Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 936d65c3d5
Branches Tags
helm-externa...
/
pkg
/
provider
/
ibm
/
provider_test.go

provider_test.go 45 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package ibm
    16. 

  16. 

  17. import (
    18. 

  18. 	"bytes"
    19. 

  19. 	"context"
    20. 

  20. 	"encoding/json"
    21. 

  21. 	"errors"
    22. 

  22. 	"fmt"
    23. 

  23. 	"reflect"
    24. 

  24. 	"strconv"
    25. 

  25. 	"strings"
    26. 

  26. 	"testing"
    27. 

  27. 

  28. 	"github.com/IBM/go-sdk-core/v5/core"
    29. 

  29. 	sm "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2"
    30. 

  30. 	"github.com/go-openapi/strfmt"
    31. 

  31. 	corev1 "k8s.io/api/core/v1"
    32. 

  32. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    33. 

  33. 	utilpointer "k8s.io/utils/ptr"
    34. 

  34. 	clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
    35. 

  35. 

  36. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    37. 

  37. 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
    38. 

  38. 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/ibm/fake"
    39. 

  39. )
    40. 

  40. 

  41. const (
    42. 

  42. 	errExpectedErr       = "wanted error got nil"
    43. 

  43. 	secretKey            = "test-secret"
    44. 

  44. 	secretUUID           = "d5deb37a-7883-4fe2-a5e7-3c15420adc76"
    45. 

  45. 	iamCredentialsSecret = "iam_credentials/"
    46. 

  46. )
    47. 

  47. 

  48. type secretManagerTestCase struct {
    49. 

  49. 	name            string
    50. 

  50. 	mockClient      *fakesm.IBMMockClient
    51. 

  51. 	apiInput        *sm.GetSecretOptions
    52. 

  52. 	apiOutput       sm.SecretIntf
    53. 

  53. 	getByNameInput  *sm.GetSecretByNameTypeOptions
    54. 

  54. 	getByNameOutput sm.SecretIntf
    55. 

  55. 	getByNameError  error
    56. 

  56. 	ref             *esv1beta1.ExternalSecretDataRemoteRef
    57. 

  57. 	serviceURL      *string
    58. 

  58. 	apiErr          error
    59. 

  59. 	expectError     string
    60. 

  60. 	expectedSecret  string
    61. 

  61. 	// for testing secretmap
    62. 

  62. 	expectedData map[string][]byte
    63. 

  63. }
    64. 

  64. 

  65. func makeValidSecretManagerTestCase() *secretManagerTestCase {
    66. 

  66. 	smtc := secretManagerTestCase{
    67. 

  67. 		mockClient:      &fakesm.IBMMockClient{},
    68. 

  68. 		apiInput:        makeValidAPIInput(),
    69. 

  69. 		ref:             makeValidRef(),
    70. 

  70. 		apiOutput:       makeValidAPIOutput(),
    71. 

  71. 		getByNameInput:  makeValidGetByNameInput(),
    72. 

  72. 		getByNameOutput: makeValidAPIOutput(),
    73. 

  73. 		getByNameError:  nil,
    74. 

  74. 		serviceURL:      nil,
    75. 

  75. 		apiErr:          nil,
    76. 

  76. 		expectError:     "",
    77. 

  77. 		expectedSecret:  "",
    78. 

  78. 		expectedData:    map[string][]byte{},
    79. 

  79. 	}
    80. 

  80. 	mcParams := fakesm.IBMMockClientParams{
    81. 

  81. 		GetSecretOptions:       smtc.apiInput,
    82. 

  82. 		GetSecretOutput:        smtc.apiOutput,
    83. 

  83. 		GetSecretErr:           smtc.apiErr,
    84. 

  84. 		GetSecretByNameOptions: smtc.getByNameInput,
    85. 

  85. 		GetSecretByNameOutput:  smtc.getByNameOutput,
    86. 

  86. 		GetSecretByNameErr:     smtc.getByNameError,
    87. 

  87. 	}
    88. 

  88. 	smtc.mockClient.WithValue(mcParams)
    89. 

  89. 	return &smtc
    90. 

  90. }
    91. 

  91. 

  92. func makeValidRef() *esv1beta1.ExternalSecretDataRemoteRef {
    93. 

  93. 	return &esv1beta1.ExternalSecretDataRemoteRef{
    94. 

  94. 		Key:     secretUUID,
    95. 

  95. 		Version: "default",
    96. 

  96. 	}
    97. 

  97. }
    98. 

  98. 

  99. func makeValidAPIInput() *sm.GetSecretOptions {
    100. 

  100. 	return &sm.GetSecretOptions{
    101. 

  101. 		ID: utilpointer.To(secretUUID),
    102. 

  102. 	}
    103. 

  103. }
    104. 

  104. 

  105. func makeValidAPIOutput() sm.SecretIntf {
    106. 

  106. 	secret := &sm.Secret{
    107. 

  107. 		SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    108. 

  108. 		Name:       utilpointer.To("testyname"),
    109. 

  109. 		ID:         utilpointer.To(secretUUID),
    110. 

  110. 	}
    111. 

  111. 	var i sm.SecretIntf = secret
    112. 

  112. 	return i
    113. 

  113. }
    114. 

  114. 

  115. func makeValidGetByNameInput() *sm.GetSecretByNameTypeOptions {
    116. 

  116. 	return &sm.GetSecretByNameTypeOptions{}
    117. 

  117. }
    118. 

  118. 

  119. func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTestCase)) *secretManagerTestCase {
    120. 

  120. 	smtc := makeValidSecretManagerTestCase()
    121. 

  121. 	for _, fn := range tweaks {
    122. 

  122. 		fn(smtc)
    123. 

  123. 	}
    124. 

  124. 	mcParams := fakesm.IBMMockClientParams{
    125. 

  125. 		GetSecretOptions:       smtc.apiInput,
    126. 

  126. 		GetSecretOutput:        smtc.apiOutput,
    127. 

  127. 		GetSecretErr:           smtc.apiErr,
    128. 

  128. 		GetSecretByNameOptions: smtc.getByNameInput,
    129. 

  129. 		GetSecretByNameOutput:  smtc.getByNameOutput,
    130. 

  130. 		GetSecretByNameErr:     smtc.apiErr,
    131. 

  131. 	}
    132. 

  132. 	smtc.mockClient.WithValue(mcParams)
    133. 

  133. 	return smtc
    134. 

  134. }
    135. 

  135. 

  136. // This case can be shared by both GetSecret and GetSecretMap tests.
    137. 

  137. // bad case: set apiErr.
    138. 

  138. var setAPIErr = func(smtc *secretManagerTestCase) {
    139. 

  139. 	smtc.apiErr = errors.New("oh no")
    140. 

  140. 	smtc.expectError = "oh no"
    141. 

  141. }
    142. 

  142. 

  143. var setNilMockClient = func(smtc *secretManagerTestCase) {
    144. 

  144. 	smtc.mockClient = nil
    145. 

  145. 	smtc.expectError = errUninitializedIBMProvider
    146. 

  146. }
    147. 

  147. 

  148. // simple tests for Validate Store.
    149. 

  149. func TestValidateStore(t *testing.T) {
    150. 

  150. 	p := providerIBM{}
    151. 

  151. 	store := &esv1beta1.SecretStore{
    152. 

  152. 		Spec: esv1beta1.SecretStoreSpec{
    153. 

  153. 			Provider: &esv1beta1.SecretStoreProvider{
    154. 

  154. 				IBM: &esv1beta1.IBMProvider{},
    155. 

  155. 			},
    156. 

  156. 		},
    157. 

  157. 	}
    158. 

  158. 	_, err := p.ValidateStore(store)
    159. 

  159. 	if err == nil {
    160. 

  160. 		t.Error(errExpectedErr)
    161. 

  161. 	} else if err.Error() != "serviceURL is required" {
    162. 

  162. 		t.Errorf("service URL test failed")
    163. 

  163. 	}
    164. 

  164. 	url := "my-url"
    165. 

  165. 	store.Spec.Provider.IBM.ServiceURL = &url
    166. 

  166. 	_, err = p.ValidateStore(store)
    167. 

  167. 	if err == nil {
    168. 

  168. 		t.Error(errExpectedErr)
    169. 

  169. 	} else if err.Error() != "missing auth method" {
    170. 

  170. 		t.Errorf("KeySelector test failed: expected missing auth method, got %v", err)
    171. 

  171. 	}
    172. 

  172. 	ns := "ns-one"
    173. 

  173. 	store.Spec.Provider.IBM.Auth.SecretRef = &esv1beta1.IBMAuthSecretRef{
    174. 

  174. 		SecretAPIKey: v1.SecretKeySelector{
    175. 

  175. 			Name:      "foo",
    176. 

  176. 			Key:       "bar",
    177. 

  177. 			Namespace: &ns,
    178. 

  178. 		},
    179. 

  179. 	}
    180. 

  180. 	_, err = p.ValidateStore(store)
    181. 

  181. 	if err == nil {
    182. 

  182. 		t.Error(errExpectedErr)
    183. 

  183. 	} else if err.Error() != "namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore" {
    184. 

