...

Source file src/github.com/emissary-ingress/emissary/v3/cmd/entrypoint/secrets_test.go

Documentation: github.com/emissary-ingress/emissary/v3/cmd/entrypoint 

     1  package entrypoint
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/assert"
     7  	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
     8  
     9  	snapshotTypes "github.com/emissary-ingress/emissary/v3/pkg/snapshot/v1"
    10  )
    11  
    12  // Tests whether providing a Filter with a bogus spec
    13  // This is outside the table since we're providing a bogus spec and not the otherwise expected interface
    14  func TestFindFilterSecretBogus(t *testing.T) {
    15  	refs := map[snapshotTypes.SecretRef]bool{}
    16  	action := func(ref snapshotTypes.SecretRef) {
    17  		refs[ref] = true
    18  	}
    19  
    20  	testFilter := &unstructured.Unstructured{
    21  		Object: map[string]interface{}{
    22  
    23  			"apiVersion": "getambassador.io/v2",
    24  			"kind":       "Filter",
    25  			"metadata": map[string]interface{}{
    26  				"name":      "namespaced-secret-filter",
    27  				"namespace": "foo",
    28  			},
    29  			"spec": "bogus",
    30  		},
    31  	}
    32  	// We shouldnt process any secret refs from this bogus Filter
    33  	assert.NoError(t, findFilterSecret(testFilter, action))
    34  	assert.Equal(t, 0, len(refs))
    35  }
    36  
    37  func TestFindFilterSecrets(t *testing.T) {
    38  	t.Parallel()
    39  
    40  	type subtest struct {
    41  		inputSpec    map[string]interface{}
    42  		expectedRefs []snapshotTypes.SecretRef
    43  	}
    44  
    45  	// Iterate each test for all our API Versions
    46  	apiVersions := []string{"getambassador.io/v2", "getambassador.io/v3alpha1"}
    47  	subtests := map[string]subtest{
    48  		"namespaced": {
    49  			inputSpec: map[string]interface{}{
    50  				"OAuth2": map[string]interface{}{
    51  					"authorizationURL": "https://login.example.com/dummy-client/v2",
    52  					"clientID":         "dummy-id",
    53  					"clientURL":        "https://dummy-client-url.com",
    54  					"secretName":       "namespaced-secret",
    55  					"secretNamespace":  "bar",
    56  				},
    57  			},
    58  			expectedRefs: []snapshotTypes.SecretRef{
    59  				{Namespace: "bar", Name: "namespaced-secret"},
    60  			},
    61  		},
    62  		"noNamespace": {
    63  			inputSpec: map[string]interface{}{
    64  				"OAuth2": map[string]interface{}{
    65  					"authorizationURL": "https://login.example.com/dummy-client/v2",
    66  					"clientID":         "dummy-id",
    67  					"clientURL":        "https://dummy-client-url.com",
    68  					"secretName":       "namespaced-secret",
    69  				},
    70  				"APIKey": map[string]interface{}{
    71  					"http_header": "x-api-key",
    72  					"keys": []interface{}{
    73  						map[string]interface{}{
    74  							"value": "super-secret",
    75  						},
    76  						map[string]interface{}{
    77  							"secretName": "namespaced-secret-api",
    78  						},
    79  						map[string]interface{}{
    80  							"secretName":      "namespaced-secret-api-2",
    81  							"secretNamespace": "",
    82  						},
    83  					},
    84  				},
    85  			},
    86  			expectedRefs: []snapshotTypes.SecretRef{
    87  				{Namespace: "foo", Name: "namespaced-secret"},
    88  				{Namespace: "foo", Name: "namespaced-secret-api"},
    89  				{Namespace: "foo", Name: "namespaced-secret-api-2"},
    90  			},
    91  		},
    92  		"bogus": {
    93  			inputSpec: map[string]interface{}{
    94  				"OAuth2": true,
    95  				"APIKey": true,
    96  			},
    97  			expectedRefs: []snapshotTypes.SecretRef{},
    98  		},
    99  		"bogusSecretName": {
   100  			inputSpec: map[string]interface{}{
   101  				"OAuth2": map[string]interface{}{
   102  					"authorizationURL": "https://login.example.com/dummy-client/v2",
   103  					"clientID":         "dummy-id",
   104  					"clientURL":        "https://dummy-client-url.com",
   105  					"secretName":       true,
   106  				},
   107  				"APIKey": map[string]interface{}{
   108  					"http_header": "x-api-key",
   109  					"keys": []interface{}{
   110  						map[string]interface{}{
   111  							"value": "super-secret",
   112  						},
   113  						map[string]interface{}{
   114  							"secretName": true,
   115  						},
   116  					},
   117  				},
   118  			},
   119  			expectedRefs: []snapshotTypes.SecretRef{},
   120  		},
   121  		"bogusSecretNamespace": {
   122  			inputSpec: map[string]interface{}{
   123  				"OAuth2": map[string]interface{}{
   124  					"authorizationURL": "https://login.example.com/dummy-client/v2",
   125  					"clientID":         "dummy-id",
   126  					"clientURL":        "https://dummy-client-url.com",
   127  					"secretName":       "namespaced-secret",
   128  					"secretNamespace":  true,
   129  				},
   130  			},
   131  			expectedRefs: []snapshotTypes.SecretRef{},
   132  		},
   133  		"noSecret": {
   134  			inputSpec: map[string]interface{}{
   135  				"OAuth2": map[string]interface{}{
   136  					"authorizationURL": "https://login.example.com/dummy-client/v2",
   137  					"clientID":         "dummy-id",
   138  					"clientURL":        "https://dummy-client-url.com",
   139  				},
   140  				"APIKey": map[string]interface{}{
   141  					"http_header": "x-api-key",
   142  					"keys": []interface{}{
   143  						map[string]interface{}{
   144  							"value": "super-secret",
   145  						},
   146  						map[string]interface{}{},
   147  					},
   148  				},
   149  			},
   150  			expectedRefs: []snapshotTypes.SecretRef{},
   151  		},
   152  	}
   153  
   154  	for _, apiVersion := range apiVersions {
   155  		for name, subtest := range subtests {
   156  			subtest := subtest // capture loop variable
   157  			t.Run(name, func(t *testing.T) {
   158  				t.Parallel()
   159  				testFilter := &unstructured.Unstructured{
   160  					Object: map[string]interface{}{
   161  						"apiVersion": apiVersion,
   162  						"kind":       "Filter",
   163  						"metadata": map[string]interface{}{
   164  							"name":      "namespaced-secret-filter",
   165  							"namespace": "foo",
   166  						},
   167  						"spec": subtest.inputSpec,
   168  					},
   169  				}
   170  				refs := map[snapshotTypes.SecretRef]bool{}
   171  				action := func(ref snapshotTypes.SecretRef) {
   172  					refs[ref] = true
   173  				}
   174  				assert.NoError(t, findFilterSecret(testFilter, action))
   175  				// Check if we got the right number of secret references and that nothing weird happened
   176  				assert.Equal(t, len(subtest.expectedRefs), len(refs))
   177  				// Make sure any expected secret references exist
   178  				for _, ref := range subtest.expectedRefs {
   179  					assert.True(t, refs[ref])
   180  				}
   181  			})
   182  		}
   183  	}
   184  }
   185  

View as plain text