mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
feat: add push secret to e2e tests (#3017)
* feat: add push secret to e2e tests Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * finally, a fully working example for an e2e flow with push secret Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix value field duplication issue Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
This commit is contained in:
parent
c00d90dec8
commit
e726087851
168 changed files with 424 additions and 89 deletions
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1beta1
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1beta1
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1beta1
|
||||
|
||||
import (
|
||||
|
|
|
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package cmd
|
||||
|
||||
import (
|
||||
|
|
|
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package cmd
|
||||
|
||||
import (
|
||||
|
|
|
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package cmd
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package addon
|
||||
|
||||
import (
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package addon
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package addon
|
||||
|
||||
import (
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package addon
|
||||
|
||||
import (
|
||||
|
|
|
@ -10,6 +10,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package addon
|
||||
|
||||
import (
|
||||
|
|
|
@ -10,6 +10,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package addon
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package addon
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package addon
|
||||
|
||||
import (
|
||||
|
@ -33,7 +34,7 @@ import (
|
|||
vault "github.com/hashicorp/vault/api"
|
||||
|
||||
// nolint
|
||||
ginkgo "github.com/onsi/ginkgo/v2"
|
||||
"github.com/onsi/ginkgo/v2"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package framework
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package log
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package framework
|
||||
|
||||
import (
|
||||
|
@ -34,10 +35,13 @@ type TestCase struct {
|
|||
Framework *Framework
|
||||
ExternalSecret *esv1beta1.ExternalSecret
|
||||
ExternalSecretV1Alpha1 *esv1alpha1.ExternalSecret
|
||||
PushSecret *esv1alpha1.PushSecret
|
||||
PushSecretSource *v1.Secret
|
||||
AdditionalObjects []client.Object
|
||||
Secrets map[string]SecretEntry
|
||||
ExpectedSecret *v1.Secret
|
||||
AfterSync func(SecretStoreProvider, *v1.Secret)
|
||||
VerifyPushSecretOutcome func(ps *esv1alpha1.PushSecret, pushClient esv1beta1.SecretsClient)
|
||||
}
|
||||
|
||||
type SecretEntry struct {
|
||||
|
@ -52,48 +56,47 @@ type SecretStoreProvider interface {
|
|||
DeleteSecret(key string)
|
||||
}
|
||||
|
||||
// TableFunc returns the main func that runs a TestCase in a table driven test.
|
||||
func TableFunc(f *Framework, prov SecretStoreProvider) func(...func(*TestCase)) {
|
||||
// TableFuncWithExternalSecret returns the main func that runs a TestCase in a table driven test.
|
||||
func TableFuncWithExternalSecret(f *Framework, prov SecretStoreProvider) func(...func(*TestCase)) {
|
||||
return func(tweaks ...func(*TestCase)) {
|
||||
var err error
|
||||
|
||||
// make default test case
|
||||
// and apply customization to it
|
||||
tc := makeDefaultTestCase(f)
|
||||
tc := makeDefaultExternalSecretTestCase(f)
|
||||
for _, tweak := range tweaks {
|
||||
tweak(tc)
|
||||
}
|
||||
|
||||
// create secrets & defer delete
|
||||
var deferRemoveKeys []string
|
||||
for k, v := range tc.Secrets {
|
||||
key := k
|
||||
prov.CreateSecret(key, v)
|
||||
defer func() {
|
||||
