logic855
/
helm-external-secrets
mirror da https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412
							/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package pulumi

import (
	"context"
	"encoding/json"
	"fmt"
	"net/http"
	"net/http/httptest"
	"reflect"
	"testing"

	esc "github.com/pulumi/esc-sdk/sdk/go"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
)

// Constants for content type and value.
const contentTypeValue = "application/json"
const contentType = "Content-Type"

func newTestClient(t *testing.T, _, pattern string, handler func(w http.ResponseWriter, r *http.Request)) *client {
	const token = "test-token"

	mux := http.NewServeMux()

	mux.HandleFunc(pattern, handler)
	mux.HandleFunc("/environments/foo/default/bar/open/", func(w http.ResponseWriter, r *http.Request) {
		r.Header.Add(contentType, contentTypeValue)
		w.Header().Add(contentType, contentTypeValue)
		w.WriteHeader(http.StatusOK)
		err := json.NewEncoder(w).Encode(map[string]interface{}{
			"id": "session-id",
		})
		require.NoError(t, err)
	})

	server := httptest.NewServer(mux)
	t.Cleanup(server.Close)
	configuration := esc.NewConfiguration()
	configuration.AddDefaultHeader("Authorization", "token "+token)
	configuration.UserAgent = "external-secrets-operator"
	configuration.Servers = esc.ServerConfigurations{
		esc.ServerConfiguration{
			URL: server.URL,
		},
	}
	ctx := esc.NewAuthContext(token)
	escClient := esc.NewClient(configuration)
	return &client{
		escClient:    *escClient,
		authCtx:      ctx,
		organization: "foo",
		environment:  "bar",
		project:      "default",
	}
}

func TestGetSecret(t *testing.T) {
	testmap := map[string]interface{}{
		"b": "world",
	}

	client := newTestClient(t, http.MethodGet, "/environments/foo/default/bar/open/session-id", func(w http.ResponseWriter, r *http.Request) {
		r.Header.Add(contentType, contentTypeValue)
		w.Header().Add(contentType, contentTypeValue)
		err := json.NewEncoder(w).Encode(esc.NewValue(testmap, esc.Trace{}))
		require.NoError(t, err)
	})

	testCases := map[string]struct {
		ref  esv1beta1.ExternalSecretDataRemoteRef
		want []byte
		err  error
	}{
		"querying for the key returns the value": {
			ref: esv1beta1.ExternalSecretDataRemoteRef{
				Key: "b",
			},
			want: []byte(`{"b":"world"}`),
		},
	}
	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			got, err := client.GetSecret(context.TODO(), tc.ref)
			if tc.err == nil {
				assert.NoError(t, err)
				assert.Equal(t, tc.want, got)
			} else {
				assert.Nil(t, got)
				assert.ErrorIs(t, err, tc.err)
				assert.Equal(t, tc.err, err)
			}
		})
	}
}

func TestGetSecretMap(t *testing.T) {
	tests := []struct {
		name  string
		ref   esv1beta1.ExternalSecretDataRemoteRef
		input map[string]interface{}

