Adding coverage to pushSecret

Signed-off-by: Gustavo <gusfcarvalho@gmail.com>

pkg/controllers/pushsecret/pushsecret_controller_test.go

@@ -27,6 +27,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	v1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 	v1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@@ -54,6 +55,18 @@ func init() {
 	})
 }
 
+func checkCondition(status v1alpha1.PushSecretStatus, cond v1alpha1.PushSecretStatusCondition) bool {
+	for _, condition := range status.Conditions {
+		if condition.Message == cond.Message &&
+			condition.Reason == cond.Reason &&
+			condition.Status == cond.Status &&
+			condition.Type == cond.Type {
+			return true
+		}
+	}
+	return false
+}
+
 type testTweaks func(*testCase)
 
 var _ = Describe("ExternalSecret controller", func() {
@@ -172,7 +185,42 @@ var _ = Describe("ExternalSecret controller", func() {
 		tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool {
 			secretValue := secret.Data["key"]
 			providerValue := fakeProvider.SetSecretArgs[ps.Spec.Data[0].Match.RemoteRefs[0].RemoteKey].Value
-			return bytes.Equal(secretValue, providerValue)
+			expected := v1alpha1.PushSecretStatusCondition{
+				Type:    v1alpha1.PushSecretReady,
+				Status:  v1.ConditionTrue,
+				Reason:  v1alpha1.ReasonSynced,
+				Message: "PushSecret synced successfully",
+			}
+			return bytes.Equal(secretValue, providerValue) && checkCondition(ps.Status, expected)
+		}
+	}
+	syncWithClusterStore := func(tc *testCase) {
+		fakeProvider.SetSecretFn = func() error {
+			return nil
+		}
+		tc.store = &v1beta1.ClusterSecretStore{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: PushSecretStore,
+			},
+			Spec: v1beta1.SecretStoreSpec{
+				Provider: &v1beta1.SecretStoreProvider{
+					Fake: &v1beta1.FakeProvider{
+						Data: []v1beta1.FakeProviderData{},
+					},
+				},
+			},
+		}
+		tc.pushsecret.Spec.SecretStoreRefs[0].Kind = "ClusterSecretStore"
+		tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool {
+			secretValue := secret.Data["key"]
+			providerValue := fakeProvider.SetSecretArgs[ps.Spec.Data[0].Match.RemoteRefs[0].RemoteKey].Value
+			expected := v1alpha1.PushSecretStatusCondition{
+				Type:    v1alpha1.PushSecretReady,
+				Status:  v1.ConditionTrue,
+				Reason:  v1alpha1.ReasonSynced,
+				Message: "PushSecret synced successfully",
+			}
+			return bytes.Equal(secretValue, providerValue) && checkCondition(ps.Status, expected)
 		}
 	}
 	// if target Secret name is not specified it should use the ExternalSecret name.
@@ -182,7 +230,29 @@ var _ = Describe("ExternalSecret controller", func() {
 		}
 		tc.secret = nil
 		tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool {
-			return ps.Status.Conditions[0].Reason == v1alpha1.ReasonErrored
+			expected := v1alpha1.PushSecretStatusCondition{
+				Type:    v1alpha1.PushSecretReady,
+				Status:  v1.ConditionFalse,
+				Reason:  v1alpha1.ReasonErrored,
+				Message: "could not get source secret",
+			}
+			return checkCondition(ps.Status, expected)
+		}
+	}
+	// if target Secret name is not specified it should use the ExternalSecret name.
+	failNoSecretKey := func(tc *testCase) {
+		fakeProvider.SetSecretFn = func() error {
+			return nil
+		}
+		tc.pushsecret.Spec.Data[0].Match.SecretKey = "unexisting"
+		tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool {
+			expected := v1alpha1.PushSecretStatusCondition{
+				Type:    v1alpha1.PushSecretReady,
+				Status:  v1.ConditionFalse,
+				Reason:  v1alpha1.ReasonErrored,
+				Message: "set secret failed: secret key unexisting does not exist",
+			}
