Home Esplora Aiuto
Accedi
logic855
/
helm-external-secrets
mirror da https://github.com/external-secrets/external-secrets
1
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): 41e4fd48d2
Rami (Branch) Tag
helm-externa...
/
pkg
/
provider
/
webhook
/
webhook_test.go

webhook_test.go 16 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package webhook
    16. 

  16. 

  17. import (
    18. 

  18. 	"bytes"
    19. 

  19. 	"context"
    20. 

  20. 	"errors"
    21. 

  21. 	"io"
    22. 

  22. 	"net/http"
    23. 

  23. 	"net/http/httptest"
    24. 

  24. 	"strings"
    25. 

  25. 	"testing"
    26. 

  26. 	"time"
    27. 

  27. 

  28. 	"gopkg.in/yaml.v3"
    29. 

  29. 	corev1 "k8s.io/api/core/v1"
    30. 

  30. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    31. 

  31. 

  32. 	"github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
    33. 

  33. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    34. 

  34. )
    35. 

  35. 

  36. type testCase struct {
    37. 

  37. 	Case string `json:"case,omitempty"`
    38. 

  38. 	Args args   `json:"args"`
    39. 

  39. 	Want want   `json:"want"`
    40. 

  40. }
    41. 

  41. 

  42. type secret struct {
    43. 

  43. 	Name string            `json:"name"`
    44. 

  44. 	Data map[string]string `json:"data"`
    45. 

  45. }
    46. 

  46. 

  47. type args struct {
    48. 

  48. 	URL        string `json:"url,omitempty"`
    49. 

  49. 	Body       string `json:"body,omitempty"`
    50. 

  50. 	Timeout    string `json:"timeout,omitempty"`
    51. 

  51. 	Key        string `json:"key,omitempty"`
    52. 

  52. 	SecretKey  string `json:"secretkey,omitempty"`
    53. 

  53. 	Property   string `json:"property,omitempty"`
    54. 

  54. 	Version    string `json:"version,omitempty"`
    55. 

  55. 	JSONPath   string `json:"jsonpath,omitempty"`
    56. 

  56. 	Response   string `json:"response,omitempty"`
    57. 

  57. 	StatusCode int    `json:"statuscode,omitempty"`
    58. 

  58. 	PushSecret bool   `json:"pushsecret,omitempty"`
    59. 

  59. 	Secret     secret `json:"secret,omitempty"`
    60. 

  60. }
    61. 

  61. 

  62. type want struct {
    63. 

  63. 	Path      string            `json:"path,omitempty"`
    64. 

  64. 	Body      string            `json:"body,omitempty"`
    65. 

  65. 	Err       string            `json:"err,omitempty"`
    66. 

  66. 	Result    string            `json:"result,omitempty"`
    67. 

  67. 	ResultMap map[string]string `json:"resultmap,omitempty"`
    68. 

  68. }
    69. 

  69. 

  70. var testCases = `
    71. 

  71. case: error url
    72. 

  72. args:
    73. 

  73.   url: /api/getsecret?id={{ .unclosed.template
    74. 

  74. want:
    75. 

  75.   err: failed to parse url
    76. 

  76. ---
    77. 

  77. case: error body
    78. 

  78. args:
    79. 

  79.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    80. 

  80.   body: Body error {{ .unclosed.template
    81. 

  81. want:
    82. 

  82.   err: failed to parse body
    83. 

  83. ---
    84. 

  84. case: error connection
    85. 

  85. args:
    86. 

  86.   url: 1/api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    87. 

  87. want:
    88. 

  88.   err: failed to call endpoint
    89. 

  89. ---
    90. 

  90. case: error no secret err
    91. 

  91. args:
    92. 

  92.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    93. 

  93.   key: testkey
    94. 

  94.   version: 1
    95. 

  95.   statuscode: 404
    96. 

  96.   response: not found
    97. 

  97. want:
    98. 

  98.   path: /api/getsecret?id=testkey&version=1
    99. 

  99.   err: ` + esv1beta1.NoSecretErr.Error() + `
    100. 

  100. ---
    101. 

