Merge pull request #369 from FGA-GCES/feat/default-target-tests

No target name unit and e2e tests

e2e/framework/testcase.go

@@ -24,7 +24,7 @@ import (
 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 )
 
-const TargetSecretName = "target-secret"
+var TargetSecretName = "target-secret"
 
 // TestCase contains the test infra to run a table driven test.
 type TestCase struct {
@@ -66,6 +66,11 @@ func TableFunc(f *Framework, prov SecretStoreProvider) func(...func(*TestCase))
 		err = tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecret)
 		Expect(err).ToNot(HaveOccurred())
 
+		// in case target name is empty
+		if tc.ExternalSecret.Spec.Target.Name == "" {
+			TargetSecretName = tc.ExternalSecret.ObjectMeta.Name
+		}
+
 		// wait for Kind=Secret to have the expected data
 		_, err = tc.Framework.WaitForSecretValue(tc.Framework.Namespace.Name, TargetSecretName, tc.ExpectedSecret)
 		Expect(err).ToNot(HaveOccurred())

e2e/suite/alibaba/alibaba.go

@@ -43,5 +43,7 @@ var _ = Describe("[alibaba] ", func() {
 		Entry(common.DataPropertyDockerconfigJSON(f)),
 		Entry(common.SSHKeySync(f)),
 		Entry(common.SSHKeySyncDataProperty(f)),
+		Entry(common.SyncWithoutTargetName(f)),
+		Entry(common.JSONDataWithoutTargetName(f)),
 	)
 })

e2e/suite/aws/secretsmanager.go

@@ -126,5 +126,7 @@ var _ = Describe("[aws] ", func() {
 		Entry(common.DataPropertyDockerconfigJSON(f)),
 		Entry(common.SSHKeySync(f)),
 		Entry(common.SSHKeySyncDataProperty(f)),
+		Entry(common.SyncWithoutTargetName(f)),
+		Entry(common.JSONDataWithoutTargetName(f)),
 	)
 })

e2e/suite/azure/azure.go

@@ -42,5 +42,7 @@ var _ = Describe("[azure] ", func() {
 		Entry(common.DataPropertyDockerconfigJSON(f)),
 		Entry(common.SSHKeySync(f)),
 		Entry(common.SSHKeySyncDataProperty(f)),
+		Entry(common.SyncWithoutTargetName(f)),
+		Entry(common.JSONDataWithoutTargetName(f)),
 	)
 })

e2e/suite/common/common.go

@@ -57,6 +57,33 @@ func SimpleDataSync(f *framework.Framework) (string, func(*framework.TestCase))
 	}
 }
 
+// This case creates a secret with empty target name to test if it defaults to external secret name.
+// Not supported by: vault.
+func SyncWithoutTargetName(f *framework.Framework) (string, func(*framework.TestCase)) {
+	return "[common] should sync with empty target name.", func(tc *framework.TestCase) {
+		secretKey1 := fmt.Sprintf("%s-%s", f.Namespace.Name, "one")
+		secretValue := "bar"
+		tc.Secrets = map[string]string{
+			secretKey1: secretValue,
+		}
+		tc.ExpectedSecret = &v1.Secret{
+			Type: v1.SecretTypeOpaque,
+			Data: map[string][]byte{
+				secretKey1: []byte(secretValue),
+			},
+		}
+		tc.ExternalSecret.Spec.Target.Name = ""
+		tc.ExternalSecret.Spec.Data = []esv1alpha1.ExternalSecretData{
+			{
+				SecretKey: secretKey1,
+				RemoteRef: esv1alpha1.ExternalSecretDataRemoteRef{
+					Key: secretKey1,
+				},
+			},
+		}
+	}
+}
+
 // This case creates multiple secrets with json values and syncs them using multiple .Spec.Data blocks.
 // The data is extracted from the JSON key using ref.Property.
 func JSONDataWithProperty(f *framework.Framework) (string, func(*framework.TestCase)) {
@@ -95,6 +122,34 @@ func JSONDataWithProperty(f *framework.Framework) (string, func(*framework.TestC
 	}
 }
 
