Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: f2dd729e55
Branches Tags
helm-externa...
/
e2e
/
suite
/
gcp
/
gcp.go

gcp.go 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. limitations under the License.
    12. 

  12. */
    13. 

  13. package gcp
    14. 

  14. 

  15. import (
    16. 

  16. 	"crypto/rand"
    17. 

  17. 	"crypto/x509"
    18. 

  18. 	"encoding/pem"
    19. 

  19. 	"fmt"
    20. 

  20. 	"os"
    21. 

  21. 

  22. 	// nolint
    23. 

  23. 	. "github.com/onsi/ginkgo"
    24. 

  24. 	// nolint
    25. 

  25. 	. "github.com/onsi/ginkgo/extensions/table"
    26. 

  26. 	v1 "k8s.io/api/core/v1"
    27. 

  27. 	p12 "software.sslmate.com/src/go-pkcs12"
    28. 

  28. 

  29. 	// nolint
    30. 

  30. 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
    31. 

  31. 	"github.com/external-secrets/external-secrets/e2e/framework"
    32. 

  32. 	"github.com/external-secrets/external-secrets/e2e/suite/common"
    33. 

  33. )
    34. 

  34. 

  35. var _ = Describe("[gcp] ", func() {
    36. 

  36. 	f := framework.New("eso-gcp")
    37. 

  37. 	credentials := os.Getenv("GCP_SM_SA_JSON")
    38. 

  38. 	projectID := os.Getenv("GCP_PROJECT_ID")
    39. 

  39. 	prov := newgcpProvider(f, credentials, projectID)
    40. 

  40. 

  41. 	// P12Cert case creates a secret with a p12 cert containing a privkey and cert bundled together.
    42. 

  42. 	// It uses templating to generate a k8s secret of type tls with pem values
    43. 

  43. 	p12Cert := func(tc *framework.TestCase) {
    44. 

  44. 		cloudSecretName := fmt.Sprintf("%s-%s", f.Namespace.Name, "p12-cert-example")
    45. 

  45. 		certPEM := `-----BEGIN CERTIFICATE-----
    46. 

  46. MIIFQjCCBCqgAwIBAgISBHszg5W2maz/7CIxGrf7mqukMA0GCSqGSIb3DQEBCwUA
    47. 

  47. MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
    48. 

  48. EwJSMzAeFw0yMTA3MjQxMjQyMzNaFw0yMTEwMjIxMjQyMzFaMCgxJjAkBgNVBAMT
    49. 

  49. HXRlbXBvcmFyeS5leHRlcm5hbC1zZWNyZXRzLmlvMIIBIjANBgkqhkiG9w0BAQEF
    50. 

  50. AAOCAQ8AMIIBCgKCAQEAyRROdZskA8qnGnoMgQ5Ry5MVY/lgo3HzlhKq02u23J2w
    51. 

  51. 14w+LiEU2hcSJKYv5OXysbfq7M52u2zXYZXs6krkQZlYNpFw7peZ0JtUbVkSpST/
    52. 

  52. X4b1GJKDSkRs7fTi+v+pb9OT9rTbtd8jfGe/YCe5rjXEm/ih2DgS13737lKCD5n6
    53. 

  53. 3QUOG7CR+SKFeRXOGkncqJHAyRkpNfAmS8m1C+ucodfjSFoqAwwVGx7eyEktG4s/
    54. 

  54. JbwLEb03hGrP15vnnOgxQmiAzWskxhMyHX6vmA71Oq4F3RVsuD3CEjKzgJ2+ghk3
    55. 

  55. BIY3DZSfSReWSMYM573YFglENi+qJK012XnFmZcevwIDAQABo4ICWjCCAlYwDgYD
    56. 

  56. VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
    57. 

  57. HRMBAf8EAjAAMB0GA1UdDgQWBBRvn1wGi46XcyhRIIxJkSSUoCyoNzAfBgNVHSME
    58. 

  58. GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB
    59. 

  59. BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov
    60. 

  60. L3IzLmkubGVuY3Iub3JnLzAoBgNVHREEITAfgh10ZW1wb3JhcnkuZXh0ZXJuYWwt
    61. 

  61. c2VjcmV0cy5pbzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
    62. 

  62. MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQYGCisG
    63. 

  63. AQQB1nkCBAIEgfcEgfQA8gB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8gC8xO
    64. 

  64. 8WTjAAABetjA0asAAAQDAEgwRgIhAPYbBNim7q3P0qmD9IrAx1E1fEClYpoLrAVs
    65. 

  65. 4LGBkQobAiEA+IaTPWs9eHmqtCwar96PNxE0Iucak0DYkgfcWJT5gfYAdwBvU3as
    66. 

