Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: a86b86eeea
Branches Tags
helm-externa...
/
pkg
/
utils
/
utils_test.go

utils_test.go 10 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package utils
    16. 

  16. 

  17. import (
    18. 

  18. 	"reflect"
    19. 

  19. 	"testing"
    20. 

  20. 	"time"
    21. 

  21. 

  22. 	vault "github.com/oracle/oci-go-sdk/v56/vault"
    23. 

  23. 	v1 "k8s.io/api/core/v1"
    24. 

  24. 

  25. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    26. 

  26. )
    27. 

  27. 

  28. const (
    29. 

  29. 	base64DecodedValue    string = "foo%_?bar"
    30. 

  30. 	base64EncodedValue    string = "Zm9vJV8/YmFy"
    31. 

  31. 	base64URLEncodedValue string = "Zm9vJV8_YmFy"
    32. 

  32. )
    33. 

  33. 

  34. func TestObjectHash(t *testing.T) {
    35. 

  35. 	tests := []struct {
    36. 

  36. 		name  string
    37. 

  37. 		input interface{}
    38. 

  38. 		want  string
    39. 

  39. 	}{
    40. 

  40. 		{
    41. 

  41. 			name:  "A nil should be still working",
    42. 

  42. 			input: nil,
    43. 

  43. 			want:  "60046f14c917c18a9a0f923e191ba0dc",
    44. 

  44. 		},
    45. 

  45. 		{
    46. 

  46. 			name:  "We accept a simple scalar value, i.e. string",
    47. 

  47. 			input: "hello there",
    48. 

  48. 			want:  "161bc25962da8fed6d2f59922fb642aa",
    49. 

  49. 		},
    50. 

  50. 		{
    51. 

  51. 			name: "A complex object like a secret is not an issue",
    52. 

  52. 			input: v1.Secret{Data: map[string][]byte{
    53. 

  53. 				"xx": []byte("yyy"),
    54. 

  54. 			}},
    55. 

  55. 			want: "7b6fb27a17a8e4a4be8fda6cb499f3d5",
    56. 

  56. 		},
    57. 

  57. 		{
    58. 

  58. 			name: "map also works",
    59. 

  59. 			input: map[string][]byte{
    60. 

  60. 				"foo": []byte("value1"),
    61. 

  61. 				"bar": []byte("value2"),
    62. 

  62. 			},
    63. 

  63. 			want: "caa0155759a6a9b3b6ada5a6883ee2bb",
    64. 

  64. 		},
    65. 

  65. 	}
    66. 

  66. 	for _, tt := range tests {
    67. 

  67. 		t.Run(tt.name, func(t *testing.T) {
    68. 

  68. 			if got := ObjectHash(tt.input); got != tt.want {
    69. 

  69. 				t.Errorf("ObjectHash() = %v, want %v", got, tt.want)
    70. 

  70. 			}
    71. 

  71. 		})
    72. 

  72. 	}
    73. 

  73. }
    74. 

  74. 

  75. func TestIsNil(t *testing.T) {
    76. 

  76. 	tbl := []struct {
    77. 

  77. 		name string
    78. 

  78. 		val  interface{}
    79. 

  79. 		exp  bool
    80. 

  80. 	}{
    81. 

  81. 		{
    82. 

  82. 			name: "simple nil val",
    83. 

  83. 			val:  nil,
    84. 

  84. 			exp:  true,
    85. 

  85. 		},
    86. 

  86. 		{
    87. 

  87. 			name: "nil slice",
    88. 

  88. 			val:  (*[]struct{})(nil),
    89. 

  89. 			exp:  true,
    90. 

  90. 		},
    91. 

  91. 		{
    92. 

  92. 			name: "struct pointer",
    93. 

  93. 			val:  &testing.T{},
    94. 

  94. 			exp:  false,
    95. 

  95. 		},
    96. 

  96. 		{
    97. 

