Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: b7c64d15a5
Branches Tags
helm-externa...
/
pkg
/
template
/
v2
/
template_test.go

template_test.go 24 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. package template
    15. 

  15. 

  16. import (
    17. 

  17. 	"os"
    18. 

  18. 	"strings"
    19. 

  19. 	"testing"
    20. 

  20. 

  21. 	"github.com/google/go-cmp/cmp"
    22. 

  22. 	"github.com/stretchr/testify/assert"
    23. 

  23. 	corev1 "k8s.io/api/core/v1"
    24. 

  24. )
    25. 

  25. 

  26. const (
    27. 

  27. 	pkcs12ContentNoPass   = `MIIJYQIBAzCCCScGCSqGSIb3DQEHAaCCCRgEggkUMIIJEDCCA8cGCSqGSIb3DQEHBqCCA7gwggO0AgEAMIIDrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQInZmyWpNTPS4CAggAgIIDgPzZTmogBRiLP0NJZEUghZ3Oh1aqHJJ32HKgXUpD5BJ/5AvpUL9FC7m6a3GD++P1On/35J9N50bDjfBJjJrl2zpA143bzltPQBOK30cBJjNsCeN2Dq1dcsvJZfEy20z75NduXjMF6/qs4BbE+1E6nYFYVNHUybFnaQwSx7+2/2OMbXbcFpt4bv3HTw0YLw2pZeW/4/4A9d+tC9UdVQTTyNbI8l9nf1aeaaPsw1keVLmHurmTihfwh469FvjgwiHUP/P3ZCn1tOpWDR8ck0j+ru6imVP2hn+Kvk6svllmYqo3A5DnDRoF/Cl9R0DAPyS0lw7BeGskgTm7B79mzVitTbzRnIUP+sGJjc1AVghnitfcX4ffv8gq5xWaKGucO/IZXbPBoe7tMhKZmsirKzD4RBhC3nMyrwaHJB6PqUwxMQGMLbuHe7GlWhJAyFlcOTt5dgNl+axIkWdisoKNinYYeOuxudqyX6yPfsyaRCV5MEez3Wu+59MENGlGDRWbw61QuwsZkr1bAT2SJrQ/zHn5aGAluQZ1csJhKQ34iy1Ml9K9F4Zh3/2OWPs0u6+JCb1PC1vChBkguqcqQtEcikRwR9dNF9cdMB1T1Xk5GqlmOPaigkYzGWLgtl8cV5/Zl0m2j77mX9x4HVCTercAABGf9JcCLzSCo04c5OwIYtWUXBkux5n2VI2ZIuS1KF+r6JNyL3lg/D8LColzDUP/6tQCBVVgMar3iLblM17wPMTDMR5Bn+NvenwJj6FWaGGMtdjygtN+oSHpNDbVygfGQy+jEgUtK7yw0uh/WKBMWVw1E6iNuhb8HIyCFtQon8sDkuZ81czOpR3Ta1SWUWrZD+pjpL2Z4y8Nc2wt9pVPvLFOTn+GDFVqGpde3kovh3GfJjYCG/HI5rXZyziflDOoSy0SyG6aVCG4ZqW2LTymoVN/kxf+skqAweX1vxvvJniiv8HgYfEASFUWear4uT641d1YwcEIawNv4n+GKBilK/7ODl2QL86svwqIcbyiJrneyU2tHymKzGcU2VxmSgf8EnjqGuIEo7WXOpk0oUMcvYrM73cgzZ3BchUDIN0KWSDI+vDcVY82dbI39KM6dtOJFAx3kEdms/gdSqZtmHUIeArGp+8caCCAK/W+4wTOvtisK+6MtzdMz6P93N78N4Vo6cs3dkj6t/6tgNog5SCfwlOEyUpmMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECHVnarQ94cqlAgIIAASCBMgUvEVKsUcqEvYJEJ9JixgB0W3uhSi/Espt931a/mwx5Ja2K7vjlttaOct3Zc8umVrP5C322tmHz9QDVPj3Bln8CGfofC/8Nb6+SDeofmYaQYReOZpZGksEBs4P3yURl8wQpIkG31Oyf3urDTJdplfDrzu6XpEpIf7RicIR+Zh4Q1+F75XwPo52/yNs8q/kVV8H97gSRqQ2GixIdyNu+JLtNjdwAERHy4DeQjwgiMCdL+xMfN+WJyIvkLZDoy9bacXeG4IcQM+n84272C6j1a0BPaOm0K5A7I0H1zpXOJiWfn3MrT4LHDudrQoIWUOvcJjWaIM/KyghotDN50THKN9qCEE9SmtfWXGGFaJmyxbUDFizBIAsFshNtMs/47PoInTSNwzxNvUUQ3ap93iquGZ9EaZAMY2HQHW/QJIQ70IbtcHU28Bus/hrMcV0X9D1p4UeHuk37W7aCrL6hS+ac9pmzwmcDBwZUliyInxRmqCCerjg2ojAM9SVg8FrpQUErP+BOaoCBwQqLLiz9BM+3tUQc/8MyaBHq+c2dUoPfvipDIQXYiq66CkjmPHxPFEL1l9d9oBFoIGkt6SIHDjWnTPc5q5SvJ9tz8Dp1k/1HQSA8OUS6j+XySYuGe8xTvN/oUpVRswef2Qd/kxZlc1FJ4lVAXvbW7C7772l14BJv/WULcFH4Sn83rlL3YwHr4vJMf6wLahn7oQPI0VFSQiiOOb/+gkiTrwO3Gz+HXOkUwaKnW85PeoIt3/q1u0CRl64mUjqCegi7RMY9Q9tRMlD5yx0RsH7mc4b6Eg/3IwGu8VQmZCO5W2unCpfzzyrOx7OaGGaW4RJ2Mx7bJ8uV9HU8MbbNntmc9oxebPdDnBmbt8p8t4ZZxC+zcqcXi3TxACXmwnasogQEi0d0ttXkB5cnDCG00Y8WPdNIWfJdIQh8Hj16LAMYWUacz/J0kLP99ENQntZibVw/Q3zZtHSF5tmsYp7o1HglBpRwLTcd026YTrxB+VCEiUYy4hH6a38oEEpY7wTIiRmEBQPIRM0HUOqVh4z6TNzRx6iIhrQEvg06B8U6iVPqy8FGDkhf3P55Ed95/Rw6uSdlMTHng+Q4aG00k4qKdKOyv55IXPcvEzAeVNBuesknaS8x7Eb/I5mHSoZU3RYAEFGbehUkvkhNr3Xq7/W/400AKiliravJq8j/qKIZ9hAVUWOps09F/4peYfLXM1AhxWWGa5QqvwFkClM+uRyqIRGJwl2Z7asl4sWVXbwtb+Axio+mYGdzxIki5iwJvRCwKapoZplndXKTrn2nYBuhxW2+fRHa8WYdsm/wn0K+jYMlZhquVjNXyL70/Sym6DkzCtJvveQs2CfcEWQuedjRSGFVFT2jV/s5F8L2TV7nQNVj6dEJSNM5JCdZ//OpiMHMCbPNeSxY9koGplUqFhP54F1WU9x+8xiFjEp8WKxQYKHUtj+ace0lLF4CDGXhFR/0k7Icarpax3hYnvagd2OpZyRJdavKBSs5U7/NPuO6sNhZ2NpzsOiul9Iu8bu3UHCECNKkwN4wF4alTlG9sAAbS4ns4wb9XTajG+OPYoDQZmuJfc71McN6m8KBHEnXU8r4epdR7xREe/w+h2MwtPhLvbxwO592tUxJTAjBgkqhkiG9w0BCRUxFgQUOEXV6IFYGpCSHi0MPHz4b3W0KOQwMTAhMAkGBSsOAwIaBQAEFAjyBCA+mr+5UkKuQ1jGw90ASfbVBAjbvqJJZikDPgICCAA=`
    28. 

