mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
Removed duplicated code
This commit is contained in:
Sebastian Gomez
parent
0cc03caae4
commit
4ca7aeb3d7
1 changed files with 36 additions and 150 deletions
|
|
@ -131,11 +131,7 @@ func TestGetSecretForAllEntries(t *testing.T) {
|
|||
})
|
||||
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
data, err := secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
},
|
||||
})
|
||||
data, err := secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", ""))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
tassert.Equal(
|
||||
|
|
@ -173,12 +169,7 @@ func TestGetSecretForTextEntry(t *testing.T) {
|
|||
})
|
||||
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
data, err := secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Property: k1,
|
||||
},
|
||||
})
|
||||
data, err := secretsClient.GetSecret(ctx, getRemoteDef(secretID, k1, ""))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
tassert.Equal(t, v1, string(data))
|
||||
|
|
@ -209,12 +200,7 @@ func TestGetSecretForBinaryEntry(t *testing.T) {
|
|||
})
|
||||
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
data, err := secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Property: k2,
|
||||
},
|
||||
})
|
||||
data, err := secretsClient.GetSecret(ctx, getRemoteDef(secretID, k2, ""))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
tassert.Equal(t, v2, data)
|
||||
|
|
@ -243,12 +229,7 @@ func TestGetSecretByVersionID(t *testing.T) {
|
|||
})
|
||||
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
data, err := secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Version: oldVersionID,
|
||||
},
|
||||
})
|
||||
data, err := secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", oldVersionID))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
tassert.Equal(t, map[string]string{oldKey: oldVal}, unmarshalStringMap(t, data))
|
||||
|
|
@ -258,21 +239,11 @@ func TestGetSecretByVersionID(t *testing.T) {
|
|||
textEntry(newKey, newVal),
|
||||
)
|
||||
|
||||
data, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Version: oldVersionID,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", oldVersionID))
|
||||
tassert.Nil(t, err)
|
||||
tassert.Equal(t, map[string]string{oldKey: oldVal}, unmarshalStringMap(t, data))
|
||||
|
||||
data, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Version: newVersionID,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", newVersionID))
|
||||
tassert.Nil(t, err)
|
||||
tassert.Equal(t, map[string]string{newKey: newVal}, unmarshalStringMap(t, data))
|
||||
}
|
||||
|
|
@ -300,11 +271,7 @@ func TestGetSecretUnauthorized(t *testing.T) {
|
|||
})
|
||||
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
},
|
||||
})
|
||||
_, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", ""))
|
||||
tassert.EqualError(t, err, errSecretPayloadPermissionDenied)
|
||||
}
|
||||
|
||||
|
|
@ -327,22 +294,13 @@ func TestGetSecretNotFound(t *testing.T) {
|
|||
})
|
||||
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: "no-secret-with-this-id",
|
||||
},
|
||||
})
|
||||
_, err = secretsClient.GetSecret(ctx, getRemoteDef("no-secret-with-this-id", "", ""))
|
||||
tassert.EqualError(t, err, errSecretPayloadNotFound)
|
||||
|
||||
secretID, _ := lockboxBackend.CreateSecret(authorizedKey,
|
||||
textEntry("k1", "v1"),
|
||||
)
|
||||
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Version: "no-version-with-this-id",
|
||||
},
|
||||
})
|
||||
_, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID, "", "no-version-with-this-id"))
|
||||
tassert.EqualError(t, err, "unable to request secret payload to get secret: version not found")
|
||||
}
|
||||
|
||||
|
|
@ -381,37 +339,17 @@ func TestGetSecretWithTwoNamespaces(t *testing.T) {
|
|||
secretsClient2, err := provider.NewClient(ctx, store2, k8sClient, namespace2)
|
||||
tassert.Nil(t, err)
|
||||
|
||||
data, err := secretsClient1.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID1,
|
||||
Property: k1,
|
||||
},
|
||||
})
|
||||
data, err := secretsClient1.GetSecret(ctx, getRemoteDef(secretID1, k1, ""))
|
||||
tassert.Equal(t, v1, string(data))
|
||||
tassert.Nil(t, err)
|
||||
data, err = secretsClient1.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID2,
|
||||
Property: k2,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient1.GetSecret(ctx, getRemoteDef(secretID2, k2, ""))
|
||||
tassert.Nil(t, data)
|
||||
tassert.EqualError(t, err, errSecretPayloadPermissionDenied)
|
||||
|
||||
data, err = secretsClient2.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID1,
|
||||
Property: k1,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient2.GetSecret(ctx, getRemoteDef(secretID1, k1, ""))
|
||||
tassert.Nil(t, data)
|
||||
tassert.EqualError(t, err, errSecretPayloadPermissionDenied)
|
||||
data, err = secretsClient2.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID2,
|
||||
Property: k2,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient2.GetSecret(ctx, getRemoteDef(secretID2, k2, ""))
|
||||
tassert.Equal(t, v2, string(data))
|
||||
tassert.Nil(t, err)
|
||||
}
|
||||
|
|
@ -462,37 +400,17 @@ func TestGetSecretWithTwoApiEndpoints(t *testing.T) {
|
|||
|
||||
var data []byte
|
||||
|
||||
data, err = secretsClient1.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID1,
|
||||
Property: k1,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient1.GetSecret(ctx, getRemoteDef(secretID1, k1, ""))
|
||||
tassert.Equal(t, v1, string(data))
|
||||
tassert.Nil(t, err)
|
||||
data, err = secretsClient1.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID2,
