-
Notifications
You must be signed in to change notification settings - Fork 2
/
secret_test.go
127 lines (122 loc) · 3.23 KB
/
secret_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package main
import (
"context"
"reflect"
"testing"
v1 "k8s.io/api/core/v1"
metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes/fake"
)
func Test_getSecret(t *testing.T) {
allowedNamespacesSecretAnnotation = "argocd.voodoobox.plugin.io/allowed-namespaces"
kubeClient = fake.NewSimpleClientset(
&v1.Secret{
ObjectMeta: metaV1.ObjectMeta{
Name: "argocd-strongbox-secret",
Namespace: "bar",
},
},
&v1.Secret{
ObjectMeta: metaV1.ObjectMeta{
Name: "strongbox-secret",
Namespace: "foo",
Annotations: map[string]string{
"argocd.voodoobox.plugin.io/allowed-namespaces": "bar,baz",
},
},
Data: map[string][]byte{
".strongbox_keyring": []byte(`keyentries:
- description: foo-key
key-id: xxxxxxxxx
key: xxxxxxxxx`),
},
},
&v1.Secret{
ObjectMeta: metaV1.ObjectMeta{
Name: "strongbox-secret",
Namespace: "baz",
},
},
&v1.Secret{
ObjectMeta: metaV1.ObjectMeta{
Name: "strongbox-secret",
Namespace: "enc-bar",
},
Data: map[string][]byte{
".secret-file": []byte(`# STRONGBOX ENCRYPTED RESOURCE ; See https://github.com/uw-labs/strongbox
xxxxxxxxx`),
"secret2": []byte("unencrypted data"),
},
},
)
type args struct {
destNamespace string
secret secretInfo
}
tests := []struct {
name string
args args
want *v1.Secret
wantErr bool
}{
{
"no secret ns",
args{destNamespace: "bar", secret: secretInfo{name: "argocd-strongbox-secret", namespace: ""}},
&v1.Secret{ObjectMeta: metaV1.ObjectMeta{Name: "argocd-strongbox-secret", Namespace: "bar"}},
false,
},
{
"secret ns same as destination ns",
args{destNamespace: "bar", secret: secretInfo{name: "argocd-strongbox-secret", namespace: "bar"}},
&v1.Secret{ObjectMeta: metaV1.ObjectMeta{Name: "argocd-strongbox-secret", Namespace: "bar"}},
false,
},
{
"secret ns different from destination ns (with annotation)",
args{destNamespace: "bar", secret: secretInfo{name: "strongbox-secret", namespace: "foo"}},
&v1.Secret{
ObjectMeta: metaV1.ObjectMeta{
Name: "strongbox-secret", Namespace: "foo",
Annotations: map[string]string{"argocd.voodoobox.plugin.io/allowed-namespaces": "bar,baz"},
},
Data: map[string][]byte{
".strongbox_keyring": []byte(`keyentries:
- description: foo-key
key-id: xxxxxxxxx
key: xxxxxxxxx`),
},
},
false,
},
{
"secret ns different from destination ns (without annotation)",
args{destNamespace: "bar", secret: secretInfo{name: "strongbox-secret", namespace: "baz"}},
nil,
true,
},
{
"sec ns missing secret",
args{destNamespace: "bar", secret: secretInfo{name: "strongbox-secret", namespace: "bazz"}},
nil,
true,
},
{
"secret is encrypted",
args{destNamespace: "enc-bar", secret: secretInfo{name: "strongbox-secret", namespace: "enc-bar"}},
nil,
true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := secret(context.Background(), tt.args.destNamespace, tt.args.secret)
if (err != nil) != tt.wantErr {
t.Errorf("getSecret() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("getSecret() = %v, want %v", got, tt.want)
}
})
}
}