  28. 	pkcs12ContentWithPass = `MIIJYQIBAzCCCScGCSqGSIb3DQEHAaCCCRgEggkUMIIJEDCCA8cGCSqGSIb3DQEHBqCCA7gwggO0AgEAMIIDrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI2eZRJ7Ar+JQCAggAgIIDgFTbOtkFPjqxAoYRHoq1SbyXKf/NRbBA5AqxQlv9aFVT4VcxUSrMGaSWifX2UjsVWQzn134yoLLbdJ0jTorVD+EuBUmtb3xXbBwLqtFZxwcWodYA5WhPQdDcQo0cD3o1vrsXPQARQR6ISSFnhFjPYdH9cO2LqUKV5pjFhIs2/1VPDS2eY7SWZN52DK3QknSj23S3ZW2s4TFEj/5C4ssbO7cWNWBjjaORnd17FMNgVtcRw8ITmLdGBOpFUwP8wIdiLGrXiyjfMLns74nztRelV30/v0DPlz0pZtOPygi/dy0qpbil3wtOFrtQBLEdvLNmt9ikQgGs3pJBS68eMJLu3jAU6rCIKycq0+E0eMXeHcseyMwgguTj2h4t+E4S7nU11lViBFqkSBKxE28+9fNlPvCsZ4WhQZ6TAW3E/jDy/ZSqmak5V7/khMlRPvtrxz71ivksH0iipPdJJkGi7SDEvETySBETiqIslUmsF0ZYeHR5wIBkB5V8zmi8RRZtpvDGbzuQ22V6sNk2mTDh+BRus7gNCoSGWYXWqNNp1PnznuYCJp9T+0mObcAijE7IQuhpYMeQPF+MUIlG5lmpNouzuygTf++xrKIjzP36DcthnMPeD/8LYWfzkuAeRodjl7Z1G6XLvBD5h+Xlq23WPjMcXUiiWYXxTREAQ1EWUf4A9twGcxHJ5AatbvQY3QUoS4a7LNuy17lF7G+O1SFDtGeHZXHHecaVpuAtqZEYeUpqy6ZzMJXtXE1JNl/UR9TtTordb1V5Pf45JTYKLI+SwxVQbRiTgfhulNc+E3tV1AEELZt4CKmh1OFJoJRtyREMfdVuP4rx7ywIoMYuWw8CRqJ3qSmdwz2kmL2pfJNn6vDfN6rNa+sXWErOJ7naSAKQH2CJfnkCOFxkKfwjbOcNRbnGKah8NyWu6xqlv7Y4xEJYqmPahGHmrSfdAt3mpc5zD74DvetLIczcadKaLH7mp6h98xHayvXh0UE7ERHeskfSPrLxL9A3V1RZXDOtcZFWSKHzokuXMDF9OnrcMYDzYgtzof4ReY2t1ldGF7phYINhDlUNyhzyjwyWQbdkxr/+FtWq8Sbm7o2zMTby48c25gnqD9U8RTAO+bY3oV3dQ4bpAOzWdzVmFjESUFx0xVwbTSJGXdkH4YmD5He+xwxTa0Je0HE5+ui5dbP1gxUY+pCGLOhGMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECGYAccNFWW6kAgIIAASCBMgbXw69iyx73RGWS3FYeuvF5L1VWXQGrDLdUGwa3SdovXxmP1pKBAb82UuiydXDpKSVCmefeEQTs6ucEFRmXrDIldNanqUwbydy3GSJ+4iNsVQHbFgNppH4e90L7BlLcZ3MzSrVEwxWVMHq+XLqTKf3X3QyrmA3mmF96+Nd+icpDIktd+/h2BHnSXHNP0QfVH27H4DwbMDijttXY0JB+8qP9m25Wn4zkmOPEUhrY4Ptv2I08eHFAuNI0jWUwfRhC4FDbUdwFb0aZjA3Te6uYTsu2zAlmg9HuqsD/Ef/wkBEKZLBkjiXa/niFVrwELXhWZDPBAuo+/1UbzXglsW4QDU4LbUutcs6DLag1vLe40a2LO1ODQm7Zw0bxLkb3f/ry6ZFYvO78XmHo4c/oQf4KPUtM2bLz5q7uOxAx07vHYaU2BVt3NjgiIO5VVKjw0075GdgFxwPvYncv1fsC5jSIkX43GuzEtoBTpJKDYb2nhKbN9XWixwGOhUBTK3WYBhn+uaMJs4l3EgkDtK9tsUs5VQQHawj0WrGS1mQhaBfcyZzv4wSn0d3JUO2CN0e9EReJcQvsEnwUvohilOvjDHHhTq8Kp4XU4jbq7TAKqxs3TOmdoskRykn9oKUPExJVhJQonFT3ietV5BHrnN/QoDCSeOR80ZxvWHrQDz3Hm1ygiHd8LYmN4IjiD8b28ZrCALifWxh0WmIYtLZrUjMZavPh+caWH9IG32fTxV9b1bgJD8vWqscj9jCjeMJvkKQo8PFg1kMAxt1u+bIyktTq42O9qxwGrdqEMeBzXxDJMMaRIH3m9LNZ/P5Nk4/hMURhCZJtRtNfOVTK+Q6kKgsdK2EHcuEnp/qBefZjve+xmitbF1W7C4+B7b2JNBacdIm1nE56DwglT/IUk65JrNFP3rf4c5ic76LCQrvyfLiKCGaqcihM9siLVFPYdrnr8TlGbCFnGbpBqMQA5MtZQaDUug50PJtdxlgfwWH4qliimgchCaZbSTcgN5YTguSe16uUSusHD+r6XdtI0939uDILXJjQMczhIKNw8w0Tn4Z3/g2KlB6cwbtaglnnO4a/USh0cPC1a581byNqeFoMi+mAhqfKkwdDuti4GX7OrhkUOkiRjEUXdcckpmmIsyamH/g1dq3CNFXFNIgRRrzIDo4Opr3Ip2VE/4BDQoo/+Rybzxh8bsHgCEujQf8urGxjGyd2ulHoXzHWhz7pPPuY5UN6dC9WZmOQDVous/1nhYThoLVVc61Rk6d83+Ac7iRg4bY5q/73J4HvPMmrTOOOqqn3wc9Pe5ibEy4tFaYnim4p1ZRm8YcwosZmuFPdsP6G5l5qt6uOyr2+qNpXIBkDpG7I6Ls10O7L3PQAX9zRGfcz6Ds0KtuDrLpaVvhuXpewsBwpo1lmhv9bAa4ppBuWznmKigX+vYojSxd/eCRAtMs+Lx6ppZsYNVhbdEIGKXSGwG98sSTZkoLHBMkUW7S8jpeSCHZWEFBUOPJQzAr5cW1w+RAs33cGUygZ5XEEx4DeW8MnO4lCuP+VDOwu3TAKhzAD+qCyXbLEzWiyL5fq3XL+YJtoAc8Mra9lK6jDqzq4u+PLNoYY+kWTBhCyRZ+PfzcXLry8pxuP5E6VtRgfYcxJTAjBgkqhkiG9w0BCRUxFgQUOEXV6IFYGpCSHi0MPHz4b3W0KOQwMTAhMAkGBSsOAwIaBQAEFBa+SV9FU2UObo+nYKdyt/kZVw6FBAgey4GonFtJ2gICCAA=`
    29. 

