탐색 도움말
로그인
logic855
/
helm-external-secrets
의 미러 https://github.com/external-secrets/external-secrets
1
0
포크 0
파일 이슈 0 위키
트리: 3a79ce72b3
브랜치 태그
helm-externa...
/
pkg
/
provider
/
ngrok
/
provider_test.go

provider_test.go 11 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433 
  1. /*
    2. 

  2. Copyright © 2025 ESO Maintainer Team
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package ngrok
    18. 

  18. 

  19. import (
    20. 

  20. 	"fmt"
    21. 

  21. 	"testing"
    22. 

  22. 

  23. 	"github.com/ngrok/ngrok-api-go/v7"
    24. 

  24. 	. "github.com/onsi/ginkgo/v2"
    25. 

  25. 	. "github.com/onsi/gomega"
    26. 

  26. 	corev1 "k8s.io/api/core/v1"
    27. 

  27. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    28. 

  28. 	"k8s.io/utils/ptr"
    29. 

  29. 	kubeClient "sigs.k8s.io/controller-runtime/pkg/client"
    30. 

  30. 	clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
    31. 

  31. 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
    32. 

  32. 

  33. 	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    34. 

  34. 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
    35. 

  35. 	"github.com/external-secrets/external-secrets/pkg/provider/ngrok/fake"
    36. 

  36. )
    37. 

  37. 

  38. func newTestClusterSecretStore(provider *esv1.SecretStoreProvider) esv1.GenericStore {
    39. 

  39. 	return &esv1.ClusterSecretStore{
    40. 

  40. 		TypeMeta: metav1.TypeMeta{
    41. 

  41. 			Kind: "ClusterSecretStore",
    42. 

  42. 		},
    43. 

  43. 		Spec: esv1.SecretStoreSpec{
    44. 

  44. 			Provider: provider,
    45. 

  45. 		},
    46. 

  46. 	}
    47. 

  47. }
    48. 

  48. 

  49. func newTestNgrokClusterSecretStore(ngrokProv *esv1.NgrokProvider) esv1.GenericStore {
    50. 

  50. 	return newTestClusterSecretStore(&esv1.SecretStoreProvider{
    51. 

  51. 		Ngrok: ngrokProv,
    52. 

  52. 	})
    53. 

  53. }
    54. 

  54. 

  55. func newTestSecretStore(provider *esv1.SecretStoreProvider) esv1.GenericStore {
    56. 

  56. 	return &esv1.SecretStore{
    57. 

  57. 		TypeMeta: metav1.TypeMeta{
    58. 

  58. 			Kind: "SecretStore",
    59. 

  59. 		},
    60. 

  60. 		Spec: esv1.SecretStoreSpec{
    61. 

  61. 			Provider: provider,
    62. 

  62. 		},
    63. 

  63. 	}
    64. 

  64. }
    65. 

  65. 

  66. func newTestNgrokSecretStore(ngrokProv *esv1.NgrokProvider) esv1.GenericStore {
    67. 

  67. 	return newTestSecretStore(&esv1.SecretStoreProvider{
    68. 

  68. 		Ngrok: ngrokProv,
    69. 

  69. 	})
    70. 

  70. }
    71. 

  71. 

  72. func newNgrokAPICredentials(name, namespace, apiKey string) *corev1.Secret {
    73. 

  73. 	return &corev1.Secret{
    74. 

  74. 		ObjectMeta: metav1.ObjectMeta{
    75. 

  75. 			Name:      name,
    76. 

  76. 			Namespace: namespace,
    77. 

  77. 		},
    78. 

  78. 		Data: map[string][]byte{
    79. 

  79. 			"API_KEY": []byte(apiKey),
    80. 

  80. 		},
    81. 

  81. 	}
    82. 

  82. }
    83. 

  83. 

  84. var _ = Describe("Provider", func() {
    85. 

  85. 	var (
    86. 

  86. 		provider *Provider
    87. 

  87. 	)
    88. 

  88. 

  89. 	BeforeEach(func() {
    90. 

  90. 		provider = &Provider{}
    91. 

  91. 	})
    92. 

  92. 

  93. 	Describe("Capabilities", func() {
    94. 

  94. 		It("should return write-only capability", func() {
    95. 

  95. 			cap := provider.Capabilities()
    96. 

