1 package externalsecrets
2
3 import (
4 "testing"
5 "time"
6
7 goext "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
8 "github.com/google/go-cmp/cmp"
9 assertapi "github.com/stretchr/testify/assert"
10 corev1 "k8s.io/api/core/v1"
11 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
12 "sigs.k8s.io/kustomize/kyaml/kio/kioutil"
13
14 "edge-infra.dev/pkg/edge/constants"
15 )
16
17
18 func TestSecretErrors(t *testing.T) {
19 assert := assertapi.New(t)
20 _, err := DefaultExternalSecret().BuildClusterExternalSecret()
21 assert.ErrorAs(err, &ErrNoName)
22
23 _, err = DefaultExternalSecret().Name("test").BuildClusterExternalSecret()
24 assert.ErrorAs(err, &ErrNoNamespace)
25
26 _, err = DefaultExternalSecret().Name("test").Namespace("test-ns").BuildClusterExternalSecret()
27 assert.ErrorAs(err, &ErrNameSpaceConflict)
28
29 _, err = DefaultExternalSecret().Name("test").Namespace("test-ns").BuildClusterExternalSecret()
30 assert.ErrorAs(err, &ErrNoPath)
31
32 _, err = DefaultExternalSecret().Name("test").Namespace("test-ns").Path("test-path").BuildClusterExternalSecret()
33 assert.ErrorAs(err, &ErrNoProjectID)
34
35 es, err := DefaultExternalSecret().Name("test").Namespace("test-ns").Path("test-path").ProjectID("test-projectID").BuildClusterExternalSecret()
36 assert.NoError(err)
37 assert.NotNil(es)
38 }
39
40 func TestCreateDockerConfig(t *testing.T) {
41 assert := assertapi.New(t)
42 es, err := DefaultExternalSecret().
43 Name("test").
44 Namespace("test-ns").
45 Path("test-path").
46 ProjectID("test-projectID").
47 DockerConfig("docker-secret", "config").
48 BuildClusterExternalSecret()
49 assert.NoError(err)
50 expected := &goext.ClusterExternalSecret{
51 TypeMeta: metav1.TypeMeta{
52 APIVersion: goext.ExtSecretGroupVersionKind.GroupVersion().String(),
53 Kind: goext.ClusterExtSecretGroupVersionKind.Kind,
54 },
55 ObjectMeta: metav1.ObjectMeta{
56 Name: "test",
57 Namespace: "test-ns",
58 Labels: map[string]string{
59 constants.Tenant: "test-projectID",
60 },
61 Annotations: map[string]string{
62 kioutil.PathAnnotation: "test-path",
63 },
64 },
65 Spec: goext.ClusterExternalSecretSpec{
66 ExternalSecretName: "test",
67 ExternalSecretSpec: goext.ExternalSecretSpec{
68 SecretStoreRef: goext.SecretStoreRef{
69 Name: "gcp-provider",
70 Kind: "ClusterSecretStore",
71 },
72 Target: goext.ExternalSecretTarget{
73 Name: "test",
74 CreationPolicy: goext.CreatePolicyOwner,
75 Template: &goext.ExternalSecretTemplate{
76 Type: corev1.SecretTypeDockerConfigJson,
77 Data: map[string]string{".dockerconfigjson": "{{ .config }}"},
78 EngineVersion: goext.TemplateEngineV2,
79 },
80 },
81 RefreshInterval: &metav1.Duration{
82 Duration: time.Minute,
83 },
84 Data: []goext.ExternalSecretData{{SecretKey: "config", RemoteRef: goext.ExternalSecretDataRemoteRef{
85 Key: "docker-secret",
86 Property: "config",
87 }}},
88 },
89 NamespaceSelectors: []*metav1.LabelSelector{
90 {
91 MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "workload.edge.ncr.com", Operator: "In", Values: []string{"tenant"}}},
92 },
93 },
94 },
95 }
96 if diff := cmp.Diff(expected, es); diff != "" {
97 t.Error(diff)
98 }
99 }
100
101 func TestCreateSecretFieldsConfig(t *testing.T) {
102 assert := assertapi.New(t)
103 es, err := DefaultExternalSecret().
104 Name("test").
105 Namespace("test-ns").
106 Path("test-path").
107 MapSecretFieldToK8sSecretKey("test-sm-secret", "test-sm-field", "test-key").
108 ProjectID("test-projectID").
109 BuildClusterExternalSecret()
110 assert.NoError(err)
111 expected := &goext.ClusterExternalSecret{
112 TypeMeta: metav1.TypeMeta{
113 APIVersion: goext.ExtSecretGroupVersionKind.GroupVersion().String(),
114 Kind: goext.ClusterExtSecretGroupVersionKind.Kind,
115 },
116 ObjectMeta: metav1.ObjectMeta{
117 Name: "test",
118 Namespace: "test-ns",
119 Labels: map[string]string{
120 constants.Tenant: "test-projectID",
121 },
122 Annotations: map[string]string{
123 kioutil.PathAnnotation: "test-path",
124 },
125 },
126 Spec: goext.ClusterExternalSecretSpec{
127 ExternalSecretName: "test",
128 ExternalSecretSpec: goext.ExternalSecretSpec{
129 SecretStoreRef: goext.SecretStoreRef{
130 Name: "gcp-provider",
131 Kind: "ClusterSecretStore",
132 },
133 Target: goext.ExternalSecretTarget{
134 Name: "test",
135 CreationPolicy: goext.CreatePolicyOwner,
136 },
137 RefreshInterval: &metav1.Duration{
138 Duration: time.Minute,
139 },
140 Data: []goext.ExternalSecretData{{SecretKey: "test-key", RemoteRef: goext.ExternalSecretDataRemoteRef{
141 Key: "test-sm-secret",
142 Property: "test-sm-field",
143 }}},
144 },
145 NamespaceSelectors: []*metav1.LabelSelector{
146 {
147 MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "workload.edge.ncr.com", Operator: "In", Values: []string{"tenant"}}},
148 },
149 },
150 },
151 }
152 if diff := cmp.Diff(expected, es); diff != "" {
153 t.Error(diff)
154 }
155 }
156
157 func TestCreateClusterSecretConfig(t *testing.T) {
158 assert := assertapi.New(t)
159 es, err := DefaultExternalSecret().
160 Name("test").
161 Namespace("test-ns").
162 Path("test-path").
163 MapSecretToK8sSecretKey("test-sm-secret", "test-key").
164 ProjectID("test-projectID").
165 BuildClusterExternalSecret()
166 assert.NoError(err)
167 expected := &goext.ClusterExternalSecret{
168 TypeMeta: metav1.TypeMeta{
169 APIVersion: goext.ExtSecretGroupVersionKind.GroupVersion().String(),
170 Kind: goext.ClusterExtSecretGroupVersionKind.Kind,
171 },
172 ObjectMeta: metav1.ObjectMeta{
173 Name: "test",
174 Namespace: "test-ns",
175 Labels: map[string]string{
176 constants.Tenant: "test-projectID",
177 },
178 Annotations: map[string]string{
179 kioutil.PathAnnotation: "test-path",
180 },
181 },
182 Spec: goext.ClusterExternalSecretSpec{
183 ExternalSecretName: "test",
184 ExternalSecretSpec: goext.ExternalSecretSpec{
185 SecretStoreRef: goext.SecretStoreRef{
186 Name: "gcp-provider",
187 Kind: "ClusterSecretStore",
188 },
189 Target: goext.ExternalSecretTarget{
190 Name: "test",
191 CreationPolicy: goext.CreatePolicyOwner,
192 },
193 RefreshInterval: &metav1.Duration{
194 Duration: time.Minute,
195 },
196 Data: []goext.ExternalSecretData{{SecretKey: "test-key", RemoteRef: goext.ExternalSecretDataRemoteRef{
197 Key: "test-sm-secret",
198 }}},
199 },
200 NamespaceSelectors: []*metav1.LabelSelector{
201 {
202 MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "workload.edge.ncr.com", Operator: "In", Values: []string{"tenant"}}},
203 },
204 },
205 },
206 }
207 if diff := cmp.Diff(expected, es); diff != "" {
208 t.Error(diff)
209 }
210 }
211
212 func TestCreateClusterDockerConfig(t *testing.T) {
213 assert := assertapi.New(t)
214 es, err := DefaultExternalSecret().
