Validator (#3003)

* feat: add validator for duplicates keys Signed-off-by: Mehrbod Akhlaghpour <m9.akhlaghpoor@gmail.com> * feat: retain mode on duplicate keys Signed-off-by: Mehrbod Akhlaghpour <m9.akhlaghpoor@gmail.com> * feat: add new test Signed-off-by: Mehrbod Akhlaghpour <m9.akhlaghpoor@gmail.com> * chore: rebase the test Signed-off-by: Mehrbod Akhlaghpour <m9.akhlaghpoor@gmail.com> * fix: test cases for duplicate keys Signed-off-by: Mehrbod Akhlaghpour <m9.akhlaghpoor@gmail.com> --------- Signed-off-by: Mehrbod Akhlaghpour <m9.akhlaghpoor@gmail.com>
2024-12-14 11:57:59 +00:00 · 2024-01-14 20:38:59 +03:30 · 2024-01-14 20:38:59 +03:30 · 1bd07fd90e
commit 1bd07fd90e
parent 1f665cea5d
2 changed files with 48 additions and 0 deletions
--- a/apis/externalsecrets/v1beta1/externalsecret_validator.go
+++ b/apis/externalsecrets/v1beta1/externalsecret_validator.go
@ -63,5 +63,20 @@ func validateExternalSecret(obj runtime.Object) (admission.Warnings, error) {
 		}
 	}

+	errs = validateDuplicateKeys(es, errs)
 	return nil, errs
 }
+
+func validateDuplicateKeys(es *ExternalSecret, errs error) error {
+	if es.Spec.Target.DeletionPolicy == DeletionPolicyRetain {
+		seenKeys := make(map[string]struct{})
+		for _, data := range es.Spec.Data {
+			secretKey := data.SecretKey
+			if _, exists := seenKeys[secretKey]; exists {
+				errs = errors.Join(errs, fmt.Errorf("duplicate secretKey found: %s", secretKey))
+			}
+			seenKeys[secretKey] = struct{}{}
+		}
+	}
+	return errs
+}
--- a/apis/externalsecrets/v1beta1/externalsecret_validator_test.go
+++ b/apis/externalsecrets/v1beta1/externalsecret_validator_test.go
@ -122,6 +122,39 @@ either data or dataFrom should be specified`,
 				},
 			},
 		},
+		{
+			name: "duplicate secretKeys",
+			obj: &ExternalSecret{
+				Spec: ExternalSecretSpec{
+					Target: ExternalSecretTarget{
+						DeletionPolicy: DeletionPolicyRetain,
+					},
+					Data: []ExternalSecretData{
+						{SecretKey: "SERVICE_NAME"},
+						{SecretKey: "SERVICE_NAME"},
+						{SecretKey: "SERVICE_NAME-2"},
+						{SecretKey: "SERVICE_NAME-2"},
+						{SecretKey: "NOT_DUPLICATE"},
+					},
+				},
+			},
+			expectedErr: "duplicate secretKey found: SERVICE_NAME\nduplicate secretKey found: SERVICE_NAME-2",
+		},
+		{
+			name: "duplicate secretKey",
+			obj: &ExternalSecret{
+				Spec: ExternalSecretSpec{
+					Target: ExternalSecretTarget{
+						DeletionPolicy: DeletionPolicyRetain,
+					},
+					Data: []ExternalSecretData{
+						{SecretKey: "SERVICE_NAME"},
+						{SecretKey: "SERVICE_NAME"},
+					},
+				},
+			},
+			expectedErr: "duplicate secretKey found: SERVICE_NAME",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {