Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 952dac515e
Branches Tags
helm-externa...
/
pkg
/
provider
/
ibm
/
provider_test.go

provider_test.go 45 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package ibm
    16. 

  16. 

  17. import (
    18. 

  18. 	"context"
    19. 

  19. 	"encoding/json"
    20. 

  20. 	"errors"
    21. 

  21. 	"fmt"
    22. 

  22. 	"reflect"
    23. 

  23. 	"strconv"
    24. 

  24. 	"strings"
    25. 

  25. 	"testing"
    26. 

  26. 

  27. 	"github.com/IBM/go-sdk-core/v5/core"
    28. 

  28. 	sm "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2"
    29. 

  29. 	"github.com/go-openapi/strfmt"
    30. 

  30. 	corev1 "k8s.io/api/core/v1"
    31. 

  31. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    32. 

  32. 	utilpointer "k8s.io/utils/ptr"
    33. 

  33. 	clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
    34. 

  34. 

  35. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    36. 

  36. 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
    37. 

  37. 	fakesm "github.com/external-secrets/external-secrets/pkg/provider/ibm/fake"
    38. 

  38. )
    39. 

  39. 

  40. const (
    41. 

  41. 	errExpectedErr       = "wanted error got nil"
    42. 

  42. 	secretKey            = "test-secret"
    43. 

  43. 	secretUUID           = "d5deb37a-7883-4fe2-a5e7-3c15420adc76"
    44. 

  44. 	iamCredentialsSecret = "iam_credentials/"
    45. 

  45. )
    46. 

  46. 

  47. type secretManagerTestCase struct {
    48. 

  48. 	name            string
    49. 

  49. 	mockClient      *fakesm.IBMMockClient
    50. 

  50. 	apiInput        *sm.GetSecretOptions
    51. 

  51. 	apiOutput       sm.SecretIntf
    52. 

  52. 	getByNameInput  *sm.GetSecretByNameTypeOptions
    53. 

  53. 	getByNameOutput sm.SecretIntf
    54. 

  54. 	getByNameError  error
    55. 

  55. 	ref             *esv1beta1.ExternalSecretDataRemoteRef
    56. 

  56. 	serviceURL      *string
    57. 

  57. 	apiErr          error
    58. 

  58. 	expectError     string
    59. 

  59. 	expectedSecret  string
    60. 

  60. 	// for testing secretmap
    61. 

  61. 	expectedData map[string][]byte
    62. 

  62. }
    63. 

  63. 

  64. func makeValidSecretManagerTestCase() *secretManagerTestCase {
    65. 

  65. 	smtc := secretManagerTestCase{
    66. 

  66. 		mockClient:      &fakesm.IBMMockClient{},
    67. 

  67. 		apiInput:        makeValidAPIInput(),
    68. 

  68. 		ref:             makeValidRef(),
    69. 

  69. 		apiOutput:       makeValidAPIOutput(),
    70. 

  70. 		getByNameInput:  makeValidGetByNameInput(),
    71. 

  71. 		getByNameOutput: makeValidAPIOutput(),
    72. 

  72. 		getByNameError:  nil,
    73. 

  73. 		serviceURL:      nil,
    74. 

  74. 		apiErr:          nil,
    75. 

  75. 		expectError:     "",
    76. 

  76. 		expectedSecret:  "",
    77. 

  77. 		expectedData:    map[string][]byte{},
    78. 

  78. 	}
    79. 

  79. 	mcParams := fakesm.IBMMockClientParams{
    80. 

  80. 		GetSecretOptions:       smtc.apiInput,
    81. 

  81. 		GetSecretOutput:        smtc.apiOutput,
    82. 

  82. 		GetSecretErr:           smtc.apiErr,
    83. 

  83. 		GetSecretByNameOptions: smtc.getByNameInput,
    84. 

  84. 		GetSecretByNameOutput:  smtc.getByNameOutput,
    85. 

  85. 		GetSecretByNameErr:     smtc.getByNameError,
    86. 

  86. 	}
    87. 

  87. 	smtc.mockClient.WithValue(mcParams)
    88. 

  88. 	return &smtc
    89. 

  89. }
    90. 

  90. 

  91. func makeValidRef() *esv1beta1.ExternalSecretDataRemoteRef {
    92. 

  92. 	return &esv1beta1.ExternalSecretDataRemoteRef{
    93. 

  93. 		Key:     secretUUID,
    94. 

  94. 		Version: "default",
    95. 

  95. 	}
    96. 

  96. }
    97. 

  97. 

  98. func makeValidAPIInput() *sm.GetSecretOptions {
    99. 

  99. 	return &sm.GetSecretOptions{
    100. 

  100. 		ID: utilpointer.To(secretUUID),
    101. 

  101. 	}
    102. 

  102. }
    103. 

  103. 

  104. func makeValidAPIOutput() sm.SecretIntf {
    105. 

  105. 	secret := &sm.Secret{
    106. 

  106. 		SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    107. 

  107. 		Name:       utilpointer.To("testyname"),
    108. 

  108. 		ID:         utilpointer.To(secretUUID),
    109. 

  109. 	}
    110. 

  110. 	var i sm.SecretIntf = secret
    111. 

  111. 	return i
    112. 

  112. }
    113. 

  113. 

  114. func makeValidGetByNameInput() *sm.GetSecretByNameTypeOptions {
    115. 

  115. 	return &sm.GetSecretByNameTypeOptions{}
    116. 

  116. }
    117. 

  117. 

  118. func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTestCase)) *secretManagerTestCase {
    119. 

  119. 	smtc := makeValidSecretManagerTestCase()
    120. 

  120. 	for _, fn := range tweaks {
    121. 

  121. 		fn(smtc)
    122. 

  122. 	}
    123. 

  123. 	mcParams := fakesm.IBMMockClientParams{
    124. 

  124. 		GetSecretOptions:       smtc.apiInput,
    125. 

  125. 		GetSecretOutput:        smtc.apiOutput,
    126. 

  126. 		GetSecretErr:           smtc.apiErr,
    127. 

  127. 		GetSecretByNameOptions: smtc.getByNameInput,
    128. 

  128. 		GetSecretByNameOutput:  smtc.getByNameOutput,
    129. 

  129. 		GetSecretByNameErr:     smtc.apiErr,
    130. 

  130. 	}
    131. 

  131. 	smtc.mockClient.WithValue(mcParams)
    132. 

  132. 	return smtc
    133. 

  133. }
    134. 

  134. 

  135. // This case can be shared by both GetSecret and GetSecretMap tests.
    136. 

  136. // bad case: set apiErr.
    137. 

  137. var setAPIErr = func(smtc *secretManagerTestCase) {
    138. 

  138. 	smtc.apiErr = errors.New("oh no")
    139. 

  139. 	smtc.expectError = "oh no"
    140. 

  140. }
    141. 

  141. 

  142. var setNilMockClient = func(smtc *secretManagerTestCase) {
    143. 

  143. 	smtc.mockClient = nil
    144. 

  144. 	smtc.expectError = errUninitializedIBMProvider
    145. 

  145. }
    146. 

  146. 

  147. // simple tests for Validate Store.
    148. 

  148. func TestValidateStore(t *testing.T) {
    149. 

  149. 	p := providerIBM{}
    150. 

  150. 	store := &esv1beta1.SecretStore{
    151. 

  151. 		Spec: esv1beta1.SecretStoreSpec{
    152. 

  152. 			Provider: &esv1beta1.SecretStoreProvider{
    153. 

  153. 				IBM: &esv1beta1.IBMProvider{},
    154. 

  154. 			},
    155. 

  155. 		},
    156. 

  156. 	}
    157. 

  157. 	_, err := p.ValidateStore(store)
    158. 

  158. 	if err == nil {
    159. 

  159. 		t.Error(errExpectedErr)
    160. 

  160. 	} else if err.Error() != "serviceURL is required" {
    161. 

  161. 		t.Errorf("service URL test failed")
    162. 

  162. 	}
    163. 

  163. 	url := "my-url"
    164. 

  164. 	store.Spec.Provider.IBM.ServiceURL = &url
    165. 

  165. 	_, err = p.ValidateStore(store)
    166. 

  166. 	if err == nil {
    167. 

  167. 		t.Error(errExpectedErr)
    168. 

  168. 	} else if err.Error() != "missing auth method" {
    169. 

  169. 		t.Errorf("KeySelector test failed: expected missing auth method, got %v", err)
    170. 

  170. 	}
    171. 

  171. 	ns := "ns-one"
    172. 

  172. 	store.Spec.Provider.IBM.Auth.SecretRef = &esv1beta1.IBMAuthSecretRef{
    173. 

  173. 		SecretAPIKey: v1.SecretKeySelector{
    174. 

  174. 			Name:      "foo",
    175. 

  175. 			Key:       "bar",
    176. 

  176. 			Namespace: &ns,
    177. 

  177. 		},
    178. 

  178. 	}
    179. 

  179. 	_, err = p.ValidateStore(store)
    180. 

  180. 	if err == nil {
    181. 

  181. 		t.Error(errExpectedErr)
    182. 

  182. 	} else if err.Error() != "namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore" {
    183. 

  183. 		t.Errorf("KeySelector test failed: expected namespace not allowed, got %v", err)
    184. 

  184. 	}
    185. 

  185. 

  186. 	// add container auth test
    187. 

  187. 	store = &esv1beta1.SecretStore{
    188. 

  188. 		Spec: esv1beta1.SecretStoreSpec{
    189. 

  189. 			Provider: &esv1beta1.SecretStoreProvider{
    190. 

  190. 				IBM: &esv1beta1.IBMProvider{
    191. 

  191. 					ServiceURL: &url,
    192. 

  192. 					Auth: esv1beta1.IBMAuth{
    193. 

  193. 						ContainerAuth: &esv1beta1.IBMAuthContainerAuth{
    194. 

  194. 							Profile:       "Trusted IAM Profile",
    195. 

  195. 							TokenLocation: "/a/path/to/nowhere/that/should/exist",
    196. 

  196. 						},
    197. 

  197. 					},
    198. 

  198. 				},
    199. 

  199. 			},
    200. 

  200. 		},
    201. 

  201. 	}
    202. 

  202. 	_, err = p.ValidateStore(store)
    203. 

  203. 	expected := "cannot read container auth token"
    204. 

  204. 	if !ErrorContains(err, expected) {
    205. 

  205. 		t.Errorf("ProfileSelector test failed: %s, expected: '%s'", err.Error(), expected)
    206. 

  206. 	}
    207. 

  207. }
    208. 

  208. 

  209. // test the sm<->gcp interface
    210. 

  210. // make sure correct values are passed and errors are handled accordingly.
    211. 

  211. func TestIBMSecretManagerGetSecret(t *testing.T) {
    212. 

  212. 	secretString := "changedvalue"
    213. 

  213. 	secretUsername := "userName"
    214. 

  214. 	secretPassword := "P@ssw0rd"
    215. 

  215. 	secretAPIKey := "01234567890"
    216. 

  216. 	secretCertificate := "certificate_value"
    217. 

  217. 

  218. 	// good case: default version is set
    219. 

  219. 	// key is passed in, output is sent back
    220. 

  220. 	setSecretString := func(smtc *secretManagerTestCase) {
    221. 

  221. 		secret := &sm.ArbitrarySecret{
    222. 

  222. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    223. 

  223. 			Name:       utilpointer.To("testyname"),
    224. 

  224. 			ID:         utilpointer.To(secretUUID),
    225. 

  225. 			Payload:    &secretString,
    226. 

  226. 		}
    227. 

  227. 		smtc.name = "good case: default version is set"
    228. 

  228. 		smtc.apiOutput = secret
    229. 

  229. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    230. 

  230. 		smtc.expectedSecret = secretString
    231. 

  231. 	}
    232. 

  232. 

  233. 	// good case: custom version set
    234. 

  234. 	setCustomKey := func(smtc *secretManagerTestCase) {
    235. 

  235. 		secret := &sm.ArbitrarySecret{
    236. 

  236. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    237. 

  237. 			Name:       utilpointer.To("testyname"),
    238. 

  238. 			ID:         utilpointer.To(secretUUID),
    239. 

  239. 			Payload:    &secretString,
    240. 

  240. 		}
    241. 

  241. 		smtc.name = "good case: custom version set"
    242. 

  242. 		smtc.ref.Key = "arbitrary/" + secretUUID
    243. 

  243. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    244. 

  244. 		smtc.apiOutput = secret
    245. 

  245. 		smtc.expectedSecret = secretString
    246. 

  246. 	}
    247. 

  247. 

  248. 	// bad case: arbitrary type secret which is destroyed
    249. 

  249. 	badArbitSecret := func(smtc *secretManagerTestCase) {
    250. 

  250. 		secret := &sm.ArbitrarySecret{
    251. 

  251. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    252. 

  252. 			Name:       utilpointer.To("testyname"),
    253. 

  253. 			ID:         utilpointer.To(secretUUID),
    254. 

  254. 		}
    255. 

  255. 		smtc.name = "bad case: arbitrary type without property"
    256. 

  256. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    257. 

  257. 		smtc.apiOutput = secret
    258. 

  258. 		smtc.ref.Key = secretUUID
    259. 

  259. 		smtc.expectError = "key payload does not exist in secret " + secretUUID
    260. 

  260. 	}
    261. 

  261. 

  262. 	// bad case: username_password type without property
    263. 

  263. 	secretUserPass := "username_password/" + secretUUID
    264. 

  264. 	badSecretUserPass := func(smtc *secretManagerTestCase) {
    265. 

  265. 		secret := &sm.UsernamePasswordSecret{
    266. 

  266. 			SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    267. 

  267. 			Name:       utilpointer.To("testyname"),
    268. 

  268. 			ID:         utilpointer.To(secretUUID),
    269. 

  269. 			Username:   &secretUsername,
    270. 

  270. 			Password:   &secretPassword,
    271. 

  271. 		}
    272. 

  272. 		smtc.name = "bad case: username_password type without property"
    273. 

  273. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    274. 

  274. 		smtc.apiOutput = secret
    275. 

  275. 		smtc.ref.Key = secretUserPass
    276. 

  276. 		smtc.expectError = "remoteRef.property required for secret type username_password"
    277. 

  277. 	}
    278. 

  278. 

  279. 	// good case: username_password type with property
    280. 

  280. 	funcSetUserPass := func(secretName, property, name string) func(smtc *secretManagerTestCase) {
    281. 

  281. 		return func(smtc *secretManagerTestCase) {
    282. 

  282. 			secret := &sm.UsernamePasswordSecret{
    283. 

  283. 				SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    284. 

  284. 				Name:       utilpointer.To("testyname"),
    285. 

  285. 				ID:         utilpointer.To(secretUUID),
    286. 

  286. 				Username:   &secretUsername,
    287. 

  287. 				Password:   &secretPassword,
    288. 

  288. 			}
    289. 

  289. 			smtc.name = name
    290. 

  290. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    291. 

  291. 			smtc.apiOutput = secret
    292. 

  292. 			smtc.ref.Key = "username_password/" + secretName
    293. 

  293. 			smtc.ref.Property = property
    294. 

  294. 			if property == "username" {
    295. 

  295. 				smtc.expectedSecret = secretUsername
    296. 

  296. 			} else {
    297. 

  297. 				smtc.expectedSecret = secretPassword
    298. 

  298. 			}
    299. 

  299. 		}
    300. 

  300. 	}
    301. 

  301. 	setSecretUserPassByID := funcSetUserPass(secretUUID, "username", "good case: username_password type - get username by ID")
    302. 

  302. 

  303. 	// good case: iam_credentials type
    304. 

  304. 	funcSetSecretIam := func(secretName, name string) func(*secretManagerTestCase) {
    305. 

  305. 		return func(smtc *secretManagerTestCase) {
    306. 

  306. 			secret := &sm.IAMCredentialsSecret{
    307. 

  307. 				SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    308. 

  308. 				Name:       utilpointer.To("testyname"),
    309. 

  309. 				ID:         utilpointer.To(secretUUID),
    310. 

  310. 				ApiKey:     utilpointer.To(secretAPIKey),
    311. 

  311. 			}
    312. 

  312. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    313. 

  313. 			smtc.name = name
    314. 

  314. 			smtc.apiOutput = secret
    315. 

  315. 			smtc.ref.Key = iamCredentialsSecret + secretName
    316. 

  316. 			smtc.expectedSecret = secretAPIKey
    317. 

  317. 		}
    318. 

  318. 	}
    319. 

  319. 

  320. 	setSecretIamByID := funcSetSecretIam(secretUUID, "good case: iam_credenatials type - get API Key by ID")
    321. 

  321. 

  322. 	// good case: iam_credentials type - get API Key by name, providing the secret group ID
    323. 

  323. 	funcSetSecretIamNew := func(secretName, groupName, name string) func(*secretManagerTestCase) {
    324. 

  324. 		return func(smtc *secretManagerTestCase) {
    325. 

  325. 			secret := &sm.IAMCredentialsSecret{
    326. 

  326. 				SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    327. 

  327. 				Name:       utilpointer.To("testyname"),
    328. 

  328. 				ID:         utilpointer.To(secretUUID),
    329. 

  329. 				ApiKey:     utilpointer.To(secretAPIKey),
    330. 

  330. 			}
    331. 

  331. 			smtc.getByNameInput.Name = &secretName
    332. 

  332. 			smtc.getByNameInput.SecretGroupName = &groupName
    333. 

  333. 			smtc.getByNameInput.SecretType = utilpointer.To(sm.Secret_SecretType_IamCredentials)
    334. 

  334. 

  335. 			smtc.name = name
    336. 

  336. 			smtc.getByNameOutput = secret
    337. 

  337. 			smtc.ref.Key = groupName + "/" + iamCredentialsSecret + secretName
    338. 

  338. 			smtc.expectedSecret = secretAPIKey
    339. 

  339. 		}
    340. 

  340. 	}
    341. 

  341. 	setSecretIamByNameNew := funcSetSecretIamNew("testyname", "testGroup", "good case: iam_credenatials type - get API Key by name - new mechanism")
    342. 

  342. 

  343. 	// good case: service_credentials type
    344. 

  344. 	dummySrvCreds := &sm.ServiceCredentialsSecretCredentials{
    345. 

