mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

Removed duplicated code

Browse source
This commit is contained in:
Sebastian Gomez 2022-01-24 16:45:18 -05:00
parent 0cc03caae4
commit 4ca7aeb3d7
1 changed files with 36 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

186
pkg/provider/yandex/lockbox/lockbox_test.go
View file

@ -131,11 +131,7 @@ func TestGetSecretForAllEntries(t *testing.T) {
})
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
data, err := secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
},
})
data, err := secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", ""))
tassert.Nil(t, err)
tassert.Equal(
@ -173,12 +169,7 @@ func TestGetSecretForTextEntry(t *testing.T) {
})
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
data, err := secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Property: k1,
},
})
data, err := secretsClient.GetSecret(ctx, getRemoteDef(secretID, k1, ""))
tassert.Nil(t, err)
tassert.Equal(t, v1, string(data))
@ -209,12 +200,7 @@ func TestGetSecretForBinaryEntry(t *testing.T) {
})
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
data, err := secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Property: k2,
},
})
data, err := secretsClient.GetSecret(ctx, getRemoteDef(secretID, k2, ""))
tassert.Nil(t, err)
tassert.Equal(t, v2, data)
@ -243,12 +229,7 @@ func TestGetSecretByVersionID(t *testing.T) {
})
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
data, err := secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Version: oldVersionID,
},
})
data, err := secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", oldVersionID))
tassert.Nil(t, err)
tassert.Equal(t, map[string]string{oldKey: oldVal}, unmarshalStringMap(t, data))
@ -258,21 +239,11 @@ func TestGetSecretByVersionID(t *testing.T) {
textEntry(newKey, newVal),
)
data, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Version: oldVersionID,
},
})
data, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", oldVersionID))
tassert.Nil(t, err)
tassert.Equal(t, map[string]string{oldKey: oldVal}, unmarshalStringMap(t, data))
data, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Version: newVersionID,
},
})
data, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", newVersionID))
tassert.Nil(t, err)
tassert.Equal(t, map[string]string{newKey: newVal}, unmarshalStringMap(t, data))
}
@ -300,11 +271,7 @@ func TestGetSecretUnauthorized(t *testing.T) {
})
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
},
})
_, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", ""))
tassert.EqualError(t, err, errSecretPayloadPermissionDenied)
}
@ -327,22 +294,13 @@ func TestGetSecretNotFound(t *testing.T) {
})
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: "no-secret-with-this-id",
},
})
_, err = secretsClient.GetSecret(ctx, getRemoteDef("no-secret-with-this-id", "", ""))
tassert.EqualError(t, err, errSecretPayloadNotFound)
secretID, _ := lockboxBackend.CreateSecret(authorizedKey,
textEntry("k1", "v1"),
)
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Version: "no-version-with-this-id",
},
})
_, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", "no-version-with-this-id"))
tassert.EqualError(t, err, "unable to request secret payload to get secret: version not found")
}
@ -381,37 +339,17 @@ func TestGetSecretWithTwoNamespaces(t *testing.T) {
secretsClient2, err := provider.NewClient(ctx, store2, k8sClient, namespace2)
tassert.Nil(t, err)
data, err := secretsClient1.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID1,
Property: k1,
},
})
data, err := secretsClient1.GetSecret(ctx, getRemoteDef(secretID1, k1, ""))
tassert.Equal(t, v1, string(data))
tassert.Nil(t, err)
data, err = secretsClient1.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID2,
Property: k2,
},
})
data, err = secretsClient1.GetSecret(ctx, getRemoteDef(secretID2, k2, ""))
tassert.Nil(t, data)
tassert.EqualError(t, err, errSecretPayloadPermissionDenied)
data, err = secretsClient2.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID1,
Property: k1,
},
})
data, err = secretsClient2.GetSecret(ctx, getRemoteDef(secretID1, k1, ""))
tassert.Nil(t, data)
tassert.EqualError(t, err, errSecretPayloadPermissionDenied)
data, err = secretsClient2.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID2,
Property: k2,
},
})
data, err = secretsClient2.GetSecret(ctx, getRemoteDef(secretID2, k2, ""))
tassert.Equal(t, v2, string(data))
tassert.Nil(t, err)
}
@ -462,37 +400,17 @@ func TestGetSecretWithTwoApiEndpoints(t *testing.T) {
var data []byte
data, err = secretsClient1.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID1,
Property: k1,
},
})
data, err = secretsClient1.GetSecret(ctx, getRemoteDef(secretID1, k1, ""))
