Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 0bb4feae4a
Branches Tags
helm-externa...
/
pkg
/
generator
/
acr
/
acr_test.go

acr_test.go 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package acr
    16. 

  16. 

  17. import (
    18. 

  18. 	"context"
    19. 

  19. 	"fmt"
    20. 

  20. 	"reflect"
    21. 

  21. 	"testing"
    22. 

  22. 

  23. 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
    24. 

  24. 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
    25. 

  25. 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
    26. 

  26. 	"github.com/stretchr/testify/assert"
    27. 

  27. 	v1 "k8s.io/api/core/v1"
    28. 

  28. 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    29. 

  29. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    30. 

  30. 	"k8s.io/client-go/kubernetes"
    31. 

  31. 	"sigs.k8s.io/controller-runtime/pkg/client"
    32. 

  32. 	clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
    33. 

  33. )
    34. 

  34. 

  35. func TestGenerate(t *testing.T) {
    36. 

  36. 	const (
    37. 

  37. 		testUsername = "11111111-2222-3333-4444-111111111111"
    38. 

  38. 		testURL      = "example.azurecr.io"
    39. 

  39. 	)
    40. 

  40. 	type args struct {
    41. 

  41. 		ctx                 context.Context
    42. 

  42. 		jsonSpec            *apiextensions.JSON
    43. 

  43. 		crClient            client.Client
    44. 

  44. 		kubeClient          kubernetes.Interface
    45. 

  45. 		namespace           string
    46. 

  46. 		accessTokenFetcher  accessTokenFetcher
    47. 

  47. 		refreshTokenFetcher refreshTokenFetcher
    48. 

  48. 		clientSecretCreds   clientSecretCredentialFunc
    49. 

  49. 	}
    50. 

  50. 	tests := []struct {
    51. 

  51. 		name    string
    52. 

  52. 		g       *Generator
    53. 

  53. 		args    args
    54. 

  54. 		want    map[string][]byte
    55. 

  55. 		wantErr bool
    56. 

  56. 	}{
    57. 

  57. 		{
    58. 

  58. 			name: "no spec",
    59. 

  59. 			args: args{
    60. 

  60. 				jsonSpec: nil,
    61. 

  61. 			},
    62. 

  62. 			wantErr: true,
    63. 

  63. 		},
    64. 

  64. 		{
    65. 

  65. 			name: "empty spec",
    66. 

  66. 			args: args{
    67. 

  67. 				jsonSpec: &apiextensions.JSON{},
    68. 

  68. 			},
    69. 

  69. 			wantErr: true,
    70. 

  70. 		},
    71. 

  71. 		{
    72. 

  72. 			name: "return acr access token if scope is defined",
    73. 

  73. 			args: args{
    74. 

  74. 				jsonSpec: &apiextensions.JSON{
    75. 

  75. 					Raw: []byte(fmt.Sprintf(`apiVersion: generators.external-secrets.io/v1alpha1
    76. 

  76. kind: ACRAccessToken
    77. 

  77. spec:
    78. 

  78.   tenantId: %s
    79. 

  79.   registry: %s
    80. 

  80.   scope: "repository:foo:pull,push"
    81. 

  81.   environmentType: "PublicCloud"
    82. 

  82.   auth:
    83. 

  83.     servicePrincipal:
    84. 

  84.       secretRef:
    85. 

  85.         clientSecret:
    86. 

  86.           name: az-secret
    87. 

  87.           key: clientsecret
    88. 

  88.         clientId:
    89. 

  89.           name: az-secret
    90. 

  90.           key: clientid`, testUsername, testURL)),
    91. 

  91. 				},
    92. 

  92. 				crClient: clientfake.NewClientBuilder().WithObjects(&v1.Secret{
    93. 

  93. 					ObjectMeta: metav1.ObjectMeta{
    94. 

  94. 						Name:      "az-secret",
    95. 

  95. 						Namespace: "foobar",
    96. 

  96. 					},
    97. 

  97. 					Data: map[string][]byte{
    98. 

  98. 						"clientsecret": []byte("foo"),
    99. 

  99. 						"clientid":     []byte("bar"),
    100. 

  100. 					},
    101. 

  101. 				}).Build(),
    102. 

  102. 				namespace: "foobar",
    103. 

  103. 				ctx:       context.Background(),
    104. 

  104. 				accessTokenFetcher: func(acrRefreshToken, tenantID, registryURL, scope string) (string, error) {
    105. 

  105. 					assert.Equal(t, "acrrefreshtoken", acrRefreshToken)
    106. 

  106. 					assert.Equal(t, tenantID, testUsername)
    107. 

  107. 					assert.Equal(t, registryURL, testURL)
    108. 

  108. 					assert.Equal(t, scope, "repository:foo:pull,push")
    109. 

  109. 					return "acraccesstoken", nil
    110. 

  110. 				},
    111. 

  111. 				refreshTokenFetcher: func(aadAccessToken, tenantID, registryURL string) (string, error) {
    112. 

  112. 					assert.Equal(t, "1234", aadAccessToken)
    113. 

  113. 					assert.Equal(t, tenantID, testUsername)
    114. 

  114. 					assert.Equal(t, registryURL, testURL)
    115. 

  115. 					return "acrrefreshtoken", nil
    116. 

  116. 				},
    117. 

  117. 				clientSecretCreds: func(tenantID, clientID, clientSecret string, options *azidentity.ClientSecretCredentialOptions) (TokenGetter, error) {
    118. 

