Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: f32ea9f91d
Branches Tags
helm-externa...
/
pkg
/
provider
/
kubernetes
/
provider_test.go

provider_test.go 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. package kubernetes
    15. 

  15. 

  16. import (
    17. 

  17. 	"context"
    18. 

  18. 	"testing"
    19. 

  19. 

  20. 	"github.com/stretchr/testify/assert"
    21. 

  21. 	corev1 "k8s.io/api/core/v1"
    22. 

  22. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    23. 

  23. 	"k8s.io/client-go/kubernetes"
    24. 

  24. 	clientgofake "k8s.io/client-go/kubernetes/fake"
    25. 

  25. 	pointer "k8s.io/utils/ptr"
    26. 

  26. 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
    27. 

  27. 	fclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
    28. 

  28. 

  29. 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    30. 

  30. 	v1 "github.com/external-secrets/external-secrets/apis/meta/v1"
    31. 

  31. )
    32. 

  32. 

  33. const (
    34. 

  34. 	testCertificate = `-----BEGIN CERTIFICATE-----
    35. 

  35. MIIDHTCCAgWgAwIBAgIRAKC4yxy9QGocND+6avTf7BgwDQYJKoZIhvcNAQELBQAw
    36. 

  36. EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0yMTAzMjAyMDA4MDhaFw0yMTAzMjAyMDM4
    37. 

  37. MDhaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
    38. 

  38. ggEKAoIBAQC3o6/JdZEqNbqNRkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4Nzj
    39. 

  39. aG15owr92/11W0pxPUliRLti3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvW
    40. 

  40. Y8jh8A0LQALZiV/9QsrJdXZdS47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE
    41. 

  41. 1gEDqnKfRxXI8DEQKXr+CKPUwCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4e
    42. 

  42. ugHe52vXHdh/HJ9VjNp0xOH1waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJa
    43. 

  43. YOOonQSEswveSv6PcG9AHvpNPot2Xs6hAgMBAAGjbjBsMA4GA1UdDwEB/wQEAwIC
    44. 

  44. pDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    45. 

  45. BBR00805mrpoonp95RmC3B6oLl+cGTAVBgNVHREEDjAMggpnb29ibGUuY29tMA0G
    46. 

  46. CSqGSIb3DQEBCwUAA4IBAQAipc1b6JrEDayPjpz5GM5krcI8dCWVd8re0a9bGjjN
    47. 

  47. ioWGlu/eTr5El0ffwCNZ2WLmL9rewfHf/bMvYz3ioFZJ2OTxfazqYXNggQz6cMfa
    48. 

  48. lbedDCdt5XLVX2TyerGvFram+9Uyvk3l0uM7rZnwAmdirG4Tv94QRaD3q4xTj/c0
    49. 

  49. mv+AggtK0aRFb9o47z/BypLdk5mhbf3Mmr88C8XBzEnfdYyf4JpTlZrYLBmDCu5d
    50. 

  50. 9RLLsjXxhag8xqMtd1uLUM8XOTGzVWacw8iGY+CTtBKqyA+AE6/bDwZvEwVtsKtC
    51. 

  51. QJ85ioEpy00NioqcF0WyMZH80uMsPycfpnl5uF7RkW8u
    52. 

  52. -----END CERTIFICATE-----`
    53. 

  53. )
    54. 

  54. 

  55. func TestNewClient(t *testing.T) {
    56. 

  56. 	type fields struct {
    57. 

  57. 		Client       KClient
    58. 

  58. 		ReviewClient RClient
    59. 

  59. 		Namespace    string
    60. 

  60. 	}
    61. 

  61. 	type args struct {
    62. 

  62. 		store     esv1beta1.GenericStore
    63. 

  63. 		kube      kclient.Client
    64. 

  64. 		clientset kubernetes.Interface
    65. 

  65. 		namespace string
    66. 

  66. 	}
    67. 