tassert.Equal(t, v1, string(data))
tassert.Nil(t, err)
data, err = secretsClient1.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID2,
Property: k2,
},
})
data, err = secretsClient1.GetSecret(ctx, getRemoteDef(secretID2, k2, ""))
tassert.Nil(t, data)
tassert.EqualError(t, err, errSecretPayloadNotFound)
data, err = secretsClient2.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID1,
Property: k1,
},
})
data, err = secretsClient2.GetSecret(ctx, getRemoteDef(secretID1, k1, ""))
tassert.Nil(t, data)
tassert.EqualError(t, err, errSecretPayloadNotFound)
data, err = secretsClient2.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID1,
Property: k2,
},
})
data, err = secretsClient2.GetSecret(ctx, getRemoteDef(secretID1, k2, ""))
tassert.Equal(t, v2, string(data))
tassert.Nil(t, err)
}
@ -524,34 +442,19 @@ func TestGetSecretWithIamTokenExpiration(t *testing.T) {
oldSecretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
data, err = oldSecretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Property: k1,
},
})
data, err = oldSecretsClient.GetSecret(ctx, getRemoteDef(secretID, k1, ""))
tassert.Equal(t, v1, string(data))
tassert.Nil(t, err)
lockboxBackend.AdvanceClock(2 * tokenExpirationTime)
data, err = oldSecretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Property: k1,
},
})
data, err = oldSecretsClient.GetSecret(ctx, getRemoteDef(secretID, k1, ""))
tassert.Nil(t, data)
tassert.EqualError(t, err, "unable to request secret payload to get secret: iam token expired")
newSecretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
data, err = newSecretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Property: k1,
},
})
data, err = newSecretsClient.GetSecret(ctx, getRemoteDef(secretID, k1, ""))
tassert.Equal(t, v1, string(data))
tassert.Nil(t, err)
}
@ -596,11 +499,7 @@ func TestGetSecretWithIamTokenCleanup(t *testing.T) {
// Access secretID1 with authorizedKey1, IAM token for authorizedKey1 should be cached
secretsClient, err := provider.NewClient(ctx, store1, k8sClient, namespace)
tassert.Nil(t, err)
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID1,
},
})
_, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID1, "", ""))
tassert.Nil(t, err)
tassert.True(t, provider.isIamTokenCached(authorizedKey1))
@ -611,11 +510,7 @@ func TestGetSecretWithIamTokenCleanup(t *testing.T) {
// Access secretID2 with authorizedKey2, IAM token for authorizedKey2 should be cached
secretsClient, err = provider.NewClient(ctx, store2, k8sClient, namespace)
tassert.Nil(t, err)
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID2,
},
})
_, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID2, "", ""))
tassert.Nil(t, err)
tassert.True(t, provider.isIamTokenCached(authorizedKey1))
@ -667,11 +562,7 @@ func TestGetSecretMap(t *testing.T) {
})
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
data, err := secretsClient.GetSecretMap(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
},
})
data, err := secretsClient.GetSecretMap(ctx, getRemoteDef(secretID, "", ""))
tassert.Nil(t, err)
tassert.Equal(
@ -707,12 +598,7 @@ func TestGetSecretMapByVersionID(t *testing.T) {
})
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
tassert.Nil(t, err)
data, err := secretsClient.GetSecretMap(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Version: oldVersionID,
},
})
data, err := secretsClient.GetSecretMap(ctx, getRemoteDef(secretID, "", oldVersionID))
tassert.Nil(t, err)
tassert.Equal(t, map[string][]byte{oldKey: []byte(oldVal)}, data)
@ -722,21 +608,11 @@ func TestGetSecretMapByVersionID(t *testing.T) {
textEntry(newKey, newVal),
)
data, err = secretsClient.GetSecretMap(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Version: oldVersionID,
},
})
data, err = secretsClient.GetSecretMap(ctx, getRemoteDef(secretID, "", oldVersionID))
tassert.Nil(t, err)
tassert.Equal(t, map[string][]byte{oldKey: []byte(oldVal)}, data)
data, err = secretsClient.GetSecretMap(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: secretID,
Version: newVersionID,
},
})
data, err = secretsClient.GetSecretMap(ctx, getRemoteDef(secretID, "", newVersionID))
tassert.Nil(t, err)
tassert.Equal(t, map[string][]byte{newKey: []byte(newVal)}, data)
}
@ -764,6 +640,16 @@ func newYandexLockboxSecretStore(apiEndpoint, namespace, authorizedKeySecretName
}
}
func getRemoteDef(key, property, version string) esv1alpha1.ExternalSecretDataRemoteRef {
return esv1alpha1.ExternalSecretDataRemoteRef{
Extract: esv1alpha1.ExternalSecretExtract{
Key: key,
Property: property,
Version: version,
},
}
}
func createK8sSecret(ctx context.Context, k8sClient client.Client, namespace, secretName, secretKey string, secretContent interface{}) error {
data, err := json.Marshal(secretContent)
if err != nil {