Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 29bcac14d1
Branches Tags
helm-externa...
/
pkg
/
template
/
v2
/
template_test.go

template_test.go 33 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857 
  1. /*
    2. 

  2. Copyright © 2025 ESO Maintainer Team
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package template
    18. 

  18. 

  19. import (
    20. 

  20. 	"os"
    21. 

  21. 	"strings"
    22. 

  22. 	"testing"
    23. 

  23. 

  24. 	"github.com/google/go-cmp/cmp"
    25. 

  25. 	"github.com/stretchr/testify/assert"
    26. 

  26. 	"github.com/stretchr/testify/require"
    27. 

  27. 	corev1 "k8s.io/api/core/v1"
    28. 

  28. 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    29. 

  29. 

  30. 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    31. 

  31. )
    32. 

  32. 

  33. const (
    34. 

  34. 	pkcs12ContentNoPass   = `MIIJYQIBAzCCCScGCSqGSIb3DQEHAaCCCRgEggkUMIIJEDCCA8cGCSqGSIb3DQEHBqCCA7gwggO0AgEAMIIDrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQInZmyWpNTPS4CAggAgIIDgPzZTmogBRiLP0NJZEUghZ3Oh1aqHJJ32HKgXUpD5BJ/5AvpUL9FC7m6a3GD++P1On/35J9N50bDjfBJjJrl2zpA143bzltPQBOK30cBJjNsCeN2Dq1dcsvJZfEy20z75NduXjMF6/qs4BbE+1E6nYFYVNHUybFnaQwSx7+2/2OMbXbcFpt4bv3HTw0YLw2pZeW/4/4A9d+tC9UdVQTTyNbI8l9nf1aeaaPsw1keVLmHurmTihfwh469FvjgwiHUP/P3ZCn1tOpWDR8ck0j+ru6imVP2hn+Kvk6svllmYqo3A5DnDRoF/Cl9R0DAPyS0lw7BeGskgTm7B79mzVitTbzRnIUP+sGJjc1AVghnitfcX4ffv8gq5xWaKGucO/IZXbPBoe7tMhKZmsirKzD4RBhC3nMyrwaHJB6PqUwxMQGMLbuHe7GlWhJAyFlcOTt5dgNl+axIkWdisoKNinYYeOuxudqyX6yPfsyaRCV5MEez3Wu+59MENGlGDRWbw61QuwsZkr1bAT2SJrQ/zHn5aGAluQZ1csJhKQ34iy1Ml9K9F4Zh3/2OWPs0u6+JCb1PC1vChBkguqcqQtEcikRwR9dNF9cdMB1T1Xk5GqlmOPaigkYzGWLgtl8cV5/Zl0m2j77mX9x4HVCTercAABGf9JcCLzSCo04c5OwIYtWUXBkux5n2VI2ZIuS1KF+r6JNyL3lg/D8LColzDUP/6tQCBVVgMar3iLblM17wPMTDMR5Bn+NvenwJj6FWaGGMtdjygtN+oSHpNDbVygfGQy+jEgUtK7yw0uh/WKBMWVw1E6iNuhb8HIyCFtQon8sDkuZ81czOpR3Ta1SWUWrZD+pjpL2Z4y8Nc2wt9pVPvLFOTn+GDFVqGpde3kovh3GfJjYCG/HI5rXZyziflDOoSy0SyG6aVCG4ZqW2LTymoVN/kxf+skqAweX1vxvvJniiv8HgYfEASFUWear4uT641d1YwcEIawNv4n+GKBilK/7ODl2QL86svwqIcbyiJrneyU2tHymKzGcU2VxmSgf8EnjqGuIEo7WXOpk0oUMcvYrM73cgzZ3BchUDIN0KWSDI+vDcVY82dbI39KM6dtOJFAx3kEdms/gdSqZtmHUIeArGp+8caCCAK/W+4wTOvtisK+6MtzdMz6P93N78N4Vo6cs3dkj6t/6tgNog5SCfwlOEyUpmMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECHVnarQ94cqlAgIIAASCBMgUvEVKsUcqEvYJEJ9JixgB0W3uhSi/Espt931a/mwx5Ja2K7vjlttaOct3Zc8umVrP5C322tmHz9QDVPj3Bln8CGfofC/8Nb6+SDeofmYaQYReOZpZGksEBs4P3yURl8wQpIkG31Oyf3urDTJdplfDrzu6XpEpIf7RicIR+Zh4Q1+F75XwPo52/yNs8q/kVV8H97gSRqQ2GixIdyNu+JLtNjdwAERHy4DeQjwgiMCdL+xMfN+WJyIvkLZDoy9bacXeG4IcQM+n84272C6j1a0BPaOm0K5A7I0H1zpXOJiWfn3MrT4LHDudrQoIWUOvcJjWaIM/KyghotDN50THKN9qCEE9SmtfWXGGFaJmyxbUDFizBIAsFshNtMs/47PoInTSNwzxNvUUQ3ap93iquGZ9EaZAMY2HQHW/QJIQ70IbtcHU28Bus/hrMcV0X9D1p4UeHuk37W7aCrL6hS+ac9pmzwmcDBwZUliyInxRmqCCerjg2ojAM9SVg8FrpQUErP+BOaoCBwQqLLiz9BM+3tUQc/8MyaBHq+c2dUoPfvipDIQXYiq66CkjmPHxPFEL1l9d9oBFoIGkt6SIHDjWnTPc5q5SvJ9tz8Dp1k/1HQSA8OUS6j+XySYuGe8xTvN/oUpVRswef2Qd/kxZlc1FJ4lVAXvbW7C7772l14BJv/WULcFH4Sn83rlL3YwHr4vJMf6wLahn7oQPI0VFSQiiOOb/+gkiTrwO3Gz+HXOkUwaKnW85PeoIt3/q1u0CRl64mUjqCegi7RMY9Q9tRMlD5yx0RsH7mc4b6Eg/3IwGu8VQmZCO5W2unCpfzzyrOx7OaGGaW4RJ2Mx7bJ8uV9HU8MbbNntmc9oxebPdDnBmbt8p8t4ZZxC+zcqcXi3TxACXmwnasogQEi0d0ttXkB5cnDCG00Y8WPdNIWfJdIQh8Hj16LAMYWUacz/J0kLP99ENQntZibVw/Q3zZtHSF5tmsYp7o1HglBpRwLTcd026YTrxB+VCEiUYy4hH6a38oEEpY7wTIiRmEBQPIRM0HUOqVh4z6TNzRx6iIhrQEvg06B8U6iVPqy8FGDkhf3P55Ed95/Rw6uSdlMTHng+Q4aG00k4qKdKOyv55IXPcvEzAeVNBuesknaS8x7Eb/I5mHSoZU3RYAEFGbehUkvkhNr3Xq7/W/400AKiliravJq8j/qKIZ9hAVUWOps09F/4peYfLXM1AhxWWGa5QqvwFkClM+uRyqIRGJwl2Z7asl4sWVXbwtb+Axio+mYGdzxIki5iwJvRCwKapoZplndXKTrn2nYBuhxW2+fRHa8WYdsm/wn0K+jYMlZhquVjNXyL70/Sym6DkzCtJvveQs2CfcEWQuedjRSGFVFT2jV/s5F8L2TV7nQNVj6dEJSNM5JCdZ//OpiMHMCbPNeSxY9koGplUqFhP54F1WU9x+8xiFjEp8WKxQYKHUtj+ace0lLF4CDGXhFR/0k7Icarpax3hYnvagd2OpZyRJdavKBSs5U7/NPuO6sNhZ2NpzsOiul9Iu8bu3UHCECNKkwN4wF4alTlG9sAAbS4ns4wb9XTajG+OPYoDQZmuJfc71McN6m8KBHEnXU8r4epdR7xREe/w+h2MwtPhLvbxwO592tUxJTAjBgkqhkiG9w0BCRUxFgQUOEXV6IFYGpCSHi0MPHz4b3W0KOQwMTAhMAkGBSsOAwIaBQAEFAjyBCA+mr+5UkKuQ1jGw90ASfbVBAjbvqJJZikDPgICCAA=`
    35. 

