Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: b4bf572e08
Branches Tags
helm-externa...
/
pkg
/
provider
/
webhook
/
webhook_test.go

webhook_test.go 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package webhook
    16. 

  16. 

  17. import (
    18. 

  18. 	"bytes"
    19. 

  19. 	"context"
    20. 

  20. 	"errors"
    21. 

  21. 	"io"
    22. 

  22. 	"net/http"
    23. 

  23. 	"net/http/httptest"
    24. 

  24. 	"strings"
    25. 

  25. 	"testing"
    26. 

  26. 	"time"
    27. 

  27. 

  28. 	"gopkg.in/yaml.v3"
    29. 

  29. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    30. 

  30. 

  31. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    32. 

  32. )
    33. 

  33. 

  34. type testCase struct {
    35. 

  35. 	Case string `json:"case,omitempty"`
    36. 

  36. 	Args args   `json:"args"`
    37. 

  37. 	Want want   `json:"want"`
    38. 

  38. }
    39. 

  39. 

  40. type args struct {
    41. 

  41. 	URL        string `json:"url,omitempty"`
    42. 

  42. 	Body       string `json:"body,omitempty"`
    43. 

  43. 	Timeout    string `json:"timeout,omitempty"`
    44. 

  44. 	Key        string `json:"key,omitempty"`
    45. 

  45. 	Property   string `json:"property,omitempty"`
    46. 

  46. 	Version    string `json:"version,omitempty"`
    47. 

  47. 	JSONPath   string `json:"jsonpath,omitempty"`
    48. 

  48. 	Response   string `json:"response,omitempty"`
    49. 

  49. 	StatusCode int    `json:"statuscode,omitempty"`
    50. 

  50. }
    51. 

  51. 

  52. type want struct {
    53. 

  53. 	Path      string            `json:"path,omitempty"`
    54. 

  54. 	Body      string            `json:"body,omitempty"`
    55. 

  55. 	Err       string            `json:"err,omitempty"`
    56. 

  56. 	Result    string            `json:"result,omitempty"`
    57. 

  57. 	ResultMap map[string]string `json:"resultmap,omitempty"`
    58. 

  58. }
    59. 

  59. 

  60. var testCases = `
    61. 

  61. case: error url
    62. 

  62. args:
    63. 

  63.   url: /api/getsecret?id={{ .unclosed.template
    64. 

  64. want:
    65. 

  65.   err: failed to parse url
    66. 

  66. ---
    67. 

  67. case: error body
    68. 

  68. args:
    69. 

  69.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    70. 

  70.   body: Body error {{ .unclosed.template
    71. 

  71. want:
    72. 

  72.   err: failed to parse body
    73. 

  73. ---
    74. 

  74. case: error connection
    75. 

  75. args:
    76. 

  76.   url: 1/api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    77. 

  77. want:
    78. 

  78.   err: failed to call endpoint
    79. 

  79. ---
    80. 

  80. case: error no secret err
    81. 

  81. args:
    82. 

  82.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    83. 

  83.   key: testkey
    84. 

  84.   version: 1
    85. 

  85.   statuscode: 404
    86. 

  86.   response: not found
    87. 

  87. want:
    88. 

  88.   path: /api/getsecret?id=testkey&version=1
    89. 

  89.   err: ` + esv1beta1.NoSecretErr.Error() + `
    90. 

  90. ---
    91. 

  91. case: error server error
    92. 

  92. args:
    93. 

  93.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    94. 

  94.   key: testkey
    95. 

  95.   version: 1
    96. 

  96.   statuscode: 500
    97. 

  97.   response: server error
    98. 

  98. want:
    99. 

  99.   path: /api/getsecret?id=testkey&version=1
    100. 

  100.   err: endpoint gave error 500
    101. 

  101. ---
    102. 

  102. case: error bad json
    103. 

  103. args:
    104. 

  104.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    105. 

  105.   key: testkey
    106. 

  106.   version: 1
    107. 

  107.   jsonpath: $.result.thesecret
    108. 

  108.   response: '{"result":{"thesecret":"secret-value"}'
    109. 

  109. want:
    110. 

  110.   path: /api/getsecret?id=testkey&version=1
    111. 

  111.   err: failed to parse response json
    112. 

  112. ---
    113. 

  113. case: error bad jsonpath
    114. 

  114. args:
    115. 

  115.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    116. 

  116.   key: testkey
    117. 

  117.   version: 1
    118. 

  118.   jsonpath: $.result.thesecret
    119. 

  119.   response: '{"result":{"nosecret":"secret-value"}}'
    120. 

  120. want:
    121. 