prov.DeleteSecret(key)
|
||||
}()
|
||||
deferRemoveKeys = append(deferRemoveKeys, key)
|
||||
}
|
||||
|
||||
defer func() {
|
||||
for _, k := range deferRemoveKeys {
|
||||
prov.DeleteSecret(k)
|
||||
}
|
||||
}()
|
||||
|
||||
// create v1alpha1 external secret, if provided
|
||||
if tc.ExternalSecretV1Alpha1 != nil {
|
||||
err = tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecretV1Alpha1)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
} else if tc.ExternalSecret != nil {
|
||||
// create v1beta1 external secret otherwise
|
||||
err = tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecret)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
}
|
||||
if tc.AdditionalObjects != nil {
|
||||
for _, obj := range tc.AdditionalObjects {
|
||||
err = tc.Framework.CRClient.Create(context.Background(), obj)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
}
|
||||
}
|
||||
createProvidedExternalSecret(tc)
|
||||
|
||||
// create additional objects
|
||||
generateAdditionalObjects(tc)
|
||||
|
||||
// in case target name is empty
|
||||
if tc.ExternalSecret != nil && tc.ExternalSecret.Spec.Target.Name == "" {
|
||||
TargetSecretName = tc.ExternalSecret.ObjectMeta.Name
|
||||
}
|
||||
|
||||
// wait for Kind=Secret to have the expected data
|
||||
executeAfterSync(tc, f, prov)
|
||||
}
|
||||
}
|
||||
|
||||
func executeAfterSync(tc *TestCase, f *Framework, prov SecretStoreProvider) {
|
||||
if tc.ExpectedSecret != nil {
|
||||
secret, err := tc.Framework.WaitForSecretValue(tc.Framework.Namespace.Name, TargetSecretName, tc.ExpectedSecret)
|
||||
if err != nil {
|
||||
|
@ -107,9 +110,60 @@ func TableFunc(f *Framework, prov SecretStoreProvider) func(...func(*TestCase))
|
|||
tc.AfterSync(prov, nil)
|
||||
}
|
||||
}
|
||||
|
||||
func generateAdditionalObjects(tc *TestCase) {
|
||||
if tc.AdditionalObjects != nil {
|
||||
for _, obj := range tc.AdditionalObjects {
|
||||
err := tc.Framework.CRClient.Create(context.Background(), obj)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func makeDefaultTestCase(f *Framework) *TestCase {
|
||||
func createProvidedExternalSecret(tc *TestCase) {
|
||||
if tc.ExternalSecretV1Alpha1 != nil {
|
||||
err := tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecretV1Alpha1)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
} else if tc.ExternalSecret != nil {
|
||||
// create v1beta1 external secret otherwise
|
||||
err := tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecret)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
}
|
||||
}
|
||||
|
||||
// TableFuncWithPushSecret returns the main func that runs a TestCase in a table driven test for push secrets.
|
||||
func TableFuncWithPushSecret(f *Framework, prov SecretStoreProvider, pushClient esv1beta1.SecretsClient) func(...func(*TestCase)) {
|
||||
return func(tweaks ...func(*TestCase)) {
|
||||
var err error
|
||||
|
||||
// make default test case
|
||||
// and apply customization to it
|
||||
tc := makeDefaultPushSecretTestCase(f)
|
||||
for _, tweak := range tweaks {
|
||||
tweak(tc)
|
||||
}
|
||||
|
||||
if tc.PushSecretSource != nil {
|
||||
err := tc.Framework.CRClient.Create(context.Background(), tc.PushSecretSource)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
}
|
||||
|
||||
// create v1alpha1 push secret, if provided
|
||||
if tc.PushSecret != nil {
|
||||
// create v1beta1 external secret otherwise
|
||||
err = tc.Framework.CRClient.Create(context.Background(), tc.PushSecret)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
}
|
||||
|
||||
// additional objects
|
||||
generateAdditionalObjects(tc)
|
||||
|
||||
// Run verification on the secret that push secret created or not.