|
||||
Property: k2,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient1.GetSecret(ctx, getRemoteDef(secretID2, k2, ""))
|
||||
tassert.Nil(t, data)
|
||||
tassert.EqualError(t, err, errSecretPayloadNotFound)
|
||||
|
||||
data, err = secretsClient2.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID1,
|
||||
Property: k1,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient2.GetSecret(ctx, getRemoteDef(secretID1, k1, ""))
|
||||
tassert.Nil(t, data)
|
||||
tassert.EqualError(t, err, errSecretPayloadNotFound)
|
||||
data, err = secretsClient2.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID1,
|
||||
Property: k2,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient2.GetSecret(ctx, getRemoteDef(secretID1, k2, ""))
|
||||
tassert.Equal(t, v2, string(data))
|
||||
tassert.Nil(t, err)
|
||||
}
|
||||
|
|
@ -524,34 +442,19 @@ func TestGetSecretWithIamTokenExpiration(t *testing.T) {
|
|||
|
||||
oldSecretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
data, err = oldSecretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Property: k1,
|
||||
},
|
||||
})
|
||||
data, err = oldSecretsClient.GetSecret(ctx, getRemoteDef(secretID, k1, ""))
|
||||
tassert.Equal(t, v1, string(data))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
lockboxBackend.AdvanceClock(2 * tokenExpirationTime)
|
||||
|
||||
data, err = oldSecretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Property: k1,
|
||||
},
|
||||
})
|
||||
data, err = oldSecretsClient.GetSecret(ctx, getRemoteDef(secretID, k1, ""))
|
||||
tassert.Nil(t, data)
|
||||
tassert.EqualError(t, err, "unable to request secret payload to get secret: iam token expired")
|
||||
|
||||
newSecretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
data, err = newSecretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Property: k1,
|
||||
},
|
||||
})
|
||||
data, err = newSecretsClient.GetSecret(ctx, getRemoteDef(secretID, k1, ""))
|
||||
tassert.Equal(t, v1, string(data))
|
||||
tassert.Nil(t, err)
|
||||
}
|
||||
|
|
@ -596,11 +499,7 @@ func TestGetSecretWithIamTokenCleanup(t *testing.T) {
|
|||
// Access secretID1 with authorizedKey1, IAM token for authorizedKey1 should be cached
|
||||
secretsClient, err := provider.NewClient(ctx, store1, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID1,
|
||||
},
|
||||
})
|
||||
_, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID1, "", ""))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
tassert.True(t, provider.isIamTokenCached(authorizedKey1))
|
||||
|
|
@ -611,11 +510,7 @@ func TestGetSecretWithIamTokenCleanup(t *testing.T) {
|
|||
// Access secretID2 with authorizedKey2, IAM token for authorizedKey2 should be cached
|
||||
secretsClient, err = provider.NewClient(ctx, store2, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
_, err = secretsClient.GetSecret(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID2,
|
||||
},
|
||||
})
|
||||
_, err = secretsClient.GetSecret(ctx, getRemoteDef(secretID2, "", ""))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
tassert.True(t, provider.isIamTokenCached(authorizedKey1))
|
||||
|
|
@ -667,11 +562,7 @@ func TestGetSecretMap(t *testing.T) {
|
|||
})
|
||||
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
data, err := secretsClient.GetSecretMap(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
},
|
||||
})
|
||||
data, err := secretsClient.GetSecretMap(ctx, getRemoteDef(secretID, "", ""))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
tassert.Equal(
|
||||
|
|
@ -707,12 +598,7 @@ func TestGetSecretMapByVersionID(t *testing.T) {
|
|||
})
|
||||
secretsClient, err := provider.NewClient(ctx, store, k8sClient, namespace)
|
||||
tassert.Nil(t, err)
|
||||
data, err := secretsClient.GetSecretMap(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Version: oldVersionID,
|
||||
},
|
||||
})
|
||||
data, err := secretsClient.GetSecretMap(ctx, getRemoteDef(secretID, "", oldVersionID))
|
||||
tassert.Nil(t, err)
|
||||
|
||||
tassert.Equal(t, map[string][]byte{oldKey: []byte(oldVal)}, data)
|
||||
|
|
@ -722,21 +608,11 @@ func TestGetSecretMapByVersionID(t *testing.T) {
|
|||
textEntry(newKey, newVal),
|
||||
)
|
||||
|
||||
data, err = secretsClient.GetSecretMap(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Version: oldVersionID,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient.GetSecretMap(ctx, getRemoteDef(secretID, "", oldVersionID))
|
||||
tassert.Nil(t, err)
|
||||
tassert.Equal(t, map[string][]byte{oldKey: []byte(oldVal)}, data)
|
||||
|
||||
data, err = secretsClient.GetSecretMap(ctx, esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: secretID,
|
||||
Version: newVersionID,
|
||||
},
|
||||
})
|
||||
data, err = secretsClient.GetSecretMap(ctx, getRemoteDef(secretID, "", newVersionID))
|
||||
tassert.Nil(t, err)
|
||||
tassert.Equal(t, map[string][]byte{newKey: []byte(newVal)}, data)
|
||||
}
|
||||
|
|
@ -764,6 +640,16 @@ func newYandexLockboxSecretStore(apiEndpoint, namespace, authorizedKeySecretName
|
|||
}
|
||||
}
|
||||
|
||||
func getRemoteDef(key, property, version string) esv1alpha1.ExternalSecretDataRemoteRef {
|
||||
return esv1alpha1.ExternalSecretDataRemoteRef{
|
||||
Extract: esv1alpha1.ExternalSecretExtract{
|
||||
Key: key,
|
||||
Property: property,
|
||||
Version: version,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func createK8sSecret(ctx context.Context, k8sClient client.Client, namespace, secretName, secretKey string, secretContent interface{}) error {
|
||||
data, err := json.Marshal(secretContent)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in a new issue