  35. 	pkcs12ContentWithPass = `MIIJYQIBAzCCCScGCSqGSIb3DQEHAaCCCRgEggkUMIIJEDCCA8cGCSqGSIb3DQEHBqCCA7gwggO0AgEAMIIDrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI2eZRJ7Ar+JQCAggAgIIDgFTbOtkFPjqxAoYRHoq1SbyXKf/NRbBA5AqxQlv9aFVT4VcxUSrMGaSWifX2UjsVWQzn134yoLLbdJ0jTorVD+EuBUmtb3xXbBwLqtFZxwcWodYA5WhPQdDcQo0cD3o1vrsXPQARQR6ISSFnhFjPYdH9cO2LqUKV5pjFhIs2/1VPDS2eY7SWZN52DK3QknSj23S3ZW2s4TFEj/5C4ssbO7cWNWBjjaORnd17FMNgVtcRw8ITmLdGBOpFUwP8wIdiLGrXiyjfMLns74nztRelV30/v0DPlz0pZtOPygi/dy0qpbil3wtOFrtQBLEdvLNmt9ikQgGs3pJBS68eMJLu3jAU6rCIKycq0+E0eMXeHcseyMwgguTj2h4t+E4S7nU11lViBFqkSBKxE28+9fNlPvCsZ4WhQZ6TAW3E/jDy/ZSqmak5V7/khMlRPvtrxz71ivksH0iipPdJJkGi7SDEvETySBETiqIslUmsF0ZYeHR5wIBkB5V8zmi8RRZtpvDGbzuQ22V6sNk2mTDh+BRus7gNCoSGWYXWqNNp1PnznuYCJp9T+0mObcAijE7IQuhpYMeQPF+MUIlG5lmpNouzuygTf++xrKIjzP36DcthnMPeD/8LYWfzkuAeRodjl7Z1G6XLvBD5h+Xlq23WPjMcXUiiWYXxTREAQ1EWUf4A9twGcxHJ5AatbvQY3QUoS4a7LNuy17lF7G+O1SFDtGeHZXHHecaVpuAtqZEYeUpqy6ZzMJXtXE1JNl/UR9TtTordb1V5Pf45JTYKLI+SwxVQbRiTgfhulNc+E3tV1AEELZt4CKmh1OFJoJRtyREMfdVuP4rx7ywIoMYuWw8CRqJ3qSmdwz2kmL2pfJNn6vDfN6rNa+sXWErOJ7naSAKQH2CJfnkCOFxkKfwjbOcNRbnGKah8NyWu6xqlv7Y4xEJYqmPahGHmrSfdAt3mpc5zD74DvetLIczcadKaLH7mp6h98xHayvXh0UE7ERHeskfSPrLxL9A3V1RZXDOtcZFWSKHzokuXMDF9OnrcMYDzYgtzof4ReY2t1ldGF7phYINhDlUNyhzyjwyWQbdkxr/+FtWq8Sbm7o2zMTby48c25gnqD9U8RTAO+bY3oV3dQ4bpAOzWdzVmFjESUFx0xVwbTSJGXdkH4YmD5He+xwxTa0Je0HE5+ui5dbP1gxUY+pCGLOhGMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECGYAccNFWW6kAgIIAASCBMgbXw69iyx73RGWS3FYeuvF5L1VWXQGrDLdUGwa3SdovXxmP1pKBAb82UuiydXDpKSVCmefeEQTs6ucEFRmXrDIldNanqUwbydy3GSJ+4iNsVQHbFgNppH4e90L7BlLcZ3MzSrVEwxWVMHq+XLqTKf3X3QyrmA3mmF96+Nd+icpDIktd+/h2BHnSXHNP0QfVH27H4DwbMDijttXY0JB+8qP9m25Wn4zkmOPEUhrY4Ptv2I08eHFAuNI0jWUwfRhC4FDbUdwFb0aZjA3Te6uYTsu2zAlmg9HuqsD/Ef/wkBEKZLBkjiXa/niFVrwELXhWZDPBAuo+/1UbzXglsW4QDU4LbUutcs6DLag1vLe40a2LO1ODQm7Zw0bxLkb3f/ry6ZFYvO78XmHo4c/oQf4KPUtM2bLz5q7uOxAx07vHYaU2BVt3NjgiIO5VVKjw0075GdgFxwPvYncv1fsC5jSIkX43GuzEtoBTpJKDYb2nhKbN9XWixwGOhUBTK3WYBhn+uaMJs4l3EgkDtK9tsUs5VQQHawj0WrGS1mQhaBfcyZzv4wSn0d3JUO2CN0e9EReJcQvsEnwUvohilOvjDHHhTq8Kp4XU4jbq7TAKqxs3TOmdoskRykn9oKUPExJVhJQonFT3ietV5BHrnN/QoDCSeOR80ZxvWHrQDz3Hm1ygiHd8LYmN4IjiD8b28ZrCALifWxh0WmIYtLZrUjMZavPh+caWH9IG32fTxV9b1bgJD8vWqscj9jCjeMJvkKQo8PFg1kMAxt1u+bIyktTq42O9qxwGrdqEMeBzXxDJMMaRIH3m9LNZ/P5Nk4/hMURhCZJtRtNfOVTK+Q6kKgsdK2EHcuEnp/qBefZjve+xmitbF1W7C4+B7b2JNBacdIm1nE56DwglT/IUk65JrNFP3rf4c5ic76LCQrvyfLiKCGaqcihM9siLVFPYdrnr8TlGbCFnGbpBqMQA5MtZQaDUug50PJtdxlgfwWH4qliimgchCaZbSTcgN5YTguSe16uUSusHD+r6XdtI0939uDILXJjQMczhIKNw8w0Tn4Z3/g2KlB6cwbtaglnnO4a/USh0cPC1a581byNqeFoMi+mAhqfKkwdDuti4GX7OrhkUOkiRjEUXdcckpmmIsyamH/g1dq3CNFXFNIgRRrzIDo4Opr3Ip2VE/4BDQoo/+Rybzxh8bsHgCEujQf8urGxjGyd2ulHoXzHWhz7pPPuY5UN6dC9WZmOQDVous/1nhYThoLVVc61Rk6d83+Ac7iRg4bY5q/73J4HvPMmrTOOOqqn3wc9Pe5ibEy4tFaYnim4p1ZRm8YcwosZmuFPdsP6G5l5qt6uOyr2+qNpXIBkDpG7I6Ls10O7L3PQAX9zRGfcz6Ds0KtuDrLpaVvhuXpewsBwpo1lmhv9bAa4ppBuWznmKigX+vYojSxd/eCRAtMs+Lx6ppZsYNVhbdEIGKXSGwG98sSTZkoLHBMkUW7S8jpeSCHZWEFBUOPJQzAr5cW1w+RAs33cGUygZ5XEEx4DeW8MnO4lCuP+VDOwu3TAKhzAD+qCyXbLEzWiyL5fq3XL+YJtoAc8Mra9lK6jDqzq4u+PLNoYY+kWTBhCyRZ+PfzcXLry8pxuP5E6VtRgfYcxJTAjBgkqhkiG9w0BCRUxFgQUOEXV6IFYGpCSHi0MPHz4b3W0KOQwMTAhMAkGBSsOAwIaBQAEFBa+SV9FU2UObo+nYKdyt/kZVw6FBAgey4GonFtJ2gICCAA=`
    36. 

  36. 	pkcs12Cert            = `-----BEGIN CERTIFICATE-----
    37. 

  37. MIIDHTCCAgWgAwIBAgIRAKC4yxy9QGocND+6avTf7BgwDQYJKoZIhvcNAQELBQAw
    38. 

  38. EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0yMTAzMjAyMDA4MDhaFw0yMTAzMjAyMDM4
    39. 

  39. MDhaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
    40. 

  40. ggEKAoIBAQC3o6/JdZEqNbqNRkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4Nzj
    41. 

  41. aG15owr92/11W0pxPUliRLti3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvW
    42. 

  42. Y8jh8A0LQALZiV/9QsrJdXZdS47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE
    43. 

  43. 1gEDqnKfRxXI8DEQKXr+CKPUwCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4e
    44. 

  44. ugHe52vXHdh/HJ9VjNp0xOH1waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJa
    45. 

  45. YOOonQSEswveSv6PcG9AHvpNPot2Xs6hAgMBAAGjbjBsMA4GA1UdDwEB/wQEAwIC
    46. 

  46. pDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    47. 

  47. BBR00805mrpoonp95RmC3B6oLl+cGTAVBgNVHREEDjAMggpnb29ibGUuY29tMA0G
    48. 

  48. CSqGSIb3DQEBCwUAA4IBAQAipc1b6JrEDayPjpz5GM5krcI8dCWVd8re0a9bGjjN
    49. 

  49. ioWGlu/eTr5El0ffwCNZ2WLmL9rewfHf/bMvYz3ioFZJ2OTxfazqYXNggQz6cMfa
    50. 