|
||||
tc.VerifyPushSecretOutcome(tc.PushSecret, pushClient)
|
||||
}
|
||||
}
|
||||
|
||||
func makeDefaultExternalSecretTestCase(f *Framework) *TestCase {
|
||||
return &TestCase{
|
||||
AfterSync: func(ssp SecretStoreProvider, s *v1.Secret) {},
|
||||
Framework: f,
|
||||
|
@ -130,3 +184,23 @@ func makeDefaultTestCase(f *Framework) *TestCase {
|
|||
},
|
||||
}
|
||||
}
|
||||
|
||||
func makeDefaultPushSecretTestCase(f *Framework) *TestCase {
|
||||
return &TestCase{
|
||||
Framework: f,
|
||||
PushSecret: &esv1alpha1.PushSecret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "e2e-ps",
|
||||
Namespace: f.Namespace.Name,
|
||||
},
|
||||
Spec: esv1alpha1.PushSecretSpec{
|
||||
RefreshInterval: &metav1.Duration{Duration: time.Second * 5},
|
||||
SecretStoreRefs: []esv1alpha1.PushSecretStoreRef{
|
||||
{
|
||||
Name: f.Namespace.Name,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package argocd
|
||||
|
||||
import (
|
||||
|
@ -28,7 +29,7 @@ var _ = Describe("argocd", Label("argocd"), func() {
|
|||
f := framework.New("argocd")
|
||||
prov := fake.NewProvider(f)
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
Entry(common.SimpleDataSync(f)),
|
||||
Entry(common.JSONDataFromSync(f)),
|
||||
Entry(common.SSHKeySync(f)),
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package argocd
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package argocd
|
||||
|
||||
import (
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package flux
|
||||
|
||||
import (
|
||||
|
@ -28,7 +29,7 @@ var _ = Describe("flux", Label("flux"), func() {
|
|||
f := framework.New("flux")
|
||||
prov := fake.NewProvider(f)
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
Entry(common.SimpleDataSync(f)),
|
||||
Entry(common.JSONDataFromSync(f)),
|
||||
Entry(common.SSHKeySync(f)),
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package flux
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package flux
|
||||
|
||||
import (
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package generator
|
||||
|
||||
import (
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package generator
|
||||
|
||||
import (
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package generator
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package generator
|
||||
|
||||
import (
|
||||
|
|
|
@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package generator
|
||||
|
||||
import (
|
||||
|
|
|
@ -27,7 +27,7 @@ var _ = Describe("[akeyless]", Label("akeyless"), func() {
|
|||
f := framework.New("eso-akeyless")
|
||||
prov := newFromEnv(f)
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
Entry(common.SimpleDataSync(f)),
|
||||
Entry(common.NestedJSONWithGJSON(f)),
|
||||
Entry(common.JSONDataFromSync(f)),
|
||||
|
|
|
@ -27,7 +27,7 @@ var _ = Describe("[alibaba]", Label("alibaba"), func() {
|
|||
f := framework.New("eso-alibaba")
|
||||
prov := newFromEnv(f)
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
Entry(common.SimpleDataSync(f)),
|
||||
Entry(common.NestedJSONWithGJSON(f)),
|
||||
Entry(common.JSONDataFromSync(f)),
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package common
|
||||
|
||||
import (
|
||||
|
|
|
@ -35,7 +35,7 @@ var _ = Describe("[aws] ", Label("aws", "parameterstore"), func() {
|
|||
prov := NewFromEnv(f)
|
||||
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
framework.Compose(withStaticAuth, f, common.SimpleDataSync, useStaticAuth),
|
||||
framework.Compose(withStaticAuth, f, common.NestedJSONWithGJSON, useStaticAuth),
|
||||
|
|
|
@ -34,7 +34,7 @@ var _ = Describe("[awsmanaged] IRSA via referenced service account", Label("aws"
|
|||
|
||||
// nolint
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
framework.Compose(awscommon.WithReferencedIRSA, f, common.SimpleDataSync, awscommon.UseClusterSecretStore),
|
||||
framework.Compose(awscommon.WithReferencedIRSA, f, common.NestedJSONWithGJSON, awscommon.UseClusterSecretStore),
