Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
logic855
/
helm-external-secrets
zrkadlo https://github.com/external-secrets/external-secrets
1
0
Fork 0
Súbory Issues 0 Wiki
Strom: 2b7ff9f23f
Branche Tagy
helm-externa...
/
runtime
/
testing
/
fake
/
fake.go

fake.go 6.7 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234 
  1. /*
    2. 

  2. Copyright © 2025 ESO Maintainer Team
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package fake
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"sync"
    22. 

  22. 

  23. 	corev1 "k8s.io/api/core/v1"
    24. 

  24. 	"sigs.k8s.io/controller-runtime/pkg/client"
    25. 

  25. 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
    26. 

  26. 

  27. 	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    28. 

  28. )
    29. 

  29. 

  30. var _ esv1.Provider = &Client{}
    31. 

  31. 

  32. type SetSecretCallArgs struct {
    33. 

  33. 	Value     []byte
    34. 

  34. 	RemoteRef esv1.PushSecretRemoteRef
    35. 

  35. }
    36. 

  36. 

  37. // Client is a fake client for testing.
    38. 

  38. type Client struct {
    39. 

  39. 	mu              *sync.RWMutex
    40. 

  40. 	pushSecretData  map[string]SetSecretCallArgs
    41. 

  41. 	NewFn           func(context.Context, esv1.GenericStore, client.Client, string) (esv1.SecretsClient, error)
    42. 

  42. 	GetSecretFn     func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error)
    43. 

  43. 	GetSecretMapFn  func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error)
    44. 

  44. 	GetAllSecretsFn func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error)
    45. 

  45. 	SecretExistsFn  func(context.Context, esv1.PushSecretRemoteRef) (bool, error)
    46. 

  46. 	SetSecretFn     func() error
    47. 

  47. 	DeleteSecretFn  func() error
    48. 

  48. }
    49. 

  49. 

  50. // New returns a fake provider/client.
    51. 

  51. func New() *Client {
    52. 

  52. 	v := &Client{
    53. 

  53. 		mu: &sync.RWMutex{},
    54. 

  54. 		GetSecretFn: func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    55. 

  55. 			return nil, nil
    56. 

  56. 		},
    57. 

  57. 		GetSecretMapFn: func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    58. 

  58. 			return nil, nil
    59. 

  59. 		},
    60. 

  60. 		GetAllSecretsFn: func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error) {
    61. 

  61. 			return nil, nil
    62. 

  62. 		},
    63. 

  63. 		SecretExistsFn: func(context.Context, esv1.PushSecretRemoteRef) (bool, error) {
    64. 

  64. 			return false, nil
    65. 

  65. 		},
    66. 

  66. 		SetSecretFn: func() error {
    67. 

  67. 			return nil
    68. 

  68. 		},
    69. 

  69. 		DeleteSecretFn: func() error {
    70. 

  70. 			return nil
    71. 

  71. 		},
    72. 

  72. 		pushSecretData: map[string]SetSecretCallArgs{},
    73. 

  73. 	}
    74. 

  74. 

  75. 	v.NewFn = func(context.Context, esv1.GenericStore, client.Client, string) (esv1.SecretsClient, error) {
    76. 

  76. 		return v, nil
    77. 

  77. 	}
    78. 

  78. 

  79. 	return v
    80. 

  80. }
    81. 

  81. 

  82. // RegisterAs registers the fake client in the schema.
    83. 

  83. func (v *Client) RegisterAs(provider *esv1.SecretStoreProvider) {
    84. 

  84. 	esv1.ForceRegister(v, provider, esv1.MaintenanceStatusMaintained)
    85. 

  85. }
    86. 

  86. 

  87. // GetAllSecrets implements the provider.Provider interface.
    88. 

  88. func (v *Client) GetAllSecrets(ctx context.Context, ref esv1.ExternalSecretFind) (map[string][]byte, error) {
    89. 

  89. 	v.mu.RLock()
    90. 

  90. 	fn := v.GetAllSecretsFn
    91. 

  91. 	v.mu.RUnlock()
    92. 

  92. 	return fn(ctx, ref)
    93. 

  93. }
    94. 

  94. 

  95. func (v *Client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1.PushSecretData) error {
    96. 

  96. 	v.mu.Lock()
    97. 

  97. 	v.pushSecretData[data.GetRemoteKey()] = SetSecretCallArgs{
    98. 

  98. 		Value:     secret.Data[data.GetSecretKey()],
    99. 

  99. 		RemoteRef: data,
    100. 

  100. 	}
    101. 

  101. 	fn := v.SetSecretFn
    102. 

  102. 	v.mu.Unlock()
    103. 

  103. 	return fn()
    104. 

  104. }
    105. 

  105. 

  106. // GetPushSecretData safely retrieves the push secret data map for reading.
    107. 

  107. func (v *Client) GetPushSecretData() map[string]SetSecretCallArgs {
    108. 

  108. 	v.mu.RLock()
    109. 

  109. 	defer v.mu.RUnlock()
    110. 

  110. 	// Create a copy to avoid race conditions
    111. 

  111. 	result := make(map[string]SetSecretCallArgs, len(v.pushSecretData))
    112. 

  112. 	for k, v := range v.pushSecretData {
    113. 

  113. 		result[k] = v
    114. 

  114. 	}
    115. 

  115. 	return result
    116. 

  116. }
    117. 

  117. 

  118. func (v *Client) DeleteSecret(_ context.Context, _ esv1.PushSecretRemoteRef) error {
    119. 

  119. 	v.mu.RLock()
    120. 

  120. 	fn := v.DeleteSecretFn
    121. 

