Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

convert the fetched secret to map to access the properties (#2637)

Signed-off-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
Co-authored-by: shanti.gundumalla@ibm.com <shanti.gundumalla@ibm.com>
Shanti G 2 years ago
parent
851e6ff66c
commit
75726582ad
2 changed files with 71 additions and 9 deletions
Unified View Show Diff Stats
  1. 41 9
      pkg/provider/ibm/provider.go
  2. 30 0
      pkg/provider/ibm/provider_test.go

+ 41 - 9
pkg/provider/ibm/provider.go
View File 

@@ -210,12 +210,14 @@ func getArbitrarySecret(ibm *providerIBM, secretName *string) ([]byte, error) {
 
 	if err != nil {
 
 	if err != nil {
 
 		return nil, err
 
 		return nil, err
 
 	}
 
 	}
 
-	secret, ok := response.(*sm.ArbitrarySecret)
 
-	if !ok {
 
-		return nil, fmt.Errorf(errExtractingSecret, *secretName, sm.Secret_SecretType_Arbitrary, "getArbitrarySecret")
 
+	secMap, err := formSecretMap(response)
 
+	if err != nil {
 
+		return nil, err
 
 	}
 
 	}
 
-
 
-	return []byte(*secret.Payload), nil
 
+	if val, ok := secMap[payloadConst]; ok {
 
+		return []byte(val.(string)), nil
 
+	}
 
+	return nil, fmt.Errorf("key %s does not exist in secret %s", payloadConst, *secretName)
 
 }
 
 }
 
 
 
 func getImportCertSecret(ibm *providerIBM, secretName *string, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
 
 func getImportCertSecret(ibm *providerIBM, secretName *string, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
 
@@ -274,11 +276,14 @@ func getIamCredentialsSecret(ibm *providerIBM, secretName *string) ([]byte, erro
 
 	if err != nil {
 
 	if err != nil {
 
 		return nil, err
 
 		return nil, err
 
 	}
 
 	}
 
-	secret, ok := response.(*sm.IAMCredentialsSecret)
 
-	if !ok {
 
-		return nil, fmt.Errorf(errExtractingSecret, *secretName, sm.Secret_SecretType_IamCredentials, "getIamCredentialsSecret")
 
+	secMap, err := formSecretMap(response)
 
+	if err != nil {
 
+		return nil, err
 
+	}
 
+	if val, ok := secMap[smAPIKeyConst]; ok {
 
+		return []byte(val.(string)), nil
 
 	}
 
 	}
 
-	return []byte(*secret.ApiKey), nil
 
+	return nil, fmt.Errorf("key %s does not exist in secret %s", smAPIKeyConst, *secretName)
 
 }
 
 }
 
 
 
 func getUsernamePasswordSecret(ibm *providerIBM, secretName *string, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
 
 func getUsernamePasswordSecret(ibm *providerIBM, secretName *string, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) {
 
@@ -439,21 +444,42 @@ func (ibm *providerIBM) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSe
 
 	}
 
 	}
 
 	secMapBytes = populateSecretMap(secMapBytes, secMap)
 
 	secMapBytes = populateSecretMap(secMapBytes, secMap)
 
 
 
+	checkNilFn := func(propertyList []string) error {
 
+		for _, prop := range propertyList {
 
+			if _, ok := secMap[prop]; !ok {
 
+				return fmt.Errorf("key %s does not exist in secret %s", prop, secretName)
 
+			}
 
+		}
 
+		return nil
 
+	}
 
+
 
 	switch secretType {
 
 	switch secretType {
 
 	case sm.Secret_SecretType_Arbitrary:
 
 	case sm.Secret_SecretType_Arbitrary:
 
+		if err := checkNilFn([]string{payloadConst}); err != nil {
 
+			return nil, err
 
+		}
 
 		secretMap[arbitraryConst] = secMapBytes[payloadConst]
 
 		secretMap[arbitraryConst] = secMapBytes[payloadConst]
 
 		return secretMap, nil
 
 		return secretMap, nil
 
 
 
 	case sm.Secret_SecretType_UsernamePassword:
 
 	case sm.Secret_SecretType_UsernamePassword:
 