  121.   path: /api/getsecret?id=testkey&version=1
    122. 

  122.   err: failed to get response path
    123. 

  123. ---
    124. 

  124. case: pull data out of map
    125. 

  125. args:
    126. 

  126.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    127. 

  127.   key: testkey
    128. 

  128.   version: 1
    129. 

  129.   jsonpath: $.result.thesecret
    130. 

  130.   response: '{"result":{"thesecret":{"one":"secret-value"}}}'
    131. 

  131. want:
    132. 

  132.   path: /api/getsecret?id=testkey&version=1
    133. 

  133.   err: ''
    134. 

  134.   result: '{"one":"secret-value"}'
    135. 

  135. ---
    136. 

  136. case: error timeout
    137. 

  137. args:
    138. 

  138.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    139. 

  139.   key: testkey
    140. 

  140.   version: 1
    141. 

  141.   response: secret-value
    142. 

  142.   timeout: 0.01ms
    143. 

  143. want:
    144. 

  144.   path: /api/getsecret?id=testkey&version=1
    145. 

  145.   err: context deadline exceeded
    146. 

  146. ---
    147. 

  147. case: good plaintext
    148. 

  148. args:
    149. 

  149.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    150. 

  150.   key: testkey
    151. 

  151.   version: 1
    152. 

  152.   response: secret-value
    153. 

  153. want:
    154. 

  154.   path: /api/getsecret?id=testkey&version=1
    155. 

  155.   err: ''
    156. 

  156.   result: secret-value
    157. 

  157. ---
    158. 

  158. case: good json
    159. 

  159. args:
    160. 

  160.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    161. 

  161.   key: testkey
    162. 

  162.   version: 1
    163. 

  163.   jsonpath: $.result.thesecret
    164. 

  164.   response: '{"result":{"thesecret":"secret-value"}}'
    165. 

  165. want:
    166. 

  166.   path: /api/getsecret?id=testkey&version=1
    167. 

  167.   err: ''
    168. 

  168.   result: secret-value
    169. 

  169. ---
    170. 

  170. case: good json map
    171. 

  171. args:
    172. 

  172.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    173. 

  173.   key: testkey
    174. 

  174.   version: 1
    175. 

  175.   jsonpath: $.result
    176. 

  176.   response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value"}}'
    177. 

  177. want:
    178. 

  178.   path: /api/getsecret?id=testkey&version=1
    179. 

  179.   err: ''
    180. 

  180.   resultmap:
    181. 

  181.     thesecret: secret-value
    182. 

  182.     alsosecret: another-value
    183. 

  183. ---
    184. 

  184. case: good json map string
    185. 

  185. args:
    186. 

  186.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    187. 

  187.   key: testkey
    188. 

  188.   version: 1
    189. 

  189.   response: '{"thesecret":"secret-value","alsosecret":"another-value"}'
    190. 

  190. want:
    191. 

  191.   path: /api/getsecret?id=testkey&version=1
    192. 

  192.   err: ''
    193. 

  193.   resultmap:
    194. 

  194.     thesecret: secret-value
    195. 

  195.     alsosecret: another-value
    196. 

  196. ---
    197. 

  197. case: error json map string
    198. 

  198. args:
    199. 

  199.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    200. 

  200.   key: testkey
    201. 

  201.   version: 1
    202. 

  202.   response: 'some simple string'
    203. 

  203. want:
    204. 

  204.   path: /api/getsecret?id=testkey&version=1
    205. 

  205.   err: "failed to parse response json: invalid character"
    206. 

  206.   resultmap: {}
    207. 

  207. ---
    208. 

  208. case: error json map
    209. 

  209. args:
    210. 

  210.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    211. 

  211.   key: testkey
    212. 

  212.   version: 1
    213. 

  213.   jsonpath: $.result.thesecret
    214. 

  214.   response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value"}}'
    215. 

  215. want:
    216. 

  216.   path: /api/getsecret?id=testkey&version=1
    217. 

  217.   err: "failed to parse response json from jsonpath"
    218. 

  218.   resultmap: {}
    219. 

  219. ---
    220. 

  220. case: good json with good templated jsonpath
    221. 

  221. args:
    222. 

  222.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    223. 

  223.   key: testkey
    224. 

  224.   property: thesecret
    225. 

  225.   version: 1
    226. 

  226.   jsonpath: $.result.{{ .remoteRef.property }}
    227. 

  227.   response: '{"result":{"thesecret":"secret-value"}}'
    228. 

  228. want:
    229. 

  229.   path: /api/getsecret?id=testkey&version=1
    230. 