  96. 			Expect(cap).To(Equal(esv1.SecretStoreWriteOnly))
    97. 

  97. 		})
    98. 

  98. 	})
    99. 

  99. 

  100. 	Describe("NewClient", func() {
    101. 

  101. 		var (
    102. 

  102. 			store            esv1.GenericStore
    103. 

  103. 			ngrokStore       *fake.Store
    104. 

  104. 			namespace        string
    105. 

  105. 			kubeClient       kubeClient.Client
    106. 

  106. 			ngrokCredentials *corev1.Secret
    107. 

  107. 			vaultName        string
    108. 

  108. 

  109. 			// Injected errors
    110. 

  110. 			vaultListErr error
    111. 

  111. 

  112. 			// Outputs
    113. 

  113. 			err    error
    114. 

  114. 			client esv1.SecretsClient
    115. 

  115. 		)
    116. 

  116. 

  117. 		BeforeEach(func() {
    118. 

  118. 			namespace = "default"
    119. 

  119. 			vaultName = "vault-" + fake.GenerateRandomString(5)
    120. 

  120. 			ngrokCredentials = newNgrokAPICredentials("ngrok-credentials", namespace, "secret-api-key")
    121. 

  121. 			kubeClient = clientfake.NewClientBuilder().WithObjects(ngrokCredentials).Build()
    122. 

  122. 			ngrokStore = fake.NewStore()
    123. 

  123. 			vaultListErr = nil
    124. 

  124. 		})
    125. 

  125. 

  126. 		JustBeforeEach(func() {
    127. 

  127. 			getVaultsClient = func(_ *ngrok.ClientConfig) VaultClient {
    128. 

  128. 				return ngrokStore.VaultClient().WithListError(vaultListErr)
    129. 

  129. 			}
    130. 

  130. 			getSecretsClient = func(_ *ngrok.ClientConfig) SecretsClient {
    131. 

  131. 				return ngrokStore.SecretsClient()
    132. 

  132. 			}
    133. 

  133. 			client, err = provider.NewClient(GinkgoT().Context(), store, kubeClient, namespace)
    134. 

  134. 		})
    135. 

  135. 

  136. 		Context("SecretStore", func() {
    137. 

  137. 			When("the secret does not exist", func() {
    138. 

  138. 				BeforeEach(func() {
    139. 

  139. 					store = newTestNgrokSecretStore(&esv1.NgrokProvider{
    140. 

  140. 						Vault: esv1.NgrokVault{
    141. 

  141. 							Name: vaultName,
    142. 

  142. 						},
    143. 

  143. 						Auth: esv1.NgrokAuth{
    144. 

  144. 							APIKey: &esv1.NgrokProviderSecretRef{
    145. 

  145. 								SecretRef: &v1.SecretKeySelector{
    146. 

  146. 									Key:  "API_KEY",
    147. 

  147. 									Name: "non-existent-secret",
    148. 

  148. 								},
    149. 

  149. 							},
    150. 

  150. 						},
    151. 

  151. 					})
    152. 

  152. 				})
    153. 

  153. 

  154. 				It("should return an error that the secret does not exist", func() {
    155. 

  155. 					Expect(err).To(HaveOccurred())
    156. 

  156. 					Expect(err.Error()).To(ContainSubstring("secrets \"non-existent-secret\" not found"))
    157. 

  157. 					Expect(client).To(BeNil())
    158. 

  158. 				})
    159. 

  159. 			})
    160. 

  160. 

  161. 			When("the store is valid", func() {
    162. 

  162. 				BeforeEach(func() {
    163. 

  163. 					store = newTestNgrokSecretStore(&esv1.NgrokProvider{
    164. 

  164. 						Vault: esv1.NgrokVault{
    165. 

  165. 							Name: vaultName,
    166. 

  166. 						},
    167. 

  167. 						Auth: esv1.NgrokAuth{
    168. 

  168. 							APIKey: &esv1.NgrokProviderSecretRef{
    169. 

  169. 								SecretRef: &v1.SecretKeySelector{
    170. 

  170. 									Key:  "API_KEY",
    171. 

  171. 									Name: ngrokCredentials.Name,
    172. 

  172. 								},
    173. 

  173. 							},
    174. 

  174. 						},
    175. 

  175. 					})
    176. 

  176. 				})
    177. 

  177. 

  178. 				When("the vault does not exist", func() {
    179. 

  179. 					It("Should return an error that the vault is not found", func() {
    180. 

  180. 						Expect(err).To(HaveOccurred())
    181. 

  181. 						Expect(err.Error()).To(ContainSubstring(fmt.Sprintf("vault %q not found", vaultName)))
    182. 

  182. 						Expect(client).To(BeNil())
    183. 

  183. 					})
    184. 

  184. 				})
    185. 

  185. 

  186. 				When("the vault exists", func() {
    187. 

  187. 					BeforeEach(func() {
    188. 

  188. 						_, createErr := ngrokStore.CreateVault(&ngrok.VaultCreate{
    189. 

  189. 							Name: vaultName,
    190. 

  190. 						})
    191. 

  191. 						Expect(createErr).To(BeNil())
    192. 

  192. 					})
    193. 

  193. 

  194. 					It("should not return an error", func() {
    195. 

  195. 						Expect(err).To(BeNil())
    196. 

  196. 					})
    197. 

  197. 

  198. 					It("should return a non-nil client", func() {
    199. 

  199. 						Expect(client).NotTo(BeNil())
    200. 

  200. 					})
    201. 

  201. 				})
    202. 

  202. 

  203. 				When("there is an error listing vaults", func() {
    204. 

  204. 					BeforeEach(func() {
    205. 

  205. 						vaultListErr = fmt.Errorf("some error listing vaults")
    206. 

  206. 					})
    207. 

  207. 

  208. 					It("should return the list error", func() {
    209. 

  209. 						Expect(err).To(HaveOccurred())
    210. 

  210. 						Expect(err.Error()).To(ContainSubstring("some error listing vaults"))
    211. 

  211. 						Expect(client).To(BeNil())
    212. 

  212. 					})
    213. 

  213. 				})
    214. 

  214. 			})
    215. 

  215. 		})
    216. 

  216. 

  217. 		Context("ClusterSecretStore", func() {
    218. 

  218. 			When("the store does not specify a namespace", func() {
    219. 

  219. 				BeforeEach(func() {
    220. 

  220. 					store = newTestNgrokClusterSecretStore(&esv1.NgrokProvider{
    221. 

  221. 						Vault: esv1.NgrokVault{
    222. 

  222. 							Name: vaultName,
    223. 

  223. 						},
    224. 

  224. 						Auth: esv1.NgrokAuth{
    225. 

  225. 							APIKey: &esv1.NgrokProviderSecretRef{
    226. 

  226. 								SecretRef: &v1.SecretKeySelector{
    227. 

  227. 									Key:  "API_KEY",
    228. 

  228. 									Name: ngrokCredentials.Name,
    229. 

  229. 								},
    230. 

  230. 							},
    231. 

  231. 						},
    232. 

  232. 					})
    233. 

  233. 				})
    234. 

  234. 

  235. 				It("should return an error that the cluster store requires a namespace", func() {
    236. 

  236. 					Expect(err).To(MatchError(errClusterStoreRequiresNamespace))
    237. 

  237. 					Expect(client).To(BeNil())
    238. 

  238. 				})
    239. 

  239. 			})
    240. 

  240. 

  241. 			When("the secret does not exist", func() {
    242. 

  242. 				BeforeEach(func() {
    243. 

  243. 					store = newTestNgrokClusterSecretStore(&esv1.NgrokProvider{
    244. 

  244. 						Vault: esv1.NgrokVault{
    245. 

  245. 							Name: vaultName,
    246. 

  246. 						},
    247. 

  247. 						Auth: esv1.NgrokAuth{
    248. 

  248. 							APIKey: &esv1.NgrokProviderSecretRef{
    249. 

  249. 								SecretRef: &v1.SecretKeySelector{
    250. 

  250. 									Key:       "API_KEY",
    251. 

  251. 									Name:      "non-existent-secret",
    252. 

  252. 									Namespace: ptr.To("some-other-namespace"),
    253. 

  253. 								},
    254. 

  254. 							},
    255. 

  255. 						},
    256. 

  256. 					})
    257. 

  257. 				})
    258. 

  258. 

  259. 				It("should return an error that the secret does not exist", func() {
    260. 

  260. 					Expect(err).To(HaveOccurred())
    261. 

  261. 					Expect(err.Error()).To(ContainSubstring("secrets \"non-existent-secret\" not found"))
    262. 

  262. 					Expect(client).To(BeNil())
    263. 

  263. 				})
    264. 

  264. 			})
    265. 

  265. 

  266. 			When("the store is valid", func() {
    267. 

  267. 				BeforeEach(func() {
    268. 

  268. 					store = newTestNgrokClusterSecretStore(&esv1.NgrokProvider{
    269. 

  269. 						Vault: esv1.NgrokVault{
    270. 

  270. 							Name: vaultName,
    271. 

  271. 						},
    272. 

  272. 						Auth: esv1.NgrokAuth{
    273. 

  273. 							APIKey: &esv1.NgrokProviderSecretRef{
    274. 

  274. 								SecretRef: &v1.SecretKeySelector{
    275. 

  275. 									Key:       "API_KEY",
    276. 

  276. 									Name:      ngrokCredentials.Name,
    277. 

  277. 									Namespace: ptr.To(namespace),
    278. 

  278. 								},
    279. 

  279. 							},
    280. 

  280. 						},
    281. 

  281. 					})
    282. 

  282. 				})
    283. 

  283. 

  284. 				When("the vault does not exist", func() {
    285. 

  285. 					It("Should return an error that the vault is not found", func() {
    286. 

  286. 						Expect(err).To(HaveOccurred())
    287. 

  287. 						Expect(err.Error()).To(ContainSubstring(fmt.Sprintf("vault %q not found", vaultName)))
    288. 

  288. 						Expect(client).To(BeNil())
    289. 

  289. 					})
    290. 

  290. 				})
    291. 

  291. 

  292. 				When("the vault exists", func() {
    293. 

  293. 					BeforeEach(func() {
    294. 

  294. 						_, createErr := ngrokStore.CreateVault(&ngrok.VaultCreate{
    295. 

  295. 							Name: vaultName,
    296. 

  296. 						})
    297. 

  297. 						Expect(createErr).To(BeNil())
    298. 

  298. 					})
    299. 

  299. 

  300. 					It("should not return an error", func() {
    301. 

  301. 						Expect(err).To(BeNil())
    302. 

  302. 					})
    303. 

  303. 

  304. 					It("should return a non-nil client", func() {
    305. 

  305. 						Expect(client).NotTo(BeNil())
    306. 

  306. 					})
    307. 

  307. 				})
    308. 

  308. 			})
    309. 

  309. 		})
    310. 

  310. 	})
    311. 

  311. 

  312. 	Describe("ValidateStore", func() {
    313. 

  313. 		var (
    314. 

  314. 			store esv1.GenericStore
    315. 

  315. 

  316. 			err      error
    317. 

  317. 			warnings admission.Warnings
    318. 

  318. 		)
    319. 

  319. 

  320. 		JustBeforeEach(func() {
    321. 

  321. 			warnings, err = provider.ValidateStore(store)
    322. 

  322. 		})
    323. 

  323. 

  324. 		When("the store is nil", func() {
    325. 

  325. 			BeforeEach(func() { store = nil })
    326. 

  326. 

  327. 			It("Should return an invalid store error", func() {
    328. 

  328. 				Expect(err).To(MatchError(errInvalidStore))
    329. 

  329. 				Expect(warnings).To(BeNil())
    330. 

  330. 			})
    331. 

  331. 		})
    332. 

  332. 

  333. 		When("the provider is nil", func() {
    334. 

  334. 			BeforeEach(func() { store = newTestSecretStore(nil) })
    335. 

  335. 

  336. 			It("Should return an invalid ngrok provider error", func() {
    337. 

  337. 				Expect(err).To(MatchError(errInvalidStoreProv))
    338. 

  338. 				Expect(warnings).To(BeNil())
    339. 

  339. 			})
    340. 

  340. 		})
    341. 

  341. 

  342. 		When("the ngrok provider is nil", func() {
    343. 

  343. 			BeforeEach(func() { store = newTestNgrokSecretStore(nil) })
    344. 

  344. 

  345. 			It("Should return an invalid ngrok provider error", func() {
    346. 

  346. 				Expect(err).To(MatchError(errInvalidNgrokProv))
    347. 

  347. 				Expect(warnings).To(BeNil())
    348. 

  348. 			})
    349. 