  345. 		Apikey: &secretAPIKey,
    346. 

  346. 	}
    347. 

  347. 

  348. 	funcSetSecretSrvCred := func(secretName, name string) func(*secretManagerTestCase) {
    349. 

  349. 		return func(smtc *secretManagerTestCase) {
    350. 

  350. 			secret := &sm.ServiceCredentialsSecret{
    351. 

  351. 				SecretType:  utilpointer.To(sm.Secret_SecretType_ServiceCredentials),
    352. 

  352. 				Name:        utilpointer.To("testyname"),
    353. 

  353. 				ID:          utilpointer.To(secretUUID),
    354. 

  354. 				Credentials: dummySrvCreds,
    355. 

  355. 			}
    356. 

  356. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    357. 

  357. 			smtc.name = name
    358. 

  358. 			smtc.apiOutput = secret
    359. 

  359. 			smtc.ref.Key = "service_credentials/" + secretName
    360. 

  360. 			smtc.expectedSecret = "{\"apikey\":\"01234567890\"}"
    361. 

  361. 		}
    362. 

  362. 	}
    363. 

  363. 

  364. 	setSecretSrvCredByID := funcSetSecretSrvCred(secretUUID, "good case: service_credentials type - get creds by ID")
    365. 

  365. 

  366. 	funcSetCertSecretTest := func(secret sm.SecretIntf, name, certType string, good bool) func(*secretManagerTestCase) {
    367. 

  367. 		return func(smtc *secretManagerTestCase) {
    368. 

  368. 			smtc.name = name
    369. 

  369. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    370. 

  370. 			smtc.apiOutput = secret
    371. 

  371. 			smtc.ref.Key = certType + "/" + secretUUID
    372. 

  372. 			if good {
    373. 

  373. 				smtc.ref.Property = "certificate"
    374. 

  374. 				smtc.expectedSecret = secretCertificate
    375. 

  375. 			} else {
    376. 

  376. 				smtc.expectError = "remoteRef.property required for secret type " + certType
    377. 

  377. 			}
    378. 

  378. 		}
    379. 

  379. 	}
    380. 

  380. 

  381. 	// good case: imported_cert type with property
    382. 

  382. 	importedCert := &sm.ImportedCertificate{
    383. 

  383. 		SecretType:   utilpointer.To(sm.Secret_SecretType_ImportedCert),
    384. 

  384. 		Name:         utilpointer.To("testyname"),
    385. 

  385. 		ID:           utilpointer.To(secretUUID),
    386. 

  386. 		Certificate:  utilpointer.To(secretCertificate),
    387. 

  387. 		Intermediate: utilpointer.To("intermediate"),
    388. 

  388. 		PrivateKey:   utilpointer.To("private_key"),
    389. 

  389. 	}
    390. 

  390. 	setSecretCert := funcSetCertSecretTest(importedCert, "good case: imported_cert type with property", sm.Secret_SecretType_ImportedCert, true)
    391. 

  391. 

  392. 	// good case: imported_cert type without a private_key
    393. 

  393. 	importedCertNoPvtKey := func(smtc *secretManagerTestCase) {
    394. 

  394. 		secret := &sm.ImportedCertificate{
    395. 

  395. 			SecretType:  utilpointer.To(sm.Secret_SecretType_ImportedCert),
    396. 

  396. 			Name:        utilpointer.To("testyname"),
    397. 

  397. 			ID:          utilpointer.To(secretUUID),
    398. 

  398. 			Certificate: utilpointer.To(secretCertificate),
    399. 

  399. 		}
    400. 

  400. 		smtc.name = "good case: imported cert without private key"
    401. 

  401. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    402. 

  402. 		smtc.apiOutput = secret
    403. 

  403. 		smtc.ref.Key = "imported_cert/" + secretUUID
    404. 

  404. 		smtc.ref.Property = "private_key"
    405. 

  405. 		smtc.expectedSecret = ""
    406. 

  406. 	}
    407. 

  407. 

  408. 	// bad case: imported_cert type without property
    409. 

  409. 	badSecretCert := funcSetCertSecretTest(importedCert, "bad case: imported_cert type without property", sm.Secret_SecretType_ImportedCert, false)
    410. 

  410. 

  411. 	// good case: public_cert type with property
    412. 

  412. 	publicCert := &sm.PublicCertificate{
    413. 

  413. 		SecretType:   utilpointer.To(sm.Secret_SecretType_PublicCert),
    414. 

  414. 		Name:         utilpointer.To("testyname"),
    415. 

  415. 		ID:           utilpointer.To(secretUUID),
    416. 

  416. 		Certificate:  utilpointer.To(secretCertificate),
    417. 

  417. 		Intermediate: utilpointer.To("intermediate"),
    418. 

  418. 		PrivateKey:   utilpointer.To("private_key"),
    419. 

  419. 	}
    420. 

  420. 	setSecretPublicCert := funcSetCertSecretTest(publicCert, "good case: public_cert type with property", sm.Secret_SecretType_PublicCert, true)
    421. 

  421. 

  422. 	// bad case: public_cert type without property
    423. 

  423. 	badSecretPublicCert := funcSetCertSecretTest(publicCert, "bad case: public_cert type without property", sm.Secret_SecretType_PublicCert, false)
    424. 

  424. 

  425. 	// good case: private_cert type with property
    426. 

  426. 	privateCert := &sm.PrivateCertificate{
    427. 

  427. 		SecretType:  utilpointer.To(sm.Secret_SecretType_PublicCert),
    428. 

  428. 		Name:        utilpointer.To("testyname"),
    429. 

  429. 		ID:          utilpointer.To(secretUUID),
    430. 

  430. 		Certificate: utilpointer.To(secretCertificate),
    431. 

  431. 		PrivateKey:  utilpointer.To("private_key"),
    432. 

  432. 	}
    433. 

  433. 	setSecretPrivateCert := funcSetCertSecretTest(privateCert, "good case: private_cert type with property", sm.Secret_SecretType_PrivateCert, true)
    434. 

  434. 

  435. 	// bad case: private_cert type without property
    436. 

  436. 	badSecretPrivateCert := funcSetCertSecretTest(privateCert, "bad case: private_cert type without property", sm.Secret_SecretType_PrivateCert, false)
    437. 

  437. 

  438. 	secretDataKV := make(map[string]any)
    439. 

  439. 	secretDataKV["key1"] = "val1"
    440. 

  440. 

  441. 	secretDataKVComplex := make(map[string]any)
    442. 

  442. 	secretKVComplex := `{"key1":"val1","key2":"val2","key3":"val3","keyC":{"keyC1":"valC1","keyC2":"valC2"},"special.log":"file-content"}`
    443. 

  443. 	json.Unmarshal([]byte(secretKVComplex), &secretDataKVComplex)
    444. 

  444. 

  445. 	secretKV := "kv/" + secretUUID
    446. 

  446. 

  447. 	// bad case: kv type with key which is not in payload
    448. 

  448. 	badSecretKV := func(smtc *secretManagerTestCase) {
    449. 

  449. 		secret := &sm.KVSecret{
    450. 

  450. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    451. 

  451. 			Name:       utilpointer.To("testyname"),
    452. 

  452. 			ID:         utilpointer.To(secretUUID),
    453. 

  453. 			Data:       secretDataKV,
    454. 

  454. 		}
    455. 

  455. 		smtc.name = "bad case: kv type with key which is not in payload"
    456. 

  456. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    457. 

  457. 		smtc.apiOutput = secret
    458. 

  458. 		smtc.ref.Key = secretKV
    459. 

  459. 		smtc.ref.Property = "other-key"
    460. 

  460. 		smtc.expectError = "key other-key does not exist in secret kv/" + secretUUID
    461. 

  461. 	}
    462. 

  462. 

  463. 	// good case: kv type with property
    464. 

  464. 	setSecretKV := func(smtc *secretManagerTestCase) {
    465. 

  465. 		secret := &sm.KVSecret{
    466. 

  466. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    467. 

  467. 			Name:       utilpointer.To("testyname"),
    468. 

  468. 			ID:         utilpointer.To(secretUUID),
    469. 

  469. 			Data:       secretDataKV,
    470. 

  470. 		}
    471. 

  471. 		smtc.name = "good case: kv type with property"
    472. 

  472. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    473. 

  473. 		smtc.apiOutput = secret
    474. 

  474. 		smtc.ref.Key = secretKV
    475. 

  475. 		smtc.ref.Property = "key1"
    476. 

  476. 		smtc.expectedSecret = "val1"
    477. 

  477. 	}
    478. 

  478. 

  479. 	// good case: kv type with property, returns specific value
    480. 

  480. 	setSecretKVWithKey := func(smtc *secretManagerTestCase) {
    481. 

  481. 		secret := &sm.KVSecret{
    482. 

  482. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    483. 

  483. 			Name:       utilpointer.To("testyname"),
    484. 

  484. 			ID:         utilpointer.To(secretUUID),
    485. 

  485. 			Data:       secretDataKVComplex,
    486. 

  486. 		}
    487. 

  487. 		smtc.name = "good case: kv type with property, returns specific value"
    488. 

  488. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    489. 

  489. 		smtc.apiOutput = secret
    490. 

  490. 		smtc.ref.Key = secretKV
    491. 

