mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

Adding tests for externalSecrets, secretStores and ClusterSecretStores conversion methods

Browse source 
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
This commit is contained in:
Gustavo Carvalho 2022-02-11 11:13:43 -03:00
parent 633c777d7a
commit cb7f936228
2 changed files with 462 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

217
apis/externalsecrets/v1alpha1/externalsecret_conversion_test.go Normal file
View file

@ -0,0 +1,217 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
"testing"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
)
func newExternalSecretV1Alpha1() *ExternalSecret {
return &ExternalSecret{
ObjectMeta: metav1.ObjectMeta{
Name: "full-es",
Namespace: "my-ns",
},
Status: ExternalSecretStatus{
SyncedResourceVersion: "123",
Conditions: []ExternalSecretStatusCondition{
{
Type: ExternalSecretReady,
Status: corev1.ConditionTrue,
Reason: "it's a mock, it's always ready",
Message: "...why wouldn't it be?",
},
},
},
Spec: ExternalSecretSpec{
SecretStoreRef: SecretStoreRef{
Name: "test-secret-store",
Kind: "ClusterSecretStore",
},
Target: ExternalSecretTarget{
Name: "test-target",
CreationPolicy: Owner,
Immutable: false,
Template: &ExternalSecretTemplate{
Type: corev1.SecretTypeOpaque,
Metadata: ExternalSecretTemplateMetadata{
Annotations: map[string]string{
"foo": "bar",
},
Labels: map[string]string{
"foolbl": "barlbl",
},
},
Data: map[string]string{
"my-key": "{{.data | toString}}",
},
TemplateFrom: []TemplateFrom{
{
ConfigMap: &TemplateRef{
Name: "test-configmap",
Items: []TemplateRefItem{
{
Key: "my-key",
},
},
},
Secret: &TemplateRef{
Name: "test-secret",
Items: []TemplateRefItem{
{
Key: "my-key",
},
},
},
},
},
},
},
Data: []ExternalSecretData{
{
SecretKey: "my-key",
RemoteRef: ExternalSecretDataRemoteRef{
Key: "datakey",
Property: "dataproperty",
Version: "dataversion",
},
},
},
DataFrom: []ExternalSecretDataRemoteRef{
{
Key: "key",
Property: "property",
Version: "version",
},
},
},
}
}
func newExternalSecretV1Beta1() *esv1beta1.ExternalSecret {
return &esv1beta1.ExternalSecret{
ObjectMeta: metav1.ObjectMeta{
Name: "full-es",
Namespace: "my-ns",
},
Status: esv1beta1.ExternalSecretStatus{
SyncedResourceVersion: "123",
Conditions: []esv1beta1.ExternalSecretStatusCondition{
{
Type: esv1beta1.ExternalSecretReady,
Status: corev1.ConditionTrue,
Reason: "it's a mock, it's always ready",
Message: "...why wouldn't it be?",
},
},
},
Spec: esv1beta1.ExternalSecretSpec{
SecretStoreRef: esv1beta1.SecretStoreRef{
Name: "test-secret-store",
Kind: "ClusterSecretStore",
},
Target: esv1beta1.ExternalSecretTarget{
Name: "test-target",
CreationPolicy: esv1beta1.Owner,
Immutable: false,
Template: &esv1beta1.ExternalSecretTemplate{
Type: corev1.SecretTypeOpaque,
Metadata: esv1beta1.ExternalSecretTemplateMetadata{
Annotations: map[string]string{
"foo": "bar",
},
Labels: map[string]string{
"foolbl": "barlbl",
},
},
Data: map[string]string{
"my-key": "{{.data | toString}}",
},
TemplateFrom: []esv1beta1.TemplateFrom{
{
ConfigMap: &esv1beta1.TemplateRef{
Name: "test-configmap",
Items: []esv1beta1.TemplateRefItem{
{
Key: "my-key",
},
},
},
Secret: &esv1beta1.TemplateRef{
Name: "test-secret",
Items: []esv1beta1.TemplateRefItem{
{
Key: "my-key",
},
},
},
},
},
},
},
Data: []esv1beta1.ExternalSecretData{
{
SecretKey: "my-key",
RemoteRef: esv1beta1.ExternalSecretDataRemoteRef{
Key: "datakey",
Property: "dataproperty",
Version: "dataversion",
},
},
},
DataFrom: []esv1beta1.ExternalSecretDataFromRemoteRef{
{
Extract: esv1beta1.ExternalSecretDataRemoteRef{
Key: "key",
Property: "property",
Version: "version",
},
},
},
},
}
}
func TestExternalSecretConvertFrom(t *testing.T) {
given := newExternalSecretV1Beta1()
want := newExternalSecretV1Alpha1()
got := &ExternalSecret{}
err := got.ConvertFrom(given)
if err != nil {
t.Errorf("test failed with error: %v", err)
}
if !assert.Equal(t, want, got) {
t.Errorf("test failed, expected: %v, got: %v", want, got)
}
}
func TestExternalSecretConvertTo(t *testing.T) {
want := newExternalSecretV1Beta1()
given := newExternalSecretV1Alpha1()
got := &esv1beta1.ExternalSecret{}
err := given.ConvertTo(got)
if err != nil {
t.Errorf("test failed with error: %v", err)
}
if !assert.Equal(t, want, got) {
t.Errorf("test failed, expected: %v, got: %v", want, got)
}
}