+// This case creates a secret with empty target name to test if it defaults to external secret name.
+// The data is extracted from the JSON key using ref.Property.
+func JSONDataWithoutTargetName(f *framework.Framework) (string, func(*framework.TestCase)) {
+	return "[common] should sync with empty target name, using json.", func(tc *framework.TestCase) {
+		secretKey := fmt.Sprintf("%s-%s", f.Namespace.Name, "one")
+		secretValue := "{\"foo\":\"foo-val\",\"bar\":\"bar-val\"}"
+		tc.Secrets = map[string]string{
+			secretKey: secretValue,
+		}
+		tc.ExpectedSecret = &v1.Secret{
+			Type: v1.SecretTypeOpaque,
+			Data: map[string][]byte{
+				secretKey: []byte("foo-val"),
+			},
+		}
+		tc.ExternalSecret.Spec.Target.Name = ""
+		tc.ExternalSecret.Spec.Data = []esv1alpha1.ExternalSecretData{
+			{
+				SecretKey: secretKey,
+				RemoteRef: esv1alpha1.ExternalSecretDataRemoteRef{
+					Key:      secretKey,
+					Property: "foo",
+				},
+			},
+		}
+	}
+}
+
 // This case creates multiple secrets with json values and renders a template.
 // The data is extracted from the JSON key using ref.Property.
 func JSONDataWithTemplate(f *framework.Framework) (string, func(*framework.TestCase)) {

e2e/suite/gcp/gcp.go

@@ -150,6 +150,8 @@ x6HaRh+EUwU51von6M9lEF9/p5Q=
 		Entry(common.DataPropertyDockerconfigJSON(f)),
 		Entry(common.SSHKeySync(f)),
 		Entry(common.SSHKeySyncDataProperty(f)),
+		Entry(common.SyncWithoutTargetName(f)),
+		Entry(common.JSONDataWithoutTargetName(f)),
 		Entry("should sync p12 encoded cert secret", p12Cert),
 	)
 })

e2e/suite/gitlab/gitlab.go

@@ -41,5 +41,7 @@ var _ = Describe("[gitlab] ", func() {
 		Entry(common.JSONDataFromSync(f)),
 		Entry(common.NestedJSONWithGJSON(f)),
 		Entry(common.JSONDataWithTemplate(f)),
+		Entry(common.SyncWithoutTargetName(f)),
+		Entry(common.JSONDataWithoutTargetName(f)),
 	)
 })

e2e/suite/oracle/oracle.go

@@ -43,5 +43,7 @@ var _ = Describe("[oracle] ", func() {
 		Entry(common.DataPropertyDockerconfigJSON(f)),
 		Entry(common.SSHKeySync(f)),
 		Entry(common.SSHKeySyncDataProperty(f)),
+		Entry(common.SyncWithoutTargetName(f)),
+		Entry(common.JSONDataWithoutTargetName(f)),
 	)
 })

