mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
Add Support for fips regions. (#2805)
Signed-off-by: Tom Elliot <thomas.elliot@acquia.com>
This commit is contained in:
Tom Elliot
GitHub
parent
7fbae000d6
commit
0612404f64
2 changed files with 77 additions and 12 deletions
|
|
@ -97,9 +97,18 @@ func validateRegion(prov *esv1beta1.AWSProvider) error {
|
|||
partitions := resolver.(endpoints.EnumPartitions).Partitions()
|
||||
found := false
|
||||
for _, p := range partitions {
|
||||
for id := range p.Regions() {
|
||||
if id == prov.Region {
|
||||
found = true
|
||||
var serviceskey string
|
||||
if prov.Service == esv1beta1.AWSServiceSecretsManager {
|
||||
serviceskey = "secretsmanager"
|
||||
} else if prov.Service == esv1beta1.AWSServiceParameterStore {
|
||||
serviceskey = "ssm"
|
||||
}
|
||||
service, ok := p.Services()[serviceskey]
|
||||
if ok {
|
||||
for region := range service.Endpoints() {
|
||||
if region == prov.Region {
|
||||
found = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -151,7 +151,11 @@ func TestProvider(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
const validRegion = "eu-central-1"
|
||||
const (
|
||||
validRegion = "eu-central-1"
|
||||
validFipsSecretManagerRegion = "us-east-1-fips"
|
||||
validFipsSsmRegion = "fips-us-east-1"
|
||||
)
|
||||
|
||||
func TestValidateStore(t *testing.T) {
|
||||
type args struct {
|
||||
|
|
@ -178,13 +182,59 @@ func TestValidateStore(t *testing.T) {
|
|||
},
|
||||
},
|
||||
{
|
||||
name: "valid region",
|
||||
name: "valid region secrets manager",
|
||||
args: args{
|
||||
store: &esv1beta1.SecretStore{
|
||||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validRegion,
|
||||
Region: validRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "valid region secrets manager",
|
||||
args: args{
|
||||
store: &esv1beta1.SecretStore{
|
||||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "valid fips region secrets manager",
|
||||
args: args{
|
||||
store: &esv1beta1.SecretStore{
|
||||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validFipsSecretManagerRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "valid fips region parameter store",
|
||||
args: args{
|
||||
store: &esv1beta1.SecretStore{
|
||||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validFipsSsmRegion,
|
||||
Service: esv1beta1.AWSServiceParameterStore,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -199,7 +249,8 @@ func TestValidateStore(t *testing.T) {
|
|||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validRegion,
|
||||
Region: validRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
Auth: esv1beta1.AWSAuth{
|
||||
SecretRef: &esv1beta1.AWSAuthSecretRef{
|
||||
AccessKeyID: esmeta.SecretKeySelector{
|
||||
|
|
@ -222,7 +273,8 @@ func TestValidateStore(t *testing.T) {
|
|||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validRegion,
|
||||
Region: validRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
Auth: esv1beta1.AWSAuth{
|
||||
SecretRef: &esv1beta1.AWSAuthSecretRef{
|
||||
SecretAccessKey: esmeta.SecretKeySelector{
|
||||
|
|
@ -248,7 +300,8 @@ func TestValidateStore(t *testing.T) {
|
|||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validRegion,
|
||||
Region: validRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
Auth: esv1beta1.AWSAuth{
|
||||
SecretRef: &esv1beta1.AWSAuthSecretRef{
|
||||
SecretAccessKey: esmeta.SecretKeySelector{
|
||||
|
|
@ -273,7 +326,8 @@ func TestValidateStore(t *testing.T) {
|
|||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validRegion,
|
||||
Region: validRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
Auth: esv1beta1.AWSAuth{
|
||||
SecretRef: &esv1beta1.AWSAuthSecretRef{
|
||||
AccessKeyID: esmeta.SecretKeySelector{
|
||||
|
|
@ -298,7 +352,8 @@ func TestValidateStore(t *testing.T) {
|
|||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validRegion,
|
||||
Region: validRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
Auth: esv1beta1.AWSAuth{
|
||||
JWTAuth: &esv1beta1.AWSJWTAuth{
|
||||
ServiceAccountRef: &esmeta.ServiceAccountSelector{
|
||||
|
|
@ -320,7 +375,8 @@ func TestValidateStore(t *testing.T) {
|
|||
Spec: esv1beta1.SecretStoreSpec{
|
||||
Provider: &esv1beta1.SecretStoreProvider{
|
||||
AWS: &esv1beta1.AWSProvider{
|
||||
Region: validRegion,
|
||||
Region: validRegion,
|
||||
Service: esv1beta1.AWSServiceSecretsManager,
|
||||
Auth: esv1beta1.AWSAuth{
|
||||
JWTAuth: &esv1beta1.AWSJWTAuth{
|
||||
ServiceAccountRef: &esmeta.ServiceAccountSelector{
|
||||
|
|
|
|||
Loading…
Reference in a new issue