From 67740fd569e9bfd32adc944e92f7945ece60ba8f Mon Sep 17 00:00:00 2001
From: Max Cao <macao@redhat.com>
Date: Tue, 5 Nov 2024 15:42:17 -0800
Subject: [PATCH] Additional test cases

Signed-off-by: Max Cao <macao@redhat.com>
---
 pkg/scaling/resolver/scale_resolvers_test.go | 96 +++++++++++++++++++-
 1 file changed, 95 insertions(+), 1 deletion(-)

diff --git a/pkg/scaling/resolver/scale_resolvers_test.go b/pkg/scaling/resolver/scale_resolvers_test.go
index e86af2593dc..9b50d595426 100644
--- a/pkg/scaling/resolver/scale_resolvers_test.go
+++ b/pkg/scaling/resolver/scale_resolvers_test.go
@@ -487,6 +487,38 @@ func TestResolveAuthRef(t *testing.T) {
 			expected:            map[string]string{"token": bsatData},
 			expectedPodIdentity: kedav1alpha1.AuthPodIdentity{Provider: kedav1alpha1.PodIdentityProviderNone},
 		},
+		{
+			name: "triggerauth exists bound service account token, but expiry invalid",
+			existing: []runtime.Object{
+				&kedav1alpha1.TriggerAuthentication{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: namespace,
+						Name:      triggerAuthenticationName,
+					},
+					Spec: kedav1alpha1.TriggerAuthenticationSpec{
+						PodIdentity: &kedav1alpha1.AuthPodIdentity{
+							Provider: kedav1alpha1.PodIdentityProviderNone,
+						},
+						BoundServiceAccountToken: []kedav1alpha1.BoundServiceAccountToken{
+							{
+								Parameter:          "token",
+								ServiceAccountName: bsatSAName,
+								Expiry:             "10g",
+							},
+						},
+					},
+				},
+				&corev1.ServiceAccount{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: namespace,
+						Name:      bsatSAName,
+					},
+				},
+			},
+			soar:                &kedav1alpha1.AuthenticationRef{Name: triggerAuthenticationName},
+			expected:            map[string]string{"token": ""},
+			expectedPodIdentity: kedav1alpha1.AuthPodIdentity{Provider: kedav1alpha1.PodIdentityProviderNone},
+		},
 		{
 			name: "clustertriggerauth exists, podidentity nil",
 			existing: []runtime.Object{
@@ -647,6 +679,68 @@ func TestResolveAuthRef(t *testing.T) {
 			expected:            map[string]string{},
 			expectedPodIdentity: kedav1alpha1.AuthPodIdentity{Provider: kedav1alpha1.PodIdentityProviderGCP},
 		},
+		{
+			name: "clustertriggerauth exists bound service account token",
+			existing: []runtime.Object{
+				&kedav1alpha1.ClusterTriggerAuthentication{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: triggerAuthenticationName,
+					},
+					Spec: kedav1alpha1.TriggerAuthenticationSpec{
+						PodIdentity: &kedav1alpha1.AuthPodIdentity{
+							Provider: kedav1alpha1.PodIdentityProviderNone,
+						},
+						BoundServiceAccountToken: []kedav1alpha1.BoundServiceAccountToken{
+							{
+								Parameter:          "token",
+								ServiceAccountName: bsatSAName,
+								Expiry:             bsatExpiry,
+							},
+						},
+					},
+				},
+				&corev1.ServiceAccount{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: clusterNamespace,
+						Name:      bsatSAName,
+					},
+				},
+			},
+			soar:                &kedav1alpha1.AuthenticationRef{Name: triggerAuthenticationName, Kind: "ClusterTriggerAuthentication"},
+			expected:            map[string]string{"token": bsatData},
+			expectedPodIdentity: kedav1alpha1.AuthPodIdentity{Provider: kedav1alpha1.PodIdentityProviderNone},
+		},
+		{
+			name: "clustertriggerauth exists bound service account token but service account in the wrong namespace",
+			existing: []runtime.Object{
+				&kedav1alpha1.ClusterTriggerAuthentication{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: triggerAuthenticationName,
+					},
+					Spec: kedav1alpha1.TriggerAuthenticationSpec{
+						PodIdentity: &kedav1alpha1.AuthPodIdentity{
+							Provider: kedav1alpha1.PodIdentityProviderNone,
+						},
+						BoundServiceAccountToken: []kedav1alpha1.BoundServiceAccountToken{
+							{
+								Parameter:          "token",
+								ServiceAccountName: bsatSAName,
+								Expiry:             bsatExpiry,
+							},
+						},
+					},
+				},
+				&corev1.ServiceAccount{
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: namespace,
+						Name:      bsatSAName,
+					},
+				},
+			},
+			soar:                &kedav1alpha1.AuthenticationRef{Name: triggerAuthenticationName, Kind: "ClusterTriggerAuthentication"},
+			expected:            map[string]string{"token": ""},
+			expectedPodIdentity: kedav1alpha1.AuthPodIdentity{Provider: kedav1alpha1.PodIdentityProviderNone},
+		},
 	}
 	ctrl := gomock.NewController(t)
 	var secretsLister corev1listers.SecretLister
@@ -658,7 +752,7 @@ func TestResolveAuthRef(t *testing.T) {
 			Token: bsatData,
 		},
 	}
-	mockServiceAccountInterface.EXPECT().CreateToken(gomock.Any(), gomock.Eq(bsatSAName), gomock.Any(), gomock.Any()).Return(tokenRequest, nil)
+	mockServiceAccountInterface.EXPECT().CreateToken(gomock.Any(), gomock.Eq(bsatSAName), gomock.Any(), gomock.Any()).Return(tokenRequest, nil).AnyTimes()
 
 	for _, test := range tests {
 		test := test