  67. 	tests := []struct {
    68. 

  68. 		name    string
    69. 

  69. 		fields  fields
    70. 

  70. 		args    args
    71. 

  71. 		want    bool
    72. 

  72. 		wantErr bool
    73. 

  73. 	}{
    74. 

  74. 		{
    75. 

  75. 			name:   "invalid store",
    76. 

  76. 			fields: fields{},
    77. 

  77. 			args: args{
    78. 

  78. 				store: &esv1beta1.ClusterSecretStore{
    79. 

  79. 					TypeMeta: metav1.TypeMeta{
    80. 

  80. 						Kind: esv1beta1.ClusterSecretStoreKind,
    81. 

  81. 					},
    82. 

  82. 					Spec: esv1beta1.SecretStoreSpec{
    83. 

  83. 						Provider: &esv1beta1.SecretStoreProvider{},
    84. 

  84. 					},
    85. 

  85. 				},
    86. 

  86. 				kube: fclient.NewClientBuilder().Build(),
    87. 

  87. 			},
    88. 

  88. 			wantErr: true,
    89. 

  89. 		},
    90. 

  90. 		{
    91. 

  91. 			name:   "test referent auth return",
    92. 

  92. 			fields: fields{},
    93. 

  93. 			args: args{
    94. 

  94. 				store: &esv1beta1.ClusterSecretStore{
    95. 

  95. 					TypeMeta: metav1.TypeMeta{
    96. 

  96. 						Kind: esv1beta1.ClusterSecretStoreKind,
    97. 

  97. 					},
    98. 

  98. 					Spec: esv1beta1.SecretStoreSpec{
    99. 

  99. 						Provider: &esv1beta1.SecretStoreProvider{
    100. 

  100. 							Kubernetes: &esv1beta1.KubernetesProvider{
    101. 

  101. 								Server: esv1beta1.KubernetesServer{
    102. 

  102. 									CABundle: []byte(testCertificate),
    103. 

  103. 								},
    104. 

  104. 								Auth: esv1beta1.KubernetesAuth{
    105. 

  105. 									Token: &esv1beta1.TokenAuth{
    106. 

  106. 										BearerToken: v1.SecretKeySelector{
    107. 

  107. 											Name: "foo",
    108. 

  108. 											Key:  "token",
    109. 

  109. 										},
    110. 

  110. 									},
    111. 

  111. 								},
    112. 

  112. 							},
    113. 

  113. 						},
    114. 

  114. 					},
    115. 

  115. 				},
    116. 

  116. 				namespace: "",
    117. 

  117. 				kube:      fclient.NewClientBuilder().Build(),
    118. 

  118. 				clientset: clientgofake.NewSimpleClientset(),
    119. 

  119. 			},
    120. 

  120. 			want: true,
    121. 

  121. 		},
    122. 

  122. 		{
    123. 

  123. 			name:   "auth fail results in error",
    124. 

  124. 			fields: fields{},
    125. 

  125. 			args: args{
    126. 

  126. 				store: &esv1beta1.ClusterSecretStore{
    127. 

  127. 					TypeMeta: metav1.TypeMeta{
    128. 

  128. 						Kind: esv1beta1.ClusterSecretStoreKind,
    129. 

  129. 					},
    130. 

  130. 					Spec: esv1beta1.SecretStoreSpec{
    131. 

  131. 						Provider: &esv1beta1.SecretStoreProvider{
    132. 

  132. 							Kubernetes: &esv1beta1.KubernetesProvider{
    133. 

  133. 								Server: esv1beta1.KubernetesServer{
    134. 

  134. 									CABundle: []byte(testCertificate),
    135. 

  135. 								},
    136. 

