Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: v2.3.0
Branches Tags
helm-externa...
/
providers
/
v1
/
ovh
/
client_push_secret_test.go

client_push_secret_test.go 4.7 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 
  1. /*
    2. 

  2. Copyright © The ESO Authors
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package ovh
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"errors"
    22. 

  22. 	"fmt"
    23. 

  23. 	"testing"
    24. 

  24. 

  25. 	v1 "k8s.io/api/core/v1"
    26. 

  26. 

  27. 	"github.com/external-secrets/external-secrets/providers/v1/ovh/fake"
    28. 

  28. 	testingfake "github.com/external-secrets/external-secrets/runtime/testing/fake"
    29. 

  29. )
    30. 

  30. 

  31. func TestPushSecret(t *testing.T) {
    32. 

  32. 	const (
    33. 

  33. 		mySecretRemoteKey          = "mysecret"
    34. 

  34. 		nonExistentSecretRemoteKey = "non-existent-secret"
    35. 

  35. 		emptySecretRemoteKey       = "empty-secret"
    36. 

  36. 		nilSecretRemoteKey         = "nil-secret"
    37. 

  37. 	)
    38. 

  38. 	secretData := &v1.Secret{
    39. 

  39. 		Data: map[string][]byte{
    40. 

  40. 			"key1": []byte("value1"),
    41. 

  41. 			"key2": []byte("value2"),
    42. 

  42. 		},
    43. 

  43. 	}
    44. 

  44. 	emptyRemoteKey := ""
    45. 

  45. 

  46. 	testCases := map[string]struct {
    47. 

  47. 		errshould  string
    48. 

  48. 		secret     *v1.Secret
    49. 

  49. 		data       testingfake.PushSecretData
    50. 

  50. 		okmsClient fake.FakeOkmsClient
    51. 

  51. 	}{
    52. 

  52. 		"Nil Secret": {
    53. 

  53. 			errshould: fmt.Sprintf("failed to push secret at path %q: provided secret is nil", nilSecretRemoteKey),
    54. 

  54. 			secret:    nil,
    55. 

  55. 			data: testingfake.PushSecretData{
    56. 

  56. 				RemoteKey: nilSecretRemoteKey,
    57. 

  57. 			},
    58. 

  58. 		},
    59. 

  59. 		"Empty Secret Data": {
    60. 

  60. 			errshould: fmt.Sprintf("failed to push secret at path %q: provided secret is empty", emptySecretRemoteKey),
    61. 

  61. 			secret: &v1.Secret{
    62. 

  62. 				Data: nil,
    63. 

  63. 			},
    64. 

  64. 			data: testingfake.PushSecretData{
    65. 

  65. 				RemoteKey: emptySecretRemoteKey,
    66. 

  66. 			},
    67. 

  67. 		},
    68. 

  68. 		"Empty Remote Key": {
    69. 

  69. 			errshould: fmt.Sprintf("failed to push secret at path %q: remote key cannot be empty (spec.data.remoteRef.key)", emptyRemoteKey),
    70. 

  70. 			secret:    secretData,
    71. 

  71. 			data: testingfake.PushSecretData{
    72. 

  72. 				RemoteKey: emptyRemoteKey,
    73. 

  73. 			},
    74. 

  74. 		},
    75. 

  75. 		"Non-Existent Remote Key": {
    76. 

  76. 			errshould: "",
    77. 

  77. 			secret:    secretData,
    78. 

  78. 			data: testingfake.PushSecretData{
    79. 

  79. 				RemoteKey: nonExistentSecretRemoteKey,
    80. 

  80. 			},
    81. 

  81. 		},
    82. 

  82. 		"Existing Remote Key": {
    83. 

  83. 			errshould: "",
    84. 

  84. 			secret:    secretData,
    85. 

  85. 			data: testingfake.PushSecretData{
    86. 

  86. 				RemoteKey: mySecretRemoteKey,
    87. 

  87. 			},
    88. 

  88. 		},
    89. 

  89. 		"Secret Key": {
    90. 

  90. 			errshould: "",
    91. 

  91. 			secret:    secretData,
    92. 

  92. 			data: testingfake.PushSecretData{
    93. 

