Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 4571cfb2cf
Branches Tags
helm-externa...
/
pkg
/
provider
/
ibm
/
provider_test.go

provider_test.go 55 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package ibm
    16. 

  16. 

  17. import (
    18. 

  18. 	"bytes"
    19. 

  19. 	"context"
    20. 

  20. 	"encoding/json"
    21. 

  21. 	"errors"
    22. 

  22. 	"fmt"
    23. 

  23. 	"reflect"
    24. 

  24. 	"strconv"
    25. 

  25. 	"strings"
    26. 

  26. 	"testing"
    27. 

  27. 

  28. 	"github.com/IBM/go-sdk-core/v5/core"
    29. 

  29. 	sm "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2"
    30. 

  30. 	"github.com/go-openapi/strfmt"
    31. 

  31. 	corev1 "k8s.io/api/core/v1"
    32. 

  32. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    33. 

  33. 	utilpointer "k8s.io/utils/ptr"
    34. 

  34. 	clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
    35. 

  35. 

  36. 	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    37. 

  37. 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
    38. 

  38. 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/ibm/fake"
    39. 

  39. )
    40. 

  40. 

  41. const (
    42. 

  42. 	errExpectedErr       = "wanted error got nil"
    43. 

  43. 	secretKey            = "test-secret"
    44. 

  44. 	secretUUID           = "d5deb37a-7883-4fe2-a5e7-3c15420adc76"
    45. 

  45. 	iamCredentialsSecret = "iam_credentials/"
    46. 

  46. )
    47. 

  47. 

  48. type secretManagerTestCase struct {
    49. 

  49. 	name            string
    50. 

  50. 	mockClient      *fakesm.IBMMockClient
    51. 

  51. 	apiInput        *sm.GetSecretOptions
    52. 

  52. 	apiOutput       sm.SecretIntf
    53. 

  53. 	getByNameInput  *sm.GetSecretByNameTypeOptions
    54. 

  54. 	getByNameOutput sm.SecretIntf
    55. 

  55. 	getByNameError  error
    56. 

  56. 	ref             *esv1.ExternalSecretDataRemoteRef
    57. 

  57. 	serviceURL      *string
    58. 

  58. 	apiErr          error
    59. 

  59. 	expectError     string
    60. 

  60. 	expectedSecret  string
    61. 

  61. 	// for testing secretmap
    62. 

  62. 	expectedData map[string][]byte
    63. 

  63. }
    64. 

  64. 

  65. func makeValidSecretManagerTestCase() *secretManagerTestCase {
    66. 

  66. 	smtc := secretManagerTestCase{
    67. 

  67. 		mockClient:      &fakesm.IBMMockClient{},
    68. 

  68. 		apiInput:        makeValidAPIInput(),
    69. 

  69. 		ref:             makeValidRef(),
    70. 

  70. 		apiOutput:       makeValidAPIOutput(),
    71. 

  71. 		getByNameInput:  makeValidGetByNameInput(),
    72. 

  72. 		getByNameOutput: makeValidAPIOutput(),
    73. 

  73. 		getByNameError:  nil,
    74. 

  74. 		serviceURL:      nil,
    75. 

  75. 		apiErr:          nil,
    76. 

  76. 		expectError:     "",
    77. 

  77. 		expectedSecret:  "",
    78. 

  78. 		expectedData:    map[string][]byte{},
    79. 

  79. 	}
    80. 

  80. 	mcParams := fakesm.IBMMockClientParams{
    81. 

  81. 		GetSecretOptions:       smtc.apiInput,
    82. 

  82. 		GetSecretOutput:        smtc.apiOutput,
    83. 

  83. 		GetSecretErr:           smtc.apiErr,
    84. 

  84. 		GetSecretByNameOptions: smtc.getByNameInput,
    85. 

  85. 		GetSecretByNameOutput:  smtc.getByNameOutput,
    86. 

  86. 		GetSecretByNameErr:     smtc.getByNameError,
    87. 

  87. 	}
    88. 

  88. 	smtc.mockClient.WithValue(mcParams)
    89. 

  89. 	return &smtc
    90. 

  90. }
    91. 

  91. 

  92. func makeValidRef() *esv1.ExternalSecretDataRemoteRef {
    93. 

  93. 	return &esv1.ExternalSecretDataRemoteRef{
    94. 

  94. 		Key:     secretUUID,
    95. 

  95. 		Version: "default",
    96. 

  96. 	}
    97. 

  97. }
    98. 

  98. 

  99. func makeValidAPIInput() *sm.GetSecretOptions {
    100. 

  100. 	return &sm.GetSecretOptions{
    101. 

  101. 		ID: utilpointer.To(secretUUID),
    102. 

  102. 	}
    103. 

  103. }
    104. 

  104. 

  105. func makeValidAPIOutput() sm.SecretIntf {
    106. 

  106. 	secret := &sm.Secret{
    107. 

  107. 		SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    108. 

  108. 		Name:       utilpointer.To("testyname"),
    109. 

  109. 		ID:         utilpointer.To(secretUUID),
    110. 

  110. 	}
    111. 

  111. 	var i sm.SecretIntf = secret
    112. 

  112. 	return i
    113. 

  113. }
    114. 

  114. 

  115. func makeValidGetByNameInput() *sm.GetSecretByNameTypeOptions {
    116. 

  116. 	return &sm.GetSecretByNameTypeOptions{}
    117. 

  117. }
    118. 

  118. 

  119. func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTestCase)) *secretManagerTestCase {
    120. 

  120. 	smtc := makeValidSecretManagerTestCase()
    121. 

  121. 	for _, fn := range tweaks {
    122. 

  122. 		fn(smtc)
    123. 

  123. 	}
    124. 

  124. 	mcParams := fakesm.IBMMockClientParams{
    125. 

  125. 		GetSecretOptions:       smtc.apiInput,
    126. 

  126. 		GetSecretOutput:        smtc.apiOutput,
    127. 

  127. 		GetSecretErr:           smtc.apiErr,
    128. 

  128. 		GetSecretByNameOptions: smtc.getByNameInput,
    129. 

  129. 		GetSecretByNameOutput:  smtc.getByNameOutput,
    130. 

  130. 		GetSecretByNameErr:     smtc.apiErr,
    131. 

  131. 	}
    132. 

  132. 	smtc.mockClient.WithValue(mcParams)
    133. 

  133. 	return smtc
    134. 

  134. }
    135. 

  135. 

  136. // This case can be shared by both GetSecret and GetSecretMap tests.
    137. 

  137. // bad case: set apiErr.
    138. 

  138. var setAPIErr = func(smtc *secretManagerTestCase) {
    139. 

  139. 	smtc.apiErr = errors.New("oh no")
    140. 

  140. 	smtc.expectError = "oh no"
    141. 

  141. }
    142. 

  142. 

  143. var setNilMockClient = func(smtc *secretManagerTestCase) {
    144. 

  144. 	smtc.mockClient = nil
    145. 

  145. 	smtc.expectError = errUninitializedIBMProvider
    146. 

  146. }
    147. 

  147. 

  148. // simple tests for Validate Store.
    149. 

  149. func TestValidateStore(t *testing.T) {
    150. 

  150. 	p := providerIBM{}
    151. 

  151. 	store := &esv1.SecretStore{
    152. 

  152. 		Spec: esv1.SecretStoreSpec{
    153. 

  153. 			Provider: &esv1.SecretStoreProvider{
    154. 

  154. 				IBM: &esv1.IBMProvider{},
    155. 

  155. 			},
    156. 

  156. 		},
    157. 

  157. 	}
    158. 

  158. 	_, err := p.ValidateStore(store)
    159. 

  159. 	if err == nil {
    160. 

  160. 		t.Error(errExpectedErr)
    161. 

  161. 	} else if err.Error() != "serviceURL is required" {
    162. 

  162. 		t.Errorf("service URL test failed")
    163. 

  163. 	}
    164. 

  164. 	url := "my-url"
    165. 

  165. 	store.Spec.Provider.IBM.ServiceURL = &url
    166. 

  166. 	_, err = p.ValidateStore(store)
    167. 

  167. 	if err == nil {
    168. 

  168. 		t.Error(errExpectedErr)
    169. 

  169. 	} else if err.Error() != "missing auth method" {
    170. 

  170. 		t.Errorf("KeySelector test failed: expected missing auth method, got %v", err)
    171. 

  171. 	}
    172. 

  172. 	ns := "ns-one"
    173. 

  173. 	store.Spec.Provider.IBM.Auth.SecretRef = &esv1.IBMAuthSecretRef{
    174. 

  174. 		SecretAPIKey: v1.SecretKeySelector{
    175. 

  175. 			Name:      "foo",
    176. 

  176. 			Key:       "bar",
    177. 

  177. 			Namespace: &ns,
    178. 

  178. 		},
    179. 

  179. 	}
    180. 

  180. 	_, err = p.ValidateStore(store)
    181. 

  181. 	if err == nil {
    182. 

  182. 		t.Error(errExpectedErr)
    183. 

  183. 	} else if err.Error() != "namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore" {
    184. 

  184. 		t.Errorf("KeySelector test failed: expected namespace not allowed, got %v", err)
    185. 

  185. 	}
    186. 

  186. 

  187. 	// add container auth test
    188. 

  188. 	store = &esv1.SecretStore{
    189. 

  189. 		Spec: esv1.SecretStoreSpec{
    190. 

  190. 			Provider: &esv1.SecretStoreProvider{
    191. 

  191. 				IBM: &esv1.IBMProvider{
    192. 

  192. 					ServiceURL: &url,
    193. 

  193. 					Auth: esv1.IBMAuth{
    194. 

  194. 						ContainerAuth: &esv1.IBMAuthContainerAuth{
    195. 

  195. 							Profile:       "Trusted IAM Profile",
    196. 

  196. 							TokenLocation: "/a/path/to/nowhere/that/should/exist",
    197. 

  197. 						},
    198. 

  198. 					},
    199. 

  199. 				},
    200. 

  200. 			},
    201. 

  201. 		},
    202. 

  202. 	}
    203. 

  203. 	_, err = p.ValidateStore(store)
    204. 

  204. 	expected := "cannot read container auth token"
    205. 

  205. 	if !ErrorContains(err, expected) {
    206. 

  206. 		t.Errorf("ProfileSelector test failed: %s, expected: '%s'", err.Error(), expected)
    207. 

  207. 	}
    208. 

  208. }
    209. 

  209. 

  210. // test the sm<->gcp interface
    211. 

  211. // make sure correct values are passed and errors are handled accordingly.
    212. 

  212. func TestIBMSecretManagerGetSecret(t *testing.T) {
    213. 

  213. 	secretString := "changedvalue"
    214. 

  214. 	secretUsername := "userName"
    215. 

  215. 	secretPassword := "P@ssw0rd"
    216. 

  216. 	secretAPIKey := "01234567890"
    217. 

  217. 	secretCertificate := "certificate_value"
    218. 

  218. 	firstValue := "val1"
    219. 

