1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

feat: add push secret to e2e tests (#3017)

* feat: add push secret to e2e tests

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* finally, a fully working example for an e2e flow with push secret

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

* fix value field duplication issue

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

---------

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
This commit is contained in:
Gergely Brautigam 2024-02-12 16:44:45 +01:00 committed by GitHub
parent c00d90dec8
commit e726087851
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
168 changed files with 424 additions and 89 deletions

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (

View file

@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (

View file

@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (

View file

@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package addon
import (

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package addon
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package addon
import (

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package addon
import (

View file

@ -10,6 +10,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package addon
import (

View file

@ -10,6 +10,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package addon
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package addon
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package addon
import (
@ -33,7 +34,7 @@ import (
vault "github.com/hashicorp/vault/api"
// nolint
ginkgo "github.com/onsi/ginkgo/v2"
"github.com/onsi/ginkgo/v2"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package framework
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package log
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package framework
import (
@ -34,10 +35,13 @@ type TestCase struct {
Framework *Framework
ExternalSecret *esv1beta1.ExternalSecret
ExternalSecretV1Alpha1 *esv1alpha1.ExternalSecret
PushSecret *esv1alpha1.PushSecret
PushSecretSource *v1.Secret
AdditionalObjects []client.Object
Secrets map[string]SecretEntry
ExpectedSecret *v1.Secret
AfterSync func(SecretStoreProvider, *v1.Secret)
VerifyPushSecretOutcome func(ps *esv1alpha1.PushSecret, pushClient esv1beta1.SecretsClient)
}
type SecretEntry struct {
@ -52,48 +56,47 @@ type SecretStoreProvider interface {
DeleteSecret(key string)
}
// TableFunc returns the main func that runs a TestCase in a table driven test.
func TableFunc(f *Framework, prov SecretStoreProvider) func(...func(*TestCase)) {
// TableFuncWithExternalSecret returns the main func that runs a TestCase in a table driven test.
func TableFuncWithExternalSecret(f *Framework, prov SecretStoreProvider) func(...func(*TestCase)) {
return func(tweaks ...func(*TestCase)) {
var err error
// make default test case
// and apply customization to it
tc := makeDefaultTestCase(f)
tc := makeDefaultExternalSecretTestCase(f)
for _, tweak := range tweaks {
tweak(tc)
}
// create secrets & defer delete
var deferRemoveKeys []string
for k, v := range tc.Secrets {
key := k
prov.CreateSecret(key, v)
defer func() {
prov.DeleteSecret(key)
}()
deferRemoveKeys = append(deferRemoveKeys, key)
}
defer func() {
for _, k := range deferRemoveKeys {
prov.DeleteSecret(k)
}
}()
// create v1alpha1 external secret, if provided
if tc.ExternalSecretV1Alpha1 != nil {
err = tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecretV1Alpha1)
Expect(err).ToNot(HaveOccurred())
} else if tc.ExternalSecret != nil {
// create v1beta1 external secret otherwise
err = tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecret)
Expect(err).ToNot(HaveOccurred())
}
if tc.AdditionalObjects != nil {
for _, obj := range tc.AdditionalObjects {
err = tc.Framework.CRClient.Create(context.Background(), obj)
Expect(err).ToNot(HaveOccurred())
}
}
createProvidedExternalSecret(tc)
// create additional objects
generateAdditionalObjects(tc)
// in case target name is empty
if tc.ExternalSecret != nil && tc.ExternalSecret.Spec.Target.Name == "" {
TargetSecretName = tc.ExternalSecret.ObjectMeta.Name
}
// wait for Kind=Secret to have the expected data
executeAfterSync(tc, f, prov)
}
}
func executeAfterSync(tc *TestCase, f *Framework, prov SecretStoreProvider) {
if tc.ExpectedSecret != nil {
secret, err := tc.Framework.WaitForSecretValue(tc.Framework.Namespace.Name, TargetSecretName, tc.ExpectedSecret)
if err != nil {
@ -106,10 +109,61 @@ func TableFunc(f *Framework, prov SecretStoreProvider) func(...func(*TestCase))
} else {
tc.AfterSync(prov, nil)
}
}
func generateAdditionalObjects(tc *TestCase) {
if tc.AdditionalObjects != nil {
for _, obj := range tc.AdditionalObjects {
err := tc.Framework.CRClient.Create(context.Background(), obj)
Expect(err).ToNot(HaveOccurred())
}
}
}
func makeDefaultTestCase(f *Framework) *TestCase {
func createProvidedExternalSecret(tc *TestCase) {
if tc.ExternalSecretV1Alpha1 != nil {
err := tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecretV1Alpha1)
Expect(err).ToNot(HaveOccurred())
} else if tc.ExternalSecret != nil {
// create v1beta1 external secret otherwise
err := tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecret)
Expect(err).ToNot(HaveOccurred())
}
}
// TableFuncWithPushSecret returns the main func that runs a TestCase in a table driven test for push secrets.
func TableFuncWithPushSecret(f *Framework, prov SecretStoreProvider, pushClient esv1beta1.SecretsClient) func(...func(*TestCase)) {
return func(tweaks ...func(*TestCase)) {
var err error
// make default test case
// and apply customization to it
tc := makeDefaultPushSecretTestCase(f)
for _, tweak := range tweaks {
tweak(tc)
}
if tc.PushSecretSource != nil {
err := tc.Framework.CRClient.Create(context.Background(), tc.PushSecretSource)
Expect(err).ToNot(HaveOccurred())
}
// create v1alpha1 push secret, if provided
if tc.PushSecret != nil {
// create v1beta1 external secret otherwise
err = tc.Framework.CRClient.Create(context.Background(), tc.PushSecret)
Expect(err).ToNot(HaveOccurred())
}
// additional objects
generateAdditionalObjects(tc)
// Run verification on the secret that push secret created or not.
tc.VerifyPushSecretOutcome(tc.PushSecret, pushClient)
}
}
func makeDefaultExternalSecretTestCase(f *Framework) *TestCase {
return &TestCase{
AfterSync: func(ssp SecretStoreProvider, s *v1.Secret) {},
Framework: f,
@ -130,3 +184,23 @@ func makeDefaultTestCase(f *Framework) *TestCase {
},
}
}
func makeDefaultPushSecretTestCase(f *Framework) *TestCase {
return &TestCase{
Framework: f,
PushSecret: &esv1alpha1.PushSecret{
ObjectMeta: metav1.ObjectMeta{
Name: "e2e-ps",
Namespace: f.Namespace.Name,
},
Spec: esv1alpha1.PushSecretSpec{
RefreshInterval: &metav1.Duration{Duration: time.Second * 5},
SecretStoreRefs: []esv1alpha1.PushSecretStoreRef{
{
Name: f.Namespace.Name,
},
},
},
},
}
}

