Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: helm-chart
Branches Tags
helm-externa...
/
generators
/
v1
/
acr
/
acr_test.go

acr_test.go 6.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220 
  1. /*
    2. 

  2. Copyright © 2025 ESO Maintainer Team
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package acr
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"fmt"
    22. 

  22. 	"reflect"
    23. 

  23. 	"testing"
    24. 

  24. 

  25. 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
    26. 

  26. 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
    27. 

  27. 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
    28. 

  28. 	"github.com/stretchr/testify/assert"
    29. 

  29. 	v1 "k8s.io/api/core/v1"
    30. 

  30. 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    31. 

  31. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    32. 

  32. 	"k8s.io/client-go/kubernetes"
    33. 

  33. 	"sigs.k8s.io/controller-runtime/pkg/client"
    34. 

  34. 	clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
    35. 

  35. )
    36. 

  36. 

  37. func TestGenerate(t *testing.T) {
    38. 

  38. 	const (
    39. 

  39. 		testUsername = "11111111-2222-3333-4444-111111111111"
    40. 

  40. 		testURL      = "example.azurecr.io"
    41. 

  41. 	)
    42. 

  42. 	type args struct {
    43. 

  43. 		ctx                 context.Context
    44. 

  44. 		jsonSpec            *apiextensions.JSON
    45. 

  45. 		crClient            client.Client
    46. 

  46. 		kubeClient          kubernetes.Interface
    47. 

  47. 		namespace           string
    48. 

  48. 		accessTokenFetcher  accessTokenFetcher
    49. 

  49. 		refreshTokenFetcher refreshTokenFetcher
    50. 

  50. 		clientSecretCreds   clientSecretCredentialFunc
    51. 

  51. 	}
    52. 

  52. 	tests := []struct {
    53. 

  53. 		name    string
    54. 

  54. 		g       *Generator
    55. 

  55. 		args    args
    56. 

  56. 		want    map[string][]byte
    57. 

  57. 		wantErr bool
    58. 

  58. 	}{
    59. 

  59. 		{
    60. 

  60. 			name: "no spec",
    61. 

  61. 			args: args{
    62. 

  62. 				jsonSpec: nil,
    63. 

  63. 			},
    64. 

  64. 			wantErr: true,
    65. 

  65. 		},
    66. 

  66. 		{
    67. 

  67. 			name: "empty spec",
    68. 

  68. 			args: args{
    69. 

  69. 				jsonSpec: &apiextensions.JSON{},
    70. 

  70. 			},
    71. 

  71. 			wantErr: true,
    72. 

  72. 		},
    73. 

  73. 		{
    74. 

  74. 			name: "return acr access token if scope is defined",
    75. 

  75. 			args: args{
    76. 

  76. 				jsonSpec: &apiextensions.JSON{
    77. 

  77. 					Raw: []byte(fmt.Sprintf(`apiVersion: generators.external-secrets.io/v1alpha1
    78. 

  78. kind: ACRAccessToken
    79. 

  79. spec:
    80. 

  80.   tenantId: %s
    81. 

  81.   registry: %s
    82. 

  82.   scope: "repository:foo:pull,push"
    83. 

  83.   environmentType: "PublicCloud"
    84. 

  84.   auth:
    85. 

  85.     servicePrincipal:
    86. 

  86.       secretRef:
    87. 

  87.         clientSecret:
    88. 

  88.           name: az-secret
    89. 

  89.           key: clientsecret
    90. 

  90.         clientId:
    91. 

  91.           name: az-secret
    92. 

  92.           key: clientid`, testUsername, testURL)),
    93. 

  93. 				},
    94. 

  94. 				crClient: clientfake.NewClientBuilder().WithObjects(&v1.Secret{
    95. 

  95. 					ObjectMeta: metav1.ObjectMeta{
    96. 

  96. 						Name:      "az-secret",
    97. 

  97. 						Namespace: "foobar",
    98. 

  98. 					},
    99. 

  99. 					Data: map[string][]byte{
    100. 

  100. 						"clientsecret": []byte("foo"),
    101. 

  101. 						"clientid":     []byte("bar"),
    102. 

  102. 					},
    103. 

  103. 				}).Build(),
    104. 

  104. 				namespace: "foobar",
    105. 

  105. 				ctx:       context.Background(),
    106. 

  106. 				accessTokenFetcher: func(acrRefreshToken, tenantID, registryURL, scope string) (string, error) {
    107. 

  107. 					assert.Equal(t, "acrrefreshtoken", acrRefreshToken)
    108. 

  108. 					assert.Equal(t, tenantID, testUsername)
    109. 

  109. 					assert.Equal(t, registryURL, testURL)
    110. 

  110. 					assert.Equal(t, scope, "repository:foo:pull,push")
    111. 

  111. 					return "acraccesstoken", nil
    112. 

  112. 				},
    113. 

  113. 				refreshTokenFetcher: func(aadAccessToken, tenantID, registryURL string) (string, error) {
    114. 

  114. 					assert.Equal(t, "1234", aadAccessToken)
    115. 

  115. 					assert.Equal(t, tenantID, testUsername)
    116. 

  116. 					assert.Equal(t, registryURL, testURL)
    117. 

  117. 					return "acrrefreshtoken", nil
    118. 

  118. 				},
    119. 

  119. 				clientSecretCreds: func(tenantID, clientID, clientSecret string, options *azidentity.ClientSecretCredentialOptions) (TokenGetter, error) {
    120. 

