Главная Обзор Помощь
Вход
logic855
/
helm-external-secrets
зеркало из https://github.com/external-secrets/external-secrets
1
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: a318978afd
Ветки Метки
helm-externa...
/
pkg
/
provider
/
kubernetes
/
kubernetes_test.go

kubernetes_test.go 6.3 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. package kubernetes
    15. 

  15. 

  16. import (
    17. 

  17. 	"context"
    18. 

  18. 	"errors"
    19. 

  19. 	"fmt"
    20. 

  20. 	"reflect"
    21. 

  21. 	"strings"
    22. 

  22. 	"testing"
    23. 

  23. 

  24. 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
    25. 

  25. 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
    26. 

  26. 	corev1 "k8s.io/api/core/v1"
    27. 

  27. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    28. 

  28. 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
    29. 

  29. 	fclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
    30. 

  30. )
    31. 

  31. 

  32. type secretManagerTestCase struct {
    33. 

  33. 	mockClient  *kclient.Client
    34. 

  34. 	ref         *esv1alpha1.ExternalSecretDataRemoteRef
    35. 

  35. 	namespace   string
    36. 

  36. 	storeKind   string
    37. 

  37. 	Server      string
    38. 

  38. 	User        string
    39. 

  39. 	Certificate []byte
    40. 

  40. 	Key         []byte
    41. 

  41. 	CA          []byte
    42. 

  42. 	BearerToken []byte
    43. 

  43. }
    44. 

  44. 

  45. type fakeClient struct {
    46. 

  46. 	secretMap map[string]corev1.Secret
    47. 

  47. }
    48. 

  48. 

  49. func (fk fakeClient) Get(ctx context.Context, name string, opts metav1.GetOptions) (*corev1.Secret, error) {
    50. 

  50. 	secret, ok := fk.secretMap[name]
    51. 

  51. 

  52. 	if !ok {
    53. 

  53. 		return nil, errors.New("Something went wrong")
    54. 

  54. 	}
    55. 

  55. 	return &secret, nil
    56. 

  56. }
    57. 

  57. 

  58. func (fk fakeClient) Create(ctx context.Context, name string, opts metav1.GetOptions) (*corev1.Secret, error) {
    59. 

  59. 	return nil, nil
    60. 

  60. }
    61. 

  61. 

  62. // test the sm<->gcp interface
    63. 

  63. // make sure correct values are passed and errors are handled accordingly.
    64. 

  64. func TestKubernetesSecretManagerGetSecret(t *testing.T) {
    65. 

  65. 	expected := make(map[string][]byte)
    66. 

  66. 	value := "bar"
    67. 

  67. 	expected["foo"] = []byte(value)
    68. 

  68. 	mysecret := corev1.Secret{Data: expected}
    69. 

  69. 	mysecretmap := make(map[string]corev1.Secret)
    70. 

  70. 	mysecretmap["Key"] = mysecret
    71. 

  71. 

  72. 	fk := fakeClient{secretMap: mysecretmap}
    73. 

  73. 	kp := ProviderKubernetes{Client: fk}
    74. 

  74. 

  75. 	ref := esv1alpha1.ExternalSecretDataRemoteRef{Key: "Key", Property: "foo"}
    76. 

  76. 	ctx := context.Background()
    77. 

  77. 

  78. 	output, _ := kp.GetSecret(ctx, ref)
    79. 

  79. 

  80. 	if string(output) != "bar" {
    81. 

  81. 		t.Error("missing match value of the secret")
    82. 

  82. 	}
    83. 

  83. 

  84. 	ref = esv1alpha1.ExternalSecretDataRemoteRef{Key: "Key2", Property: "foo"}
    85. 

  85. 	output, err := kp.GetSecret(ctx, ref)
    86. 

  86. 

  87. 	if err.Error() != "Something went wrong" {
    88. 

  88. 		t.Error("test failed")
    89. 

  89. 	}
    90. 

  90. 