245
apis/externalsecrets/v1alpha1/secretstore_conversion_test.go Normal file
View file

@ -0,0 +1,245 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
"testing"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
)
func newSecretStoreV1Alpha1() *SecretStore {
return &SecretStore{
ObjectMeta: metav1.ObjectMeta{
Name: "secret-store",
Namespace: "my-namespace",
},
Status: SecretStoreStatus{
Conditions: []SecretStoreStatusCondition{
{
Type: SecretStoreReady,
Status: corev1.ConditionTrue,
Reason: "it's a mock, it's always ready",
Message: "...why wouldn't it be?",
},
},
},
Spec: SecretStoreSpec{
Controller: "dev",
Provider: &SecretStoreProvider{
AWS: &AWSProvider{
Service: AWSServiceSecretsManager,
Region: "us-east-1",
Role: "arn:aws:iam::123456789012:role/my-role",
Auth: AWSAuth{
SecretRef: &AWSAuthSecretRef{
AccessKeyID: esmeta.SecretKeySelector{
Name: "my-access",
Key: "my-key",
},
SecretAccessKey: esmeta.SecretKeySelector{
Name: "my-secret",
Key: "my-key",
},
},
},
},
},
},
}
}
func newSecretStoreV1Beta1() *esv1beta1.SecretStore {
return &esv1beta1.SecretStore{
ObjectMeta: metav1.ObjectMeta{
Name: "secret-store",
Namespace: "my-namespace",
},
Status: esv1beta1.SecretStoreStatus{
Conditions: []esv1beta1.SecretStoreStatusCondition{
{
Type: esv1beta1.SecretStoreReady,
Status: corev1.ConditionTrue,
Reason: "it's a mock, it's always ready",
Message: "...why wouldn't it be?",
},
},
},
Spec: esv1beta1.SecretStoreSpec{
Controller: "dev",
Provider: &esv1beta1.SecretStoreProvider{
AWS: &esv1beta1.AWSProvider{
Service: esv1beta1.AWSServiceSecretsManager,
Region: "us-east-1",
Role: "arn:aws:iam::123456789012:role/my-role",
Auth: esv1beta1.AWSAuth{
SecretRef: &esv1beta1.AWSAuthSecretRef{
AccessKeyID: esmeta.SecretKeySelector{
Name: "my-access",
Key: "my-key",
},
SecretAccessKey: esmeta.SecretKeySelector{
Name: "my-secret",
Key: "my-key",
},
},
},
},
},
},
}
}
func newClusterSecretStoreV1Alpha1() *ClusterSecretStore {
ns := "my-namespace"
return &ClusterSecretStore{
ObjectMeta: metav1.ObjectMeta{
Name: "secret-store",
},
Status: SecretStoreStatus{
Conditions: []SecretStoreStatusCondition{
{
Type: SecretStoreReady,
Status: corev1.ConditionTrue,
Reason: "it's a mock, it's always ready",
Message: "...why wouldn't it be?",
},
},
},
Spec: SecretStoreSpec{
Controller: "dev",
Provider: &SecretStoreProvider{
AWS: &AWSProvider{
Service: AWSServiceSecretsManager,
Region: "us-east-1",
Role: "arn:aws:iam::123456789012:role/my-role",
Auth: AWSAuth{
SecretRef: &AWSAuthSecretRef{