  219. 

  220. 	// good case: default version is set
    221. 

  221. 	// key is passed in, output is sent back
    222. 

  222. 	setSecretString := func(smtc *secretManagerTestCase) {
    223. 

  223. 		secret := &sm.ArbitrarySecret{
    224. 

  224. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    225. 

  225. 			Name:       utilpointer.To("testyname"),
    226. 

  226. 			ID:         utilpointer.To(secretUUID),
    227. 

  227. 			Payload:    &secretString,
    228. 

  228. 		}
    229. 

  229. 		smtc.name = "good case: default version is set"
    230. 

  230. 		smtc.apiOutput = secret
    231. 

  231. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    232. 

  232. 		smtc.expectedSecret = secretString
    233. 

  233. 	}
    234. 

  234. 

  235. 	// good case: custom version set
    236. 

  236. 	setCustomKey := func(smtc *secretManagerTestCase) {
    237. 

  237. 		secret := &sm.ArbitrarySecret{
    238. 

  238. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    239. 

  239. 			Name:       utilpointer.To("testyname"),
    240. 

  240. 			ID:         utilpointer.To(secretUUID),
    241. 

  241. 			Payload:    &secretString,
    242. 

  242. 		}
    243. 

  243. 		smtc.name = "good case: custom version set"
    244. 

  244. 		smtc.ref.Key = "arbitrary/" + secretUUID
    245. 

  245. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    246. 

  246. 		smtc.apiOutput = secret
    247. 

  247. 		smtc.expectedSecret = secretString
    248. 

  248. 	}
    249. 

  249. 

  250. 	// bad case: arbitrary type secret which is destroyed
    251. 

  251. 	badArbitSecret := func(smtc *secretManagerTestCase) {
    252. 

  252. 		secret := &sm.ArbitrarySecret{
    253. 

  253. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    254. 

  254. 			Name:       utilpointer.To("testyname"),
    255. 

  255. 			ID:         utilpointer.To(secretUUID),
    256. 

  256. 		}
    257. 

  257. 		smtc.name = "bad case: arbitrary type without property"
    258. 

  258. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    259. 

  259. 		smtc.apiOutput = secret
    260. 

  260. 		smtc.ref.Key = secretUUID
    261. 

  261. 		smtc.expectError = "key payload does not exist in secret " + secretUUID
    262. 

  262. 	}
    263. 

  263. 

  264. 	// bad case: username_password type without property
    265. 

  265. 	secretUserPass := "username_password/" + secretUUID
    266. 

  266. 	badSecretUserPass := func(smtc *secretManagerTestCase) {
    267. 

  267. 		secret := &sm.UsernamePasswordSecret{
    268. 

  268. 			SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    269. 

  269. 			Name:       utilpointer.To("testyname"),
    270. 

  270. 			ID:         utilpointer.To(secretUUID),
    271. 

  271. 			Username:   &secretUsername,
    272. 

  272. 			Password:   &secretPassword,
    273. 

  273. 		}
    274. 

  274. 		smtc.name = "bad case: username_password type without property"
    275. 

  275. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    276. 

  276. 		smtc.apiOutput = secret
    277. 

  277. 		smtc.ref.Key = secretUserPass
    278. 

  278. 		smtc.expectError = "remoteRef.property required for secret type username_password"
    279. 

  279. 	}
    280. 

  280. 

  281. 	// good case: username_password type with property
    282. 

  282. 	funcSetUserPass := func(secretName, property, name string) func(smtc *secretManagerTestCase) {
    283. 

  283. 		return func(smtc *secretManagerTestCase) {
    284. 

  284. 			secret := &sm.UsernamePasswordSecret{
    285. 

  285. 				SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    286. 

  286. 				Name:       utilpointer.To("testyname"),
    287. 

  287. 				ID:         utilpointer.To(secretUUID),
    288. 

  288. 				Username:   &secretUsername,
    289. 

  289. 				Password:   &secretPassword,
    290. 

  290. 			}
    291. 

  291. 			smtc.name = name
    292. 

  292. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    293. 

  293. 			smtc.apiOutput = secret
    294. 

  294. 			smtc.ref.Key = "username_password/" + secretName
    295. 

  295. 			smtc.ref.Property = property
    296. 

  296. 			if property == "username" {
    297. 

  297. 				smtc.expectedSecret = secretUsername
    298. 

  298. 			} else {
    299. 

  299. 				smtc.expectedSecret = secretPassword
    300. 

  300. 			}
    301. 

  301. 		}
    302. 

  302. 	}
    303. 

  303. 	setSecretUserPassByID := funcSetUserPass(secretUUID, "username", "good case: username_password type - get username by ID")
    304. 

  304. 

  305. 	// good case: iam_credentials type
    306. 

  306. 	funcSetSecretIam := func(secretName, name string) func(*secretManagerTestCase) {
    307. 

  307. 		return func(smtc *secretManagerTestCase) {
    308. 

  308. 			secret := &sm.IAMCredentialsSecret{
    309. 

  309. 				SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    310. 

  310. 				Name:       utilpointer.To("testyname"),
    311. 

  311. 				ID:         utilpointer.To(secretUUID),
    312. 

  312. 				ApiKey:     utilpointer.To(secretAPIKey),
    313. 

  313. 			}
    314. 

  314. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    315. 

  315. 			smtc.name = name
    316. 

  316. 			smtc.apiOutput = secret
    317. 

  317. 			smtc.ref.Key = iamCredentialsSecret + secretName
    318. 

  318. 			smtc.expectedSecret = secretAPIKey
    319. 

  319. 		}
    320. 

  320. 	}
    321. 

  321. 

  322. 	setSecretIamByID := funcSetSecretIam(secretUUID, "good case: iam_credenatials type - get API Key by ID")
    323. 

  323. 

  324. 	// good case: iam_credentials type - get API Key by name, providing the secret group ID
    325. 

  325. 	funcSetSecretIamNew := func(secretName, groupName, name string) func(*secretManagerTestCase) {
    326. 

  326. 		return func(smtc *secretManagerTestCase) {
    327. 

  327. 			secret := &sm.IAMCredentialsSecret{
    328. 

  328. 				SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    329. 

  329. 				Name:       utilpointer.To("testyname"),
    330. 

  330. 				ID:         utilpointer.To(secretUUID),
    331. 

  331. 				ApiKey:     utilpointer.To(secretAPIKey),
    332. 

  332. 			}
    333. 

  333. 			smtc.getByNameInput.Name = &secretName
    334. 

  334. 			smtc.getByNameInput.SecretGroupName = &groupName
    335. 

  335. 			smtc.getByNameInput.SecretType = utilpointer.To(sm.Secret_SecretType_IamCredentials)
    336. 

  336. 

  337. 			smtc.name = name
    338. 

  338. 			smtc.getByNameOutput = secret
    339. 

  339. 			smtc.ref.Key = groupName + "/" + iamCredentialsSecret + secretName
    340. 

  340. 			smtc.expectedSecret = secretAPIKey
    341. 

  341. 		}
    342. 

  342. 	}
    343. 

  343. 	setSecretIamByNameNew := funcSetSecretIamNew("testyname", "testGroup", "good case: iam_credenatials type - get API Key by name - new mechanism")
    344. 

  344. 

  345. 	// good case: service_credentials type
    346. 

  346. 	dummySrvCreds := &sm.ServiceCredentialsSecretCredentials{
    347. 

  347. 		Apikey: &secretAPIKey,
    348. 

  348. 	}
    349. 

  349. 

  350. 	funcSetSecretSrvCred := func(secretName, name string) func(*secretManagerTestCase) {
    351. 

  351. 		return func(smtc *secretManagerTestCase) {
    352. 

  352. 			secret := &sm.ServiceCredentialsSecret{
    353. 

  353. 				SecretType:  utilpointer.To(sm.Secret_SecretType_ServiceCredentials),
    354. 

  354. 				Name:        utilpointer.To("testyname"),
    355. 

  355. 				ID:          utilpointer.To(secretUUID),
    356. 

  356. 				Credentials: dummySrvCreds,
    357. 

  357. 			}
    358. 

  358. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    359. 

  359. 			smtc.name = name
    360. 

  360. 			smtc.apiOutput = secret
    361. 

  361. 			smtc.ref.Key = "service_credentials/" + secretName
    362. 

  362. 			smtc.expectedSecret = "{\"apikey\":\"01234567890\"}"
    363. 

  363. 		}
    364. 

  364. 	}
    365. 

  365. 

  366. 	setSecretSrvCredByID := funcSetSecretSrvCred(secretUUID, "good case: service_credentials type - get creds by ID")
    367. 

  367. 

  368. 	funcSetCertSecretTest := func(secret sm.SecretIntf, name, certType string, good bool) func(*secretManagerTestCase) {
    369. 

  369. 		return func(smtc *secretManagerTestCase) {
    370. 

  370. 			smtc.name = name
    371. 

  371. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    372. 

  372. 			smtc.apiOutput = secret
    373. 

  373. 			smtc.ref.Key = certType + "/" + secretUUID
    374. 

  374. 			if good {
    375. 

  375. 				smtc.ref.Property = "certificate"
    376. 

  376. 				smtc.expectedSecret = secretCertificate
    377. 

  377. 			} else {
    378. 

  378. 				smtc.expectError = "remoteRef.property required for secret type " + certType
    379. 

  379. 			}
    380. 

  380. 		}
    381. 

  381. 	}
    382. 

  382. 

  383. 	// good case: imported_cert type with property
    384. 

  384. 	importedCert := &sm.ImportedCertificate{
    385. 

  385. 		SecretType:   utilpointer.To(sm.Secret_SecretType_ImportedCert),
    386. 

  386. 		Name:         utilpointer.To("testyname"),
    387. 

  387. 		ID:           utilpointer.To(secretUUID),
    388. 

  388. 		Certificate:  utilpointer.To(secretCertificate),
    389. 

  389. 		Intermediate: utilpointer.To("intermediate"),
    390. 

  390. 		PrivateKey:   utilpointer.To("private_key"),
    391. 

  391. 	}
    392. 

  392. 	setSecretCert := funcSetCertSecretTest(importedCert, "good case: imported_cert type with property", sm.Secret_SecretType_ImportedCert, true)
    393. 

  393. 

  394. 	// good case: imported_cert type without a private_key
    395. 

  395. 	importedCertNoPvtKey := func(smtc *secretManagerTestCase) {
    396. 

  396. 		secret := &sm.ImportedCertificate{
    397. 

  397. 			SecretType:  utilpointer.To(sm.Secret_SecretType_ImportedCert),
    398. 

  398. 			Name:        utilpointer.To("testyname"),
    399. 

  399. 			ID:          utilpointer.To(secretUUID),
    400. 

  400. 			Certificate: utilpointer.To(secretCertificate),
    401. 

  401. 		}
    402. 

  402. 		smtc.name = "good case: imported cert without private key"
    403. 

  403. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    404. 

  404. 		smtc.apiOutput = secret
    405. 