  121. 	v.mu.RUnlock()
    122. 

  122. 	return fn()
    123. 

  123. }
    124. 

  124. 

  125. func (v *Client) SecretExists(ctx context.Context, ref esv1.PushSecretRemoteRef) (bool, error) {
    126. 

  126. 	v.mu.RLock()
    127. 

  127. 	fn := v.SecretExistsFn
    128. 

  128. 	v.mu.RUnlock()
    129. 

  129. 	return fn(ctx, ref)
    130. 

  130. }
    131. 

  131. 

  132. // GetSecret implements the provider.Provider interface.
    133. 

  133. func (v *Client) GetSecret(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    134. 

  134. 	v.mu.RLock()
    135. 

  135. 	fn := v.GetSecretFn
    136. 

  136. 	v.mu.RUnlock()
    137. 

  137. 	return fn(ctx, ref)
    138. 

  138. }
    139. 

  139. 

  140. // WithGetSecret wraps secret data returned by this provider.
    141. 

  141. func (v *Client) WithGetSecret(secData []byte, err error) *Client {
    142. 

  142. 	v.mu.Lock()
    143. 

  143. 	v.GetSecretFn = func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    144. 

  144. 		return secData, err
    145. 

  145. 	}
    146. 

  146. 	v.mu.Unlock()
    147. 

  147. 	return v
    148. 

  148. }
    149. 

  149. 

  150. // GetSecretMap implements the provider.Provider interface.
    151. 

  151. func (v *Client) GetSecretMap(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    152. 

  152. 	v.mu.RLock()
    153. 

  153. 	fn := v.GetSecretMapFn
    154. 

  154. 	v.mu.RUnlock()
    155. 

  155. 	return fn(ctx, ref)
    156. 

  156. }
    157. 

  157. 

  158. func (v *Client) Close(_ context.Context) error {
    159. 

  159. 	return nil
    160. 

  160. }
    161. 

  161. 

  162. func (v *Client) Validate() (esv1.ValidationResult, error) {
    163. 

  163. 	return esv1.ValidationResultReady, nil
    164. 

  164. }
    165. 

  165. 

  166. func (v *Client) ValidateStore(_ esv1.GenericStore) (admission.Warnings, error) {
    167. 

  167. 	return nil, nil
    168. 

  168. }
    169. 

  169. 

  170. // WithGetSecretMap wraps the secret data map returned by this fake provider.
    171. 

  171. func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client {
    172. 

  172. 	v.mu.Lock()
    173. 

  173. 	v.GetSecretMapFn = func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    174. 

  174. 		return secData, err
    175. 

  175. 	}
    176. 

  176. 	v.mu.Unlock()
    177. 

  177. 	return v
    178. 

  178. }
    179. 

  179. 

  180. // WithGetAllSecrets wraps the secret data map returned by this fake provider.
    181. 

  181. func (v *Client) WithGetAllSecrets(secData map[string][]byte, err error) *Client {
    182. 

  182. 	v.mu.Lock()
    183. 

  183. 	v.GetAllSecretsFn = func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error) {
    184. 

  184. 		return secData, err
    185. 

  185. 	}
    186. 

  186. 	v.mu.Unlock()
    187. 

  187. 	return v
    188. 

  188. }
    189. 

  189. 

  190. // WithSetSecret wraps the secret response to the fake provider.
    191. 

  191. func (v *Client) WithSetSecret(err error) *Client {
    192. 

  192. 	v.mu.Lock()
    193. 

  193. 	v.SetSecretFn = func() error {
    194. 

  194. 		return err
    195. 

  195. 	}
    196. 

  196. 	v.mu.Unlock()
    197. 

  197. 	return v
    198. 

  198. }
    199. 

  199. 

  200. // WithNew wraps the fake provider factory function.
    201. 

  201. func (v *Client) WithNew(f func(context.Context, esv1.GenericStore, client.Client,
    202. 

  202. 	string) (esv1.SecretsClient, error)) *Client {
    203. 

  203. 	v.mu.Lock()
    204. 

  204. 	v.NewFn = f
    205. 

  205. 	v.mu.Unlock()
    206. 

  206. 	return v
    207. 

  207. }
    208. 

  208. 

  209. // Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite).
    210. 

  210. func (v *Client) Capabilities() esv1.SecretStoreCapabilities {
    211. 

  211. 	return esv1.SecretStoreReadOnly
    212. 

  212. }
    213. 

  213. 

  214. // NewClient returns a new fake provider.
    215. 

  215. func (v *Client) NewClient(ctx context.Context, store esv1.GenericStore, kube client.Client, namespace string) (esv1.SecretsClient, error) {
    216. 

  216. 	v.mu.RLock()
    217. 

  217. 	fn := v.NewFn
    218. 

  218. 	v.mu.RUnlock()
    219. 

  219. 	c, err := fn(ctx, store, kube, namespace)
    220. 

  220. 	if err != nil {
    221. 

  221. 		return nil, err
    222. 

  222. 	}
    223. 

  223. 	return c, nil
    224. 

  224. }
    225. 

  225. 

  226. func (v *Client) Reset() {
    227. 

  227. 	v.WithNew(func(context.Context, esv1.GenericStore, client.Client,
    228. 

  228. 		string) (esv1.SecretsClient, error) {
    229. 

  229. 		return v, nil
    230. 

  230. 	})
    231. 

  231. 	v.mu.Lock()
    232. 

  232. 	defer v.mu.Unlock()
    233. 

  233. 	v.pushSecretData = map[string]SetSecretCallArgs{}
    234. 

  234. }
    235.