  230.   err: ''
    231. 

  231.   result: secret-value
    232. 

  232. ---
    233. 

  233. case: good json with jsonpath filter
    234. 

  234. args:
    235. 

  235.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    236. 

  236.   key: testkey
    237. 

  237.   version: 1
    238. 

  238.   jsonpath: $.secrets[?@.name=="thesecret"].value
    239. 

  239.   response: '{"secrets": [{"name": "thesecret", "value": "secret-value"}, {"name": "alsosecret", "value": "another-value"}]}'
    240. 

  240. want:
    241. 

  241.   path: /api/getsecret?id=testkey&version=1
    242. 

  242.   err: ''
    243. 

  243.   result: secret-value
    244. 

  244. ---
    245. 

  245. case: good json with bad templated jsonpath
    246. 

  246. args:
    247. 

  247.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    248. 

  248.   key: testkey
    249. 

  249.   property: thesecret
    250. 

  250.   version: 1
    251. 

  251.   jsonpath: $.result.{{ .remoteRef.property }
    252. 

  252.   response: '{"result":{"thesecret":"secret-value"}}'
    253. 

  253. want:
    254. 

  254.   path: /api/getsecret?id=testkey&version=1
    255. 

  255.   err: 'template: webhooktemplate:1: unexpected "}" in operand'
    256. 

  256. ---
    257. 

  257. case: error with jsonpath filter empty results
    258. 

  258. args:
    259. 

  259.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    260. 

  260.   key: testkey
    261. 

  261.   version: 1
    262. 

  262.   jsonpath: $.secrets[?@.name=="thebadsecret"].value
    263. 

  263.   response: '{"secrets": [{"name": "thesecret", "value": "secret-value"}, {"name": "alsosecret", "value": "another-value"}]}'
    264. 

  264. want:
    265. 

  265.   path: /api/getsecret?id=testkey&version=1
    266. 

  266.   err: "filter worked but didn't get any result"
    267. 

  267. ---
    268. 

  268. case: success with jsonpath filter and result array
    269. 

  269. args:
    270. 

  270.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    271. 

  271.   key: testkey
    272. 

  272.   version: 1
    273. 

  273.   jsonpath: $..name
    274. 

  274.   response: '{"secrets": [{"name": "thesecret", "value": "secret-value"}, {"name": "alsosecret", "value": "another-value"}]}'
    275. 

  275. want:
    276. 

  276.   path: /api/getsecret?id=testkey&version=1
    277. 

  277.   err: ''
    278. 

  278.   result: 'thesecret'
    279. 

  279. ---
    280. 

  280. case: success with jsonpath filter and result array of ints
    281. 

  281. args:
    282. 

  282.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    283. 

  283.   key: testkey
    284. 

  284.   version: 1
    285. 

  285.   jsonpath: $..name
    286. 

  286.   response: '{"secrets": [{"name": 123, "value": "secret-value"}, {"name": 456, "value": "another-value"}]}'
    287. 

  287. want:
    288. 

  288.   path: /api/getsecret?id=testkey&version=1
    289. 

  289.   err: ''
    290. 

  290.   result: 123
    291. 

  291. ---
    292. 

  292. case: support backslash
    293. 

  293. args:
    294. 

  294.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    295. 

  295.   key: testkey
    296. 

  296.   version: 1
    297. 

  297.   jsonpath: $.refresh_token
    298. 

  298.   response: '{"access_token":"REDACTED","refresh_token":"RE\/DACTED=="}'
    299. 

  299. want:
    300. 

  300.   path: /api/getsecret?id=testkey&version=1
    301. 

  301.   err: ''
    302. 

  302.   result: "RE/DACTED=="
    303. 

  303. ---
    304. 

  304. case: good json with mixed fields and jsonpath filter
    305. 

  305. args:
    306. 

  306.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    307. 

  307.   key: testkey
    308. 

  308.   version: 1
    309. 

  309.   jsonpath: $.result.thesecret
    310. 

  310.   response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value", "id": 1234, "weight": 1.5}}'
    311. 

  311. want:
    312. 

  312.   path: /api/getsecret?id=testkey&version=1
    313. 

  313.   err: ''
    314. 

  314.   result: secret-value
    315. 

  315. ---
    316. 

  316. case: good json with mixed fields to map
    317. 

  317. args:
    318. 

  318.   url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }}
    319. 

  319.   key: testkey
    320. 

  320.   version: 1
    321. 

  321.   jsonpath: $.result
    322. 

  322.   response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value", "id": 1234, "weight": 1.5}}'
    323. 

  323. want:
    324. 

