Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 019c95b173
Branches Tags
helm-externa...
/
pkg
/
provider
/
kubernetes
/
provider_test.go

provider_test.go 7.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271 
  1. /*
    2. 

  2. Copyright © 2025 ESO Maintainer Team
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package kubernetes
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"testing"
    22. 

  22. 

  23. 	"github.com/stretchr/testify/assert"
    24. 

  24. 	corev1 "k8s.io/api/core/v1"
    25. 

  25. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    26. 

  26. 	"k8s.io/client-go/kubernetes"
    27. 

  27. 	clientgofake "k8s.io/client-go/kubernetes/fake"
    28. 

  28. 	pointer "k8s.io/utils/ptr"
    29. 

  29. 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
    30. 

  30. 	fclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
    31. 

  31. 

  32. 	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    33. 

  33. 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
    34. 

  34. )
    35. 

  35. 

  36. const (
    37. 

  37. 	testCertificate = `-----BEGIN CERTIFICATE-----
    38. 

  38. MIIDHTCCAgWgAwIBAgIRAKC4yxy9QGocND+6avTf7BgwDQYJKoZIhvcNAQELBQAw
    39. 

  39. EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0yMTAzMjAyMDA4MDhaFw0yMTAzMjAyMDM4
    40. 

  40. MDhaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
    41. 

  41. ggEKAoIBAQC3o6/JdZEqNbqNRkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4Nzj
    42. 

  42. aG15owr92/11W0pxPUliRLti3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvW
    43. 

  43. Y8jh8A0LQALZiV/9QsrJdXZdS47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE
    44. 

  44. 1gEDqnKfRxXI8DEQKXr+CKPUwCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4e
    45. 

  45. ugHe52vXHdh/HJ9VjNp0xOH1waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJa
    46. 

  46. YOOonQSEswveSv6PcG9AHvpNPot2Xs6hAgMBAAGjbjBsMA4GA1UdDwEB/wQEAwIC
    47. 

  47. pDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    48. 

  48. BBR00805mrpoonp95RmC3B6oLl+cGTAVBgNVHREEDjAMggpnb29ibGUuY29tMA0G
    49. 

  49. CSqGSIb3DQEBCwUAA4IBAQAipc1b6JrEDayPjpz5GM5krcI8dCWVd8re0a9bGjjN
    50. 

  50. ioWGlu/eTr5El0ffwCNZ2WLmL9rewfHf/bMvYz3ioFZJ2OTxfazqYXNggQz6cMfa
    51. 

  51. lbedDCdt5XLVX2TyerGvFram+9Uyvk3l0uM7rZnwAmdirG4Tv94QRaD3q4xTj/c0
    52. 

  52. mv+AggtK0aRFb9o47z/BypLdk5mhbf3Mmr88C8XBzEnfdYyf4JpTlZrYLBmDCu5d
    53. 

  53. 9RLLsjXxhag8xqMtd1uLUM8XOTGzVWacw8iGY+CTtBKqyA+AE6/bDwZvEwVtsKtC
    54. 

  54. QJ85ioEpy00NioqcF0WyMZH80uMsPycfpnl5uF7RkW8u
    55. 

  55. -----END CERTIFICATE-----`
    56. 

  56. 	testKubeConfig = `apiVersion: v1
    57. 

  57. clusters:
    58. 

  58. - cluster:
    59. 

  59.     server: https://api.my-domain.tld
    60. 

  60.   name: mycluster
    61. 

  61. contexts:
    62. 

  62. - context:
    63. 

  63.     cluster: mycluster
    64. 

  64.     user: myuser
    65. 

  65.   name: mycontext
    66. 

  66. current-context: mycontext
    67. 

  67. kind: Config
    68. 

  68. preferences: {}
    69. 

  69. users:
    70. 

  70. - name: myuser
    71. 

  71.   user:
    72. 

  72.     token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE3MTkzOTY4OTksImV4cCI6MTc1MDkzMjg4NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.xXrfIl0akhfjWU_BDl7Ad54SXje0YlJdnugzwh96VmM
    73. 

  73. `
    74. 

  74. )
    75. 

  75. 

  76. func TestNewClient(t *testing.T) {
    77. 

  77. 	type fields struct {
    78. 

  78. 		Client       KClient
    79. 

  79. 		ReviewClient RClient
    80. 

  80. 		Namespace    string
    81. 

  81. 	}
    82. 

  82. 	type args struct {
    83. 

  83. 		store     esv1.GenericStore
    84. 

  84. 		kube      kclient.Client
    85. 

  85. 		clientset kubernetes.Interface
    86. 

  86. 		namespace string
    87. 

  87. 	}
    88. 

  88. 	tests := []struct {
    89. 