  97. 			name: "struct",
    98. 

  98. 			val:  testing.T{},
    99. 

  99. 			exp:  false,
    100. 

  100. 		},
    101. 

  101. 		{
    102. 

  102. 			name: "slice of struct",
    103. 

  103. 			val:  []struct{}{{}},
    104. 

  104. 			exp:  false,
    105. 

  105. 		},
    106. 

  106. 		{
    107. 

  107. 			name: "slice of ptr",
    108. 

  108. 			val:  []*testing.T{nil},
    109. 

  109. 			exp:  false,
    110. 

  110. 		},
    111. 

  111. 		{
    112. 

  112. 			name: "slice",
    113. 

  113. 			val:  []struct{}(nil),
    114. 

  114. 			exp:  false,
    115. 

  115. 		},
    116. 

  116. 		{
    117. 

  117. 			name: "int default value",
    118. 

  118. 			val:  0,
    119. 

  119. 			exp:  false,
    120. 

  120. 		},
    121. 

  121. 		{
    122. 

  122. 			name: "empty str",
    123. 

  123. 			val:  "",
    124. 

  124. 			exp:  false,
    125. 

  125. 		},
    126. 

  126. 		{
    127. 

  127. 			name: "oracle vault",
    128. 

  128. 			val:  vault.VaultsClient{},
    129. 

  129. 			exp:  false,
    130. 

  130. 		},
    131. 

  131. 		{
    132. 

  132. 			name: "func",
    133. 

  133. 			val: func() {
    134. 

  134. 				// noop for testing and to make linter happy
    135. 

  135. 			},
    136. 

  136. 			exp: false,
    137. 

  137. 		},
    138. 

  138. 		{
    139. 

  139. 			name: "channel",
    140. 

  140. 			val:  make(chan struct{}),
    141. 

  141. 			exp:  false,
    142. 

  142. 		},
    143. 

  143. 		{
    144. 

  144. 			name: "map",
    145. 

  145. 			val:  map[string]string{},
    146. 

  146. 			exp:  false,
    147. 

  147. 		},
    148. 

  148. 	}
    149. 

  149. 

  150. 	for _, row := range tbl {
    151. 

  151. 		t.Run(row.name, func(t *testing.T) {
    152. 

  152. 			res := IsNil(row.val)
    153. 

  153. 			if res != row.exp {
    154. 

  154. 				t.Errorf("IsNil(%#v)=%t, expected %t", row.val, res, row.exp)
    155. 

  155. 			}
    156. 

  156. 		})
    157. 

  157. 	}
    158. 

  158. }
    159. 

  159. 

  160. func TestConvertKeys(t *testing.T) {
    161. 

  161. 	type args struct {
    162. 

  162. 		strategy esv1beta1.ExternalSecretConversionStrategy
    163. 

  163. 		in       map[string][]byte
    164. 

  164. 	}
    165. 

  165. 	tests := []struct {
    166. 

  166. 		name    string
    167. 

  167. 		args    args
    168. 

  168. 		want    map[string][]byte
    169. 

  169. 		wantErr bool
    170. 

  170. 	}{
    171. 

  171. 		{
    172. 

  172. 			name: "convert with special chars",
    173. 

  173. 			args: args{
    174. 

  174. 				strategy: esv1beta1.ExternalSecretConversionDefault,
    175. 

  175. 				in: map[string][]byte{
    176. 

  176. 					"foo$bar%baz*bing": []byte(`noop`),
    177. 

  177. 				},
    178. 

  178. 			},
    179. 

  179. 			want: map[string][]byte{
    180. 

  180. 				"foo_bar_baz_bing": []byte(`noop`),
    181. 

  181. 			},
    182. 

  182. 		},
    183. 

  183. 		{
    184. 

  184. 			name: "error on collision",
    185. 

  185. 			args: args{
    186. 

  186. 				strategy: esv1beta1.ExternalSecretConversionDefault,
    187. 