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package util
import (

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package argocd
import (
@ -28,7 +29,7 @@ var _ = Describe("argocd", Label("argocd"), func() {
f := framework.New("argocd")
prov := fake.NewProvider(f)
DescribeTable("sync secrets", framework.TableFunc(f, prov),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
Entry(common.SimpleDataSync(f)),
Entry(common.JSONDataFromSync(f)),
Entry(common.SSHKeySync(f)),

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package argocd
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package argocd
import (

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package flux
import (
@ -28,7 +29,7 @@ var _ = Describe("flux", Label("flux"), func() {
f := framework.New("flux")
prov := fake.NewProvider(f)
DescribeTable("sync secrets", framework.TableFunc(f, prov),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
Entry(common.SimpleDataSync(f)),
Entry(common.JSONDataFromSync(f)),
Entry(common.SSHKeySync(f)),

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package flux
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package flux
import (

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package generator
import (

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package generator
import (

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package generator
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package generator
import (

View file

@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package generator
import (

View file

@ -27,7 +27,7 @@ var _ = Describe("[akeyless]", Label("akeyless"), func() {
f := framework.New("eso-akeyless")
prov := newFromEnv(f)
DescribeTable("sync secrets", framework.TableFunc(f, prov),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
Entry(common.SimpleDataSync(f)),
Entry(common.NestedJSONWithGJSON(f)),
Entry(common.JSONDataFromSync(f)),

View file

@ -27,7 +27,7 @@ var _ = Describe("[alibaba]", Label("alibaba"), func() {
f := framework.New("eso-alibaba")
prov := newFromEnv(f)
DescribeTable("sync secrets", framework.TableFunc(f, prov),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
Entry(common.SimpleDataSync(f)),
Entry(common.NestedJSONWithGJSON(f)),
Entry(common.JSONDataFromSync(f)),

