Sākums Izpētīt Palīdzība
Pierakstīties
logic855
/
helm-external-secrets
spogulis no https://github.com/external-secrets/external-secrets
1
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Koks: a1722cbfaa
Atzari Tagi
helm-externa...
/
e2e
/
suites
/
provider
/
cases
/
gcp
/
gcp.go

gcp.go 8.3 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. limitations under the License.
    12. 

  12. */
    13. 

  13. package gcp
    14. 

  14. 

  15. import (
    16. 

  16. 	"crypto/rand"
    17. 

  17. 	"crypto/x509"
    18. 

  18. 	"encoding/pem"
    19. 

  19. 	"fmt"
    20. 

  20. 

  21. 	// nolint
    22. 

  22. 	. "github.com/onsi/ginkgo/v2"
    23. 

  23. 	v1 "k8s.io/api/core/v1"
    24. 

  24. 	p12 "software.sslmate.com/src/go-pkcs12"
    25. 

  25. 

  26. 	// nolint
    27. 

  27. 	"github.com/external-secrets/external-secrets-e2e/framework"
    28. 

  28. 	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
    29. 

  29. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    30. 

  30. )
    31. 

  31. 

  32. const (
    33. 

  33. 	withStaticAuth         = "with service account"
    34. 

  34. 	withReferentStaticAuth = "with service acount from referent namespace"
    35. 

  35. )
    36. 

  36. 

  37. // This test uses the global ESO.
    38. 

  38. var _ = Describe("[gcp]", Label("gcp", "secretsmanager"), func() {
    39. 

  39. 	f := framework.New("eso-gcp")
    40. 

  40. 	prov := NewFromEnv(f, "")
    41. 

  41. 

  42. 	DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
    43. 

  43. 		framework.Compose(withStaticAuth, f, common.SimpleDataSync, useStaticAuth),
    44. 

  44. 		framework.Compose(withStaticAuth, f, common.JSONDataWithProperty, useStaticAuth),
    45. 

  45. 		framework.Compose(withStaticAuth, f, common.JSONDataFromSync, useStaticAuth),
    46. 

  46. 		framework.Compose(withStaticAuth, f, common.JSONDataFromRewrite, useStaticAuth),
    47. 

  47. 		framework.Compose(withStaticAuth, f, common.NestedJSONWithGJSON, useStaticAuth),
    48. 

  48. 		framework.Compose(withStaticAuth, f, common.JSONDataWithTemplate, useStaticAuth),
    49. 

  49. 		framework.Compose(withStaticAuth, f, common.DockerJSONConfig, useStaticAuth),
    50. 

  50. 		framework.Compose(withStaticAuth, f, common.DataPropertyDockerconfigJSON, useStaticAuth),
    51. 

  51. 		framework.Compose(withStaticAuth, f, common.SSHKeySync, useStaticAuth),
    52. 

  52. 		framework.Compose(withStaticAuth, f, common.SSHKeySyncDataProperty, useStaticAuth),
    53. 

  53. 		framework.Compose(withStaticAuth, f, common.SyncWithoutTargetName, useStaticAuth),
    54. 

  54. 		framework.Compose(withStaticAuth, f, common.JSONDataWithoutTargetName, useStaticAuth),
    55. 

  55. 		framework.Compose(withStaticAuth, f, common.FindByName, useStaticAuth),
    56. 

  56. 		framework.Compose(withStaticAuth, f, common.FindByNameAndRewrite, useStaticAuth),
    57. 

  57. 		framework.Compose(withStaticAuth, f, common.FindByNameWithPath, useStaticAuth),
    58. 

  58. 		framework.Compose(withStaticAuth, f, common.FindByTag, useStaticAuth),
    59. 

  59. 		framework.Compose(withStaticAuth, f, common.FindByTagWithPath, useStaticAuth),
    60. 

  60. 		framework.Compose(withStaticAuth, f, common.SyncV1Alpha1, useStaticAuth),
    61. 

  61. 		framework.Compose(withStaticAuth, f, p12Cert, useStaticAuth),
    62. 

  62. 

  63. 		// referent auth
    64. 

  64. 		framework.Compose(withReferentStaticAuth, f, common.SimpleDataSync, useReferentAuth),
    65. 