+			return checkCondition(ps.Status, expected)
 		}
 	}
 	// if target Secret name is not specified it should use the ExternalSecret name.
@@ -192,16 +262,60 @@ var _ = Describe("ExternalSecret controller", func() {
 		}
 		tc.store = nil
 		tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool {
-			return ps.Status.Conditions[0].Reason == v1alpha1.ReasonErrored
+			expected := v1alpha1.PushSecretStatusCondition{
+				Type:    v1alpha1.PushSecretReady,
+				Status:  v1.ConditionFalse,
+				Reason:  v1alpha1.ReasonErrored,
+				Message: "could not get SecretStore \"test-store\", secretstores.external-secrets.io \"test-store\" not found",
+			}
+			return checkCondition(ps.Status, expected)
 		}
 	}
 	// if target Secret name is not specified it should use the ExternalSecret name.
+	failNoClusterStore := func(tc *testCase) {
+		fakeProvider.SetSecretFn = func() error {
+			return nil
+		}
+		tc.store = nil
+		tc.pushsecret.Spec.SecretStoreRefs[0].Kind = "ClusterSecretStore"
+		tc.pushsecret.Spec.SecretStoreRefs[0].Name = "unexisting"
+		tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool {
+			expected := v1alpha1.PushSecretStatusCondition{
+				Type:    v1alpha1.PushSecretReady,
+				Status:  v1.ConditionFalse,
+				Reason:  v1alpha1.ReasonErrored,
+				Message: "could not get ClusterSecretStore \"unexisting\", clustersecretstores.external-secrets.io \"unexisting\" not found",
+			}
+			return checkCondition(ps.Status, expected)
+		}
+	} // if target Secret name is not specified it should use the ExternalSecret name.
 	setSecretFail := func(tc *testCase) {
 		fakeProvider.SetSecretFn = func() error {
 			return fmt.Errorf("boom")
 		}
 		tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool {
-			return ps.Status.Conditions[0].Reason == v1alpha1.ReasonErrored
+			expected := v1alpha1.PushSecretStatusCondition{
+				Type:    v1alpha1.PushSecretReady,
+				Status:  v1.ConditionFalse,
+				Reason:  v1alpha1.ReasonErrored,
+				Message: "set secret failed: could not write remote ref key to target secretstore test-store: boom",
+			}
+			return checkCondition(ps.Status, expected)
+		}
+	}
+	// if target Secret name is not specified it should use the ExternalSecret name.
+	newClientFail := func(tc *testCase) {
+		fakeProvider.NewFn = func(context.Context, v1beta1.GenericStore, client.Client, string) (v1beta1.SecretsClient, error) {
+			return nil, fmt.Errorf("boom")
+		}
+		tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool {
+			expected := v1alpha1.PushSecretStatusCondition{
+				Type:    v1alpha1.PushSecretReady,
+				Status:  v1.ConditionFalse,
+				Reason:  v1alpha1.ReasonErrored,
+				Message: "set secret failed: could not start secrets client",
+			}
+			return checkCondition(ps.Status, expected)
 		}
 	}
 	DescribeTable("When reconciling a PushSecret",
@@ -234,9 +348,13 @@ var _ = Describe("ExternalSecret controller", func() {
 			}, timeout, interval).Should(BeTrue())
 			// this must be optional so we can test faulty es configuration
 		},
-		Entry("should work as we are not doing anything at all!", syncSuccessfully),
+		Entry("should sync", syncSuccessfully),
+		Entry("should sync with ClusterStore", syncWithClusterStore),
 		Entry("should fail if Secret is not created", failNoSecret),
+		Entry("should fail if Secret Key does not exist", failNoSecretKey),
 		Entry("should fail if SetSecret fails", setSecretFail),
 		Entry("should fail if no valid SecretStore", failNoSecretStore),
+		Entry("should fail if no valid ClusterSecretStore", failNoClusterStore),
+		Entry("should fail if NewClient fails", newClientFail),
 	)
 })