  50. lbedDCdt5XLVX2TyerGvFram+9Uyvk3l0uM7rZnwAmdirG4Tv94QRaD3q4xTj/c0
    51. 

  51. mv+AggtK0aRFb9o47z/BypLdk5mhbf3Mmr88C8XBzEnfdYyf4JpTlZrYLBmDCu5d
    52. 

  52. 9RLLsjXxhag8xqMtd1uLUM8XOTGzVWacw8iGY+CTtBKqyA+AE6/bDwZvEwVtsKtC
    53. 

  53. QJ85ioEpy00NioqcF0WyMZH80uMsPycfpnl5uF7RkW8u
    54. 

  54. -----END CERTIFICATE-----
    55. 

  55. `
    56. 

  56. 	pkcs12Key = `-----BEGIN PRIVATE KEY-----
    57. 

  57. MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC3o6/JdZEqNbqN
    58. 

  58. RkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4NzjaG15owr92/11W0pxPUliRLti
    59. 

  59. 3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvWY8jh8A0LQALZiV/9QsrJdXZd
    60. 

  60. S47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE1gEDqnKfRxXI8DEQKXr+CKPU
    61. 

  61. wCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4eugHe52vXHdh/HJ9VjNp0xOH1
    62. 

  62. waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJaYOOonQSEswveSv6PcG9AHvpN
    63. 

  63. Pot2Xs6hAgMBAAECggEACTGPrmVNZDCWa1Y2hkJ0J7SoNcw+9O4M/jwMp4l/PD6P
    64. 

  64. I98S78LYLCZhPLK17SmjUcnFO1AXKW1JeFS2D/fjfP256guvcqQNjLFoioxcOhVb
    65. 

  65. ZGyd1Mi8JPqP5wfOj16gBeYDwTkjz9wqldcfiZaL9XoXetkZecbzR2JwC2FtIVuC
    66. 

  66. 0njTjMNYpaBKnoLb8OTR0EQz7lYEo2MkQiWryz8wseONnFmdfh18p+p10YgCbuCH
    67. 

  67. qesrWfDLLxaxZelNtDhDngg9LoCLmarYy7BgShacmUEgJTZ/x3xFC75thK3ln0OY
    68. 

  68. +ktTgvVotYYaZi7qAjQiEsTvkTAPg5RMpQLd2UIWsQKBgQDCBp+1vURbwGzmTNUg
    69. 

  69. HMipD6WDFdLc9DCacx6+ZqsEPTMWQbCpVZrDKiY0Rjt5F+xOCyMr00J5RDJXRC0G
    70. 

  70. +L7NcJdywOFutT7vB+cmETg7l/6PHweNYBnE66706eTL/KVYZMi4tEinarPWhHmL
    71. 

  71. jasfdLANtpDjdWkRt299TkPRbQKBgQDyS8Rr7KZdv04Csqkf+ASmiJpT5R6Y72kc
    72. 

  72. 3XYpKETyB2FyPZkuh/zInMut9SkkSI9O/jA3zf956jj6sF1DHvp7T8KkIp5OAQeD
    73. 

  73. J9AF65m2MnZfHFUeJ6ZQsggwMWqrD0ycIWP7YWtiBHH+D1wGkjYrssq+bvG/yNpA
    74. 

  74. LtqdKq9lhQKBgQCZA2hIhy61vRckuEsLvCdzTGeW7UsR/XGnHEqOlaEhArKbRsrv
    75. 

  75. gBdA+qiOaSTV5svw8E+YbE7sG6AnuhhYeyreEYEeeoZOLJmpIG5mUwYp2UBj1nC6
    76. 

  76. SaOI7OVZOGu7g09SWokBQQxbG4cgEfFY4Sym7fs5lVTGTP3Dfwppo6NQMQKBgQCo
    77. 

  77. J5NDP3Lafwk58BpV+H/pv8YzUUDh7M2rXbtCpxLqUdr8OOnVlEUISWFF8m5CIyVq
    78. 

  78. MhjuscWLK9Wtjba7/YTjDaDM3sW05xv6lyfU5ATCoNTr/zLHgcb4HAZ4w+L+otiN
    79. 

  79. RtMnxB2NYf5mzuwUF2cG/secUEzwyAlIH/xStSwTLQKBgQCRvqF+rqxnegoOgwVW
    80. 

  80. qrWPv06wXD8dW2FlPpY5GXqA0l6erSK3YsQQToRmbem9ibPD7bd5P4gNbWfxwK4C
    81. 

  81. Wt+1Rcb8OrDhDJbYz85bXBnPecKp4EN0b9SHO0/dsCqn2w30emc+9T/4m1ZDkpBd
    82. 

  82. BixHvI/EJ8YK3ta5WdJWKC6hnA==
    83. 

  83. -----END PRIVATE KEY-----
    84. 

  84. `
    85. 

  85. 	jwkPubRSA     = `{"kid":"ex","kty":"RSA","key_ops":["sign","verify","wrapKey","unwrapKey","encrypt","decrypt"],"n":"p2VQo8qCfWAZmdWBVaYuYb-a-tWWm78K6Sr9poCvNcmv8rUPSLACxitQWR8gZaSH1DklVkqz-Ed8Cdlf8lkDg4Ex5tkB64jRdC1Uvn4CDpOH6cp-N2s8hTFLqy9_YaDmyQS7HiqthOi9oVjil1VMeWfaAbClGtFt6UnKD0Vb_DvLoWYQSqlhgBArFJi966b4E1pOq5Ad02K8pHBDThlIIx7unibLehhDU6q3DCwNH_OOLx6bgNtmvGYJDd1cywpkLQ3YzNCUPWnfMBJRP3iQP_WI21uP6cvo0DqBPBM4wvVzHbCT0vnIflwkbgEWkq1FprqAitZlop9KjLqzjp9vyQ","e":"AQAB"}`
    86. 

  86. 	jwkPubRSAPKIX = `-----BEGIN PUBLIC KEY-----
    87. 

  87. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2VQo8qCfWAZmdWBVaYu
    88. 

  88. Yb+a+tWWm78K6Sr9poCvNcmv8rUPSLACxitQWR8gZaSH1DklVkqz+Ed8Cdlf8lkD
    89. 

  89. g4Ex5tkB64jRdC1Uvn4CDpOH6cp+N2s8hTFLqy9/YaDmyQS7HiqthOi9oVjil1VM
    90. 

  90. eWfaAbClGtFt6UnKD0Vb/DvLoWYQSqlhgBArFJi966b4E1pOq5Ad02K8pHBDThlI
    91. 

  91. Ix7unibLehhDU6q3DCwNH/OOLx6bgNtmvGYJDd1cywpkLQ3YzNCUPWnfMBJRP3iQ
    92. 

  92. P/WI21uP6cvo0DqBPBM4wvVzHbCT0vnIflwkbgEWkq1FprqAitZlop9KjLqzjp9v
    93. 

  93. yQIDAQAB
    94. 

  94. -----END PUBLIC KEY-----
    95. 

  95. `
    96. 

  96. 	jwkPrivRSA      = `{"kty" : "RSA","kid" : "cc34c0a0-bd5a-4a3c-a50d-a2a7db7643df","use" : "sig","n"   : "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w","e"   : "AQAB","d"   : "ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q","p"   : "4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0","q"   : "ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8","dp"  : "lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE","dq"  : "mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk","qi"  : "ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg"}`
    97. 

  97. 	jwkPrivRSAPKCS8 = `-----BEGIN PRIVATE KEY-----
    98. 

  98. MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQCmN2yzxloN8Qfo
    99. 

  99. rpTsZ5bafEOpHgg/Tj1+TV8rSWd2KZswxUF0+/+FKmbxPwS0EPGtR2LU4dl8yFSL
    100. 

  100. EZq637edDgYb2czbj2jGEK3Gqo28ReuZBEapzPIvG6H58qf0WD76FL1SlrMel9UA
    101. 

  101. WcHloJ9eg2E+4jygHLIUowpo5WAc2o/k0ESppuIt+1kPdb+WwUI8a7OvhWnRhLvN
    102. 

  102. LaENhJwLag4y7isZTUtwxl/f2nfXncKrttLZeHpj6/DmnDMVhl2NDEOfzHwEbd8n
    103. 

  103. qPxMYtdCxsofXbXz8dxQlG8zB2ltRAbme8DYZdWoup3CnTngvOT38H9/WVWuY4q4
    104. 