  187. 				in: map[string][]byte{
    188. 

  188. 					"foo$bar%baz*bing": []byte(`noop`),
    189. 

  189. 					"foo_bar_baz$bing": []byte(`noop`),
    190. 

  190. 				},
    191. 

  191. 			},
    192. 

  192. 			wantErr: true,
    193. 

  193. 		},
    194. 

  194. 		{
    195. 

  195. 			name: "convert path",
    196. 

  196. 			args: args{
    197. 

  197. 				strategy: esv1beta1.ExternalSecretConversionDefault,
    198. 

  198. 				in: map[string][]byte{
    199. 

  199. 					"/foo/bar/baz/bing": []byte(`noop`),
    200. 

  200. 					"foo/bar/baz/bing/": []byte(`noop`),
    201. 

  201. 				},
    202. 

  202. 			},
    203. 

  203. 			want: map[string][]byte{
    204. 

  204. 				"_foo_bar_baz_bing": []byte(`noop`),
    205. 

  205. 				"foo_bar_baz_bing_": []byte(`noop`),
    206. 

  206. 			},
    207. 

  207. 		},
    208. 

  208. 		{
    209. 

  209. 			name: "convert unicode",
    210. 

  210. 			args: args{
    211. 

  211. 				strategy: esv1beta1.ExternalSecretConversionUnicode,
    212. 

  212. 				in: map[string][]byte{
    213. 

  213. 					"😀foo😁bar😂baz😈bing": []byte(`noop`),
    214. 

  214. 				},
    215. 

  215. 			},
    216. 

  216. 			want: map[string][]byte{
    217. 

  217. 				"_U1f600_foo_U1f601_bar_U1f602_baz_U1f608_bing": []byte(`noop`),
    218. 

  218. 			},
    219. 

  219. 		},
    220. 

  220. 	}
    221. 

  221. 	for _, tt := range tests {
    222. 

  222. 		t.Run(tt.name, func(t *testing.T) {
    223. 

  223. 			got, err := ConvertKeys(tt.args.strategy, tt.args.in)
    224. 

  224. 			if (err != nil) != tt.wantErr {
    225. 

  225. 				t.Errorf("ConvertKeys() error = %v, wantErr %v", err, tt.wantErr)
    226. 

  226. 				return
    227. 

  227. 			}
    228. 

  228. 			if !reflect.DeepEqual(got, tt.want) {
    229. 

  229. 				t.Errorf("ConvertKeys() = %v, want %v", got, tt.want)
    230. 

  230. 			}
    231. 

  231. 		})
    232. 

  232. 	}
    233. 

  233. }
    234. 

  234. 

  235. func TestDecode(t *testing.T) {
    236. 

  236. 	type args struct {
    237. 

  237. 		strategy esv1beta1.ExternalSecretDecodingStrategy
    238. 

  238. 		in       map[string][]byte
    239. 

  239. 	}
    240. 

  240. 	tests := []struct {
    241. 

  241. 		name    string
    242. 

  242. 		args    args
    243. 

  243. 		want    map[string][]byte
    244. 

  244. 		wantErr bool
    245. 

  245. 	}{
    246. 

  246. 		{
    247. 

  247. 			name: "base64 decoded",
    248. 

  248. 			args: args{
    249. 

  249. 				strategy: esv1beta1.ExternalSecretDecodeBase64,
    250. 

  250. 				in: map[string][]byte{
    251. 

  251. 					"foo": []byte("YmFy"),
    252. 

  252. 				},
    253. 

  253. 			},
    254. 

  254. 			want: map[string][]byte{
    255. 

  255. 				"foo": []byte("bar"),
    256. 

  256. 			},
    257. 

  257. 		},
    258. 

  258. 		{
    259. 

  259. 			name: "invalid base64",
    260. 

  260. 			args: args{
    261. 