AccessKeyID: esmeta.SecretKeySelector{
Name: "my-access",
Key: "my-key",
Namespace: &ns,
},
SecretAccessKey: esmeta.SecretKeySelector{
Name: "my-secret",
Key: "my-key",
Namespace: &ns,
},
},
},
},
},
},
}
}
func newClusterSecretStoreV1Beta1() *esv1beta1.ClusterSecretStore {
ns := "my-namespace"
return &esv1beta1.ClusterSecretStore{
ObjectMeta: metav1.ObjectMeta{
Name: "secret-store",
},
Status: esv1beta1.SecretStoreStatus{
Conditions: []esv1beta1.SecretStoreStatusCondition{
{
Type: esv1beta1.SecretStoreReady,
Status: corev1.ConditionTrue,
Reason: "it's a mock, it's always ready",
Message: "...why wouldn't it be?",
},
},
},
Spec: esv1beta1.SecretStoreSpec{
Controller: "dev",
Provider: &esv1beta1.SecretStoreProvider{
AWS: &esv1beta1.AWSProvider{
Service: esv1beta1.AWSServiceSecretsManager,
Region: "us-east-1",
Role: "arn:aws:iam::123456789012:role/my-role",
Auth: esv1beta1.AWSAuth{
SecretRef: &esv1beta1.AWSAuthSecretRef{
AccessKeyID: esmeta.SecretKeySelector{
Name: "my-access",
Key: "my-key",
Namespace: &ns,
},
SecretAccessKey: esmeta.SecretKeySelector{
Name: "my-secret",
Key: "my-key",
Namespace: &ns,
},
},
},
},
},
},
}
}
func TestSecretStoreConvertFrom(t *testing.T) {
given := newSecretStoreV1Beta1()
want := newSecretStoreV1Alpha1()
got := &SecretStore{}
err := got.ConvertFrom(given)
if err != nil {
t.Errorf("test failed with error: %v", err)
}
if !assert.Equal(t, want, got) {
t.Errorf("test failed, expected: %v, got: %v", want, got)
}
}
func TestSecretStoreConvertTo(t *testing.T) {
want := newSecretStoreV1Beta1()
given := newSecretStoreV1Alpha1()
got := &esv1beta1.SecretStore{}
err := given.ConvertTo(got)
if err != nil {
t.Errorf("test failed with error: %v", err)
}
if !assert.Equal(t, want, got) {
t.Errorf("test failed, expected: %v, got: %v", want, got)
}
}
func TestClusterSecretStoreConvertFrom(t *testing.T) {
given := newClusterSecretStoreV1Beta1()
want := newClusterSecretStoreV1Alpha1()
got := &ClusterSecretStore{}
err := got.ConvertFrom(given)
if err != nil {
t.Errorf("test failed with error: %v", err)
}
if !assert.Equal(t, want, got) {
t.Errorf("test failed, expected: %v, got: %v", want, got)
}
}
func TestClusterSecretStoreConvertTo(t *testing.T) {
want := newClusterSecretStoreV1Beta1()
given := newClusterSecretStoreV1Alpha1()
got := &esv1beta1.ClusterSecretStore{}
err := given.ConvertTo(got)
if err != nil {
t.Errorf("test failed with error: %v", err)
}
if !assert.Equal(t, want, got) {
t.Errorf("test failed, expected: %v, got: %v", want, got)
}
}