  104. eNM0erjzAgMBAAECggEBAJLA5rnHTCV5BRmcYqJjR566DmcXvAJgywxjtb4bPjzm
    105. 

  105. uT2TO5rVD6J8cI1ZrYZqW2c5WvpIOeThXzu2HF4YPh5tjlkysJu9/6y4dyWr2h47
    106. 

  106. warFSrqK191d0WJEq6Oh8mCMxSdRJO7C8W4w0XAzo+Inr0l9KDfZfiWYWg2JT5XI
    107. 

  107. ubibKKq6P2KxND0UVlYbRsp3fv2loEL9WM5H2bjA/oSbQ4tSJtobpjlsQOHmaxbP
    108. 

  108. XhvsIV3Dr2ksDuLEhm0vfXnEGRzNk3HV3gLNT741YEP3Sp2ZRjd5U1qFn0D+eWe0
    109. 

  109. 4LfDX9auGQCnfjZTHvu4qghX7JxcF40omjmtgkRmZ/kCgYEA4A5nU4ahEww7B65y
    110. 

  110. uzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ++wwf
    111. 

  111. pRwHvSxtNU9qXb8ewo+BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3In
    112. 

  112. KF4JvIlchyqs0RQ8wx7lULqwnn0CgYEAven83GM6SfrmO+TBHbjTk6JhP/3CMsIv
    113. 

  113. mSdo4KrbQNvp4vHO3w1/0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEB
    114. 

  114. pxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA+k4UoH/eQmGKGK44TRz
    115. 

  115. Yj5hZYGWIC8CgYEAlmmU/AG5SGxBhJqb8wxfNXDPJjf//i92BgJT2Vp4pskBbr5P
    116. 

  116. GoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ+m0/XSWx13v9t9DIbheA
    117. 

  117. tgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpECgYEA
    118. 

  118. mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe//EjuCBbwHfcT8OG3hWOv8vpzo
    119. 

  119. kQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p+AF2p6Yfahscjtq+GY9cB85Nx
    120. 

  120. Ly2IXCC0PF++Sq9LOrTE9QV988SJy/yUrAjcZ5MmECkCgYEAldHXIrEmMZVaNwGz
    121. 

  121. DF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uY
    122. 

  122. iqewXfCKw/UngrJt8Xwfq1Zruz0YY869zPN4GiE9+9rzdZB33RBw8kIOquY3MK74
    123. 

  123. FMwCihYx/LiU2YTHkaoJ3ncvtvg=
    124. 

  124. -----END PRIVATE KEY-----
    125. 

  125. `
    126. 

  126. 	jwkPubEC     = `{"kid":"https://kv-test-mj.vault.azure.net/keys/ec-p-521/e3d0e9c179b54988860c69c6ae172c65","kty":"EC","key_ops":["sign","verify"],"crv":"P-521","x":"AedOAtb7H7Oz1C_cPKI_R4CN_eai5nteY6KFW07FOoaqgQfVCSkQDK22fCOiMT_28c8LZYJRsiIFz_IIbQUW7bXj","y":"AOnchHnmBphIWXvanmMAmcCDkaED6ycW8GsAl9fQ43BMVZTqcTkJYn6vGnhn7MObizmkNSmgZYTwG-vZkIg03HHs"}`
    127. 

  127. 	jwkPubECPKIX = `-----BEGIN PUBLIC KEY-----
    128. 

  128. MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB504C1vsfs7PUL9w8oj9HgI395qLm
    129. 

  129. e15jooVbTsU6hqqBB9UJKRAMrbZ8I6IxP/bxzwtlglGyIgXP8ghtBRbtteMA6dyE
    130. 

  130. eeYGmEhZe9qeYwCZwIORoQPrJxbwawCX19DjcExVlOpxOQlifq8aeGfsw5uLOaQ1
    131. 

  131. KaBlhPAb69mQiDTccew=
    132. 

  132. -----END PUBLIC KEY-----
    133. 

  133. `
    134. 

  134. 	jwkPrivEC      = `{"kty": "EC","kid": "rie3pHe8u8gjSa0IaJfqk7_iEfHeYfDYx-Bqi7vQc0s","crv": "P-256","x": "fDjg3Nq4jPf8IOZ0277aPVal_8iXySnzLUJAZghUzZM","y": "d863PeyBOK_Q4duiSmWwgIRzi1RPlFZTR-vACMlPg-Q","d": "jJs5xsoHUetdMabtt8H2KyX5T92nGul1chFeMT5hlr0"}`
    135. 

  135. 	jwkPrivECPKCS8 = `-----BEGIN PRIVATE KEY-----
    136. 

  136. MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgjJs5xsoHUetdMabt
    137. 

  137. t8H2KyX5T92nGul1chFeMT5hlr2hRANCAAR8OODc2riM9/wg5nTbvto9VqX/yJfJ
    138. 

  138. KfMtQkBmCFTNk3fOtz3sgTiv0OHbokplsICEc4tUT5RWU0frwAjJT4Pk
    139. 

  139. -----END PRIVATE KEY-----
    140. 

  140. `
    141. 

  141. )
    142. 

  142. 

  143. func TestExecute(t *testing.T) {
    144. 

  144. 	tbl := []struct {
    145. 

  145. 		name                string
    146. 

  146. 		tpl                 map[string][]byte
    147. 

  147. 		labelsTpl           map[string][]byte
    148. 

  148. 		annotationsTpl      map[string][]byte
    149. 

  149. 		stringDataTpl       map[string][]byte
    150. 

  150. 		data                map[string][]byte
    151. 

  151. 		expectedData        map[string][]byte
    152. 

  152. 		expectedStringData  map[string]string
    153. 

  153. 		expectedLabels      map[string]string
    154. 

  154. 		expectedAnnotations map[string]string
    155. 

  155. 		leftDelimiter       string
    156. 

  156. 		rightDelimiter      string
    157. 

  157. 		expErr              string
    158. 

  158. 		expLblErr           string
    159. 

  159. 		expAnnoErr          string
    160. 

  160. 		expStrErr           string
    161. 

  161. 	}{
    162. 

  162. 		{
    163. 

  163. 			name:           "test empty",
    164. 

  164. 			tpl:            nil,
    165. 

  165. 			labelsTpl:      nil,
    166. 

  166. 			annotationsTpl: nil,
    167. 

  167. 			data:           nil,
    168. 

  168. 		},
    169. 

  169. 		{
    170. 

  170. 			name: "b64dec func",
    171. 

  171. 			tpl: map[string][]byte{
    172. 

  172. 				"foo": []byte("{{ .secret | b64dec }}"),
    173. 

  173. 			},
    174. 

  174. 			data: map[string][]byte{
    175. 

  175. 				"secret": []byte("MTIzNA=="),
    176. 

  176. 			},
    177. 

  177. 			expectedData: map[string][]byte{
    178. 

  178. 				"foo": []byte("1234"),
    179. 

  179. 			},
    180. 

  180. 		},
    181. 

  181. 		{
    182. 

  182. 			name: "fromJson func",
    183. 

  183. 			tpl: map[string][]byte{
    184. 

  184. 				"foo": []byte("{{ $var := .secret | fromJson }}{{ $var.foo }}"),
    185. 

  185. 			},
    186. 

  186. 			data: map[string][]byte{
    187. 

  187. 				"secret": []byte(`{"foo": "bar"}`),
    188. 

  188. 			},
    189. 

  189. 			expectedData: map[string][]byte{
    190. 

  190. 				"foo": []byte("bar"),
    191. 

  191. 			},
    192. 

  192. 		},
    193. 

  193. 		{
    194. 

  194. 			name: "from & toJson func",
    195. 

  195. 			tpl: map[string][]byte{
    196. 

  196. 				"foo": []byte("{{ $var := .secret | fromJson }}{{ $var.foo | toJson }}"),
    197. 

  197. 			},
    198. 

  198. 			data: map[string][]byte{
    199. 

  199. 				"secret": []byte(`{"foo": {"baz":"bang"}}`),
    200. 

  200. 			},
    201. 

  201. 			expectedData: map[string][]byte{
    202. 

  202. 				"foo": []byte(`{"baz":"bang"}`),
    203. 

  203. 			},
    204. 