  405. 		smtc.ref.Key = "imported_cert/" + secretUUID
    406. 

  406. 		smtc.ref.Property = "private_key"
    407. 

  407. 		smtc.expectedSecret = ""
    408. 

  408. 	}
    409. 

  409. 

  410. 	// bad case: imported_cert type without property
    411. 

  411. 	badSecretCert := funcSetCertSecretTest(importedCert, "bad case: imported_cert type without property", sm.Secret_SecretType_ImportedCert, false)
    412. 

  412. 

  413. 	// good case: public_cert type with property
    414. 

  414. 	publicCert := &sm.PublicCertificate{
    415. 

  415. 		SecretType:   utilpointer.To(sm.Secret_SecretType_PublicCert),
    416. 

  416. 		Name:         utilpointer.To("testyname"),
    417. 

  417. 		ID:           utilpointer.To(secretUUID),
    418. 

  418. 		Certificate:  utilpointer.To(secretCertificate),
    419. 

  419. 		Intermediate: utilpointer.To("intermediate"),
    420. 

  420. 		PrivateKey:   utilpointer.To("private_key"),
    421. 

  421. 	}
    422. 

  422. 	setSecretPublicCert := funcSetCertSecretTest(publicCert, "good case: public_cert type with property", sm.Secret_SecretType_PublicCert, true)
    423. 

  423. 

  424. 	// bad case: public_cert type without property
    425. 

  425. 	badSecretPublicCert := funcSetCertSecretTest(publicCert, "bad case: public_cert type without property", sm.Secret_SecretType_PublicCert, false)
    426. 

  426. 

  427. 	// good case: private_cert type with property
    428. 

  428. 	privateCert := &sm.PrivateCertificate{
    429. 

  429. 		SecretType:  utilpointer.To(sm.Secret_SecretType_PublicCert),
    430. 

  430. 		Name:        utilpointer.To("testyname"),
    431. 

  431. 		ID:          utilpointer.To(secretUUID),
    432. 

  432. 		Certificate: utilpointer.To(secretCertificate),
    433. 

  433. 		PrivateKey:  utilpointer.To("private_key"),
    434. 

  434. 	}
    435. 

  435. 	setSecretPrivateCert := funcSetCertSecretTest(privateCert, "good case: private_cert type with property", sm.Secret_SecretType_PrivateCert, true)
    436. 

  436. 

  437. 	// bad case: private_cert type without property
    438. 

  438. 	badSecretPrivateCert := funcSetCertSecretTest(privateCert, "bad case: private_cert type without property", sm.Secret_SecretType_PrivateCert, false)
    439. 

  439. 

  440. 	secretDataKV := make(map[string]any)
    441. 

  441. 	secretDataKV["key1"] = firstValue
    442. 

  442. 

  443. 	secretDataKVComplex := make(map[string]any)
    444. 

  444. 	secretKVComplex := `{"key1":"val1","key2":"val2","key3":"val3","keyC":{"keyC1":"valC1","keyC2":"valC2"},"special.log":"file-content"}`
    445. 

  445. 	json.Unmarshal([]byte(secretKVComplex), &secretDataKVComplex)
    446. 

  446. 

  447. 	secretKV := "kv/" + secretUUID
    448. 

  448. 

  449. 	// bad case: kv type with key which is not in payload
    450. 

  450. 	badSecretKV := func(smtc *secretManagerTestCase) {
    451. 

  451. 		secret := &sm.KVSecret{
    452. 

  452. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    453. 

  453. 			Name:       utilpointer.To("testyname"),
    454. 

  454. 			ID:         utilpointer.To(secretUUID),
    455. 

  455. 			Data:       secretDataKV,
    456. 

  456. 		}
    457. 

  457. 		smtc.name = "bad case: kv type with key which is not in payload"
    458. 

  458. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    459. 

  459. 		smtc.apiOutput = secret
    460. 

  460. 		smtc.ref.Key = secretKV
    461. 

  461. 		smtc.ref.Property = "other-key"
    462. 

  462. 		smtc.expectError = "key other-key does not exist in secret kv/" + secretUUID
    463. 

  463. 	}
    464. 

  464. 

  465. 	// good case: kv type with property
    466. 

  466. 	setSecretKV := func(smtc *secretManagerTestCase) {
    467. 

  467. 		secret := &sm.KVSecret{
    468. 

  468. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    469. 

  469. 			Name:       utilpointer.To("testyname"),
    470. 

  470. 			ID:         utilpointer.To(secretUUID),
    471. 

  471. 			Data:       secretDataKV,
    472. 

  472. 		}
    473. 

  473. 		smtc.name = "good case: kv type with property"
    474. 

  474. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    475. 

  475. 		smtc.apiOutput = secret
    476. 

  476. 		smtc.ref.Key = secretKV
    477. 

  477. 		smtc.ref.Property = "key1"
    478. 

  478. 		smtc.expectedSecret = firstValue
    479. 

  479. 	}
    480. 

  480. 

  481. 	// good case: kv type with property, returns specific value
    482. 

  482. 	setSecretKVWithKey := func(smtc *secretManagerTestCase) {
    483. 

  483. 		secret := &sm.KVSecret{
    484. 

  484. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    485. 

  485. 			Name:       utilpointer.To("testyname"),
    486. 

  486. 			ID:         utilpointer.To(secretUUID),
    487. 

  487. 			Data:       secretDataKVComplex,
    488. 

  488. 		}
    489. 

  489. 		smtc.name = "good case: kv type with property, returns specific value"
    490. 

  490. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    491. 

  491. 		smtc.apiOutput = secret
    492. 

  492. 		smtc.ref.Key = secretKV
    493. 

  493. 		smtc.ref.Property = "key2"
    494. 

  494. 		smtc.expectedSecret = "val2"
    495. 

  495. 	}
    496. 

  496. 

  497. 	// good case: kv type with property and path, returns specific value
    498. 

  498. 	setSecretKVWithKeyPath := func(smtc *secretManagerTestCase) {
    499. 

  499. 		secret := &sm.KVSecret{
    500. 

  500. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    501. 

  501. 			Name:       utilpointer.To("testyname"),
    502. 

  502. 			ID:         utilpointer.To(secretUUID),
    503. 

  503. 			Data:       secretDataKVComplex,
    504. 

  504. 		}
    505. 

  505. 		smtc.name = "good case: kv type with property and path, returns specific value"
    506. 

  506. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    507. 

  507. 		smtc.apiOutput = secret
    508. 

  508. 		smtc.ref.Key = secretKV
    509. 

  509. 		smtc.ref.Property = "keyC.keyC2"
    510. 

  510. 		smtc.expectedSecret = "valC2"
    511. 

  511. 	}
    512. 

  512. 

  513. 	// good case: kv type with property and dot, returns specific value
    514. 

  514. 	setSecretKVWithKeyDot := func(smtc *secretManagerTestCase) {
    515. 

  515. 		secret := &sm.KVSecret{
    516. 

  516. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    517. 

  517. 			Name:       utilpointer.To("testyname"),
    518. 

  518. 			ID:         utilpointer.To(secretUUID),
    519. 

  519. 			Data:       secretDataKVComplex,
    520. 

  520. 		}
    521. 

  521. 		smtc.name = "good case: kv type with property and dot, returns specific value"
    522. 

  522. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    523. 

  523. 		smtc.apiOutput = secret
    524. 

  524. 		smtc.ref.Key = secretKV
    525. 

  525. 		smtc.ref.Property = "special.log"
    526. 

  526. 		smtc.expectedSecret = "file-content"
    527. 

  527. 	}
    528. 

  528. 

  529. 	// good case: kv type without property, returns all
    530. 

  530. 	setSecretKVWithOutKey := func(smtc *secretManagerTestCase) {
    531. 

  531. 		secret := &sm.KVSecret{
    532. 

  532. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    533. 

  533. 			Name:       utilpointer.To("testyname"),
    534. 

  534. 			ID:         utilpointer.To(secretUUID),
    535. 

  535. 			Data:       secretDataKVComplex,
    536. 

  536. 		}
    537. 

  537. 		smtc.name = "good case: kv type without property, returns all"
    538. 

  538. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    539. 

  539. 		smtc.apiOutput = secret
    540. 

  540. 		smtc.ref.Key = secretKV
    541. 

  541. 		smtc.expectedSecret = secretKVComplex
    542. 

  542. 	}
    543. 

  543. 

  544. 	customCredentialsSecretCredentialsContent := make(map[string]any)
    545. 

  545. 	customCredentialsSecretCredentialsContent["key1"] = firstValue
    546. 

  546. 

  547. 	customCredentialsSecretCredentialsContentComplex := make(map[string]any)
    548. 

  548. 	customCredentialsSecretComplex := `{"key1":"val1","key2":"val2","key3":"val3","keyC":{"keyC1":"valC1","keyC2":"valC2"},"special.log":"file-content"}`
    549. 

  549. 	json.Unmarshal([]byte(customCredentialsSecretComplex), &customCredentialsSecretCredentialsContentComplex)
    550. 

  550. 

  551. 	secretCustomCredentials := "custom_credentials/" + secretUUID
    552. 

  552. 

  553. 	// bad case: custom credentials type with key which is not in payload
    554. 

  554. 	badSecretCustomCredentials := func(smtc *secretManagerTestCase) {
    555. 

  555. 		secret := &sm.CustomCredentialsSecret{
    556. 

  556. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    557. 

  557. 			Name:               utilpointer.To("testyname"),
    558. 

  558. 			ID:                 utilpointer.To(secretUUID),
    559. 

  559. 			CredentialsContent: customCredentialsSecretCredentialsContent,
    560. 

  560. 		}
    561. 

  561. 		smtc.name = "bad case: custom credentials type with key which is not in payload"
    562. 

  562. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    563. 

  563. 		smtc.apiOutput = secret
    564. 

  564. 		smtc.ref.Key = secretCustomCredentials
    565. 

  565. 		smtc.ref.Property = "other-key"
    566. 

  566. 		smtc.expectError = "key other-key does not exist in secret custom_credentials/" + secretUUID
    567. 

  567. 	}
    568. 

  568. 

  569. 	// good case: custom credentials type with property
    570. 

  570. 	setSecretCustomCredentials := func(smtc *secretManagerTestCase) {
    571. 

  571. 		secret := &sm.CustomCredentialsSecret{
    572. 

  572. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    573. 

  573. 			Name:               utilpointer.To("testyname"),
    574. 

  574. 			ID:                 utilpointer.To(secretUUID),
    575. 

  575. 			CredentialsContent: customCredentialsSecretCredentialsContent,
    576. 

  576. 		}
    577. 

  577. 		smtc.name = "good case: custom_credentials type with property"
    578. 

  578. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    579. 

  579. 		smtc.apiOutput = secret
    580. 

  580. 		smtc.ref.Key = secretCustomCredentials
    581. 

  581. 		smtc.ref.Property = "key1"
    582. 

  582. 		smtc.expectedSecret = firstValue
    583. 

  583. 	}
    584. 

  584. 

  585. 	// good case: custom_credentials type with property, returns specific value
    586. 

  586. 	setSecretCustomCredentialsWithKey := func(smtc *secretManagerTestCase) {
    587. 

  587. 		secret := &sm.CustomCredentialsSecret{
    588. 

  588. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    589. 

  589. 			Name:               utilpointer.To("testyname"),
    590. 

  590. 			ID:                 utilpointer.To(secretUUID),
    591. 

  591. 			CredentialsContent: customCredentialsSecretCredentialsContentComplex,
    592. 

  592. 		}
    593. 

  593. 		smtc.name = "good case: custom_credentials type with property, returns specific value"
    594. 

  594. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    595. 

  595. 		smtc.apiOutput = secret
    596. 

  596. 		smtc.ref.Key = secretCustomCredentials
    597. 

  597. 		smtc.ref.Property = "key2"
    598. 

  598. 		smtc.expectedSecret = "val2"
    599. 

  599. 	}
    600. 

  600. 

  601. 	// good case: custom_credentials type with property and path, returns specific value
    602. 

  602. 	setSecretCustomCredentialsWithKeyPath := func(smtc *secretManagerTestCase) {
    603. 

  603. 		secret := &sm.CustomCredentialsSecret{
    604. 

  604. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    605. 

  605. 			Name:               utilpointer.To("testyname"),
    606. 

  606. 			ID:                 utilpointer.To(secretUUID),
    607. 

  607. 			CredentialsContent: customCredentialsSecretCredentialsContentComplex,
    608. 

  608. 		}
    609. 

  609. 		smtc.name = "good case: custom_credentials type with property and path, returns specific value"
    610. 

  610. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    611. 

  611. 		smtc.apiOutput = secret
    612. 

  612. 		smtc.ref.Key = secretCustomCredentials
    613. 

  613. 		smtc.ref.Property = "keyC.keyC2"
    614. 

  614. 		smtc.expectedSecret = "valC2"
    615. 

  615. 	}
    616. 

  616. 

  617. 	// good case: custom_credentials type with property and dot, returns specific value
    618. 

  618. 	setSecretCustomCredentialsWithKeyDot := func(smtc *secretManagerTestCase) {
    619. 

  619. 		secret := &sm.CustomCredentialsSecret{
    620. 

  620. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    621. 

  621. 			Name:               utilpointer.To("testyname"),
    622. 

  622. 			ID:                 utilpointer.To(secretUUID),
    623. 

  623. 			CredentialsContent: customCredentialsSecretCredentialsContentComplex,
    624. 

  624. 		}
    625. 

  625. 		smtc.name = "good case: custom_credentials type with property and dot, returns specific value"
    626. 

  626. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    627. 

  627. 		smtc.apiOutput = secret
    628. 

  628. 		smtc.ref.Key = secretCustomCredentials
    629. 

  629. 		smtc.ref.Property = "special.log"
    630. 

  630. 		smtc.expectedSecret = "file-content"
    631. 

  631. 	}
    632. 

  632. 

  633. 	// good case: custom_credentials type without property, returns all
    634. 

  634. 	setSecretCustomCredentialsWithOutKey := func(smtc *secretManagerTestCase) {
    635. 

  635. 		secret := &sm.CustomCredentialsSecret{
    636. 

  636. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    637. 

  637. 			Name:               utilpointer.To("testyname"),
    638. 

  638. 			ID:                 utilpointer.To(secretUUID),
    639. 

  639. 			CredentialsContent: customCredentialsSecretCredentialsContentComplex,
    640. 

  640. 		}
    641. 

  641. 		smtc.name = "good case: custom_credentials type without property, returns all"
    642. 

  642. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    643. 

  643. 		smtc.apiOutput = secret
    644. 

  644. 		smtc.ref.Key = secretCustomCredentials
    645. 

  645. 		smtc.expectedSecret = customCredentialsSecretComplex
    646. 

  646. 	}
    647. 

  647. 

  648. 	successCases := []*secretManagerTestCase{
    649. 

  649. 		makeValidSecretManagerTestCaseCustom(setSecretString),
    650. 

  650. 		makeValidSecretManagerTestCaseCustom(setCustomKey),
    651. 

  651. 		makeValidSecretManagerTestCaseCustom(badArbitSecret),
    652. 

  652. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    653. 

  653. 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
    654. 

  654. 		makeValidSecretManagerTestCaseCustom(badSecretUserPass),
    655. 

  655. 		makeValidSecretManagerTestCaseCustom(setSecretUserPassByID),
    656. 

  656. 		makeValidSecretManagerTestCaseCustom(setSecretIamByID),
    657. 

  657. 		makeValidSecretManagerTestCaseCustom(setSecretCert),
    658. 

  658. 		makeValidSecretManagerTestCaseCustom(setSecretKV),
    659. 

  659. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKey),
    660. 

  660. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKeyPath),
    661. 

  661. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKeyDot),
    662. 

  662. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithOutKey),
    663. 

  663. 		makeValidSecretManagerTestCaseCustom(badSecretKV),
    664. 

  664. 		makeValidSecretManagerTestCaseCustom(badSecretCert),
    665. 

  665. 		makeValidSecretManagerTestCaseCustom(importedCertNoPvtKey),
    666. 

  666. 		makeValidSecretManagerTestCaseCustom(setSecretPublicCert),
    667. 

  667. 		makeValidSecretManagerTestCaseCustom(badSecretPublicCert),
    668. 

  668. 		makeValidSecretManagerTestCaseCustom(setSecretPrivateCert),
    669. 

  669. 		makeValidSecretManagerTestCaseCustom(badSecretPrivateCert),
    670. 

  670. 		makeValidSecretManagerTestCaseCustom(setSecretIamByNameNew),
    671. 

  671. 		makeValidSecretManagerTestCaseCustom(setSecretSrvCredByID),
    672. 

  672. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentials),
    673. 

  673. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentialsWithKey),
    674. 

  674. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentialsWithKeyPath),
    675. 

  675. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentialsWithKeyDot),
    676. 

  676. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentialsWithOutKey),
    677. 

  677. 		makeValidSecretManagerTestCaseCustom(badSecretCustomCredentials),
    678. 

  678. 	}
    679. 

  679. 

  680. 	sm := providerIBM{}
    681. 

  681. 	for _, v := range successCases {
    682. 

  682. 		t.Run(v.name, func(t *testing.T) {
    683. 

  683. 			sm.IBMClient = v.mockClient
    684. 

  684. 			out, err := sm.GetSecret(context.Background(), *v.ref)
    685. 

  685. 			if !ErrorContains(err, v.expectError) {
    686. 

  686. 				t.Errorf("unexpected error:\n%s, expected:\n'%s'", err.Error(), v.expectError)
    687. 

  687. 			}
    688. 

  688. 			if string(out) != v.expectedSecret {
    689. 

  689. 				t.Errorf("unexpected secret: expected:\n%s\ngot:\n%s", v.expectedSecret, string(out))
    690. 

  690. 			}
    691. 

  691. 		})
    692. 

  692. 	}
    693. 

  693. }
    694. 

  694. 

  695. func TestGetSecretMap(t *testing.T) {
    696. 

  696. 	secretUsername := "user1"
    697. 

  697. 	secretPassword := "P@ssw0rd"
    698. 

  698. 	secretAPIKey := "01234567890"
    699. 

  699. 	nilValue := "<nil>"
    700. 

  700. 	secretCertificate := "certificate_value"
    701. 

  701. 	secretPrivateKey := "private_key_value"
    702. 

  702. 	secretIntermediate := "intermediate_value"
    703. 

  703. 	timeValue := "0001-01-01T00:00:00.000Z"
    704. 

  704. 

  705. 	secretComplex := map[string]any{
    706. 

  706. 		"key1": "val1",
    707. 

  707. 		"key2": "val2",
    708. 

  708. 		"keyC": map[string]any{
    709. 

  709. 			"keyC1": map[string]string{
    710. 

  710. 				"keyA": "valA",
    711. 

  711. 				"keyB": "valB",
    712. 

  712. 			},
    713. 

  713. 		},
    714. 

  714. 	}
    715. 

  715. 

  716. 	dummySrvCreds := &sm.ServiceCredentialsSecretCredentials{
    717. 

  717. 		Apikey: &secretAPIKey,
    718. 

  718. 	}
    719. 

  719. 

  720. 	// good case: arbitrary
    721. 

  721. 	setArbitrary := func(smtc *secretManagerTestCase) {
    722. 

  722. 		payload := `{"foo":"bar"}`
    723. 

  723. 		secret := &sm.ArbitrarySecret{
    724. 

  724. 			Name:       utilpointer.To("testyname"),
    725. 

  725. 			ID:         utilpointer.To(secretUUID),
    726. 

  726. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    727. 

  727. 			Payload:    &payload,
    728. 

  728. 		}
    729. 

  729. 		smtc.name = "good case: arbitrary"
    730. 

  730. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    731. 

  731. 		smtc.apiOutput = secret
    732. 

  732. 		smtc.ref.Key = secretUUID
    733. 

  733. 		smtc.expectedData["arbitrary"] = []byte(payload)
    734. 

  734. 	}
    735. 

  735. 

  736. 	// good case: username_password
    737. 

  737. 	setSecretUserPass := func(smtc *secretManagerTestCase) {
    738. 

  738. 		secret := &sm.UsernamePasswordSecret{
    739. 

  739. 			Name:       utilpointer.To("testyname"),
    740. 

  740. 			ID:         utilpointer.To(secretUUID),
    741. 

  741. 			SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    742. 

  742. 			Username:   &secretUsername,
    743. 

  743. 			Password:   &secretPassword,
    744. 

  744. 		}
    745. 

  745. 		smtc.name = "good case: username_password"
    746. 

  746. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    747. 

  747. 		smtc.apiOutput = secret
    748. 

  748. 		smtc.ref.Key = "username_password/" + secretUUID
    749. 

  749. 		smtc.expectedData["username"] = []byte(secretUsername)
    750. 

  750. 		smtc.expectedData["password"] = []byte(secretPassword)
    751. 

  751. 	}
    752. 

  752. 

  753. 	// good case: iam_credentials
    754. 

  754. 	setSecretIam := func(smtc *secretManagerTestCase) {
    755. 

  755. 		secret := &sm.IAMCredentialsSecret{
    756. 

  756. 			Name:       utilpointer.To("testyname"),
    757. 

  757. 			ID:         utilpointer.To(secretUUID),
    758. 

  758. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    759. 

  759. 			ApiKey:     utilpointer.To(secretAPIKey),
    760. 

  760. 		}
    761. 

  761. 		smtc.name = "good case: iam_credentials"
    762. 

  762. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    763. 

  763. 		smtc.apiOutput = secret
    764. 

  764. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    765. 

  765. 		smtc.expectedData["apikey"] = []byte(secretAPIKey)
    766. 

  766. 	}
    767. 

  767. 

  768. 	// good case: iam_credentials by name using new mechanism
    769. 