  184. 		t.Errorf("KeySelector test failed: expected namespace not allowed, got %v", err)
    185. 

  185. 	}
    186. 

  186. 

  187. 	// add container auth test
    188. 

  188. 	store = &esv1beta1.SecretStore{
    189. 

  189. 		Spec: esv1beta1.SecretStoreSpec{
    190. 

  190. 			Provider: &esv1beta1.SecretStoreProvider{
    191. 

  191. 				IBM: &esv1beta1.IBMProvider{
    192. 

  192. 					ServiceURL: &url,
    193. 

  193. 					Auth: esv1beta1.IBMAuth{
    194. 

  194. 						ContainerAuth: &esv1beta1.IBMAuthContainerAuth{
    195. 

  195. 							Profile:       "Trusted IAM Profile",
    196. 

  196. 							TokenLocation: "/a/path/to/nowhere/that/should/exist",
    197. 

  197. 						},
    198. 

  198. 					},
    199. 

  199. 				},
    200. 

  200. 			},
    201. 

  201. 		},
    202. 

  202. 	}
    203. 

  203. 	_, err = p.ValidateStore(store)
    204. 

  204. 	expected := "cannot read container auth token"
    205. 

  205. 	if !ErrorContains(err, expected) {
    206. 

  206. 		t.Errorf("ProfileSelector test failed: %s, expected: '%s'", err.Error(), expected)
    207. 

  207. 	}
    208. 

  208. }
    209. 

  209. 

  210. // test the sm<->gcp interface
    211. 

  211. // make sure correct values are passed and errors are handled accordingly.
    212. 

  212. func TestIBMSecretManagerGetSecret(t *testing.T) {
    213. 

  213. 	secretString := "changedvalue"
    214. 

  214. 	secretUsername := "userName"
    215. 

  215. 	secretPassword := "P@ssw0rd"
    216. 

  216. 	secretAPIKey := "01234567890"
    217. 

  217. 	secretCertificate := "certificate_value"
    218. 

  218. 

  219. 	// good case: default version is set
    220. 

  220. 	// key is passed in, output is sent back
    221. 

  221. 	setSecretString := func(smtc *secretManagerTestCase) {
    222. 

  222. 		secret := &sm.ArbitrarySecret{
    223. 

  223. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    224. 

  224. 			Name:       utilpointer.To("testyname"),
    225. 

  225. 			ID:         utilpointer.To(secretUUID),
    226. 

  226. 			Payload:    &secretString,
    227. 

  227. 		}
    228. 

  228. 		smtc.name = "good case: default version is set"
    229. 

  229. 		smtc.apiOutput = secret
    230. 

  230. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    231. 

  231. 		smtc.expectedSecret = secretString
    232. 

  232. 	}
    233. 

  233. 

  234. 	// good case: custom version set
    235. 

  235. 	setCustomKey := func(smtc *secretManagerTestCase) {
    236. 

  236. 		secret := &sm.ArbitrarySecret{
    237. 

  237. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    238. 

  238. 			Name:       utilpointer.To("testyname"),
    239. 

  239. 			ID:         utilpointer.To(secretUUID),
    240. 

  240. 			Payload:    &secretString,
    241. 

  241. 		}
    242. 

  242. 		smtc.name = "good case: custom version set"
    243. 

  243. 		smtc.ref.Key = "arbitrary/" + secretUUID
    244. 

  244. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    245. 

  245. 		smtc.apiOutput = secret
    246. 

  246. 		smtc.expectedSecret = secretString
    247. 

  247. 	}
    248. 

  248. 

  249. 	// bad case: arbitrary type secret which is destroyed
    250. 

  250. 	badArbitSecret := func(smtc *secretManagerTestCase) {
    251. 

  251. 		secret := &sm.ArbitrarySecret{
    252. 

  252. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    253. 

  253. 			Name:       utilpointer.To("testyname"),
    254. 

  254. 			ID:         utilpointer.To(secretUUID),
    255. 

  255. 		}
    256. 

  256. 		smtc.name = "bad case: arbitrary type without property"
    257. 

  257. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    258. 

  258. 		smtc.apiOutput = secret
    259. 

  259. 		smtc.ref.Key = secretUUID
    260. 

  260. 		smtc.expectError = "key payload does not exist in secret " + secretUUID
    261. 

  261. 	}
    262. 

  262. 

  263. 	// bad case: username_password type without property
    264. 

  264. 	secretUserPass := "username_password/" + secretUUID
    265. 

  265. 	badSecretUserPass := func(smtc *secretManagerTestCase) {
    266. 

  266. 		secret := &sm.UsernamePasswordSecret{
    267. 

  267. 			SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    268. 

  268. 			Name:       utilpointer.To("testyname"),
    269. 

  269. 			ID:         utilpointer.To(secretUUID),
    270. 

  270. 			Username:   &secretUsername,
    271. 

  271. 			Password:   &secretPassword,
    272. 

  272. 		}
    273. 

  273. 		smtc.name = "bad case: username_password type without property"
    274. 

  274. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    275. 

  275. 		smtc.apiOutput = secret
    276. 

  276. 		smtc.ref.Key = secretUserPass
    277. 

  277. 		smtc.expectError = "remoteRef.property required for secret type username_password"
    278. 

  278. 	}
    279. 

  279. 

  280. 	// good case: username_password type with property
    281. 

  281. 	funcSetUserPass := func(secretName, property, name string) func(smtc *secretManagerTestCase) {
    282. 

  282. 		return func(smtc *secretManagerTestCase) {
    283. 

  283. 			secret := &sm.UsernamePasswordSecret{
    284. 

  284. 				SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    285. 

  285. 				Name:       utilpointer.To("testyname"),
    286. 

  286. 				ID:         utilpointer.To(secretUUID),
    287. 

  287. 				Username:   &secretUsername,
    288. 

  288. 				Password:   &secretPassword,
    289. 

  289. 			}
    290. 

  290. 			smtc.name = name
    291. 

  291. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    292. 

  292. 			smtc.apiOutput = secret
    293. 

  293. 			smtc.ref.Key = "username_password/" + secretName
    294. 

  294. 			smtc.ref.Property = property
    295. 

  295. 			if property == "username" {
    296. 

  296. 				smtc.expectedSecret = secretUsername
    297. 

  297. 			} else {
    298. 

  298. 				smtc.expectedSecret = secretPassword
    299. 

  299. 			}
    300. 

  300. 		}
    301. 

  301. 	}
    302. 

  302. 	setSecretUserPassByID := funcSetUserPass(secretUUID, "username", "good case: username_password type - get username by ID")
    303. 

  303. 

  304. 	// good case: iam_credentials type
    305. 

  305. 	funcSetSecretIam := func(secretName, name string) func(*secretManagerTestCase) {
    306. 

  306. 		return func(smtc *secretManagerTestCase) {
    307. 

  307. 			secret := &sm.IAMCredentialsSecret{
    308. 

  308. 				SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    309. 

  309. 				Name:       utilpointer.To("testyname"),
    310. 

  310. 				ID:         utilpointer.To(secretUUID),
    311. 

  311. 				ApiKey:     utilpointer.To(secretAPIKey),
    312. 

  312. 			}
    313. 

  313. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    314. 

  314. 			smtc.name = name
    315. 

  315. 			smtc.apiOutput = secret
    316. 

  316. 			smtc.ref.Key = iamCredentialsSecret + secretName
    317. 

  317. 			smtc.expectedSecret = secretAPIKey
    318. 

  318. 		}
    319. 

  319. 	}
    320. 

  320. 

  321. 	setSecretIamByID := funcSetSecretIam(secretUUID, "good case: iam_credenatials type - get API Key by ID")
    322. 

  322. 

  323. 	// good case: iam_credentials type - get API Key by name, providing the secret group ID
    324. 

  324. 	funcSetSecretIamNew := func(secretName, groupName, name string) func(*secretManagerTestCase) {
    325. 

  325. 		return func(smtc *secretManagerTestCase) {
    326. 

  326. 			secret := &sm.IAMCredentialsSecret{
    327. 

  327. 				SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    328. 

  328. 				Name:       utilpointer.To("testyname"),
    329. 

  329. 				ID:         utilpointer.To(secretUUID),
    330. 

  330. 				ApiKey:     utilpointer.To(secretAPIKey),
    331. 

  331. 			}
    332. 

  332. 			smtc.getByNameInput.Name = &secretName
    333. 

  333. 			smtc.getByNameInput.SecretGroupName = &groupName
    334. 

  334. 			smtc.getByNameInput.SecretType = utilpointer.To(sm.Secret_SecretType_IamCredentials)
    335. 

  335. 

  336. 			smtc.name = name
    337. 

  337. 			smtc.getByNameOutput = secret
    338. 

  338. 			smtc.ref.Key = groupName + "/" + iamCredentialsSecret + secretName
    339. 

  339. 			smtc.expectedSecret = secretAPIKey
    340. 

  340. 		}
    341. 

  341. 	}
    342. 

  342. 	setSecretIamByNameNew := funcSetSecretIamNew("testyname", "testGroup", "good case: iam_credenatials type - get API Key by name - new mechanism")
    343. 