  89. 		name    string
    90. 

  90. 		fields  fields
    91. 

  91. 		args    args
    92. 

  92. 		want    bool
    93. 

  93. 		wantErr bool
    94. 

  94. 	}{
    95. 

  95. 		{
    96. 

  96. 			name:   "invalid store",
    97. 

  97. 			fields: fields{},
    98. 

  98. 			args: args{
    99. 

  99. 				store: &esv1.ClusterSecretStore{
    100. 

  100. 					TypeMeta: metav1.TypeMeta{
    101. 

  101. 						Kind: esv1.ClusterSecretStoreKind,
    102. 

  102. 					},
    103. 

  103. 					Spec: esv1.SecretStoreSpec{
    104. 

  104. 						Provider: &esv1.SecretStoreProvider{},
    105. 

  105. 					},
    106. 

  106. 				},
    107. 

  107. 				kube: fclient.NewClientBuilder().Build(),
    108. 

  108. 			},
    109. 

  109. 			wantErr: true,
    110. 

  110. 		},
    111. 

  111. 		{
    112. 

  112. 			name:   "test auth ref",
    113. 

  113. 			fields: fields{},
    114. 

  114. 			args: args{
    115. 

  115. 				store: &esv1.ClusterSecretStore{
    116. 

  116. 					TypeMeta: metav1.TypeMeta{
    117. 

  117. 						Kind: esv1.ClusterSecretStoreKind,
    118. 

  118. 					},
    119. 

  119. 					Spec: esv1.SecretStoreSpec{
    120. 

  120. 						Provider: &esv1.SecretStoreProvider{
    121. 

  121. 							Kubernetes: &esv1.KubernetesProvider{
    122. 

  122. 								AuthRef: &v1.SecretKeySelector{
    123. 

  123. 									Name:      "foo",
    124. 

  124. 									Namespace: pointer.To("default"),
    125. 

  125. 									Key:       "config",
    126. 

  126. 								},
    127. 

  127. 							},
    128. 

  128. 						},
    129. 

  129. 					},
    130. 

  130. 				},
    131. 

  131. 				namespace: "",
    132. 

  132. 				kube: fclient.NewClientBuilder().WithObjects(&corev1.Secret{
    133. 

  133. 					ObjectMeta: metav1.ObjectMeta{
    134. 

  134. 						Name:      "foo",
    135. 

  135. 						Namespace: "default",
    136. 

  136. 					},
    137. 

  137. 					Data: map[string][]byte{
    138. 

  138. 						"config": []byte(testKubeConfig),
    139. 

  139. 					},
    140. 

  140. 				}).Build(),
    141. 

  141. 				clientset: clientgofake.NewSimpleClientset(),
    142. 

  142. 			},
    143. 

  143. 			want: true,
    144. 

  144. 		},
    145. 

  145. 		{
    146. 

  146. 			name:   "test referent auth return",
    147. 

  147. 			fields: fields{},
    148. 

  148. 			args: args{
    149. 

  149. 				store: &esv1.ClusterSecretStore{
    150. 

  150. 					TypeMeta: metav1.TypeMeta{
    151. 

  151. 						Kind: esv1.ClusterSecretStoreKind,
    152. 

  152. 					},
    153. 

  153. 					Spec: esv1.SecretStoreSpec{
    154. 

  154. 						Provider: &esv1.SecretStoreProvider{
    155. 

  155. 							Kubernetes: &esv1.KubernetesProvider{
    156. 

  156. 								Server: esv1.KubernetesServer{
    157. 

  157. 									URL:      "https://my.test.tld",
    158. 

  158. 									CABundle: []byte(testCertificate),
    159. 

  159. 								},
    160. 

  160. 								Auth: &esv1.KubernetesAuth{
    161. 

  161. 									Token: &esv1.TokenAuth{
    162. 

  162. 										BearerToken: v1.SecretKeySelector{
    163. 

  163. 											Name: "foo",
    164. 

  164. 											Key:  "token",
    165. 

  165. 										},
    166. 

  166. 									},
    167. 

  167. 								},
    168. 

  168. 							},
    169. 

  169. 						},
    170. 

  170. 					},
    171. 

  171. 				},
    172. 

  172. 				namespace: "",
    173. 

  173. 				kube:      fclient.NewClientBuilder().Build(),
    174. 

  174. 				clientset: clientgofake.NewSimpleClientset(),
    175. 

  175. 			},
    176. 

  176. 			want: true,
    177. 

  177. 		},
    178. 

  178. 		{
    179. 

  179. 			name:   "auth fail results in error",
    180. 

  180. 			fields: fields{},
    181. 

  181. 			args: args{
    182. 

  182. 				store: &esv1.ClusterSecretStore{
    183. 