  29. 	pkcs12Cert            = `-----BEGIN CERTIFICATE-----
    30. 

  30. MIIDHTCCAgWgAwIBAgIRAKC4yxy9QGocND+6avTf7BgwDQYJKoZIhvcNAQELBQAw
    31. 

  31. EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0yMTAzMjAyMDA4MDhaFw0yMTAzMjAyMDM4
    32. 

  32. MDhaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
    33. 

  33. ggEKAoIBAQC3o6/JdZEqNbqNRkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4Nzj
    34. 

  34. aG15owr92/11W0pxPUliRLti3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvW
    35. 

  35. Y8jh8A0LQALZiV/9QsrJdXZdS47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE
    36. 

  36. 1gEDqnKfRxXI8DEQKXr+CKPUwCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4e
    37. 

  37. ugHe52vXHdh/HJ9VjNp0xOH1waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJa
    38. 

  38. YOOonQSEswveSv6PcG9AHvpNPot2Xs6hAgMBAAGjbjBsMA4GA1UdDwEB/wQEAwIC
    39. 

  39. pDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    40. 

  40. BBR00805mrpoonp95RmC3B6oLl+cGTAVBgNVHREEDjAMggpnb29ibGUuY29tMA0G
    41. 

  41. CSqGSIb3DQEBCwUAA4IBAQAipc1b6JrEDayPjpz5GM5krcI8dCWVd8re0a9bGjjN
    42. 

  42. ioWGlu/eTr5El0ffwCNZ2WLmL9rewfHf/bMvYz3ioFZJ2OTxfazqYXNggQz6cMfa
    43. 

  43. lbedDCdt5XLVX2TyerGvFram+9Uyvk3l0uM7rZnwAmdirG4Tv94QRaD3q4xTj/c0
    44. 

  44. mv+AggtK0aRFb9o47z/BypLdk5mhbf3Mmr88C8XBzEnfdYyf4JpTlZrYLBmDCu5d
    45. 

  45. 9RLLsjXxhag8xqMtd1uLUM8XOTGzVWacw8iGY+CTtBKqyA+AE6/bDwZvEwVtsKtC
    46. 

  46. QJ85ioEpy00NioqcF0WyMZH80uMsPycfpnl5uF7RkW8u
    47. 

  47. -----END CERTIFICATE-----
    48. 

  48. `
    49. 

  49. 	pkcs12Key = `-----BEGIN PRIVATE KEY-----
    50. 

  50. MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC3o6/JdZEqNbqN
    51. 

  51. RkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4NzjaG15owr92/11W0pxPUliRLti
    52. 

  52. 3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvWY8jh8A0LQALZiV/9QsrJdXZd
    53. 

  53. S47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE1gEDqnKfRxXI8DEQKXr+CKPU
    54. 

  54. wCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4eugHe52vXHdh/HJ9VjNp0xOH1
    55. 

  55. waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJaYOOonQSEswveSv6PcG9AHvpN
    56. 

  56. Pot2Xs6hAgMBAAECggEACTGPrmVNZDCWa1Y2hkJ0J7SoNcw+9O4M/jwMp4l/PD6P
    57. 

  57. I98S78LYLCZhPLK17SmjUcnFO1AXKW1JeFS2D/fjfP256guvcqQNjLFoioxcOhVb
    58. 

  58. ZGyd1Mi8JPqP5wfOj16gBeYDwTkjz9wqldcfiZaL9XoXetkZecbzR2JwC2FtIVuC
    59. 

  59. 0njTjMNYpaBKnoLb8OTR0EQz7lYEo2MkQiWryz8wseONnFmdfh18p+p10YgCbuCH
    60. 