  491. 		smtc.ref.Property = "key2"
    492. 

  492. 		smtc.expectedSecret = "val2"
    493. 

  493. 	}
    494. 

  494. 

  495. 	// good case: kv type with property and path, returns specific value
    496. 

  496. 	setSecretKVWithKeyPath := func(smtc *secretManagerTestCase) {
    497. 

  497. 		secret := &sm.KVSecret{
    498. 

  498. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    499. 

  499. 			Name:       utilpointer.To("testyname"),
    500. 

  500. 			ID:         utilpointer.To(secretUUID),
    501. 

  501. 			Data:       secretDataKVComplex,
    502. 

  502. 		}
    503. 

  503. 		smtc.name = "good case: kv type with property and path, returns specific value"
    504. 

  504. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    505. 

  505. 		smtc.apiOutput = secret
    506. 

  506. 		smtc.ref.Key = secretKV
    507. 

  507. 		smtc.ref.Property = "keyC.keyC2"
    508. 

  508. 		smtc.expectedSecret = "valC2"
    509. 

  509. 	}
    510. 

  510. 

  511. 	// good case: kv type with property and dot, returns specific value
    512. 

  512. 	setSecretKVWithKeyDot := func(smtc *secretManagerTestCase) {
    513. 

  513. 		secret := &sm.KVSecret{
    514. 

  514. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    515. 

  515. 			Name:       utilpointer.To("testyname"),
    516. 

  516. 			ID:         utilpointer.To(secretUUID),
    517. 

  517. 			Data:       secretDataKVComplex,
    518. 

  518. 		}
    519. 

  519. 		smtc.name = "good case: kv type with property and dot, returns specific value"
    520. 

  520. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    521. 

  521. 		smtc.apiOutput = secret
    522. 

  522. 		smtc.ref.Key = secretKV
    523. 

  523. 		smtc.ref.Property = "special.log"
    524. 

  524. 		smtc.expectedSecret = "file-content"
    525. 

  525. 	}
    526. 

  526. 

  527. 	// good case: kv type without property, returns all
    528. 

  528. 	setSecretKVWithOutKey := func(smtc *secretManagerTestCase) {
    529. 

  529. 		secret := &sm.KVSecret{
    530. 

  530. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    531. 

  531. 			Name:       utilpointer.To("testyname"),
    532. 

  532. 			ID:         utilpointer.To(secretUUID),
    533. 

  533. 			Data:       secretDataKVComplex,
    534. 

  534. 		}
    535. 

  535. 		smtc.name = "good case: kv type without property, returns all"
    536. 

  536. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    537. 

  537. 		smtc.apiOutput = secret
    538. 

  538. 		smtc.ref.Key = secretKV
    539. 

  539. 		smtc.expectedSecret = secretKVComplex
    540. 

  540. 	}
    541. 

  541. 

  542. 	successCases := []*secretManagerTestCase{
    543. 

  543. 		makeValidSecretManagerTestCaseCustom(setSecretString),
    544. 

  544. 		makeValidSecretManagerTestCaseCustom(setCustomKey),
    545. 

  545. 		makeValidSecretManagerTestCaseCustom(badArbitSecret),
    546. 

  546. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    547. 

  547. 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
    548. 

  548. 		makeValidSecretManagerTestCaseCustom(badSecretUserPass),
    549. 

  549. 		makeValidSecretManagerTestCaseCustom(setSecretUserPassByID),
    550. 

  550. 		makeValidSecretManagerTestCaseCustom(setSecretIamByID),
    551. 

  551. 		makeValidSecretManagerTestCaseCustom(setSecretCert),
    552. 

  552. 		makeValidSecretManagerTestCaseCustom(setSecretKV),
    553. 

  553. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKey),
    554. 

  554. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKeyPath),
    555. 

  555. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithKeyDot),
    556. 

  556. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithOutKey),
    557. 

  557. 		makeValidSecretManagerTestCaseCustom(badSecretKV),
    558. 

  558. 		makeValidSecretManagerTestCaseCustom(badSecretCert),
    559. 

  559. 		makeValidSecretManagerTestCaseCustom(importedCertNoPvtKey),
    560. 

  560. 		makeValidSecretManagerTestCaseCustom(setSecretPublicCert),
    561. 

  561. 		makeValidSecretManagerTestCaseCustom(badSecretPublicCert),
    562. 

  562. 		makeValidSecretManagerTestCaseCustom(setSecretPrivateCert),
    563. 

  563. 		makeValidSecretManagerTestCaseCustom(badSecretPrivateCert),
    564. 

  564. 		makeValidSecretManagerTestCaseCustom(setSecretIamByNameNew),
    565. 

  565. 		makeValidSecretManagerTestCaseCustom(setSecretSrvCredByID),
    566. 

  566. 	}
    567. 

  567. 

  568. 	sm := providerIBM{}
    569. 

  569. 	for _, v := range successCases {
    570. 

  570. 		t.Run(v.name, func(t *testing.T) {
    571. 

  571. 			sm.IBMClient = v.mockClient
    572. 

  572. 			out, err := sm.GetSecret(context.Background(), *v.ref)
    573. 

  573. 			if !ErrorContains(err, v.expectError) {
    574. 

  574. 				t.Errorf("unexpected error:\n%s, expected:\n'%s'", err.Error(), v.expectError)
    575. 

  575. 			}
    576. 

  576. 			if string(out) != v.expectedSecret {
    577. 

  577. 				t.Errorf("unexpected secret: expected:\n%s\ngot:\n%s", v.expectedSecret, string(out))
    578. 

  578. 			}
    579. 

  579. 		})
    580. 

  580. 	}
    581. 

  581. }
    582. 

  582. 

  583. func TestGetSecretMap(t *testing.T) {
    584. 

  584. 	secretUsername := "user1"
    585. 

  585. 	secretPassword := "P@ssw0rd"
    586. 

  586. 	secretAPIKey := "01234567890"
    587. 

  587. 	nilValue := "<nil>"
    588. 

  588. 	secretCertificate := "certificate_value"
    589. 

  589. 	secretPrivateKey := "private_key_value"
    590. 

  590. 	secretIntermediate := "intermediate_value"
    591. 

  591. 	timeValue := "0001-01-01T00:00:00.000Z"
    592. 

  592. 

  593. 	secretComplex := map[string]any{
    594. 

  594. 		"key1": "val1",
    595. 

  595. 		"key2": "val2",
    596. 

  596. 		"keyC": map[string]any{
    597. 

  597. 			"keyC1": map[string]string{
    598. 

  598. 				"keyA": "valA",
    599. 

  599. 				"keyB": "valB",
    600. 

  600. 			},
    601. 

  601. 		},
    602. 

  602. 	}
    603. 

  603. 

  604. 	dummySrvCreds := &sm.ServiceCredentialsSecretCredentials{
    605. 

  605. 		Apikey: &secretAPIKey,
    606. 

  606. 	}
    607. 

  607. 

  608. 	// good case: arbitrary
    609. 

  609. 	setArbitrary := func(smtc *secretManagerTestCase) {
    610. 

  610. 		payload := `{"foo":"bar"}`
    611. 

  611. 		secret := &sm.ArbitrarySecret{
    612. 

  612. 			Name:       utilpointer.To("testyname"),
    613. 

  613. 			ID:         utilpointer.To(secretUUID),
    614. 

  614. 			SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary),
    615. 

  615. 			Payload:    &payload,
    616. 

  616. 		}
    617. 

  617. 		smtc.name = "good case: arbitrary"
    618. 

  618. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    619. 

  619. 		smtc.apiOutput = secret
    620. 

  620. 		smtc.ref.Key = secretUUID
    621. 

  621. 		smtc.expectedData["arbitrary"] = []byte(payload)
    622. 

  622. 	}
    623. 

  623. 

  624. 	// good case: username_password
    625. 

  625. 	setSecretUserPass := func(smtc *secretManagerTestCase) {
    626. 

  626. 		secret := &sm.UsernamePasswordSecret{
    627. 

  627. 			Name:       utilpointer.To("testyname"),
    628. 

  628. 			ID:         utilpointer.To(secretUUID),
    629. 

  629. 			SecretType: utilpointer.To(sm.Secret_SecretType_UsernamePassword),
    630. 

  630. 			Username:   &secretUsername,
    631. 

  631. 			Password:   &secretPassword,
    632. 

  632. 		}
    633. 

  633. 		smtc.name = "good case: username_password"
    634. 

  634. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    635. 

  635. 		smtc.apiOutput = secret
    636. 

  636. 		smtc.ref.Key = "username_password/" + secretUUID
    637. 

  637. 		smtc.expectedData["username"] = []byte(secretUsername)
    638. 

  638. 		smtc.expectedData["password"] = []byte(secretPassword)
    639. 

  639. 	}
    640. 

  640. 

  641. 	// good case: iam_credentials
    642. 

  642. 	setSecretIam := func(smtc *secretManagerTestCase) {
    643. 

  643. 		secret := &sm.IAMCredentialsSecret{
    644. 

  644. 			Name:       utilpointer.To("testyname"),
    645. 

  645. 			ID:         utilpointer.To(secretUUID),
    646. 

  646. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    647. 

  647. 			ApiKey:     utilpointer.To(secretAPIKey),
    648. 

  648. 		}
    649. 