  136. 								RemoteNamespace: "remote",
    137. 

  137. 								Auth: esv1beta1.KubernetesAuth{
    138. 

  138. 									Token: &esv1beta1.TokenAuth{
    139. 

  139. 										BearerToken: v1.SecretKeySelector{
    140. 

  140. 											Name:      "foo",
    141. 

  141. 											Namespace: pointer.To("default"),
    142. 

  142. 											Key:       "token",
    143. 

  143. 										},
    144. 

  144. 									},
    145. 

  145. 								},
    146. 

  146. 							},
    147. 

  147. 						},
    148. 

  148. 					},
    149. 

  149. 				},
    150. 

  150. 				namespace: "foobarothernamespace",
    151. 

  151. 				clientset: clientgofake.NewSimpleClientset(),
    152. 

  152. 				kube:      fclient.NewClientBuilder().Build(),
    153. 

  153. 			},
    154. 

  154. 			wantErr: true,
    155. 

  155. 		},
    156. 

  156. 		{
    157. 

  157. 			name:   "test auth",
    158. 

  158. 			fields: fields{},
    159. 

  159. 			args: args{
    160. 

  160. 				store: &esv1beta1.ClusterSecretStore{
    161. 

  161. 					TypeMeta: metav1.TypeMeta{
    162. 

  162. 						Kind: esv1beta1.ClusterSecretStoreKind,
    163. 

  163. 					},
    164. 

  164. 					Spec: esv1beta1.SecretStoreSpec{
    165. 

  165. 						Provider: &esv1beta1.SecretStoreProvider{
    166. 

  166. 							Kubernetes: &esv1beta1.KubernetesProvider{
    167. 

  167. 								Server: esv1beta1.KubernetesServer{
    168. 

  168. 									CABundle: []byte(testCertificate),
    169. 

  169. 								},
    170. 

  170. 								RemoteNamespace: "remote",
    171. 

  171. 								Auth: esv1beta1.KubernetesAuth{
    172. 

  172. 									Token: &esv1beta1.TokenAuth{
    173. 

  173. 										BearerToken: v1.SecretKeySelector{
    174. 

  174. 											Name:      "foo",
    175. 

  175. 											Namespace: pointer.To("default"),
    176. 

  176. 											Key:       "token",
    177. 

  177. 										},
    178. 

  178. 									},
    179. 

  179. 								},
    180. 

  180. 							},
    181. 

  181. 						},
    182. 

  182. 					},
    183. 

  183. 				},
    184. 

  184. 				namespace: "foobarothernamespace",
    185. 

  185. 				clientset: clientgofake.NewSimpleClientset(),
    186. 

  186. 				kube: fclient.NewClientBuilder().WithObjects(&corev1.Secret{
    187. 

  187. 					ObjectMeta: metav1.ObjectMeta{
    188. 

  188. 						Name:      "foo",
    189. 

  189. 						Namespace: "default",
    190. 

  190. 					},
    191. 

  191. 					Data: map[string][]byte{
    192. 

  192. 						"token": []byte("1234"),
    193. 

  193. 					},
    194. 

  194. 				}).Build(),
    195. 

  195. 			},
    196. 

  196. 			want: true,
    197. 

  197. 		},
    198. 

  198. 	}
    199. 

  199. 	for _, tt := range tests {
    200. 

  200. 		t.Run(tt.name, func(t *testing.T) {
    201. 

  201. 			got, err := (&Provider{}).newClient(context.Background(), tt.args.store, tt.args.kube, tt.args.clientset, tt.args.namespace)
    202. 

  202. 			if (err != nil) != tt.wantErr {
    203. 

  203. 				t.Errorf("ProviderKubernetes.NewClient() error = %v, wantErr %v", err, tt.wantErr)
    204. 

  204. 				return
    205. 

  205. 			}
    206. 

  206. 			if tt.want {
    207. 

  207. 				assert.NotNil(t, got)
    208. 

  208. 			} else {
    209. 

  209. 				assert.Nil(t, got)
    210. 

  210. 			}
    211. 

  211. 		})
    212. 

  212. 	}
    213. 

  213. }
    214.