215 Name("test").
216 Namespace("test-ns").
217 Path("test-path").
218 ProjectID("test-projectID").
219 DockerConfig("docker-secret", "config").
220 Build()
221 assert.NoError(err)
222 expected := &goext.ExternalSecret{
223 TypeMeta: metav1.TypeMeta{
224 APIVersion: goext.ExtSecretGroupVersionKind.GroupVersion().String(),
225 Kind: goext.ExtSecretGroupVersionKind.Kind,
226 },
227 ObjectMeta: metav1.ObjectMeta{
228 Name: "test",
229 Namespace: "test-ns",
230 Labels: map[string]string{
231 constants.Tenant: "test-projectID",
232 },
233 Annotations: map[string]string{
234 kioutil.PathAnnotation: "test-path",
235 },
236 },
237 Spec: goext.ExternalSecretSpec{
238 SecretStoreRef: goext.SecretStoreRef{
239 Name: "gcp-provider",
240 Kind: "ClusterSecretStore",
241 },
242 Target: goext.ExternalSecretTarget{
243 Name: "test",
244 CreationPolicy: goext.CreatePolicyOwner,
245 Template: &goext.ExternalSecretTemplate{
246 Type: corev1.SecretTypeDockerConfigJson,
247 Data: map[string]string{".dockerconfigjson": "{{ .config }}"},
248 EngineVersion: goext.TemplateEngineV2,
249 },
250 },
251 RefreshInterval: &metav1.Duration{
252 Duration: time.Minute,
253 },
254 Data: []goext.ExternalSecretData{{SecretKey: "config", RemoteRef: goext.ExternalSecretDataRemoteRef{
255 Key: "docker-secret",
256 Property: "config",
257 }}},
258 },
259 }
260 if diff := cmp.Diff(expected, es); diff != "" {
261 t.Error(diff)
262 }
263 }
264
265 func TestCreateClusterSecretFieldsConfig(t *testing.T) {
266 assert := assertapi.New(t)
267 es, err := DefaultExternalSecret().
268 Name("test").
269 Namespace("test-ns").
270 Path("test-path").
271 MapSecretFieldToK8sSecretKey("test-sm-secret", "test-sm-field", "test-key").
272 ProjectID("test-projectID").
273 Build()
274 assert.NoError(err)
275 expected := &goext.ExternalSecret{
276 TypeMeta: metav1.TypeMeta{
277 APIVersion: goext.ExtSecretGroupVersionKind.GroupVersion().String(),
278 Kind: goext.ExtSecretGroupVersionKind.Kind,
279 },
280 ObjectMeta: metav1.ObjectMeta{
281 Name: "test",
282 Namespace: "test-ns",
283 Labels: map[string]string{
284 constants.Tenant: "test-projectID",
285 },
286 Annotations: map[string]string{
287 kioutil.PathAnnotation: "test-path",
288 },
289 },
290 Spec: goext.ExternalSecretSpec{
291 SecretStoreRef: goext.SecretStoreRef{
292 Name: "gcp-provider",
293 Kind: "ClusterSecretStore",
294 },
295 Target: goext.ExternalSecretTarget{
296 Name: "test",
297 CreationPolicy: goext.CreatePolicyOwner,
298 },
299 RefreshInterval: &metav1.Duration{
300 Duration: time.Minute,
301 },
302 Data: []goext.ExternalSecretData{{SecretKey: "test-key", RemoteRef: goext.ExternalSecretDataRemoteRef{
303 Key: "test-sm-secret",
304 Property: "test-sm-field",
305 }}},
306 },
307 }
308 if diff := cmp.Diff(expected, es); diff != "" {
309 t.Error(diff)
310 }
311 }
312
313 func TestCreateSecretConfig(t *testing.T) {
314 assert := assertapi.New(t)
315 es, err := DefaultExternalSecret().
