Halaman utama Jelajahi Bantuan
Masuk
logic855
/
helm-external-secrets
cermin dari https://github.com/external-secrets/external-secrets
1
0
Fork 0
Berkas Masalah 0 Wiki
Pohon: 73be01d492
Ranting Tag
helm-externa...
/
pkg
/
provider
/
gcp
/
secretmanager
/
secretsmanager_test.go

secretsmanager_test.go 6.0 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. package secretmanager
    15. 

  15. 

  16. import (
    17. 

  17. 	"context"
    18. 

  18. 	"fmt"
    19. 

  19. 	"reflect"
    20. 

  20. 	"strings"
    21. 

  21. 	"testing"
    22. 

  22. 

  23. 	secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
    24. 

  24. 

  25. 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
    26. 

  26. 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager/fake"
    27. 

  27. )
    28. 

  28. 

  29. type secretManagerTestCase struct {
    30. 

  30. 	mockClient     *fakesm.MockSMClient
    31. 

  31. 	apiInput       *secretmanagerpb.AccessSecretVersionRequest
    32. 

  32. 	apiOutput      *secretmanagerpb.AccessSecretVersionResponse
    33. 

  33. 	ref            *esv1alpha1.ExternalSecretDataRemoteRef
    34. 

  34. 	projectID      string
    35. 

  35. 	apiErr         error
    36. 

  36. 	expectError    string
    37. 

  37. 	expectedSecret string
    38. 

  38. 	// for testing secretmap
    39. 

  39. 	expectedData map[string][]byte
    40. 

  40. }
    41. 

  41. 

  42. func makeValidSecretManagerTestCase() *secretManagerTestCase {
    43. 

  43. 	smtc := secretManagerTestCase{
    44. 

  44. 		mockClient:     &fakesm.MockSMClient{},
    45. 

  45. 		apiInput:       makeValidAPIInput(),
    46. 

  46. 		ref:            makeValidRef(),
    47. 

  47. 		apiOutput:      makeValidAPIOutput(),
    48. 

  48. 		projectID:      "default",
    49. 

  49. 		apiErr:         nil,
    50. 

  50. 		expectError:    "",
    51. 

  51. 		expectedSecret: "",
    52. 

  52. 		expectedData:   map[string][]byte{},
    53. 

  53. 	}
    54. 

  54. 	smtc.mockClient.NilClose()
    55. 

  55. 	smtc.mockClient.WithValue(context.Background(), smtc.apiInput, smtc.apiOutput, smtc.apiErr)
    56. 

  56. 	return &smtc
    57. 

  57. }
    58. 

  58. 

  59. func makeValidRef() *esv1alpha1.ExternalSecretDataRemoteRef {
    60. 

  60. 	return &esv1alpha1.ExternalSecretDataRemoteRef{
    61. 

  61. 		Key:     "/baz",
    62. 

  62. 		Version: "default",
    63. 

  63. 	}
    64. 

  64. }
    65. 

  65. 

  66. func makeValidAPIInput() *secretmanagerpb.AccessSecretVersionRequest {
    67. 

  67. 	return &secretmanagerpb.AccessSecretVersionRequest{
    68. 

  68. 		Name: "projects/default/secrets//baz/versions/default",
    69. 

  69. 	}
    70. 

  70. }
    71. 

  71. 

  72. func makeValidAPIOutput() *secretmanagerpb.AccessSecretVersionResponse {
    73. 

  73. 	return &secretmanagerpb.AccessSecretVersionResponse{
    74. 

  74. 		Payload: &secretmanagerpb.SecretPayload{
    75. 

  75. 			Data: []byte{},
    76. 

  76. 		},
    77. 

  77. 	}
    78. 

  78. }
    79. 

  79. 

  80. func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTestCase)) *secretManagerTestCase {
    81. 

  81. 	smtc := makeValidSecretManagerTestCase()
    82. 

  82. 	for _, fn := range tweaks {
    83. 

  83. 		fn(smtc)
    84. 

  84. 	}
    85. 

  85. 	smtc.mockClient.WithValue(context.Background(), smtc.apiInput, smtc.apiOutput, smtc.apiErr)
    86. 

  86. 	return smtc
    87. 

  87. }
    88. 

  88. 

  89. // This case can be shared by both GetSecret and GetSecretMap tests.
    90. 

  90. // bad case: set apiErr.
    91. 

  91. var setAPIErr = func(smtc *secretManagerTestCase) {
    92. 

  92. 	smtc.apiErr = fmt.Errorf("oh no")
    93. 

  93. 	smtc.expectError = "oh no"
    94. 

  94. }
    95. 

  95. 

  96. // test the sm<->gcp interface
    97. 

  97. // make sure correct values are passed and errors are handled accordingly.
    98. 

  98. func TestSecretManagerGetSecret(t *testing.T) {
    99. 

  99. 	// good case: default version is set
    100. 

  100. 	// key is passed in, output is sent back
    101. 

  101. 	setSecretString := func(smtc *secretManagerTestCase) {
    102. 

  102. 		smtc.apiOutput.Payload.Data = []byte("testtesttest")
    103. 

  103. 		smtc.expectedSecret = "testtesttest"
    104. 

  104. 	}
    105. 

  105. 