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package common
import (

View file

@ -35,7 +35,7 @@ var _ = Describe("[aws] ", Label("aws", "parameterstore"), func() {
prov := NewFromEnv(f)
DescribeTable("sync secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
framework.Compose(withStaticAuth, f, common.SimpleDataSync, useStaticAuth),
framework.Compose(withStaticAuth, f, common.NestedJSONWithGJSON, useStaticAuth),

View file

@ -34,7 +34,7 @@ var _ = Describe("[awsmanaged] IRSA via referenced service account", Label("aws"
// nolint
DescribeTable("sync secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
framework.Compose(awscommon.WithReferencedIRSA, f, common.SimpleDataSync, awscommon.UseClusterSecretStore),
framework.Compose(awscommon.WithReferencedIRSA, f, common.NestedJSONWithGJSON, awscommon.UseClusterSecretStore),
@ -74,7 +74,7 @@ var _ = Describe("[awsmanaged] with mounted IRSA", Label("aws", "parameterstore"
// nolint
DescribeTable("sync secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
framework.Compose(awscommon.WithMountedIRSA, f, common.SimpleDataSync, awscommon.UseMountedIRSAStore),
framework.Compose(awscommon.WithMountedIRSA, f, common.NestedJSONWithGJSON, awscommon.UseMountedIRSAStore),

View file

@ -37,7 +37,7 @@ var _ = Describe("[aws] ", Label("aws", "secretsmanager"), func() {
prov := NewFromEnv(f)
DescribeTable("sync secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
framework.Compose(withStaticAuth, f, common.SimpleDataSync, useStaticAuth),
framework.Compose(withStaticAuth, f, common.NestedJSONWithGJSON, useStaticAuth),

View file

@ -34,7 +34,7 @@ var _ = Describe("[awsmanaged] IRSA via referenced service account", Label("aws"
// nolint
DescribeTable("sync secretsmanager secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
framework.Compose(awscommon.WithReferencedIRSA, f, common.SimpleDataSync, awscommon.UseClusterSecretStore),
framework.Compose(awscommon.WithReferencedIRSA, f, common.NestedJSONWithGJSON, awscommon.UseClusterSecretStore),
@ -74,7 +74,7 @@ var _ = Describe("[awsmanaged] with mounted IRSA", Label("aws", "secretsmanager"
// nolint
DescribeTable("sync secretsmanager secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
framework.Compose(awscommon.WithMountedIRSA, f, common.SimpleDataSync, awscommon.UseMountedIRSAStore),
framework.Compose(awscommon.WithMountedIRSA, f, common.NestedJSONWithGJSON, awscommon.UseMountedIRSAStore),

View file

@ -41,7 +41,7 @@ var _ = Describe("[azure]", Label("azure", "keyvault", "cert"), func() {
prov.DeleteCertificate(certName)
})
ff := framework.TableFunc(f, prov)
ff := framework.TableFuncWithExternalSecret(f, prov)
It("should sync keyvault objects with type=cert", func() {
ff(func(tc *framework.TestCase) {
secretKey := "azkv-cert"

View file

@ -42,7 +42,7 @@ var _ = Describe("[azure]", Label("azure", "keyvault", "key"), func() {
prov.DeleteKey(keyName)
})
ff := framework.TableFunc(f, prov)
ff := framework.TableFuncWithExternalSecret(f, prov)
It("should sync keyvault objects with type=key", func() {
ff(func(tc *framework.TestCase) {

View file

@ -49,7 +49,7 @@ var _ = Describe("[azuremanaged] with pod identity", Label("azure", "keyvault",
})
DescribeTable("sync secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
// uses pod id
framework.Compose(withPodID, f, common.SimpleDataSync, usePodIDESReference),

View file

@ -32,7 +32,7 @@ var _ = Describe("[azure]", Label("azure", "keyvault", "secret"), func() {
f := framework.New("eso-azure")
prov := newFromEnv(f)
DescribeTable("sync secrets", framework.TableFunc(f, prov),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
framework.Compose(withStaticCredentials, f, common.SimpleDataSync, useStaticCredentials),
framework.Compose(withStaticCredentials, f, common.NestedJSONWithGJSON, useStaticCredentials),
framework.Compose(withStaticCredentials, f, common.JSONDataFromSync, useStaticCredentials),

View file

@ -30,7 +30,7 @@ var _ = ginkgo.Describe("[delinea]", ginkgo.Label("delinea"), func() {
createResources(context.Background(), f, cfg)
})
ginkgo.DescribeTable("sync secrets", framework.TableFunc(f, provider),
ginkgo.DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, provider),
ginkgo.Entry(common.JSONDataWithProperty(f)),
ginkgo.Entry(common.JSONDataWithoutTargetName(f)),