  60. qesrWfDLLxaxZelNtDhDngg9LoCLmarYy7BgShacmUEgJTZ/x3xFC75thK3ln0OY
    61. 

  61. +ktTgvVotYYaZi7qAjQiEsTvkTAPg5RMpQLd2UIWsQKBgQDCBp+1vURbwGzmTNUg
    62. 

  62. HMipD6WDFdLc9DCacx6+ZqsEPTMWQbCpVZrDKiY0Rjt5F+xOCyMr00J5RDJXRC0G
    63. 

  63. +L7NcJdywOFutT7vB+cmETg7l/6PHweNYBnE66706eTL/KVYZMi4tEinarPWhHmL
    64. 

  64. jasfdLANtpDjdWkRt299TkPRbQKBgQDyS8Rr7KZdv04Csqkf+ASmiJpT5R6Y72kc
    65. 

  65. 3XYpKETyB2FyPZkuh/zInMut9SkkSI9O/jA3zf956jj6sF1DHvp7T8KkIp5OAQeD
    66. 

  66. J9AF65m2MnZfHFUeJ6ZQsggwMWqrD0ycIWP7YWtiBHH+D1wGkjYrssq+bvG/yNpA
    67. 

  67. LtqdKq9lhQKBgQCZA2hIhy61vRckuEsLvCdzTGeW7UsR/XGnHEqOlaEhArKbRsrv
    68. 

  68. gBdA+qiOaSTV5svw8E+YbE7sG6AnuhhYeyreEYEeeoZOLJmpIG5mUwYp2UBj1nC6
    69. 

  69. SaOI7OVZOGu7g09SWokBQQxbG4cgEfFY4Sym7fs5lVTGTP3Dfwppo6NQMQKBgQCo
    70. 

  70. J5NDP3Lafwk58BpV+H/pv8YzUUDh7M2rXbtCpxLqUdr8OOnVlEUISWFF8m5CIyVq
    71. 

  71. MhjuscWLK9Wtjba7/YTjDaDM3sW05xv6lyfU5ATCoNTr/zLHgcb4HAZ4w+L+otiN
    72. 

  72. RtMnxB2NYf5mzuwUF2cG/secUEzwyAlIH/xStSwTLQKBgQCRvqF+rqxnegoOgwVW
    73. 

  73. qrWPv06wXD8dW2FlPpY5GXqA0l6erSK3YsQQToRmbem9ibPD7bd5P4gNbWfxwK4C
    74. 

  74. Wt+1Rcb8OrDhDJbYz85bXBnPecKp4EN0b9SHO0/dsCqn2w30emc+9T/4m1ZDkpBd
    75. 

  75. BixHvI/EJ8YK3ta5WdJWKC6hnA==
    76. 

  76. -----END PRIVATE KEY-----
    77. 

  77. `
    78. 

  78. 	jwkPubRSA     = `{"kid":"ex","kty":"RSA","key_ops":["sign","verify","wrapKey","unwrapKey","encrypt","decrypt"],"n":"p2VQo8qCfWAZmdWBVaYuYb-a-tWWm78K6Sr9poCvNcmv8rUPSLACxitQWR8gZaSH1DklVkqz-Ed8Cdlf8lkDg4Ex5tkB64jRdC1Uvn4CDpOH6cp-N2s8hTFLqy9_YaDmyQS7HiqthOi9oVjil1VMeWfaAbClGtFt6UnKD0Vb_DvLoWYQSqlhgBArFJi966b4E1pOq5Ad02K8pHBDThlIIx7unibLehhDU6q3DCwNH_OOLx6bgNtmvGYJDd1cywpkLQ3YzNCUPWnfMBJRP3iQP_WI21uP6cvo0DqBPBM4wvVzHbCT0vnIflwkbgEWkq1FprqAitZlop9KjLqzjp9vyQ","e":"AQAB"}`
    79. 

  79. 	jwkPubRSAPKIX = `-----BEGIN PUBLIC KEY-----
    80. 

  80. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2VQo8qCfWAZmdWBVaYu
    81. 

  81. Yb+a+tWWm78K6Sr9poCvNcmv8rUPSLACxitQWR8gZaSH1DklVkqz+Ed8Cdlf8lkD
    82. 

  82. g4Ex5tkB64jRdC1Uvn4CDpOH6cp+N2s8hTFLqy9/YaDmyQS7HiqthOi9oVjil1VM
    83. 

  83. eWfaAbClGtFt6UnKD0Vb/DvLoWYQSqlhgBArFJi966b4E1pOq5Ad02K8pHBDThlI
    84. 

  84. Ix7unibLehhDU6q3DCwNH/OOLx6bgNtmvGYJDd1cywpkLQ3YzNCUPWnfMBJRP3iQ
    85. 

  85. P/WI21uP6cvo0DqBPBM4wvVzHbCT0vnIflwkbgEWkq1FprqAitZlop9KjLqzjp9v
    86. 

  86. yQIDAQAB
    87. 

  87. -----END PUBLIC KEY-----
    88. 

  88. `
    89. 

  89. 	jwkPrivRSA      = `{"kty" : "RSA","kid" : "cc34c0a0-bd5a-4a3c-a50d-a2a7db7643df","use" : "sig","n"   : "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w","e"   : "AQAB","d"   : "ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q","p"   : "4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0","q"   : "ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8","dp"  : "lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE","dq"  : "mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk","qi"  : "ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg"}`
    90. 

  90. 	jwkPrivRSAPKCS8 = `-----BEGIN PRIVATE KEY-----
    91. 

  91. MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQCmN2yzxloN8Qfo
    92. 

  92. rpTsZ5bafEOpHgg/Tj1+TV8rSWd2KZswxUF0+/+FKmbxPwS0EPGtR2LU4dl8yFSL
    93. 