  261. 				strategy: esv1beta1.ExternalSecretDecodeBase64,
    262. 

  262. 				in: map[string][]byte{
    263. 

  263. 					"foo": []byte("foo"),
    264. 

  264. 				},
    265. 

  265. 			},
    266. 

  266. 			wantErr: true,
    267. 

  267. 		},
    268. 

  268. 		{
    269. 

  269. 			name: "base64url decoded",
    270. 

  270. 			args: args{
    271. 

  271. 				strategy: esv1beta1.ExternalSecretDecodeBase64URL,
    272. 

  272. 				in: map[string][]byte{
    273. 

  273. 					"foo": []byte(base64URLEncodedValue),
    274. 

  274. 				},
    275. 

  275. 			},
    276. 

  276. 			want: map[string][]byte{
    277. 

  277. 				"foo": []byte(base64DecodedValue),
    278. 

  278. 			},
    279. 

  279. 		},
    280. 

  280. 		{
    281. 

  281. 			name: "invalid base64url",
    282. 

  282. 			args: args{
    283. 

  283. 				strategy: esv1beta1.ExternalSecretDecodeBase64URL,
    284. 

  284. 				in: map[string][]byte{
    285. 

  285. 					"foo": []byte("foo"),
    286. 

  286. 				},
    287. 

  287. 			},
    288. 

  288. 			wantErr: true,
    289. 

  289. 		},
    290. 

  290. 		{
    291. 

  291. 			name: "none",
    292. 

  292. 			args: args{
    293. 

  293. 				strategy: esv1beta1.ExternalSecretDecodeNone,
    294. 

  294. 				in: map[string][]byte{
    295. 

  295. 					"foo": []byte(base64URLEncodedValue),
    296. 

  296. 				},
    297. 

  297. 			},
    298. 

  298. 			want: map[string][]byte{
    299. 

  299. 				"foo": []byte(base64URLEncodedValue),
    300. 

  300. 			},
    301. 

  301. 		},
    302. 

  302. 		{
    303. 

  303. 			name: "auto",
    304. 

  304. 			args: args{
    305. 

  305. 				strategy: esv1beta1.ExternalSecretDecodeAuto,
    306. 

  306. 				in: map[string][]byte{
    307. 

  307. 					"b64":        []byte(base64EncodedValue),
    308. 

  308. 					"invalidb64": []byte("foo"),
    309. 

  309. 					"b64url":     []byte(base64URLEncodedValue),
    310. 

  310. 				},
    311. 

  311. 			},
    312. 

  312. 			want: map[string][]byte{
    313. 

  313. 				"b64":        []byte(base64DecodedValue),
    314. 

  314. 				"invalidb64": []byte("foo"),
    315. 

  315. 				"b64url":     []byte(base64DecodedValue),
    316. 

  316. 			},
    317. 

  317. 		},
    318. 

  318. 	}
    319. 

  319. 	for _, tt := range tests {
    320. 

  320. 		t.Run(tt.name, func(t *testing.T) {
    321. 

  321. 			got, err := DecodeMap(tt.args.strategy, tt.args.in)
    322. 

  322. 			if (err != nil) != tt.wantErr {
    323. 

  323. 				t.Errorf("DecodeMap() error = %v, wantErr %v", err, tt.wantErr)
    324. 

  324. 				return
    325. 

  325. 			}
    326. 

  326. 			if !reflect.DeepEqual(got, tt.want) {
    327. 

  327. 				t.Errorf("DecodeMap() = %v, want %v", got, tt.want)
    328. 

  328. 			}
    329. 

  329. 		})
    330. 

  330. 	}
    331. 

  331. }
    332. 

  332. func TestValidate(t *testing.T) {
    333. 

  333. 	err := NetworkValidate("http://google.com", 10*time.Second)
    334. 

  334. 	if err != nil {
    335. 

  335. 		t.Errorf("Connection problem: %v", err)
    336. 

  336. 	}
    337. 

  337. }
    338. 

  338. 

  339. func TestRewriteRegexp(t *testing.T) {
    340. 

  340. 	type args struct {
    341. 

  341. 		operations []esv1beta1.ExternalSecretRewrite
    342. 

  342. 		in         map[string][]byte
    343. 

  343. 	}
    344. 

  344. 	tests := []struct {
    345. 

  345. 		name    string
    346. 

  346. 		args    args
    347. 

  347. 		want    map[string][]byte
    348. 

  348. 		wantErr bool
    349. 

  349. 	}{
    350. 

  350. 		{
    351. 

  351. 			name: "replace of a single key",
    352. 

  352. 			args: args{
    353. 

  353. 				operations: []esv1beta1.ExternalSecretRewrite{
    354. 

  354. 					{
    355. 

  355. 						Regexp: &esv1beta1.ExternalSecretRewriteRegexp{
    356. 

  356. 							Source: "-",
    357. 

  357. 							Target: "_",
    358. 

  358. 						},
    359. 

  359. 					},
    360. 

  360. 				},
    361. 

  361. 				in: map[string][]byte{
    362. 

  362. 					"foo-bar": []byte("bar"),
    363. 

  363. 				},
    364. 

  364. 			},
    365. 

  365. 			want: map[string][]byte{
    366. 

  366. 				"foo_bar": []byte("bar"),
    367. 

  367. 			},
    368. 

  368. 		},
    369. 

  369. 		{
    370. 

  370. 			name: "no operation",
    371. 

  371. 			args: args{
    372. 

  372. 				operations: []esv1beta1.ExternalSecretRewrite{
    373. 

  373. 					{
    374. 

  374. 						Regexp: &esv1beta1.ExternalSecretRewriteRegexp{
    375. 

  375. 							Source: "hello",
    376. 

  376. 							Target: "world",
    377. 

  377. 						},
    378. 

  378. 					},
    379. 

  379. 				},
    380. 

  380. 				in: map[string][]byte{
    381. 

  381. 					"foo": []byte("bar"),
    382. 

  382. 				},
    383. 

  383. 			},
    384. 

  384. 			want: map[string][]byte{
    385. 

  385. 				"foo": []byte("bar"),
    386. 

  386. 			},
    387. 

  387. 		},
    388. 

  388. 		{
    389. 

  389. 			name: "removing prefix from keys",
    390. 

  390. 			args: args{
    391. 

  391. 				operations: []esv1beta1.ExternalSecretRewrite{
    392. 

  392. 					{
    393. 

  393. 						Regexp: &esv1beta1.ExternalSecretRewriteRegexp{
    394. 

  394. 							Source: "^my/initial/path/",
    395. 

  395. 							Target: "",
    396. 

  396. 						},
    397. 

  397. 					},
    398. 

  398. 				},
    399. 

  399. 				in: map[string][]byte{
    400. 

  400. 					"my/initial/path/foo": []byte("bar"),
    401. 

  401. 				},
    402. 

  402. 			},
    403. 

  403. 			want: map[string][]byte{
    404. 

  404. 				"foo": []byte("bar"),
    405. 

  405. 			},
    406. 

  406. 		},
    407. 

  407. 		{
    408. 

  408. 			name: "using un-named capture groups",
    409. 

  409. 			args: args{
    410. 

  410. 				operations: []esv1beta1.ExternalSecretRewrite{
    411. 

  411. 					{
    412. 

  412. 						Regexp: &esv1beta1.ExternalSecretRewriteRegexp{
    413. 

  413. 							Source: "f(.*)o",
    414. 

  414. 							Target: "a_new_path_$1",
    415. 

  415. 						},
    416. 

  416. 					},
    417. 

  417. 				},
    418. 

  418. 				in: map[string][]byte{
    419. 

  419. 					"foo":      []byte("bar"),
    420. 