  93. 				RemoteKey: mySecretRemoteKey,
    94. 

  94. 				SecretKey: "key1",
    95. 

  95. 			},
    96. 

  96. 		},
    97. 

  97. 		"Property": {
    98. 

  98. 			errshould: "",
    99. 

  99. 			secret:    secretData,
    100. 

  100. 			data: testingfake.PushSecretData{
    101. 

  101. 				RemoteKey: mySecretRemoteKey,
    102. 

  102. 				Property:  "property",
    103. 

  103. 			},
    104. 

  104. 		},
    105. 

  105. 		"Custom PostSecretV2 Error": {
    106. 

  106. 			errshould: fmt.Sprintf("failed to push secret at path %q: could not create remote secret: custom error", mySecretRemoteKey),
    107. 

  107. 			secret:    secretData,
    108. 

  108. 			data: testingfake.PushSecretData{
    109. 

  109. 				RemoteKey: mySecretRemoteKey,
    110. 

  110. 			},
    111. 

  111. 			okmsClient: fake.FakeOkmsClient{
    112. 

  112. 				// A non-existent secret is referenced to trigger Post instead of Put
    113. 

  113. 				GetSecretV2Fn:  fake.NewGetSecretV2Fn(nonExistentSecretRemoteKey, nil),
    114. 

  114. 				PostSecretV2Fn: fake.NewPostSecretV2Fn(errors.New("custom error")),
    115. 

  115. 			},
    116. 

  116. 		},
    117. 

  117. 		"Custom PutSecretV2 Error": {
    118. 

  118. 			errshould: fmt.Sprintf("failed to push secret at path %q: could not update remote secret: custom error", mySecretRemoteKey),
    119. 

  119. 			secret:    secretData,
    120. 

  120. 			data: testingfake.PushSecretData{
    121. 

  121. 				RemoteKey: mySecretRemoteKey,
    122. 

  122. 			},
    123. 

  123. 			okmsClient: fake.FakeOkmsClient{
    124. 

  124. 				// An existing secret is referenced to trigger Put instead of Post
    125. 

  125. 				GetSecretV2Fn: fake.NewGetSecretV2Fn("nested-secret", nil),
    126. 

  126. 				PutSecretV2Fn: fake.NewPutSecretV2Fn(errors.New("custom error")),
    127. 

  127. 			},
    128. 

  128. 		},
    129. 

  129. 		"Custom GetSecretV2 Error": {
    130. 

  130. 			errshould: fmt.Sprintf("failed to push secret at path %q: failed to parse the following okms error: custom error", mySecretRemoteKey),
    131. 

  131. 			secret:    secretData,
    132. 

  132. 			data: testingfake.PushSecretData{
    133. 

  133. 				RemoteKey: mySecretRemoteKey,
    134. 

  134. 			},
    135. 

  135. 			okmsClient: fake.FakeOkmsClient{
    136. 

  136. 				GetSecretV2Fn: fake.NewGetSecretV2Fn("", errors.New("custom error")),
    137. 

  137. 			},
    138. 

  138. 		},
    139. 

  139. 	}
    140. 

  140. 

  141. 	ctx := context.Background()
    142. 

  142. 	for name, testCase := range testCases {
    143. 

  143. 		t.Run(name, func(t *testing.T) {
    144. 

  144. 			cl := ovhClient{
    145. 

  145. 				okmsClient: testCase.okmsClient,
    146. 

  146. 			}
    147. 

  147. 			err := cl.PushSecret(ctx, testCase.secret, testCase.data)
    148. 

  148. 			if testCase.errshould != "" {
    149. 

  149. 				if err == nil {
    150. 

  150. 					t.Errorf("\nexpected error: %s\nactual error:   <nil>\n\n", testCase.errshould)
    151. 

  151. 				} else if err.Error() != testCase.errshould {
    152. 

  152. 					t.Errorf("\nexpected error: %s\nactual error:   %v\n\n", testCase.errshould, err)
    153. 

  153. 				}
    154. 

  154. 			} else if err != nil {
    155. 

  155. 				t.Errorf("\nunexpected error: %v\n\n", err)
    156. 

  156. 			}
    157. 

  157. 		})
    158. 

  158. 	}
    159. 

  159. }
    160.