  93. EZq637edDgYb2czbj2jGEK3Gqo28ReuZBEapzPIvG6H58qf0WD76FL1SlrMel9UA
    94. 

  94. WcHloJ9eg2E+4jygHLIUowpo5WAc2o/k0ESppuIt+1kPdb+WwUI8a7OvhWnRhLvN
    95. 

  95. LaENhJwLag4y7isZTUtwxl/f2nfXncKrttLZeHpj6/DmnDMVhl2NDEOfzHwEbd8n
    96. 

  96. qPxMYtdCxsofXbXz8dxQlG8zB2ltRAbme8DYZdWoup3CnTngvOT38H9/WVWuY4q4
    97. 

  97. eNM0erjzAgMBAAECggEBAJLA5rnHTCV5BRmcYqJjR566DmcXvAJgywxjtb4bPjzm
    98. 

  98. uT2TO5rVD6J8cI1ZrYZqW2c5WvpIOeThXzu2HF4YPh5tjlkysJu9/6y4dyWr2h47
    99. 

  99. warFSrqK191d0WJEq6Oh8mCMxSdRJO7C8W4w0XAzo+Inr0l9KDfZfiWYWg2JT5XI
    100. 

  100. ubibKKq6P2KxND0UVlYbRsp3fv2loEL9WM5H2bjA/oSbQ4tSJtobpjlsQOHmaxbP
    101. 

  101. XhvsIV3Dr2ksDuLEhm0vfXnEGRzNk3HV3gLNT741YEP3Sp2ZRjd5U1qFn0D+eWe0
    102. 

  102. 4LfDX9auGQCnfjZTHvu4qghX7JxcF40omjmtgkRmZ/kCgYEA4A5nU4ahEww7B65y
    103. 

  103. uzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ++wwf
    104. 

  104. pRwHvSxtNU9qXb8ewo+BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3In
    105. 

  105. KF4JvIlchyqs0RQ8wx7lULqwnn0CgYEAven83GM6SfrmO+TBHbjTk6JhP/3CMsIv
    106. 

  106. mSdo4KrbQNvp4vHO3w1/0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEB
    107. 

  107. pxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA+k4UoH/eQmGKGK44TRz
    108. 

  108. Yj5hZYGWIC8CgYEAlmmU/AG5SGxBhJqb8wxfNXDPJjf//i92BgJT2Vp4pskBbr5P
    109. 

  109. GoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ+m0/XSWx13v9t9DIbheA
    110. 

  110. tgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpECgYEA
    111. 

  111. mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe//EjuCBbwHfcT8OG3hWOv8vpzo
    112. 

  112. kQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p+AF2p6Yfahscjtq+GY9cB85Nx
    113. 

  113. Ly2IXCC0PF++Sq9LOrTE9QV988SJy/yUrAjcZ5MmECkCgYEAldHXIrEmMZVaNwGz
    114. 

  114. DF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uY
    115. 

  115. iqewXfCKw/UngrJt8Xwfq1Zruz0YY869zPN4GiE9+9rzdZB33RBw8kIOquY3MK74
    116. 

  116. FMwCihYx/LiU2YTHkaoJ3ncvtvg=
    117. 

  117. -----END PRIVATE KEY-----
    118. 

  118. `
    119. 

  119. 	jwkPubEC     = `{"kid":"https://kv-test-mj.vault.azure.net/keys/ec-p-521/e3d0e9c179b54988860c69c6ae172c65","kty":"EC","key_ops":["sign","verify"],"crv":"P-521","x":"AedOAtb7H7Oz1C_cPKI_R4CN_eai5nteY6KFW07FOoaqgQfVCSkQDK22fCOiMT_28c8LZYJRsiIFz_IIbQUW7bXj","y":"AOnchHnmBphIWXvanmMAmcCDkaED6ycW8GsAl9fQ43BMVZTqcTkJYn6vGnhn7MObizmkNSmgZYTwG-vZkIg03HHs"}`
    120. 

  120. 	jwkPubECPKIX = `-----BEGIN PUBLIC KEY-----
    121. 

  121. MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB504C1vsfs7PUL9w8oj9HgI395qLm
    122. 

  122. e15jooVbTsU6hqqBB9UJKRAMrbZ8I6IxP/bxzwtlglGyIgXP8ghtBRbtteMA6dyE
    123. 

  123. eeYGmEhZe9qeYwCZwIORoQPrJxbwawCX19DjcExVlOpxOQlifq8aeGfsw5uLOaQ1
    124. 

  124. KaBlhPAb69mQiDTccew=
    125. 

  125. -----END PUBLIC KEY-----
    126. 

  126. `
    127. 

  127. 	jwkPrivEC      = `{"kty": "EC","kid": "rie3pHe8u8gjSa0IaJfqk7_iEfHeYfDYx-Bqi7vQc0s","crv": "P-256","x": "fDjg3Nq4jPf8IOZ0277aPVal_8iXySnzLUJAZghUzZM","y": "d863PeyBOK_Q4duiSmWwgIRzi1RPlFZTR-vACMlPg-Q","d": "jJs5xsoHUetdMabtt8H2KyX5T92nGul1chFeMT5hlr0"}`
    128. 

  128. 	jwkPrivECPKCS8 = `-----BEGIN PRIVATE KEY-----
    129. 

  129. MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgjJs5xsoHUetdMabt
    130. 

  130. t8H2KyX5T92nGul1chFeMT5hlr2hRANCAAR8OODc2riM9/wg5nTbvto9VqX/yJfJ
    131. 

  131. KfMtQkBmCFTNk3fOtz3sgTiv0OHbokplsICEc4tUT5RWU0frwAjJT4Pk
    132. 

  132. -----END PRIVATE KEY-----
    133. 

  133. `
    134. 

  134. )
    135. 

  135. 

  136. func TestExecute(t *testing.T) {
    137. 

  137. 	tbl := []struct {
    138. 

  138. 		name        string
    139. 

  139. 		tpl         map[string][]byte
    140. 

  140. 		data        map[string][]byte
    141. 

  141. 		expetedData map[string][]byte
    142. 

  142. 		expErr      string
    143. 

  143. 	}{
    144. 

  144. 		{
    145. 

  145. 			name: "test empty",
    146. 

  146. 			tpl:  nil,
    147. 

  147. 			data: nil,
    148. 

  148. 		},
    149. 

  149. 		{
    150. 

  150. 			name: "b64dec func",
    151. 

  151. 			tpl: map[string][]byte{
    152. 

  152. 				"foo": []byte("{{ .secret | b64dec }}"),
    153. 

  153. 			},
    154. 

  154. 			data: map[string][]byte{
    155. 

  155. 				"secret": []byte("MTIzNA=="),
    156. 

  156. 			},
    157. 

  157. 			expetedData: map[string][]byte{
    158. 

  158. 				"foo": []byte("1234"),
    159. 

  159. 			},
    160. 

  160. 		},
    161. 

  161. 		{
    162. 

  162. 			name: "fromJSON func",
    163. 

  163. 			tpl: map[string][]byte{
    164. 

  164. 				"foo": []byte("{{ $var := .secret | fromJson }}{{ $var.foo }}"),
    165. 

  165. 			},
    166. 

  166. 			data: map[string][]byte{
    167. 

  167. 				"secret": []byte(`{"foo": "bar"}`),
    168. 

  168. 			},
    169. 

  169. 			expetedData: map[string][]byte{
    170. 

  170. 				"foo": []byte("bar"),
    171. 

  171. 			},
    172. 

  172. 		},
    173. 

  173. 		{
    174. 

  174. 			name: "from & toJSON func",
    175. 

  175. 			tpl: map[string][]byte{
    176. 

  176. 				"foo": []byte("{{ $var := .secret | fromJson }}{{ $var.foo | toJson }}"),
    177. 

  177. 			},
    178. 

  178. 			data: map[string][]byte{
    179. 

  179. 				"secret": []byte(`{"foo": {"baz":"bang"}}`),
    180. 

  180. 			},
    181. 

  181. 			expetedData: map[string][]byte{
    182. 

  182. 				"foo": []byte(`{"baz":"bang"}`),
    183. 

  183. 			},
    184. 

  184. 		},
    185. 

  185. 		{
    186. 

  186. 			name: "use sprig functions",
    187. 

  187. 			tpl: map[string][]byte{
    188. 

  188. 				"foo": []byte(`{{ .path | ext }}`),
    189. 

  189. 			},
    190. 

  190. 			data: map[string][]byte{
    191. 

  191. 				"path": []byte(`foo/bar/baz.exe`),
    192. 

  192. 			},
    193. 

  193. 			expetedData: map[string][]byte{
    194. 

  194. 				"foo": []byte(`.exe`),
    195. 

  195. 			},
    196. 

  196. 		},
    197. 

  197. 		{
    198. 

  198. 			name: "multiline template",
    199. 

  199. 			tpl: map[string][]byte{
    200. 

  200. 				"cfg": []byte(`
    201. 

  201. 		datasources:
    202. 

  202. 		- name: Graphite
    203. 

  203. 			type: graphite
    204. 

  204. 			access: proxy
    205. 

  205. 			url: http://localhost:8080
    206. 

  206. 			password: "{{ .password }}"
    207. 

  207. 			user: "{{ .user }}"`),
    208. 

  208. 			},
    209. 

  209. 			data: map[string][]byte{
    210. 

  210. 				"user":     []byte(`foobert`),
    211. 

  211. 				"password": []byte("harharhar"),
    212. 

  212. 			},
    213. 

  213. 			expetedData: map[string][]byte{
    214. 

  214. 				"cfg": []byte(`
    215. 

  215. 		datasources:
    216. 

  216. 		- name: Graphite
    217. 

  217. 			type: graphite
    218. 

  218. 			access: proxy
    219. 

  219. 			url: http://localhost:8080
    220. 

  220. 			password: "harharhar"
    221. 

  221. 			user: "foobert"`),
    222. 

  222. 			},
    223. 

  223. 		},
    224. 

  224. 		{
    225. 

  225. 			name: "base64 pipeline",
    226. 

  226. 			tpl: map[string][]byte{
    227. 

  227. 				"foo": []byte(`{{ "123412341234" | b64enc | b64dec }}`),
    228. 

  228. 			},
    229. 

  229. 			data: map[string][]byte{},
    230. 

  230. 			expetedData: map[string][]byte{
    231. 

  231. 				"foo": []byte("123412341234"),
    232. 

  232. 			},
    233. 

  233. 		},
    234. 

  234. 		{
    235. 

  235. 			name: "base64 pkcs12 extract",
    236. 

  236. 			tpl: map[string][]byte{
    237. 

  237. 				"key":  []byte(`{{ .secret | b64dec | pkcs12key }}`),
    238. 

  238. 				"cert": []byte(`{{ .secret | b64dec | pkcs12cert }}`),
    239. 

  239. 			},
    240. 

  240. 			data: map[string][]byte{
    241. 

  241. 				"secret": []byte(pkcs12ContentNoPass),
    242. 

  242. 			},
    243. 

  243. 			expetedData: map[string][]byte{
    244. 

  244. 				"key":  []byte(pkcs12Key),
    245. 

  245. 				"cert": []byte(pkcs12Cert),
    246. 

  246. 			},
    247. 

  247. 		},
    248. 

  248. 		{
    249. 

  249. 			name: "base64 pkcs12 extract with password",
    250. 

  250. 			tpl: map[string][]byte{
    251. 

  251. 				"key":  []byte(`{{ .secret | b64dec | pkcs12keyPass "123456" }}`),
    252. 

  252. 				"cert": []byte(`{{ .secret | b64dec | pkcs12certPass "123456" }}`),
    253. 

  253. 			},
    254. 

  254. 			data: map[string][]byte{
    255. 

  255. 				"secret": []byte(pkcs12ContentWithPass),
    256. 

  256. 			},
    257. 

  257. 			expetedData: map[string][]byte{
    258. 

  258. 				"key":  []byte(pkcs12Key),
    259. 

  259. 				"cert": []byte(pkcs12Cert),
    260. 

  260. 			},
    261. 

  261. 		},
    262. 

  262. 		{
    263. 

  263. 			name: "base64 decode error",
    264. 

  264. 			tpl: map[string][]byte{
    265. 

  265. 				"key": []byte(`{{ .example | b64dec }}`),
    266. 

  266. 			},
    267. 

  267. 			data: map[string][]byte{
    268. 