  101. case: error server error
    102. 

  102. args:
    103. 

  103.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    104. 

  104.   key: testkey
    105. 

  105.   version: 1
    106. 

  106.   statuscode: 500
    107. 

  107.   response: server error
    108. 

  108. want:
    109. 

  109.   path: /api/getsecret?id=testkey&version=1
    110. 

  110.   err: endpoint gave error 500
    111. 

  111. ---
    112. 

  112. case: error bad json
    113. 

  113. args:
    114. 

  114.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    115. 

  115.   key: testkey
    116. 

  116.   version: 1
    117. 

  117.   jsonpath: $.result.thesecret
    118. 

  118.   response: '{"result":{"thesecret":"secret-value"}'
    119. 

  119. want:
    120. 

  120.   path: /api/getsecret?id=testkey&version=1
    121. 

  121.   err: failed to parse response json
    122. 

  122. ---
    123. 

  123. case: error bad jsonpath
    124. 

  124. args:
    125. 

  125.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    126. 

  126.   key: testkey
    127. 

  127.   version: 1
    128. 

  128.   jsonpath: $.result.thesecret
    129. 

  129.   response: '{"result":{"nosecret":"secret-value"}}'
    130. 

  130. want:
    131. 

  131.   path: /api/getsecret?id=testkey&version=1
    132. 

  132.   err: failed to get response path
    133. 

  133. ---
    134. 

  134. case: pull data out of map
    135. 

  135. args:
    136. 

  136.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    137. 

  137.   key: testkey
    138. 

  138.   version: 1
    139. 

  139.   jsonpath: $.result.thesecret
    140. 

  140.   response: '{"result":{"thesecret":{"one":"secret-value"}}}'
    141. 

  141. want:
    142. 

  142.   path: /api/getsecret?id=testkey&version=1
    143. 

  143.   err: ''
    144. 

  144.   result: '{"one":"secret-value"}'
    145. 

  145. ---
    146. 

  146. case: error timeout
    147. 

  147. args:
    148. 

  148.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    149. 

  149.   key: testkey
    150. 

  150.   version: 1
    151. 

  151.   response: secret-value
    152. 

  152.   timeout: 0.01ms
    153. 

  153. want:
    154. 

  154.   path: /api/getsecret?id=testkey&version=1
    155. 

  155.   err: context deadline exceeded
    156. 

  156. ---
    157. 

  157. case: good plaintext
    158. 

  158. args:
    159. 

  159.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    160. 

  160.   key: testkey
    161. 

  161.   version: 1
    162. 

  162.   response: secret-value
    163. 

  163. want:
    164. 

  164.   path: /api/getsecret?id=testkey&version=1
    165. 

  165.   err: ''
    166. 

  166.   result: secret-value
    167. 

  167. ---
    168. 

  168. case: good json
    169. 

  169. args:
    170. 

  170.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    171. 

  171.   key: testkey
    172. 

  172.   version: 1
    173. 

  173.   jsonpath: $.result.thesecret
    174. 

  174.   response: '{"result":{"thesecret":"secret-value"}}'
    175. 

  175. want:
    176. 

  176.   path: /api/getsecret?id=testkey&version=1
    177. 

  177.   err: ''
    178. 

  178.   result: secret-value
    179. 

  179. ---
    180. 

  180. case: good json map
    181. 

  181. args:
    182. 

  182.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    183. 

  183.   key: testkey
    184. 

  184.   version: 1
    185. 

  185.   jsonpath: $.result
    186. 

  186.   response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value"}}'
    187. 

  187. want:
    188. 

  188.   path: /api/getsecret?id=testkey&version=1
    189. 

  189.   err: ''
    190. 

  190.   resultmap:
    191. 

  191.     thesecret: secret-value
    192. 

  192.     alsosecret: another-value
    193. 

  193. ---
    194. 

  194. case: good json map string
    195. 

  195. args:
    196. 

  196.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    197. 

  197.   key: testkey
    198. 

  198.   version: 1
    199. 

  199.   response: '{"thesecret":"secret-value","alsosecret":"another-value"}'
    200. 