  343. 

  344. 	// good case: service_credentials type
    345. 

  345. 	dummySrvCreds := &sm.ServiceCredentialsSecretCredentials{
    346. 

  346. 		Apikey: &secretAPIKey,
    347. 

  347. 	}
    348. 

  348. 

  349. 	funcSetSecretSrvCred := func(secretName, name string) func(*secretManagerTestCase) {
    350. 

  350. 		return func(smtc *secretManagerTestCase) {
    351. 

  351. 			secret := &sm.ServiceCredentialsSecret{
    352. 

  352. 				SecretType:  utilpointer.To(sm.Secret_SecretType_ServiceCredentials),
    353. 

  353. 				Name:        utilpointer.To("testyname"),
    354. 

  354. 				ID:          utilpointer.To(secretUUID),
    355. 

  355. 				Credentials: dummySrvCreds,
    356. 

  356. 			}
    357. 

  357. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    358. 

  358. 			smtc.name = name
    359. 

  359. 			smtc.apiOutput = secret
    360. 

  360. 			smtc.ref.Key = "service_credentials/" + secretName
    361. 

  361. 			smtc.expectedSecret = "{\"apikey\":\"01234567890\"}"
    362. 

  362. 		}
    363. 

  363. 	}
    364. 

  364. 

  365. 	setSecretSrvCredByID := funcSetSecretSrvCred(secretUUID, "good case: service_credentials type - get creds by ID")
    366. 

  366. 

  367. 	funcSetCertSecretTest := func(secret sm.SecretIntf, name, certType string, good bool) func(*secretManagerTestCase) {
    368. 

  368. 		return func(smtc *secretManagerTestCase) {
    369. 

  369. 			smtc.name = name
    370. 

  370. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    371. 

  371. 			smtc.apiOutput = secret
    372. 

  372. 			smtc.ref.Key = certType + "/" + secretUUID
    373. 

  373. 			if good {
    374. 

  374. 				smtc.ref.Property = "certificate"
    375. 

  375. 				smtc.expectedSecret = secretCertificate
    376. 

  376. 			} else {
    377. 

  377. 				smtc.expectError = "remoteRef.property required for secret type " + certType
    378. 

  378. 			}
    379. 

  379. 		}
    380. 

  380. 	}
    381. 

  381. 

  382. 	// good case: imported_cert type with property
    383. 

  383. 	importedCert := &sm.ImportedCertificate{
    384. 

  384. 		SecretType:   utilpointer.To(sm.Secret_SecretType_ImportedCert),
    385. 

  385. 		Name:         utilpointer.To("testyname"),
    386. 

  386. 		ID:           utilpointer.To(secretUUID),
    387. 

  387. 		Certificate:  utilpointer.To(secretCertificate),
    388. 

  388. 		Intermediate: utilpointer.To("intermediate"),
    389. 

  389. 		PrivateKey:   utilpointer.To("private_key"),
    390. 

  390. 	}
    391. 

  391. 	setSecretCert := funcSetCertSecretTest(importedCert, "good case: imported_cert type with property", sm.Secret_SecretType_ImportedCert, true)
    392. 

  392. 

  393. 	// good case: imported_cert type without a private_key
    394. 

  394. 	importedCertNoPvtKey := func(smtc *secretManagerTestCase) {
    395. 

  395. 		secret := &sm.ImportedCertificate{
    396. 

  396. 			SecretType:  utilpointer.To(sm.Secret_SecretType_ImportedCert),
    397. 

  397. 			Name:        utilpointer.To("testyname"),
    398. 

  398. 			ID:          utilpointer.To(secretUUID),
    399. 

  399. 			Certificate: utilpointer.To(secretCertificate),
    400. 

  400. 		}
    401. 

  401. 		smtc.name = "good case: imported cert without private key"
    402. 

  402. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    403. 

  403. 		smtc.apiOutput = secret
    404. 

  404. 		smtc.ref.Key = "imported_cert/" + secretUUID
    405. 

  405. 		smtc.ref.Property = "private_key"
    406. 

  406. 		smtc.expectedSecret = ""
    407. 

  407. 	}
    408. 

  408. 

  409. 	// bad case: imported_cert type without property
    410. 

  410. 	badSecretCert := funcSetCertSecretTest(importedCert, "bad case: imported_cert type without property", sm.Secret_SecretType_ImportedCert, false)
    411. 

  411. 

  412. 	// good case: public_cert type with property
    413. 

  413. 	publicCert := &sm.PublicCertificate{
    414. 

  414. 		SecretType:   utilpointer.To(sm.Secret_SecretType_PublicCert),
    415. 

  415. 		Name:         utilpointer.To("testyname"),
    416. 

  416. 		ID:           utilpointer.To(secretUUID),
    417. 

  417. 		Certificate:  utilpointer.To(secretCertificate),
    418. 

  418. 		Intermediate: utilpointer.To("intermediate"),
    419. 

  419. 		PrivateKey:   utilpointer.To("private_key"),
    420. 

  420. 	}
    421. 

  421. 	setSecretPublicCert := funcSetCertSecretTest(publicCert, "good case: public_cert type with property", sm.Secret_SecretType_PublicCert, true)
    422. 

  422. 

  423. 	// bad case: public_cert type without property
    424. 

  424. 	badSecretPublicCert := funcSetCertSecretTest(publicCert, "bad case: public_cert type without property", sm.Secret_SecretType_PublicCert, false)
    425. 

  425. 

  426. 	// good case: private_cert type with property
    427. 

  427. 	privateCert := &sm.PrivateCertificate{
    428. 

  428. 		SecretType:  utilpointer.To(sm.Secret_SecretType_PublicCert),
    429. 

  429. 		Name:        utilpointer.To("testyname"),
    430. 

  430. 		ID:          utilpointer.To(secretUUID),
    431. 

  431. 		Certificate: utilpointer.To(secretCertificate),
    432. 

  432. 		PrivateKey:  utilpointer.To("private_key"),
    433. 

  433. 	}
    434. 

  434. 	setSecretPrivateCert := funcSetCertSecretTest(privateCert, "good case: private_cert type with property", sm.Secret_SecretType_PrivateCert, true)
    435. 

  435. 

  436. 	// bad case: private_cert type without property
    437. 

  437. 	badSecretPrivateCert := funcSetCertSecretTest(privateCert, "bad case: private_cert type without property", sm.Secret_SecretType_PrivateCert, false)
    438. 

  438. 

  439. 	secretDataKV := make(map[string]any)
    440. 

  440. 	secretDataKV["key1"] = "val1"
    441. 

  441. 

  442. 	secretDataKVComplex := make(map[string]any)
    443. 

  443. 	secretKVComplex := `{"key1":"val1","key2":"val2","key3":"val3","keyC":{"keyC1":"valC1","keyC2":"valC2"},"special.log":"file-content"}`
    444. 

  444. 	json.Unmarshal([]byte(secretKVComplex), &secretDataKVComplex)
    445. 

  445. 

  446. 	secretKV := "kv/" + secretUUID
    447. 

  447. 

  448. 	// bad case: kv type with key which is not in payload
    449. 

  449. 	badSecretKV := func(smtc *secretManagerTestCase) {
    450. 

  450. 		secret := &sm.KVSecret{
    451. 

  451. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    452. 

  452. 			Name:       utilpointer.To("testyname"),
    453. 

  453. 			ID:         utilpointer.To(secretUUID),
    454. 

  454. 			Data:       secretDataKV,
    455. 

  455. 		}
    456. 

  456. 		smtc.name = "bad case: kv type with key which is not in payload"
    457. 

  457. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    458. 

  458. 		smtc.apiOutput = secret
    459. 

  459. 		smtc.ref.Key = secretKV
    460. 

  460. 		smtc.ref.Property = "other-key"
    461. 

  461. 		smtc.expectError = "key other-key does not exist in secret kv/" + secretUUID
    462. 

  462. 	}
    463. 

  463. 

  464. 	// good case: kv type with property
    465. 

  465. 	setSecretKV := func(smtc *secretManagerTestCase) {
    466. 

  466. 		secret := &sm.KVSecret{
    467. 

  467. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    468. 

  468. 			Name:       utilpointer.To("testyname"),
    469. 

  469. 			ID:         utilpointer.To(secretUUID),
    470. 

  470. 			Data:       secretDataKV,
    471. 

  471. 		}
    472. 

  472. 		smtc.name = "good case: kv type with property"
    473. 

  473. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    474. 

  474. 		smtc.apiOutput = secret
    475. 

  475. 		smtc.ref.Key = secretKV
    476. 

  476. 		smtc.ref.Property = "key1"
    477. 

  477. 		smtc.expectedSecret = "val1"
    478. 

  478. 	}
    479. 

  479. 

  480. 	// good case: kv type with property, returns specific value
    481. 

  481. 	setSecretKVWithKey := func(smtc *secretManagerTestCase) {
    482. 

  482. 		secret := &sm.KVSecret{
    483. 

  483. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    484. 