  65. 	)
    66. 

  66. })
    67. 

  67. 

  68. func useStaticAuth(tc *framework.TestCase) {
    69. 

  69. 	tc.ExternalSecret.Spec.SecretStoreRef.Name = tc.Framework.Namespace.Name
    70. 

  70. 	if tc.ExternalSecretV1Alpha1 != nil {
    71. 

  71. 		tc.ExternalSecretV1Alpha1.Spec.SecretStoreRef.Name = tc.Framework.Namespace.Name
    72. 

  72. 	}
    73. 

  73. }
    74. 

  74. 

  75. func useReferentAuth(tc *framework.TestCase) {
    76. 

  76. 	tc.ExternalSecret.Spec.SecretStoreRef.Name = referentName(tc.Framework)
    77. 

  77. 	tc.ExternalSecret.Spec.SecretStoreRef.Kind = esv1beta1.ClusterSecretStoreKind
    78. 

  78. }
    79. 

  79. 

  80. // P12Cert case creates a secret with a p12 cert containing a privkey and cert bundled together.
    81. 

  81. // It uses templating to generate a k8s secret of type tls with pem values.
    82. 

  82. func p12Cert(f *framework.Framework) (string, func(*framework.TestCase)) {
    83. 

  83. 	return "should sync p12 encoded cert secret", func(tc *framework.TestCase) {
    84. 

  84. 		cloudSecretName := fmt.Sprintf("%s-%s", tc.Framework.Namespace.Name, "p12-cert-example")
    85. 

  85. 		certPEM := `-----BEGIN CERTIFICATE-----
    86. 

  86. MIIFQjCCBCqgAwIBAgISBHszg5W2maz/7CIxGrf7mqukMA0GCSqGSIb3DQEBCwUA
    87. 

  87. MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
    88. 

  88. EwJSMzAeFw0yMTA3MjQxMjQyMzNaFw0yMTEwMjIxMjQyMzFaMCgxJjAkBgNVBAMT
    89. 

  89. HXRlbXBvcmFyeS5leHRlcm5hbC1zZWNyZXRzLmlvMIIBIjANBgkqhkiG9w0BAQEF
    90. 

  90. AAOCAQ8AMIIBCgKCAQEAyRROdZskA8qnGnoMgQ5Ry5MVY/lgo3HzlhKq02u23J2w
    91. 

  91. 14w+LiEU2hcSJKYv5OXysbfq7M52u2zXYZXs6krkQZlYNpFw7peZ0JtUbVkSpST/
    92. 

  92. X4b1GJKDSkRs7fTi+v+pb9OT9rTbtd8jfGe/YCe5rjXEm/ih2DgS13737lKCD5n6
    93. 

  93. 3QUOG7CR+SKFeRXOGkncqJHAyRkpNfAmS8m1C+ucodfjSFoqAwwVGx7eyEktG4s/
    94. 

  94. JbwLEb03hGrP15vnnOgxQmiAzWskxhMyHX6vmA71Oq4F3RVsuD3CEjKzgJ2+ghk3
    95. 

  95. BIY3DZSfSReWSMYM573YFglENi+qJK012XnFmZcevwIDAQABo4ICWjCCAlYwDgYD
    96. 

  96. VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
    97. 

  97. HRMBAf8EAjAAMB0GA1UdDgQWBBRvn1wGi46XcyhRIIxJkSSUoCyoNzAfBgNVHSME
    98. 

  98. GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB
    99. 

  99. BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov
    100. 

  100. L3IzLmkubGVuY3Iub3JnLzAoBgNVHREEITAfgh10ZW1wb3JhcnkuZXh0ZXJuYWwt
    101. 

  101. c2VjcmV0cy5pbzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
    102. 

  102. MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQYGCisG
    103. 

  103. AQQB1nkCBAIEgfcEgfQA8gB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO
    104. 

  104. 8WTjAAABetjA0asAAAQDAEgwRgIhAPYbBNim7q3P0qmD9IrAx1E1fEClYpoLrAVs
    105. 

  105. 4LGBkQobAiEA+IaTPWs9eHmqtCwar96PNxE0Iucak0DYkgfcWJT5gfYAdwBvU3as
    106. 