e2e/suite/vault/vault.go

@@ -34,31 +34,37 @@ var _ = Describe("[vault] ", func() {
 		compose("with token auth", f, common.JSONDataWithProperty, useTokenAuth),
 		compose("with token auth", f, common.JSONDataWithTemplate, useTokenAuth),
 		compose("with token auth", f, common.DataPropertyDockerconfigJSON, useTokenAuth),
+		compose("with token auth", f, common.JSONDataWithoutTargetName, useTokenAuth),
 		// use cert auth
 		compose("with cert auth", f, common.JSONDataFromSync, useCertAuth),
 		compose("with cert auth", f, common.JSONDataWithProperty, useCertAuth),
 		compose("with cert auth", f, common.JSONDataWithTemplate, useCertAuth),
 		compose("with cert auth", f, common.DataPropertyDockerconfigJSON, useCertAuth),
+		compose("with cert auth", f, common.JSONDataWithoutTargetName, useTokenAuth),
 		// use approle auth
 		compose("with appRole auth", f, common.JSONDataFromSync, useApproleAuth),
 		compose("with appRole auth", f, common.JSONDataWithProperty, useApproleAuth),
 		compose("with appRole auth", f, common.JSONDataWithTemplate, useApproleAuth),
 		compose("with appRole auth", f, common.DataPropertyDockerconfigJSON, useApproleAuth),
+		compose("with appRole auth", f, common.JSONDataWithoutTargetName, useTokenAuth),
 		// use v1 provider
 		compose("with v1 kv provider", f, common.JSONDataFromSync, useV1Provider),
 		compose("with v1 kv provider", f, common.JSONDataWithProperty, useV1Provider),
 		compose("with v1 kv provider", f, common.JSONDataWithTemplate, useV1Provider),
 		compose("with v1 kv provider", f, common.DataPropertyDockerconfigJSON, useV1Provider),
+		compose("with v1 kv provider", f, common.JSONDataWithoutTargetName, useTokenAuth),
 		// use jwt provider
 		compose("with jwt provider", f, common.JSONDataFromSync, useJWTProvider),
 		compose("with jwt provider", f, common.JSONDataWithProperty, useJWTProvider),
 		compose("with jwt provider", f, common.JSONDataWithTemplate, useJWTProvider),
 		compose("with jwt provider", f, common.DataPropertyDockerconfigJSON, useJWTProvider),
+		compose("with jwt provider", f, common.JSONDataWithoutTargetName, useTokenAuth),
 		// use kubernetes provider
 		compose("with kubernetes provider", f, common.JSONDataFromSync, useKubernetesProvider),
 		compose("with kubernetes provider", f, common.JSONDataWithProperty, useKubernetesProvider),
 		compose("with kubernetes provider", f, common.JSONDataWithTemplate, useKubernetesProvider),
 		compose("with kubernetes provider", f, common.DataPropertyDockerconfigJSON, useKubernetesProvider),
+		compose("with kubernetes provider", f, common.JSONDataWithoutTargetName, useTokenAuth),
 	)
 })
 

pkg/controllers/externalsecret/externalsecret_controller_test.go

@@ -223,6 +223,16 @@ var _ = Describe("ExternalSecret controller", func() {
 		}
 	}
 
+	// if target Secret name is not specified it should use the ExternalSecret name.
+	syncWithoutTargetName := func(tc *testCase) {
+		tc.externalSecret.Spec.Target.Name = ""
+		tc.checkSecret = func(es *esv1alpha1.ExternalSecret, secret *v1.Secret) {
+
+			// check secret name
+			Expect(secret.ObjectMeta.Name).To(Equal(ExternalSecretName))
+		}
+	}
+
 	// labels and annotations from the Kind=ExternalSecret
 	// should be copied over to the Kind=Secret
 	syncLabelsAnnotations := func(tc *testCase) {
@@ -901,6 +911,12 @@ var _ = Describe("ExternalSecret controller", func() {
 					Name:      ExternalSecretTargetSecretName,
 					Namespace: ExternalSecretNamespace,
 				}
+				if createdES.Spec.Target.Name == "" {
+					secretLookupKey = types.NamespacedName{
+						Name:      ExternalSecretName,
+						Namespace: ExternalSecretNamespace,
+					}
+				}
 				Eventually(func() bool {
 					err := k8sClient.Get(ctx, secretLookupKey, syncedSecret)
 					return err == nil
@@ -911,6 +927,7 @@ var _ = Describe("ExternalSecret controller", func() {
 		Entry("should recreate deleted secret", checkDeletion),
 		Entry("should create proper hash annotation for the external secret", checkSecretDataHashAnnotation),
 		Entry("should refresh when the hash annotation doesn't correspond to secret data", checkSecretDataHashAnnotationChange),
+		Entry("should use external secret name if target secret name isn't defined", syncWithoutTargetName),
 		Entry("should set the condition eventually", syncLabelsAnnotations),
 		Entry("should set prometheus counters", checkPrometheusCounters),
 		Entry("should merge with existing secret using creationPolicy=Merge", mergeWithSecret),