316 Name("test").
317 Namespace("test-ns").
318 Path("test-path").
319 MapSecretToK8sSecretKey("test-sm-secret", "test-key").
320 ProjectID("test-projectID").
321 Build()
322 assert.NoError(err)
323 expected := &goext.ExternalSecret{
324 TypeMeta: metav1.TypeMeta{
325 APIVersion: goext.ExtSecretGroupVersionKind.GroupVersion().String(),
326 Kind: goext.ExtSecretGroupVersionKind.Kind,
327 },
328 ObjectMeta: metav1.ObjectMeta{
329 Name: "test",
330 Namespace: "test-ns",
331 Labels: map[string]string{
332 constants.Tenant: "test-projectID",
333 },
334 Annotations: map[string]string{
335 kioutil.PathAnnotation: "test-path",
336 },
337 },
338 Spec: goext.ExternalSecretSpec{
339 SecretStoreRef: goext.SecretStoreRef{
340 Name: "gcp-provider",
341 Kind: "ClusterSecretStore",
342 },
343 Target: goext.ExternalSecretTarget{
344 Name: "test",
345 CreationPolicy: goext.CreatePolicyOwner,
346 },
347 RefreshInterval: &metav1.Duration{
348 Duration: time.Minute,
349 },
350 Data: []goext.ExternalSecretData{{SecretKey: "test-key", RemoteRef: goext.ExternalSecretDataRemoteRef{
351 Key: "test-sm-secret",
352 }}},
353 },
354 }
355 if diff := cmp.Diff(expected, es); diff != "" {
356 t.Error(diff)
357 }
358 }
359
360 func TestCreateLabelledExternalSecret(t *testing.T) {
361 assert := assertapi.New(t)
362 es, err := DefaultExternalSecret().
363 Name("test").
364 Namespace("test-ns").
365 Path("test-path").
366 ProjectID("test-projectID").
367 DockerConfig("docker-secret", "config").
368 Labels(map[string]string{"test": "label"}).
369 Build()
370 assert.NoError(err)
371 expected := &goext.ExternalSecret{
372 TypeMeta: metav1.TypeMeta{
373 APIVersion: goext.ExtSecretGroupVersionKind.GroupVersion().String(),
374 Kind: goext.ExtSecretGroupVersionKind.Kind,
375 },
376 ObjectMeta: metav1.ObjectMeta{
377 Name: "test",
378 Namespace: "test-ns",
379 Labels: map[string]string{
380 constants.Tenant: "test-projectID",
381 "test": "label",
382 },
383 Annotations: map[string]string{
384 kioutil.PathAnnotation: "test-path",
385 },
386 },
387 Spec: goext.ExternalSecretSpec{
388 SecretStoreRef: goext.SecretStoreRef{
389 Name: "gcp-provider",
390 Kind: "ClusterSecretStore",
391 },
392 Target: goext.ExternalSecretTarget{
393 Name: "test",
394 CreationPolicy: goext.CreatePolicyOwner,
395 Template: &goext.ExternalSecretTemplate{
396 Type: corev1.SecretTypeDockerConfigJson,
397 Data: map[string]string{".dockerconfigjson": "{{ .config }}"},
398 EngineVersion: goext.TemplateEngineV2,
399 },
400 },
401 RefreshInterval: &metav1.Duration{
402 Duration: time.Minute,
403 },
404 Data: []goext.ExternalSecretData{{SecretKey: "config", RemoteRef: goext.ExternalSecretDataRemoteRef{
405 Key: "docker-secret",
406 Property: "config",
407 }}},
408 },
409 }
410 if diff := cmp.Diff(expected, es); diff != "" {
411 t.Error(diff)
412 }
413 }
414
View as plain text