  349. 		})
    350. 

  350. 

  351. 		When("the API URL is invalid", func() {
    352. 

  352. 			BeforeEach(func() {
    353. 

  353. 				store = newTestNgrokSecretStore(&esv1.NgrokProvider{
    354. 

  354. 					APIURL: "http://example.com/path\n",
    355. 

  355. 				})
    356. 

  356. 			})
    357. 

  357. 

  358. 			It("Should return an invalid API URL error", func() {
    359. 

  359. 				Expect(err).To(MatchError(errInvalidAPIURL))
    360. 

  360. 				Expect(warnings).To(BeNil())
    361. 

  361. 			})
    362. 

  362. 		})
    363. 

  363. 

  364. 		When("the auth APIKey is missing", func() {
    365. 

  365. 			BeforeEach(func() {
    366. 

  366. 				store = newTestNgrokSecretStore(&esv1.NgrokProvider{
    367. 

  367. 					Vault: esv1.NgrokVault{
    368. 

  368. 						Name: "test-vault",
    369. 

  369. 					},
    370. 

  370. 					Auth: esv1.NgrokAuth{
    371. 

  371. 						APIKey: nil,
    372. 

  372. 					},
    373. 

  373. 				})
    374. 

  374. 			})
    375. 

  375. 

  376. 			It("Should return an invalid auth APIKey required error", func() {
    377. 

  377. 				Expect(err).To(MatchError(errInvalidAuthAPIKeyRequired))
    378. 

  378. 				Expect(warnings).To(BeNil())
    379. 

  379. 			})
    380. 

  380. 		})
    381. 

  381. 

  382. 		When("the vault name is missing", func() {
    383. 

  383. 			BeforeEach(func() {
    384. 

  384. 				store = newTestNgrokSecretStore(&esv1.NgrokProvider{
    385. 

  385. 					Auth: esv1.NgrokAuth{
    386. 

  386. 						APIKey: &esv1.NgrokProviderSecretRef{
    387. 

  387. 							SecretRef: &v1.SecretKeySelector{
    388. 

  388. 								Key:  "apiKey",
    389. 

  389. 								Name: "ngrok-credentials",
    390. 

  390. 							},
    391. 

  391. 						},
    392. 

  392. 					},
    393. 

  393. 					Vault: esv1.NgrokVault{},
    394. 

  394. 				})
    395. 

  395. 			})
    396. 

  396. 

  397. 			It("Should return a missing vault name error", func() {
    398. 

  398. 				Expect(err).To(MatchError(errMissingVaultName))
    399. 

  399. 				Expect(warnings).To(BeNil())
    400. 

  400. 			})
    401. 

  401. 		})
    402. 

  402. 

  403. 		When("the store is valid", func() {
    404. 

  404. 			BeforeEach(func() {
    405. 

  405. 				store = newTestNgrokSecretStore(&esv1.NgrokProvider{
    406. 

  406. 					Vault: esv1.NgrokVault{
    407. 

  407. 						Name: "test-vault",
    408. 

  408. 					},
    409. 

  409. 					Auth: esv1.NgrokAuth{
    410. 

  410. 						APIKey: &esv1.NgrokProviderSecretRef{
    411. 

  411. 							SecretRef: &v1.SecretKeySelector{
    412. 

  412. 								Key:  "apiKey",
    413. 

  413. 								Name: "ngrok-credentials",
    414. 

  414. 							},
    415. 

  415. 						},
    416. 

  416. 					},
    417. 

  417. 				})
    418. 

  418. 			})
    419. 

  419. 

  420. 			It("Should not return an error", func() {
    421. 

  421. 				Expect(err).To(BeNil())
    422. 

  422. 				Expect(warnings).To(BeNil())
    423. 

  423. 			})
    424. 

  424. 		})
    425. 

  425. 	})
    426. 

  426. 

  427. 	// Add more Ginkgo tests here for ValidateStore, NewClient, etc.
    428. 

  428. })
    429. 

  429. 

  430. func TestNgrokProvider(t *testing.T) {
    431. 

  431. 	RegisterFailHandler(Fail)
    432. 

  432. 	RunSpecs(t, "Ngrok Provider Suite")
    433. 

  433. }
    434.