|
||||
|
@ -74,7 +74,7 @@ var _ = Describe("[awsmanaged] with mounted IRSA", Label("aws", "parameterstore"
|
|||
|
||||
// nolint
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
framework.Compose(awscommon.WithMountedIRSA, f, common.SimpleDataSync, awscommon.UseMountedIRSAStore),
|
||||
framework.Compose(awscommon.WithMountedIRSA, f, common.NestedJSONWithGJSON, awscommon.UseMountedIRSAStore),
|
||||
|
|
|
@ -37,7 +37,7 @@ var _ = Describe("[aws] ", Label("aws", "secretsmanager"), func() {
|
|||
prov := NewFromEnv(f)
|
||||
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
framework.Compose(withStaticAuth, f, common.SimpleDataSync, useStaticAuth),
|
||||
framework.Compose(withStaticAuth, f, common.NestedJSONWithGJSON, useStaticAuth),
|
||||
|
|
|
@ -34,7 +34,7 @@ var _ = Describe("[awsmanaged] IRSA via referenced service account", Label("aws"
|
|||
|
||||
// nolint
|
||||
DescribeTable("sync secretsmanager secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
framework.Compose(awscommon.WithReferencedIRSA, f, common.SimpleDataSync, awscommon.UseClusterSecretStore),
|
||||
framework.Compose(awscommon.WithReferencedIRSA, f, common.NestedJSONWithGJSON, awscommon.UseClusterSecretStore),
|
||||
|
@ -74,7 +74,7 @@ var _ = Describe("[awsmanaged] with mounted IRSA", Label("aws", "secretsmanager"
|
|||
|
||||
// nolint
|
||||
DescribeTable("sync secretsmanager secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
framework.Compose(awscommon.WithMountedIRSA, f, common.SimpleDataSync, awscommon.UseMountedIRSAStore),
|
||||
framework.Compose(awscommon.WithMountedIRSA, f, common.NestedJSONWithGJSON, awscommon.UseMountedIRSAStore),
|
||||
|
|
|
@ -41,7 +41,7 @@ var _ = Describe("[azure]", Label("azure", "keyvault", "cert"), func() {
|
|||
prov.DeleteCertificate(certName)
|
||||
})
|
||||
|
||||
ff := framework.TableFunc(f, prov)
|
||||
ff := framework.TableFuncWithExternalSecret(f, prov)
|
||||
It("should sync keyvault objects with type=cert", func() {
|
||||
ff(func(tc *framework.TestCase) {
|
||||
secretKey := "azkv-cert"
|
||||
|
|
|
@ -42,7 +42,7 @@ var _ = Describe("[azure]", Label("azure", "keyvault", "key"), func() {
|
|||
prov.DeleteKey(keyName)
|
||||
})
|
||||
|
||||
ff := framework.TableFunc(f, prov)
|
||||
ff := framework.TableFuncWithExternalSecret(f, prov)
|
||||
|
||||
It("should sync keyvault objects with type=key", func() {
|
||||
ff(func(tc *framework.TestCase) {
|
||||
|
|
|
@ -49,7 +49,7 @@ var _ = Describe("[azuremanaged] with pod identity", Label("azure", "keyvault",
|
|||
})
|
||||
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
// uses pod id
|
||||
framework.Compose(withPodID, f, common.SimpleDataSync, usePodIDESReference),
|
||||
|
|
|
@ -32,7 +32,7 @@ var _ = Describe("[azure]", Label("azure", "keyvault", "secret"), func() {
|
|||
f := framework.New("eso-azure")
|
||||
prov := newFromEnv(f)
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
framework.Compose(withStaticCredentials, f, common.SimpleDataSync, useStaticCredentials),
|
||||
framework.Compose(withStaticCredentials, f, common.NestedJSONWithGJSON, useStaticCredentials),
|
||||
framework.Compose(withStaticCredentials, f, common.JSONDataFromSync, useStaticCredentials),
|
||||
|
|
|
@ -30,7 +30,7 @@ var _ = ginkgo.Describe("[delinea]", ginkgo.Label("delinea"), func() {
|
|||
createResources(context.Background(), f, cfg)
|
||||
})
|
||||
|
||||
ginkgo.DescribeTable("sync secrets", framework.TableFunc(f, provider),
|
||||
ginkgo.DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, provider),
|
||||
|
||||
ginkgo.Entry(common.JSONDataWithProperty(f)),
|
||||
ginkgo.Entry(common.JSONDataWithoutTargetName(f)),
|
||||
|
|
|
@ -11,12 +11,12 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
|
||||
// nolint
|
||||
. "github.com/onsi/ginkgo/v2"
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ var _ = Describe("[gcp]", Label("gcp", "secretsmanager"), func() {