  268. 				"example": []byte("iam_no_base64"),
    269. 

  269. 			},
    270. 

  270. 			expErr: "", // silent error
    271. 

  271. 		},
    272. 

  272. 		{
    273. 

  273. 			name: "pkcs12 key wrong password",
    274. 

  274. 			tpl: map[string][]byte{
    275. 

  275. 				"key": []byte(`{{ .secret | b64dec | pkcs12keyPass "wrong" }}`),
    276. 

  276. 			},
    277. 

  277. 			data: map[string][]byte{
    278. 

  278. 				"secret": []byte(pkcs12ContentWithPass),
    279. 

  279. 			},
    280. 

  280. 			expErr: "unable to decode pkcs12",
    281. 

  281. 		},
    282. 

  282. 		{
    283. 

  283. 			name: "pkcs12 cert wrong password",
    284. 

  284. 			tpl: map[string][]byte{
    285. 

  285. 				"cert": []byte(`{{ .secret | b64dec | pkcs12certPass "wrong" }}`),
    286. 

  286. 			},
    287. 

  287. 			data: map[string][]byte{
    288. 

  288. 				"secret": []byte(pkcs12ContentWithPass),
    289. 

  289. 			},
    290. 

  290. 			expErr: "unable to decode pkcs12",
    291. 

  291. 		},
    292. 

  292. 		{
    293. 

  293. 			name: "fromJSON error",
    294. 

  294. 			tpl: map[string][]byte{
    295. 

  295. 				"key": []byte(`{{ "{ # no json # }" | fromJson }}`),
    296. 

  296. 			},
    297. 

  297. 			data:   map[string][]byte{},
    298. 

  298. 			expErr: "", // silent error
    299. 

  299. 		},
    300. 

  300. 		{
    301. 

  301. 			name: "template syntax error",
    302. 

  302. 			tpl: map[string][]byte{
    303. 

  303. 				"key": []byte(`{{ #xx }}`),
    304. 

  304. 			},
    305. 

  305. 			data:   map[string][]byte{},
    306. 

  306. 			expErr: "unable to parse template",
    307. 

  307. 		},
    308. 

  308. 		{
    309. 

  309. 			name: "jwk rsa pub pem",
    310. 

  310. 			tpl: map[string][]byte{
    311. 

  311. 				"fn": []byte(`{{ .secret | jwkPublicKeyPem }}`),
    312. 

  312. 			},
    313. 

  313. 			data: map[string][]byte{
    314. 

  314. 				"secret": []byte(jwkPubRSA),
    315. 

  315. 			},
    316. 

  316. 			expetedData: map[string][]byte{
    317. 

  317. 				"fn": []byte(jwkPubRSAPKIX),
    318. 

  318. 			},
    319. 

  319. 		},
    320. 

  320. 		{
    321. 

  321. 			name: "jwk rsa priv pem",
    322. 

  322. 			tpl: map[string][]byte{
    323. 

  323. 				"fn": []byte(`{{ .secret | jwkPrivateKeyPem }}`),
    324. 

  324. 			},
    325. 

  325. 			data: map[string][]byte{
    326. 

  326. 				"secret": []byte(jwkPrivRSA),
    327. 

  327. 			},
    328. 

  328. 			expetedData: map[string][]byte{
    329. 

  329. 				"fn": []byte(jwkPrivRSAPKCS8),
    330. 

  330. 			},
    331. 

  331. 		},
    332. 

  332. 		{
    333. 

  333. 			name: "jwk ecdsa pub pem",
    334. 

  334. 			tpl: map[string][]byte{
    335. 

  335. 				"fn": []byte(`{{ .secret | jwkPublicKeyPem }}`),
    336. 

  336. 			},
    337. 

  337. 			data: map[string][]byte{
    338. 

  338. 				"secret": []byte(jwkPubEC),
    339. 

  339. 			},
    340. 

  340. 			expetedData: map[string][]byte{
    341. 

  341. 				"fn": []byte(jwkPubECPKIX),
    342. 

  342. 			},
    343. 

  343. 		},
    344. 

  344. 		{
    345. 

  345. 			name: "jwk ecdsa priv pem",
    346. 

  346. 			tpl: map[string][]byte{
    347. 

  347. 				"fn": []byte(`{{ .secret | jwkPrivateKeyPem }}`),
    348. 

  348. 			},
    349. 

  349. 			data: map[string][]byte{
    350. 

  350. 				"secret": []byte(jwkPrivEC),
    351. 

  351. 			},
    352. 

  352. 			expetedData: map[string][]byte{
    353. 

  353. 				"fn": []byte(jwkPrivECPKCS8),
    354. 

  354. 			},
    355. 

  355. 		},
    356. 

  356. 		{
    357. 

  357. 			name: "filter pem certificate",
    358. 

  358. 			tpl: map[string][]byte{
    359. 

  359. 				"fn": []byte(`{{ .secret | filterPEM "CERTIFICATE" }}`),
    360. 

  360. 			},
    361. 

  361. 			data: map[string][]byte{
    362. 

  362. 				"secret": []byte(jwkPrivRSAPKCS8 + pkcs12Cert),
    363. 

  363. 			},
    364. 

  364. 			expetedData: map[string][]byte{
    365. 

  365. 				"fn": []byte(pkcs12Cert),
    366. 

  366. 			},
    367. 

  367. 		},
    368. 

  368. 	}
    369. 

  369. 

  370. 	for i := range tbl {
    371. 

  371. 		row := tbl[i]
    372. 

  372. 		t.Run(row.name, func(t *testing.T) {
    373. 

  373. 			sec := &corev1.Secret{
    374. 

  374. 				Data: make(map[string][]byte),
    375. 

  375. 			}
    376. 

  376. 			err := Execute(row.tpl, row.data, sec)
    377. 

  377. 			if !ErrorContains(err, row.expErr) {
    378. 

  378. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    379. 

  379. 			}
    380. 

  380. 			if row.expetedData == nil {
    381. 

  381. 				return
    382. 

  382. 			}
    383. 

  383. 			assert.EqualValues(t, row.expetedData, sec.Data)
    384. 

  384. 		})
    385. 

  385. 	}
    386. 

  386. }
    387. 

  387. 

  388. func ErrorContains(out error, want string) bool {
    389. 

  389. 	if out == nil {
    390. 

  390. 		return want == ""
    391. 

  391. 	}
    392. 

  392. 	if want == "" {
    393. 

  393. 		return false
    394. 

  394. 	}
    395. 

  395. 	return strings.Contains(out.Error(), want)
    396. 

  396. }
    397. 

  397. 

  398. func TestPkcs12certPass(t *testing.T) {
    399. 

  399. 	const (
    400. 

  400. 		leafCertPath         = "_testdata/foo.crt"
    401. 

  401. 		intermediateCertPath = "_testdata/intermediate-ca.crt"
    402. 

  402. 		rootCertPath         = "_testdata/root-ca.crt"
    403. 

  403. 		disjunctCertPath     = "_testdata/disjunct-root-ca.crt"
    404. 

  404. 	)
    405. 

  405. 	type args struct {
    406. 

  406. 		pass     string
    407. 

  407. 		filename string
    408. 

  408. 	}
    409. 

  409. 	type testCase struct {
    410. 

  410. 		name    string
    411. 

  411. 		args    args
    412. 

  412. 		want    []string
    413. 

  413. 		wantErr bool
    414. 

  414. 	}
    415. 

  415. 	tests := []testCase{
    416. 

  416. 		{
    417. 

  417. 			// this case expects the whole chain to be stored
    418. 

  418. 			// in a single bag.
    419. 

  419. 			// bag(1): leaf/root/intermediate cert
    420. 

  420. 			// bag(2): private key
    421. 

  421. 			name: "read file without password",
    422. 

  422. 			args: args{
    423. 

  423. 				pass:     "",
    424. 

  424. 				filename: "_testdata/foo-nopass.pfx",
    425. 

  425. 			},
    426. 

  426. 			want: []string{
    427. 

  427. 				// this order is important
    428. 

  428. 				leafCertPath,
    429. 

  429. 				intermediateCertPath,
    430. 

  430. 				rootCertPath,
    431. 

  431. 			},
    432. 

  432. 		},
    433. 

  433. 		{
    434. 

  434. 			// same as above but with password
    435. 

  435. 			name: "read file with password",
    436. 

  436. 			args: args{
    437. 

  437. 				pass:     "1234",
    438. 

  438. 				filename: "_testdata/foo-withpass-1234.pfx",
    439. 

  439. 			},
    440. 

  440. 			want: []string{
    441. 

  441. 				// this order is important
    442. 

  442. 				leafCertPath,
    443. 

  443. 				intermediateCertPath,
    444. 

  444. 				rootCertPath,
    445. 

  445. 			},
    446. 

  446. 		},
    447. 

  447. 		{
    448. 

  448. 			// cert chain may be stored in different bags
    449. 

  449. 			// this test case uses a pfx that has the following structure:
    450. 

  450. 			// bag(1): leaf certificate
    451. 

  451. 			// bag(2): root + intermediate cert
    452. 

  452. 			// bag(3): private key
    453. 

  453. 			name: "read multibag cert chain",
    454. 

  454. 			args: args{
    455. 

  455. 				pass:     "",
    456. 

  456. 				filename: "_testdata/foo-multibag-nopass.pfx",
    457. 

  457. 			},
    458. 

  458. 			want: []string{
    459. 

  459. 				// this order is important
    460. 

  460. 				leafCertPath,
    461. 

  461. 				intermediateCertPath,
    462. 

  462. 				rootCertPath,
    463. 

  463. 			},
    464. 

  464. 		},
    465. 

  465. 		{
    466. 

  466. 			// cert chain may contain a disjunct cert
    467. 

  467. 			// bag(1): leaf/root/intermediate/disjunct
    468. 

  468. 			// bag(2): private key
    469. 

  469. 			name: "read disjunct cert chain",
    470. 

  470. 			args: args{
    471. 

  471. 				pass:     "",
    472. 

  472. 				filename: "_testdata/foo-disjunct-nopass.pfx",
    473. 

  473. 			},
    474. 

  474. 			want: []string{
    475. 

  475. 				// this order is important
    476. 

  476. 				leafCertPath,
    477. 

  477. 				rootCertPath,
    478. 

  478. 				intermediateCertPath,
    479. 

  479. 				disjunctCertPath,
    480. 

  480. 			},
    481. 

  481. 		},
    482. 

  482. 		{
    483. 

  483. 			name: "read file wrong password",
    484. 

  484. 			args: args{
    485. 

  485. 				pass:     "wrongpass",
    486. 

  486. 				filename: "_testdata/foo-withpass-1234.pfx",
    487. 

  487. 			},
    488. 

  488. 			wantErr: true,
    489. 

  489. 		},
    490. 

  490. 	}
    491. 

  491. 

  492. 	testFunc := func(t *testing.T, tc testCase) {
    493. 

  493. 		archive, err := os.ReadFile(tc.args.filename)
    494. 

  494. 		if err != nil {
    495. 

  495. 			t.Error(err)
    496. 

  496. 		}
    497. 

  497. 		var expOut []byte
    498. 

  498. 		for _, w := range tc.want {
    499. 

  499. 			c, err := os.ReadFile(w)
    500. 

  500. 			if err != nil {
    501. 

  501. 				t.Error(err)
    502. 

  502. 			}
    503. 

  503. 			expOut = append(expOut, c...)
    504. 

  504. 		}
    505. 

  505. 		got, err := pkcs12certPass(tc.args.pass, string(archive))
    506. 

  506. 		if (err != nil) != tc.wantErr {
    507. 

  507. 			t.Errorf("pkcs12certPass() error = %v, wantErr %v", err, tc.wantErr)
    508. 

  508. 			return
    509. 

  509. 		}
    510. 

  510. 		if diff := cmp.Diff(string(expOut), got); diff != "" {
    511. 

  511. 			t.Errorf("pkcs12certPass() = diff:\n%s", diff)
    512. 

  512. 		}
    513. 

  513. 	}
    514. 

  514. 

  515. 	for _, tt := range tests {
    516. 

  516. 		t.Run(tt.name, func(t *testing.T) {
    517. 

  517. 			testFunc(t, tt)
    518. 

  518. 		})
    519. 

  519. 	}
    520. 

  520. }
    521.