View file

@ -11,12 +11,12 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (
"context"
"encoding/json"
// nolint
. "github.com/onsi/ginkgo/v2"

View file

@ -39,7 +39,7 @@ var _ = Describe("[gcp]", Label("gcp", "secretsmanager"), func() {
f := framework.New("eso-gcp")
prov := NewFromEnv(f, "")
DescribeTable("sync secrets", framework.TableFunc(f, prov),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
framework.Compose(withStaticAuth, f, common.SimpleDataSync, useStaticAuth),
framework.Compose(withStaticAuth, f, common.JSONDataWithProperty, useStaticAuth),
framework.Compose(withStaticAuth, f, common.JSONDataFromSync, useStaticAuth),

View file

@ -50,7 +50,7 @@ var _ = Describe("[gcpmanaged] with pod identity", Label("gcp", "secretsmanager"
})
DescribeTable("sync secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
// uses pod id
framework.Compose(withPodID, f, common.SimpleDataSync, usePodIDESReference),
@ -86,7 +86,7 @@ var _ = Describe("[gcpmanaged] with service account", Label("gcp", "secretsmanag
})
DescribeTable("sync secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
// uses specific sa
framework.Compose(withSpecifcSA, f, common.JSONDataFromSync, useSpecifcSAESReference(prov)),

View file

@ -30,7 +30,7 @@ var _ = Describe("[gitlab]", Label("gitlab"), func() {
f := framework.New("eso-gitlab")
prov := newFromEnv(f)
DescribeTable("sync secrets", framework.TableFunc(f, prov),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
Entry(common.SimpleDataSync(f)),
Entry(common.JSONDataWithProperty(f)),
Entry(common.JSONDataFromSync(f)),

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package gitlab
import (
@ -23,7 +24,7 @@ import (
// nolint
. "github.com/onsi/gomega"
gitlab "github.com/xanzy/go-gitlab"
"github.com/xanzy/go-gitlab"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package suite
import (

View file

@ -33,7 +33,7 @@ var _ = Describe("[kubernetes] ", Label("kubernetes"), func() {
prov := NewProvider(f)
DescribeTable("sync secrets",
framework.TableFunc(f,
framework.TableFuncWithExternalSecret(f,
prov),
Entry(common.JSONDataWithProperty(f)),
Entry(common.JSONDataWithoutTargetName(f)),

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package kubernetes
import (

View file

@ -25,7 +25,7 @@ var _ = Describe("[oracle]", Label("oracle"), func() {
f := framework.New("eso-oracle")
prov := newFromEnv(f)
DescribeTable("sync secrets", framework.TableFunc(f, prov),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
Entry(common.SimpleDataSync(f)),
Entry(common.NestedJSONWithGJSON(f)),
Entry(common.JSONDataFromSync(f)),

View file

@ -2,6 +2,8 @@ package scaleway
import (
"context"
"sync"
"github.com/external-secrets/external-secrets-e2e/framework"
"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
@ -10,7 +12,6 @@ import (
"github.com/onsi/gomega"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sync"
)
var cleanupOnce sync.Once
@ -37,7 +38,7 @@ var _ = ginkgo.Describe("[scaleway]", ginkgo.Label("scaleway"), func() {
createResources(context.Background(), f, cfg)
})
ginkgo.DescribeTable("sync secrets", framework.TableFunc(f, provider),
ginkgo.DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, provider),
//ginkgo.Entry(common.SyncV1Alpha1(f)), // not supported
ginkgo.Entry(common.SimpleDataSync(f)),

