtime().Orgs("*").Folders("*").Projects("*").RegisterAddCallback(h.projectCreated); err != nil {
+	if _, err := h.nexusClient.TenancyMultiTenancy().Runtime().Orgs("*").Folders("*").Projects("*").RegisterAddCallback(h.projectCreatedCallback); err != nil {
 		log.Errorf("Unable to register project creation callback: %+v", err)
 		return err
 	}
 
-	if _, err := h.nexusClient.TenancyMultiTenancy().Runtime().Orgs("*").Folders("*").Projects("*").RegisterUpdateCallback(h.projectUpdated); err != nil {
+	if _, err := h.nexusClient.TenancyMultiTenancy().Runtime().Orgs("*").Folders("*").Projects("*").RegisterUpdateCallback(h.projectUpdatedCallback); err != nil {
 		log.Errorf("Unable to register project deletion callback: %+v", err)
 		return err
 	}
@@ -119,7 +119,7 @@ func (h *Hook) setProjWatcherStatus(watcherObj *nexus.ProjectactivewatcherProjec
 	return nil
 }
 
-func (h *Hook) SetWatcherStatusIdle(proj *nexus.RuntimeprojectRuntimeProject) error {
+func (h *Hook) SetWatcherStatusIdle(proj NexusProjectInterface) error {
 	watcherObj, err := proj.GetActiveWatchers(context.Background(), appName)
 	if err == nil && watcherObj != nil {
 		// If watcher exists and is IDLE, simply return.
@@ -139,7 +139,7 @@ func (h *Hook) SetWatcherStatusIdle(proj *nexus.RuntimeprojectRuntimeProject) er
 	return err
 }
 
-func (h *Hook) SetWatcherStatusError(proj *nexus.RuntimeprojectRuntimeProject, message string) error {
+func (h *Hook) SetWatcherStatusError(proj NexusProjectInterface, message string) error {
 	watcherObj, err := proj.GetActiveWatchers(context.Background(), appName)
 	if err == nil && watcherObj != nil {
 		setStatusErr := h.setProjWatcherStatus(watcherObj, projectActiveWatcherv1.StatusIndicationError, message)
@@ -152,7 +152,7 @@ func (h *Hook) SetWatcherStatusError(proj *nexus.RuntimeprojectRuntimeProject, m
 	return err
 }
 
-func (h *Hook) SetWatcherStatusInProgress(proj *nexus.RuntimeprojectRuntimeProject, message string) error {
+func (h *Hook) SetWatcherStatusInProgress(proj NexusProjectInterface, message string) error {
 	watcherObj, err := proj.GetActiveWatchers(context.Background(), appName)
 	log.Infof("Setting watcher status to InProgress for project %s to %s", proj.DisplayName(), message)
 	if err == nil && watcherObj != nil {
@@ -166,7 +166,7 @@ func (h *Hook) SetWatcherStatusInProgress(proj *nexus.RuntimeprojectRuntimeProje
 	return err
 }
 
-func (h *Hook) StopWatchingProject(project *nexus.RuntimeprojectRuntimeProject) {
+func (h *Hook) StopWatchingProject(project NexusProjectInterface) {
 	ctx, cancel := context.WithTimeout(context.Background(), nexusTimeout)
 	defer cancel()
 
@@ -183,18 +183,23 @@ func (h *Hook) StopWatchingProject(project *nexus.RuntimeprojectRuntimeProject)
 	log.Infof("Active watcher %s deleted for project %s", appName, project.DisplayName())
 }
 
-func (h *Hook) deleteProject(project *nexus.RuntimeprojectRuntimeProject) {
+func (h *Hook) deleteProject(project NexusProjectInterface) {
 	log.Infof("Project: %+v marked for deletion", project.DisplayName())
 
 	organizationName := h.getOrganizationName(project)
-	h.dispatcher.DeleteProject(organizationName, project.DisplayName(), string(project.UID), project)
+	h.dispatcher.DeleteProject(organizationName, project.DisplayName(), project.GetUID(), project)
+}
+
+func (h *Hook) projectCreatedCallback(nexusProject *nexus.RuntimeprojectRuntimeProject) {
+	project := (*NexusProject)(nexusProject)
+	h.projectCreated(project)
 }
 
 // Callback function to be invoked when Project is added.
-func (h *Hook) projectCreated(project *nexus.RuntimeprojectRuntimeProject) {
-	log.Infof("Runtime Project: %+v created", *project)
+func (h *Hook) projectCreated(project NexusProjectInterface) {
+	log.Infof("Runtime Project: %+v created", project.DisplayName())
 
-	if project.Spec.Deleted {
+	if project.IsDeleted() {
 		log.Info("Created event for deleted project, dispatching delete event")
 		h.deleteProject(project)
 		return
@@ -228,12 +233,12 @@ func (h *Hook) projectCreated(project *nexus.RuntimeprojectRuntimeProject) {
 
 	// handle the creation of the project
 	organizationName := h.getOrganizationName(project)
-	h.dispatcher.CreateProject(organizationName, project.DisplayName(), string(project.UID), project)
+	h.dispatcher.CreateProject(organizationName, project.DisplayName(), project.GetUID(), project)
 
 	log.Infof("Active watcher %s created for Project %s", watcherObj.DisplayName(), project.DisplayName())
 }
 
-func (h *Hook) getOrganizationName(project *nexus.RuntimeprojectRuntimeProject) string {
+func (h *Hook) getOrganizationName(project NexusProjectInterface) string {
 	ctx, cancel := context.WithTimeout(context.Background(), nexusTimeout)
 	defer cancel()
 
@@ -253,8 +258,13 @@ func (h *Hook) getOrganizationName(project *nexus.RuntimeprojectRuntimeProject)
 }
 
 // Callback function to be invoked when Project is deleted.
-func (h *Hook) projectUpdated(_, project *nexus.RuntimeprojectRuntimeProject) {
-	if project.Spec.Deleted {
+func (h *Hook) projectUpdatedCallback(_, nexusProject *nexus.RuntimeprojectRuntimeProject) {
+	project := (*NexusProject)(nexusProject)
+	h.projectUpdated(project)
+}
+
+func (h *Hook) projectUpdated(project NexusProjectInterface) {
+	if project.IsDeleted() {
 		h.deleteProject(project)
 	}
 }