  66. MfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXrYwNJTAAAEAwBIMEYCIQDY
    67. 

  67. xWJKFljK1AW2z/uVsU7TwcAAcIqUf5/nhS04JAwpfwIhANDTvwvcRvPebU7fv6dq
    68. 

  68. lNH1g2Oyv/4Vm7W+Vrc5cFD0MA0GCSqGSIb3DQEBCwUAA4IBAQAR29s3pDGZbNPN
    69. 

  69. 5K+Zqg9UDT8s+P0fb9r97T7hWEFkiUtG4bz7QvGzSoDXhD/DZkdjLmkX7+bLiE3L
    70. 

  70. hRSSYe+Am+Bw5soyzefX2FHAUeOLeK0mJhOrdiKqrW4nnvOOJWLkcWS799kW2z7j
    71. 

  71. 2MgUWTOz/xXGUOWHt1KjyoM31G3shoAIB9lg3lHbuVIyDd3yyUpjt0zevVdYrO9G
    72. 

  72. CgI2mJfv26EiddBvgudzN+R5Ayis9czaFHu8gpplaf9DahaKs1Uys6lg0HnzRn3l
    73. 

  73. XMYitHfpGhc+DTTiTWMQ13J0b1j4yv8A7ZaG2366aa28oSTD6eQFhmVCBwa54j++
    74. 

  74. IOwzHn5R
    75. 

  75. -----END CERTIFICATE-----
    76. 

  76. `
    77. 

  77. 		privkeyPEM := `-----BEGIN PRIVATE KEY-----
    78. 

  78. MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDJFE51myQDyqca
    79. 

  79. egyBDlHLkxVj+WCjcfOWEqrTa7bcnbDXjD4uIRTaFxIkpi/k5fKxt+rszna7bNdh
    80. 

  80. lezqSuRBmVg2kXDul5nQm1RtWRKlJP9fhvUYkoNKRGzt9OL6/6lv05P2tNu13yN8
    81. 

  81. Z79gJ7muNcSb+KHYOBLXfvfuUoIPmfrdBQ4bsJH5IoV5Fc4aSdyokcDJGSk18CZL
    82. 

  82. ybUL65yh1+NIWioDDBUbHt7ISS0biz8lvAsRvTeEas/Xm+ec6DFCaIDNayTGEzId
    83. 

  83. fq+YDvU6rgXdFWy4PcISMrOAnb6CGTcEhjcNlJ9JF5ZIxgznvdgWCUQ2L6okrTXZ
    84. 

  84. ecWZlx6/AgMBAAECggEBAI9sDX5zFuAhdsk6zppqtUrn8TTq1dQe3ihnzjKYvMhl
    85. 

  85. LZLA9EUA0ZexJv6/DqBMp6u9TDJ2HVgYDRQM1PxUSLTFhJb/bDayKUMS18ha5SKn
    86. 

  86. 3gKsBzvsnPqnDa84oYF4Q8mAdyRb4e66ZtxAP8985kLtFPxO/llzvXS5mmwBq8Ul
    87. 

  87. wlLOg5xAXubm3vgLyFm2GW9qI6ZvY9mmh1mv5ZLP8/8hikRjwJijnX3dyqqIAYnc
    88. 

  88. DHjJYy2I1VxGJybqVQRquG++Tl4qLXbOUZ/lhKe62ARx/MBR9lEst5TURc9N7U3D
    89. 

  89. Mgsu7FcFwqjVkig3P0XiNRWwCu0HrYee5rLXmtDnF9kCgYEA69+OuJM/RIsrLQQd
    90. 

  90. 1alppgT+SFyaJM3X1MJD3yxW6Vqqvkhqe7+XCWnmVYcpHPcilWmZnnQ3PiWqPJ8A
    91. 

  91. 3mIMp+Xg0ddFQXb3n7z4D0Mg4IPzvSKnlieTT1rDhhHRv/xArw1UBkF6kqcnZizZ
    92. 

  92. FcWcOIt/dYodTWZzPJtLtf7QW0sCgYEA2jy0vJ5rg0/CSinkccreegC6gbbd+oE9
    93. 

  93. uR/aGeu1XmnULoYYMMy7BLqd8/OiXvujbgUSUWnzbEclR88dPDkiRxDL7mYiaCn+
    94. 

  94. l9jPuVB1W5x6irJdG/7lpSnLuijpkzey177ZKrlfGsOjtVZsc1ytnqTCWsF1r9eY
    95. 

  95. yXCSvkJQjd0CgYEA5+vl0hh+MfBA4L9WcnpkNehc+luK+LspB7qHr81SG5qZngVo
    96. 

