Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: a89abc6147
Branches Tags
helm-externa...
/
runtime
/
testing
/
fake
/
fake.go

fake.go 6.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235 
  1. /*
    2. 

  2. Copyright © The ESO Authors
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package fake
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"maps"
    22. 

  22. 	"sync"
    23. 

  23. 

  24. 	corev1 "k8s.io/api/core/v1"
    25. 

  25. 	"sigs.k8s.io/controller-runtime/pkg/client"
    26. 

  26. 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
    27. 

  27. 

  28. 	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    29. 

  29. 	"github.com/external-secrets/external-secrets/runtime/esutils"
    30. 

  30. )
    31. 

  31. 

  32. var _ esv1.Provider = &Client{}
    33. 

  33. 

  34. type SetSecretCallArgs struct {
    35. 

  35. 	Value     []byte
    36. 

  36. 	RemoteRef esv1.PushSecretRemoteRef
    37. 

  37. }
    38. 

  38. 

  39. // Client is a fake client for testing.
    40. 

  40. type Client struct {
    41. 

  41. 	mu              *sync.RWMutex
    42. 

  42. 	pushSecretData  map[string]SetSecretCallArgs
    43. 

  43. 	NewFn           func(context.Context, esv1.GenericStore, client.Client, string) (esv1.SecretsClient, error)
    44. 

  44. 	GetSecretFn     func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error)
    45. 

  45. 	GetSecretMapFn  func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error)
    46. 

  46. 	GetAllSecretsFn func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error)
    47. 

  47. 	SecretExistsFn  func(context.Context, esv1.PushSecretRemoteRef) (bool, error)
    48. 

  48. 	SetSecretFn     func() error
    49. 

  49. 	DeleteSecretFn  func() error
    50. 

  50. }
    51. 

  51. 

  52. // New returns a fake provider/client.
    53. 

  53. func New() *Client {
    54. 

  54. 	v := &Client{
    55. 

  55. 		mu: &sync.RWMutex{},
    56. 

  56. 		GetSecretFn: func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    57. 

  57. 			return nil, nil
    58. 

  58. 		},
    59. 

  59. 		GetSecretMapFn: func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    60. 

  60. 			return nil, nil
    61. 

  61. 		},
    62. 

  62. 		GetAllSecretsFn: func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error) {
    63. 

  63. 			return nil, nil
    64. 

  64. 		},
    65. 

  65. 		SecretExistsFn: func(context.Context, esv1.PushSecretRemoteRef) (bool, error) {
    66. 

  66. 			return false, nil
    67. 

  67. 		},
    68. 

  68. 		SetSecretFn: func() error {
    69. 

  69. 			return nil
    70. 

  70. 		},
    71. 

  71. 		DeleteSecretFn: func() error {
    72. 

  72. 			return nil
    73. 

  73. 		},
    74. 

  74. 		pushSecretData: map[string]SetSecretCallArgs{},
    75. 

  75. 	}
    76. 

  76. 

  77. 	v.NewFn = func(context.Context, esv1.GenericStore, client.Client, string) (esv1.SecretsClient, error) {
    78. 

  78. 		return v, nil
    79. 

  79. 	}
    80. 

  80. 

  81. 	return v
    82. 

  82. }
    83. 

  83. 

  84. // RegisterAs registers the fake client in the schema.
    85. 

  85. func (v *Client) RegisterAs(provider *esv1.SecretStoreProvider) {
    86. 

  86. 	esv1.ForceRegister(v, provider, esv1.MaintenanceStatusMaintained)
    87. 

  87. }
    88. 

  88. 

  89. // GetAllSecrets implements the provider.Provider interface.
    90. 

  90. func (v *Client) GetAllSecrets(ctx context.Context, ref esv1.ExternalSecretFind) (map[string][]byte, error) {
    91. 

  91. 	v.mu.RLock()
    92. 

  92. 	fn := v.GetAllSecretsFn
    93. 

  93. 	v.mu.RUnlock()
    94. 

  94. 	return fn(ctx, ref)
    95. 

  95. }
    96. 

  96. 

  97. func (v *Client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1.PushSecretData) error {
    98. 

  98. 	v.mu.Lock()
    99. 

  99. 	value, _ := esutils.ExtractSecretData(data, secret)
    100. 

  100. 	v.pushSecretData[data.GetRemoteKey()] = SetSecretCallArgs{
    101. 

  101. 		Value:     value,
    102. 

  102. 		RemoteRef: data,
    103. 

  103. 	}
    104. 

  104. 	fn := v.SetSecretFn
    105. 

  105. 	v.mu.Unlock()
    106. 

  106. 	return fn()
    107. 

  107. }
    108. 

  108. 

  109. // GetPushSecretData safely retrieves the push secret data map for reading.
    110. 

  110. func (v *Client) GetPushSecretData() map[string]SetSecretCallArgs {
    111. 

  111. 	v.mu.RLock()
    112. 

  112. 	defer v.mu.RUnlock()
    113. 

  113. 	// Create a copy to avoid race conditions
    114. 

  114. 	result := make(map[string]SetSecretCallArgs, len(v.pushSecretData))
    115. 

  115. 	maps.Copy(result, v.pushSecretData)
    116. 

  116. 	return result
    117. 

  117. }
    118. 

  118. 

  119. func (v *Client) DeleteSecret(_ context.Context, _ esv1.PushSecretRemoteRef) error {
    120. 

  120. 	v.mu.RLock()
    121. 

  121. 	fn := v.DeleteSecretFn
    122. 

  122. 	v.mu.RUnlock()
    123. 