  91. 	ref = esv1alpha1.ExternalSecretDataRemoteRef{Key: "Key", Property: "foo2"}
    92. 

  92. 	output, err = kp.GetSecret(ctx, ref)
    93. 

  93. 	expected_error := fmt.Sprintf("property %s does not exist in key %s", ref.Property, ref.Key)
    94. 

  94. 	if err.Error() != expected_error {
    95. 

  95. 		t.Error("test not existing property failed")
    96. 

  96. 	}
    97. 

  97. 

  98. 	kp = ProviderKubernetes{Client: nil}
    99. 

  99. 	output, err = kp.GetSecret(ctx, ref)
    100. 

  100. 

  101. 	if err.Error() != errUninitalizedKubernetesProvider {
    102. 

  102. 		t.Error("test nil Client failed")
    103. 

  103. 	}
    104. 

  104. 

  105. 	ref = esv1alpha1.ExternalSecretDataRemoteRef{Key: "Key", Property: ""}
    106. 

  106. 	output, err = kp.GetSecret(ctx, ref)
    107. 

  107. 

  108. 	if err.Error() != "property field not found on extrenal secrets" {
    109. 

  109. 		t.Error("test nil Property failed")
    110. 

  110. 	}
    111. 

  111. 

  112. }
    113. 

  113. 

  114. func TestKubernetesSecretManagerGetSecretMap(t *testing.T) {
    115. 

  115. 	expected := make(map[string][]byte)
    116. 

  116. 	value := "bar"
    117. 

  117. 	expected["foo"] = []byte(value)
    118. 

  118. 	expected["foo2"] = []byte(value)
    119. 

  119. 	mysecret := corev1.Secret{Data: expected}
    120. 

  120. 	mysecretmap := make(map[string]corev1.Secret)
    121. 

  121. 	mysecretmap["Key"] = mysecret
    122. 

  122. 

  123. 	fk := fakeClient{secretMap: mysecretmap}
    124. 

  124. 	kp := ProviderKubernetes{Client: fk}
    125. 

  125. 

  126. 	ref := esv1alpha1.ExternalSecretDataRemoteRef{Key: "Key", Property: ""}
    127. 

  127. 	ctx := context.Background()
    128. 

  128. 

  129. 	output, err := kp.GetSecretMap(ctx, ref)
    130. 

  130. 

  131. 	if err != nil {
    132. 

  132. 		t.Error("test failed")
    133. 

  133. 	}
    134. 

  134. 	if !reflect.DeepEqual(output, expected) {
    135. 

  135. 		t.Error("Objects are not equal")
    136. 

  136. 	}
    137. 

  137. }
    138. 

  138. 

  139. func TestKubernetesSecretManagerSetAuth(t *testing.T) {
    140. 

  140. 	kp := esv1alpha1.KubernetesProvider{}
    141. 

  141. 	fs := &corev1.Secret{}
    142. 

  142. 	fs.ObjectMeta.Name = "good-name"
    143. 

  143. 	secret_value := make(map[string][]byte)
    144. 

  144. 	secret_value["cert"] = []byte("secret-cert")
    145. 

  145. 	secret_value["ca"] = []byte("secret-ca")
    146. 

  146. 	secret_value["bearerToken"] = []byte("bearerToken")
    147. 

  147. 

  148. 	fs2 := &corev1.Secret{}
    149. 

  149. 	fs2.ObjectMeta.Name = "secret-for-the-key"
    150. 

  150. 	secret_value2 := make(map[string][]byte)
    151. 

  151. 	secret_value2["key"] = []byte("secret-key")
    152. 

  152. 

  153. 	fs.Data = secret_value
    154. 

  154. 	fs2.Data = secret_value2
    155. 

  155. 	fk := fclient.NewFakeClient(fs, fs2)
    156. 

  156. 	bc := BaseClient{fk, &kp, "", "", "", "", nil, nil, nil, nil}
    157. 

  157. 

  158. 	ctx := context.Background()
    159. 

  159. 