  96. JgspAAmPf/Mo+qEI8S5m7MVKeCHitD6HRSHVXdUK7GklYIwQSJEuuxr/HaLAquyD
    97. 

  97. KYH6NyGAdLfarFHka/rH7mq9kasnczCPtveZdoO7LKBD1ZHxptrvY6CLz+cCgYEA
    98. 

  98. yEq2xfXPTrDA7DgOhbFfBjHs+mfOyr4a2/Czxt5hkskmB5ziTsdXTTvJA8Ay4WGp
    99. 

  99. 2Kum6DmJQ3L4cDNR7ZeyMe7ke2QZZ+hC1TITU0zYqL+wZ+LTOYJzWWZGqBAsbwTL
    100. 

  100. it6JiYCgHHw5n5A18Jq6bcNg7NJpJH2GqDo9M4jBTbECgYEAlMuvNExEXGVzWrGF
    101. 

  101. NXHpAev64RJ2jTq59jtmxWrNvzeWJREOWd/Nt+0t+bE0sHMfgaMrhNFWiR8oesrF
    102. 

  102. Jdx0ECYawviQoreDAyIXV6HouoeRbDtLZ9AJvxMoIjGcjAR2FQHc3yx4h/lf3Tfx
    103. 

  103. x6HaRh+EUwU51von6M9lEF9/p5Q=
    104. 

  104. -----END PRIVATE KEY-----
    105. 

  105. `
    106. 

  106. 		blockCert, _ := pem.Decode([]byte(certPEM))
    107. 

  107. 		cert, _ := x509.ParseCertificate(blockCert.Bytes)
    108. 

  108. 		blockPrivKey, _ := pem.Decode([]byte(privkeyPEM))
    109. 

  109. 		privkey, _ := x509.ParsePKCS8PrivateKey(blockPrivKey.Bytes)
    110. 

  110. 		emptyCACerts := []*x509.Certificate{}
    111. 

  111. 		p12Cert, _ := p12.Encode(rand.Reader, privkey, cert, emptyCACerts, "")
    112. 

  112. 

  113. 		tc.Secrets = map[string]string{
    114. 

  114. 			cloudSecretName: string(p12Cert),
    115. 

  115. 		}
    116. 

  116. 

  117. 		tc.ExpectedSecret = &v1.Secret{
    118. 

  118. 			Type: v1.SecretTypeTLS,
    119. 

  119. 			Data: map[string][]byte{
    120. 

  120. 				"tls.crt": []byte(certPEM),
    121. 

  121. 				"tls.key": []byte(privkeyPEM),
    122. 

  122. 			},
    123. 

  123. 		}
    124. 

  124. 

  125. 		tc.ExternalSecret.Spec.Data = []esv1alpha1.ExternalSecretData{
    126. 

  126. 			{
    127. 

  127. 				SecretKey: "mysecret",
    128. 

  128. 				RemoteRef: esv1alpha1.ExternalSecretDataRemoteRef{
    129. 

  129. 					Key: cloudSecretName,
    130. 

  130. 				},
    131. 

  131. 			},
    132. 

  132. 		}
    133. 

  133. 

  134. 		tc.ExternalSecret.Spec.Target.Template = &esv1alpha1.ExternalSecretTemplate{
    135. 

  135. 			Type: v1.SecretTypeTLS,
    136. 

  136. 			Data: map[string]string{
    137. 

  137. 				"tls.crt": "{{ .mysecret | pkcs12cert | pemCertificate }}",
    138. 

  138. 				"tls.key": "{{ .mysecret | pkcs12key | pemPrivateKey }}",
    139. 

  139. 			},
    140. 

  140. 		}
    141. 

  141. 	}
    142. 

  142. 

  143. 	DescribeTable("sync secrets", framework.TableFunc(f, prov),
    144. 

  144. 		Entry(common.SimpleDataSync(f)),
    145. 

  145. 		Entry(common.JSONDataWithProperty(f)),
    146. 

  146. 		Entry(common.JSONDataFromSync(f)),
    147. 

  147. 		Entry(common.NestedJSONWithGJSON(f)),
    148. 

  148. 		Entry(common.JSONDataWithTemplate(f)),
    149. 

  149. 		Entry(common.DockerJSONConfig(f)),
    150. 

  150. 		Entry(common.DataPropertyDockerconfigJSON(f)),
    151. 

  151. 		Entry(common.SSHKeySync(f)),
    152. 

  152. 		Entry(common.SSHKeySyncDataProperty(f)),
    153. 

  153. 		Entry("should sync p12 encoded cert secret", p12Cert),
    154. 

  154. 	)
    155. 

  155. })
    156.