  769. 	setSecretIamByName := func(smtc *secretManagerTestCase) {
    770. 

  770. 		secret := &sm.IAMCredentialsSecret{
    771. 

  771. 			Name:       utilpointer.To("testyname"),
    772. 

  772. 			ID:         utilpointer.To(secretUUID),
    773. 

  773. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    774. 

  774. 			ApiKey:     utilpointer.To(secretAPIKey),
    775. 

  775. 		}
    776. 

  776. 		smtc.name = "good case: iam_credentials by name using new mechanism"
    777. 

  777. 		smtc.getByNameInput.Name = utilpointer.To("testyname")
    778. 

  778. 		smtc.getByNameInput.SecretGroupName = utilpointer.To("groupName")
    779. 

  779. 		smtc.getByNameInput.SecretType = utilpointer.To(sm.Secret_SecretType_IamCredentials)
    780. 

  780. 

  781. 		smtc.getByNameOutput = secret
    782. 

  782. 		smtc.apiOutput = secret
    783. 

  783. 		smtc.ref.Key = "groupName/" + iamCredentialsSecret + "testyname"
    784. 

  784. 		smtc.expectedData["apikey"] = []byte(secretAPIKey)
    785. 

  785. 	}
    786. 

  786. 

  787. 	// bad case: iam_credentials of a destroyed secret
    788. 

  788. 	badSecretIam := func(smtc *secretManagerTestCase) {
    789. 

  789. 		secret := &sm.IAMCredentialsSecret{
    790. 

  790. 			Name:       utilpointer.To("testyname"),
    791. 

  791. 			ID:         utilpointer.To(secretUUID),
    792. 

  792. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    793. 

  793. 		}
    794. 

  794. 		smtc.name = "bad case: iam_credentials of a destroyed secret"
    795. 

  795. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    796. 

  796. 		smtc.apiOutput = secret
    797. 

  797. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    798. 

  798. 		smtc.expectError = "key api_key does not exist in secret " + secretUUID
    799. 

  799. 	}
    800. 

  800. 

  801. 	funcCertTest := func(secret sm.SecretIntf, name, certType string) func(*secretManagerTestCase) {
    802. 

  802. 		return func(smtc *secretManagerTestCase) {
    803. 

  803. 			smtc.name = name
    804. 

  804. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    805. 

  805. 			smtc.apiOutput = secret
    806. 

  806. 			smtc.ref.Key = certType + "/" + secretUUID
    807. 

  807. 			smtc.expectedData["certificate"] = []byte(secretCertificate)
    808. 

  808. 			smtc.expectedData["private_key"] = []byte(secretPrivateKey)
    809. 

  809. 			smtc.expectedData["intermediate"] = []byte(secretIntermediate)
    810. 

  810. 		}
    811. 

  811. 	}
    812. 

  812. 

  813. 	// good case: service_credentials
    814. 

  814. 	setSecretSrvCreds := func(smtc *secretManagerTestCase) {
    815. 

  815. 		secret := &sm.ServiceCredentialsSecret{
    816. 

  816. 			Name:        utilpointer.To("testyname"),
    817. 

  817. 			ID:          utilpointer.To(secretUUID),
    818. 

  818. 			SecretType:  utilpointer.To(sm.Secret_SecretType_IamCredentials),
    819. 

  819. 			Credentials: dummySrvCreds,
    820. 

  820. 		}
    821. 

  821. 		smtc.name = "good case: service_credentials"
    822. 

  822. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    823. 

  823. 		smtc.apiOutput = secret
    824. 

  824. 		smtc.ref.Key = "service_credentials/" + secretUUID
    825. 

  825. 		smtc.expectedData["credentials"] = []byte(fmt.Sprintf("%+v", map[string]string{"apikey": secretAPIKey}))
    826. 

  826. 	}
    827. 

  827. 

  828. 	// good case: imported_cert
    829. 

  829. 	importedCert := &sm.ImportedCertificate{
    830. 

  830. 		SecretType:   utilpointer.To(sm.Secret_SecretType_ImportedCert),
    831. 

  831. 		Name:         utilpointer.To("testyname"),
    832. 

  832. 		ID:           utilpointer.To(secretUUID),
    833. 

  833. 		Certificate:  utilpointer.To(secretCertificate),
    834. 

  834. 		Intermediate: utilpointer.To(secretIntermediate),
    835. 

  835. 		PrivateKey:   utilpointer.To(secretPrivateKey),
    836. 

  836. 	}
    837. 

  837. 	setSecretCert := funcCertTest(importedCert, "good case: imported_cert", sm.Secret_SecretType_ImportedCert)
    838. 

  838. 

  839. 	// good case: public_cert
    840. 

  840. 	publicCert := &sm.PublicCertificate{
    841. 

  841. 		SecretType:   utilpointer.To(sm.Secret_SecretType_PublicCert),
    842. 

  842. 		Name:         utilpointer.To("testyname"),
    843. 

  843. 		ID:           utilpointer.To(secretUUID),
    844. 

  844. 		Certificate:  utilpointer.To(secretCertificate),
    845. 

  845. 		Intermediate: utilpointer.To(secretIntermediate),
    846. 

  846. 		PrivateKey:   utilpointer.To(secretPrivateKey),
    847. 

  847. 	}
    848. 

  848. 	setSecretPublicCert := funcCertTest(publicCert, "good case: public_cert", sm.Secret_SecretType_PublicCert)
    849. 

  849. 

  850. 	// good case: private_cert
    851. 

  851. 	setSecretPrivateCert := func(smtc *secretManagerTestCase) {
    852. 

  852. 		secret := &sm.PrivateCertificate{
    853. 

  853. 			Name:        utilpointer.To("testyname"),
    854. 

  854. 			ID:          utilpointer.To(secretUUID),
    855. 

  855. 			SecretType:  utilpointer.To(sm.Secret_SecretType_PrivateCert),
    856. 

  856. 			Certificate: &secretCertificate,
    857. 

  857. 			PrivateKey:  &secretPrivateKey,
    858. 

  858. 		}
    859. 

  859. 		smtc.name = "good case: private_cert"
    860. 

  860. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    861. 

  861. 		smtc.apiOutput = secret
    862. 

  862. 		smtc.ref.Key = "private_cert/" + secretUUID
    863. 

  863. 		smtc.expectedData["certificate"] = []byte(secretCertificate)
    864. 

  864. 		smtc.expectedData["private_key"] = []byte(secretPrivateKey)
    865. 

  865. 	}
    866. 

  866. 

  867. 	// good case: arbitrary with metadata
    868. 

  868. 	setArbitraryWithMetadata := func(smtc *secretManagerTestCase) {
    869. 

  869. 		payload := `{"foo":"bar"}`
    870. 

  870. 		secret := &sm.ArbitrarySecret{
    871. 

  871. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    872. 

  872. 			CreatedAt:  &strfmt.DateTime{},
    873. 

  873. 			Downloaded: utilpointer.To(false),
    874. 

  874. 			Labels:     []string{"abc", "def", "xyz"},
    875. 

  875. 			LocksTotal: utilpointer.To(int64(20)),
    876. 

  876. 			Payload:    &payload,
    877. 

  877. 		}
    878. 

  878. 		smtc.name = "good case: arbitrary with metadata"
    879. 

  879. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    880. 

  880. 		smtc.apiOutput = secret
    881. 

  881. 		smtc.ref.Key = secretUUID
    882. 

  882. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyFetch
    883. 

  883. 		smtc.expectedData = map[string][]byte{
    884. 

  884. 			"arbitrary":       []byte(payload),
    885. 

  885. 			"created_at":      []byte(timeValue),
    886. 

  886. 			"created_by":      []byte(*secret.CreatedBy),
    887. 

  887. 			"crn":             []byte(nilValue),
    888. 

  888. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    889. 

  889. 			"id":              []byte(nilValue),
    890. 

  890. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    891. 

  891. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    892. 

  892. 			"payload":         []byte(payload),
    893. 

  893. 			"secret_group_id": []byte(nilValue),
    894. 

  894. 			"secret_type":     []byte(nilValue),
    895. 

  895. 			"updated_at":      []byte(nilValue),
    896. 

  896. 			"versions_total":  []byte(nilValue),
    897. 

  897. 		}
    898. 

  898. 	}
    899. 

  899. 

  900. 	// good case: iam_credentials with metadata
    901. 

  901. 	setSecretIamWithMetadata := func(smtc *secretManagerTestCase) {
    902. 

  902. 		secret := &sm.IAMCredentialsSecret{
    903. 

  903. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    904. 

  904. 			CreatedAt:  &strfmt.DateTime{},
    905. 

  905. 			Downloaded: utilpointer.To(false),
    906. 

  906. 			Labels:     []string{"abc", "def", "xyz"},
    907. 

  907. 			LocksTotal: utilpointer.To(int64(20)),
    908. 

  908. 			ApiKey:     utilpointer.To(secretAPIKey),
    909. 

  909. 		}
    910. 

  910. 		smtc.name = "good case: iam_credentials with metadata"
    911. 

  911. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    912. 

  912. 		smtc.apiOutput = secret
    913. 

  913. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    914. 

  914. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyFetch
    915. 

  915. 		smtc.expectedData = map[string][]byte{
    916. 

  916. 			"api_key":         []byte(secretAPIKey),
    917. 

  917. 			"apikey":          []byte(secretAPIKey),
    918. 

  918. 			"created_at":      []byte(timeValue),
    919. 

  919. 			"created_by":      []byte(*secret.CreatedBy),
    920. 

  920. 			"crn":             []byte(nilValue),
    921. 

  921. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    922. 

  922. 			"id":              []byte(nilValue),
    923. 

  923. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    924. 

  924. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    925. 

  925. 			"reuse_api_key":   []byte(nilValue),
    926. 

  926. 			"secret_group_id": []byte(nilValue),
    927. 

  927. 			"secret_type":     []byte(nilValue),
    928. 

  928. 			"ttl":             []byte(nilValue),
    929. 

  929. 			"updated_at":      []byte(nilValue),
    930. 

  930. 			"versions_total":  []byte(nilValue),
    931. 

  931. 		}
    932. 

  932. 	}
    933. 

  933. 

  934. 	// "good case: username_password with metadata
    935. 

  935. 	setSecretUserPassWithMetadata := func(smtc *secretManagerTestCase) {
    936. 

  936. 		secret := &sm.UsernamePasswordSecret{
    937. 

  937. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    938. 

  938. 			CreatedAt:  &strfmt.DateTime{},
    939. 

  939. 			Downloaded: utilpointer.To(false),
    940. 

  940. 			Labels:     []string{"abc", "def", "xyz"},
    941. 

  941. 			LocksTotal: utilpointer.To(int64(20)),
    942. 

  942. 			Username:   &secretUsername,
    943. 

  943. 			Password:   &secretPassword,
    944. 

  944. 		}
    945. 

  945. 		smtc.name = "good case: username_password with metadata"
    946. 

  946. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    947. 

  947. 		smtc.apiOutput = secret
    948. 

  948. 		smtc.ref.Key = "username_password/" + secretUUID
    949. 

  949. 		smtc.expectedData["username"] = []byte(secretUsername)
    950. 

  950. 		smtc.expectedData["password"] = []byte(secretPassword)
    951. 

  951. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyFetch
    952. 

  952. 		smtc.expectedData = map[string][]byte{
    953. 

  953. 			"created_at":      []byte(timeValue),
    954. 

  954. 			"created_by":      []byte(*secret.CreatedBy),
    955. 

  955. 			"crn":             []byte(nilValue),
    956. 

  956. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    957. 

  957. 			"id":              []byte(nilValue),
    958. 

  958. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    959. 

  959. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    960. 

  960. 			"password":        []byte(secretPassword),
    961. 

  961. 			"rotation":        []byte(nilValue),
    962. 

  962. 			"secret_group_id": []byte(nilValue),
    963. 

  963. 			"secret_type":     []byte(nilValue),
    964. 

  964. 			"updated_at":      []byte(nilValue),
    965. 

  965. 			"username":        []byte(secretUsername),
    966. 

  966. 			"versions_total":  []byte(nilValue),
    967. 

  967. 		}
    968. 

  968. 	}
    969. 

  969. 

  970. 	// good case: imported_cert with metadata
    971. 

  971. 	setimportedCertWithMetadata := func(smtc *secretManagerTestCase) {
    972. 

  972. 		secret := &sm.ImportedCertificate{
    973. 

  973. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    974. 

  974. 			CreatedAt:    &strfmt.DateTime{},
    975. 

  975. 			Downloaded:   utilpointer.To(false),
    976. 

  976. 			Labels:       []string{"abc", "def", "xyz"},
    977. 

  977. 			LocksTotal:   utilpointer.To(int64(20)),
    978. 

  978. 			Certificate:  utilpointer.To(secretCertificate),
    979. 

  979. 			Intermediate: utilpointer.To(secretIntermediate),
    980. 

  980. 			PrivateKey:   utilpointer.To(secretPrivateKey),
    981. 

  981. 		}
    982. 

  982. 		smtc.name = "good case: imported_cert with metadata"
    983. 

  983. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    984. 

  984. 		smtc.apiOutput = secret
    985. 

  985. 		smtc.ref.Key = "imported_cert" + "/" + secretUUID
    986. 

  986. 

  987. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyFetch
    988. 

  988. 		smtc.expectedData = map[string][]byte{
    989. 

  989. 			"certificate":     []byte(secretCertificate),
    990. 

  990. 			"created_at":      []byte(timeValue),
    991. 

  991. 			"created_by":      []byte(*secret.CreatedBy),
    992. 

  992. 			"crn":             []byte(nilValue),
    993. 

  993. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    994. 

  994. 			"id":              []byte(nilValue),
    995. 

  995. 			"intermediate":    []byte(secretIntermediate),
    996. 

  996. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    997. 

  997. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    998. 

  998. 			"private_key":     []byte(secretPrivateKey),
    999. 

  999. 			"secret_group_id": []byte(nilValue),
    1000. 

  1000. 			"secret_type":     []byte(nilValue),
    1001. 

  1001. 			"updated_at":      []byte(nilValue),
    1002. 

  1002. 			"versions_total":  []byte(nilValue),
    1003. 

  1003. 		}
    1004. 

  1004. 	}
    1005. 

  1005. 

  1006. 	// good case: imported_cert without a private_key
    1007. 

  1007. 	setimportedCertWithNoPvtKey := func(smtc *secretManagerTestCase) {
    1008. 

  1008. 		secret := &sm.ImportedCertificate{
    1009. 

  1009. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    1010. 

  1010. 			CreatedAt:    &strfmt.DateTime{},
    1011. 

  1011. 			Downloaded:   utilpointer.To(false),
    1012. 

  1012. 			Labels:       []string{"abc", "def", "xyz"},
    1013. 

  1013. 			LocksTotal:   utilpointer.To(int64(20)),
    1014. 

  1014. 			Certificate:  utilpointer.To(secretCertificate),
    1015. 

  1015. 			Intermediate: utilpointer.To(secretIntermediate),
    1016. 

  1016. 		}
    1017. 

  1017. 		smtc.name = "good case: imported_cert without private key"
    1018. 

  1018. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    1019. 

  1019. 		smtc.apiOutput = secret
    1020. 

  1020. 		smtc.ref.Key = "imported_cert/" + secretUUID
    1021. 

  1021. 

  1022. 		smtc.expectedData = map[string][]byte{
    1023. 

  1023. 			"certificate":  []byte(secretCertificate),
    1024. 

  1024. 			"intermediate": []byte(secretIntermediate),
    1025. 

  1025. 			"private_key":  []byte(""),
    1026. 

  1026. 		}
    1027. 

  1027. 	}
    1028. 

  1028. 

  1029. 	// good case: public_cert with metadata
    1030. 

  1030. 	setPublicCertWithMetadata := func(smtc *secretManagerTestCase) {
    1031. 

  1031. 		secret := &sm.PublicCertificate{
    1032. 

  1032. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    1033. 

  1033. 			CreatedAt:    &strfmt.DateTime{},
    1034. 

  1034. 			Downloaded:   utilpointer.To(false),
    1035. 

  1035. 			Labels:       []string{"abc", "def", "xyz"},
    1036. 

  1036. 			LocksTotal:   utilpointer.To(int64(20)),
    1037. 

  1037. 			Certificate:  utilpointer.To(secretCertificate),
    1038. 

  1038. 			Intermediate: utilpointer.To(secretIntermediate),
    1039. 

  1039. 			PrivateKey:   utilpointer.To(secretPrivateKey),
    1040. 

  1040. 		}
    1041. 

  1041. 		smtc.name = "good case: public_cert with metadata"
    1042. 

  1042. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    1043. 

  1043. 		smtc.apiOutput = secret
    1044. 

  1044. 		smtc.ref.Key = "public_cert" + "/" + secretUUID
    1045. 

  1045. 

  1046. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyFetch
    1047. 

  1047. 		smtc.expectedData = map[string][]byte{
    1048. 

  1048. 			"certificate":     []byte(secretCertificate),
    1049. 

  1049. 			"created_at":      []byte(timeValue),
    1050. 

  1050. 			"created_by":      []byte(*secret.CreatedBy),
    1051. 

  1051. 			"crn":             []byte(nilValue),
    1052. 

  1052. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    1053. 

  1053. 			"id":              []byte(nilValue),
    1054. 

  1054. 			"intermediate":    []byte(secretIntermediate),
    1055. 

  1055. 			"key_algorithm":   []byte(nilValue),
    1056. 

  1056. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    1057. 

  1057. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    1058. 

  1058. 			"private_key":     []byte(secretPrivateKey),
    1059. 

  1059. 			"rotation":        []byte(nilValue),
    1060. 

  1060. 			"secret_group_id": []byte(nilValue),
    1061. 

  1061. 			"secret_type":     []byte(nilValue),
    1062. 

  1062. 			"updated_at":      []byte(nilValue),
    1063. 

  1063. 			"versions_total":  []byte(nilValue),
    1064. 

  1064. 		}
    1065. 

  1065. 	}
    1066. 

  1066. 

  1067. 	// good case: private_cert with metadata
    1068. 

  1068. 	setPrivateCertWithMetadata := func(smtc *secretManagerTestCase) {
    1069. 

  1069. 		expirationDate := &strfmt.DateTime{}
    1070. 

  1070. 		secret := &sm.PrivateCertificate{
    1071. 

  1071. 			CreatedBy:      utilpointer.To("testCreatedBy"),
    1072. 

  1072. 			CreatedAt:      &strfmt.DateTime{},
    1073. 

  1073. 			Downloaded:     utilpointer.To(false),
    1074. 

  1074. 			Labels:         []string{"abc", "def", "xyz"},
    1075. 

  1075. 			LocksTotal:     utilpointer.To(int64(20)),
    1076. 

  1076. 			Certificate:    utilpointer.To(secretCertificate),
    1077. 

  1077. 			PrivateKey:     utilpointer.To(secretPrivateKey),
    1078. 

  1078. 			ExpirationDate: expirationDate,
    1079. 

  1079. 		}
    1080. 

  1080. 		smtc.name = "good case: private_cert with metadata"
    1081. 

  1081. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    1082. 

  1082. 		smtc.apiOutput = secret
    1083. 

  1083. 		smtc.ref.Key = "private_cert" + "/" + secretUUID
    1084. 

  1084. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyFetch
    1085. 

  1085. 		smtc.expectedData = map[string][]byte{
    1086. 

  1086. 			"certificate":          []byte(secretCertificate),
    1087. 

  1087. 			"certificate_template": []byte(nilValue),
    1088. 

  1088. 			"common_name":          []byte(nilValue),
    1089. 

  1089. 			"created_at":           []byte(timeValue),
    1090. 

  1090. 			"created_by":           []byte(*secret.CreatedBy),
    1091. 

  1091. 			"crn":                  []byte(nilValue),
    1092. 

  1092. 			"downloaded":           []byte(strconv.FormatBool(*secret.Downloaded)),
    1093. 

  1093. 			"expiration_date":      []byte(expirationDate.String()),
    1094. 

  1094. 			"id":                   []byte(nilValue),
    1095. 

  1095. 			"issuer":               []byte(nilValue),
    1096. 

  1096. 			"labels":               []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    1097. 

  1097. 			"locks_total":          []byte(strconv.Itoa(int(*secret.LocksTotal))),
    1098. 

  1098. 			"private_key":          []byte(secretPrivateKey),
    1099. 

  1099. 			"secret_group_id":      []byte(nilValue),
    1100. 

  1100. 			"secret_type":          []byte(nilValue),
    1101. 

  1101. 			"serial_number":        []byte(nilValue),
    1102. 

  1102. 			"signing_algorithm":    []byte(nilValue),
    1103. 

  1103. 			"updated_at":           []byte(nilValue),
    1104. 

  1104. 			"validity":             []byte(nilValue),
    1105. 

  1105. 			"versions_total":       []byte(nilValue),
    1106. 

  1106. 		}
    1107. 

  1107. 	}
    1108. 

  1108. 

  1109. 	// good case: kv with property and metadata
    1110. 

  1110. 	setSecretKVWithMetadata := func(smtc *secretManagerTestCase) {
    1111. 

  1111. 		secret := &sm.KVSecret{
    1112. 

  1112. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    1113. 

  1113. 			CreatedAt:  &strfmt.DateTime{},
    1114. 

  1114. 			Downloaded: utilpointer.To(false),
    1115. 

  1115. 			Labels:     []string{"abc", "def", "xyz"},
    1116. 

  1116. 			LocksTotal: utilpointer.To(int64(20)),
    1117. 

  1117. 			Data:       secretComplex,
    1118. 

  1118. 		}
    1119. 

  1119. 		smtc.name = "good case: kv, with property and with metadata"
    1120. 

  1120. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1121. 

  1121. 		smtc.apiOutput = secret
    1122. 

  1122. 		smtc.ref.Key = "kv/" + secretUUID
    1123. 

  1123. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyFetch
    1124. 

  1124. 		smtc.expectedData = map[string][]byte{
    1125. 

  1125. 			"created_at":      []byte(timeValue),
    1126. 

  1126. 			"created_by":      []byte(*secret.CreatedBy),
    1127. 

  1127. 			"crn":             []byte(nilValue),
    1128. 

  1128. 			"data":            []byte("map[key1:val1 key2:val2 keyC:map[keyC1:map[keyA:valA keyB:valB]]]"),
    1129. 

  1129. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    1130. 

  1130. 			"id":              []byte(nilValue),
    1131. 

  1131. 			"key1":            []byte("val1"),
    1132. 

  1132. 			"key2":            []byte("val2"),
    1133. 

  1133. 			"keyC":            []byte(`{"keyC1":{"keyA":"valA","keyB":"valB"}}`),
    1134. 

  1134. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    1135. 

  1135. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    1136. 

  1136. 			"secret_group_id": []byte(nilValue),
    1137. 

  1137. 			"secret_type":     []byte(nilValue),
    1138. 

  1138. 			"updated_at":      []byte(nilValue),
    1139. 

  1139. 			"versions_total":  []byte(nilValue),
    1140. 

  1140. 		}
    1141. 

  1141. 	}
    1142. 

  1142. 

  1143. 	// good case: custom_credentials with property and metadata
    1144. 

  1144. 	setSecretCustomCredentialsWithMetadata := func(smtc *secretManagerTestCase) {
    1145. 

  1145. 		secret := &sm.CustomCredentialsSecret{
    1146. 

  1146. 			CreatedBy:          utilpointer.To("testCreatedBy"),
    1147. 

  1147. 			CreatedAt:          &strfmt.DateTime{},
    1148. 

  1148. 			Downloaded:         utilpointer.To(false),
    1149. 

  1149. 			Labels:             []string{"abc", "def", "xyz"},
    1150. 

  1150. 			LocksTotal:         utilpointer.To(int64(20)),
    1151. 

  1151. 			CredentialsContent: secretComplex,
    1152. 

  1152. 		}
    1153. 

  1153. 		smtc.name = "good case: custom_credentials, with property and with metadata"
    1154. 

  1154. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1155. 

  1155. 		smtc.apiOutput = secret
    1156. 

  1156. 		smtc.ref.Key = "custom_credentials/" + secretUUID
    1157. 

  1157. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyFetch
    1158. 

  1158. 		smtc.expectedData = map[string][]byte{
    1159. 

  1159. 			"created_at":          []byte(timeValue),
    1160. 

  1160. 			"created_by":          []byte(*secret.CreatedBy),
    1161. 

  1161. 			"crn":                 []byte(nilValue),
    1162. 

  1162. 			"credentials_content": []byte("map[key1:val1 key2:val2 keyC:map[keyC1:map[keyA:valA keyB:valB]]]"),
    1163. 

  1163. 			"downloaded":          []byte(strconv.FormatBool(*secret.Downloaded)),
    1164. 

  1164. 			"id":                  []byte(nilValue),
    1165. 

  1165. 			"key1":                []byte("val1"),
    1166. 

  1166. 			"key2":                []byte("val2"),
    1167. 

  1167. 			"keyC":                []byte(`{"keyC1":{"keyA":"valA","keyB":"valB"}}`),
    1168. 

  1168. 			"labels":              []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    1169. 

  1169. 			"locks_total":         []byte(strconv.Itoa(int(*secret.LocksTotal))),
    1170. 

  1170. 			"secret_group_id":     []byte(nilValue),
    1171. 

  1171. 			"secret_type":         []byte(nilValue),
    1172. 

  1172. 			"updated_at":          []byte(nilValue),
    1173. 

  1173. 			"versions_total":      []byte(nilValue),
    1174. 

  1174. 			"configuration":       []byte(nilValue),
    1175. 

  1175. 		}
    1176. 

  1176. 	}
    1177. 

  1177. 

  1178. 	// good case: iam_credentials without metadata
    1179. 

  1179. 	setSecretIamWithoutMetadata := func(smtc *secretManagerTestCase) {
    1180. 

  1180. 		secret := &sm.IAMCredentialsSecret{
    1181. 

  1181. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    1182. 

  1182. 			CreatedAt:  &strfmt.DateTime{},
    1183. 

  1183. 			Downloaded: utilpointer.To(false),
    1184. 

  1184. 			Labels:     []string{"abc", "def", "xyz"},
    1185. 

  1185. 			LocksTotal: utilpointer.To(int64(20)),
    1186. 

  1186. 			ApiKey:     utilpointer.To(secretAPIKey),
    1187. 

  1187. 		}
    1188. 

  1188. 		smtc.name = "good case: iam_credentials without metadata"
    1189. 

  1189. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    1190. 

  1190. 		smtc.apiOutput = secret
    1191. 

  1191. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    1192. 

  1192. 		smtc.ref.MetadataPolicy = esv1.ExternalSecretMetadataPolicyNone
    1193. 

  1193. 		smtc.expectedData = map[string][]byte{
    1194. 

  1194. 			"apikey": []byte(secretAPIKey),
    1195. 

  1195. 		}
    1196. 

  1196. 	}
    1197. 

  1197. 

  1198. 	secretKeyKV := "kv/" + secretUUID
    1199. 

  1199. 	// good case: kv, no property, return entire payload as key:value pairs
    1200. 

  1200. 	setSecretKV := func(smtc *secretManagerTestCase) {
    1201. 

  1201. 		secret := &sm.KVSecret{
    1202. 

  1202. 			Name:       utilpointer.To("testyname"),
    1203. 

  1203. 			ID:         utilpointer.To(secretUUID),
    1204. 

  1204. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1205. 

  1205. 			Data:       secretComplex,
    1206. 

  1206. 		}
    1207. 

  1207. 		smtc.name = "good case: kv, no property, return entire payload as key:value pairs"
    1208. 

  1208. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1209. 

  1209. 		smtc.apiOutput = secret
    1210. 

  1210. 		smtc.ref.Key = secretKeyKV
    1211. 

  1211. 		smtc.expectedData["key1"] = []byte("val1")
    1212. 

  1212. 		smtc.expectedData["key2"] = []byte("val2")
    1213. 

  1213. 		smtc.expectedData["keyC"] = []byte(`{"keyC1":{"keyA":"valA","keyB":"valB"}}`)
    1214. 

  1214. 	}
    1215. 

  1215. 

  1216. 	// good case: kv, with property
    1217. 

  1217. 	setSecretKVWithProperty := func(smtc *secretManagerTestCase) {
    1218. 

  1218. 		secret := &sm.KVSecret{
    1219. 

  1219. 			Name:       utilpointer.To("d5deb37a-7883-4fe2-a5e7-3c15420adc76"),
    1220. 

  1220. 			ID:         utilpointer.To(secretUUID),
    1221. 

  1221. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1222. 

  1222. 			Data:       secretComplex,
    1223. 

  1223. 		}
    1224. 

  1224. 		smtc.name = "good case: kv, with property"
    1225. 

  1225. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1226. 

  1226. 		smtc.ref.Property = "keyC"
    1227. 

  1227. 		smtc.apiOutput = secret
    1228. 

  1228. 		smtc.ref.Key = secretKeyKV
    1229. 

  1229. 		smtc.expectedData["keyC1"] = []byte(`{"keyA":"valA","keyB":"valB"}`)
    1230. 

  1230. 	}
    1231. 

  1231. 

  1232. 	// good case: kv, with property and path
    1233. 

  1233. 	setSecretKVWithPathAndProperty := func(smtc *secretManagerTestCase) {
    1234. 

  1234. 		secret := &sm.KVSecret{
    1235. 

  1235. 			Name:       utilpointer.To(secretUUID),
    1236. 

  1236. 			ID:         utilpointer.To(secretUUID),
    1237. 

  1237. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1238. 

  1238. 			Data:       secretComplex,
    1239. 

  1239. 		}
    1240. 

  1240. 		smtc.name = "good case: kv, with property and path"
    1241. 

  1241. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1242. 

  1242. 		smtc.ref.Property = "keyC.keyC1"
    1243. 

  1243. 		smtc.apiOutput = secret
    1244. 

  1244. 		smtc.ref.Key = secretKeyKV
    1245. 

  1245. 		smtc.expectedData["keyA"] = []byte("valA")
    1246. 

  1246. 		smtc.expectedData["keyB"] = []byte("valB")
    1247. 

  1247. 	}
    1248. 

  1248. 

  1249. 	// bad case: kv, with property and path
    1250. 

  1250. 	badSecretKVWithUnknownProperty := func(smtc *secretManagerTestCase) {
    1251. 

  1251. 		secret := &sm.KVSecret{
    1252. 

  1252. 			Name:       utilpointer.To("testyname"),
    1253. 

  1253. 			ID:         utilpointer.To(secretUUID),
    1254. 

  1254. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1255. 

  1255. 			Data:       secretComplex,
    1256. 

  1256. 		}
    1257. 

  1257. 		smtc.name = "bad case: kv, with property and path"
    1258. 

  1258. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1259. 

  1259. 		smtc.ref.Property = "unknown.property"
    1260. 

  1260. 		smtc.apiOutput = secret
    1261. 

  1261. 		smtc.ref.Key = secretKeyKV
    1262. 

  1262. 		smtc.expectError = "key unknown.property does not exist in secret " + secretKeyKV
    1263. 

  1263. 	}
    1264. 

  1264. 

  1265. 	secretKeyCustomCredentials := "custom_credentials/" + secretUUID
    1266. 

  1266. 	// good case: custom_credentials, no property, return entire payload as key:value pairs
    1267. 

  1267. 	setSecretCustomCredentials := func(smtc *secretManagerTestCase) {
    1268. 

  1268. 		secret := &sm.CustomCredentialsSecret{
    1269. 

  1269. 			Name:               utilpointer.To("testyname"),
    1270. 

  1270. 			ID:                 utilpointer.To(secretUUID),
    1271. 

  1271. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    1272. 

  1272. 			CredentialsContent: secretComplex,
    1273. 

  1273. 		}
    1274. 

  1274. 		smtc.name = "good case: custom_credentials, no property, return entire payload as key:value pairs"
    1275. 

  1275. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1276. 

  1276. 		smtc.apiOutput = secret
    1277. 

  1277. 		smtc.ref.Key = secretKeyCustomCredentials
    1278. 

  1278. 		smtc.expectedData["key1"] = []byte("val1")
    1279. 

  1279. 		smtc.expectedData["key2"] = []byte("val2")
    1280. 

  1280. 		smtc.expectedData["keyC"] = []byte(`{"keyC1":{"keyA":"valA","keyB":"valB"}}`)
    1281. 

  1281. 	}
    1282. 

  1282. 

  1283. 	// good case: custom_credentials, with property
    1284. 

  1284. 	setSecretCustomCredentialsWithProperty := func(smtc *secretManagerTestCase) {
    1285. 

  1285. 		secret := &sm.CustomCredentialsSecret{
    1286. 

  1286. 			Name:               utilpointer.To("d5deb37a-7883-4fe2-a5e7-3c15420adc76"),
    1287. 

  1287. 			ID:                 utilpointer.To(secretUUID),
    1288. 

  1288. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    1289. 

  1289. 			CredentialsContent: secretComplex,
    1290. 

  1290. 		}
    1291. 

  1291. 		smtc.name = "good case: custom_credentials, with property"
    1292. 

  1292. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1293. 

  1293. 		smtc.ref.Property = "keyC"
    1294. 

  1294. 		smtc.apiOutput = secret
    1295. 

  1295. 		smtc.ref.Key = secretKeyCustomCredentials
    1296. 

  1296. 		smtc.expectedData["keyC1"] = []byte(`{"keyA":"valA","keyB":"valB"}`)
    1297. 

  1297. 	}
    1298. 

  1298. 

  1299. 	// good case: custom_credentials, with property and path
    1300. 

  1300. 	setSecretCustomCredentialsWithPathAndProperty := func(smtc *secretManagerTestCase) {
    1301. 

  1301. 		secret := &sm.CustomCredentialsSecret{
    1302. 

  1302. 			Name:               utilpointer.To(secretUUID),
    1303. 

  1303. 			ID:                 utilpointer.To(secretUUID),
    1304. 

  1304. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    1305. 

  1305. 			CredentialsContent: secretComplex,
    1306. 

  1306. 		}
    1307. 

  1307. 		smtc.name = "good case: custom_credentials, with property and path"
    1308. 

  1308. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1309. 

  1309. 		smtc.ref.Property = "keyC.keyC1"
    1310. 

  1310. 		smtc.apiOutput = secret
    1311. 

  1311. 		smtc.ref.Key = secretKeyCustomCredentials
    1312. 

  1312. 		smtc.expectedData["keyA"] = []byte("valA")
    1313. 

  1313. 		smtc.expectedData["keyB"] = []byte("valB")
    1314. 

  1314. 	}
    1315. 

  1315. 

  1316. 	// bad case: custom_credentials, with property and path
    1317. 

  1317. 	badSecretCustomCredentialsWithUnknownProperty := func(smtc *secretManagerTestCase) {
    1318. 

  1318. 		secret := &sm.CustomCredentialsSecret{
    1319. 

  1319. 			Name:               utilpointer.To("testyname"),
    1320. 

  1320. 			ID:                 utilpointer.To(secretUUID),
    1321. 

  1321. 			SecretType:         utilpointer.To(sm.Secret_SecretType_CustomCredentials),
    1322. 

  1322. 			CredentialsContent: secretComplex,
    1323. 

  1323. 		}
    1324. 

  1324. 		smtc.name = "bad case: custom_credentials, with property and path"
    1325. 

  1325. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1326. 

  1326. 		smtc.ref.Property = "unknown.property"
    1327. 

  1327. 		smtc.apiOutput = secret
    1328. 

  1328. 		smtc.ref.Key = secretKeyCustomCredentials
    1329. 

  1329. 		smtc.expectError = "key unknown.property does not exist in secret " + secretKeyCustomCredentials
    1330. 

  1330. 	}
    1331. 

  1331. 

  1332. 	successCases := []*secretManagerTestCase{
    1333. 

  1333. 		makeValidSecretManagerTestCaseCustom(badSecretIam),
    1334. 

  1334. 		makeValidSecretManagerTestCaseCustom(setSecretSrvCreds),
    1335. 

  1335. 		makeValidSecretManagerTestCaseCustom(setArbitrary),
    1336. 

  1336. 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
    1337. 

  1337. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    1338. 

  1338. 		makeValidSecretManagerTestCaseCustom(setSecretUserPass),
    1339. 

  1339. 		makeValidSecretManagerTestCaseCustom(setSecretIam),
    1340. 

  1340. 		makeValidSecretManagerTestCaseCustom(setSecretCert),
    1341. 

  1341. 		makeValidSecretManagerTestCaseCustom(setSecretKV),
    1342. 

  1342. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithProperty),
    1343. 

  1343. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithPathAndProperty),
    1344. 

  1344. 		makeValidSecretManagerTestCaseCustom(badSecretKVWithUnknownProperty),
    1345. 

  1345. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentials),
    1346. 

  1346. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentialsWithProperty),
    1347. 

  1347. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentialsWithPathAndProperty),
    1348. 

  1348. 		makeValidSecretManagerTestCaseCustom(badSecretCustomCredentialsWithUnknownProperty),
    1349. 

  1349. 		makeValidSecretManagerTestCaseCustom(setSecretPublicCert),
    1350. 

  1350. 		makeValidSecretManagerTestCaseCustom(setSecretPrivateCert),
    1351. 

  1351. 		makeValidSecretManagerTestCaseCustom(setimportedCertWithNoPvtKey),
    1352. 

  1352. 		makeValidSecretManagerTestCaseCustom(setSecretIamWithMetadata),
    1353. 

  1353. 		makeValidSecretManagerTestCaseCustom(setArbitraryWithMetadata),
    1354. 

  1354. 		makeValidSecretManagerTestCaseCustom(setSecretUserPassWithMetadata),
    1355. 

  1355. 		makeValidSecretManagerTestCaseCustom(setimportedCertWithMetadata),
    1356. 

  1356. 		makeValidSecretManagerTestCaseCustom(setPublicCertWithMetadata),
    1357. 

  1357. 		makeValidSecretManagerTestCaseCustom(setPrivateCertWithMetadata),
    1358. 

  1358. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithMetadata),
    1359. 

  1359. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentialsWithMetadata),
    1360. 

  1360. 		makeValidSecretManagerTestCaseCustom(setSecretIamWithoutMetadata),
    1361. 

  1361. 		makeValidSecretManagerTestCaseCustom(setSecretIamByName),
    1362. 

  1362. 		makeValidSecretManagerTestCaseCustom(setSecretCustomCredentials),
    1363. 

  1363. 	}
    1364. 

  1364. 

  1365. 	sm := providerIBM{}
    1366. 

  1366. 	for _, v := range successCases {
    1367. 

  1367. 		t.Run(v.name, func(t *testing.T) {
    1368. 

  1368. 			sm.IBMClient = v.mockClient
    1369. 

  1369. 			out, err := sm.GetSecretMap(context.Background(), *v.ref)
    1370. 

  1370. 			if !ErrorContains(err, v.expectError) {
    1371. 

  1371. 				t.Errorf("unexpected error: %s, expected: '%s'", err.Error(), v.expectError)
    1372. 

  1372. 			}
    1373. 

  1373. 			if err == nil && !reflect.DeepEqual(out, v.expectedData) {
    1374. 

  1374. 				// Add some debug logs because t.Errorf is hard to debug at a glance.
    1375. 

  1375. 				for k, val := range out {
    1376. 

  1376. 					if val2, ok := v.expectedData[k]; !ok {
    1377. 

  1377. 						t.Logf("%s was not in expected data\n", k)
    1378. 

  1378. 					} else if !bytes.Equal(val2, val) {
    1379. 

  1379. 						fmt.Printf("%s did not equal expected value: %s\n", string(val), string(val2))
    1380. 

  1380. 					}
    1381. 

  1381. 				}
    1382. 

  1382. 

  1383. 				for k := range v.expectedData {
    1384. 

  1384. 					if _, ok := out[k]; !ok {
    1385. 

  1385. 						t.Logf("%s expected key was not in out\n", k)
    1386. 

  1386. 					}
    1387. 

  1387. 				}
    1388. 

  1388. 				t.Errorf("unexpected secret data: expected:\n%+v\ngot:\n%+v", v.expectedData, out)
    1389. 

  1389. 			}
    1390. 

  1390. 		})
    1391. 

  1391. 	}
    1392. 

  1392. }
    1393. 

  1393. 

  1394. func TestValidRetryInput(t *testing.T) {
    1395. 

  1395. 	sm := providerIBM{}
    1396. 

  1396. 

  1397. 	invalid := "Invalid"
    1398. 

  1398. 	serviceURL := "http://fake-service-url.cool"
    1399. 

  1399. 

  1400. 	spec := &esv1.SecretStore{
    1401. 

  1401. 		Spec: esv1.SecretStoreSpec{
    1402. 

  1402. 			Provider: &esv1.SecretStoreProvider{
    1403. 

  1403. 				IBM: &esv1.IBMProvider{
    1404. 

  1404. 					Auth: esv1.IBMAuth{
    1405. 

  1405. 						SecretRef: &esv1.IBMAuthSecretRef{
    1406. 

  1406. 							SecretAPIKey: v1.SecretKeySelector{
    1407. 

  1407. 								Name: "fake-secret",
    1408. 

  1408. 								Key:  "fake-key",
    1409. 

  1409. 							},
    1410. 

  1410. 						},
    1411. 

  1411. 					},
    1412. 

  1412. 					ServiceURL: &serviceURL,
    1413. 

  1413. 				},
    1414. 

  1414. 			},
    1415. 

  1415. 			RetrySettings: &esv1.SecretStoreRetrySettings{
    1416. 

  1416. 				RetryInterval: &invalid,
    1417. 

  1417. 			},
    1418. 

  1418. 		},
    1419. 

  1419. 	}
    1420. 

  1420. 

  1421. 	expected := fmt.Sprintf("cannot setup new ibm client: time: invalid duration %q", invalid)
    1422. 

  1422. 	ctx := context.TODO()
    1423. 

  1423. 	kube := clientfake.NewClientBuilder().WithObjects(&corev1.Secret{
    1424. 

  1424. 		ObjectMeta: metav1.ObjectMeta{
    1425. 

  1425. 			Name:      "fake-secret",
    1426. 

  1426. 			Namespace: "default",
    1427. 

  1427. 		},
    1428. 

  1428. 		Data: map[string][]byte{
    1429. 

  1429. 			"fake-key": []byte("ImAFakeApiKey"),
    1430. 

  1430. 		},
    1431. 

  1431. 	}).Build()
    1432. 

  1432. 

  1433. 	_, err := sm.NewClient(ctx, spec, kube, "default")
    1434. 

  1434. 

  1435. 	if !ErrorContains(err, expected) {
    1436. 

  1436. 		t.Errorf("CheckValidRetryInput unexpected error: %s, expected: '%s'", err.Error(), expected)
    1437. 

  1437. 	}
    1438. 

  1438. }
    1439. 

  1439. 

  1440. func ErrorContains(out error, want string) bool {
    1441. 

  1441. 	if out == nil {
    1442. 

  1442. 		return want == ""
    1443. 

  1443. 	}
    1444. 

  1444. 	if want == "" {
    1445. 

  1445. 		return false
    1446. 

  1446. 	}
    1447. 

  1447. 	return strings.Contains(out.Error(), want)
    1448. 

  1448. }
    1449.