  324.   path: /api/getsecret?id=testkey&version=1
    325. 

  325.   err: ''
    326. 

  326.   resultmap:
    327. 

  327.     thesecret: secret-value
    328. 

  328.     alsosecret: another-value
    329. 

  329.     id: 1234
    330. 

  330.     weight: 1.5
    331. 

  331. ---
    332. 

  332. case: only url encoding for url templates
    333. 

  333. args:
    334. 

  334.   url: /api/getsecrets?folder={{ .remoteRef.key }}
    335. 

  335.   body: '{"folder": "{{ .remoteRef.key }}"}'
    336. 

  336.   key: /myapp/secrets
    337. 

  337. want:
    338. 

  338.   path: /api/getsecrets?folder=%2Fmyapp%2Fsecrets
    339. 

  339.   body: '{"folder": "/myapp/secrets"}'
    340. 

  340. `
    341. 

  341. 

  342. func TestWebhookGetSecret(t *testing.T) {
    343. 

  343. 	ydec := yaml.NewDecoder(bytes.NewReader([]byte(testCases)))
    344. 

  344. 	for {
    345. 

  345. 		var tc testCase
    346. 

  346. 		if err := ydec.Decode(&tc); err != nil {
    347. 

  347. 			if !errors.Is(err, io.EOF) {
    348. 

  348. 				t.Errorf("testcase decode error %v", err)
    349. 

  349. 			}
    350. 

  350. 			break
    351. 

  351. 		}
    352. 

  352. 		runTestCase(tc, t)
    353. 

  353. 	}
    354. 

  354. }
    355. 

  355. 

  356. func testCaseServer(tc testCase, t *testing.T) *httptest.Server {
    357. 

  357. 	// Start a new server for every test case because the server wants to check the expected api path
    358. 

  358. 	return httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
    359. 

  359. 		if tc.Want.Path != "" && req.URL.String() != tc.Want.Path {
    360. 

  360. 			t.Errorf("%s: unexpected api path: %s, expected %s", tc.Case, req.URL.String(), tc.Want.Path)
    361. 

  361. 		}
    362. 

  362. 		if tc.Want.Body != "" {
    363. 

  363. 			b, _ := io.ReadAll(req.Body)
    364. 

  364. 			if string(b) != tc.Want.Body {
    365. 

  365. 				t.Errorf("%s: unexpected body: %s, expected %s", tc.Case, string(b), tc.Want.Body)
    366. 

  366. 			}
    367. 

  367. 		}
    368. 

  368. 		if tc.Args.StatusCode != 0 {
    369. 

  369. 			rw.WriteHeader(tc.Args.StatusCode)
    370. 

  370. 		}
    371. 

  371. 		rw.Write([]byte(tc.Args.Response))
    372. 

  372. 	}))
    373. 

  373. }
    374. 

  374. 

  375. func parseTimeout(timeout string) (*metav1.Duration, error) {
    376. 

  376. 	if timeout == "" {
    377. 

  377. 		return nil, nil
    378. 

  378. 	}
    379. 

  379. 	dur, err := time.ParseDuration(timeout)
    380. 

  380. 	if err != nil {
    381. 

  381. 		return nil, err
    382. 

  382. 	}
    383. 

  383. 	return &metav1.Duration{Duration: dur}, nil
    384. 

  384. }
    385. 

  385. 

  386. func runTestCase(tc testCase, t *testing.T) {
    387. 

  387. 	ts := testCaseServer(tc, t)
    388. 

  388. 	defer ts.Close()
    389. 

  389. 

  390. 	testStore := makeClusterSecretStore(ts.URL, tc.Args)
    391. 

  391. 	var err error
    392. 

  392. 	timeout, err := parseTimeout(tc.Args.Timeout)
    393. 

  393. 	if err != nil {
    394. 

  394. 		t.Errorf("%s: error parsing timeout '%s': %s", tc.Case, tc.Args.Timeout, err.Error())
    395. 

  395. 		return
    396. 

  396. 	}
    397. 

  397. 	testStore.Spec.Provider.Webhook.Timeout = timeout
    398. 

  398. 	testProv := &Provider{}
    399. 

  399. 	client, err := testProv.NewClient(context.Background(), testStore, nil, "testnamespace")
    400. 

  400. 	if err != nil {
    401. 

  401. 		t.Errorf("%s: error creating client: %s", tc.Case, err.Error())
    402. 

  402. 		return
    403. 

  403. 	}
    404. 

  404. 

  405. 	if tc.Want.ResultMap != nil {
    406. 

  406. 		testGetSecretMap(tc, t, client)
    407. 