  204. 		},
    205. 

  205. 		{
    206. 

  206. 			name: "fromJson & toYaml func",
    207. 

  207. 			tpl: map[string][]byte{
    208. 

  208. 				"foo": []byte("{{ $var := .secret | fromJson | toYaml }}{{ $var }}"),
    209. 

  209. 			},
    210. 

  210. 			data: map[string][]byte{
    211. 

  211. 				"secret": []byte(`{"foo": "bar"}`),
    212. 

  212. 			},
    213. 

  213. 			expectedData: map[string][]byte{
    214. 

  214. 				"foo": []byte(`foo: bar`),
    215. 

  215. 			},
    216. 

  216. 		},
    217. 

  217. 		{
    218. 

  218. 			name: "fromYaml & toJson func",
    219. 

  219. 			tpl: map[string][]byte{
    220. 

  220. 				"foo": []byte("{{ $var := .secret | fromYaml | toJson }}{{ $var }}"),
    221. 

  221. 			},
    222. 

  222. 			data: map[string][]byte{
    223. 

  223. 				"secret": []byte(`foo: bar`),
    224. 

  224. 			},
    225. 

  225. 			expectedData: map[string][]byte{
    226. 

  226. 				"foo": []byte(`{"foo":"bar"}`),
    227. 

  227. 			},
    228. 

  228. 		},
    229. 

  229. 		{
    230. 

  230. 			name: "use sprig functions",
    231. 

  231. 			tpl: map[string][]byte{
    232. 

  232. 				"foo": []byte(`{{ .path | ext }}`),
    233. 

  233. 			},
    234. 

  234. 			data: map[string][]byte{
    235. 

  235. 				"path": []byte(`foo/bar/baz.exe`),
    236. 

  236. 			},
    237. 

  237. 			expectedData: map[string][]byte{
    238. 

  238. 				"foo": []byte(`.exe`),
    239. 

  239. 			},
    240. 

  240. 		},
    241. 

  241. 		{
    242. 

  242. 			name: "use replace function",
    243. 

  243. 			tpl: map[string][]byte{
    244. 

  244. 				"foo": []byte(`{{ .conn | replace "postgres://" "db+postgresql://"}}`),
    245. 

  245. 			},
    246. 

  246. 			data: map[string][]byte{
    247. 

  247. 				"conn": []byte(`postgres://user:pass@db.host:5432/dbname`),
    248. 

  248. 			},
    249. 

  249. 			expectedData: map[string][]byte{
    250. 

  250. 				"foo": []byte(`db+postgresql://user:pass@db.host:5432/dbname`),
    251. 

  251. 			},
    252. 

  252. 		},
    253. 

  253. 		{
    254. 

  254. 			name: "use upper function",
    255. 

  255. 			tpl: map[string][]byte{
    256. 

  256. 				"foo": []byte(`{{ .value | upper }}`),
    257. 

  257. 			},
    258. 

  258. 			data: map[string][]byte{
    259. 

  259. 				"value": []byte(`username`),
    260. 

  260. 			},
    261. 

  261. 			expectedData: map[string][]byte{
    262. 

  262. 				"foo": []byte(`USERNAME`),
    263. 

  263. 			},
    264. 

  264. 		},
    265. 

  265. 		{
    266. 

  266. 			name: "multiline template",
    267. 

  267. 			tpl: map[string][]byte{
    268. 

  268. 				"cfg": []byte(`
    269. 

  269. 		datasources:
    270. 

  270. 		- name: Graphite
    271. 

  271. 			type: graphite
    272. 

  272. 			access: proxy
    273. 

  273. 			url: http://localhost:8080
    274. 

  274. 			password: "{{ .password }}"
    275. 

  275. 			user: "{{ .user }}"`),
    276. 

  276. 			},
    277. 

  277. 			data: map[string][]byte{
    278. 

  278. 				"user":     []byte(`foobert`),
    279. 

  279. 				"password": []byte("harharhar"),
    280. 

  280. 			},
    281. 

  281. 			expectedData: map[string][]byte{
    282. 

  282. 				"cfg": []byte(`
    283. 

  283. 		datasources:
    284. 

  284. 		- name: Graphite
    285. 

  285. 			type: graphite
    286. 

  286. 			access: proxy
    287. 

  287. 			url: http://localhost:8080
    288. 

  288. 			password: "harharhar"
    289. 

  289. 			user: "foobert"`),
    290. 

  290. 			},
    291. 

  291. 		},
    292. 

  292. 		{
    293. 

  293. 			name: "base64 pipeline",
    294. 

  294. 			tpl: map[string][]byte{
    295. 

  295. 				"foo": []byte(`{{ "123412341234" | b64enc | b64dec }}`),
    296. 

  296. 			},
    297. 

  297. 			data: map[string][]byte{},
    298. 

  298. 			expectedData: map[string][]byte{
    299. 

  299. 				"foo": []byte("123412341234"),
    300. 

  300. 			},
    301. 

  301. 		},
    302. 

  302. 		{
    303. 

  303. 			name: "base64 pkcs12 extract",
    304. 

  304. 			tpl: map[string][]byte{
    305. 

  305. 				"key":  []byte(`{{ .secret | b64dec | pkcs12key }}`),
    306. 

  306. 				"cert": []byte(`{{ .secret | b64dec | pkcs12cert }}`),
    307. 

  307. 			},
    308. 

  308. 			data: map[string][]byte{
    309. 

  309. 				"secret": []byte(pkcs12ContentNoPass),
    310. 

  310. 			},
    311. 

  311. 			expectedData: map[string][]byte{
    312. 

  312. 				"key":  []byte(pkcs12Key),
    313. 

  313. 				"cert": []byte(pkcs12Cert),
    314. 

  314. 			},
    315. 

  315. 		},
    316. 

  316. 		{
    317. 

  317. 			name: "base64 pkcs12 extract with password",
    318. 

  318. 			tpl: map[string][]byte{
    319. 

  319. 				"key":  []byte(`{{ .secret | b64dec | pkcs12keyPass "123456" }}`),
    320. 

  320. 				"cert": []byte(`{{ .secret | b64dec | pkcs12certPass "123456" }}`),
    321. 

  321. 			},
    322. 

  322. 			data: map[string][]byte{
    323. 

  323. 				"secret": []byte(pkcs12ContentWithPass),
    324. 

  324. 			},
    325. 

  325. 			expectedData: map[string][]byte{
    326. 

  326. 				"key":  []byte(pkcs12Key),
    327. 

  327. 				"cert": []byte(pkcs12Cert),
    328. 

  328. 			},
    329. 

  329. 		},
    330. 

  330. 		{
    331. 

  331. 			name: "base64 decode error",
    332. 

  332. 			tpl: map[string][]byte{
    333. 

  333. 				"key": []byte(`{{ .example | b64dec }}`),
    334. 

  334. 			},
    335. 

  335. 			data: map[string][]byte{
    336. 

  336. 				"example": []byte("iam_no_base64"),
    337. 

  337. 			},
    338. 

  338. 			expErr: "", // silent error
    339. 

  339. 		},
    340. 

  340. 		{
    341. 

  341. 			name: "pkcs12 key wrong password",
    342. 

  342. 			tpl: map[string][]byte{
    343. 

  343. 				"key": []byte(`{{ .secret | b64dec | pkcs12keyPass "wrong" }}`),
    344. 

  344. 			},
    345. 

  345. 			data: map[string][]byte{
    346. 

  346. 				"secret": []byte(pkcs12ContentWithPass),
    347. 

  347. 			},
    348. 

  348. 			expErr: "unable to decode pkcs12",
    349. 

  349. 		},
    350. 

  350. 		{
    351. 

  351. 			name: "pkcs12 cert wrong password",
    352. 

  352. 			tpl: map[string][]byte{
    353. 

  353. 				"cert": []byte(`{{ .secret | b64dec | pkcs12certPass "wrong" }}`),
    354. 

  354. 			},
    355. 

  355. 			data: map[string][]byte{
    356. 

  356. 				"secret": []byte(pkcs12ContentWithPass),
    357. 

  357. 			},
    358. 

  358. 			expErr: "unable to decode pkcs12",
    359. 

  359. 		},
    360. 

  360. 		{
    361. 

  361. 			name: "fromJson error",
    362. 

  362. 			tpl: map[string][]byte{
    363. 

  363. 				"key": []byte(`{{ "{ # no json # }" | fromJson }}`),
    364. 

  364. 			},
    365. 

  365. 			data:   map[string][]byte{},
    366. 

  366. 			expErr: "", // silent error
    367. 

  367. 		},
    368. 

  368. 		{
    369. 

  369. 			name: "template syntax error",
    370. 

  370. 			tpl: map[string][]byte{
    371. 

  371. 				"key": []byte(`{{ #xx }}`),
    372. 

  372. 			},
    373. 

  373. 			data:   map[string][]byte{},
    374. 

  374. 			expErr: "unable to parse template",
    375. 

  375. 		},
    376. 

  376. 		{
    377. 

  377. 			name: "unknown key error",
    378. 

  378. 			tpl: map[string][]byte{
    379. 

  379. 				"key": []byte(`{{ .unknown }}`),
    380. 

  380. 			},
    381. 

  381. 			data:   map[string][]byte{},
    382. 

  382. 			expErr: "unable to execute template at key key",
    383. 

  383. 		},
    384. 

  384. 		{
    385. 

  385. 			name: "jwk rsa pub pem",
    386. 

  386. 			tpl: map[string][]byte{
    387. 

  387. 				"fn": []byte(`{{ .secret | jwkPublicKeyPem }}`),
    388. 

  388. 			},
    389. 

  389. 			data: map[string][]byte{
    390. 

  390. 				"secret": []byte(jwkPubRSA),
    391. 

  391. 			},
    392. 

  392. 			expectedData: map[string][]byte{
    393. 

  393. 				"fn": []byte(jwkPubRSAPKIX),
    394. 

  394. 			},
    395. 

  395. 		},
    396. 

  396. 		{
    397. 

  397. 			name: "jwk rsa priv pem",
    398. 

  398. 			tpl: map[string][]byte{
    399. 

  399. 				"fn": []byte(`{{ .secret | jwkPrivateKeyPem }}`),
    400. 

  400. 			},
    401. 

  401. 			data: map[string][]byte{
    402. 

  402. 				"secret": []byte(jwkPrivRSA),
    403. 

  403. 			},
    404. 

  404. 			expectedData: map[string][]byte{
    405. 

  405. 				"fn": []byte(jwkPrivRSAPKCS8),
    406. 

  406. 			},
    407. 

  407. 		},
    408. 

  408. 		{
    409. 

  409. 			name: "jwk ecdsa pub pem",
    410. 

  410. 			tpl: map[string][]byte{
    411. 

  411. 				"fn": []byte(`{{ .secret | jwkPublicKeyPem }}`),
    412. 

  412. 			},
    413. 

  413. 			data: map[string][]byte{
    414. 

  414. 				"secret": []byte(jwkPubEC),
    415. 

  415. 			},
    416. 

  416. 			expectedData: map[string][]byte{
    417. 

  417. 				"fn": []byte(jwkPubECPKIX),
    418. 

  418. 			},
    419. 

  419. 		},
    420. 

  420. 		{
    421. 

  421. 			name: "jwk ecdsa priv pem",
    422. 

  422. 			tpl: map[string][]byte{
    423. 

  423. 				"fn": []byte(`{{ .secret | jwkPrivateKeyPem }}`),
    424. 

  424. 			},
    425. 

  425. 			data: map[string][]byte{
    426. 

  426. 				"secret": []byte(jwkPrivEC),
    427. 

  427. 			},
    428. 

  428. 			expectedData: map[string][]byte{
    429. 

  429. 				"fn": []byte(jwkPrivECPKCS8),
    430. 

  430. 			},
    431. 

  431. 		},
    432. 

  432. 		{
    433. 

  433. 			name: "filter pem certificate",
    434. 

  434. 			tpl: map[string][]byte{
    435. 

  435. 				"fn": []byte(`{{ .secret | filterPEM "CERTIFICATE" }}`),
    436. 

  436. 			},
    437. 

  437. 			data: map[string][]byte{
    438. 

  438. 				"secret": []byte(jwkPrivRSAPKCS8 + pkcs12Cert),
    439. 

  439. 			},
    440. 

  440. 			expectedData: map[string][]byte{
    441. 

  441. 				"fn": []byte(pkcs12Cert),
    442. 

  442. 			},
    443. 

  443. 		},
    444. 

  444. 		{
    445. 

  445. 			name: "labels",
    446. 

  446. 			tpl: map[string][]byte{
    447. 

  447. 				"foo": []byte("{{ .secret | b64dec }}"),
    448. 

  448. 			},
    449. 

  449. 			labelsTpl: map[string][]byte{
    450. 

  450. 				"bar": []byte("{{ .env | b64dec }}"),
    451. 

  451. 			},
    452. 

  452. 			data: map[string][]byte{
    453. 

  453. 				"secret": []byte("MTIzNA=="),
    454. 

  454. 				"env":    []byte("ZGV2"),
    455. 

  455. 			},
    456. 

  456. 			expectedData: map[string][]byte{
    457. 

  457. 				"foo": []byte("1234"),
    458. 

  458. 			},
    459. 

  459. 			expectedLabels: map[string]string{
    460. 

  460. 				"bar": "dev",
    461. 

  461. 			},
    462. 

  462. 		},
    463. 

  463. 		{
    464. 

  464. 			name: "annotations",
    465. 

  465. 			tpl: map[string][]byte{
    466. 

  466. 				"foo": []byte("{{ .secret | b64dec }}"),
    467. 

  467. 			},
    468. 

  468. 			annotationsTpl: map[string][]byte{
    469. 

  469. 				"bar": []byte("{{ .env | b64dec }}"),
    470. 

  470. 			},
    471. 

  471. 			data: map[string][]byte{
    472. 

  472. 				"secret": []byte("MTIzNA=="),
    473. 

  473. 				"env":    []byte("ZGV2"),
    474. 

  474. 			},
    475. 

  475. 			expectedData: map[string][]byte{
    476. 

  476. 				"foo": []byte("1234"),
    477. 

  477. 			},
    478. 

  478. 			expectedAnnotations: map[string]string{
    479. 

  479. 				"bar": "dev",
    480. 

  480. 			},
    481. 

  481. 		},
    482. 

  482. 		{
    483. 

  483. 			name: "stringData",
    484. 

  484. 			stringDataTpl: map[string][]byte{
    485. 

  485. 				"foo": []byte("{{ .secret | b64dec }}"),
    486. 

  486. 			},
    487. 

  487. 			data: map[string][]byte{
    488. 

  488. 				"secret": []byte("MTIzNA=="),
    489. 

  489. 				"env":    []byte("ZGV2"),
    490. 

  490. 			},
    491. 

  491. 			expectedStringData: map[string]string{
    492. 

  492. 				"foo": "1234",
    493. 

  493. 			},
    494. 

  494. 		},
    495. 

  495. 		{
    496. 

  496. 			name: "NonStandardDelimiters",
    497. 

  497. 			stringDataTpl: map[string][]byte{
    498. 

  498. 				"foo": []byte("<< .secret | b64dec >>"),
    499. 

  499. 			},
    500. 

  500. 			leftDelimiter:  "<<",
    501. 

  501. 			rightDelimiter: ">>",
    502. 

  502. 			data: map[string][]byte{
    503. 

  503. 				"secret": []byte("MTIzNA=="),
    504. 

  504. 				"env":    []byte("ZGV2"),
    505. 

  505. 			},
    506. 

  506. 			expectedStringData: map[string]string{
    507. 

  507. 				"foo": "1234",
    508. 

  508. 			},
    509. 

  509. 		},
    510. 

  510. 	}
    511. 

  511. 

  512. 	for i := range tbl {
    513. 

  513. 		row := tbl[i]
    514. 

  514. 		t.Run(row.name, func(t *testing.T) {
    515. 

  515. 			sec := &corev1.Secret{
    516. 

  516. 				Data:       make(map[string][]byte),
    517. 

  517. 				StringData: make(map[string]string),
    518. 

  518. 				ObjectMeta: v1.ObjectMeta{Labels: make(map[string]string), Annotations: make(map[string]string)},
    519. 

  519. 			}
    520. 

  520. 			oldLeftDelim := leftDelim
    521. 

  521. 			oldRightDelim := rightDelim
    522. 

  522. 			if row.leftDelimiter != "" {
    523. 

  523. 				leftDelim = row.leftDelimiter
    524. 

  524. 			}
    525. 

  525. 			if row.rightDelimiter != "" {
    526. 

  526. 				rightDelim = row.rightDelimiter
    527. 

  527. 			}
    528. 