  420. 					"foodaloo": []byte("barr"),
    421. 

  421. 				},
    422. 

  422. 			},
    423. 

  423. 			want: map[string][]byte{
    424. 

  424. 				"a_new_path_o":      []byte("bar"),
    425. 

  425. 				"a_new_path_oodalo": []byte("barr"),
    426. 

  426. 			},
    427. 

  427. 		},
    428. 

  428. 		{
    429. 

  429. 			name: "using named and numbered capture groups",
    430. 

  430. 			args: args{
    431. 

  431. 				operations: []esv1beta1.ExternalSecretRewrite{
    432. 

  432. 					{
    433. 

  433. 						Regexp: &esv1beta1.ExternalSecretRewriteRegexp{
    434. 

  434. 							Source: "f(?P<content>.*)o",
    435. 

  435. 							Target: "a_new_path_${content}_${1}",
    436. 

  436. 						},
    437. 

  437. 					},
    438. 

  438. 				},
    439. 

  439. 				in: map[string][]byte{
    440. 

  440. 					"foo":  []byte("bar"),
    441. 

  441. 					"floo": []byte("barr"),
    442. 

  442. 				},
    443. 

  443. 			},
    444. 

  444. 			want: map[string][]byte{
    445. 

  445. 				"a_new_path_o_o":   []byte("bar"),
    446. 

  446. 				"a_new_path_lo_lo": []byte("barr"),
    447. 

  447. 			},
    448. 

  448. 		},
    449. 

  449. 		{
    450. 

  450. 			name: "using sequenced rewrite operations",
    451. 

  451. 			args: args{
    452. 

  452. 				operations: []esv1beta1.ExternalSecretRewrite{
    453. 

  453. 					{
    454. 

  454. 						Regexp: &esv1beta1.ExternalSecretRewriteRegexp{
    455. 

  455. 							Source: "my/(.*?)/bar/(.*)",
    456. 

  456. 							Target: "$1-$2",
    457. 

  457. 						},
    458. 

  458. 					},
    459. 

  459. 					{
    460. 

  460. 						Regexp: &esv1beta1.ExternalSecretRewriteRegexp{
    461. 

  461. 							Source: "-",
    462. 

  462. 							Target: "_",
    463. 

  463. 						},
    464. 

  464. 					},
    465. 

  465. 					{
    466. 

  466. 						Regexp: &esv1beta1.ExternalSecretRewriteRegexp{
    467. 

  467. 							Source: "ass",
    468. 

  468. 							Target: "***",
    469. 

  469. 						},
    470. 

  470. 					},
    471. 

  471. 				},
    472. 

  472. 				in: map[string][]byte{
    473. 

  473. 					"my/app/bar/key":      []byte("bar"),
    474. 

  474. 					"my/app/bar/password": []byte("barr"),
    475. 

  475. 				},
    476. 

  476. 			},
    477. 

  477. 			want: map[string][]byte{
    478. 

  478. 				"app_key":      []byte("bar"),
    479. 

  479. 				"app_p***word": []byte("barr"),
    480. 

  480. 			},
    481. 

  481. 		},
    482. 

  482. 	}
    483. 

  483. 	for _, tt := range tests {
    484. 

  484. 		t.Run(tt.name, func(t *testing.T) {
    485. 

  485. 			got, err := RewriteMap(tt.args.operations, tt.args.in)
    486. 

  486. 			if (err != nil) != tt.wantErr {
    487. 

  487. 				t.Errorf("RewriteMap() error = %v, wantErr %v", err, tt.wantErr)
    488. 

  488. 				return
    489. 

  489. 			}
    490. 

  490. 			if !reflect.DeepEqual(got, tt.want) {
    491. 

  491. 				t.Errorf("RewriteMap() = %v, want %v", got, tt.want)
    492. 

  492. 			}
    493. 

  493. 		})
    494. 

  494. 	}
    495. 

  495. }
    496.