  649. 		smtc.name = "good case: iam_credentials"
    650. 

  650. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    651. 

  651. 		smtc.apiOutput = secret
    652. 

  652. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    653. 

  653. 		smtc.expectedData["apikey"] = []byte(secretAPIKey)
    654. 

  654. 	}
    655. 

  655. 

  656. 	// good case: iam_credentials by name using new mechanism
    657. 

  657. 	setSecretIamByName := func(smtc *secretManagerTestCase) {
    658. 

  658. 		secret := &sm.IAMCredentialsSecret{
    659. 

  659. 			Name:       utilpointer.To("testyname"),
    660. 

  660. 			ID:         utilpointer.To(secretUUID),
    661. 

  661. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    662. 

  662. 			ApiKey:     utilpointer.To(secretAPIKey),
    663. 

  663. 		}
    664. 

  664. 		smtc.name = "good case: iam_credentials by name using new mechanism"
    665. 

  665. 		smtc.getByNameInput.Name = utilpointer.To("testyname")
    666. 

  666. 		smtc.getByNameInput.SecretGroupName = utilpointer.To("groupName")
    667. 

  667. 		smtc.getByNameInput.SecretType = utilpointer.To(sm.Secret_SecretType_IamCredentials)
    668. 

  668. 

  669. 		smtc.getByNameOutput = secret
    670. 

  670. 		smtc.apiOutput = secret
    671. 

  671. 		smtc.ref.Key = "groupName/" + iamCredentialsSecret + "testyname"
    672. 

  672. 		smtc.expectedData["apikey"] = []byte(secretAPIKey)
    673. 

  673. 	}
    674. 

  674. 

  675. 	// bad case: iam_credentials of a destroyed secret
    676. 

  676. 	badSecretIam := func(smtc *secretManagerTestCase) {
    677. 

  677. 		secret := &sm.IAMCredentialsSecret{
    678. 

  678. 			Name:       utilpointer.To("testyname"),
    679. 

  679. 			ID:         utilpointer.To(secretUUID),
    680. 

  680. 			SecretType: utilpointer.To(sm.Secret_SecretType_IamCredentials),
    681. 

  681. 		}
    682. 

  682. 		smtc.name = "bad case: iam_credentials of a destroyed secret"
    683. 

  683. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    684. 

  684. 		smtc.apiOutput = secret
    685. 

  685. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    686. 

  686. 		smtc.expectError = "key api_key does not exist in secret " + secretUUID
    687. 

  687. 	}
    688. 

  688. 

  689. 	funcCertTest := func(secret sm.SecretIntf, name, certType string) func(*secretManagerTestCase) {
    690. 

  690. 		return func(smtc *secretManagerTestCase) {
    691. 

  691. 			smtc.name = name
    692. 

  692. 			smtc.apiInput.ID = utilpointer.To(secretUUID)
    693. 

  693. 			smtc.apiOutput = secret
    694. 

  694. 			smtc.ref.Key = certType + "/" + secretUUID
    695. 

  695. 			smtc.expectedData["certificate"] = []byte(secretCertificate)
    696. 

  696. 			smtc.expectedData["private_key"] = []byte(secretPrivateKey)
    697. 

  697. 			smtc.expectedData["intermediate"] = []byte(secretIntermediate)
    698. 

  698. 		}
    699. 

  699. 	}
    700. 

  700. 

  701. 	// good case: service_credentials
    702. 

  702. 	setSecretSrvCreds := func(smtc *secretManagerTestCase) {
    703. 

  703. 		secret := &sm.ServiceCredentialsSecret{
    704. 

  704. 			Name:        utilpointer.To("testyname"),
    705. 

  705. 			ID:          utilpointer.To(secretUUID),
    706. 

  706. 			SecretType:  utilpointer.To(sm.Secret_SecretType_IamCredentials),
    707. 

  707. 			Credentials: dummySrvCreds,
    708. 

  708. 		}
    709. 

  709. 		smtc.name = "good case: service_credentials"
    710. 

  710. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    711. 

  711. 		smtc.apiOutput = secret
    712. 

  712. 		smtc.ref.Key = "service_credentials/" + secretUUID
    713. 

  713. 		smtc.expectedData["credentials"] = []byte(fmt.Sprintf("%+v", map[string]string{"apikey": secretAPIKey}))
    714. 

  714. 	}
    715. 

  715. 

  716. 	// good case: imported_cert
    717. 

  717. 	importedCert := &sm.ImportedCertificate{
    718. 

  718. 		SecretType:   utilpointer.To(sm.Secret_SecretType_ImportedCert),
    719. 

  719. 		Name:         utilpointer.To("testyname"),
    720. 

  720. 		ID:           utilpointer.To(secretUUID),
    721. 

  721. 		Certificate:  utilpointer.To(secretCertificate),
    722. 

  722. 		Intermediate: utilpointer.To(secretIntermediate),
    723. 

  723. 		PrivateKey:   utilpointer.To(secretPrivateKey),
    724. 

  724. 	}
    725. 

  725. 	setSecretCert := funcCertTest(importedCert, "good case: imported_cert", sm.Secret_SecretType_ImportedCert)
    726. 

  726. 

  727. 	// good case: public_cert
    728. 

  728. 	publicCert := &sm.PublicCertificate{
    729. 

  729. 		SecretType:   utilpointer.To(sm.Secret_SecretType_PublicCert),
    730. 

  730. 		Name:         utilpointer.To("testyname"),
    731. 

  731. 		ID:           utilpointer.To(secretUUID),
    732. 

  732. 		Certificate:  utilpointer.To(secretCertificate),
    733. 

  733. 		Intermediate: utilpointer.To(secretIntermediate),
    734. 

  734. 		PrivateKey:   utilpointer.To(secretPrivateKey),
    735. 

  735. 	}
    736. 

  736. 	setSecretPublicCert := funcCertTest(publicCert, "good case: public_cert", sm.Secret_SecretType_PublicCert)
    737. 

  737. 

  738. 	// good case: private_cert
    739. 

  739. 	setSecretPrivateCert := func(smtc *secretManagerTestCase) {
    740. 

  740. 		secret := &sm.PrivateCertificate{
    741. 

  741. 			Name:        utilpointer.To("testyname"),
    742. 

  742. 			ID:          utilpointer.To(secretUUID),
    743. 

  743. 			SecretType:  utilpointer.To(sm.Secret_SecretType_PrivateCert),
    744. 

  744. 			Certificate: &secretCertificate,
    745. 

  745. 			PrivateKey:  &secretPrivateKey,
    746. 

  746. 		}
    747. 

  747. 		smtc.name = "good case: private_cert"
    748. 

  748. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    749. 

  749. 		smtc.apiOutput = secret
    750. 

  750. 		smtc.ref.Key = "private_cert/" + secretUUID
    751. 

  751. 		smtc.expectedData["certificate"] = []byte(secretCertificate)
    752. 

  752. 		smtc.expectedData["private_key"] = []byte(secretPrivateKey)
    753. 

  753. 	}
    754. 

  754. 

  755. 	// good case: arbitrary with metadata
    756. 

  756. 	setArbitraryWithMetadata := func(smtc *secretManagerTestCase) {
    757. 

  757. 		payload := `{"foo":"bar"}`
    758. 

  758. 		secret := &sm.ArbitrarySecret{
    759. 

  759. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    760. 

  760. 			CreatedAt:  &strfmt.DateTime{},
    761. 

  761. 			Downloaded: utilpointer.To(false),
    762. 

  762. 			Labels:     []string{"abc", "def", "xyz"},
    763. 

  763. 			LocksTotal: utilpointer.To(int64(20)),
    764. 

  764. 			Payload:    &payload,
    765. 

  765. 		}
    766. 

  766. 		smtc.name = "good case: arbitrary with metadata"
    767. 

  767. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    768. 

  768. 		smtc.apiOutput = secret
    769. 

  769. 		smtc.ref.Key = secretUUID
    770. 

  770. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    771. 

  771. 		smtc.expectedData = map[string][]byte{
    772. 

  772. 			"arbitrary":       []byte(payload),
    773. 

  773. 			"created_at":      []byte(timeValue),
    774. 

  774. 			"created_by":      []byte(*secret.CreatedBy),
    775. 

  775. 			"crn":             []byte(nilValue),
    776. 

  776. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    777. 

  777. 			"id":              []byte(nilValue),
    778. 

  778. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    779. 

  779. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    780. 

  780. 			"payload":         []byte(payload),
    781. 

  781. 			"secret_group_id": []byte(nilValue),
    782. 

  782. 			"secret_type":     []byte(nilValue),
    783. 

  783. 			"updated_at":      []byte(nilValue),
    784. 

  784. 			"versions_total":  []byte(nilValue),
    785. 

  785. 		}
    786. 

  786. 	}
    787. 

  787. 

  788. 	// good case: iam_credentials with metadata
    789. 

  789. 	setSecretIamWithMetadata := func(smtc *secretManagerTestCase) {
    790. 

  790. 		secret := &sm.IAMCredentialsSecret{
    791. 

  791. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    792. 

  792. 			CreatedAt:  &strfmt.DateTime{},
    793. 

  793. 			Downloaded: utilpointer.To(false),
    794. 

  794. 			Labels:     []string{"abc", "def", "xyz"},
    795. 

  795. 			LocksTotal: utilpointer.To(int64(20)),
    796. 

  796. 			ApiKey:     utilpointer.To(secretAPIKey),
    797. 

  797. 		}
    798. 

  798. 		smtc.name = "good case: iam_credentials with metadata"
    799. 

  799. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    800. 

  800. 		smtc.apiOutput = secret
    801. 

  801. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    802. 

  802. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    803. 

  803. 		smtc.expectedData = map[string][]byte{
    804. 

  804. 			"api_key":         []byte(secretAPIKey),
    805. 

  805. 			"apikey":          []byte(secretAPIKey),
    806. 

  806. 			"created_at":      []byte(timeValue),
    807. 

  807. 			"created_by":      []byte(*secret.CreatedBy),
    808. 

  808. 			"crn":             []byte(nilValue),
    809. 

  809. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    810. 

  810. 			"id":              []byte(nilValue),
    811. 

  811. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    812. 

  812. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    813. 

  813. 			"reuse_api_key":   []byte(nilValue),
    814. 

  814. 			"secret_group_id": []byte(nilValue),
    815. 

  815. 			"secret_type":     []byte(nilValue),
    816. 

  816. 			"ttl":             []byte(nilValue),
    817. 

  817. 			"updated_at":      []byte(nilValue),
    818. 

  818. 			"versions_total":  []byte(nilValue),
    819. 

  819. 		}
    820. 

  820. 	}
    821. 

  821. 

  822. 	// "good case: username_password with metadata
    823. 

  823. 	setSecretUserPassWithMetadata := func(smtc *secretManagerTestCase) {
    824. 

  824. 		secret := &sm.UsernamePasswordSecret{
    825. 

  825. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    826. 

  826. 			CreatedAt:  &strfmt.DateTime{},
    827. 

  827. 			Downloaded: utilpointer.To(false),
    828. 

  828. 			Labels:     []string{"abc", "def", "xyz"},
    829. 

  829. 			LocksTotal: utilpointer.To(int64(20)),
    830. 

  830. 			Username:   &secretUsername,
    831. 

  831. 			Password:   &secretPassword,
    832. 

  832. 		}
    833. 

  833. 		smtc.name = "good case: username_password with metadata"
    834. 

  834. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    835. 

  835. 		smtc.apiOutput = secret
    836. 

  836. 		smtc.ref.Key = "username_password/" + secretUUID
    837. 

  837. 		smtc.expectedData["username"] = []byte(secretUsername)
    838. 

  838. 		smtc.expectedData["password"] = []byte(secretPassword)
    839. 

  839. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    840. 

  840. 		smtc.expectedData = map[string][]byte{
    841. 

  841. 			"created_at":      []byte(timeValue),
    842. 

  842. 			"created_by":      []byte(*secret.CreatedBy),
    843. 

  843. 			"crn":             []byte(nilValue),
    844. 

  844. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    845. 

  845. 			"id":              []byte(nilValue),
    846. 

  846. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    847. 

  847. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    848. 

  848. 			"password":        []byte(secretPassword),
    849. 

  849. 			"rotation":        []byte(nilValue),
    850. 

  850. 			"secret_group_id": []byte(nilValue),
    851. 

  851. 			"secret_type":     []byte(nilValue),
    852. 

  852. 			"updated_at":      []byte(nilValue),
    853. 

  853. 			"username":        []byte(secretUsername),
    854. 

  854. 			"versions_total":  []byte(nilValue),
    855. 

  855. 		}
    856. 

  856. 	}
    857. 

  857. 

  858. 	// good case: imported_cert with metadata
    859. 

  859. 	setimportedCertWithMetadata := func(smtc *secretManagerTestCase) {
    860. 

  860. 		secret := &sm.ImportedCertificate{
    861. 

  861. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    862. 

  862. 			CreatedAt:    &strfmt.DateTime{},
    863. 

  863. 			Downloaded:   utilpointer.To(false),
    864. 

  864. 			Labels:       []string{"abc", "def", "xyz"},
    865. 

  865. 			LocksTotal:   utilpointer.To(int64(20)),
    866. 

  866. 			Certificate:  utilpointer.To(secretCertificate),
    867. 

  867. 			Intermediate: utilpointer.To(secretIntermediate),
    868. 

  868. 			PrivateKey:   utilpointer.To(secretPrivateKey),
    869. 

  869. 		}
    870. 

  870. 		smtc.name = "good case: imported_cert with metadata"
    871. 

  871. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    872. 

  872. 		smtc.apiOutput = secret
    873. 

  873. 		smtc.ref.Key = "imported_cert" + "/" + secretUUID
    874. 

  874. 

  875. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    876. 

  876. 		smtc.expectedData = map[string][]byte{
    877. 

  877. 			"certificate":           []byte(secretCertificate),
    878. 

  878. 			"created_at":            []byte(timeValue),
    879. 

  879. 			"created_by":            []byte(*secret.CreatedBy),
    880. 

  880. 			"crn":                   []byte(nilValue),
    881. 

  881. 			"downloaded":            []byte(strconv.FormatBool(*secret.Downloaded)),
    882. 

  882. 			"expiration_date":       []byte(nilValue),
    883. 

  883. 			"id":                    []byte(nilValue),
    884. 

  884. 			"intermediate":          []byte(secretIntermediate),
    885. 

  885. 			"intermediate_included": []byte(nilValue),
    886. 

  886. 			"issuer":                []byte(nilValue),
    887. 

  887. 			"labels":                []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    888. 

  888. 			"locks_total":           []byte(strconv.Itoa(int(*secret.LocksTotal))),
    889. 

  889. 			"private_key":           []byte(secretPrivateKey),
    890. 

  890. 			"private_key_included":  []byte(nilValue),
    891. 

  891. 			"secret_group_id":       []byte(nilValue),
    892. 

  892. 			"secret_type":           []byte(nilValue),
    893. 

  893. 			"serial_number":         []byte(nilValue),
    894. 

  894. 			"signing_algorithm":     []byte(nilValue),
    895. 

  895. 			"updated_at":            []byte(nilValue),
    896. 

  896. 			"validity":              []byte(nilValue),
    897. 

  897. 			"versions_total":        []byte(nilValue),
    898. 

  898. 		}
    899. 

  899. 	}
    900. 

  900. 

  901. 	// good case: imported_cert without a private_key
    902. 

  902. 	setimportedCertWithNoPvtKey := func(smtc *secretManagerTestCase) {
    903. 

  903. 		secret := &sm.ImportedCertificate{
    904. 

  904. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    905. 

  905. 			CreatedAt:    &strfmt.DateTime{},
    906. 

  906. 			Downloaded:   utilpointer.To(false),
    907. 

  907. 			Labels:       []string{"abc", "def", "xyz"},
    908. 

  908. 			LocksTotal:   utilpointer.To(int64(20)),
    909. 

  909. 			Certificate:  utilpointer.To(secretCertificate),
    910. 

  910. 			Intermediate: utilpointer.To(secretIntermediate),
    911. 

  911. 		}
    912. 

  912. 		smtc.name = "good case: imported_cert without private key"
    913. 

  913. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    914. 

  914. 		smtc.apiOutput = secret
    915. 

  915. 		smtc.ref.Key = "imported_cert/" + secretUUID
    916. 

  916. 

  917. 		smtc.expectedData = map[string][]byte{
    918. 

  918. 			"certificate":  []byte(secretCertificate),
    919. 

  919. 			"intermediate": []byte(secretIntermediate),
    920. 

  920. 			"private_key":  []byte(""),
    921. 

  921. 		}
    922. 

  922. 	}
    923. 

  923. 

  924. 	// good case: public_cert with metadata
    925. 

  925. 	setPublicCertWithMetadata := func(smtc *secretManagerTestCase) {
    926. 

  926. 		secret := &sm.PublicCertificate{
    927. 

  927. 			CreatedBy:    utilpointer.To("testCreatedBy"),
    928. 

  928. 			CreatedAt:    &strfmt.DateTime{},
    929. 

  929. 			Downloaded:   utilpointer.To(false),
    930. 

  930. 			Labels:       []string{"abc", "def", "xyz"},
    931. 

  931. 			LocksTotal:   utilpointer.To(int64(20)),
    932. 

  932. 			Certificate:  utilpointer.To(secretCertificate),
    933. 

  933. 			Intermediate: utilpointer.To(secretIntermediate),
    934. 

  934. 			PrivateKey:   utilpointer.To(secretPrivateKey),
    935. 

  935. 		}
    936. 

  936. 		smtc.name = "good case: public_cert with metadata"
    937. 

  937. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    938. 

  938. 		smtc.apiOutput = secret
    939. 

  939. 		smtc.ref.Key = "public_cert" + "/" + secretUUID
    940. 

  940. 

  941. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    942. 

  942. 		smtc.expectedData = map[string][]byte{
    943. 

  943. 			"certificate":     []byte(secretCertificate),
    944. 

  944. 			"common_name":     []byte(nilValue),
    945. 

  945. 			"created_at":      []byte(timeValue),
    946. 

  946. 			"created_by":      []byte(*secret.CreatedBy),
    947. 

  947. 			"crn":             []byte(nilValue),
    948. 

  948. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    949. 

  949. 			"id":              []byte(nilValue),
    950. 

  950. 			"intermediate":    []byte(secretIntermediate),
    951. 

  951. 			"key_algorithm":   []byte(nilValue),
    952. 

  952. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    953. 

  953. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    954. 

  954. 			"private_key":     []byte(secretPrivateKey),
    955. 

  955. 			"rotation":        []byte(nilValue),
    956. 

  956. 			"secret_group_id": []byte(nilValue),
    957. 

  957. 			"secret_type":     []byte(nilValue),
    958. 

  958. 			"updated_at":      []byte(nilValue),
    959. 

  959. 			"versions_total":  []byte(nilValue),
    960. 

  960. 		}
    961. 

  961. 	}
    962. 

  962. 

  963. 	// good case: private_cert with metadata
    964. 

  964. 	setPrivateCertWithMetadata := func(smtc *secretManagerTestCase) {
    965. 

  965. 		secret := &sm.PrivateCertificate{
    966. 

  966. 			CreatedBy:   utilpointer.To("testCreatedBy"),
    967. 

  967. 			CreatedAt:   &strfmt.DateTime{},
    968. 

  968. 			Downloaded:  utilpointer.To(false),
    969. 

  969. 			Labels:      []string{"abc", "def", "xyz"},
    970. 

  970. 			LocksTotal:  utilpointer.To(int64(20)),
    971. 

  971. 			Certificate: utilpointer.To(secretCertificate),
    972. 

  972. 			PrivateKey:  utilpointer.To(secretPrivateKey),
    973. 

  973. 		}
    974. 

  974. 		smtc.name = "good case: private_cert with metadata"
    975. 

  975. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    976. 

  976. 		smtc.apiOutput = secret
    977. 

  977. 		smtc.ref.Key = "private_cert" + "/" + secretUUID
    978. 

  978. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    979. 

  979. 		smtc.expectedData = map[string][]byte{
    980. 

  980. 			"certificate":          []byte(secretCertificate),
    981. 

  981. 			"certificate_template": []byte(nilValue),
    982. 

  982. 			"common_name":          []byte(nilValue),
    983. 

  983. 			"created_at":           []byte(timeValue),
    984. 

  984. 			"created_by":           []byte(*secret.CreatedBy),
    985. 

  985. 			"crn":                  []byte(nilValue),
    986. 

  986. 			"downloaded":           []byte(strconv.FormatBool(*secret.Downloaded)),
    987. 

  987. 			"expiration_date":      []byte(nilValue),
    988. 

  988. 			"id":                   []byte(nilValue),
    989. 

  989. 			"issuer":               []byte(nilValue),
    990. 

  990. 			"labels":               []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    991. 

  991. 			"locks_total":          []byte(strconv.Itoa(int(*secret.LocksTotal))),
    992. 

  992. 			"private_key":          []byte(secretPrivateKey),
    993. 

  993. 			"secret_group_id":      []byte(nilValue),
    994. 

  994. 			"secret_type":          []byte(nilValue),
    995. 

  995. 			"serial_number":        []byte(nilValue),
    996. 

  996. 			"signing_algorithm":    []byte(nilValue),
    997. 

  997. 			"updated_at":           []byte(nilValue),
    998. 

  998. 			"validity":             []byte(nilValue),
    999. 

  999. 			"versions_total":       []byte(nilValue),
    1000. 

  1000. 		}
    1001. 

  1001. 	}
    1002. 

  1002. 

  1003. 	// good case: kv with property and metadata
    1004. 

  1004. 	setSecretKVWithMetadata := func(smtc *secretManagerTestCase) {
    1005. 

  1005. 		secret := &sm.KVSecret{
    1006. 

  1006. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    1007. 

  1007. 			CreatedAt:  &strfmt.DateTime{},
    1008. 

  1008. 			Downloaded: utilpointer.To(false),
    1009. 

  1009. 			Labels:     []string{"abc", "def", "xyz"},
    1010. 

  1010. 			LocksTotal: utilpointer.To(int64(20)),
    1011. 

  1011. 			Data:       secretComplex,
    1012. 

  1012. 		}
    1013. 

  1013. 		smtc.name = "good case: kv, with property and with metadata"
    1014. 

  1014. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1015. 

  1015. 		smtc.apiOutput = secret
    1016. 

  1016. 		smtc.ref.Key = "kv/" + secretUUID
    1017. 

  1017. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyFetch
    1018. 

  1018. 		smtc.expectedData = map[string][]byte{
    1019. 

  1019. 			"created_at":      []byte(timeValue),
    1020. 

  1020. 			"created_by":      []byte(*secret.CreatedBy),
    1021. 

  1021. 			"crn":             []byte(nilValue),
    1022. 

  1022. 			"data":            []byte("map[key1:val1 key2:val2 keyC:map[keyC1:map[keyA:valA keyB:valB]]]"),
    1023. 

  1023. 			"downloaded":      []byte(strconv.FormatBool(*secret.Downloaded)),
    1024. 

  1024. 			"id":              []byte(nilValue),
    1025. 

  1025. 			"key1":            []byte("val1"),
    1026. 

  1026. 			"key2":            []byte("val2"),
    1027. 

  1027. 			"keyC":            []byte(`{"keyC1":{"keyA":"valA","keyB":"valB"}}`),
    1028. 

  1028. 			"labels":          []byte("[" + strings.Join(secret.Labels, " ") + "]"),
    1029. 

  1029. 			"locks_total":     []byte(strconv.Itoa(int(*secret.LocksTotal))),
    1030. 

  1030. 			"secret_group_id": []byte(nilValue),
    1031. 

  1031. 			"secret_type":     []byte(nilValue),
    1032. 

  1032. 			"updated_at":      []byte(nilValue),
    1033. 

  1033. 			"versions_total":  []byte(nilValue),
    1034. 

  1034. 		}
    1035. 

  1035. 	}
    1036. 

  1036. 

  1037. 	// good case: iam_credentials without metadata
    1038. 

  1038. 	setSecretIamWithoutMetadata := func(smtc *secretManagerTestCase) {
    1039. 

  1039. 		secret := &sm.IAMCredentialsSecret{
    1040. 

  1040. 			CreatedBy:  utilpointer.To("testCreatedBy"),
    1041. 

  1041. 			CreatedAt:  &strfmt.DateTime{},
    1042. 

  1042. 			Downloaded: utilpointer.To(false),
    1043. 

  1043. 			Labels:     []string{"abc", "def", "xyz"},
    1044. 

  1044. 			LocksTotal: utilpointer.To(int64(20)),
    1045. 

  1045. 			ApiKey:     utilpointer.To(secretAPIKey),
    1046. 

  1046. 		}
    1047. 

  1047. 		smtc.name = "good case: iam_credentials without metadata"
    1048. 

  1048. 		smtc.apiInput.ID = utilpointer.To(secretUUID)
    1049. 

  1049. 		smtc.apiOutput = secret
    1050. 

  1050. 		smtc.ref.Key = iamCredentialsSecret + secretUUID
    1051. 

  1051. 		smtc.ref.MetadataPolicy = esv1beta1.ExternalSecretMetadataPolicyNone
    1052. 

  1052. 		smtc.expectedData = map[string][]byte{
    1053. 

  1053. 			"apikey": []byte(secretAPIKey),
    1054. 

  1054. 		}
    1055. 

  1055. 	}
    1056. 

  1056. 

  1057. 	secretKeyKV := "kv/" + secretUUID
    1058. 

  1058. 	// good case: kv, no property, return entire payload as key:value pairs
    1059. 

  1059. 	setSecretKV := func(smtc *secretManagerTestCase) {
    1060. 

  1060. 		secret := &sm.KVSecret{
    1061. 

  1061. 			Name:       utilpointer.To("testyname"),
    1062. 

  1062. 			ID:         utilpointer.To(secretUUID),
    1063. 

  1063. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1064. 

  1064. 			Data:       secretComplex,
    1065. 

  1065. 		}
    1066. 

  1066. 		smtc.name = "good case: kv, no property, return entire payload as key:value pairs"
    1067. 

  1067. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1068. 

  1068. 		smtc.apiOutput = secret
    1069. 

  1069. 		smtc.ref.Key = secretKeyKV
    1070. 

  1070. 		smtc.expectedData["key1"] = []byte("val1")
    1071. 

  1071. 		smtc.expectedData["key2"] = []byte("val2")
    1072. 

  1072. 		smtc.expectedData["keyC"] = []byte(`{"keyC1":{"keyA":"valA","keyB":"valB"}}`)
    1073. 

  1073. 	}
    1074. 

  1074. 

  1075. 	// good case: kv, with property
    1076. 

  1076. 	setSecretKVWithProperty := func(smtc *secretManagerTestCase) {
    1077. 

  1077. 		secret := &sm.KVSecret{
    1078. 

  1078. 			Name:       utilpointer.To("d5deb37a-7883-4fe2-a5e7-3c15420adc76"),
    1079. 

  1079. 			ID:         utilpointer.To(secretUUID),
    1080. 

  1080. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1081. 

  1081. 			Data:       secretComplex,
    1082. 

  1082. 		}
    1083. 

  1083. 		smtc.name = "good case: kv, with property"
    1084. 