  528. 			defer func() {
    529. 

  529. 				leftDelim = oldLeftDelim
    530. 

  530. 				rightDelim = oldRightDelim
    531. 

  531. 			}()
    532. 

  532. 			err := Execute(row.tpl, row.data, esapi.TemplateScopeValues, esapi.TemplateTargetData, sec)
    533. 

  533. 			if !ErrorContains(err, row.expErr) {
    534. 

  534. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    535. 

  535. 			}
    536. 

  536. 			err = Execute(row.labelsTpl, row.data, esapi.TemplateScopeValues, esapi.TemplateTargetLabels, sec)
    537. 

  537. 			if !ErrorContains(err, row.expLblErr) {
    538. 

  538. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    539. 

  539. 			}
    540. 

  540. 			err = Execute(row.annotationsTpl, row.data, esapi.TemplateScopeValues, esapi.TemplateTargetAnnotations, sec)
    541. 

  541. 			if !ErrorContains(err, row.expAnnoErr) {
    542. 

  542. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    543. 

  543. 			}
    544. 

  544. 			if row.expectedData != nil {
    545. 

  545. 				assert.EqualValues(t, row.expectedData, sec.Data)
    546. 

  546. 			}
    547. 

  547. 			if row.expectedLabels != nil {
    548. 

  548. 				assert.EqualValues(t, row.expectedLabels, sec.ObjectMeta.Labels)
    549. 

  549. 			}
    550. 

  550. 			if row.expectedAnnotations != nil {
    551. 

  551. 				assert.EqualValues(t, row.expectedAnnotations, sec.ObjectMeta.Annotations)
    552. 

  552. 			}
    553. 

  553. 		})
    554. 

  554. 	}
    555. 

  555. }
    556. 

  556. 

  557. func TestScopeValuesWithSecretFieldsNil(t *testing.T) {
    558. 

  558. 	tbl := []struct {
    559. 

  559. 		name               string
    560. 

  560. 		tpl                map[string][]byte
    561. 

  561. 		target             esapi.TemplateTarget
    562. 

  562. 		data               map[string][]byte
    563. 

  563. 		expectedData       map[string][]byte
    564. 

  564. 		expectedStringData map[string]string
    565. 

  565. 		expErr             string
    566. 

  566. 	}{
    567. 

  567. 		{
    568. 

  568. 			name:   "test empty",
    569. 

  569. 			tpl:    map[string][]byte{},
    570. 

  570. 			target: esapi.TemplateTargetData,
    571. 

  571. 			data:   nil,
    572. 

  572. 		},
    573. 

  573. 		{
    574. 

  574. 			name:   "test byte",
    575. 

  575. 			tpl:    map[string][]byte{"foo": []byte("bar")},
    576. 

  576. 			target: esapi.TemplateTargetData,
    577. 

  577. 			data: map[string][]byte{
    578. 

  578. 				"key":   []byte("foo"),
    579. 

  579. 				"value": []byte("bar"),
    580. 

  580. 			},
    581. 

  581. 			expectedData: map[string][]byte{
    582. 

  582. 				"foo": []byte("bar"),
    583. 

  583. 			},
    584. 

  584. 		},
    585. 

  585. 		{
    586. 

  586. 			name:   "test Annotations",
    587. 

  587. 			tpl:    map[string][]byte{"foo": []byte("bar")},
    588. 

  588. 			target: esapi.TemplateTargetAnnotations,
    589. 

  589. 			data: map[string][]byte{
    590. 

  590. 				"key":   []byte("foo"),
    591. 

  591. 				"value": []byte("bar"),
    592. 

  592. 			},
    593. 

  593. 			expectedStringData: map[string]string{
    594. 

  594. 				"foo": "bar",
    595. 

  595. 			},
    596. 

  596. 		},
    597. 

  597. 		{
    598. 

  598. 			name:   "test Labels",
    599. 

  599. 			tpl:    map[string][]byte{"foo": []byte("bar")},
    600. 

  600. 			target: esapi.TemplateTargetLabels,
    601. 

  601. 			data: map[string][]byte{
    602. 

  602. 				"key":   []byte("foo"),
    603. 

  603. 				"value": []byte("bar"),
    604. 

  604. 			},
    605. 

  605. 			expectedStringData: map[string]string{
    606. 

  606. 				"foo": "bar",
    607. 

  607. 			},
    608. 

  608. 		},
    609. 

  609. 	}
    610. 

  610. 	for i := range tbl {
    611. 

  611. 		row := tbl[i]
    612. 

  612. 		t.Run(row.name, func(t *testing.T) {
    613. 

  613. 			sec := &corev1.Secret{}
    614. 

  614. 			err := Execute(row.tpl, row.data, esapi.TemplateScopeValues, row.target, sec)
    615. 

  615. 			if !ErrorContains(err, row.expErr) {
    616. 

  616. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    617. 

  617. 			}
    618. 

  618. 			switch row.target {
    619. 

  619. 			case esapi.TemplateTargetData:
    620. 

  620. 				if row.expectedData != nil {
    621. 

  621. 					assert.EqualValues(t, row.expectedData, sec.Data)
    622. 

  622. 				}
    623. 

  623. 			case esapi.TemplateTargetLabels:
    624. 

  624. 				if row.expectedStringData != nil {
    625. 

  625. 					assert.EqualValues(t, row.expectedStringData, sec.Labels)
    626. 

  626. 				}
    627. 

  627. 			case esapi.TemplateTargetAnnotations:
    628. 

  628. 				if row.expectedStringData != nil {
    629. 

  629. 					assert.EqualValues(t, row.expectedStringData, sec.Annotations)
    630. 

  630. 				}
    631. 

  631. 			}
    632. 

  632. 		})
    633. 

  633. 	}
    634. 

  634. }
    635. 

  635. 

  636. func TestExecuteInvalidTemplateScope(t *testing.T) {
    637. 

  637. 	sec := &corev1.Secret{}
    638. 

  638. 	err := Execute(map[string][]byte{"foo": []byte("bar")}, nil, "invalid", esapi.TemplateTargetData, sec)
    639. 

  639. 	require.Error(t, err)
    640. 

  640. 	assert.ErrorContains(t, err, "expected 'Values' or 'KeysAndValues'")
    641. 

  641. }
    642. 

  642. 

  643. func TestScopeKeysAndValues(t *testing.T) {
    644. 

  644. 	tbl := []struct {
    645. 

  645. 		name               string
    646. 

  646. 		tpl                map[string][]byte
    647. 

  647. 		target             esapi.TemplateTarget
    648. 

  648. 		data               map[string][]byte
    649. 

  649. 		expectedData       map[string][]byte
    650. 

  650. 		expectedStringData map[string]string
    651. 

  651. 		expErr             string
    652. 

  652. 	}{
    653. 

  653. 		{
    654. 

  654. 			name:   "test empty",
    655. 

  655. 			tpl:    map[string][]byte{"literal": []byte("")},
    656. 

  656. 			target: "Data",
    657. 

  657. 			data:   nil,
    658. 

  658. 		},
    659. 

  659. 		{
    660. 

  660. 			name:   "test base64",
    661. 

  661. 			tpl:    map[string][]byte{"literal": []byte("{{ .key }}: {{ .value }}")},
    662. 

  662. 			target: esapi.TemplateTargetData,
    663. 

  663. 			data: map[string][]byte{
    664. 

  664. 				"key":   []byte("foo"),
    665. 

  665. 				"value": []byte("bar"),
    666. 

  666. 			},
    667. 

  667. 			expectedData: map[string][]byte{
    668. 

  668. 				"foo": []byte("bar"),
    669. 

  669. 			},
    670. 

  670. 		},
    671. 

  671. 		{
    672. 

  672. 			name:   "test Annotations",
    673. 

  673. 			tpl:    map[string][]byte{"literal": []byte("{{ .key }}: {{ .value }}")},
    674. 

  674. 			target: esapi.TemplateTargetAnnotations,
    675. 

  675. 			data: map[string][]byte{
    676. 

  676. 				"key":   []byte("foo"),
    677. 

  677. 				"value": []byte("bar"),
    678. 

  678. 			},
    679. 

  679. 			expectedStringData: map[string]string{
    680. 

  680. 				"foo": "bar",
    681. 

  681. 			},
    682. 

  682. 		},
    683. 

  683. 		{
    684. 

  684. 			name:   "test Labels",
    685. 

