mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

Fix: ESO template crash when Kubernetes secret data is nil (#3537)

Browse source 
* fix: check if secret.Data is nil before assigning a value

Signed-off-by: MathiasBleimhofer <mathias.bleimhofer@deutschebahn.com>
This commit is contained in:
Mathias Bleimhofer 2024-06-03 22:27:05 +02:00 committed by GitHub
parent 69449ef8e0
commit 30e18870e2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 88 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pkg/template/v2/template.go
View file

@ -72,10 +72,19 @@ func init() {
func applyToTarget(k, val string, target esapi.TemplateTarget, secret *corev1.Secret) { func applyToTarget(k, val string, target esapi.TemplateTarget, secret *corev1.Secret) {
switch target { switch target {
case esapi.TemplateTargetAnnotations: case esapi.TemplateTargetAnnotations:
if secret.Annotations == nil {
secret.Annotations = make(map[string]string)
}
secret.Annotations[k] = val secret.Annotations[k] = val
case esapi.TemplateTargetLabels: case esapi.TemplateTargetLabels:
if secret.Labels == nil {
secret.Labels = make(map[string]string)
}
secret.Labels[k] = val secret.Labels[k] = val
case esapi.TemplateTargetData: case esapi.TemplateTargetData:
if secret.Data == nil {
secret.Data = make(map[string][]byte)
}
secret.Data[k] = []byte(val) secret.Data[k] = []byte(val)
default: default:
} }

79
pkg/template/v2/template_test.go
View file

@ -523,6 +523,85 @@ func TestExecute(t *testing.T) {
} }
} }
func TestScopeValuesWithSecretFieldsNil(t *testing.T) {
tbl := []struct {
name string
tpl map[string][]byte
target esapi.TemplateTarget
data map[string][]byte
expectedData map[string][]byte
expectedStringData map[string]string
expErr string
}{
{
name: "test empty",
tpl: map[string][]byte{},
target: esapi.TemplateTargetData,
data: nil,
},
{
name: "test byte",
tpl: map[string][]byte{"foo": []byte("bar")},
target: esapi.TemplateTargetData,
data: map[string][]byte{
"key": []byte("foo"),
"value": []byte("bar"),
},
expectedData: map[string][]byte{
"foo": []byte("bar"),
},
},
{
name: "test Annotations",
tpl: map[string][]byte{"foo": []byte("bar")},
target: esapi.TemplateTargetAnnotations,
data: map[string][]byte{
"key": []byte("foo"),
"value": []byte("bar"),
},
expectedStringData: map[string]string{
"foo": "bar",
},
},
{
name: "test Labels",
tpl: map[string][]byte{"foo": []byte("bar")},
target: esapi.TemplateTargetLabels,
data: map[string][]byte{
"key": []byte("foo"),
"value": []byte("bar"),
},
expectedStringData: map[string]string{
"foo": "bar",
},
},
}
for i := range tbl {
row := tbl[i]
t.Run(row.name, func(t *testing.T) {
sec := &corev1.Secret{}
err := Execute(row.tpl, row.data, esapi.TemplateScopeValues, row.target, sec)
if !ErrorContains(err, row.expErr) {
t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
}
switch row.target {
case esapi.TemplateTargetData:
if row.expectedData != nil {
assert.EqualValues(t, row.expectedData, sec.Data)
}
case esapi.TemplateTargetLabels:
if row.expectedStringData != nil {
assert.EqualValues(t, row.expectedStringData, sec.Labels)
}
case esapi.TemplateTargetAnnotations:
if row.expectedStringData != nil {
assert.EqualValues(t, row.expectedStringData, sec.Annotations)
}
}
})
}
}
func TestExecuteInvalidTemplateScope(t *testing.T) { func TestExecuteInvalidTemplateScope(t *testing.T) {
sec := &corev1.Secret{} sec := &corev1.Secret{}
err := Execute(map[string][]byte{"foo": []byte("bar")}, nil, "invalid", esapi.TemplateTargetData, sec) err := Execute(map[string][]byte{"foo": []byte("bar")}, nil, "invalid", esapi.TemplateTargetData, sec)