  1084. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1085. 

  1085. 		smtc.ref.Property = "keyC"
    1086. 

  1086. 		smtc.apiOutput = secret
    1087. 

  1087. 		smtc.ref.Key = secretKeyKV
    1088. 

  1088. 		smtc.expectedData["keyC1"] = []byte(`{"keyA":"valA","keyB":"valB"}`)
    1089. 

  1089. 	}
    1090. 

  1090. 

  1091. 	// good case: kv, with property and path
    1092. 

  1092. 	setSecretKVWithPathAndProperty := func(smtc *secretManagerTestCase) {
    1093. 

  1093. 		secret := &sm.KVSecret{
    1094. 

  1094. 			Name:       utilpointer.To(secretUUID),
    1095. 

  1095. 			ID:         utilpointer.To(secretUUID),
    1096. 

  1096. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1097. 

  1097. 			Data:       secretComplex,
    1098. 

  1098. 		}
    1099. 

  1099. 		smtc.name = "good case: kv, with property and path"
    1100. 

  1100. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1101. 

  1101. 		smtc.ref.Property = "keyC.keyC1"
    1102. 

  1102. 		smtc.apiOutput = secret
    1103. 

  1103. 		smtc.ref.Key = secretKeyKV
    1104. 

  1104. 		smtc.expectedData["keyA"] = []byte("valA")
    1105. 

  1105. 		smtc.expectedData["keyB"] = []byte("valB")
    1106. 

  1106. 	}
    1107. 

  1107. 

  1108. 	// bad case: kv, with property and path
    1109. 

  1109. 	badSecretKVWithUnknownProperty := func(smtc *secretManagerTestCase) {
    1110. 

  1110. 		secret := &sm.KVSecret{
    1111. 

  1111. 			Name:       utilpointer.To("testyname"),
    1112. 

  1112. 			ID:         utilpointer.To(secretUUID),
    1113. 

  1113. 			SecretType: utilpointer.To(sm.Secret_SecretType_Kv),
    1114. 

  1114. 			Data:       secretComplex,
    1115. 

  1115. 		}
    1116. 

  1116. 		smtc.name = "bad case: kv, with property and path"
    1117. 

  1117. 		smtc.apiInput.ID = core.StringPtr(secretUUID)
    1118. 

  1118. 		smtc.ref.Property = "unknown.property"
    1119. 

  1119. 		smtc.apiOutput = secret
    1120. 

  1120. 		smtc.ref.Key = secretKeyKV
    1121. 

  1121. 		smtc.expectError = "key unknown.property does not exist in secret " + secretKeyKV
    1122. 

  1122. 	}
    1123. 

  1123. 

  1124. 	successCases := []*secretManagerTestCase{
    1125. 

  1125. 		makeValidSecretManagerTestCaseCustom(badSecretIam),
    1126. 

  1126. 		makeValidSecretManagerTestCaseCustom(setSecretSrvCreds),
    1127. 

  1127. 		makeValidSecretManagerTestCaseCustom(setArbitrary),
    1128. 

  1128. 		makeValidSecretManagerTestCaseCustom(setNilMockClient),
    1129. 

  1129. 		makeValidSecretManagerTestCaseCustom(setAPIErr),
    1130. 

  1130. 		makeValidSecretManagerTestCaseCustom(setSecretUserPass),
    1131. 

  1131. 		makeValidSecretManagerTestCaseCustom(setSecretIam),
    1132. 

  1132. 		makeValidSecretManagerTestCaseCustom(setSecretCert),
    1133. 

  1133. 		makeValidSecretManagerTestCaseCustom(setSecretKV),
    1134. 

  1134. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithProperty),
    1135. 

  1135. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithPathAndProperty),
    1136. 

  1136. 		makeValidSecretManagerTestCaseCustom(badSecretKVWithUnknownProperty),
    1137. 

  1137. 		makeValidSecretManagerTestCaseCustom(setSecretPublicCert),
    1138. 

  1138. 		makeValidSecretManagerTestCaseCustom(setSecretPrivateCert),
    1139. 

  1139. 		makeValidSecretManagerTestCaseCustom(setimportedCertWithNoPvtKey),
    1140. 

  1140. 		makeValidSecretManagerTestCaseCustom(setSecretIamWithMetadata),
    1141. 

  1141. 		makeValidSecretManagerTestCaseCustom(setArbitraryWithMetadata),
    1142. 

  1142. 		makeValidSecretManagerTestCaseCustom(setSecretUserPassWithMetadata),
    1143. 

  1143. 		makeValidSecretManagerTestCaseCustom(setimportedCertWithMetadata),
    1144. 

  1144. 		makeValidSecretManagerTestCaseCustom(setPublicCertWithMetadata),
    1145. 

  1145. 		makeValidSecretManagerTestCaseCustom(setPrivateCertWithMetadata),
    1146. 

  1146. 		makeValidSecretManagerTestCaseCustom(setSecretKVWithMetadata),
    1147. 

  1147. 		makeValidSecretManagerTestCaseCustom(setSecretIamWithoutMetadata),
    1148. 

  1148. 		makeValidSecretManagerTestCaseCustom(setSecretIamByName),
    1149. 

  1149. 	}
    1150. 

  1150. 

  1151. 	sm := providerIBM{}
    1152. 

  1152. 	for _, v := range successCases {
    1153. 

  1153. 		t.Run(v.name, func(t *testing.T) {
    1154. 

  1154. 			sm.IBMClient = v.mockClient
    1155. 

  1155. 			out, err := sm.GetSecretMap(context.Background(), *v.ref)
    1156. 

  1156. 			if !ErrorContains(err, v.expectError) {
    1157. 

  1157. 				t.Errorf("unexpected error: %s, expected: '%s'", err.Error(), v.expectError)
    1158. 

  1158. 			}
    1159. 

  1159. 			if err == nil && !reflect.DeepEqual(out, v.expectedData) {
    1160. 

  1160. 				t.Errorf("unexpected secret data: expected:\n%+v\ngot:\n%+v", v.expectedData, out)
    1161. 

  1161. 			}
    1162. 

  1162. 		})
    1163. 

  1163. 	}
    1164. 

  1164. }
    1165. 

  1165. 

  1166. func TestValidRetryInput(t *testing.T) {
    1167. 

  1167. 	sm := providerIBM{}
    1168. 

  1168. 

  1169. 	invalid := "Invalid"
    1170. 

  1170. 	serviceURL := "http://fake-service-url.cool"
    1171. 

  1171. 

  1172. 	spec := &esv1beta1.SecretStore{
    1173. 

  1173. 		Spec: esv1beta1.SecretStoreSpec{
    1174. 

  1174. 			Provider: &esv1beta1.SecretStoreProvider{
    1175. 

  1175. 				IBM: &esv1beta1.IBMProvider{
    1176. 

  1176. 					Auth: esv1beta1.IBMAuth{
    1177. 

  1177. 						SecretRef: &esv1beta1.IBMAuthSecretRef{
    1178. 

  1178. 							SecretAPIKey: v1.SecretKeySelector{
    1179. 

  1179. 								Name: "fake-secret",
    1180. 

  1180. 								Key:  "fake-key",
    1181. 

  1181. 							},
    1182. 

  1182. 						},
    1183. 

  1183. 					},
    1184. 

  1184. 					ServiceURL: &serviceURL,
    1185. 

  1185. 				},
    1186. 

  1186. 			},
    1187. 

  1187. 			RetrySettings: &esv1beta1.SecretStoreRetrySettings{
    1188. 

  1188. 				RetryInterval: &invalid,
    1189. 

  1189. 			},
    1190. 

  1190. 		},
    1191. 

  1191. 	}
    1192. 

  1192. 

  1193. 	expected := fmt.Sprintf("cannot setup new ibm client: time: invalid duration %q", invalid)
    1194. 

  1194. 	ctx := context.TODO()
    1195. 

  1195. 	kube := clientfake.NewClientBuilder().WithObjects(&corev1.Secret{
    1196. 

  1196. 		ObjectMeta: metav1.ObjectMeta{
    1197. 

  1197. 			Name:      "fake-secret",
    1198. 

  1198. 			Namespace: "default",
    1199. 

  1199. 		},
    1200. 

  1200. 		Data: map[string][]byte{
    1201. 

  1201. 			"fake-key": []byte("ImAFakeApiKey"),
    1202. 

  1202. 		},
    1203. 

  1203. 	}).Build()
    1204. 

  1204. 

  1205. 	_, err := sm.NewClient(ctx, spec, kube, "default")
    1206. 

  1206. 

  1207. 	if !ErrorContains(err, expected) {
    1208. 

  1208. 		t.Errorf("CheckValidRetryInput unexpected error: %s, expected: '%s'", err.Error(), expected)
    1209. 

  1209. 	}
    1210. 

  1210. }
    1211. 

  1211. 

  1212. func ErrorContains(out error, want string) bool {
    1213. 

  1213. 	if out == nil {
    1214. 

  1214. 		return want == ""
    1215. 

  1215. 	}
    1216. 

  1216. 	if want == "" {
    1217. 

  1217. 		return false
    1218. 

  1218. 	}
    1219. 

  1219. 	return strings.Contains(out.Error(), want)
    1220. 

  1220. }
    1221.