|
|||
f := framework.New("eso-gcp")
|
||||
prov := NewFromEnv(f, "")
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
framework.Compose(withStaticAuth, f, common.SimpleDataSync, useStaticAuth),
|
||||
framework.Compose(withStaticAuth, f, common.JSONDataWithProperty, useStaticAuth),
|
||||
framework.Compose(withStaticAuth, f, common.JSONDataFromSync, useStaticAuth),
|
||||
|
|
|
@ -50,7 +50,7 @@ var _ = Describe("[gcpmanaged] with pod identity", Label("gcp", "secretsmanager"
|
|||
})
|
||||
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
// uses pod id
|
||||
framework.Compose(withPodID, f, common.SimpleDataSync, usePodIDESReference),
|
||||
|
@ -86,7 +86,7 @@ var _ = Describe("[gcpmanaged] with service account", Label("gcp", "secretsmanag
|
|||
})
|
||||
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
// uses specific sa
|
||||
framework.Compose(withSpecifcSA, f, common.JSONDataFromSync, useSpecifcSAESReference(prov)),
|
||||
|
|
|
@ -30,7 +30,7 @@ var _ = Describe("[gitlab]", Label("gitlab"), func() {
|
|||
f := framework.New("eso-gitlab")
|
||||
prov := newFromEnv(f)
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
Entry(common.SimpleDataSync(f)),
|
||||
Entry(common.JSONDataWithProperty(f)),
|
||||
Entry(common.JSONDataFromSync(f)),
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package gitlab
|
||||
|
||||
import (
|
||||
|
@ -23,7 +24,7 @@ import (
|
|||
|
||||
// nolint
|
||||
. "github.com/onsi/gomega"
|
||||
gitlab "github.com/xanzy/go-gitlab"
|
||||
"github.com/xanzy/go-gitlab"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package suite
|
||||
|
||||
import (
|
||||
|
|
|
@ -33,7 +33,7 @@ var _ = Describe("[kubernetes] ", Label("kubernetes"), func() {
|
|||
prov := NewProvider(f)
|
||||
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f,
|
||||
framework.TableFuncWithExternalSecret(f,
|
||||
prov),
|
||||
Entry(common.JSONDataWithProperty(f)),
|
||||
Entry(common.JSONDataWithoutTargetName(f)),
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package kubernetes
|
||||
|
||||
import (
|
||||
|
|
|
@ -25,7 +25,7 @@ var _ = Describe("[oracle]", Label("oracle"), func() {
|
|||
f := framework.New("eso-oracle")
|
||||
prov := newFromEnv(f)
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
Entry(common.SimpleDataSync(f)),
|
||||
Entry(common.NestedJSONWithGJSON(f)),
|
||||
Entry(common.JSONDataFromSync(f)),
|
||||
|
|
|
@ -2,6 +2,8 @@ package scaleway
|
|||
|
||||
import (
|
||||
"context"
|
||||
"sync"
|
||||
|
||||
"github.com/external-secrets/external-secrets-e2e/framework"
|
||||
"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
|
||||
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
|
||||
|
@ -10,7 +12,6 @@ import (
|
|||
"github.com/onsi/gomega"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"sync"
|
||||
)
|
||||
|
||||
var cleanupOnce sync.Once
|
||||
|
@ -37,7 +38,7 @@ var _ = ginkgo.Describe("[scaleway]", ginkgo.Label("scaleway"), func() {
|
|||
createResources(context.Background(), f, cfg)
|
||||
})
|
||||
|
||||
ginkgo.DescribeTable("sync secrets", framework.TableFunc(f, provider),
|
||||
ginkgo.DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, provider),
|
||||
|
||||
//ginkgo.Entry(common.SyncV1Alpha1(f)), // not supported
|
||||
ginkgo.Entry(common.SimpleDataSync(f)),
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package template
|
||||
|
||||
import (
|
||||
|
|
|
@ -10,25 +10,41 @@ distributed under the License is distributed on an "AS IS" BASIS,
|
|||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package template
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/external-secrets/external-secrets-e2e/framework"
|
||||
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
|
||||
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
|
||||
"github.com/external-secrets/external-secrets/pkg/provider/testing/fake"