  685. 			tpl:    map[string][]byte{"literal": []byte("{{ .key }}: {{ .value }}")},
    686. 

  686. 			target: esapi.TemplateTargetLabels,
    687. 

  687. 			data: map[string][]byte{
    688. 

  688. 				"key":   []byte("foo"),
    689. 

  689. 				"value": []byte("bar"),
    690. 

  690. 			},
    691. 

  691. 			expectedStringData: map[string]string{
    692. 

  692. 				"foo": "bar",
    693. 

  693. 			},
    694. 

  694. 		},
    695. 

  695. 	}
    696. 

  696. 	for i := range tbl {
    697. 

  697. 		row := tbl[i]
    698. 

  698. 		t.Run(row.name, func(t *testing.T) {
    699. 

  699. 			sec := &corev1.Secret{
    700. 

  700. 				Data:       make(map[string][]byte),
    701. 

  701. 				StringData: make(map[string]string),
    702. 

  702. 				ObjectMeta: v1.ObjectMeta{Labels: make(map[string]string), Annotations: make(map[string]string)},
    703. 

  703. 			}
    704. 

  704. 			err := Execute(row.tpl, row.data, esapi.TemplateScopeKeysAndValues, row.target, sec)
    705. 

  705. 			if !ErrorContains(err, row.expErr) {
    706. 

  706. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    707. 

  707. 			}
    708. 

  708. 			switch row.target {
    709. 

  709. 			case esapi.TemplateTargetData:
    710. 

  710. 				if row.expectedData != nil {
    711. 

  711. 					assert.EqualValues(t, row.expectedData, sec.Data)
    712. 

  712. 				}
    713. 

  713. 			case esapi.TemplateTargetLabels:
    714. 

  714. 				if row.expectedStringData != nil {
    715. 

  715. 					assert.EqualValues(t, row.expectedStringData, sec.Labels)
    716. 

  716. 				}
    717. 

  717. 			case esapi.TemplateTargetAnnotations:
    718. 

  718. 				if row.expectedStringData != nil {
    719. 

  719. 					assert.EqualValues(t, row.expectedStringData, sec.Annotations)
    720. 

  720. 				}
    721. 

  721. 			}
    722. 

  722. 		})
    723. 

  723. 	}
    724. 

  724. }
    725. 

  725. func ErrorContains(out error, want string) bool {
    726. 

  726. 	if out == nil {
    727. 

  727. 		return want == ""
    728. 

  728. 	}
    729. 

  729. 	if want == "" {
    730. 

  730. 		return false
    731. 

  731. 	}
    732. 

  732. 	return strings.Contains(out.Error(), want)
    733. 

  733. }
    734. 

  734. 

  735. func TestPkcs12certPass(t *testing.T) {
    736. 

  736. 	const (
    737. 

  737. 		leafCertPath         = "_testdata/foo.crt"
    738. 

  738. 		intermediateCertPath = "_testdata/intermediate-ca.crt"
    739. 

  739. 		rootCertPath         = "_testdata/root-ca.crt"
    740. 

  740. 		disjunctCertPath     = "_testdata/disjunct-root-ca.crt"
    741. 

  741. 	)
    742. 

  742. 	type args struct {
    743. 

  743. 		pass     string
    744. 

  744. 		filename string
    745. 

  745. 	}
    746. 

  746. 	type testCase struct {
    747. 

  747. 		name    string
    748. 

  748. 		args    args
    749. 

  749. 		want    []string
    750. 

  750. 		wantErr bool
    751. 

  751. 	}
    752. 

  752. 	tests := []testCase{
    753. 

  753. 		{
    754. 

  754. 			// this case expects the whole chain to be stored
    755. 

  755. 			// in a single bag.
    756. 

  756. 			// bag(1): leaf/root/intermediate cert
    757. 

  757. 			// bag(2): private key
    758. 

  758. 			name: "read file without password",
    759. 

  759. 			args: args{
    760. 

  760. 				pass:     "",
    761. 

  761. 				filename: "_testdata/foo-nopass.pfx",
    762. 

  762. 			},
    763. 

  763. 			want: []string{
    764. 

  764. 				// this order is important
    765. 

  765. 				leafCertPath,
    766. 

  766. 				intermediateCertPath,
    767. 

  767. 				rootCertPath,
    768. 

  768. 			},
    769. 

  769. 		},
    770. 

  770. 		{
    771. 

  771. 			// same as above but with password
    772. 

  772. 			name: "read file with password",
    773. 

  773. 			args: args{
    774. 

  774. 				pass:     "1234",
    775. 

  775. 				filename: "_testdata/foo-withpass-1234.pfx",
    776. 

  776. 			},
    777. 

  777. 			want: []string{
    778. 

  778. 				// this order is important
    779. 

  779. 				leafCertPath,
    780. 

  780. 				intermediateCertPath,
    781. 

  781. 				rootCertPath,
    782. 

  782. 			},
    783. 

  783. 		},
    784. 

  784. 		{
    785. 

  785. 			// cert chain may be stored in different bags
    786. 

  786. 			// this test case uses a pfx that has the following structure:
    787. 

  787. 			// bag(1): leaf certificate
    788. 

  788. 			// bag(2): root + intermediate cert
    789. 

  789. 			// bag(3): private key
    790. 

  790. 			name: "read multibag cert chain",
    791. 

  791. 			args: args{
    792. 

  792. 				pass:     "",
    793. 

  793. 				filename: "_testdata/foo-multibag-nopass.pfx",
    794. 

  794. 			},
    795. 

  795. 			want: []string{
    796. 

  796. 				// this order is important
    797. 

  797. 				leafCertPath,
    798. 

  798. 				intermediateCertPath,
    799. 

  799. 				rootCertPath,
    800. 

  800. 			},
    801. 

  801. 		},
    802. 

  802. 		{
    803. 

  803. 			// cert chain may contain a disjunct cert
    804. 

  804. 			// bag(1): leaf/root/intermediate/disjunct
    805. 

  805. 			// bag(2): private key
    806. 

  806. 			name: "read disjunct cert chain",
    807. 

  807. 			args: args{
    808. 

  808. 				pass:     "",
    809. 

  809. 				filename: "_testdata/foo-disjunct-nopass.pfx",
    810. 

  810. 			},
    811. 

  811. 			want: []string{
    812. 

  812. 				// this order is important
    813. 

  813. 				leafCertPath,
    814. 

  814. 				rootCertPath,
    815. 

  815. 				intermediateCertPath,
    816. 

  816. 				disjunctCertPath,
    817. 

  817. 			},
    818. 

  818. 		},
    819. 

  819. 		{
    820. 

  820. 			name: "read file wrong password",
    821. 

  821. 			args: args{
    822. 

  822. 				pass:     "wrongpass",
    823. 

  823. 				filename: "_testdata/foo-withpass-1234.pfx",
    824. 

  824. 			},
    825. 

  825. 			wantErr: true,
    826. 

  826. 		},
    827. 

  827. 	}
    828. 

  828. 

  829. 	testFunc := func(t *testing.T, tc testCase) {
    830. 

  830. 		archive, err := os.ReadFile(tc.args.filename)
    831. 

  831. 		if err != nil {
    832. 

  832. 			t.Error(err)
    833. 

  833. 		}
    834. 

  834. 		var expOut []byte
    835. 

  835. 		for _, w := range tc.want {
    836. 

  836. 			c, err := os.ReadFile(w)
    837. 

  837. 			if err != nil {
    838. 

  838. 				t.Error(err)
    839. 

  839. 			}
    840. 

  840. 			expOut = append(expOut, c...)
    841. 

  841. 		}
    842. 

  842. 		got, err := pkcs12certPass(tc.args.pass, string(archive))
    843. 

  843. 		if (err != nil) != tc.wantErr {
    844. 

  844. 			t.Errorf("pkcs12certPass() error = %v, wantErr %v", err, tc.wantErr)
    845. 

  845. 			return
    846. 

  846. 		}
    847. 

  847. 		if diff := cmp.Diff(string(expOut), got); diff != "" {
    848. 

  848. 			t.Errorf("pkcs12certPass() = diff:\n%s", diff)
    849. 

  849. 		}
    850. 

  850. 	}
    851. 

  851. 

  852. 	for _, tt := range tests {
    853. 

  853. 		t.Run(tt.name, func(t *testing.T) {
    854. 

  854. 			testFunc(t, tt)
    855. 

  855. 		})
    856. 

  856. 	}
    857. 

  857. }
    858.