Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix: only replace data if it is in the middle of the path (#3852)

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
Gergely Brautigam 1 year ago
parent
a861de4f65
commit
1309c2c41b
2 changed files with 62 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      pkg/provider/vault/client_get.go
  2. 61 0
      pkg/provider/vault/client_get_test.go

+ 1 - 1
pkg/provider/vault/client_get.go
View File 

@@ -221,7 +221,7 @@ func (c *client) buildMetadataPath(path string) (string, error) {
 
 			return "", errors.New(errPathInvalid)
 
 		}
 
 		if c.store.Path == nil {
 
-			path = strings.Replace(path, "data", "metadata", 1)
 
+			path = strings.Replace(path, "/data/", "/metadata/", 1)
 
 			url = path
 
 		} else {
 
 			url = fmt.Sprintf("%s/metadata/%s", *c.store.Path, path)

+ 61 - 0
pkg/provider/vault/client_get_test.go
View File 

@@ -696,6 +696,67 @@ func TestGetSecretPath(t *testing.T) {
 
 	}
 
 }
 
 
+func TestGetSecretMetadataPath(t *testing.T) {
 
+	storeV2 := makeValidSecretStore()
 
+	storeV2NoPath := storeV2.DeepCopy()
 
+	multiPath := "secret/path"
 
+	storeV2.Spec.Provider.Vault.Path = &multiPath
 
+	storeV2NoPath.Spec.Provider.Vault.Path = nil
 
+
 
+	storeV1 := makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1)
 
+	storeV1NoPath := storeV1.DeepCopy()
 
+	storeV1.Spec.Provider.Vault.Path = &multiPath
 
+	storeV1NoPath.Spec.Provider.Vault.Path = nil
 
+
 
+	type args struct {
 
+		store    *esv1beta1.VaultProvider
 
+		path     string
 
+		expected string
 
+	}
 
+	cases := map[string]struct {
 
+		reason string
 
+		args   args
 
+	}{
 
+		"PathForV1": {
 
+			reason: "path should compose with mount point if set",
 
+			args: args{
 
+				store:    storeV1.Spec.Provider.Vault,
 
+				path:     "data/test",
 
+				expected: "secret/path/data/test",
 
+			},
 
+		},
 
+		"PathForV2": {
 
+			reason: "path should compose with mount point if set without data",
 
+			args: args{
 
+				store:    storeV2.Spec.Provider.Vault,
 
+				path:     "secret/path/data/test",
 
+				expected: "secret/path/metadata/secret/path/data/test",
 
+			},
 
+		},
 
+		"PathForV2WithData": {
 
+			reason: "if data is in the path it shouldn't be changed",
 
+			args: args{
 
+				store:    storeV2NoPath.Spec.Provider.Vault,
 
+				path:     "my_data/data/path",
 
+				expected: "my_data/metadata/path",
 
+			},
 
+		},
 
+	}
 
+
 
+	for name, tc := range cases {
 
+		t.Run(name, func(t *testing.T) {
 
+			vStore := &client{
 
+				store: tc.args.store,
 
+			}
 
+
 
+			want, _ := vStore.buildMetadataPath(tc.args.path)
 
+			if diff := cmp.Diff(want, tc.args.expected); diff != "" {
 
+				t.Errorf("\n%s\nvault.buildPath(...): -want expected, +got error:\n%s", tc.reason, diff)
 
+			}
 
+		})
 
+	}
 
+}
 
+
 
 func TestSecretExists(t *testing.T) {
 
 	secret := map[string]any{
 
 		"foo": "bar",