Главная Обзор Помощь
Вход
logic855
/
helm-external-secrets
зеркало из https://github.com/external-secrets/external-secrets
1
0
Ответвить 0
Файлы Задачи 0 Вики
Ветка: main
Ветки Метки
helm-external-s...
/
runtime
/
testing
/
fake
/
fake.go

fake.go 7.0 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237 
  1. /*
    2. 

  2. Copyright © The ESO Authors
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package fake
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"maps"
    22. 

  22. 	"sync"
    23. 

  23. 

  24. 	corev1 "k8s.io/api/core/v1"
    25. 

  25. 	"sigs.k8s.io/controller-runtime/pkg/client"
    26. 

  26. 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
    27. 

  27. 

  28. 	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    29. 

  29. 	"github.com/external-secrets/external-secrets/runtime/esutils"
    30. 

  30. )
    31. 

  31. 

  32. var _ esv1.Provider = &Client{}
    33. 

  33. 

  34. type SetSecretCallArgs struct {
    35. 

  35. 	Value     []byte
    36. 

  36. 	RemoteRef esv1.PushSecretRemoteRef
    37. 

  37. }
    38. 

  38. 

  39. // Client is a fake client for testing.
    40. 

  40. type Client struct {
    41. 

  41. 	mu              sync.RWMutex
    42. 

  42. 	pushSecretData  map[string]SetSecretCallArgs
    43. 

  43. 	NewFn           func(context.Context, esv1.GenericStore, client.Client, string) (esv1.SecretsClient, error)
    44. 

  44. 	GetSecretFn     func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error)
    45. 

  45. 	GetSecretMapFn  func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error)
    46. 

  46. 	GetAllSecretsFn func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error)
    47. 

  47. 	SecretExistsFn  func(context.Context, esv1.PushSecretRemoteRef) (bool, error)
    48. 

  48. 	SetSecretFn     func() error
    49. 

  49. 	DeleteSecretFn  func() error
    50. 

  50. }
    51. 

  51. 

  52. // New returns a fake provider/client with default no-op behavior.
    53. 

  53. func New() *Client {
    54. 

  54. 	v := &Client{}
    55. 

  55. 	v.Reset()
    56. 

  56. 	return v
    57. 

  57. }
    58. 

  58. 

  59. // RegisterAs registers the fake client in the schema.
    60. 

  60. func (v *Client) RegisterAs(provider *esv1.SecretStoreProvider) {
    61. 

  61. 	esv1.ForceRegister(v, provider, esv1.MaintenanceStatusMaintained)
    62. 

  62. }
    63. 

  63. 

  64. // GetAllSecrets implements the provider.Provider interface.
    65. 

  65. func (v *Client) GetAllSecrets(ctx context.Context, ref esv1.ExternalSecretFind) (map[string][]byte, error) {
    66. 

  66. 	v.mu.RLock()
    67. 

  67. 	fn := v.GetAllSecretsFn
    68. 

  68. 	v.mu.RUnlock()
    69. 

  69. 	return fn(ctx, ref)
    70. 

  70. }
    71. 

  71. 

  72. func (v *Client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1.PushSecretData) error {
    73. 

  73. 	v.mu.Lock()
    74. 

  74. 	value, _ := esutils.ExtractSecretData(data, secret)
    75. 

  75. 	v.pushSecretData[data.GetRemoteKey()] = SetSecretCallArgs{
    76. 

  76. 		Value:     value,
    77. 

  77. 		RemoteRef: data,
    78. 

  78. 	}
    79. 

  79. 	fn := v.SetSecretFn
    80. 

  80. 	v.mu.Unlock()
    81. 

  81. 	return fn()
    82. 

  82. }
    83. 

  83. 

  84. // GetPushSecretData safely retrieves the push secret data map for reading.
    85. 

  85. func (v *Client) GetPushSecretData() map[string]SetSecretCallArgs {
    86. 

  86. 	v.mu.RLock()
    87. 