+		if err := checkNilFn([]string{usernameConst, passwordConst}); err != nil {
 
+			return nil, err
 
+		}
 
 		secretMap[usernameConst] = secMapBytes[usernameConst]
 
 		secretMap[usernameConst] = secMapBytes[usernameConst]
 
 		secretMap[passwordConst] = secMapBytes[passwordConst]
 
 		secretMap[passwordConst] = secMapBytes[passwordConst]
 
 		return secretMap, nil
 
 		return secretMap, nil
 
 
 
 	case sm.Secret_SecretType_IamCredentials:
 
 	case sm.Secret_SecretType_IamCredentials:
 
+		if err := checkNilFn([]string{smAPIKeyConst}); err != nil {
 
+			return nil, err
 
+		}
 
 		secretMap[apikeyConst] = secMapBytes[smAPIKeyConst]
 
 		secretMap[apikeyConst] = secMapBytes[smAPIKeyConst]
 
 		return secretMap, nil
 
 		return secretMap, nil
 
 
 
 	case sm.Secret_SecretType_ImportedCert:
 
 	case sm.Secret_SecretType_ImportedCert:
 
+		if err := checkNilFn([]string{certificateConst, intermediateConst}); err != nil {
 
+			return nil, err
 
+		}
 
 		secretMap[certificateConst] = secMapBytes[certificateConst]
 
 		secretMap[certificateConst] = secMapBytes[certificateConst]
 
 		secretMap[intermediateConst] = secMapBytes[intermediateConst]
 
 		secretMap[intermediateConst] = secMapBytes[intermediateConst]
 
 		if v, ok := secMapBytes[privateKeyConst]; ok {
 
 		if v, ok := secMapBytes[privateKeyConst]; ok {
 
@@ -465,12 +491,18 @@ func (ibm *providerIBM) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSe
 
 		return secretMap, nil
 
 		return secretMap, nil
 
 
 
 	case sm.Secret_SecretType_PublicCert:
 
 	case sm.Secret_SecretType_PublicCert:
 
+		if err := checkNilFn([]string{certificateConst, intermediateConst, privateKeyConst}); err != nil {
 
+			return nil, err
 
+		}
 
 		secretMap[certificateConst] = secMapBytes[certificateConst]
 
 		secretMap[certificateConst] = secMapBytes[certificateConst]
 
 		secretMap[intermediateConst] = secMapBytes[intermediateConst]
 
 		secretMap[intermediateConst] = secMapBytes[intermediateConst]
 
 		secretMap[privateKeyConst] = secMapBytes[privateKeyConst]
 
 		secretMap[privateKeyConst] = secMapBytes[privateKeyConst]
 
 		return secretMap, nil
 
 		return secretMap, nil
 
 
 
 	case sm.Secret_SecretType_PrivateCert:
 
 	case sm.Secret_SecretType_PrivateCert:
 
+		if err := checkNilFn([]string{certificateConst, privateKeyConst}); err != nil {
 
+			return nil, err
 
+		}
 
 		secretMap[certificateConst] = secMapBytes[certificateConst]
 
 		secretMap[certificateConst] = secMapBytes[certificateConst]
 
 		secretMap[privateKeyConst] = secMapBytes[privateKeyConst]
 
 		secretMap[privateKeyConst] = secMapBytes[privateKeyConst]
 
 		return secretMap, nil
 
 		return secretMap, nil

+ 30 - 0
pkg/provider/ibm/provider_test.go
View File 

@@ -237,6 +237,20 @@ func TestIBMSecretManagerGetSecret(t *testing.T) {
 
 		smtc.expectedSecret = secretString
 
 		smtc.expectedSecret = secretString
 
 	}
 
 	}
 
 
 
