package edgeinjector import ( "context" "testing" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "edge-infra.dev/pkg/edge/datasync/couchdb" "edge-infra.dev/pkg/lib/fog" ) func TestInjectSecretDirect(t *testing.T) { ctx := context.Background() log := fog.New() ctx = fog.IntoContext(ctx, log) containers := []corev1.Container{ { Name: "nginx", Image: "nginx:10", }, { Name: "busybox", Image: "busybox:2.1", }, { Name: "podinfo", Image: "podinfo:10.4", }, } pod := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "injector.edge.ncr.com/couchdb-user": couchdb.ReadOnlyUser, "injector.edge.ncr.com/add-node-information": "true", "injector.edge.ncr.com/type": "direct", "injector.edge.ncr.com/node-secret": "node-secret-1", "injector.edge.ncr.com/couchdb-secret": "couch-secret-1", }, Annotations: map[string]string{ "injector.edge.ncr.com/containers": "nginx,podinfo", // labels can't contains comma }, }, Spec: corev1.PodSpec{ InitContainers: containers, Containers: containers, }, } // CouchDB User Secret Injection InjectSecret(ctx, pod, CouchDBSecret, map[string]string{ string(Username): couchdb.SecretUsername, string(Password): couchdb.SecretPassword, string(URI): couchdb.SecretURI, }) secretName := SecretLabelValue(pod, CouchDBSecret) optional := false expected := []corev1.EnvVar{ { Name: string(Username), ValueFrom: &corev1.EnvVarSource{ SecretKeyRef: &corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ Name: secretName, }, Key: couchdb.SecretUsername, Optional: &optional, }, }, }, { Name: string(Password), ValueFrom: &corev1.EnvVarSource{ SecretKeyRef: &corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ Name: secretName, }, Key: couchdb.SecretPassword, Optional: &optional, }, }, }, { Name: string(URI), ValueFrom: &corev1.EnvVarSource{ SecretKeyRef: &corev1.SecretKeySelector{ LocalObjectReference: corev1.LocalObjectReference{ Name: secretName, }, Key: couchdb.SecretURI, Optional: &optional, }, }, }, } container0 := pod.Spec.Containers[0].Env initContainer0 := pod.Spec.InitContainers[0].Env assertEnvVars(t, container0, expected) assertEnvVars(t, initContainer0, expected) assert.Len(t, pod.Spec.Containers[1].Env, 0) assert.Len(t, pod.Spec.InitContainers[1].Env, 0) container2 := pod.Spec.Containers[2].Env initContainer2 := pod.Spec.InitContainers[2].Env assertEnvVars(t, container2, expected) assertEnvVars(t, initContainer2, expected) // Node Secret Injection InjectSecret(ctx, pod, NodeSecret) secretName = SecretLabelValue(pod, NodeSecret) container0 = pod.Spec.Containers[0].Env initContainer0 = pod.Spec.InitContainers[0].Env assertEnvVars(t, container0, expected) assertEnvVars(t, initContainer0, expected) assert.Len(t, pod.Spec.Containers[1].Env, 0) assert.Len(t, pod.Spec.InitContainers[1].Env, 0) container2 = pod.Spec.Containers[2].Env initContainer2 = pod.Spec.InitContainers[2].Env assertEnvVars(t, container2, expected) assertEnvVars(t, initContainer2, expected) // Node Secrets uses env from assertEnvFrom(t, pod.Spec.Containers[0].EnvFrom, []corev1.EnvFromSource{{ SecretRef: &corev1.SecretEnvSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: secretName, }, }, }}) assertEnvFrom(t, pod.Spec.InitContainers[0].EnvFrom, []corev1.EnvFromSource{{ SecretRef: &corev1.SecretEnvSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: secretName, }, }, }}) assert.Len(t, pod.Spec.Containers[1].EnvFrom, 0) assert.Len(t, pod.Spec.InitContainers[1].EnvFrom, 0) assertEnvFrom(t, pod.Spec.Containers[2].EnvFrom, []corev1.EnvFromSource{{ SecretRef: &corev1.SecretEnvSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: secretName, }, }, }}) assertEnvFrom(t, pod.Spec.InitContainers[2].EnvFrom, []corev1.EnvFromSource{{ SecretRef: &corev1.SecretEnvSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: secretName, }, }, }}) } func assertEnvVars(t *testing.T, actual, expected []corev1.EnvVar) { outer: for _, expectedEnv := range expected { for _, actualEnv := range actual { if expectedEnv.Name == actualEnv.Name { assert.Equal(t, expectedEnv, actualEnv) continue outer } } t.Errorf("expected env variable not found: %s", expectedEnv.Name) } } func assertEnvFrom(t *testing.T, actual, expected []corev1.EnvFromSource) { outer: for _, expectedEnv := range expected { for _, actualEnv := range actual { if expectedEnv.SecretRef.Name == actualEnv.SecretRef.Name { assert.Equal(t, expectedEnv, actualEnv) continue outer } } t.Errorf("expected env from not found: %v", expectedEnv.SecretRef) } }