  120. 					return &FakeTokenGetter{
    121. 

  121. 						token: azcore.AccessToken{
    122. 

  122. 							Token: "1234",
    123. 

  123. 						},
    124. 

  124. 					}, nil
    125. 

  125. 				},
    126. 

  126. 			},
    127. 

  127. 			want: map[string][]byte{
    128. 

  128. 				"username": []byte(defaultLoginUsername),
    129. 

  129. 				"password": []byte("acraccesstoken"),
    130. 

  130. 			},
    131. 

  131. 		},
    132. 

  132. 		{
    133. 

  133. 			name: "return acr refresh token if scope is not defined",
    134. 

  134. 			args: args{
    135. 

  135. 				jsonSpec: &apiextensions.JSON{
    136. 

  136. 					Raw: []byte(fmt.Sprintf(`apiVersion: generators.external-secrets.io/v1alpha1
    137. 

  137. kind: ACRAccessToken
    138. 

  138. spec:
    139. 

  139.   tenantId: %s
    140. 

  140.   registry: %s
    141. 

  141.   environmentType: "PublicCloud"
    142. 

  142.   auth:
    143. 

  143.     servicePrincipal:
    144. 

  144.       secretRef:
    145. 

  145.         clientSecret:
    146. 

  146.           name: az-secret
    147. 

  147.           key: clientsecret
    148. 

  148.         clientId:
    149. 

  149.           name: az-secret
    150. 

  150.           key: clientid`, testUsername, testURL)),
    151. 

  151. 				},
    152. 

  152. 				crClient: clientfake.NewClientBuilder().WithObjects(&v1.Secret{
    153. 

  153. 					ObjectMeta: metav1.ObjectMeta{
    154. 

  154. 						Name:      "az-secret",
    155. 

  155. 						Namespace: "foobar",
    156. 

  156. 					},
    157. 

  157. 					Data: map[string][]byte{
    158. 

  158. 						"clientsecret": []byte("foo"),
    159. 

  159. 						"clientid":     []byte("bar"),
    160. 

  160. 					},
    161. 

  161. 				}).Build(),
    162. 

  162. 				namespace: "foobar",
    163. 

  163. 				ctx:       context.Background(),
    164. 

  164. 				accessTokenFetcher: func(acrRefreshToken, tenantID, registryURL, scope string) (string, error) {
    165. 

  165. 					t.Fail()
    166. 

  166. 					return "", nil
    167. 

  167. 				},
    168. 

  168. 				refreshTokenFetcher: func(aadAccessToken, tenantID, registryURL string) (string, error) {
    169. 

  169. 					assert.Equal(t, "1234", aadAccessToken)
    170. 

  170. 					assert.Equal(t, tenantID, testUsername)
    171. 

  171. 					assert.Equal(t, registryURL, testURL)
    172. 

  172. 					return "acrrefreshtoken", nil
    173. 

  173. 				},
    174. 

  174. 				clientSecretCreds: func(tenantID, clientID, clientSecret string, options *azidentity.ClientSecretCredentialOptions) (TokenGetter, error) {
    175. 

  175. 					return &FakeTokenGetter{
    176. 

  176. 						token: azcore.AccessToken{
    177. 

  177. 							Token: "1234",
    178. 

  178. 						},
    179. 

  179. 					}, nil
    180. 

  180. 				},
    181. 

  181. 			},
    182. 

  182. 			want: map[string][]byte{
    183. 

  183. 				"username": []byte(defaultLoginUsername),
    184. 

  184. 				"password": []byte("acrrefreshtoken"),
    185. 

  185. 			},
    186. 

  186. 		},
    187. 

  187. 	}
    188. 

  188. 	for _, tt := range tests {
    189. 

  189. 		t.Run(tt.name, func(t *testing.T) {
    190. 

  190. 			g := &Generator{
    191. 

  191. 				clientSecretCreds: tt.args.clientSecretCreds,
    192. 

  192. 			}
    193. 

  193. 			got, _, err := g.generate(
    194. 

  194. 				tt.args.ctx,
    195. 

  195. 				tt.args.jsonSpec,
    196. 

  196. 				tt.args.crClient,
    197. 

  197. 				tt.args.namespace,
    198. 

  198. 				tt.args.kubeClient,
    199. 

  199. 				tt.args.accessTokenFetcher,
    200. 

  200. 				tt.args.refreshTokenFetcher,
    201. 

  201. 			)
    202. 

  202. 			if (err != nil) != tt.wantErr {
    203. 

  203. 				t.Errorf("Generator.Generate() error = %v, wantErr %v", err, tt.wantErr)
    204. 

  204. 				return
    205. 

  205. 			}
    206. 

  206. 			if !reflect.DeepEqual(got, tt.want) {
    207. 

  207. 				t.Errorf("Generator.Generate() = %v, want %v", got, tt.want)
    208. 

  208. 			}
    209. 

  209. 		})
    210. 

  210. 	}
    211. 

  211. }
    212. 

  212. 

  213. type FakeTokenGetter struct {
    214. 

  214. 	token azcore.AccessToken
    215. 

  215. 	err   error
    216. 

  216. }
    217. 

  217. 

  218. func (f *FakeTokenGetter) GetToken(_ context.Context, _ policy.TokenRequestOptions) (azcore.AccessToken, error) {
    219. 

  219. 	return f.token, f.err
    220. 

  220. }
    221.