Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 8e953c750f
Branches Tags
helm-externa...
/
pkg
/
provider
/
kubernetes
/
provider_test.go

provider_test.go 7.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package kubernetes
    16. 

  16. 

  17. import (
    18. 

  18. 	"context"
    19. 

  19. 	"testing"
    20. 

  20. 

  21. 	"github.com/stretchr/testify/assert"
    22. 

  22. 	corev1 "k8s.io/api/core/v1"
    23. 

  23. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    24. 

  24. 	"k8s.io/client-go/kubernetes"
    25. 

  25. 	clientgofake "k8s.io/client-go/kubernetes/fake"
    26. 

  26. 	pointer "k8s.io/utils/ptr"
    27. 

  27. 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
    28. 

  28. 	fclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
    29. 

  29. 

  30. 	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    31. 

  31. 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
    32. 

  32. )
    33. 

  33. 

  34. const (
    35. 

  35. 	testCertificate = `-----BEGIN CERTIFICATE-----
    36. 

  36. MIIDHTCCAgWgAwIBAgIRAKC4yxy9QGocND+6avTf7BgwDQYJKoZIhvcNAQELBQAw
    37. 

  37. EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0yMTAzMjAyMDA4MDhaFw0yMTAzMjAyMDM4
    38. 

  38. MDhaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
    39. 

  39. ggEKAoIBAQC3o6/JdZEqNbqNRkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4Nzj
    40. 

  40. aG15owr92/11W0pxPUliRLti3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvW
    41. 

  41. Y8jh8A0LQALZiV/9QsrJdXZdS47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE
    42. 

  42. 1gEDqnKfRxXI8DEQKXr+CKPUwCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4e
    43. 

  43. ugHe52vXHdh/HJ9VjNp0xOH1waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJa
    44. 

  44. YOOonQSEswveSv6PcG9AHvpNPot2Xs6hAgMBAAGjbjBsMA4GA1UdDwEB/wQEAwIC
    45. 

  45. pDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    46. 

  46. BBR00805mrpoonp95RmC3B6oLl+cGTAVBgNVHREEDjAMggpnb29ibGUuY29tMA0G
    47. 

  47. CSqGSIb3DQEBCwUAA4IBAQAipc1b6JrEDayPjpz5GM5krcI8dCWVd8re0a9bGjjN
    48. 

  48. ioWGlu/eTr5El0ffwCNZ2WLmL9rewfHf/bMvYz3ioFZJ2OTxfazqYXNggQz6cMfa
    49. 

  49. lbedDCdt5XLVX2TyerGvFram+9Uyvk3l0uM7rZnwAmdirG4Tv94QRaD3q4xTj/c0
    50. 

  50. mv+AggtK0aRFb9o47z/BypLdk5mhbf3Mmr88C8XBzEnfdYyf4JpTlZrYLBmDCu5d
    51. 

  51. 9RLLsjXxhag8xqMtd1uLUM8XOTGzVWacw8iGY+CTtBKqyA+AE6/bDwZvEwVtsKtC
    52. 

  52. QJ85ioEpy00NioqcF0WyMZH80uMsPycfpnl5uF7RkW8u
    53. 

  53. -----END CERTIFICATE-----`
    54. 

  54. 	testKubeConfig = `apiVersion: v1
    55. 

  55. clusters:
    56. 

  56. - cluster:
    57. 

  57.     server: https://api.my-domain.tld
    58. 

  58.   name: mycluster
    59. 

  59. contexts:
    60. 

  60. - context:
    61. 

  61.     cluster: mycluster
    62. 

  62.     user: myuser
    63. 

  63.   name: mycontext
    64. 

  64. current-context: mycontext
    65. 

  65. kind: Config
    66. 

  66. preferences: {}
    67. 

  67. users:
    68. 

  68. - name: myuser
    69. 

  69.   user:
    70. 

  70.     token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE3MTkzOTY4OTksImV4cCI6MTc1MDkzMjg4NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.xXrfIl0akhfjWU_BDl7Ad54SXje0YlJdnugzwh96VmM
    71. 

  71. `
    72. 

  72. )
    73. 

  73. 

  74. func TestNewClient(t *testing.T) {
    75. 

  75. 	type fields struct {
    76. 

  76. 		Client       KClient
    77. 

  77. 		ReviewClient RClient
    78. 

  78. 		Namespace    string
    79. 

  79. 	}
    80. 

  80. 	type args struct {
    81. 

  81. 		store     esv1.GenericStore
    82. 

  82. 		kube      kclient.Client
    83. 

  83. 		clientset kubernetes.Interface
    84. 

  84. 		namespace string
    85. 

  85. 	}
    86. 

  86. 	tests := []struct {
    87. 

  87. 		name    string
    88. 

  88. 		fields  fields
    89. 

  89. 		args    args
    90. 

  90. 		want    bool
    91. 

  91. 		wantErr bool
    92. 

  92. 	}{
    93. 

  93. 		{
    94. 

  94. 			name:   "invalid store",
    95. 

  95. 			fields: fields{},
    96. 

  96. 			args: args{
    97. 

  97. 				store: &esv1.ClusterSecretStore{
    98. 

  98. 					TypeMeta: metav1.TypeMeta{
    99. 

  99. 						Kind: esv1.ClusterSecretStoreKind,
    100. 

  100. 					},
    101. 

  101. 					Spec: esv1.SecretStoreSpec{
    102. 

  102. 						Provider: &esv1.SecretStoreProvider{},
    103. 

  103. 					},
    104. 

  104. 				},
    105. 

  105. 				kube: fclient.NewClientBuilder().Build(),
    106. 

  106. 			},
    107. 

  107. 			wantErr: true,
    108. 

  108. 		},
    109. 

  109. 		{
    110. 

  110. 			name:   "test auth ref",
    111. 

  111. 			fields: fields{},
    112. 

  112. 			args: args{
    113. 

  113. 				store: &esv1.ClusterSecretStore{
    114. 

  114. 					TypeMeta: metav1.TypeMeta{
    115. 

  115. 						Kind: esv1.ClusterSecretStoreKind,
    116. 

  116. 					},
    117. 

  117. 					Spec: esv1.SecretStoreSpec{
    118. 

  118. 						Provider: &esv1.SecretStoreProvider{
    119. 

  119. 							Kubernetes: &esv1.KubernetesProvider{
    120. 

  120. 								AuthRef: &v1.SecretKeySelector{
    121. 

  121. 									Name:      "foo",
    122. 

  122. 									Namespace: pointer.To("default"),
    123. 

  123. 									Key:       "config",
    124. 

  124. 								},
    125. 

  125. 							},
    126. 

  126. 						},
    127. 

  127. 					},
    128. 

  128. 				},
    129. 

  129. 				namespace: "",
    130. 

  130. 				kube: fclient.NewClientBuilder().WithObjects(&corev1.Secret{
    131. 

  131. 					ObjectMeta: metav1.ObjectMeta{
    132. 

  132. 						Name:      "foo",
    133. 

  133. 						Namespace: "default",
    134. 

  134. 					},
    135. 

  135. 					Data: map[string][]byte{
    136. 

  136. 						"config": []byte(testKubeConfig),
    137. 

  137. 					},
    138. 

  138. 				}).Build(),
    139. 

  139. 				clientset: clientgofake.NewSimpleClientset(),
    140. 

  140. 			},
    141. 

  141. 			want: true,
    142. 

  142. 		},
    143. 

  143. 		{
    144. 

  144. 			name:   "test referent auth return",
    145. 

  145. 			fields: fields{},
    146. 

  146. 			args: args{
    147. 

  147. 				store: &esv1.ClusterSecretStore{
    148. 

  148. 					TypeMeta: metav1.TypeMeta{
    149. 

  149. 						Kind: esv1.ClusterSecretStoreKind,
    150. 

  150. 					},
    151. 

  151. 					Spec: esv1.SecretStoreSpec{
    152. 

  152. 						Provider: &esv1.SecretStoreProvider{
    153. 

  153. 							Kubernetes: &esv1.KubernetesProvider{
    154. 

  154. 								Server: esv1.KubernetesServer{
    155. 

  155. 									URL:      "https://my.test.tld",
    156. 

  156. 									CABundle: []byte(testCertificate),
    157. 

  157. 								},
    158. 

  158. 								Auth: &esv1.KubernetesAuth{
    159. 

  159. 									Token: &esv1.TokenAuth{
    160. 

  160. 										BearerToken: v1.SecretKeySelector{
    161. 

  161. 											Name: "foo",
    162. 

  162. 											Key:  "token",
    163. 

  163. 										},
    164. 

  164. 									},
    165. 

  165. 								},
    166. 

  166. 							},
    167. 

  167. 						},
    168. 

  168. 					},
    169. 

  169. 				},
    170. 

  170. 				namespace: "",
    171. 

  171. 				kube:      fclient.NewClientBuilder().Build(),
    172. 

  172. 				clientset: clientgofake.NewSimpleClientset(),
    173. 

  173. 			},
    174. 

  174. 			want: true,
    175. 

  175. 		},
    176. 

  176. 		{
    177. 

  177. 			name:   "auth fail results in error",
    178. 

  178. 			fields: fields{},
    179. 

  179. 			args: args{
    180. 

  180. 				store: &esv1.ClusterSecretStore{
    181. 

  181. 					TypeMeta: metav1.TypeMeta{
    182. 

  182. 						Kind: esv1.ClusterSecretStoreKind,
    183. 

  183. 					},
    184. 

  184. 					Spec: esv1.SecretStoreSpec{
    185. 

  185. 						Provider: &esv1.SecretStoreProvider{
    186. 

  186. 							Kubernetes: &esv1.KubernetesProvider{
    187. 

  187. 								Server: esv1.KubernetesServer{
    188. 

  188. 									URL:      "https://my.test.tld",
    189. 

  189. 									CABundle: []byte(testCertificate),
    190. 

  190. 								},
    191. 

  191. 								RemoteNamespace: "remote",
    192. 

  192. 								Auth: &esv1.KubernetesAuth{
    193. 

  193. 									Token: &esv1.TokenAuth{
    194. 

  194. 										BearerToken: v1.SecretKeySelector{
    195. 

  195. 											Name:      "foo",
    196. 

  196. 											Namespace: pointer.To("default"),
    197. 

  197. 											Key:       "token",
    198. 

  198. 										},
    199. 

  199. 									},
    200. 

  200. 								},
    201. 

  201. 							},
    202. 

  202. 						},
    203. 

  203. 					},
    204. 

  204. 				},
    205. 

  205. 				namespace: "foobarothernamespace",
    206. 

  206. 				clientset: clientgofake.NewSimpleClientset(),
    207. 

  207. 				kube:      fclient.NewClientBuilder().Build(),
    208. 

  208. 			},
    209. 

  209. 			wantErr: true,
    210. 

  210. 		},
    211. 

  211. 		{
    212. 

  212. 			name:   "test auth",
    213. 

  213. 			fields: fields{},
    214. 

  214. 			args: args{
    215. 

  215. 				store: &esv1.ClusterSecretStore{
    216. 

  216. 					TypeMeta: metav1.TypeMeta{
    217. 

  217. 						Kind: esv1.ClusterSecretStoreKind,
    218. 

  218. 					},
    219. 

  219. 					Spec: esv1.SecretStoreSpec{
    220. 

  220. 						Provider: &esv1.SecretStoreProvider{
    221. 

  221. 							Kubernetes: &esv1.KubernetesProvider{
    222. 

  222. 								Server: esv1.KubernetesServer{
    223. 

  223. 									URL:      "https://my.test.tld",
    224. 

  224. 									CABundle: []byte(testCertificate),
    225. 

  225. 								},
    226. 

  226. 								RemoteNamespace: "remote",
    227. 

  227. 								Auth: &esv1.KubernetesAuth{
    228. 

  228. 									Token: &esv1.TokenAuth{
    229. 

  229. 										BearerToken: v1.SecretKeySelector{
    230. 

  230. 											Name:      "foo",
    231. 

  231. 											Namespace: pointer.To("default"),
    232. 

  232. 											Key:       "token",
    233. 

  233. 										},
    234. 

  234. 									},
    235. 

  235. 								},
    236. 

  236. 							},
    237. 

  237. 						},
    238. 

  238. 					},
    239. 

  239. 				},
    240. 

  240. 				namespace: "foobarothernamespace",
    241. 

  241. 				clientset: clientgofake.NewSimpleClientset(),
    242. 

  242. 				kube: fclient.NewClientBuilder().WithObjects(&corev1.Secret{
    243. 

  243. 					ObjectMeta: metav1.ObjectMeta{
    244. 

  244. 						Name:      "foo",
    245. 

  245. 						Namespace: "default",
    246. 

  246. 					},
    247. 

  247. 					Data: map[string][]byte{
    248. 

  248. 						"token": []byte("1234"),
    249. 

  249. 					},
    250. 

  250. 				}).Build(),
    251. 

  251. 			},
    252. 

  252. 			want: true,
    253. 

  253. 		},
    254. 

  254. 	}
    255. 

  255. 	for _, tt := range tests {
    256. 

  256. 		t.Run(tt.name, func(t *testing.T) {
    257. 

  257. 			got, err := (&Provider{}).newClient(context.Background(), tt.args.store, tt.args.kube, tt.args.clientset, tt.args.namespace)
    258. 

  258. 			if (err != nil) != tt.wantErr {
    259. 

  259. 				t.Errorf("ProviderKubernetes.NewClient() error = %v, wantErr %v", err, tt.wantErr)
    260. 

  260. 				return
    261. 

  261. 			}
    262. 

  262. 			if tt.want {
    263. 

  263. 				assert.NotNil(t, got)
    264. 

  264. 			} else {
    265. 

  265. 				assert.Nil(t, got)
    266. 

  266. 			}
    267. 

  267. 		})
    268. 

  268. 	}
    269. 

  269. }
    270.