  118. 					return &FakeTokenGetter{
    119. 

  119. 						token: azcore.AccessToken{
    120. 

  120. 							Token: "1234",
    121. 

  121. 						},
    122. 

  122. 					}, nil
    123. 

  123. 				},
    124. 

  124. 			},
    125. 

  125. 			want: map[string][]byte{
    126. 

  126. 				"username": []byte(defaultLoginUsername),
    127. 

  127. 				"password": []byte("acraccesstoken"),
    128. 

  128. 			},
    129. 

  129. 		},
    130. 

  130. 		{
    131. 

  131. 			name: "return acr refresh token if scope is not defined",
    132. 

  132. 			args: args{
    133. 

  133. 				jsonSpec: &apiextensions.JSON{
    134. 

  134. 					Raw: []byte(fmt.Sprintf(`apiVersion: generators.external-secrets.io/v1alpha1
    135. 

  135. kind: ACRAccessToken
    136. 

  136. spec:
    137. 

  137.   tenantId: %s
    138. 

  138.   registry: %s
    139. 

  139.   environmentType: "PublicCloud"
    140. 

  140.   auth:
    141. 

  141.     servicePrincipal:
    142. 

  142.       secretRef:
    143. 

  143.         clientSecret:
    144. 

  144.           name: az-secret
    145. 

  145.           key: clientsecret
    146. 

  146.         clientId:
    147. 

  147.           name: az-secret
    148. 

  148.           key: clientid`, testUsername, testURL)),
    149. 

  149. 				},
    150. 

  150. 				crClient: clientfake.NewClientBuilder().WithObjects(&v1.Secret{
    151. 

  151. 					ObjectMeta: metav1.ObjectMeta{
    152. 

  152. 						Name:      "az-secret",
    153. 

  153. 						Namespace: "foobar",
    154. 

  154. 					},
    155. 

  155. 					Data: map[string][]byte{
    156. 

  156. 						"clientsecret": []byte("foo"),
    157. 

  157. 						"clientid":     []byte("bar"),
    158. 

  158. 					},
    159. 

  159. 				}).Build(),
    160. 

  160. 				namespace: "foobar",
    161. 

  161. 				ctx:       context.Background(),
    162. 

  162. 				accessTokenFetcher: func(acrRefreshToken, tenantID, registryURL, scope string) (string, error) {
    163. 

  163. 					t.Fail()
    164. 

  164. 					return "", nil
    165. 

  165. 				},
    166. 

  166. 				refreshTokenFetcher: func(aadAccessToken, tenantID, registryURL string) (string, error) {
    167. 

  167. 					assert.Equal(t, "1234", aadAccessToken)
    168. 

  168. 					assert.Equal(t, tenantID, testUsername)
    169. 

  169. 					assert.Equal(t, registryURL, testURL)
    170. 

  170. 					return "acrrefreshtoken", nil
    171. 

  171. 				},
    172. 

  172. 				clientSecretCreds: func(tenantID, clientID, clientSecret string, options *azidentity.ClientSecretCredentialOptions) (TokenGetter, error) {
    173. 

  173. 					return &FakeTokenGetter{
    174. 

  174. 						token: azcore.AccessToken{
    175. 

  175. 							Token: "1234",
    176. 

  176. 						},
    177. 

  177. 					}, nil
    178. 

  178. 				},
    179. 

  179. 			},
    180. 

  180. 			want: map[string][]byte{
    181. 

  181. 				"username": []byte(defaultLoginUsername),
    182. 

  182. 				"password": []byte("acrrefreshtoken"),
    183. 

  183. 			},
    184. 

  184. 		},
    185. 

  185. 	}
    186. 

  186. 	for _, tt := range tests {
    187. 

  187. 		t.Run(tt.name, func(t *testing.T) {
    188. 

  188. 			g := &Generator{
    189. 

  189. 				clientSecretCreds: tt.args.clientSecretCreds,
    190. 

  190. 			}
    191. 

  191. 			got, err := g.generate(
    192. 

  192. 				tt.args.ctx,
    193. 

  193. 				tt.args.jsonSpec,
    194. 

  194. 				tt.args.crClient,
    195. 

  195. 				tt.args.namespace,
    196. 

  196. 				tt.args.kubeClient,
    197. 

  197. 				tt.args.accessTokenFetcher,
    198. 

  198. 				tt.args.refreshTokenFetcher,
    199. 

  199. 			)
    200. 

  200. 			if (err != nil) != tt.wantErr {
    201. 

  201. 				t.Errorf("Generator.Generate() error = %v, wantErr %v", err, tt.wantErr)
    202. 

  202. 				return
    203. 

  203. 			}
    204. 

  204. 			if !reflect.DeepEqual(got, tt.want) {
    205. 

  205. 				t.Errorf("Generator.Generate() = %v, want %v", got, tt.want)
    206. 

  206. 			}
    207. 

  207. 		})
    208. 

  208. 	}
    209. 

  209. }
    210. 

  210. 

  211. type FakeTokenGetter struct {
    212. 

  212. 	token azcore.AccessToken
    213. 

  213. 	err   error
    214. 

  214. }
    215. 

  215. 

  216. func (f *FakeTokenGetter) GetToken(_ context.Context, _ policy.TokenRequestOptions) (azcore.AccessToken, error) {
    217. 

  217. 	return f.token, f.err
    218. 

  218. }
    219.