  123. 	return fn()
    124. 

  124. }
    125. 

  125. 

  126. func (v *Client) SecretExists(ctx context.Context, ref esv1.PushSecretRemoteRef) (bool, error) {
    127. 

  127. 	v.mu.RLock()
    128. 

  128. 	fn := v.SecretExistsFn
    129. 

  129. 	v.mu.RUnlock()
    130. 

  130. 	return fn(ctx, ref)
    131. 

  131. }
    132. 

  132. 

  133. // GetSecret implements the provider.Provider interface.
    134. 

  134. func (v *Client) GetSecret(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    135. 

  135. 	v.mu.RLock()
    136. 

  136. 	fn := v.GetSecretFn
    137. 

  137. 	v.mu.RUnlock()
    138. 

  138. 	return fn(ctx, ref)
    139. 

  139. }
    140. 

  140. 

  141. // WithGetSecret wraps secret data returned by this provider.
    142. 

  142. func (v *Client) WithGetSecret(secData []byte, err error) *Client {
    143. 

  143. 	v.mu.Lock()
    144. 

  144. 	v.GetSecretFn = func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    145. 

  145. 		return secData, err
    146. 

  146. 	}
    147. 

  147. 	v.mu.Unlock()
    148. 

  148. 	return v
    149. 

  149. }
    150. 

  150. 

  151. // GetSecretMap implements the provider.Provider interface.
    152. 

  152. func (v *Client) GetSecretMap(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    153. 

  153. 	v.mu.RLock()
    154. 

  154. 	fn := v.GetSecretMapFn
    155. 

  155. 	v.mu.RUnlock()
    156. 

  156. 	return fn(ctx, ref)
    157. 

  157. }
    158. 

  158. 

  159. func (v *Client) Close(_ context.Context) error {
    160. 

  160. 	return nil
    161. 

  161. }
    162. 

  162. 

  163. func (v *Client) Validate() (esv1.ValidationResult, error) {
    164. 

  164. 	return esv1.ValidationResultReady, nil
    165. 

  165. }
    166. 

  166. 

  167. func (v *Client) ValidateStore(_ esv1.GenericStore) (admission.Warnings, error) {
    168. 

  168. 	return nil, nil
    169. 

  169. }
    170. 

  170. 

  171. // WithGetSecretMap wraps the secret data map returned by this fake provider.
    172. 

  172. func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client {
    173. 

  173. 	v.mu.Lock()
    174. 

  174. 	v.GetSecretMapFn = func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    175. 

  175. 		return secData, err
    176. 

  176. 	}
    177. 

  177. 	v.mu.Unlock()
    178. 

  178. 	return v
    179. 

  179. }
    180. 

  180. 

  181. // WithGetAllSecrets wraps the secret data map returned by this fake provider.
    182. 

  182. func (v *Client) WithGetAllSecrets(secData map[string][]byte, err error) *Client {
    183. 

  183. 	v.mu.Lock()
    184. 

  184. 	v.GetAllSecretsFn = func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error) {
    185. 

  185. 		return secData, err
    186. 

  186. 	}
    187. 

  187. 	v.mu.Unlock()
    188. 

  188. 	return v
    189. 

  189. }
    190. 

  190. 

  191. // WithSetSecret wraps the secret response to the fake provider.
    192. 

  192. func (v *Client) WithSetSecret(err error) *Client {
    193. 

  193. 	v.mu.Lock()
    194. 

  194. 	v.SetSecretFn = func() error {
    195. 

  195. 		return err
    196. 

  196. 	}
    197. 

  197. 	v.mu.Unlock()
    198. 

  198. 	return v
    199. 

  199. }
    200. 

  200. 

  201. // WithNew wraps the fake provider factory function.
    202. 

  202. func (v *Client) WithNew(f func(context.Context, esv1.GenericStore, client.Client,
    203. 

  203. 	string) (esv1.SecretsClient, error)) *Client {
    204. 

  204. 	v.mu.Lock()
    205. 

  205. 	v.NewFn = f
    206. 

  206. 	v.mu.Unlock()
    207. 

  207. 	return v
    208. 

  208. }
    209. 

  209. 

  210. // Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite).
    211. 

  211. func (v *Client) Capabilities() esv1.SecretStoreCapabilities {
    212. 

  212. 	return esv1.SecretStoreReadOnly
    213. 

  213. }
    214. 

  214. 

  215. // NewClient returns a new fake provider.
    216. 

  216. func (v *Client) NewClient(ctx context.Context, store esv1.GenericStore, kube client.Client, namespace string) (esv1.SecretsClient, error) {
    217. 

  217. 	v.mu.RLock()
    218. 

  218. 	fn := v.NewFn
    219. 

  219. 	v.mu.RUnlock()
    220. 

  220. 	c, err := fn(ctx, store, kube, namespace)
    221. 

  221. 	if err != nil {
    222. 

  222. 		return nil, err
    223. 

  223. 	}
    224. 

  224. 	return c, nil
    225. 

  225. }
    226. 

  226. 

  227. func (v *Client) Reset() {
    228. 

  228. 	v.WithNew(func(context.Context, esv1.GenericStore, client.Client,
    229. 

  229. 		string) (esv1.SecretsClient, error) {
    230. 

  230. 		return v, nil
    231. 

  231. 	})
    232. 

  232. 	v.mu.Lock()
    233. 

  233. 	defer v.mu.Unlock()
    234. 

  234. 	v.pushSecretData = map[string]SetSecretCallArgs{}
    235. 

  235. }
    236.