  106. MfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXrYwNJTAAAEAwBIMEYCIQDY
    107. 

  107. xWJKFljK1AW2z/uVsU7TwcAAcIqUf5/nhS04JAwpfwIhANDTvwvcRvPebU7fv6dq
    108. 

  108. lNH1g2Oyv/4Vm7W+Vrc5cFD0MA0GCSqGSIb3DQEBCwUAA4IBAQAR29s3pDGZbNPN
    109. 

  109. 5K+Zqg9UDT8s+P0fb9r97T7hWEFkiUtG4bz7QvGzSoDXhD/DZkdjLmkX7+bLiE3L
    110. 

  110. hRSSYe+Am+Bw5soyzefX2FHAUeOLeK0mJhOrdiKqrW4nnvOOJWLkcWS799kW2z7j
    111. 

  111. 2MgUWTOz/xXGUOWHt1KjyoM31G3shoAIB9lg3lHbuVIyDd3yyUpjt0zevVdYrO9G
    112. 

  112. CgI2mJfv26EiddBvgudzN+R5Ayis9czaFHu8gpplaf9DahaKs1Uys6lg0HnzRn3l
    113. 

  113. XMYitHfpGhc+DTTiTWMQ13J0b1j4yv8A7ZaG2366aa28oSTD6eQFhmVCBwa54j++
    114. 

  114. IOwzHn5R
    115. 

  115. -----END CERTIFICATE-----
    116. 

  116. `
    117. 

  117. 		privkeyPEM := `-----BEGIN PRIVATE KEY-----
    118. 

  118. MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDJFE51myQDyqca
    119. 

  119. egyBDlHLkxVj+WCjcfOWEqrTa7bcnbDXjD4uIRTaFxIkpi/k5fKxt+rszna7bNdh
    120. 

  120. lezqSuRBmVg2kXDul5nQm1RtWRKlJP9fhvUYkoNKRGzt9OL6/6lv05P2tNu13yN8
    121. 

  121. Z79gJ7muNcSb+KHYOBLXfvfuUoIPmfrdBQ4bsJH5IoV5Fc4aSdyokcDJGSk18CZL
    122. 

  122. ybUL65yh1+NIWioDDBUbHt7ISS0biz8lvAsRvTeEas/Xm+ec6DFCaIDNayTGEzId
    123. 

  123. fq+YDvU6rgXdFWy4PcISMrOAnb6CGTcEhjcNlJ9JF5ZIxgznvdgWCUQ2L6okrTXZ
    124. 

  124. ecWZlx6/AgMBAAECggEBAI9sDX5zFuAhdsk6zppqtUrn8TTq1dQe3ihnzjKYvMhl
    125. 

  125. LZLA9EUA0ZexJv6/DqBMp6u9TDJ2HVgYDRQM1PxUSLTFhJb/bDayKUMS18ha5SKn
    126. 

  126. 3gKsBzvsnPqnDa84oYF4Q8mAdyRb4e66ZtxAP8985kLtFPxO/llzvXS5mmwBq8Ul
    127. 

  127. wlLOg5xAXubm3vgLyFm2GW9qI6ZvY9mmh1mv5ZLP8/8hikRjwJijnX3dyqqIAYnc
    128. 

  128. DHjJYy2I1VxGJybqVQRquG++Tl4qLXbOUZ/lhKe62ARx/MBR9lEst5TURc9N7U3D
    129. 

  129. Mgsu7FcFwqjVkig3P0XiNRWwCu0HrYee5rLXmtDnF9kCgYEA69+OuJM/RIsrLQQd
    130. 

  130. 1alppgT+SFyaJM3X1MJD3yxW6Vqqvkhqe7+XCWnmVYcpHPcilWmZnnQ3PiWqPJ8A
    131. 

  131. 3mIMp+Xg0ddFQXb3n7z4D0Mg4IPzvSKnlieTT1rDhhHRv/xArw1UBkF6kqcnZizZ
    132. 

  132. FcWcOIt/dYodTWZzPJtLtf7QW0sCgYEA2jy0vJ5rg0/CSinkccreegC6gbbd+oE9
    133. 

  133. uR/aGeu1XmnULoYYMMy7BLqd8/OiXvujbgUSUWnzbEclR88dPDkiRxDL7mYiaCn+
    134. 