|
||||
"github.com/onsi/gomega"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
|
||||
// nolint
|
||||
. "github.com/onsi/ginkgo/v2"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
|
||||
"github.com/external-secrets/external-secrets-e2e/framework"
|
||||
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
|
||||
)
|
||||
|
||||
var _ = Describe("[template]", Label("template"), func() {
|
||||
f := framework.New("eso-template")
|
||||
f := framework.New("templating")
|
||||
prov := newProvider(f)
|
||||
fakeSecretClient := fake.New()
|
||||
|
||||
DescribeTable("sync secrets", framework.TableFunc(f, prov),
|
||||
framework.Compose("template v1", f, genericTemplate, useTemplateV1),
|
||||
framework.Compose("template v2", f, genericTemplate, useTemplateV2),
|
||||
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
|
||||
framework.Compose("template v1", f, genericExternalSecretTemplate, useTemplateV1),
|
||||
framework.Compose("template v2", f, genericExternalSecretTemplate, useTemplateV2),
|
||||
)
|
||||
|
||||
DescribeTable("push secret", framework.TableFuncWithPushSecret(f, prov, fakeSecretClient),
|
||||
framework.Compose("template", f, genericPushSecretTemplate, useTemplateWithPushSecret),
|
||||
)
|
||||
})
|
||||
|
||||
|
@ -67,7 +83,7 @@ func useTemplateV2(tc *framework.TestCase) {
|
|||
}
|
||||
|
||||
// This case uses template engine v1.
|
||||
func genericTemplate(f *framework.Framework) (string, func(*framework.TestCase)) {
|
||||
func genericExternalSecretTemplate(f *framework.Framework) (string, func(*framework.TestCase)) {
|
||||
return "[template] should execute template v1", func(tc *framework.TestCase) {
|
||||
tc.ExpectedSecret = &v1.Secret{
|
||||
Type: v1.SecretTypeOpaque,
|
||||
|
@ -101,3 +117,108 @@ func genericTemplate(f *framework.Framework) (string, func(*framework.TestCase))
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
// This case uses template engine v1.
|
||||
func genericPushSecretTemplate(f *framework.Framework) (string, func(*framework.TestCase)) {
|
||||
return "[template] should execute template v1", func(tc *framework.TestCase) {
|
||||
secretKey1 := fmt.Sprintf("%s-%s", f.Namespace.Name, "one")
|
||||
tc.PushSecretSource = &v1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: secretKey1,
|
||||
Namespace: f.Namespace.Name,
|
||||
},
|
||||
Data: map[string][]byte{
|
||||
"singlefoo": []byte("bar"),
|
||||
},
|
||||
Type: v1.SecretTypeOpaque,
|
||||
}
|
||||
tc.PushSecret.Spec.Selector = esv1alpha1.PushSecretSelector{
|
||||
Secret: esv1alpha1.PushSecretSecret{
|
||||
Name: secretKey1,
|
||||
},
|
||||
}
|
||||
tc.PushSecret.Spec.Data = []esv1alpha1.PushSecretData{
|
||||
{
|
||||
Match: esv1alpha1.PushSecretMatch{
|
||||
SecretKey: "singlefoo",
|
||||
RemoteRef: esv1alpha1.PushSecretRemoteRef{
|
||||
RemoteKey: "key",
|
||||
Property: "singlefoo",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
tc.VerifyPushSecretOutcome = func(sourcePs *esv1alpha1.PushSecret, pushClient esv1beta1.SecretsClient) {
|
||||
gomega.Eventually(func() bool {
|
||||
s := &esv1alpha1.PushSecret{}
|
||||
err := tc.Framework.CRClient.Get(context.Background(), types.NamespacedName{Name: tc.PushSecret.Name, Namespace: tc.PushSecret.Namespace}, s)
|
||||
gomega.Expect(err).ToNot(gomega.HaveOccurred())
|
||||
for i := range s.Status.Conditions {
|
||||
c := s.Status.Conditions[i]
|
||||
if c.Type == esv1alpha1.PushSecretReady && c.Status == v1.ConditionTrue {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}, time.Minute*1, time.Second*5).Should(gomega.BeTrue())
|
||||
|
||||
// create an external secret that fetches the created remote secret
|
||||
// and check the value
|
||||
exampleOutput := "example-output"
|
||||
es := &esv1beta1.ExternalSecret{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "e2e-es",
|
||||
Namespace: f.Namespace.Name,
|
||||
},
|
||||
Spec: esv1beta1.ExternalSecretSpec{