  200. want:
    201. 

  201.   path: /api/getsecret?id=testkey&version=1
    202. 

  202.   err: ''
    203. 

  203.   resultmap:
    204. 

  204.     thesecret: secret-value
    205. 

  205.     alsosecret: another-value
    206. 

  206. ---
    207. 

  207. case: error json map string
    208. 

  208. args:
    209. 

  209.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    210. 

  210.   key: testkey
    211. 

  211.   version: 1
    212. 

  212.   response: 'some simple string'
    213. 

  213. want:
    214. 

  214.   path: /api/getsecret?id=testkey&version=1
    215. 

  215.   err: "failed to parse response json: invalid character"
    216. 

  216.   resultmap: {}
    217. 

  217. ---
    218. 

  218. case: error json map
    219. 

  219. args:
    220. 

  220.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    221. 

  221.   key: testkey
    222. 

  222.   version: 1
    223. 

  223.   jsonpath: $.result.thesecret
    224. 

  224.   response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value"}}'
    225. 

  225. want:
    226. 

  226.   path: /api/getsecret?id=testkey&version=1
    227. 

  227.   err: "failed to parse response json from jsonpath"
    228. 

  228.   resultmap: {}
    229. 

  229. ---
    230. 

  230. case: good json with good templated jsonpath
    231. 

  231. args:
    232. 

  232.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    233. 

  233.   key: testkey
    234. 

  234.   property: thesecret
    235. 

  235.   version: 1
    236. 

  236.   jsonpath: $.result.{{ .remoteRef.property }}
    237. 

  237.   response: '{"result":{"thesecret":"secret-value"}}'
    238. 

  238. want:
    239. 

  239.   path: /api/getsecret?id=testkey&version=1
    240. 

  240.   err: ''
    241. 

  241.   result: secret-value
    242. 

  242. ---
    243. 

  243. case: good json with jsonpath filter
    244. 

  244. args:
    245. 

  245.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    246. 

  246.   key: testkey
    247. 

  247.   version: 1
    248. 

  248.   jsonpath: $.secrets[?@.name=="thesecret"].value
    249. 

  249.   response: '{"secrets": [{"name": "thesecret", "value": "secret-value"}, {"name": "alsosecret", "value": "another-value"}]}'
    250. 

  250. want:
    251. 

  251.   path: /api/getsecret?id=testkey&version=1
    252. 

  252.   err: ''
    253. 

  253.   result: secret-value
    254. 

  254. ---
    255. 

  255. case: good json with bad templated jsonpath
    256. 

  256. args:
    257. 

  257.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    258. 

  258.   key: testkey
    259. 

  259.   property: thesecret
    260. 

  260.   version: 1
    261. 

  261.   jsonpath: $.result.{{ .remoteRef.property }
    262. 

  262.   response: '{"result":{"thesecret":"secret-value"}}'
    263. 

  263. want:
    264. 

  264.   path: /api/getsecret?id=testkey&version=1
    265. 

  265.   err: 'template: webhooktemplate:1: unexpected "}" in operand'
    266. 

  266. ---
    267. 

  267. case: error with jsonpath filter empty results
    268. 

  268. args:
    269. 

  269.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    270. 

  270.   key: testkey
    271. 

  271.   version: 1
    272. 

  272.   jsonpath: $.secrets[?@.name=="thebadsecret"].value
    273. 

  273.   response: '{"secrets": [{"name": "thesecret", "value": "secret-value"}, {"name": "alsosecret", "value": "another-value"}]}'
    274. 

  274. want:
    275. 

  275.   path: /api/getsecret?id=testkey&version=1
    276. 

  276.   err: "filter worked but didn't get any result"
    277. 

  277. ---
    278. 

  278. case: success with jsonpath filter and result array
    279. 

  279. args:
    280. 

  280.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    281. 

  281.   key: testkey
    282. 

  282.   version: 1
    283. 

  283.   jsonpath: $..name
    284. 

  284.   response: '{"secrets": [{"name": "thesecret", "value": "secret-value"}, {"name": "alsosecret", "value": "another-value"}]}'
    285. 

  285. want:
    286. 

  286.   path: /api/getsecret?id=testkey&version=1
    287. 

  287.   err: ''
    288. 

  288.   result: 'thesecret'
    289. 

  289. ---
    290. 

  290. case: success with jsonpath filter and result array of ints
    291. 

  291. args:
    292. 

  292.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    293. 

  293.   key: testkey
    294. 

  294.   version: 1
    295. 

  295.   jsonpath: $..name
    296. 

  296.   response: '{"secrets": [{"name": 123, "value": "secret-value"}, {"name": 456, "value": "another-value"}]}'
    297. 

  297. want:
    298. 

  298.   path: /api/getsecret?id=testkey&version=1
    299. 

  299.   err: ''
    300. 

  300.   result: 123
    301. 

  301. ---
    302. 

  302. case: support backslash
    303. 

  303. args:
    304. 

  304.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    305. 

  305.   key: testkey
    306. 

  306.   version: 1
    307. 

  307.   jsonpath: $.refresh_token
    308. 

  308.   response: '{"access_token":"REDACTED","refresh_token":"RE\/DACTED=="}'
    309. 

  309. want:
    310. 

  310.   path: /api/getsecret?id=testkey&version=1
    311. 

  311.   err: ''
    312. 

  312.   result: "RE/DACTED=="
    313. 

  313. ---
    314. 

  314. case: good json with mixed fields and jsonpath filter
    315. 

  315. args:
    316. 

  316.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    317. 

  317.   key: testkey
    318. 

  318.   version: 1
    319. 

  319.   jsonpath: $.result.thesecret
    320. 

  320.   response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value", "id": 1234, "weight": 1.5}}'
    321. 

  321. want:
    322. 

  322.   path: /api/getsecret?id=testkey&version=1
    323. 

  323.   err: ''
    324. 

  324.   result: secret-value
    325. 

  325. ---
    326. 

  326. case: good json with mixed fields to map
    327. 

  327. args:
    328. 

  328.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    329. 

  329.   key: testkey
    330. 

  330.   version: 1
    331. 

  331.   jsonpath: $.result
    332. 

  332.   response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value", "id": 1234, "weight": 1.5}}'
    333. 

  333. want:
    334. 

  334.   path: /api/getsecret?id=testkey&version=1
    335. 

  335.   err: ''
    336. 

  336.   resultmap:
    337. 

  337.     thesecret: secret-value
    338. 

  338.     alsosecret: another-value
    339. 

  339.     id: 1234
    340. 

  340.     weight: 1.5
    341. 

  341. ---
    342. 

  342. case: only url encoding for url templates
    343. 

  343. args:
    344. 

  344.   url: /api/getsecrets?folder={{ .remoteRef.key }}
    345. 

  345.   body: '{"folder": "{{ .remoteRef.key }}"}'
    346. 

  346.   key: /myapp/secrets
    347. 

  347. want:
    348. 

  348.   path: /api/getsecrets?folder=%2Fmyapp%2Fsecrets
    349. 

  349.   body: '{"folder": "/myapp/secrets"}'
    350. 

  350. `
    351. 

  351. 

  352. func TestWebhookGetSecret(t *testing.T) {
    353. 

  353. 	ydec := yaml.NewDecoder(bytes.NewReader([]byte(testCases)))
    354. 

  354. 	for {
    355. 

  355. 		var tc testCase
    356. 

  356. 		if err := ydec.Decode(&tc); err != nil {
    357. 

  357. 			if !errors.Is(err, io.EOF) {
    358. 

  358. 				t.Errorf("testcase decode error %v", err)
    359. 

  359. 			}
    360. 

  360. 			break
    361. 

  361. 		}
    362. 

  362. 		runTestCase(tc, t)
    363. 

  363. 	}
    364. 

  364. }
    365. 

  365. 

  366. var testCasesPushSecret = `
    367. 

  367. case: good json
    368. 

  368. args:
    369. 

  369.   url: /api/pushsecret?id={{ .remoteRef.remoteKey }}&secret={{ .remoteRef.secretKey }}
    370. 

  370.   key: testkey
    371. 

  371.   secretkey: secretkey
    372. 

  372.   pushsecret: true
    373. 

  373.   secret:
    374. 

  374.     name: test-secret
    375. 

  375.     data:
    376. 

  376.       secretkey: value
    377. 

  377. want:
    378. 

  378.   path: /api/pushsecret?id=testkey&secret=secretkey
    379. 

  379.   err: ''
    380. 

  380. ---
    381. 

  381. case: secret key not found
    382. 

  382. args:
    383. 

  383.   url: /api/pushsecret?id={{ .remoteRef.remoteKey }}&secret={{ .remoteRef.secretKey }}
    384. 

  384.   key: testkey
    385. 

  385.   secretkey: not-found
    386. 

  386.   pushsecret: true
    387. 

  387.   secret:
    388. 

  388.     name: test-secret
    389. 

  389.     data:
    390. 

  390.       secretkey: value
    391. 

  391. want:
    392. 

  392.   path: /api/pushsecret?id=testkey&secret=not-found
    393. 

  393.   err: 'failed to find secret key in secret with key: not-found'
    394. 

  394. ---
    395. 

  395. case: pushing without secret key
    396. 

  396. args:
    397. 

  397.   url: /api/pushsecret?id={{ .remoteRef.remoteKey }}
    398. 

  398.   key: testkey
    399. 

  399.   pushsecret: true
    400. 

  400.   secret:
    401. 

  401.     name: test-secret
    402. 

  402.     data:
    403. 

  403.       secretkey: value
    404. 

  404. want:
    405. 

  405.   path: /api/pushsecret?id=testkey
    406. 

  406.   err: ''
    407. 

  407. ---
    408. 

  408. `
    409. 

  409. 

  410. func TestWebhookPushSecret(t *testing.T) {
    411. 

  411. 	ydec := yaml.NewDecoder(bytes.NewReader([]byte(testCasesPushSecret)))
    412. 

  412. 	for {
    413. 

  413. 		var tc testCase
    414. 

  414. 		if err := ydec.Decode(&tc); err != nil {
    415. 

  415. 			if !errors.Is(err, io.EOF) {
    416. 

  416. 				t.Errorf("testcase decode error %v", err)
    417. 

  417. 			}
    418. 

  418. 			break
    419. 

  419. 		}
    420. 

  420. 		runTestCase(tc, t)
    421. 

  421. 	}
    422. 

  422. }
    423. 

  423. 

  424. func testCaseServer(tc testCase, t *testing.T) *httptest.Server {
    425. 

  425. 	// Start a new server for every test case because the server wants to check the expected api path
    426. 

  426. 	return httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
    427. 

  427. 		if tc.Want.Path != "" && req.URL.String() != tc.Want.Path {
    428. 

  428. 			t.Errorf("%s: unexpected api path: %s, expected %s", tc.Case, req.URL.String(), tc.Want.Path)
    429. 

  429. 		}
    430. 

  430. 		if tc.Want.Body != "" {
    431. 

  431. 			b, _ := io.ReadAll(req.Body)
    432. 

  432. 			if string(b) != tc.Want.Body {
    433. 

  433. 				t.Errorf("%s: unexpected body: %s, expected %s", tc.Case, string(b), tc.Want.Body)
    434. 

  434. 			}
    435. 

  435. 		}
    436. 

  436. 		if tc.Args.StatusCode != 0 {
    437. 

  437. 			rw.WriteHeader(tc.Args.StatusCode)
    438. 

  438. 		}
    439. 

  439. 		rw.Write([]byte(tc.Args.Response))
    440. 

  440. 	}))
    441. 

  441. }
    442. 

  442. 

  443. func parseTimeout(timeout string) (*metav1.Duration, error) {
    444. 

  444. 	if timeout == "" {
    445. 

  445. 		return nil, nil
    446. 

  446. 	}
    447. 

  447. 	dur, err := time.ParseDuration(timeout)
    448. 

  448. 	if err != nil {
    449. 

  449. 		return nil, err
    450. 

  450. 	}
    451. 

  451. 	return &metav1.Duration{Duration: dur}, nil
    452. 

  452. }
    453. 

  453. 

  454. func runTestCase(tc testCase, t *testing.T) {
    455. 

  455. 	ts := testCaseServer(tc, t)
    456. 

  456. 	defer ts.Close()
    457. 

  457. 

  458. 	testStore := makeClusterSecretStore(ts.URL, tc.Args)
    459. 

  459. 	var err error
    460. 

  460. 	timeout, err := parseTimeout(tc.Args.Timeout)
    461. 

  461. 	if err != nil {
    462. 

  462. 		t.Errorf("%s: error parsing timeout '%s': %s", tc.Case, tc.Args.Timeout, err.Error())
    463. 

  463. 		return
    464. 

  464. 	}
    465. 

  465. 	testStore.Spec.Provider.Webhook.Timeout = timeout
    466. 

  466. 	testProv := &Provider{}
    467. 

  467. 	client, err := testProv.NewClient(context.Background(), testStore, nil, "testnamespace")
    468. 

  468. 	if err != nil {
    469. 

  469. 		t.Errorf("%s: error creating client: %s", tc.Case, err.Error())
    470. 

  470. 		return
    471. 

  471. 	}
    472. 

  472. 

  473. 	if tc.Want.ResultMap != nil && !tc.Args.PushSecret {
    474. 

  474. 		testGetSecretMap(tc, t, client)
    475. 

  475. 	} else if !tc.Args.PushSecret {
    476. 

  476. 		testGetSecret(tc, t, client)
    477. 

  477. 	} else {
    478. 

  478. 		testPushSecret(tc, t, client)
    479. 

  479. 	}
    480. 

  480. }
    481. 

  481. 

  482. func testGetSecretMap(tc testCase, t *testing.T, client esv1beta1.SecretsClient) {
    483. 

  483. 	testRef := esv1beta1.ExternalSecretDataRemoteRef{
    484. 

  484. 		Key:     tc.Args.Key,
    485. 

  485. 		Version: tc.Args.Version,
    486. 

  486. 	}
    487. 

  487. 	secretmap, err := client.GetSecretMap(context.Background(), testRef)
    488. 

  488. 	errStr := ""
    489. 

  489. 	if err != nil {
    490. 

  490. 		errStr = err.Error()
    491. 

  491. 	}
    492. 

  492. 	if (tc.Want.Err == "") != (errStr == "") || !strings.Contains(errStr, tc.Want.Err) {
    493. 

  493. 		t.Errorf("%s: unexpected error: '%s' (expected '%s')", tc.Case, errStr, tc.Want.Err)
    494. 

  494. 	}
    495. 

  495. 	if err == nil {
    496. 

  496. 		for wantkey, wantval := range tc.Want.ResultMap {
    497. 

  497. 			gotval, ok := secretmap[wantkey]
    498. 

  498. 			if !ok {
    499. 

  499. 				t.Errorf("%s: unexpected response: wanted key '%s' not found", tc.Case, wantkey)
    500. 

  500. 			} else if string(gotval) != wantval {
    501. 

  501. 				t.Errorf("%s: unexpected response: key '%s' = '%s' (expected '%s')", tc.Case, wantkey, wantval, gotval)
    502. 

  502. 			}
    503. 

  503. 		}
    504. 

  504. 	}
    505. 

  505. }
    506. 

  506. 

  507. func testGetSecret(tc testCase, t *testing.T, client esv1beta1.SecretsClient) {
    508. 

  508. 	testRef := esv1beta1.ExternalSecretDataRemoteRef{
    509. 

  509. 		Key:      tc.Args.Key,
    510. 

  510. 		Property: tc.Args.Property,
    511. 

  511. 		Version:  tc.Args.Version,
    512. 

  512. 	}
    513. 

  513. 	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
    514. 

  514. 	defer cancel()
    515. 

  515. 	secret, err := client.GetSecret(ctx, testRef)
    516. 

  516. 	errStr := ""
    517. 

  517. 	if err != nil {
    518. 

  518. 		errStr = err.Error()
    519. 

  519. 	}
    520. 

  520. 	if !strings.Contains(errStr, tc.Want.Err) {
    521. 

  521. 		t.Errorf("%s: unexpected error: '%s' (expected '%s')", tc.Case, errStr, tc.Want.Err)
    522. 

  522. 	}
    523. 

  523. 	if err == nil && string(secret) != tc.Want.Result {
    524. 

  524. 		t.Errorf("%s: unexpected response: '%s' (expected '%s')", tc.Case, secret, tc.Want.Result)
    525. 

  525. 	}
    526. 

  526. }
    527. 

  527. 

  528. func testPushSecret(tc testCase, t *testing.T, client esv1beta1.SecretsClient) {
    529. 

  529. 	testRef := v1alpha1.PushSecretData{
    530. 

  530. 		Match: v1alpha1.PushSecretMatch{
    531. 

  531. 			SecretKey: tc.Args.SecretKey,
    532. 

  532. 			RemoteRef: v1alpha1.PushSecretRemoteRef{
    533. 

  533. 				RemoteKey: tc.Args.Key,
    534. 

  534. 			},
    535. 

  535. 		},
    536. 

  536. 	}
    537. 

  537. 

  538. 	data := map[string][]byte{}
    539. 

  539. 	for k, v := range tc.Args.Secret.Data {
    540. 

  540. 		data[k] = []byte(v)
    541. 

  541. 	}
    542. 

  542. 	sec := &corev1.Secret{
    543. 

  543. 		ObjectMeta: metav1.ObjectMeta{
    544. 

  544. 			Name: tc.Args.Secret.Name,
    545. 

  545. 		},
    546. 

  546. 		Data: data,
    547. 

  547. 	}
    548. 

  548. 	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
    549. 

  549. 	defer cancel()
    550. 

  550. 	err := client.PushSecret(ctx, sec, testRef)
    551. 

  551. 	errStr := ""
    552. 

  552. 	if err != nil {
    553. 

  553. 		errStr = err.Error()
    554. 

  554. 	}
    555. 

  555. 	if tc.Want.Err == "" && errStr != "" {
    556. 

  556. 		t.Errorf("%s: unexpected error: '%s' (expected '%s')", tc.Case, errStr, tc.Want.Err)
    557. 

  557. 	}
    558. 

  558. 

  559. 	if !strings.Contains(errStr, tc.Want.Err) {
    560. 

  560. 		t.Errorf("%s: unexpected error: '%s' (expected '%s')", tc.Case, errStr, tc.Want.Err)
    561. 

  561. 	}
    562. 

  562. }
    563. 

  563. 

  564. func makeClusterSecretStore(url string, args args) *esv1beta1.ClusterSecretStore {
    565. 

  565. 	store := &esv1beta1.ClusterSecretStore{
    566. 

  566. 		TypeMeta: metav1.TypeMeta{
    567. 

  567. 			Kind: "ClusterSecretStore",
    568. 

  568. 		},
    569. 

  569. 		ObjectMeta: metav1.ObjectMeta{
    570. 

  570. 			Name:      "wehbook-store",
    571. 

  571. 			Namespace: "default",
    572. 

  572. 		},
    573. 

  573. 		Spec: esv1beta1.SecretStoreSpec{
    574. 

  574. 			Provider: &esv1beta1.SecretStoreProvider{
    575. 

  575. 				Webhook: &esv1beta1.WebhookProvider{
    576. 

  576. 					URL:  url + args.URL,
    577. 

  577. 					Body: args.Body,
    578. 

  578. 					Headers: map[string]string{
    579. 

  579. 						"Content-Type": "application.json",
    580. 

  580. 						"X-SecretKey":  "{{ .remoteRef.key }}",
    581. 

  581. 					},
    582. 

  582. 					Result: esv1beta1.WebhookResult{
    583. 

  583. 						JSONPath: args.JSONPath,
    584. 

  584. 					},
    585. 

  585. 				},
    586. 

  586. 			},
    587. 

  587. 		},
    588. 

  588. 	}
    589. 

  589. 	return store
    590. 

  590. }
    591.