  87. 	defer v.mu.RUnlock()
    88. 

  88. 	result := make(map[string]SetSecretCallArgs, len(v.pushSecretData))
    89. 

  89. 	maps.Copy(result, v.pushSecretData)
    90. 

  90. 	return result
    91. 

  91. }
    92. 

  92. 

  93. func (v *Client) DeleteSecret(_ context.Context, _ esv1.PushSecretRemoteRef) error {
    94. 

  94. 	v.mu.RLock()
    95. 

  95. 	fn := v.DeleteSecretFn
    96. 

  96. 	v.mu.RUnlock()
    97. 

  97. 	return fn()
    98. 

  98. }
    99. 

  99. 

  100. func (v *Client) SecretExists(ctx context.Context, ref esv1.PushSecretRemoteRef) (bool, error) {
    101. 

  101. 	v.mu.RLock()
    102. 

  102. 	fn := v.SecretExistsFn
    103. 

  103. 	v.mu.RUnlock()
    104. 

  104. 	return fn(ctx, ref)
    105. 

  105. }
    106. 

  106. 

  107. // GetSecret implements the provider.Provider interface.
    108. 

  108. func (v *Client) GetSecret(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    109. 

  109. 	v.mu.RLock()
    110. 

  110. 	fn := v.GetSecretFn
    111. 

  111. 	v.mu.RUnlock()
    112. 

  112. 	return fn(ctx, ref)
    113. 

  113. }
    114. 

  114. 

  115. // WithGetSecret wraps secret data returned by this provider.
    116. 

  116. func (v *Client) WithGetSecret(secData []byte, err error) *Client {
    117. 

  117. 	v.mu.Lock()
    118. 

  118. 	v.GetSecretFn = func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    119. 

  119. 		return secData, err
    120. 

  120. 	}
    121. 

  121. 	v.mu.Unlock()
    122. 

  122. 	return v
    123. 

  123. }
    124. 

  124. 

  125. // GetSecretMap implements the provider.Provider interface.
    126. 

  126. func (v *Client) GetSecretMap(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    127. 

  127. 	v.mu.RLock()
    128. 

  128. 	fn := v.GetSecretMapFn
    129. 

  129. 	v.mu.RUnlock()
    130. 

  130. 	return fn(ctx, ref)
    131. 

  131. }
    132. 

  132. 

  133. func (v *Client) Close(_ context.Context) error {
    134. 

  134. 	return nil
    135. 

  135. }
    136. 

  136. 

  137. func (v *Client) Validate() (esv1.ValidationResult, error) {
    138. 

  138. 	return esv1.ValidationResultReady, nil
    139. 

  139. }
    140. 

  140. 

  141. func (v *Client) ValidateStore(_ esv1.GenericStore) (admission.Warnings, error) {
    142. 

  142. 	return nil, nil
    143. 

  143. }
    144. 

  144. 

  145. // WithGetSecretMap wraps the secret data map returned by this fake provider.
    146. 

  146. func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client {
    147. 

  147. 	v.mu.Lock()
    148. 

  148. 	v.GetSecretMapFn = func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    149. 

  149. 		return secData, err
    150. 

  150. 	}
    151. 

  151. 	v.mu.Unlock()
    152. 

  152. 	return v
    153. 

  153. }
    154. 

  154. 

  155. // WithGetAllSecrets wraps the secret data map returned by this fake provider.
    156. 

  156. func (v *Client) WithGetAllSecrets(secData map[string][]byte, err error) *Client {
    157. 

  157. 	v.mu.Lock()
    158. 

  158. 	v.GetAllSecretsFn = func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error) {
    159. 

  159. 		return secData, err
    160. 

  160. 	}
    161. 

  161. 	v.mu.Unlock()
    162. 

  162. 	return v
    163. 

  163. }
    164. 

  164. 

  165. // WithSetSecretFn installs a custom SetSecret function under the client lock.
    166. 

  166. func (v *Client) WithSetSecretFn(fn func() error) *Client {
    167. 