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package template
import (

View file

@ -10,25 +10,41 @@ distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
limitations under the License.
*/
package template
import (
"context"
"fmt"
"time"
"github.com/external-secrets/external-secrets-e2e/framework"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
"github.com/external-secrets/external-secrets/pkg/provider/testing/fake"
"github.com/onsi/gomega"
v1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait"
// nolint
. "github.com/onsi/ginkgo/v2"
v1 "k8s.io/api/core/v1"
"github.com/external-secrets/external-secrets-e2e/framework"
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
)
var _ = Describe("[template]", Label("template"), func() {
f := framework.New("eso-template")
f := framework.New("templating")
prov := newProvider(f)
fakeSecretClient := fake.New()
DescribeTable("sync secrets", framework.TableFunc(f, prov),
framework.Compose("template v1", f, genericTemplate, useTemplateV1),
framework.Compose("template v2", f, genericTemplate, useTemplateV2),
DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
framework.Compose("template v1", f, genericExternalSecretTemplate, useTemplateV1),
framework.Compose("template v2", f, genericExternalSecretTemplate, useTemplateV2),
)
DescribeTable("push secret", framework.TableFuncWithPushSecret(f, prov, fakeSecretClient),
framework.Compose("template", f, genericPushSecretTemplate, useTemplateWithPushSecret),
)
})
@ -67,7 +83,7 @@ func useTemplateV2(tc *framework.TestCase) {
}
// This case uses template engine v1.
func genericTemplate(f *framework.Framework) (string, func(*framework.TestCase)) {
func genericExternalSecretTemplate(f *framework.Framework) (string, func(*framework.TestCase)) {
return "[template] should execute template v1", func(tc *framework.TestCase) {
tc.ExpectedSecret = &v1.Secret{
Type: v1.SecretTypeOpaque,
@ -101,3 +117,108 @@ func genericTemplate(f *framework.Framework) (string, func(*framework.TestCase))
}
}
}
// This case uses template engine v1.
func genericPushSecretTemplate(f *framework.Framework) (string, func(*framework.TestCase)) {
return "[template] should execute template v1", func(tc *framework.TestCase) {
secretKey1 := fmt.Sprintf("%s-%s", f.Namespace.Name, "one")
tc.PushSecretSource = &v1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretKey1,
Namespace: f.Namespace.Name,
},
Data: map[string][]byte{
"singlefoo": []byte("bar"),
},
Type: v1.SecretTypeOpaque,
}
tc.PushSecret.Spec.Selector = esv1alpha1.PushSecretSelector{
Secret: esv1alpha1.PushSecretSecret{
Name: secretKey1,
},
}
tc.PushSecret.Spec.Data = []esv1alpha1.PushSecretData{
{
Match: esv1alpha1.PushSecretMatch{
SecretKey: "singlefoo",
RemoteRef: esv1alpha1.PushSecretRemoteRef{
RemoteKey: "key",
Property: "singlefoo",
},
},
},
}
tc.VerifyPushSecretOutcome = func(sourcePs *esv1alpha1.PushSecret, pushClient esv1beta1.SecretsClient) {
gomega.Eventually(func() bool {
s := &esv1alpha1.PushSecret{}
err := tc.Framework.CRClient.Get(context.Background(), types.NamespacedName{Name: tc.PushSecret.Name, Namespace: tc.PushSecret.Namespace}, s)
gomega.Expect(err).ToNot(gomega.HaveOccurred())
for i := range s.Status.Conditions {
c := s.Status.Conditions[i]
if c.Type == esv1alpha1.PushSecretReady && c.Status == v1.ConditionTrue {
return true
}
}
return false
}, time.Minute*1, time.Second*5).Should(gomega.BeTrue())
// create an external secret that fetches the created remote secret
// and check the value
exampleOutput := "example-output"
es := &esv1beta1.ExternalSecret{
ObjectMeta: metav1.ObjectMeta{
Name: "e2e-es",
Namespace: f.Namespace.Name,
},
Spec: esv1beta1.ExternalSecretSpec{
RefreshInterval: &metav1.Duration{Duration: time.Second * 5},
SecretStoreRef: esv1beta1.SecretStoreRef{
Name: f.Namespace.Name,
},
Target: esv1beta1.ExternalSecretTarget{
Name: exampleOutput,
},
Data: []esv1beta1.ExternalSecretData{
{
SecretKey: exampleOutput,
RemoteRef: esv1beta1.ExternalSecretDataRemoteRef{
Key: "key",
},
},
},
},
}
err := tc.Framework.CRClient.Create(context.Background(), es)
gomega.Expect(err).ToNot(gomega.HaveOccurred())
outputSecret := &v1.Secret{}
err = wait.PollImmediate(time.Second*5, time.Second*15, func() (bool, error) {
err := f.CRClient.Get(context.Background(), types.NamespacedName{
Namespace: f.Namespace.Name,
Name: exampleOutput,
}, outputSecret)
if apierrors.IsNotFound(err) {
return false, nil
}
return true, nil
})
gomega.Expect(err).ToNot(gomega.HaveOccurred())
v, ok := outputSecret.Data[exampleOutput]
gomega.Expect(ok).To(gomega.BeTrue())
gomega.Expect(string(v)).To(gomega.Equal("executed: BAR"))
}
}
}
// useTemplateWithPushSecret specifies a test case which uses the template engine v1.
func useTemplateWithPushSecret(tc *framework.TestCase) {
tc.PushSecret.Spec.Template = &esv1beta1.ExternalSecretTemplate{
EngineVersion: esv1beta1.TemplateEngineV2,
Data: map[string]string{
"singlefoo": "executed: {{ .singlefoo | upper }}",
},
}
}