  160. 	err := bc.setAuth(ctx)
    161. 

  161. 

  162. 	if err.Error() != "kubernetes credentials are empty" {
    163. 

  163. 		t.Error("test kubernetes credentials not empty failed")
    164. 

  164. 	}
    165. 

  165. 

  166. 	kp = esv1alpha1.KubernetesProvider{
    167. 

  167. 		Auth: esv1alpha1.KubernetesAuth{
    168. 

  168. 			SecretRef: esv1alpha1.KubernetesSecretRef{
    169. 

  169. 				Certificate: esmeta.SecretKeySelector{
    170. 

  170. 					Name: "fake-name",
    171. 

  171. 				},
    172. 

  172. 			},
    173. 

  173. 		},
    174. 

  174. 	}
    175. 

  175. 

  176. 	err = bc.setAuth(ctx)
    177. 

  177. 

  178. 	if err.Error() != "could not fetch Credentials secret: secrets \"fake-name\" not found" {
    179. 

  179. 		fmt.Println(err.Error())
    180. 

  180. 		t.Error("test could not fetch Credentials secret failed")
    181. 

  181. 	}
    182. 

  182. 	kp.Auth.SecretRef.Certificate.Name = "good-name"
    183. 

  183. 

  184. 	err = bc.setAuth(ctx)
    185. 

  185. 

  186. 	if err.Error() != "missing Credentials: cert" {
    187. 

  187. 		fmt.Println(err.Error())
    188. 

  188. 		t.Error("test could not fetch Credentials secret failed")
    189. 

  189. 	}
    190. 

  190. 

  191. 	kp.Auth.SecretRef.Certificate.Key = "cert"
    192. 

  192. 	kp.Auth.SecretRef.Key.Name = "secret-for-the-key"
    193. 

  193. 

  194. 	err = bc.setAuth(ctx)
    195. 

  195. 

  196. 	if err.Error() != "missing Credentials: key" {
    197. 

  197. 		fmt.Println(err.Error())
    198. 

  198. 		t.Error("test could not fetch Credentials secret failed")
    199. 

  199. 	}
    200. 

  200. 

  201. 	kp.Auth.SecretRef.Key.Key = "key"
    202. 

  202. 	kp.Auth.SecretRef.CA.Name = "good-name"
    203. 

  203. 

  204. 	err = bc.setAuth(ctx)
    205. 

  205. 

  206. 	if err.Error() != "missing Credentials: ca" {
    207. 

  207. 		fmt.Println(err.Error())
    208. 

  208. 		t.Error("test could not fetch Credentials secret failed")
    209. 

  209. 	}
    210. 

  210. 	kp.Auth.SecretRef.CA.Key = "ca"
    211. 

  211. 	kp.Auth.SecretRef.BearerToken.Name = "good-name"
    212. 

  212. 

  213. 	err = bc.setAuth(ctx)
    214. 

  214. 

  215. 	if err.Error() != "missing Credentials: bearerToken" {
    216. 

  216. 		fmt.Println(err.Error())
    217. 

  217. 		t.Error("test could not fetch Credentials secret failed")
    218. 

  218. 	}
    219. 

  219. 

  220. 	kp.Auth.SecretRef.BearerToken.Key = "bearerToken"
    221. 

  221. 	
    222. 

  222. 	err = bc.setAuth(ctx)
    223. 

  223. 

  224. 

  225. 	if err != nil {
    226. 

  226. 		fmt.Println(err.Error())
    227. 

  227. 		t.Error("test could not fetch Credentials secret failed")
    228. 

  228. 	}
    229. 

  229. 

  230. }
    231. 

  231. 

  232. func ErrorContains(out error, want string) bool {
    233. 

  233. 	if out == nil {
    234. 

  234. 		return want == ""
    235. 

  235. 	}
    236. 

  236. 	if want == "" {
    237. 

  237. 		return false
    238. 

  238. 	}
    239. 

  239. 	return strings.Contains(out.Error(), want)
    240. 

  240. }
    241.