  407. 	} else {
    408. 

  408. 		testGetSecret(tc, t, client)
    409. 

  409. 	}
    410. 

  410. }
    411. 

  411. 

  412. func testGetSecretMap(tc testCase, t *testing.T, client esv1beta1.SecretsClient) {
    413. 

  413. 	testRef := esv1beta1.ExternalSecretDataRemoteRef{
    414. 

  414. 		Key:     tc.Args.Key,
    415. 

  415. 		Version: tc.Args.Version,
    416. 

  416. 	}
    417. 

  417. 	secretmap, err := client.GetSecretMap(context.Background(), testRef)
    418. 

  418. 	errStr := ""
    419. 

  419. 	if err != nil {
    420. 

  420. 		errStr = err.Error()
    421. 

  421. 	}
    422. 

  422. 	if (tc.Want.Err == "") != (errStr == "") || !strings.Contains(errStr, tc.Want.Err) {
    423. 

  423. 		t.Errorf("%s: unexpected error: '%s' (expected '%s')", tc.Case, errStr, tc.Want.Err)
    424. 

  424. 	}
    425. 

  425. 	if err == nil {
    426. 

  426. 		for wantkey, wantval := range tc.Want.ResultMap {
    427. 

  427. 			gotval, ok := secretmap[wantkey]
    428. 

  428. 			if !ok {
    429. 

  429. 				t.Errorf("%s: unexpected response: wanted key '%s' not found", tc.Case, wantkey)
    430. 

  430. 			} else if string(gotval) != wantval {
    431. 

  431. 				t.Errorf("%s: unexpected response: key '%s' = '%s' (expected '%s')", tc.Case, wantkey, wantval, gotval)
    432. 

  432. 			}
    433. 

  433. 		}
    434. 

  434. 	}
    435. 

  435. }
    436. 

  436. 

  437. func testGetSecret(tc testCase, t *testing.T, client esv1beta1.SecretsClient) {
    438. 

  438. 	testRef := esv1beta1.ExternalSecretDataRemoteRef{
    439. 

  439. 		Key:      tc.Args.Key,
    440. 

  440. 		Property: tc.Args.Property,
    441. 

  441. 		Version:  tc.Args.Version,
    442. 

  442. 	}
    443. 

  443. 	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
    444. 

  444. 	defer cancel()
    445. 

  445. 	secret, err := client.GetSecret(ctx, testRef)
    446. 

  446. 	errStr := ""
    447. 

  447. 	if err != nil {
    448. 

  448. 		errStr = err.Error()
    449. 

  449. 	}
    450. 

  450. 	if !strings.Contains(errStr, tc.Want.Err) {
    451. 

  451. 		t.Errorf("%s: unexpected error: '%s' (expected '%s')", tc.Case, errStr, tc.Want.Err)
    452. 

  452. 	}
    453. 

  453. 	if err == nil && string(secret) != tc.Want.Result {
    454. 

  454. 		t.Errorf("%s: unexpected response: '%s' (expected '%s')", tc.Case, secret, tc.Want.Result)
    455. 

  455. 	}
    456. 

  456. }
    457. 

  457. 

  458. func makeClusterSecretStore(url string, args args) *esv1beta1.ClusterSecretStore {
    459. 

  459. 	store := &esv1beta1.ClusterSecretStore{
    460. 

  460. 		TypeMeta: metav1.TypeMeta{
    461. 

  461. 			Kind: "ClusterSecretStore",
    462. 

  462. 		},
    463. 

  463. 		ObjectMeta: metav1.ObjectMeta{
    464. 

  464. 			Name:      "wehbook-store",
    465. 

  465. 			Namespace: "default",
    466. 

  466. 		},
    467. 

  467. 		Spec: esv1beta1.SecretStoreSpec{
    468. 

  468. 			Provider: &esv1beta1.SecretStoreProvider{
    469. 

  469. 				Webhook: &esv1beta1.WebhookProvider{
    470. 

  470. 					URL:  url + args.URL,
    471. 

  471. 					Body: args.Body,
    472. 

  472. 					Headers: map[string]string{
    473. 

  473. 						"Content-Type": "application.json",
    474. 

  474. 						"X-SecretKey":  "{{ .remoteRef.key }}",
    475. 

  475. 					},
    476. 

  476. 					Result: esv1beta1.WebhookResult{
    477. 

  477. 						JSONPath: args.JSONPath,
    478. 

  478. 					},
    479. 

  479. 				},
    480. 

  480. 			},
    481. 

  481. 		},
    482. 

  482. 	}
    483. 

  483. 	return store
    484. 

  484. }
    485.