logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
							/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package github

import (
	"context"
	"fmt"
	"net/http"
	"net/http/httptest"
	"os"
	"reflect"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	v1 "k8s.io/api/core/v1"
	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"sigs.k8s.io/controller-runtime/pkg/client"
	clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
)

const (
	tstCrtName = "github_test.pem"
)

func testHTTPSrv(t *testing.T, r []byte, s int) *httptest.Server {
	return httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		assert.Equal(t, "POST", req.Method, "Expected POST request")
		assert.NotEmpty(t, req.Body)
		assert.NotEmpty(t, req.Header.Get("Authorization"))
		assert.Equal(t, "application/vnd.github.v3+json", req.Header.Get("Accept"))

		// Send response to be tested
		rw.WriteHeader(s)
		rw.Write(r)
	}))
}
func TestGenerate(t *testing.T) {
	type args struct {
		ctx       context.Context
		jsonSpec  *apiextensions.JSON
		kube      client.Client
		namespace string
	}
	pem, err := os.ReadFile(tstCrtName)
	assert.NoError(t, err, "Should not error when reading privateKey")

	validResponce := []byte(`{
		"token": "ghs_16C7e42F292c6912E7710c838347Ae178B4a",
		"expires_at": "2016-07-11T22:14:10Z",
		"permissions": {
		  "contents": "read"
		},
		"repositories": [
			{
				"id": 10000
			}
		],
		"repository_selection": "selected"
	  }`)

	invalidResponce := []byte(`{
		"documentation_url": "https://docs.github.com/rest/reference/apps#create-an-installation-access-token-for-an-app",
		"message": "There is at least one repository that does not exist or is not accessible to the parent installation.",
		"status": 422
	  }`)

	server := testHTTPSrv(t, validResponce, http.StatusCreated)
	badServer := testHTTPSrv(t, invalidResponce, 422)

	tests := []struct {
		name      string
		g         *Generator
		args      args
		want      map[string][]byte
		assertErr func(t *testing.T, err error)
		server    *httptest.Server
	}{
		{
			name: "nil spec",
			args: args{
				jsonSpec: nil,
			},
			assertErr: func(t *testing.T, err error) {
				require.Error(t, err)
			},
			server: server,
		},
		{
			name: "full spec",
			args: args{
				ctx:       context.TODO(),
				namespace: "foo",
				kube: clientfake.NewClientBuilder().WithObjects(&v1.Secret{
					ObjectMeta: metav1.ObjectMeta{
						Name:      "testName",
						Namespace: "foo",
					},
					Data: map[string][]byte{
						"privateKey": pem,
					},
				}).Build(),
				jsonSpec: &apiextensions.JSON{
					Raw: []byte(fmt.Sprintf(`apiVersion: generators.external-secrets.io/v1alpha1
kind: GithubToken
spec:
  appID: "0000000"
  installID: "00000000"
  URL: %q
  repositories:
  - "Hello-World"
  permissions:
    contents: "read"
  auth:
    privateKey:
      secretRef:
        name: "testName"
        namespace: "foo"
        key: "privateKey"`, server.URL)),
				},
			},
			want: map[string][]byte{
				"token": []byte("ghs_16C7e42F292c6912E7710c838347Ae178B4a"),
			},
			assertErr: func(t *testing.T, err error) {
				require.NoError(t, err)
			},
			server: server,
		},
		{
			name: "fail on bad request",
			args: args{
				ctx:       context.TODO(),
				namespace: "foo",
				kube: clientfake.NewClientBuilder().WithObjects(&v1.Secret{
					ObjectMeta: metav1.ObjectMeta{
						Name:      "testName",
						Namespace: "foo",
					},
					Data: map[string][]byte{
						"privateKey": pem,
					},
				}).Build(),
				jsonSpec: &apiextensions.JSON{
					Raw: []byte(fmt.Sprintf(`apiVersion: generators.external-secrets.io/v1alpha1
kind: GithubToken
spec:
  appID: "0000000"
  installID: "00000000"
  URL: %q
  repositories:
  - "octocat/Hello-World"
  permissions:
    contents: "read"
  auth:
    privateKey:
      secretRef:
        name: "testName"
        namespace: "foo"
        key: "privateKey"`, badServer.URL)),
				},
			},
			assertErr: func(t *testing.T, err error) {
				assert.ErrorContains(t, err, "error generating token")
			},
			server: badServer,
		},
	}

	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			g := &Generator{httpClient: tt.server.Client()}
			got, _, err := g.generate(
				tt.args.ctx,
				tt.args.jsonSpec,
				tt.args.kube,
				tt.args.namespace,
			)

			tt.assertErr(t, err)
			if !reflect.DeepEqual(got, tt.want) {
				t.Errorf("Generator.Generate() = %s, want %s", got, tt.want)
			}
		})
	}
}