...

Source file src/github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s/secrets_test.go

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s 

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package k8s_test
    16  
    17  import (
    18  	"reflect"
    19  	"testing"
    20  
    21  	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s"
    22  
    23  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    24  )
    25  
    26  func TestGetSecretVersionsFromAnnotations(t *testing.T) {
    27  	tests := []struct {
    28  		name                   string
    29  		resource               *k8s.Resource
    30  		expectedSecretVersions map[string]string
    31  	}{
    32  		{
    33  			name: "secret versions exist in the annotation",
    34  			resource: &k8s.Resource{
    35  				ObjectMeta: metav1.ObjectMeta{
    36  					Annotations: map[string]string{
    37  						"cnrm.cloud.google.com/observed-secret-versions": "{\"secret-1\":\"2\"}",
    38  					},
    39  				},
    40  			},
    41  			expectedSecretVersions: map[string]string{
    42  				"secret-1": "2",
    43  			},
    44  		},
    45  		{
    46  			name: "no secret versions in the annotation",
    47  			resource: &k8s.Resource{
    48  				ObjectMeta: metav1.ObjectMeta{
    49  					Annotations: map[string]string{},
    50  				},
    51  			},
    52  			expectedSecretVersions: nil,
    53  		},
    54  	}
    55  
    56  	for _, tc := range tests {
    57  		tc := tc
    58  		t.Run(tc.name, func(t *testing.T) {
    59  			t.Parallel()
    60  			secretVersions, err := k8s.GetSecretVersionsFromAnnotations(tc.resource)
    61  			if err != nil {
    62  				t.Fatalf("error getting observed secret versions from annotation: %v", err)
    63  			}
    64  			if got, want := secretVersions, tc.expectedSecretVersions; !reflect.DeepEqual(got, want) {
    65  				t.Fatalf("got: %v, want: %v", got, want)
    66  			}
    67  		})
    68  	}
    69  }
    70  
    71  func TestUpdateObservedSecretVersionsAnnotation(t *testing.T) {
    72  	tests := []struct {
    73  		name                  string
    74  		resource              *k8s.Resource
    75  		updatedSecretVersions map[string]string
    76  		hasSensitiveFields    bool
    77  	}{
    78  		{
    79  			name: "update secret versions exist in the annotation successfully",
    80  			resource: &k8s.Resource{
    81  				ObjectMeta: metav1.ObjectMeta{
    82  					Annotations: map[string]string{
    83  						"cnrm.cloud.google.com/observed-secret-versions": "{\"secret-1\":\"2\"}",
    84  					},
    85  				},
    86  			},
    87  			updatedSecretVersions: map[string]string{
    88  				"secret-1": "5",
    89  			},
    90  			hasSensitiveFields: true,
    91  		},
    92  		{
    93  			name: "secret versions removed when hasSensitiveField is false",
    94  			resource: &k8s.Resource{
    95  				ObjectMeta: metav1.ObjectMeta{
    96  					Annotations: map[string]string{
    97  						"cnrm.cloud.google.com/observed-secret-versions": "{\"secret-1\":\"2\"}",
    98  					},
    99  				},
   100  			},
   101  			updatedSecretVersions: map[string]string{
   102  				"secret-1": "5",
   103  			},
   104  			hasSensitiveFields: false,
   105  		},
   106  	}
   107  
   108  	for _, tc := range tests {
   109  		tc := tc
   110  		t.Run(tc.name, func(t *testing.T) {
   111  			t.Parallel()
   112  			err := k8s.UpdateOrRemoveObservedSecretVersionsAnnotation(tc.resource, tc.updatedSecretVersions, tc.hasSensitiveFields)
   113  			if err != nil {
   114  				t.Fatalf("error updating observed secret versions from annotation: %v", err)
   115  			}
   116  
   117  			retrievedSecretVersions, err := k8s.GetSecretVersionsFromAnnotations(tc.resource)
   118  			if err != nil {
   119  				t.Fatalf("error getting observed secret versions from annotation for verification: %v", err)
   120  			}
   121  			if !tc.hasSensitiveFields {
   122  				if retrievedSecretVersions != nil {
   123  					t.Fatalf("secret versions in the annotation should be nil, but got %v", retrievedSecretVersions)
   124  				}
   125  				return
   126  			}
   127  			if got, want := retrievedSecretVersions, tc.updatedSecretVersions; !reflect.DeepEqual(got, want) {
   128  				t.Fatalf("got: %v, want: %v", got, want)
   129  			}
   130  		})
   131  	}
   132  }
   133  

View as plain text