		want    map[string][]byte
		wantErr bool
	}{
		{
			name: "successful case (basic types)",
			ref: esv1beta1.ExternalSecretDataRemoteRef{
				Key: "mysec",
			},
			input: map[string]interface{}{
				"foo": map[string]interface{}{
					"value": "bar",
					"trace": map[string]interface{}{
						"def": map[string]interface{}{
							"environment": "bar",
							"begin": map[string]interface{}{
								"line":   3,
								"column": 9,
								"byte":   29,
							},
							"end": map[string]interface{}{
								"line":   3,
								"column": 13,
								"byte":   33,
							},
						},
					},
				},
				"foobar": map[string]interface{}{
					"value": "42",
					"trace": map[string]interface{}{
						"def": map[string]interface{}{
							"environment": "bar",
							"begin": map[string]interface{}{
								"line":   4,
								"column": 9,
								"byte":   38,
							},
							"end": map[string]interface{}{
								"line":   4,
								"column": 13,
								"byte":   42,
							},
						},
					},
				},
				"bar": map[string]interface{}{
					"value": true,
					"trace": map[string]interface{}{
						"def": map[string]interface{}{
							"environment": "bar",
							"begin": map[string]interface{}{
								"line":   5,
								"column": 9,
								"byte":   47,
							},
							"end": map[string]interface{}{
								"line":   5,
								"column": 13,
								"byte":   51,
							},
						},
					},
				},
			},
			want: map[string][]byte{
				"foo":    []byte("bar"),
				"foobar": []byte("42"),
				"bar":    []byte(`true`),
			},
			wantErr: false,
		},
		{
			name: "successful case (nested)",
			ref: esv1beta1.ExternalSecretDataRemoteRef{
				Key: "mysec",
			},
			input: map[string]interface{}{
				"test22": map[string]interface{}{
					"value": map[string]interface{}{
						"my": map[string]interface{}{
							"value": "hello",
							"trace": map[string]interface{}{
								"def": map[string]interface{}{
									"environment": "bar",
									"begin": map[string]interface{}{
										"line":   6,
										"column": 11,
										"byte":   72,
									},
									"end": map[string]interface{}{
										"line":   6,
										"column": 16,
										"byte":   77,
									},
								},
							},
						},
					},
					"trace": map[string]interface{}{
						"def": map[string]interface{}{
							"environment": "bar",
							"begin": map[string]interface{}{
								"line":   6,
								"column": 7,
								"byte":   68,
							},
							"end": map[string]interface{}{
								"line":   6,
								"column": 16,
								"byte":   77,
							},
						},
					},
				},
				"test33": map[string]interface{}{
					"value": map[string]interface{}{
						"world": map[string]interface{}{
							"value": "hello",
							"trace": map[string]interface{}{
								"def": map[string]interface{}{
									"environment": "bar",
									"begin": map[string]interface{}{
										"line":   8,
										"column": 14,
										"byte":   103,
									},
									"end": map[string]interface{}{
										"line":   8,
										"column": 19,
										"byte":   108,
									},
								},
							},
						},
					},
					"trace": map[string]interface{}{
						"def": map[string]interface{}{
							"environment": "bar",
							"begin": map[string]interface{}{
								"line":   8,
								"column": 7,
								"byte":   96,
							},
							"end": map[string]interface{}{
								"line":   8,
								"column": 19,
								"byte":   108,
							},
						},
					},
				},
			},
			want: map[string][]byte{
				"test22": []byte(`{"my":{"trace":{"def":{"begin":{"byte":72,"column":11,"line":6},"end":{"byte":77,"column":16,"line":6},"environment":"bar"}},"value":"hello"}}`),
				"test33": []byte(`{"world":{"trace":{"def":{"begin":{"byte":103,"column":14,"line":8},"end":{"byte":108,"column":19,"line":8},"environment":"bar"}},"value":"hello"}}`),
			},
			wantErr: false,
		},
		{
			name: "successful case (basic + nested)",
			ref: esv1beta1.ExternalSecretDataRemoteRef{
				Key: "mysec",
			},
			input: map[string]interface{}{
				"foo": map[string]interface{}{
					"value": "bar",
					"trace": map[string]interface{}{
						"def": map[string]interface{}{
							"environment": "bar",
							"begin": map[string]interface{}{
								"line":   3,
								"column": 9,
								"byte":   29,
							},
							"end": map[string]interface{}{
								"line":   3,
								"column": 13,
								"byte":   33,
							},
						},
					},
				},
				"test22": map[string]interface{}{
					"value": map[string]interface{}{
						"my": map[string]interface{}{
							"value": "hello",
							"trace": map[string]interface{}{
								"def": map[string]interface{}{
									"environment": "bar",
									"begin": map[string]interface{}{
										"line":   6,
										"column": 11,
										"byte":   72,
									},
									"end": map[string]interface{}{
										"line":   6,
										"column": 16,
										"byte":   77,
									},
								},
							},
						},
					},
					"trace": map[string]interface{}{
						"def": map[string]interface{}{
							"environment": "bar",
							"begin": map[string]interface{}{
								"line":   6,
								"column": 7,
								"byte":   68,
							},
							"end": map[string]interface{}{
								"line":   6,
								"column": 16,
								"byte":   77,
							},
						},
					},
				},
			},
			want: map[string][]byte{
				"foo":    []byte("bar"),
				"test22": []byte(`{"my":{"trace":{"def":{"begin":{"byte":72,"column":11,"line":6},"end":{"byte":77,"column":16,"line":6},"environment":"bar"}},"value":"hello"}}`),
			},
			wantErr: false,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			p := newTestClient(t, http.MethodGet, "/environments/foo/default/bar/open/session-id", func(w http.ResponseWriter, r *http.Request) {
				r.Header.Add(contentType, contentTypeValue)
				w.Header().Add(contentType, contentTypeValue)
				err2 := json.NewEncoder(w).Encode(esc.NewValue(tt.input, esc.Trace{}))
				require.NoError(t, err2)
			})
			got, err := p.GetSecretMap(context.TODO(), tt.ref)
			fmt.Print(got)
			if (err != nil) != tt.wantErr {
				t.Errorf("ProviderPulumi.GetSecretMap() error = %v, wantErr %v", err, tt.wantErr)
				return
			}
			if !reflect.DeepEqual(got, tt.want) {
				t.Errorf("ProviderPulumi.GetSecretMap() get = %v, want %v", got, tt.want)
			}
		})
	}
}

func TestCreateSubmaps(t *testing.T) {
	input := map[string]interface{}{
		"a.b.c": 1,
		"a.b.d": 2,
		"a.e":   3,
		"f":     4,
	}

	expected := map[string]interface{}{
		"a": map[string]interface{}{
			"b": map[string]interface{}{
				"c": 1,
				"d": 2,
			},
			"e": 3,
		},
		"f": 4,
	}

	result := createSubmaps(input)

	if !reflect.DeepEqual(result, expected) {
		t.Errorf("createSubmaps() = %v, want %v", result, expected)
	}

	// Test nested access
	a, ok := result["a"].(map[string]interface{})
	if !ok {
		t.Errorf("Expected 'a' to be a map")
	}

	b, ok := a["b"].(map[string]interface{})
	if !ok {
		t.Errorf("Expected 'a.b' to be a map")
	}

	c, ok := b["c"].(int)
	if !ok || c != 1 {
		t.Errorf("Expected 'a.b.c' to be 1, got %v", b["c"])
	}

	// Test non-nested key
	f, ok := result["f"].(int)
	if !ok || f != 4 {
		t.Errorf("Expected 'f' to be 4, got %v", result["f"])
	}
}