+	// bad case: arbitrary type secret which is destroyed
 
+	badArbitSecret := func(smtc *secretManagerTestCase) {
 
+		secret := &sm.UsernamePasswordSecret{
 
+			SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
 
+			Name:       utilpointer.To("testyname"),
 
+			ID:         utilpointer.To(secretUUID),
 
+		}
 
+		smtc.name = "bad case: username_password type without property"
 
+		smtc.apiInput.ID = utilpointer.To(secretUUID)
 
+		smtc.apiOutput = secret
 
+		smtc.ref.Key = secretUUID
 
+		smtc.expectError = "key payload does not exist in secret " + secretUUID
 
+	}
 
+
 
 	// bad case: username_password type without property
 
 	// bad case: username_password type without property
 
 	secretUserPass := "username_password/" + secretUUID
 
 	secretUserPass := "username_password/" + secretUUID
 
 	badSecretUserPass := func(smtc *secretManagerTestCase) {
 
 	badSecretUserPass := func(smtc *secretManagerTestCase) {
 
@@ -493,6 +507,7 @@ func TestIBMSecretManagerGetSecret(t *testing.T) {
 
 	successCases := []*secretManagerTestCase{
 
 	successCases := []*secretManagerTestCase{
 
 		makeValidSecretManagerTestCaseCustom(setSecretString),
 
 		makeValidSecretManagerTestCaseCustom(setSecretString),
 
 		makeValidSecretManagerTestCaseCustom(setCustomKey),
 
 		makeValidSecretManagerTestCaseCustom(setCustomKey),
 
+		makeValidSecretManagerTestCaseCustom(badArbitSecret),
 
 		makeValidSecretManagerTestCaseCustom(setAPIErr),
 
 		makeValidSecretManagerTestCaseCustom(setAPIErr),
 
 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
 
 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
 
 		makeValidSecretManagerTestCaseCustom(badSecretUserPass),
 
 		makeValidSecretManagerTestCaseCustom(badSecretUserPass),
 
@@ -601,6 +616,20 @@ func TestGetSecretMap(t *testing.T) {
 
 		smtc.expectedData["apikey"] = []byte(secretAPIKey)
 
 		smtc.expectedData["apikey"] = []byte(secretAPIKey)
 
 	}
 
 	}
 
 
 
+	// bad case: iam_credentials of a destroyed secret
 
+	badSecretIam := func(smtc *secretManagerTestCase) {
 
+		secret := &sm.IAMCredentialsSecret{
 
+			Name:       utilpointer.To("testyname"),
 
+			ID:         utilpointer.To(secretUUID),
 
+			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
 
+		}
 
+		smtc.name = "good case: iam_credentials"
 
+		smtc.apiInput.ID = utilpointer.To(secretUUID)
 
+		smtc.apiOutput = secret
 
+		smtc.ref.Key = iamCredentialsSecret + secretUUID
 
+		smtc.expectError = "key api_key does not exist in secret " + secretUUID
 
+	}
 
+
 
 	funcCertTest := func(secret sm.SecretIntf, name, certType string) func(*secretManagerTestCase) {
 
 	funcCertTest := func(secret sm.SecretIntf, name, certType string) func(*secretManagerTestCase) {
 
 		return func(smtc *secretManagerTestCase) {
 
 		return func(smtc *secretManagerTestCase) {
 
 			smtc.name = name
 
 			smtc.name = name
 
@@ -1020,6 +1049,7 @@ func TestGetSecretMap(t *testing.T) {
 
 	}
 
 	}
 
 
 
 	successCases := []*secretManagerTestCase{
 
 	successCases := []*secretManagerTestCase{
 
+		makeValidSecretManagerTestCaseCustom(badSecretIam),
 
 		makeValidSecretManagerTestCaseCustom(setArbitrary),
 
 		makeValidSecretManagerTestCaseCustom(setArbitrary),
 
 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
 
 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
 
 		makeValidSecretManagerTestCaseCustom(setAPIErr),
 
 		makeValidSecretManagerTestCaseCustom(setAPIErr),