  484. 			Name:       utilpointer.To("testyname"),
    485. 

  485. 			ID:         utilpointer.To(secretUUID),
    486. 

  486. 			Data:       secretDataKVComplex,
    487. 

  487. 		}
    488. 

  488. 		smtc.name = "good case: kv type with property, returns specific value"
    489. 

  489. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    490. 

  490. 		smtc.apiOutput = secret
    491. 

  491. 		smtc.ref.Key = secretKV
    492. 

  492. 		smtc.ref.Property = "key2"
    493. 

  493. 		smtc.expectedSecret = "val2"
    494. 

  494. 	}
    495. 

  495. 

  496. 	// good case: kv type with property and path, returns specific value
    497. 

  497. 	setSecretKVWithKeyPath := func(smtc *secretManagerTestCase) {
    498. 

  498. 		secret := &sm.KVSecret{
    499. 

  499. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    500. 

  500. 			Name:       utilpointer.To("testyname"),
    501. 

  501. 			ID:         utilpointer.To(secretUUID),
    502. 

  502. 			Data:       secretDataKVComplex,
    503. 

  503. 		}
    504. 

  504. 		smtc.name = "good case: kv type with property and path, returns specific value"
    505. 

  505. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    506. 

  506. 		smtc.apiOutput = secret
    507. 

  507. 		smtc.ref.Key = secretKV
    508. 

  508. 		smtc.ref.Property = "keyC.keyC2"
    509. 

  509. 		smtc.expectedSecret = "valC2"
    510. 

  510. 	}
    511. 

  511. 

  512. 	// good case: kv type with property and dot, returns specific value
    513. 

  513. 	setSecretKVWithKeyDot := func(smtc *secretManagerTestCase) {
    514. 

  514. 		secret := &sm.KVSecret{
    515. 

  515. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    516. 

  516. 			Name:       utilpointer.To("testyname"),
    517. 

  517. 			ID:         utilpointer.To(secretUUID),
    518. 

  518. 			Data:       secretDataKVComplex,
    519. 

  519. 		}
    520. 

  520. 		smtc.name = "good case: kv type with property and dot, returns specific value"
    521. 

  521. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    522. 

  522. 		smtc.apiOutput = secret
    523. 

  523. 		smtc.ref.Key = secretKV
    524. 

  524. 		smtc.ref.Property = "special.log"
    525. 

  525. 		smtc.expectedSecret = "file-content"
    526. 

  526. 	}
    527. 

  527. 

  528. 	// good case: kv type without property, returns all
    529. 

  529. 	setSecretKVWithOutKey := func(smtc *secretManagerTestCase) {
    530. 

  530. 		secret := &sm.KVSecret{
    531. 

  531. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    532. 

  532. 			Name:       utilpointer.To("testyname"),
    533. 

  533. 			ID:         utilpointer.To(secretUUID),
    534. 

  534. 			Data:       secretDataKVComplex,
    535. 

  535. 		}
    536. 

  536. 		smtc.name = "good case: kv type without property, returns all"
    537. 

  537. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    538. 

  538. 		smtc.apiOutput = secret
    539. 

  539. 		smtc.ref.Key = secretKV
    540. 

  540. 		smtc.expectedSecret = secretKVComplex
    541. 

  541. 	}
    542. 

  542. 

  543. 	successCases := []*secretManagerTestCase{
    544. 

  544. 		makeValidSecretManagerTestCaseCustom(setSecretString),
    545. 

  545. 		makeValidSecretManagerTestCaseCustom(setCustomKey),
    546. 

  546. 		makeValidSecretManagerTestCaseCustom(badArbitSecret),
    547. 

  547. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    548. 

  548. 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
    549. 

  549. 		makeValidSecretManagerTestCaseCustom(badSecretUserPass),
    550. 

  550. 		makeValidSecretManagerTestCaseCustom(setSecretUserPassByID),
    551. 

  551. 		makeValidSecretManagerTestCaseCustom(setSecretIamByID),
    552. 

  552. 		makeValidSecretManagerTestCaseCustom(setSecretCert),
    553. 

  553. 		makeValidSecretManagerTestCaseCustom(setSecretKV),
    554. 

  554. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKey),
    555. 

  555. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKeyPath),
    556. 

  556. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKeyDot),
    557. 

  557. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithOutKey),
    558. 

  558. 		makeValidSecretManagerTestCaseCustom(badSecretKV),
    559. 

  559. 		makeValidSecretManagerTestCaseCustom(badSecretCert),
    560. 

  560. 		makeValidSecretManagerTestCaseCustom(importedCertNoPvtKey),
    561. 

  561. 		makeValidSecretManagerTestCaseCustom(setSecretPublicCert),
    562. 

  562. 		makeValidSecretManagerTestCaseCustom(badSecretPublicCert),
    563. 

  563. 		makeValidSecretManagerTestCaseCustom(setSecretPrivateCert),
    564. 

  564. 		makeValidSecretManagerTestCaseCustom(badSecretPrivateCert),
    565. 

  565. 		makeValidSecretManagerTestCaseCustom(setSecretIamByNameNew),
    566. 

  566. 		makeValidSecretManagerTestCaseCustom(setSecretSrvCredByID),
    567. 

  567. 	}
    568. 

  568. 

  569. 	sm := providerIBM{}
    570. 

  570. 	for _, v := range successCases {
    571. 

  571. 		t.Run(v.name, func(t *testing.T) {
    572. 

  572. 			sm.IBMClient = v.mockClient
    573. 

  573. 			out, err := sm.GetSecret(context.Background(), *v.ref)
    574. 

  574. 			if !ErrorContains(err, v.expectError) {
    575. 

  575. 				t.Errorf("unexpected error:\n%s, expected:\n'%s'", err.Error(), v.expectError)
    576. 

  576. 			}
    577. 

  577. 			if string(out) != v.expectedSecret {
    578. 

  578. 				t.Errorf("unexpected secret: expected:\n%s\ngot:\n%s", v.expectedSecret, string(out))
    579. 

  579. 			}
    580. 

  580. 		})
    581. 

  581. 	}
    582. 

  582. }
    583. 

  583. 

  584. func TestGetSecretMap(t *testing.T) {
    585. 

  585. 	secretUsername := "user1"
    586. 

  586. 	secretPassword := "P@ssw0rd"
    587. 

  587. 	secretAPIKey := "01234567890"
    588. 

  588. 	nilValue := "<nil>"
    589. 

  589. 	secretCertificate := "certificate_value"
    590. 

  590. 	secretPrivateKey := "private_key_value"
    591. 

  591. 	secretIntermediate := "intermediate_value"
    592. 

  592. 	timeValue := "0001-01-01T00:00:00.000Z"
    593. 

  593. 

  594. 	secretComplex := map[string]any{
    595. 

  595. 		"key1": "val1",
    596. 

  596. 		"key2": "val2",
    597. 

  597. 		"keyC": map[string]any{
    598. 

  598. 			"keyC1": map[string]string{
    599. 

  599. 				"keyA": "valA",
    600. 

  600. 				"keyB": "valB",
    601. 

  601. 			},
    602. 

  602. 		},
    603. 

  603. 	}
    604. 

  604. 

  605. 	dummySrvCreds := &sm.ServiceCredentialsSecretCredentials{
    606. 

  606. 		Apikey: &secretAPIKey,
    607. 

  607. 	}
    608. 

  608. 

  609. 	// good case: arbitrary
    610. 

  610. 	setArbitrary := func(smtc *secretManagerTestCase) {
    611. 

  611. 		payload := `{"foo":"bar"}`
    612. 

  612. 		secret := &sm.ArbitrarySecret{
    613. 

  613. 			Name:       utilpointer.To("testyname"),
    614. 

  614. 			ID:         utilpointer.To(secretUUID),
    615. 

  615. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    616. 

  616. 			Payload:    &payload,
    617. 

  617. 		}
    618. 

  618. 		smtc.name = "good case: arbitrary"
    619. 

  619. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    620. 

  620. 		smtc.apiOutput = secret
    621. 

  621. 		smtc.ref.Key = secretUUID
    622. 

  622. 		smtc.expectedData["arbitrary"] = []byte(payload)
    623. 

  623. 	}
    624. 

  624. 

  625. 	// good case: username_password
    626. 

  626. 	setSecretUserPass := func(smtc *secretManagerTestCase) {
    627. 

  627. 		secret := &sm.UsernamePasswordSecret{
    628. 

  628. 			Name:       utilpointer.To("testyname"),
    629. 

  629. 			ID:         utilpointer.To(secretUUID),
    630. 

  630. 			SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    631. 

  631. 			Username:   &secretUsername,
    632. 

  632. 			Password:   &secretPassword,
    633. 

  633. 		}
    634. 

  634. 		smtc.name = "good case: username_password"
    635. 

  635. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    636. 

  636. 		smtc.apiOutput = secret
    637. 

  637. 		smtc.ref.Key = "username_password/" + secretUUID
    638. 

  638. 		smtc.expectedData["username"] = []byte(secretUsername)
    639. 

  639. 		smtc.expectedData["password"] = []byte(secretPassword)
    640. 

  640. 	}
    641. 

  641. 

  642. 	// good case: iam_credentials
    643. 

  643. 	setSecretIam := func(smtc *secretManagerTestCase) {
    644. 

  644. 		secret := &sm.IAMCredentialsSecret{
    645. 

  645. 			Name:       utilpointer.To("testyname"),
    646. 

  646. 			ID:         utilpointer.To(secretUUID),
    647. 

  647. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    648. 

  648. 			ApiKey:     utilpointer.To(secretAPIKey),
    649. 

  649. 		}
    650. 

  650. 		smtc.name = "good case: iam_credentials"
    651. 

  651. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    652. 

  652. 		smtc.apiOutput = secret
    653. 

  653. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    654. 

  654. 		smtc.expectedData["apikey"] = []byte(secretAPIKey)
    655. 

  655. 	}
    656. 

  656. 

  657. 	// good case: iam_credentials by name using new mechanism
    658. 

  658. 	setSecretIamByName := func(smtc *secretManagerTestCase) {
    659. 

  659. 		secret := &sm.IAMCredentialsSecret{
    660. 

  660. 			Name:       utilpointer.To("testyname"),
    661. 

  661. 			ID:         utilpointer.To(secretUUID),
    662. 

  662. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    663. 

  663. 			ApiKey:     utilpointer.To(secretAPIKey),
    664. 

  664. 		}
    665. 

  665. 		smtc.name = "good case: iam_credentials by name using new mechanism"
    666. 

  666. 		smtc.getByNameInput.Name = utilpointer.To("testyname")
    667. 

  667. 		smtc.getByNameInput.SecretGroupName = utilpointer.To("groupName")
    668. 

  668. 		smtc.getByNameInput.SecretType = utilpointer.To(sm.Secret_SecretType_IamCredentials)
    669. 

  669. 

  670. 		smtc.getByNameOutput = secret
    671. 

  671. 		smtc.apiOutput = secret
    672. 

  672. 		smtc.ref.Key = "groupName/" + iamCredentialsSecret + "testyname"
    673. 

  673. 		smtc.expectedData["apikey"] = []byte(secretAPIKey)
    674. 

  674. 	}
    675. 

  675. 

  676. 	// bad case: iam_credentials of a destroyed secret
    677. 

  677. 	badSecretIam := func(smtc *secretManagerTestCase) {
    678. 

  678. 		secret := &sm.IAMCredentialsSecret{
    679. 

  679. 			Name:       utilpointer.To("testyname"),
    680. 

  680. 			ID:         utilpointer.To(secretUUID),
    681. 

  681. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    682. 

  682. 		}
    683. 

  683. 		smtc.name = "bad case: iam_credentials of a destroyed secret"
    684. 

  684. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    685. 

  685. 		smtc.apiOutput = secret
    686. 

  686. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    687. 

  687. 		smtc.expectError = "key api_key does not exist in secret " + secretUUID
    688. 

  688. 	}
    689. 

  689. 

  690. 	funcCertTest := func(secret sm.SecretIntf, name, certType string) func(*secretManagerTestCase) {
    691. 

  691. 		return func(smtc *secretManagerTestCase) {
    692. 

  692. 			smtc.name = name
    693. 

  693. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    694. 

  694. 			smtc.apiOutput = secret
    695. 

  695. 			smtc.ref.Key = certType + "/" + secretUUID
    696. 

  696. 			smtc.expectedData["certificate"] = []byte(secretCertificate)
    697. 

  697. 			smtc.expectedData["private_key"] = []byte(secretPrivateKey)
    698. 

  698. 			smtc.expectedData["intermediate"] = []byte(secretIntermediate)
    699. 

  699. 		}
    700. 

  700. 	}
    701. 

  701. 

  702. 	// good case: service_credentials
    703. 

  703. 	setSecretSrvCreds := func(smtc *secretManagerTestCase) {
    704. 

  704. 		secret := &sm.ServiceCredentialsSecret{
    705. 

  705. 			Name:        utilpointer.To("testyname"),
    706. 

  706. 			ID:          utilpointer.To(secretUUID),
    707. 

  707. 			SecretType:  utilpointer.To(sm.Secret_SecretType_IamCredentials),
    708. 

  708. 			Credentials: dummySrvCreds,
    709. 

  709. 		}
    710. 

  710. 		smtc.name = "good case: service_credentials"
    711. 

  711. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    712. 

  712. 		smtc.apiOutput = secret
    713. 

  713. 		smtc.ref.Key = "service_credentials/" + secretUUID
    714. 

  714. 		smtc.expectedData["credentials"] = []byte(fmt.Sprintf("%+v", map[string]string{"apikey": secretAPIKey}))
    715. 

  715. 	}
    716. 

  716. 

  717. 	// good case: imported_cert
    718. 

  718. 	importedCert := &sm.ImportedCertificate{
    719. 

  719. 		SecretType:   utilpointer.To(sm.Secret_SecretType_ImportedCert),
    720. 

  720. 		Name:         utilpointer.To("testyname"),
    721. 

  721. 		ID:           utilpointer.To(secretUUID),
    722. 

  722. 		Certificate:  utilpointer.To(secretCertificate),
    723. 

  723. 		Intermediate: utilpointer.To(secretIntermediate),
    724. 

  724. 		PrivateKey:   utilpointer.To(secretPrivateKey),
    725. 

  725. 	}
    726. 

  726. 	setSecretCert := funcCertTest(importedCert, "good case: imported_cert", sm.Secret_SecretType_ImportedCert)
    727. 

  727. 

  728. 	// good case: public_cert
    729. 

  729. 	publicCert := &sm.PublicCertificate{
    730. 

  730. 		SecretType:   utilpointer.To(sm.Secret_SecretType_PublicCert),
    731. 

  731. 		Name:         utilpointer.To("testyname"),
    732. 

  732. 		ID:           utilpointer.To(secretUUID),
    733. 

  733. 		Certificate:  utilpointer.To(secretCertificate),
    734. 

  734. 		Intermediate: utilpointer.To(secretIntermediate),
    735. 

  735. 		PrivateKey:   utilpointer.To(secretPrivateKey),
    736. 

  736. 	}
    737. 

  737. 	setSecretPublicCert := funcCertTest(publicCert, "good case: public_cert", sm.Secret_SecretType_PublicCert)
    738. 

  738. 

  739. 	// good case: private_cert
    740. 

  740. 	setSecretPrivateCert := func(smtc *secretManagerTestCase) {
    741. 

  741. 		secret := &sm.PrivateCertificate{
    742. 

  742. 			Name:        utilpointer.To("testyname"),
    743. 

  743. 			ID:          utilpointer.To(secretUUID),
    744. 

  744. 			SecretType:  utilpointer.To(sm.Secret_SecretType_PrivateCert),
    745. 

  745. 			Certificate: &secretCertificate,
    746. 

  746. 			PrivateKey:  &secretPrivateKey,
    747. 

  747. 		}
    748. 

  748. 		smtc.name = "good case: private_cert"
    749. 

  749. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    750. 

  750. 		smtc.apiOutput = secret
    751. 

  751. 		smtc.ref.Key = "private_cert/" + secretUUID
    752. 

  752. 		smtc.expectedData["certificate"] = []byte(secretCertificate)
    753. 

  753. 		smtc.expectedData["private_key"] = []byte(secretPrivateKey)
    754. 

  754. 	}
    755. 

  755. 

  756. 	// good case: arbitrary with metadata
    757. 

  757. 	setArbitraryWithMetadata := func(smtc *secretManagerTestCase) {
    758. 

  758. 		payload := `{"foo":"bar"}`
    759. 

  759. 		secret := &sm.ArbitrarySecret{
    760. 

  760. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    761. 

  761. 			CreatedAt:  &strfmt.DateTime{},
    762. 

  762. 			Downloaded: utilpointer.To(false),
    763. 

  763. 			Labels:     []string{"abc", "def", "xyz"},
    764. 

  764. 			LocksTotal: utilpointer.To(int64(20)),
    765. 

  765. 			Payload:    &payload,
    766. 

  766. 		}
    767. 

  767. 		smtc.name = "good case: arbitrary with metadata"
    768. 

  768. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    769. 

  769. 		smtc.apiOutput = secret
    770. 

  770. 		smtc.ref.Key = secretUUID
    771. 

  771. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    772. 

  772. 		smtc.expectedData = map[string][]byte{
    773. 

  773. 			"arbitrary":       []byte(payload),
    774. 

  774. 			"created_at":      []byte(timeValue),
    775. 

  775. 			"created_by":      []byte(*secret.CreatedBy),
    776. 

  776. 			"crn":             []byte(nilValue),
    777. 

  777. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    778. 

  778. 			"id":              []byte(nilValue),
    779. 

  779. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    780. 

  780. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    781. 

  781. 			"payload":         []byte(payload),
    782. 

  782. 			"secret_group_id": []byte(nilValue),
    783. 

  783. 			"secret_type":     []byte(nilValue),
    784. 

  784. 			"updated_at":      []byte(nilValue),
    785. 

  785. 			"versions_total":  []byte(nilValue),
    786. 

  786. 		}
    787. 

  787. 	}
    788. 

  788. 

  789. 	// good case: iam_credentials with metadata
    790. 

  790. 	setSecretIamWithMetadata := func(smtc *secretManagerTestCase) {
    791. 

  791. 		secret := &sm.IAMCredentialsSecret{
    792. 

  792. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    793. 

  793. 			CreatedAt:  &strfmt.DateTime{},
    794. 

  794. 			Downloaded: utilpointer.To(false),
    795. 

  795. 			Labels:     []string{"abc", "def", "xyz"},
    796. 

  796. 			LocksTotal: utilpointer.To(int64(20)),
    797. 

  797. 			ApiKey:     utilpointer.To(secretAPIKey),
    798. 

  798. 		}
    799. 

  799. 		smtc.name = "good case: iam_credentials with metadata"
    800. 

  800. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    801. 

  801. 		smtc.apiOutput = secret
    802. 

  802. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    803. 

  803. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    804. 

  804. 		smtc.expectedData = map[string][]byte{
    805. 

  805. 			"api_key":         []byte(secretAPIKey),
    806. 

  806. 			"apikey":          []byte(secretAPIKey),
    807. 

  807. 			"created_at":      []byte(timeValue),
    808. 

  808. 			"created_by":      []byte(*secret.CreatedBy),
    809. 

  809. 			"crn":             []byte(nilValue),
    810. 

  810. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    811. 

  811. 			"id":              []byte(nilValue),
    812. 

  812. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    813. 

  813. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    814. 

  814. 			"reuse_api_key":   []byte(nilValue),
    815. 

  815. 			"secret_group_id": []byte(nilValue),
    816. 

  816. 			"secret_type":     []byte(nilValue),
    817. 

  817. 			"ttl":             []byte(nilValue),
    818. 

  818. 			"updated_at":      []byte(nilValue),
    819. 

  819. 			"versions_total":  []byte(nilValue),
    820. 

  820. 		}
    821. 

  821. 	}
    822. 

  822. 

  823. 	// "good case: username_password with metadata
    824. 

  824. 	setSecretUserPassWithMetadata := func(smtc *secretManagerTestCase) {
    825. 

  825. 		secret := &sm.UsernamePasswordSecret{
    826. 

  826. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    827. 

  827. 			CreatedAt:  &strfmt.DateTime{},
    828. 

  828. 			Downloaded: utilpointer.To(false),
    829. 

  829. 			Labels:     []string{"abc", "def", "xyz"},
    830. 

  830. 			LocksTotal: utilpointer.To(int64(20)),
    831. 

  831. 			Username:   &secretUsername,
    832. 

  832. 			Password:   &secretPassword,
    833. 

  833. 		}
    834. 

  834. 		smtc.name = "good case: username_password with metadata"
    835. 

  835. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    836. 

  836. 		smtc.apiOutput = secret
    837. 

  837. 		smtc.ref.Key = "username_password/" + secretUUID
    838. 

  838. 		smtc.expectedData["username"] = []byte(secretUsername)
    839. 

  839. 		smtc.expectedData["password"] = []byte(secretPassword)
    840. 

  840. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    841. 

  841. 		smtc.expectedData = map[string][]byte{
    842. 

  842. 			"created_at":      []byte(timeValue),
    843. 

  843. 			"created_by":      []byte(*secret.CreatedBy),
    844. 

  844. 			"crn":             []byte(nilValue),
    845. 

  845. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    846. 

  846. 			"id":              []byte(nilValue),
    847. 

  847. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    848. 

  848. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    849. 

  849. 			"password":        []byte(secretPassword),
    850. 

  850. 			"rotation":        []byte(nilValue),
    851. 

  851. 			"secret_group_id": []byte(nilValue),
    852. 

  852. 			"secret_type":     []byte(nilValue),
    853. 

  853. 			"updated_at":      []byte(nilValue),
    854. 

  854. 			"username":        []byte(secretUsername),
    855. 

  855. 			"versions_total":  []byte(nilValue),
    856. 

  856. 		}
    857. 

  857. 	}
    858. 

  858. 

  859. 	// good case: imported_cert with metadata
    860. 

  860. 	setimportedCertWithMetadata := func(smtc *secretManagerTestCase) {
    861. 

  861. 		secret := &sm.ImportedCertificate{
    862. 

  862. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    863. 

  863. 			CreatedAt:    &strfmt.DateTime{},
    864. 

  864. 			Downloaded:   utilpointer.To(false),
    865. 

  865. 			Labels:       []string{"abc", "def", "xyz"},
    866. 

  866. 			LocksTotal:   utilpointer.To(int64(20)),
    867. 

  867. 			Certificate:  utilpointer.To(secretCertificate),
    868. 

  868. 			Intermediate: utilpointer.To(secretIntermediate),
    869. 

  869. 			PrivateKey:   utilpointer.To(secretPrivateKey),
    870. 

  870. 		}
    871. 

  871. 		smtc.name = "good case: imported_cert with metadata"
    872. 

  872. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    873. 

  873. 		smtc.apiOutput = secret
    874. 

  874. 		smtc.ref.Key = "imported_cert" + "/" + secretUUID
    875. 

  875. 

  876. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    877. 

  877. 		smtc.expectedData = map[string][]byte{
    878. 

  878. 			"certificate":     []byte(secretCertificate),
    879. 

  879. 			"created_at":      []byte(timeValue),
    880. 

  880. 			"created_by":      []byte(*secret.CreatedBy),
    881. 

  881. 			"crn":             []byte(nilValue),
    882. 

  882. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    883. 

  883. 			"id":              []byte(nilValue),
    884. 

  884. 			"intermediate":    []byte(secretIntermediate),
    885. 

  885. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    886. 

  886. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    887. 

  887. 			"private_key":     []byte(secretPrivateKey),
    888. 

  888. 			"secret_group_id": []byte(nilValue),
    889. 

  889. 			"secret_type":     []byte(nilValue),
    890. 

  890. 			"updated_at":      []byte(nilValue),
    891. 

  891. 			"versions_total":  []byte(nilValue),
    892. 

  892. 		}
    893. 

  893. 	}
    894. 

  894. 

  895. 	// good case: imported_cert without a private_key
    896. 

  896. 	setimportedCertWithNoPvtKey := func(smtc *secretManagerTestCase) {
    897. 

  897. 		secret := &sm.ImportedCertificate{
    898. 

  898. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    899. 

  899. 			CreatedAt:    &strfmt.DateTime{},
    900. 

  900. 			Downloaded:   utilpointer.To(false),
    901. 

  901. 			Labels:       []string{"abc", "def", "xyz"},
    902. 

  902. 			LocksTotal:   utilpointer.To(int64(20)),
    903. 

  903. 			Certificate:  utilpointer.To(secretCertificate),
    904. 

  904. 			Intermediate: utilpointer.To(secretIntermediate),
    905. 

  905. 		}
    906. 

  906. 		smtc.name = "good case: imported_cert without private key"
    907. 

  907. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    908. 

  908. 		smtc.apiOutput = secret
    909. 

  909. 		smtc.ref.Key = "imported_cert/" + secretUUID
    910. 

  910. 

  911. 		smtc.expectedData = map[string][]byte{
    912. 

  912. 			"certificate":  []byte(secretCertificate),
    913. 

  913. 			"intermediate": []byte(secretIntermediate),
    914. 

  914. 			"private_key":  []byte(""),
    915. 

  915. 		}
    916. 

  916. 	}
    917. 

  917. 

  918. 	// good case: public_cert with metadata
    919. 

  919. 	setPublicCertWithMetadata := func(smtc *secretManagerTestCase) {
    920. 

  920. 		secret := &sm.PublicCertificate{
    921. 

  921. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    922. 

  922. 			CreatedAt:    &strfmt.DateTime{},
    923. 

  923. 			Downloaded:   utilpointer.To(false),
    924. 

  924. 			Labels:       []string{"abc", "def", "xyz"},
    925. 

  925. 			LocksTotal:   utilpointer.To(int64(20)),
    926. 

  926. 			Certificate:  utilpointer.To(secretCertificate),
    927. 

  927. 			Intermediate: utilpointer.To(secretIntermediate),
    928. 

  928. 			PrivateKey:   utilpointer.To(secretPrivateKey),
    929. 

  929. 		}
    930. 

  930. 		smtc.name = "good case: public_cert with metadata"
    931. 

  931. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    932. 

  932. 		smtc.apiOutput = secret
    933. 

  933. 		smtc.ref.Key = "public_cert" + "/" + secretUUID
    934. 

  934. 

  935. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    936. 

  936. 		smtc.expectedData = map[string][]byte{
    937. 

  937. 			"certificate":     []byte(secretCertificate),
    938. 

  938. 			"created_at":      []byte(timeValue),
    939. 

  939. 			"created_by":      []byte(*secret.CreatedBy),
    940. 

  940. 			"crn":             []byte(nilValue),
    941. 

  941. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    942. 

  942. 			"id":              []byte(nilValue),
    943. 

  943. 			"intermediate":    []byte(secretIntermediate),
    944. 

  944. 			"key_algorithm":   []byte(nilValue),
    945. 

  945. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    946. 

  946. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    947. 

  947. 			"private_key":     []byte(secretPrivateKey),
    948. 

  948. 			"rotation":        []byte(nilValue),
    949. 

  949. 			"secret_group_id": []byte(nilValue),
    950. 

  950. 			"secret_type":     []byte(nilValue),
    951. 

  951. 			"updated_at":      []byte(nilValue),
    952. 

  952. 			"versions_total":  []byte(nilValue),
    953. 

  953. 		}
    954. 

  954. 	}
    955. 

  955. 

  956. 	// good case: private_cert with metadata
    957. 

  957. 	setPrivateCertWithMetadata := func(smtc *secretManagerTestCase) {
    958. 

  958. 		secret := &sm.PrivateCertificate{
    959. 

  959. 			CreatedBy:   utilpointer.To("testCreatedBy"),
    960. 

  960. 			CreatedAt:   &strfmt.DateTime{},
    961. 

  961. 			Downloaded:  utilpointer.To(false),
    962. 

  962. 			Labels:      []string{"abc", "def", "xyz"},
    963. 

  963. 			LocksTotal:  utilpointer.To(int64(20)),
    964. 

  964. 			Certificate: utilpointer.To(secretCertificate),
    965. 

  965. 			PrivateKey:  utilpointer.To(secretPrivateKey),
    966. 

  966. 		}
    967. 

  967. 		smtc.name = "good case: private_cert with metadata"
    968. 

  968. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    969. 

  969. 		smtc.apiOutput = secret
    970. 

  970. 		smtc.ref.Key = "private_cert" + "/" + secretUUID
    971. 

  971. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    972. 

  972. 		smtc.expectedData = map[string][]byte{
    973. 

  973. 			"certificate":          []byte(secretCertificate),
    974. 

  974. 			"certificate_template": []byte(nilValue),
    975. 

  975. 			"common_name":          []byte(nilValue),
    976. 

  976. 			"created_at":           []byte(timeValue),
    977. 

  977. 			"created_by":           []byte(*secret.CreatedBy),
    978. 

  978. 			"crn":                  []byte(nilValue),
    979. 

  979. 			"downloaded":           []byte(strconv.FormatBool(*secret.Downloaded)),
    980. 

  980. 			"expiration_date":      []byte(nilValue),
    981. 

  981. 			"id":                   []byte(nilValue),
    982. 

  982. 			"issuer":               []byte(nilValue),
    983. 

  983. 			"labels":               []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    984. 

  984. 			"locks_total":          []byte(strconv.Itoa(int(*secret.LocksTotal))),
    985. 

  985. 			"private_key":          []byte(secretPrivateKey),
    986. 

  986. 			"secret_group_id":      []byte(nilValue),
    987. 

  987. 			"secret_type":          []byte(nilValue),
    988. 

  988. 			"serial_number":        []byte(nilValue),
    989. 

  989. 			"signing_algorithm":    []byte(nilValue),
    990. 

  990. 			"updated_at":           []byte(nilValue),
    991. 

  991. 			"validity":             []byte(nilValue),
    992. 

  992. 			"versions_total":       []byte(nilValue),
    993. 

  993. 		}
    994. 

  994. 	}
    995. 

  995. 

  996. 	// good case: kv with property and metadata
    997. 

  997. 	setSecretKVWithMetadata := func(smtc *secretManagerTestCase) {
    998. 

  998. 		secret := &sm.KVSecret{
    999. 

  999. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    1000. 

  1000. 			CreatedAt:  &strfmt.DateTime{},
    1001. 

  1001. 			Downloaded: utilpointer.To(false),
    1002. 

  1002. 			Labels:     []string{"abc", "def", "xyz"},
    1003. 

  1003. 			LocksTotal: utilpointer.To(int64(20)),
    1004. 

  1004. 			Data:       secretComplex,
    1005. 

  1005. 		}
    1006. 

  1006. 		smtc.name = "good case: kv, with property and with metadata"
    1007. 

  1007. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1008. 

  1008. 		smtc.apiOutput = secret
    1009. 

  1009. 		smtc.ref.Key = "kv/" + secretUUID
    1010. 

  1010. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    1011. 

  1011. 		smtc.expectedData = map[string][]byte{
    1012. 

  1012. 			"created_at":      []byte(timeValue),
    1013. 

  1013. 			"created_by":      []byte(*secret.CreatedBy),
    1014. 

  1014. 			"crn":             []byte(nilValue),
    1015. 

  1015. 			"data":            []byte("map[key1:val1 key2:val2 keyC:map[keyC1:map[keyA:valA keyB:valB]]]"),
    1016. 

  1016. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    1017. 

  1017. 			"id":              []byte(nilValue),
    1018. 

  1018. 			"key1":            []byte("val1"),
    1019. 

  1019. 			"key2":            []byte("val2"),
    1020. 

  1020. 			"keyC":            []byte(`{"keyC1":{"keyA":"valA","keyB":"valB"}}`),
    1021. 

  1021. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    1022. 

  1022. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    1023. 

  1023. 			"secret_group_id": []byte(nilValue),
    1024. 

  1024. 			"secret_type":     []byte(nilValue),
    1025. 

  1025. 			"updated_at":      []byte(nilValue),
    1026. 

  1026. 			"versions_total":  []byte(nilValue),
    1027. 

  1027. 		}
    1028. 

  1028. 	}
    1029. 

  1029. 

  1030. 	// good case: iam_credentials without metadata
    1031. 

  1031. 	setSecretIamWithoutMetadata := func(smtc *secretManagerTestCase) {
    1032. 

  1032. 		secret := &sm.IAMCredentialsSecret{
    1033. 

  1033. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    1034. 

  1034. 			CreatedAt:  &strfmt.DateTime{},
    1035. 

  1035. 			Downloaded: utilpointer.To(false),
    1036. 

  1036. 			Labels:     []string{"abc", "def", "xyz"},
    1037. 

  1037. 			LocksTotal: utilpointer.To(int64(20)),
    1038. 

  1038. 			ApiKey:     utilpointer.To(secretAPIKey),
    1039. 

  1039. 		}
    1040. 

  1040. 		smtc.name = "good case: iam_credentials without metadata"
    1041. 

  1041. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    1042. 

  1042. 		smtc.apiOutput = secret
    1043. 

  1043. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    1044. 

  1044. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyNone
    1045. 

  1045. 		smtc.expectedData = map[string][]byte{
    1046. 

  1046. 			"apikey": []byte(secretAPIKey),
    1047. 

  1047. 		}
    1048. 

  1048. 	}
    1049. 

  1049. 

  1050. 	secretKeyKV := "kv/" + secretUUID
    1051. 

  1051. 	// good case: kv, no property, return entire payload as key:value pairs
    1052. 

  1052. 	setSecretKV := func(smtc *secretManagerTestCase) {
    1053. 

  1053. 		secret := &sm.KVSecret{
    1054. 

  1054. 			Name:       utilpointer.To("testyname"),
    1055. 

  1055. 			ID:         utilpointer.To(secretUUID),
    1056. 

  1056. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1057. 

  1057. 			Data:       secretComplex,
    1058. 

  1058. 		}
    1059. 

  1059. 		smtc.name = "good case: kv, no property, return entire payload as key:value pairs"
    1060. 

  1060. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1061. 

  1061. 		smtc.apiOutput = secret
    1062. 

  1062. 		smtc.ref.Key = secretKeyKV
    1063. 

  1063. 		smtc.expectedData["key1"] = []byte("val1")
    1064. 

  1064. 		smtc.expectedData["key2"] = []byte("val2")
    1065. 

  1065. 		smtc.expectedData["keyC"] = []byte(`{"keyC1":{"keyA":"valA","keyB":"valB"}}`)
    1066. 

  1066. 	}
    1067. 

  1067. 

  1068. 	// good case: kv, with property
    1069. 

  1069. 	setSecretKVWithProperty := func(smtc *secretManagerTestCase) {
    1070. 

  1070. 		secret := &sm.KVSecret{
    1071. 

  1071. 			Name:       utilpointer.To("d5deb37a-7883-4fe2-a5e7-3c15420adc76"),
    1072. 

  1072. 			ID:         utilpointer.To(secretUUID),
    1073. 

  1073. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1074. 

  1074. 			Data:       secretComplex,
    1075. 

  1075. 		}
    1076. 

  1076. 		smtc.name = "good case: kv, with property"
    1077. 

  1077. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1078. 

  1078. 		smtc.ref.Property = "keyC"
    1079. 

  1079. 		smtc.apiOutput = secret
    1080. 

  1080. 		smtc.ref.Key = secretKeyKV
    1081. 

  1081. 		smtc.expectedData["keyC1"] = []byte(`{"keyA":"valA","keyB":"valB"}`)
    1082. 

  1082. 	}
    1083. 

  1083. 

  1084. 	// good case: kv, with property and path
    1085. 

  1085. 	setSecretKVWithPathAndProperty := func(smtc *secretManagerTestCase) {
    1086. 

  1086. 		secret := &sm.KVSecret{
    1087. 

  1087. 			Name:       utilpointer.To(secretUUID),
    1088. 

  1088. 			ID:         utilpointer.To(secretUUID),
    1089. 

  1089. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1090. 

  1090. 			Data:       secretComplex,
    1091. 

  1091. 		}
    1092. 

  1092. 		smtc.name = "good case: kv, with property and path"
    1093. 

  1093. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1094. 

  1094. 		smtc.ref.Property = "keyC.keyC1"
    1095. 

  1095. 		smtc.apiOutput = secret
    1096. 

  1096. 		smtc.ref.Key = secretKeyKV
    1097. 

  1097. 		smtc.expectedData["keyA"] = []byte("valA")
    1098. 

  1098. 		smtc.expectedData["keyB"] = []byte("valB")
    1099. 

  1099. 	}
    1100. 

  1100. 

  1101. 	// bad case: kv, with property and path
    1102. 

  1102. 	badSecretKVWithUnknownProperty := func(smtc *secretManagerTestCase) {
    1103. 

  1103. 		secret := &sm.KVSecret{
    1104. 

  1104. 			Name:       utilpointer.To("testyname"),
    1105. 

  1105. 			ID:         utilpointer.To(secretUUID),
    1106. 

  1106. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1107. 

  1107. 			Data:       secretComplex,
    1108. 

  1108. 		}
    1109. 

  1109. 		smtc.name = "bad case: kv, with property and path"
    1110. 

  1110. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1111. 

  1111. 		smtc.ref.Property = "unknown.property"
    1112. 

  1112. 		smtc.apiOutput = secret
    1113. 

  1113. 		smtc.ref.Key = secretKeyKV
    1114. 

  1114. 		smtc.expectError = "key unknown.property does not exist in secret " + secretKeyKV
    1115. 

  1115. 	}
    1116. 

  1116. 

  1117. 	successCases := []*secretManagerTestCase{
    1118. 

  1118. 		makeValidSecretManagerTestCaseCustom(badSecretIam),
    1119. 

  1119. 		makeValidSecretManagerTestCaseCustom(setSecretSrvCreds),
    1120. 

  1120. 		makeValidSecretManagerTestCaseCustom(setArbitrary),
    1121. 

  1121. 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
    1122. 

  1122. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    1123. 

  1123. 		makeValidSecretManagerTestCaseCustom(setSecretUserPass),
    1124. 

  1124. 		makeValidSecretManagerTestCaseCustom(setSecretIam),
    1125. 

  1125. 		makeValidSecretManagerTestCaseCustom(setSecretCert),
    1126. 

  1126. 		makeValidSecretManagerTestCaseCustom(setSecretKV),
    1127. 

  1127. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithProperty),
    1128. 

  1128. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithPathAndProperty),
    1129. 

  1129. 		makeValidSecretManagerTestCaseCustom(badSecretKVWithUnknownProperty),
    1130. 

  1130. 		makeValidSecretManagerTestCaseCustom(setSecretPublicCert),
    1131. 

  1131. 		makeValidSecretManagerTestCaseCustom(setSecretPrivateCert),
    1132. 

  1132. 		makeValidSecretManagerTestCaseCustom(setimportedCertWithNoPvtKey),
    1133. 

  1133. 		makeValidSecretManagerTestCaseCustom(setSecretIamWithMetadata),
    1134. 

  1134. 		makeValidSecretManagerTestCaseCustom(setArbitraryWithMetadata),
    1135. 

  1135. 		makeValidSecretManagerTestCaseCustom(setSecretUserPassWithMetadata),
    1136. 

  1136. 		makeValidSecretManagerTestCaseCustom(setimportedCertWithMetadata),
    1137. 

  1137. 		makeValidSecretManagerTestCaseCustom(setPublicCertWithMetadata),
    1138. 

  1138. 		makeValidSecretManagerTestCaseCustom(setPrivateCertWithMetadata),
    1139. 

  1139. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithMetadata),
    1140. 

  1140. 		makeValidSecretManagerTestCaseCustom(setSecretIamWithoutMetadata),
    1141. 

  1141. 		makeValidSecretManagerTestCaseCustom(setSecretIamByName),
    1142. 

  1142. 	}
    1143. 

  1143. 

  1144. 	sm := providerIBM{}
    1145. 

  1145. 	for _, v := range successCases {
    1146. 

  1146. 		t.Run(v.name, func(t *testing.T) {
    1147. 

  1147. 			sm.IBMClient = v.mockClient
    1148. 

  1148. 			out, err := sm.GetSecretMap(context.Background(), *v.ref)
    1149. 

  1149. 			if !ErrorContains(err, v.expectError) {
    1150. 

  1150. 				t.Errorf("unexpected error: %s, expected: '%s'", err.Error(), v.expectError)
    1151. 

  1151. 			}
    1152. 

  1152. 			if err == nil && !reflect.DeepEqual(out, v.expectedData) {
    1153. 

  1153. 				// Add some debug logs because t.Errorf is hard to debug at a glance.
    1154. 

  1154. 				for k, val := range out {
    1155. 

  1155. 					if val2, ok := v.expectedData[k]; !ok {
    1156. 

  1156. 						t.Logf("%s was not in expected data\n", k)
    1157. 

  1157. 					} else if !bytes.Equal(val2, val) {
    1158. 

  1158. 						fmt.Printf("%s did not equal expected value: %s\n", string(val), string(val2))
    1159. 

  1159. 					}
    1160. 

  1160. 				}
    1161. 

  1161. 

  1162. 				for k := range v.expectedData {
    1163. 

  1163. 					if _, ok := out[k]; !ok {
    1164. 

  1164. 						t.Logf("%s expected key was not in out\n", k)
    1165. 

  1165. 					}
    1166. 

  1166. 				}
    1167. 

  1167. 				t.Errorf("unexpected secret data: expected:\n%+v\ngot:\n%+v", v.expectedData, out)
    1168. 

  1168. 			}
    1169. 

  1169. 		})
    1170. 

  1170. 	}
    1171. 

  1171. }
    1172. 

  1172. 

  1173. func TestValidRetryInput(t *testing.T) {
    1174. 

  1174. 	sm := providerIBM{}
    1175. 

  1175. 

  1176. 	invalid := "Invalid"
    1177. 

  1177. 	serviceURL := "http://fake-service-url.cool"
    1178. 

  1178. 

  1179. 	spec := &esv1beta1.SecretStore{
    1180. 

  1180. 		Spec: esv1beta1.SecretStoreSpec{
    1181. 

  1181. 			Provider: &esv1beta1.SecretStoreProvider{
    1182. 

  1182. 				IBM: &esv1beta1.IBMProvider{
    1183. 

  1183. 					Auth: esv1beta1.IBMAuth{
    1184. 

  1184. 						SecretRef: &esv1beta1.IBMAuthSecretRef{
    1185. 

  1185. 							SecretAPIKey: v1.SecretKeySelector{
    1186. 

  1186. 								Name: "fake-secret",
    1187. 

  1187. 								Key:  "fake-key",
    1188. 

  1188. 							},
    1189. 

  1189. 						},
    1190. 

  1190. 					},
    1191. 

  1191. 					ServiceURL: &serviceURL,
    1192. 

  1192. 				},
    1193. 

  1193. 			},
    1194. 

  1194. 			RetrySettings: &esv1beta1.SecretStoreRetrySettings{
    1195. 

  1195. 				RetryInterval: &invalid,
    1196. 

  1196. 			},
    1197. 

  1197. 		},
    1198. 

  1198. 	}
    1199. 

  1199. 

  1200. 	expected := fmt.Sprintf("cannot setup new ibm client: time: invalid duration %q", invalid)
    1201. 

  1201. 	ctx := context.TODO()
    1202. 

  1202. 	kube := clientfake.NewClientBuilder().WithObjects(&corev1.Secret{
    1203. 

  1203. 		ObjectMeta: metav1.ObjectMeta{
    1204. 

  1204. 			Name:      "fake-secret",
    1205. 

  1205. 			Namespace: "default",
    1206. 

  1206. 		},
    1207. 

  1207. 		Data: map[string][]byte{
    1208. 

  1208. 			"fake-key": []byte("ImAFakeApiKey"),
    1209. 

  1209. 		},
    1210. 

  1210. 	}).Build()
    1211. 

  1211. 

  1212. 	_, err := sm.NewClient(ctx, spec, kube, "default")
    1213. 

  1213. 

  1214. 	if !ErrorContains(err, expected) {
    1215. 

  1215. 		t.Errorf("CheckValidRetryInput unexpected error: %s, expected: '%s'", err.Error(), expected)
    1216. 

  1216. 	}
    1217. 

  1217. }
    1218. 

  1218. 

  1219. func ErrorContains(out error, want string) bool {
    1220. 

  1220. 	if out == nil {
    1221. 

  1221. 		return want == ""
    1222. 

  1222. 	}
    1223. 

  1223. 	if want == "" {
    1224. 

  1224. 		return false
    1225. 

  1225. 	}
    1226. 

  1226. 	return strings.Contains(out.Error(), want)
    1227. 

  1227. }
    1228.