  183. 					TypeMeta: metav1.TypeMeta{
    184. 

  184. 						Kind: esv1.ClusterSecretStoreKind,
    185. 

  185. 					},
    186. 

  186. 					Spec: esv1.SecretStoreSpec{
    187. 

  187. 						Provider: &esv1.SecretStoreProvider{
    188. 

  188. 							Kubernetes: &esv1.KubernetesProvider{
    189. 

  189. 								Server: esv1.KubernetesServer{
    190. 

  190. 									URL:      "https://my.test.tld",
    191. 

  191. 									CABundle: []byte(testCertificate),
    192. 

  192. 								},
    193. 

  193. 								RemoteNamespace: "remote",
    194. 

  194. 								Auth: &esv1.KubernetesAuth{
    195. 

  195. 									Token: &esv1.TokenAuth{
    196. 

  196. 										BearerToken: v1.SecretKeySelector{
    197. 

  197. 											Name:      "foo",
    198. 

  198. 											Namespace: pointer.To("default"),
    199. 

  199. 											Key:       "token",
    200. 

  200. 										},
    201. 

  201. 									},
    202. 

  202. 								},
    203. 

  203. 							},
    204. 

  204. 						},
    205. 

  205. 					},
    206. 

  206. 				},
    207. 

  207. 				namespace: "foobarothernamespace",
    208. 

  208. 				clientset: clientgofake.NewSimpleClientset(),
    209. 

  209. 				kube:      fclient.NewClientBuilder().Build(),
    210. 

  210. 			},
    211. 

  211. 			wantErr: true,
    212. 

  212. 		},
    213. 

  213. 		{
    214. 

  214. 			name:   "test auth",
    215. 

  215. 			fields: fields{},
    216. 

  216. 			args: args{
    217. 

  217. 				store: &esv1.ClusterSecretStore{
    218. 

  218. 					TypeMeta: metav1.TypeMeta{
    219. 

  219. 						Kind: esv1.ClusterSecretStoreKind,
    220. 

  220. 					},
    221. 

  221. 					Spec: esv1.SecretStoreSpec{
    222. 

  222. 						Provider: &esv1.SecretStoreProvider{
    223. 

  223. 							Kubernetes: &esv1.KubernetesProvider{
    224. 

  224. 								Server: esv1.KubernetesServer{
    225. 

  225. 									URL:      "https://my.test.tld",
    226. 

  226. 									CABundle: []byte(testCertificate),
    227. 

  227. 								},
    228. 

  228. 								RemoteNamespace: "remote",
    229. 

  229. 								Auth: &esv1.KubernetesAuth{
    230. 

  230. 									Token: &esv1.TokenAuth{
    231. 

  231. 										BearerToken: v1.SecretKeySelector{
    232. 

  232. 											Name:      "foo",
    233. 

  233. 											Namespace: pointer.To("default"),
    234. 

  234. 											Key:       "token",
    235. 

  235. 										},
    236. 

  236. 									},
    237. 

  237. 								},
    238. 

  238. 							},
    239. 

  239. 						},
    240. 

  240. 					},
    241. 

  241. 				},
    242. 

  242. 				namespace: "foobarothernamespace",
    243. 

  243. 				clientset: clientgofake.NewSimpleClientset(),
    244. 

  244. 				kube: fclient.NewClientBuilder().WithObjects(&corev1.Secret{
    245. 

  245. 					ObjectMeta: metav1.ObjectMeta{
    246. 

  246. 						Name:      "foo",
    247. 

  247. 						Namespace: "default",
    248. 

  248. 					},
    249. 

  249. 					Data: map[string][]byte{
    250. 

  250. 						"token": []byte("1234"),
    251. 

  251. 					},
    252. 

  252. 				}).Build(),
    253. 

  253. 			},
    254. 

  254. 			want: true,
    255. 

  255. 		},
    256. 

  256. 	}
    257. 

  257. 	for _, tt := range tests {
    258. 

  258. 		t.Run(tt.name, func(t *testing.T) {
    259. 

  259. 			got, err := (&Provider{}).newClient(context.Background(), tt.args.store, tt.args.kube, tt.args.clientset, tt.args.namespace)
    260. 

  260. 			if (err != nil) != tt.wantErr {
    261. 

  261. 				t.Errorf("ProviderKubernetes.NewClient() error = %v, wantErr %v", err, tt.wantErr)
    262. 

  262. 				return
    263. 

  263. 			}
    264. 

  264. 			if tt.want {
    265. 

  265. 				assert.NotNil(t, got)
    266. 

  266. 			} else {
    267. 

  267. 				assert.Nil(t, got)
    268. 

  268. 			}
    269. 

  269. 		})
    270. 

  270. 	}
    271. 

  271. }
    272.