Home Esplora Aiuto
Accedi
logic855
/
helm-external-secrets
mirror da https://github.com/external-secrets/external-secrets
1
0
Forka 0
File Problemi 0 Wiki
Ramo (Branch): mj-v2-poc-2
Rami (Branch) Tag
helm-external-s...
/
pkg
/
controllers
/
secretstore
/
common_unit_test.go

common_unit_test.go 4.4 KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 
  1. /*
    2. 

  2. Copyright © The ESO Authors
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package secretstore
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"testing"
    22. 

  22. 

  23. 	corev1 "k8s.io/api/core/v1"
    24. 

  24. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    25. 

  25. 

  26. 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    27. 

  27. )
    28. 

  28. 

  29. type fakeCapabilityClient struct {
    30. 

  30. 	caps esapi.SecretStoreCapabilities
    31. 

  31. }
    32. 

  32. 

  33. func (f *fakeCapabilityClient) GetSecret(context.Context, esapi.ExternalSecretDataRemoteRef) ([]byte, error) {
    34. 

  34. 	return nil, nil
    35. 

  35. }
    36. 

  36. 

  37. func (f *fakeCapabilityClient) PushSecret(context.Context, *corev1.Secret, esapi.PushSecretData) error {
    38. 

  38. 	return nil
    39. 

  39. }
    40. 

  40. 

  41. func (f *fakeCapabilityClient) DeleteSecret(context.Context, esapi.PushSecretRemoteRef) error {
    42. 

  42. 	return nil
    43. 

  43. }
    44. 

  44. 

  45. func (f *fakeCapabilityClient) SecretExists(context.Context, esapi.PushSecretRemoteRef) (bool, error) {
    46. 

  46. 	return false, nil
    47. 

  47. }
    48. 

  48. 

  49. func (f *fakeCapabilityClient) Validate() (esapi.ValidationResult, error) {
    50. 

  50. 	return esapi.ValidationResultReady, nil
    51. 

  51. }
    52. 

  52. 

  53. func (f *fakeCapabilityClient) GetSecretMap(context.Context, esapi.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
    54. 

  54. 	return nil, nil
    55. 

  55. }
    56. 

  56. 

  57. func (f *fakeCapabilityClient) GetAllSecrets(context.Context, esapi.ExternalSecretFind) (map[string][]byte, error) {
    58. 

  58. 	return nil, nil
    59. 

  59. }
    60. 

  60. 

  61. func (f *fakeCapabilityClient) Close(context.Context) error {
    62. 

  62. 	return nil
    63. 

  63. }
    64. 

  64. 

  65. func (f *fakeCapabilityClient) Capabilities(context.Context) (esapi.SecretStoreCapabilities, error) {
    66. 

  66. 	return f.caps, nil
    67. 

  67. }
    68. 

  68. 

  69. func TestResolveStoreCapabilitiesUsesRemoteClientWhenProviderRefIsSet(t *testing.T) {
    70. 

  70. 	store := &esapi.SecretStore{
    71. 

  71. 		Spec: esapi.SecretStoreSpec{
    72. 

  72. 			RuntimeRef: &esapi.StoreRuntimeRef{Name: "fake-runtime"},
    73. 

  73. 			ProviderRef: &esapi.StoreProviderRef{
    74. 

  74. 				APIVersion: "provider.external-secrets.io/v2alpha1",
    75. 

  75. 				Kind:       "Fake",
    76. 

  76. 				Name:       "fake-config",
    77. 

  77. 			},
    78. 

  78. 		},
    79. 

  79. 	}
    80. 

  80. 

  81. 	client := &fakeCapabilityClient{caps: esapi.SecretStoreReadWrite}
    82. 

  82. 	caps, err := resolveStoreCapabilities(context.Background(), store, client)
    83. 

  83. 	if err != nil {
    84. 

  84. 		t.Fatalf("resolveStoreCapabilities() error = %v", err)
    85. 

  85. 	}
    86. 

  86. 	if caps != esapi.SecretStoreReadWrite {
    87. 

  87. 		t.Fatalf("expected %v, got %v", esapi.SecretStoreReadWrite, caps)
    88. 

  88. 	}
    89. 

  89. }
    90. 

  90. 

  91. func TestShouldDeferClusterStoreValidation(t *testing.T) {
    92. 

  92. 	t.Run("defer caller dependent cluster store", func(t *testing.T) {
    93. 

  93. 		store := &esapi.ClusterSecretStore{
    94. 

  94. 			TypeMeta: metav1.TypeMeta{Kind: esapi.ClusterSecretStoreKind},
    95. 

  95. 			Spec: esapi.SecretStoreSpec{
    96. 

  96. 				RuntimeRef: &esapi.StoreRuntimeRef{Name: "fake-runtime"},
    97. 

  97. 				ProviderRef: &esapi.StoreProviderRef{
    98. 

  98. 					APIVersion: "provider.external-secrets.io/v2alpha1",
    99. 

  99. 					Kind:       "Fake",
    100. 

  100. 					Name:       "fake-config",
    101. 

  101. 				},
    102. 

  102. 			},
    103. 

  103. 		}
    104. 

  104. 

  105. 		if !shouldDeferClusterStoreValidation(store, "") {
    106. 

  106. 			t.Fatalf("expected cluster store validation to defer without caller namespace")
    107. 

  107. 		}
    108. 

  108. 	})
    109. 

  109. 

  110. 	t.Run("do not defer namespaced provider ref", func(t *testing.T) {
    111. 

  111. 		store := &esapi.ClusterSecretStore{
    112. 

  112. 			TypeMeta: metav1.TypeMeta{Kind: esapi.ClusterSecretStoreKind},
    113. 

  113. 			Spec: esapi.SecretStoreSpec{
    114. 

  114. 				RuntimeRef: &esapi.StoreRuntimeRef{Name: "fake-runtime"},
    115. 

  115. 				ProviderRef: &esapi.StoreProviderRef{
    116. 

  116. 					APIVersion: "provider.external-secrets.io/v2alpha1",
    117. 

  117. 					Kind:       "Fake",
    118. 

  118. 					Name:       "fake-config",
    119. 

  119. 					Namespace:  "provider-ns",
    120. 

  120. 				},
    121. 

  121. 			},
    122. 

  122. 		}
    123. 

  123. 

  124. 		if shouldDeferClusterStoreValidation(store, "") {
    125. 

  125. 			t.Fatalf("did not expect namespaced provider ref to defer validation")
    126. 

  126. 		}
    127. 

  127. 	})
    128. 

  128. 

  129. 	t.Run("do not defer when caller namespace is available", func(t *testing.T) {
    130. 

  130. 		store := &esapi.ClusterSecretStore{
    131. 

  131. 			TypeMeta: metav1.TypeMeta{Kind: esapi.ClusterSecretStoreKind},
    132. 

  132. 			Spec: esapi.SecretStoreSpec{
    133. 

  133. 				RuntimeRef: &esapi.StoreRuntimeRef{Name: "fake-runtime"},
    134. 

  134. 				ProviderRef: &esapi.StoreProviderRef{
    135. 

  135. 					APIVersion: "provider.external-secrets.io/v2alpha1",
    136. 

  136. 					Kind:       "Fake",
    137. 

  137. 					Name:       "fake-config",
    138. 

  138. 				},
    139. 

  139. 			},
    140. 

  140. 		}
    141. 

  141. 

  142. 		if shouldDeferClusterStoreValidation(store, "workload-ns") {
    143. 

  143. 			t.Fatalf("did not expect validation to defer when caller namespace is known")
    144. 

  144. 		}
    145. 

  145. 	})
    146. 

  146. }
    147.