|
||||
RefreshInterval: &metav1.Duration{Duration: time.Second * 5},
|
||||
SecretStoreRef: esv1beta1.SecretStoreRef{
|
||||
Name: f.Namespace.Name,
|
||||
},
|
||||
Target: esv1beta1.ExternalSecretTarget{
|
||||
Name: exampleOutput,
|
||||
},
|
||||
Data: []esv1beta1.ExternalSecretData{
|
||||
{
|
||||
SecretKey: exampleOutput,
|
||||
RemoteRef: esv1beta1.ExternalSecretDataRemoteRef{
|
||||
Key: "key",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
err := tc.Framework.CRClient.Create(context.Background(), es)
|
||||
gomega.Expect(err).ToNot(gomega.HaveOccurred())
|
||||
|
||||
outputSecret := &v1.Secret{}
|
||||
err = wait.PollImmediate(time.Second*5, time.Second*15, func() (bool, error) {
|
||||
err := f.CRClient.Get(context.Background(), types.NamespacedName{
|
||||
Namespace: f.Namespace.Name,
|
||||
Name: exampleOutput,
|
||||
}, outputSecret)
|
||||
if apierrors.IsNotFound(err) {
|
||||
return false, nil
|
||||
}
|
||||
return true, nil
|
||||
})
|
||||
gomega.Expect(err).ToNot(gomega.HaveOccurred())
|
||||
|
||||
v, ok := outputSecret.Data[exampleOutput]
|
||||
gomega.Expect(ok).To(gomega.BeTrue())
|
||||
gomega.Expect(string(v)).To(gomega.Equal("executed: BAR"))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// useTemplateWithPushSecret specifies a test case which uses the template engine v1.
|
||||
func useTemplateWithPushSecret(tc *framework.TestCase) {
|
||||
tc.PushSecret.Spec.Template = &esv1beta1.ExternalSecretTemplate{
|
||||
EngineVersion: esv1beta1.TemplateEngineV2,
|
||||
Data: map[string]string{
|
||||
"singlefoo": "executed: {{ .singlefoo | upper }}",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package vault
|
||||
|
||||
import (
|
||||
|
|
|
@ -15,10 +15,11 @@ package vault
|
|||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"time"
|
||||
|
||||
// nolint
|
||||
. "github.com/onsi/ginkgo/v2"
|
||||
|
@ -48,7 +49,7 @@ var _ = Describe("[vault]", Label("vault"), func() {
|
|||
prov := newVaultProvider(f)
|
||||
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f, prov),
|
||||
framework.TableFuncWithExternalSecret(f, prov),
|
||||
// uses token auth
|
||||
framework.Compose(withTokenAuth, f, common.FindByName, useTokenAuth),
|
||||
framework.Compose(withTokenAuth, f, common.FindByNameAndRewrite, useTokenAuth),
|
||||
|
@ -127,7 +128,7 @@ var _ = Describe("[vault] with mTLS", Label("vault", "vault-mtls"), func() {
|
|||
prov := newVaultProvider(f)
|
||||
|
||||
DescribeTable("sync secrets",
|
||||
framework.TableFunc(f, prov),
|
||||
framework.TableFuncWithExternalSecret(f, prov),
|
||||
// uses token auth
|
||||
framework.Compose(withTokenAuthAndMTLS, f, common.FindByName, useMTLSAndTokenAuth),
|
||||
// use referent auth
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package e2e
|
||||
|
||||
import (
|
||||
|
|
1
main.go
1
main.go
|
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
import "github.com/external-secrets/external-secrets/cmd"
|
||||
|
|
1
pkg/cache/cache_test.go
vendored
1
pkg/cache/cache_test.go
vendored
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package cache
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package constants
|
||||
|
||||
const (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package crds
|
||||
|
||||
import (
|
||||
|
|
|
@ -58,12 +58,7 @@ const (
|
|||
errInvalidKeys = "secret keys from spec.dataFrom.%v[%d] can only have alphanumeric,'-', '_' or '.' characters. Convert them using rewrite (https://external-secrets.io/latest/guides-datafrom-rewrite)"
|
||||
errUpdateSecret = "could not update Secret"
|
||||
errPatchStatus = "unable to patch status"
|
||||
errStoreRef = "could not get store reference"
|
||||
errStoreUsability = "could not use store reference"
|
||||
errStoreProvider = "could not get store provider"
|
||||
errStoreClient = "could not get provider client"
|
||||
errGetExistingSecret = "could not get existing secret: %w"