  106. 	// good case: ref with
    107. 

  107. 	setCustomRef := func(smtc *secretManagerTestCase) {
    108. 

  108. 		smtc.ref = &esv1alpha1.ExternalSecretDataRemoteRef{
    109. 

  109. 			Key:      "/baz",
    110. 

  110. 			Version:  "default",
    111. 

  111. 			Property: "name.first",
    112. 

  112. 		}
    113. 

  113. 		smtc.apiInput.Name = "projects/default/secrets//baz/versions/default"
    114. 

  114. 		smtc.apiOutput.Payload.Data = []byte(
    115. 

  115. 			`{
    116. 

  116. 			"name": {"first": "Tom", "last": "Anderson"},
    117. 

  117. 			"friends": [
    118. 

  118. 				{"first": "Dale", "last": "Murphy"},
    119. 

  119. 				{"first": "Roger", "last": "Craig"},
    120. 

  120. 				{"first": "Jane", "last": "Murphy"}
    121. 

  121. 			]
    122. 

  122.         }`)
    123. 

  123. 		smtc.expectedSecret = "Tom"
    124. 

  124. 	}
    125. 

  125. 

  126. 	// good case: custom version set
    127. 

  127. 	setCustomVersion := func(smtc *secretManagerTestCase) {
    128. 

  128. 		smtc.ref.Version = "1234"
    129. 

  129. 		smtc.apiInput.Name = "projects/default/secrets//baz/versions/1234"
    130. 

  130. 		smtc.apiOutput.Payload.Data = []byte("FOOBA!")
    131. 

  131. 		smtc.expectedSecret = "FOOBA!"
    132. 

  132. 	}
    133. 

  133. 

  134. 	successCases := []*secretManagerTestCase{
    135. 

  135. 		makeValidSecretManagerTestCase(),
    136. 

  136. 		makeValidSecretManagerTestCaseCustom(setSecretString),
    137. 

  137. 		makeValidSecretManagerTestCaseCustom(setCustomVersion),
    138. 

  138. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    139. 

  139. 		makeValidSecretManagerTestCaseCustom(setCustomRef),
    140. 

  140. 	}
    141. 

  141. 

  142. 	sm := ProviderGCP{}
    143. 

  143. 	for k, v := range successCases {
    144. 

  144. 		sm.projectID = v.projectID
    145. 

  145. 		sm.SecretManagerClient = v.mockClient
    146. 

  146. 		out, err := sm.GetSecret(context.Background(), *v.ref)
    147. 

  147. 		if !ErrorContains(err, v.expectError) {
    148. 

  148. 			t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError)
    149. 

  149. 		}
    150. 

  150. 		if string(out) != v.expectedSecret {
    151. 

  151. 			t.Errorf("[%d] unexpected secret: expected %s, got %s", k, v.expectedSecret, string(out))
    152. 

  152. 		}
    153. 

  153. 	}
    154. 

  154. }
    155. 

  155. 

  156. func TestGetSecretMap(t *testing.T) {
    157. 

  157. 	// good case: default version & deserialization
    158. 

  158. 	setDeserialization := func(smtc *secretManagerTestCase) {
    159. 

  159. 		smtc.apiOutput.Payload.Data = []byte(`{"foo":"bar"}`)
    160. 

  160. 		smtc.expectedData["foo"] = []byte("bar")
    161. 

  161. 	}
    162. 

  162. 

  163. 	// bad case: invalid json
    164. 

  164. 	setInvalidJSON := func(smtc *secretManagerTestCase) {
    165. 

  165. 		smtc.apiOutput.Payload.Data = []byte(`-----------------`)
    166. 

  166. 		smtc.expectError = "unable to unmarshal secret"
    167. 

  167. 	}
    168. 

  168. 

  169. 	successCases := []*secretManagerTestCase{
    170. 

  170. 		makeValidSecretManagerTestCaseCustom(setDeserialization),
    171. 

  171. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    172. 

  172. 		makeValidSecretManagerTestCaseCustom(setInvalidJSON),
    173. 

  173. 	}
    174. 

  174. 

  175. 	sm := ProviderGCP{}
    176. 

  176. 	for k, v := range successCases {
    177. 

  177. 		sm.projectID = v.projectID
    178. 

  178. 		sm.SecretManagerClient = v.mockClient
    179. 

  179. 		out, err := sm.GetSecretMap(context.Background(), *v.ref)
    180. 

  180. 		if !ErrorContains(err, v.expectError) {
    181. 

  181. 			t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError)
    182. 

  182. 		}
    183. 

  183. 		if err == nil && !reflect.DeepEqual(out, v.expectedData) {
    184. 

  184. 			t.Errorf("[%d] unexpected secret data: expected %#v, got %#v", k, v.expectedData, out)
    185. 

  185. 		}
    186. 

  186. 	}
    187. 

  187. }
    188. 

  188. 

  189. func ErrorContains(out error, want string) bool {
    190. 

  190. 	if out == nil {
    191. 

  191. 		return want == ""
    192. 

  192. 	}
    193. 

  193. 	if want == "" {
    194. 

  194. 		return false
    195. 

  195. 	}
    196. 

  196. 	return strings.Contains(out.Error(), want)
    197. 

  197. }
    198.