Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #868 from external-secrets/chore/validate-store-for-providers

Adds ValidateStore for some providers
paul-the-alien[bot] 4 years ago
parent
697c4dcdd6 5f608594a4
commit
ed56410b47
4 changed files with 104 additions and 0 deletions
Split View Show Diff Stats
  1. 14 0
      pkg/provider/fake/fake.go
  2. 34 0
      pkg/provider/fake/fake_test.go
  3. 16 0
      pkg/provider/ibm/provider.go
  4. 40 0
      pkg/provider/ibm/provider_test.go

+ 14 - 0
pkg/provider/fake/fake.go
View File 

@@ -27,6 +27,8 @@ var (
 
 	errNotFound            = fmt.Errorf("secret value not found")
 
 	errMissingStore        = fmt.Errorf("missing store provider")
 
 	errMissingFakeProvider = fmt.Errorf("missing store provider fake")
 
+	errMissingKeyField     = "key must be set in data %v"
 
+	errMissingValueField   = "at least one of value or valueMap must be set in data %v"
 
 )
 
 
 type Provider struct {
 
@@ -98,6 +100,18 @@ func (p *Provider) Validate() error {
 
 }
 
 
 func (p *Provider) ValidateStore(store esv1beta1.GenericStore) error {
 
+	prov := store.GetSpec().Provider.Fake
 
+	if prov == nil {
 
+		return nil
 
+	}
 
+	for pos, data := range prov.Data {
 
+		if data.Key == "" {
 
+			return fmt.Errorf(errMissingKeyField, pos)
 
+		}
 
+		if data.Value == "" && data.ValueMap == nil {
 
+			return fmt.Errorf(errMissingValueField, pos)
 
+		}
 
+	}
 
 	return nil
 
 }

+ 34 - 0
pkg/provider/fake/fake_test.go
View File 

@@ -15,6 +15,7 @@ package fake
 
 
 import (
 
 	"context"
 
+	"fmt"
 
 	"testing"
 
 
 	"github.com/onsi/gomega"
 
@@ -35,6 +36,39 @@ func TestNewClient(t *testing.T) {
 
 	gomega.Expect(err).To(gomega.HaveOccurred())
 
 }
 
 
+func TestValidateStore(t *testing.T) {
 
+	p := &Provider{}
 
+	gomega.RegisterTestingT(t)
 
+	store := &esv1beta1.SecretStore{
 
+		Spec: esv1beta1.SecretStoreSpec{
 
+			Provider: &esv1beta1.SecretStoreProvider{
 
+				Fake: &esv1beta1.FakeProvider{
 
+					Data: []esv1beta1.FakeProviderData{},
 
+				},
 
+			},
 
+		},
 
+	}
 
+	// empty data must not error
 
+	err := p.ValidateStore(store)
 
+	gomega.Expect(err).To(gomega.BeNil())
 
+	// missing key in data
 
+	data := esv1beta1.FakeProviderData{}
 
+	data.Version = "v1"
 
+	store.Spec.Provider.Fake.Data = []esv1beta1.FakeProviderData{data}
 
+	err = p.ValidateStore(store)
 
+	gomega.Expect(err).To(gomega.BeEquivalentTo(fmt.Errorf(errMissingKeyField, 0)))
 
+	// missing values in data
 
+	data.Key = "/foo"
 
+	store.Spec.Provider.Fake.Data = []esv1beta1.FakeProviderData{data}
 
+	err = p.ValidateStore(store)
 
+	gomega.Expect(err).To(gomega.BeEquivalentTo(fmt.Errorf(errMissingValueField, 0)))
 
+	// spec ok
 
+	data.Value = "bar"
 
+	data.ValueMap = map[string]string{"foo": "bar"}
 
+	store.Spec.Provider.Fake.Data = []esv1beta1.FakeProviderData{data}
 
+	err = p.ValidateStore(store)
 
+	gomega.Expect(err).To(gomega.BeNil())
 
+}
 
 func TestClose(t *testing.T) {
 
 	p := &Provider{}
 
 	gomega.RegisterTestingT(t)

+ 16 - 0
pkg/provider/ibm/provider.go
View File 

@@ -367,6 +367,22 @@ func (ibm *providerIBM) Validate() error {
 
 }
 
 
 func (ibm *providerIBM) ValidateStore(store esv1beta1.GenericStore) error {
 
+	storeSpec := store.GetSpec()
 
+	ibmSpec := storeSpec.Provider.IBM
 
+	if ibmSpec.ServiceURL == nil {
 
+		return fmt.Errorf("serviceURL is required")
 
+	}
 
+	secretRef := ibmSpec.Auth.SecretRef.SecretAPIKey
 
+	err := utils.ValidateSecretSelector(store, secretRef)
 
+	if err != nil {
 
+		return err
 
+	}
 
+	if secretRef.Name == "" {
 
+		return fmt.Errorf("secretAPIKey.name cannot be empty")
 
+	}
 
+	if secretRef.Key == "" {
 
+		return fmt.Errorf("secretAPIKey.key cannot be empty")
 
+	}
 
 	return nil
 
 }

+ 40 - 0
pkg/provider/ibm/provider_test.go
View File 

@@ -32,6 +32,10 @@ import (
 
 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/ibm/fake"
 
 )
 
 
+const (
 
+	errExpectedErr = "wanted error got nil"
 
+)
 
+
 
 type secretManagerTestCase struct {
 
 	mockClient     *fakesm.IBMMockClient
 
 	apiInput       *sm.GetSecretOptions
 
@@ -111,6 +115,42 @@ var setNilMockClient = func(smtc *secretManagerTestCase) {
 
 	smtc.expectError = errUninitalizedIBMProvider
 
 }
 
 
+// simple tests for Validate Store.
 
+func TestValidateStore(t *testing.T) {
 
+	p := providerIBM{}
 
+	store := &esv1beta1.SecretStore{
 
+		Spec: esv1beta1.SecretStoreSpec{
 
+			Provider: &esv1beta1.SecretStoreProvider{
 
+				IBM: &esv1beta1.IBMProvider{},
 
+			},
 
+		},
 
+	}
 
+	err := p.ValidateStore(store)
 
+	if err == nil {
 
+		t.Errorf(errExpectedErr)
 
+	} else if err.Error() != "serviceURL is required" {
 
+		t.Errorf("service URL test failed")
 
+	}
 
+	url := "my-url"
 
+	store.Spec.Provider.IBM.ServiceURL = &url
 
+	err = p.ValidateStore(store)
 
+	if err == nil {
 
+		t.Errorf(errExpectedErr)
 
+	} else if err.Error() != "secretAPIKey.name cannot be empty" {
 
+		t.Errorf("KeySelector test failed: expected secret name is required, got %v", err)
 
+	}
 
+	store.Spec.Provider.IBM.Auth.SecretRef.SecretAPIKey.Name = "foo"
 
+	store.Spec.Provider.IBM.Auth.SecretRef.SecretAPIKey.Key = "bar"
 
+	ns := "ns-one"
 
+	store.Spec.Provider.IBM.Auth.SecretRef.SecretAPIKey.Namespace = &ns
 
+	err = p.ValidateStore(store)
 
+	if err == nil {
 
+		t.Errorf(errExpectedErr)
 
+	} else if err.Error() != "namespace not allowed with namespaced SecretStore" {
 
+		t.Errorf("KeySelector test failed: expected namespace not allowed, got %v", err)
 
+	}
 
+}
 
+
 
 // test the sm<->gcp interface
 
 // make sure correct values are passed and errors are handled accordingly.
 
 func TestIBMSecretManagerGetSecret(t *testing.T) {