  167. 	v.mu.Lock()
    168. 

  168. 	v.SetSecretFn = fn
    169. 

  169. 	v.mu.Unlock()
    170. 

  170. 	return v
    171. 

  171. }
    172. 

  172. 

  173. // WithDeleteSecretFn installs a custom DeleteSecret function under the client lock.
    174. 

  174. func (v *Client) WithDeleteSecretFn(fn func() error) *Client {
    175. 

  175. 	v.mu.Lock()
    176. 

  176. 	v.DeleteSecretFn = fn
    177. 

  177. 	v.mu.Unlock()
    178. 

  178. 	return v
    179. 

  179. }
    180. 

  180. 

  181. // WithSecretExistsFn installs a custom SecretExists function under the client lock.
    182. 

  182. func (v *Client) WithSecretExistsFn(fn func(context.Context, esv1.PushSecretRemoteRef) (bool, error)) *Client {
    183. 

  183. 	v.mu.Lock()
    184. 

  184. 	v.SecretExistsFn = fn
    185. 

  185. 	v.mu.Unlock()
    186. 

  186. 	return v
    187. 

  187. }
    188. 

  188. 

  189. // WithNew wraps the fake provider factory function.
    190. 

  190. func (v *Client) WithNew(f func(context.Context, esv1.GenericStore, client.Client,
    191. 

  191. 	string) (esv1.SecretsClient, error)) *Client {
    192. 

  192. 	v.mu.Lock()
    193. 

  193. 	v.NewFn = f
    194. 

  194. 	v.mu.Unlock()
    195. 

  195. 	return v
    196. 

  196. }
    197. 

  197. 

  198. // Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite).
    199. 

  199. func (v *Client) Capabilities() esv1.SecretStoreCapabilities {
    200. 

  200. 	return esv1.SecretStoreReadOnly
    201. 

  201. }
    202. 

  202. 

  203. // NewClient returns a new fake provider.
    204. 

  204. func (v *Client) NewClient(ctx context.Context, store esv1.GenericStore, kube client.Client, namespace string) (esv1.SecretsClient, error) {
    205. 

  205. 	v.mu.RLock()
    206. 

  206. 	fn := v.NewFn
    207. 

  207. 	v.mu.RUnlock()
    208. 

  208. 	return fn(ctx, store, kube, namespace)
    209. 

  209. }
    210. 

  210. 

  211. // Reset restores all functions to their default no-op behavior and clears recorded push data.
    212. 

  212. func (v *Client) Reset() {
    213. 

  213. 	v.mu.Lock()
    214. 

  214. 	defer v.mu.Unlock()
    215. 

  215. 	v.NewFn = func(context.Context, esv1.GenericStore, client.Client, string) (esv1.SecretsClient, error) {
    216. 

  216. 		return v, nil
    217. 

  217. 	}
    218. 

  218. 	v.GetSecretFn = func(context.Context, esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
    219. 

  219. 		return nil, nil
    220. 

  220. 	}
    221. 

  221. 	v.GetSecretMapFn = func(context.Context, esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    222. 

  222. 		return nil, nil
    223. 

  223. 	}
    224. 

  224. 	v.GetAllSecretsFn = func(context.Context, esv1.ExternalSecretFind) (map[string][]byte, error) {
    225. 

  225. 		return nil, nil
    226. 

  226. 	}
    227. 

  227. 	v.SecretExistsFn = func(context.Context, esv1.PushSecretRemoteRef) (bool, error) {
    228. 

  228. 		return false, nil
    229. 

  229. 	}
    230. 

  230. 	v.SetSecretFn = func() error {
    231. 

  231. 		return nil
    232. 

  232. 	}
    233. 

  233. 	v.DeleteSecretFn = func() error {
    234. 

  234. 		return nil
    235. 

  235. 	}
    236. 

  236. 	v.pushSecretData = map[string]SetSecretCallArgs{}
    237. 

  237. }
    238.