|
||||
errCloseStoreClient = "could not close provider client"
|
||||
errSetCtrlReference = "could not set ExternalSecret controller reference: %w"
|
||||
errFetchTplFrom = "error fetching templateFrom data: %w"
|
||||
errGetSecretData = "could not get secret data from provider"
|
||||
|
@ -75,8 +70,6 @@ const (
|
|||
errPolicyMergeGetSecret = "unable to get secret %s: %w"
|
||||
errPolicyMergeMutate = "unable to mutate secret %s: %w"
|
||||
errPolicyMergePatch = "unable to patch secret %s: %w"
|
||||
errTplCMMissingKey = "error in configmap %s: missing key %s"
|
||||
errTplSecMissingKey = "error in secret %s: missing key %s"
|
||||
)
|
||||
|
||||
// Reconciler reconciles a ExternalSecret object.
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package externalsecret
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package externalsecret
|
||||
|
||||
import (
|
||||
|
@ -18,7 +19,7 @@ import (
|
|||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
|
||||
esmetrics "github.com/external-secrets/external-secrets/pkg/controllers/externalsecret/esmetrics"
|
||||
"github.com/external-secrets/external-secrets/pkg/controllers/externalsecret/esmetrics"
|
||||
)
|
||||
|
||||
// NewExternalSecretCondition a set of default options for creating an External Secret Condition.
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package externalsecret
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package secretstore
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package secretstore
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package webhookconfig
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package feature
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package akeyless
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package akeyless
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package auth
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package auth
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package auth
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package auth
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package parameterstore
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package parameterstore
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package conjur
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package conjur
|
||||
|
||||
import (
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
// Package conjur provides a Conjur provider for External Secrets.
|
||||
/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
|
@ -12,6 +11,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Package conjur provides a Conjur provider for External Secrets.
|
||||
package conjur
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package util
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package delinea
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package delinea
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package delinea
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package delinea
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
|
|
|
@ -122,10 +122,12 @@ func (p *Provider) PushSecret(_ context.Context, secret *corev1.Secret, data esv
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
if currentData.Origin != FakeSetSecret {
|
||||
return fmt.Errorf("key already exists")
|
||||
}
|
||||
currentData.Value = string(value)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package secretmanager
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package secretmanager
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package secretmanager
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package secretmanager
|
||||
|
||||
import (
|
||||
|
|
|
@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package secretmanager
|
||||
|
||||
import (
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue