Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 4820cc9165
Branches Tags
helm-externa...
/
pkg
/
provider
/
gitlab
/
gitlab_test.go

gitlab_test.go 7.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. package gitlab
    15. 

  15. 

  16. import (
    17. 

  17. 	"context"
    18. 

  18. 	"fmt"
    19. 

  19. 	"net/http"
    20. 

  20. 	"reflect"
    21. 

  21. 	"strings"
    22. 

  22. 	"testing"
    23. 

  23. 

  24. 	gitlab "github.com/xanzy/go-gitlab"
    25. 

  25. 

  26. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    27. 

  27. 	fakegitlab "github.com/external-secrets/external-secrets/pkg/provider/gitlab/fake"
    28. 

  28. )
    29. 

  29. 

  30. type secretManagerTestCase struct {
    31. 

  31. 	mockClient               *fakegitlab.GitlabMockClient
    32. 

  32. 	apiInputProjectID        string
    33. 

  33. 	apiInputKey              string
    34. 

  34. 	apiOutput                *gitlab.ProjectVariable
    35. 

  35. 	apiResponse              *gitlab.Response
    36. 

  36. 	ref                      *esv1beta1.ExternalSecretDataRemoteRef
    37. 

  37. 	projectID                *string
    38. 

  38. 	apiErr                   error
    39. 

  39. 	expectError              string
    40. 

  40. 	expectedSecret           string
    41. 

  41. 	expectedValidationResult esv1beta1.ValidationResult
    42. 

  42. 	// for testing secretmap
    43. 

  43. 	expectedData map[string][]byte
    44. 

  44. }
    45. 

  45. 

  46. func makeValidSecretManagerTestCase() *secretManagerTestCase {
    47. 

  47. 	smtc := secretManagerTestCase{
    48. 

  48. 		mockClient:               &fakegitlab.GitlabMockClient{},
    49. 

  49. 		apiInputProjectID:        makeValidAPIInputProjectID(),
    50. 

  50. 		apiInputKey:              makeValidAPIInputKey(),
    51. 

  51. 		ref:                      makeValidRef(),
    52. 

  52. 		projectID:                nil,
    53. 

  53. 		apiOutput:                makeValidAPIOutput(),
    54. 

  54. 		apiResponse:              makeValidAPIResponse(),
    55. 

  55. 		apiErr:                   nil,
    56. 

  56. 		expectError:              "",
    57. 

  57. 		expectedSecret:           "",
    58. 

  58. 		expectedValidationResult: esv1beta1.ValidationResultReady,
    59. 

  59. 		expectedData:             map[string][]byte{},
    60. 

  60. 	}
    61. 

  61. 	smtc.mockClient.WithValue(smtc.apiInputProjectID, smtc.apiInputKey, smtc.apiOutput, smtc.apiResponse, smtc.apiErr)
    62. 

  62. 	return &smtc
    63. 

  63. }
    64. 

  64. 

  65. func makeValidRef() *esv1beta1.ExternalSecretDataRemoteRef {
    66. 

  66. 	return &esv1beta1.ExternalSecretDataRemoteRef{
    67. 

  67. 		Key:     "test-secret",
    68. 

  68. 		Version: "default",
    69. 

  69. 	}
    70. 

  70. }
    71. 

  71. 

  72. func makeValidAPIInputProjectID() string {
    73. 

  73. 	return "testID"
    74. 

  74. }
    75. 

  75. 

  76. func makeValidAPIInputKey() string {
    77. 

  77. 	return "testKey"
    78. 

  78. }
    79. 

  79. 

  80. func makeValidAPIResponse() *gitlab.Response {
    81. 

  81. 	return &gitlab.Response{
    82. 

  82. 		Response: &http.Response{
    83. 

  83. 			StatusCode: http.StatusOK,
    84. 

  84. 		},
    85. 

  85. 	}
    86. 

  86. }
    87. 

  87. 

  88. func makeValidAPIOutput() *gitlab.ProjectVariable {
    89. 

  89. 	return &gitlab.ProjectVariable{
    90. 

  90. 		Key:   "testKey",
    91. 

  91. 		Value: "",
    92. 

  92. 	}
    93. 

  93. }
    94. 

  94. 

  95. func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTestCase)) *secretManagerTestCase {
    96. 

  96. 	smtc := makeValidSecretManagerTestCase()
    97. 

  97. 	for _, fn := range tweaks {
    98. 

  98. 		fn(smtc)
    99. 

  99. 	}
    100. 

  100. 	smtc.mockClient.WithValue(smtc.apiInputProjectID, smtc.apiInputKey, smtc.apiOutput, smtc.apiResponse, smtc.apiErr)
    101. 

  101. 	return smtc
    102. 

  102. }
    103. 

  103. 

  104. // This case can be shared by both GetSecret and GetSecretMap tests.
    105. 

  105. // bad case: set apiErr.
    106. 

  106. var setAPIErr = func(smtc *secretManagerTestCase) {
    107. 

  107. 	smtc.apiErr = fmt.Errorf("oh no")
    108. 

  108. 	smtc.expectError = "oh no"
    109. 

  109. 	smtc.expectedValidationResult = esv1beta1.ValidationResultError
    110. 

  110. }
    111. 

  111. 

  112. var setListAPIErr = func(smtc *secretManagerTestCase) {
    113. 

  113. 	err := fmt.Errorf("oh no")
    114. 

  114. 	smtc.apiErr = err
    115. 

  115. 	smtc.expectError = fmt.Errorf(errList, err).Error()
    116. 

  116. 	smtc.expectedValidationResult = esv1beta1.ValidationResultError
    117. 

  117. }
    118. 

  118. 

  119. var setListAPIRespNil = func(smtc *secretManagerTestCase) {
    120. 

  120. 	smtc.apiResponse = nil
    121. 

  121. 	smtc.expectError = errAuth
    122. 

  122. 	smtc.expectedValidationResult = esv1beta1.ValidationResultError
    123. 

  123. }
    124. 

  124. 

  125. var setListAPIRespBadCode = func(smtc *secretManagerTestCase) {
    126. 

  126. 	smtc.apiResponse.StatusCode = http.StatusUnauthorized
    127. 

  127. 	smtc.expectError = errAuth
    128. 

  128. 	smtc.expectedValidationResult = esv1beta1.ValidationResultError
    129. 

  129. }
    130. 

  130. 

  131. var setNilMockClient = func(smtc *secretManagerTestCase) {
    132. 

  132. 	smtc.mockClient = nil
    133. 

  133. 	smtc.expectError = errUninitalizedGitlabProvider
    134. 

  134. }
    135. 

  135. 

  136. // test the sm<->gcp interface
    137. 

  137. // make sure correct values are passed and errors are handled accordingly.
    138. 

  138. func TestGitlabSecretManagerGetSecret(t *testing.T) {
    139. 

  139. 	secretValue := "changedvalue"
    140. 

  140. 	// good case: default version is set
    141. 

  141. 	// key is passed in, output is sent back
    142. 

  142. 

  143. 	setSecretString := func(smtc *secretManagerTestCase) {
    144. 

  144. 		smtc.apiOutput = &gitlab.ProjectVariable{
    145. 

  145. 			Key:   "testkey",
    146. 

  146. 			Value: "changedvalue",
    147. 

  147. 		}
    148. 

  148. 		smtc.expectedSecret = secretValue
    149. 

  149. 	}
    150. 

  150. 

  151. 	successCases := []*secretManagerTestCase{
    152. 

  152. 		makeValidSecretManagerTestCaseCustom(setSecretString),
    153. 

  153. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    154. 

  154. 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
    155. 

  155. 	}
    156. 

  156. 

  157. 	sm := Gitlab{}
    158. 

  158. 	for k, v := range successCases {
    159. 

  159. 		sm.client = v.mockClient
    160. 

  160. 		out, err := sm.GetSecret(context.Background(), *v.ref)
    161. 

  161. 		if !ErrorContains(err, v.expectError) {
    162. 

  162. 			t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError)
    163. 

  163. 		}
    164. 

  164. 		if string(out) != v.expectedSecret {
    165. 

  165. 			t.Errorf("[%d] unexpected secret: expected %s, got %s", k, v.expectedSecret, string(out))
    166. 

  166. 		}
    167. 

  167. 	}
    168. 

  168. }
    169. 

  169. 

  170. func TestValidate(t *testing.T) {
    171. 

  171. 	successCases := []*secretManagerTestCase{
    172. 

  172. 		makeValidSecretManagerTestCaseCustom(),
    173. 

  173. 		makeValidSecretManagerTestCaseCustom(setListAPIErr),
    174. 

  174. 		makeValidSecretManagerTestCaseCustom(setListAPIRespNil),
    175. 

  175. 		makeValidSecretManagerTestCaseCustom(setListAPIRespBadCode),
    176. 

  176. 	}
    177. 

  177. 	sm := Gitlab{}
    178. 

  178. 	for k, v := range successCases {
    179. 

  179. 		sm.client = v.mockClient
    180. 

  180. 		t.Logf("%+v", v)
    181. 

  181. 		validationResult, err := sm.Validate()
    182. 

  182. 		if !ErrorContains(err, v.expectError) {
    183. 

  183. 			t.Errorf("[%d], unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError)
    184. 

  184. 		}
    185. 

  185. 		if validationResult != v.expectedValidationResult {
    186. 

  186. 			t.Errorf("[%d], unexpected validationResult: %s, expected: '%s'", k, validationResult, v.expectedValidationResult)
    187. 

  187. 		}
    188. 

  188. 	}
    189. 

  189. }
    190. 

  190. 

  191. func TestGetSecretMap(t *testing.T) {
    192. 

  192. 	// good case: default version & deserialization
    193. 

  193. 	setDeserialization := func(smtc *secretManagerTestCase) {
    194. 

  194. 		smtc.apiOutput.Value = `{"foo":"bar"}`
    195. 

  195. 		smtc.expectedData["foo"] = []byte("bar")
    196. 

  196. 	}
    197. 

  197. 

  198. 	// bad case: invalid json
    199. 

  199. 	setInvalidJSON := func(smtc *secretManagerTestCase) {
    200. 

  200. 		smtc.apiOutput.Value = `-----------------`
    201. 

  201. 		smtc.expectError = "unable to unmarshal secret"
    202. 

  202. 	}
    203. 

  203. 

  204. 	successCases := []*secretManagerTestCase{
    205. 

  205. 		makeValidSecretManagerTestCaseCustom(setDeserialization),
    206. 

  206. 		makeValidSecretManagerTestCaseCustom(setInvalidJSON),
    207. 

  207. 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
    208. 

  208. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    209. 

  209. 	}
    210. 

  210. 

  211. 	sm := Gitlab{}
    212. 

  212. 	for k, v := range successCases {
    213. 

  213. 		sm.client = v.mockClient
    214. 

  214. 		out, err := sm.GetSecretMap(context.Background(), *v.ref)
    215. 

  215. 		if !ErrorContains(err, v.expectError) {
    216. 

  216. 			t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError)
    217. 

  217. 		}
    218. 

  218. 		if err == nil && !reflect.DeepEqual(out, v.expectedData) {
    219. 

  219. 			t.Errorf("[%d] unexpected secret data: expected %#v, got %#v", k, v.expectedData, out)
    220. 

  220. 		}
    221. 

  221. 	}
    222. 

  222. }
    223. 

  223. 

  224. func ErrorContains(out error, want string) bool {
    225. 

  225. 	if out == nil {
    226. 

  226. 		return want == ""
    227. 

  227. 	}
    228. 

  228. 	if want == "" {
    229. 

  229. 		return false
    230. 

  230. 	}
    231. 

  231. 	return strings.Contains(out.Error(), want)
    232. 

  232. }
    233.