  134. l9jPuVB1W5x6irJdG/7lpSnLuijpkzey177ZKrlfGsOjtVZsc1ytnqTCWsF1r9eY
    135. 

  135. yXCSvkJQjd0CgYEA5+vl0hh+MfBA4L9WcnpkNehc+luK+LspB7qHr81SG5qZngVo
    136. 

  136. JgspAAmPf/Mo+qEI8S5m7MVKeCHitD6HRSHVXdUK7GklYIwQSJEuuxr/HaLAquyD
    137. 

  137. KYH6NyGAdLfarFHka/rH7mq9kasnczCPtveZdoO7LKBD1ZHxptrvY6CLz+cCgYEA
    138. 

  138. yEq2xfXPTrDA7DgOhbFfBjHs+mfOyr4a2/Czxt5hkskmB5ziTsdXTTvJA8Ay4WGp
    139. 

  139. 2Kum6DmJQ3L4cDNR7ZeyMe7ke2QZZ+hC1TITU0zYqL+wZ+LTOYJzWWZGqBAsbwTL
    140. 

  140. it6JiYCgHHw5n5A18Jq6bcNg7NJpJH2GqDo9M4jBTbECgYEAlMuvNExEXGVzWrGF
    141. 

  141. NXHpAev64RJ2jTq59jtmxWrNvzeWJREOWd/Nt+0t+bE0sHMfgaMrhNFWiR8oesrF
    142. 

  142. Jdx0ECYawviQoreDAyIXV6HouoeRbDtLZ9AJvxMoIjGcjAR2FQHc3yx4h/lf3Tfx
    143. 

  143. x6HaRh+EUwU51von6M9lEF9/p5Q=
    144. 

  144. -----END PRIVATE KEY-----
    145. 

  145. `
    146. 

  146. 		blockCert, _ := pem.Decode([]byte(certPEM))
    147. 

  147. 		cert, _ := x509.ParseCertificate(blockCert.Bytes)
    148. 

  148. 		blockPrivKey, _ := pem.Decode([]byte(privkeyPEM))
    149. 

  149. 		privkey, _ := x509.ParsePKCS8PrivateKey(blockPrivKey.Bytes)
    150. 

  150. 		emptyCACerts := []*x509.Certificate{}
    151. 

  151. 		p12Cert, _ := p12.Encode(rand.Reader, privkey, cert, emptyCACerts, "")
    152. 

  152. 

  153. 		tc.Secrets = map[string]framework.SecretEntry{
    154. 

  154. 			cloudSecretName: {Value: string(p12Cert)},
    155. 

  155. 		}
    156. 

  156. 

  157. 		tc.ExpectedSecret = &v1.Secret{
    158. 

  158. 			Type: v1.SecretTypeTLS,
    159. 

  159. 			Data: map[string][]byte{
    160. 

  160. 				"tls.crt": []byte(certPEM),
    161. 

  161. 				"tls.key": []byte(privkeyPEM),
    162. 

  162. 			},
    163. 

  163. 		}
    164. 

  164. 

  165. 		tc.ExternalSecret.Spec.Data = []esv1beta1.ExternalSecretData{
    166. 

  166. 			{
    167. 

  167. 				SecretKey: "mysecret",
    168. 

  168. 				RemoteRef: esv1beta1.ExternalSecretDataRemoteRef{
    169. 

  169. 					Key: cloudSecretName,
    170. 

  170. 				},
    171. 

  171. 			},
    172. 

  172. 		}
    173. 

  173. 

  174. 		tc.ExternalSecret.Spec.Target.Template = &esv1beta1.ExternalSecretTemplate{
    175. 

  175. 			Type:          v1.SecretTypeTLS,
    176. 

  176. 			EngineVersion: esv1beta1.TemplateEngineV1,
    177. 

  177. 			Data: map[string]string{
    178. 

  178. 				"tls.crt": "{{ .mysecret | pkcs12cert | pemCertificate }}",
    179. 

  179. 				"tls.key": "{{ .mysecret | pkcs12key | pemPrivateKey }}",
    180. 

  180. 			},
    181. 

  181. 		}
    182. 

  182. 	}
    183. 

  183. }
    184.