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package vault
import (

View file

@ -15,10 +15,11 @@ package vault
import (
"context"
"fmt"
"time"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait"
"time"
// nolint
. "github.com/onsi/ginkgo/v2"
@ -48,7 +49,7 @@ var _ = Describe("[vault]", Label("vault"), func() {
prov := newVaultProvider(f)
DescribeTable("sync secrets",
framework.TableFunc(f, prov),
framework.TableFuncWithExternalSecret(f, prov),
// uses token auth
framework.Compose(withTokenAuth, f, common.FindByName, useTokenAuth),
framework.Compose(withTokenAuth, f, common.FindByNameAndRewrite, useTokenAuth),
@ -127,7 +128,7 @@ var _ = Describe("[vault] with mTLS", Label("vault", "vault-mtls"), func() {
prov := newVaultProvider(f)
DescribeTable("sync secrets",
framework.TableFunc(f, prov),
framework.TableFuncWithExternalSecret(f, prov),
// uses token auth
framework.Compose(withTokenAuthAndMTLS, f, common.FindByName, useMTLSAndTokenAuth),
// use referent auth

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package e2e
import (

View file

@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import "github.com/external-secrets/external-secrets/cmd"

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cache
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package constants
const (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package crds
import (

View file

@ -58,12 +58,7 @@ const (
errInvalidKeys = "secret keys from spec.dataFrom.%v[%d] can only have alphanumeric,'-', '_' or '.' characters. Convert them using rewrite (https://external-secrets.io/latest/guides-datafrom-rewrite)"
errUpdateSecret = "could not update Secret"
errPatchStatus = "unable to patch status"
errStoreRef = "could not get store reference"
errStoreUsability = "could not use store reference"
errStoreProvider = "could not get store provider"
errStoreClient = "could not get provider client"
errGetExistingSecret = "could not get existing secret: %w"
errCloseStoreClient = "could not close provider client"
errSetCtrlReference = "could not set ExternalSecret controller reference: %w"
errFetchTplFrom = "error fetching templateFrom data: %w"
errGetSecretData = "could not get secret data from provider"
@ -75,8 +70,6 @@ const (
errPolicyMergeGetSecret = "unable to get secret %s: %w"
errPolicyMergeMutate = "unable to mutate secret %s: %w"
errPolicyMergePatch = "unable to patch secret %s: %w"
errTplCMMissingKey = "error in configmap %s: missing key %s"
errTplSecMissingKey = "error in secret %s: missing key %s"
)
// Reconciler reconciles a ExternalSecret object.

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package externalsecret
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package externalsecret
import (
@ -18,7 +19,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
esmetrics "github.com/external-secrets/external-secrets/pkg/controllers/externalsecret/esmetrics"
"github.com/external-secrets/external-secrets/pkg/controllers/externalsecret/esmetrics"
)
// NewExternalSecretCondition a set of default options for creating an External Secret Condition.

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package externalsecret
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secretstore
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secretstore
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package webhookconfig
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package feature
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package akeyless
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package akeyless
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package auth
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package auth
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package auth
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package auth
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package parameterstore
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package parameterstore
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package util
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package util
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package util
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package conjur
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package conjur
import (

View file

@ -1,4 +1,3 @@
// Package conjur provides a Conjur provider for External Secrets.
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -12,6 +11,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package conjur provides a Conjur provider for External Secrets.
package conjur
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package util
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package delinea
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package delinea
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package delinea
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package delinea
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (

View file

@ -122,10 +122,12 @@ func (p *Provider) PushSecret(_ context.Context, secret *corev1.Secret, data esv
}
return nil
}
if currentData.Origin != FakeSetSecret {
return fmt.Errorf("key already exists")
}
currentData.Value = string(value)
return nil
}

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secretmanager
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secretmanager
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secretmanager
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fake
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secretmanager
import (

View file

@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secretmanager
import (

Some files were not shown because too many files have changed in this diff Show more