feat: add push secret to e2e tests

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
external-secrets · Jan 20, 2024 · 76dbf6a · 76dbf6a
1 parent 21191dc
commit 76dbf6a
Show file tree

Hide file tree

Showing 170 changed files with 354 additions and 76 deletions.
diff --git a/apis/externalsecrets/v1beta1/externalsecret_validator.go b/apis/externalsecrets/v1beta1/externalsecret_validator.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package v1beta1
 
 import (

diff --git a/apis/externalsecrets/v1beta1/externalsecret_validator_test.go b/apis/externalsecrets/v1beta1/externalsecret_validator_test.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package v1beta1
 
 import (

diff --git a/apis/externalsecrets/v1beta1/provider_schema_test.go b/apis/externalsecrets/v1beta1/provider_schema_test.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package v1beta1
 
 import (

diff --git a/cmd/certcontroller.go b/cmd/certcontroller.go
@@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package cmd
 
 import (

diff --git a/cmd/root.go b/cmd/root.go
@@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package cmd
 
 import (

diff --git a/cmd/webhook.go b/cmd/webhook.go
@@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package cmd
 
 import (

diff --git a/e2e/framework/addon/addon.go b/e2e/framework/addon/addon.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package addon
 
 import (

diff --git a/e2e/framework/addon/chart.go b/e2e/framework/addon/chart.go
@@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package addon
 
 import (

diff --git a/e2e/framework/addon/eso.go b/e2e/framework/addon/eso.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package addon
 
 import (

diff --git a/e2e/framework/addon/eso_argocd_application.go b/e2e/framework/addon/eso_argocd_application.go
@@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package addon
 
 import (

diff --git a/e2e/framework/addon/eso_flux_helm.go b/e2e/framework/addon/eso_flux_helm.go
@@ -10,6 +10,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package addon
 
 import (

diff --git a/e2e/framework/addon/helmserver.go b/e2e/framework/addon/helmserver.go
@@ -10,6 +10,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package addon
 
 import (

diff --git a/e2e/framework/addon/uninstall_eso_crds.go b/e2e/framework/addon/uninstall_eso_crds.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package addon
 
 import (

diff --git a/e2e/framework/addon/vault.go b/e2e/framework/addon/vault.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package addon
 
 import (
@@ -33,7 +34,7 @@ import (
 	vault "github.com/hashicorp/vault/api"
 
 	// nolint
-	ginkgo "github.com/onsi/ginkgo/v2"
+	"github.com/onsi/ginkgo/v2"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 

diff --git a/e2e/framework/framework.go b/e2e/framework/framework.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package framework
 
 import (

diff --git a/e2e/framework/log/log.go b/e2e/framework/log/log.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package log
 
 import (

diff --git a/e2e/framework/testcase.go b/e2e/framework/testcase.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package framework
 
 import (
@@ -34,6 +35,7 @@ type TestCase struct {
 	Framework              *Framework
 	ExternalSecret         *esv1beta1.ExternalSecret
 	ExternalSecretV1Alpha1 *esv1alpha1.ExternalSecret
+	PushSecret             *esv1alpha1.PushSecret
 	AdditionalObjects      []client.Object
 	Secrets                map[string]SecretEntry
 	ExpectedSecret         *v1.Secret
@@ -52,64 +54,137 @@ type SecretStoreProvider interface {
 	DeleteSecret(key string)
 }
 
-// TableFunc returns the main func that runs a TestCase in a table driven test.
-func TableFunc(f *Framework, prov SecretStoreProvider) func(...func(*TestCase)) {
+// TableFuncWithExternalSecret returns the main func that runs a TestCase in a table driven test.
+func TableFuncWithExternalSecret(f *Framework, prov SecretStoreProvider) func(...func(*TestCase)) {
+	return func(tweaks ...func(*TestCase)) {
+		// make default test case
+		// and apply customization to it
+		tc := makeDefaultExternalSecretTestCase(f)
+		for _, tweak := range tweaks {
+			tweak(tc)
+		}
+
+		// create secrets & defer delete
+		var deferRemoveKeys []string
+		for k, v := range tc.Secrets {
+			key := k
+			prov.CreateSecret(key, v)
+			deferRemoveKeys = append(deferRemoveKeys, key)
+		}
+
+		defer func() {
+			for _, k := range deferRemoveKeys {
+				prov.DeleteSecret(k)
+			}
+		}()
+
+		// create v1alpha1 external secret, if provided
+		createProvidedExternalSecret(tc)
+
+		// create additional objects
+		generateAdditionalObjects(tc)
+
+		// in case target name is empty
+		if tc.ExternalSecret != nil && tc.ExternalSecret.Spec.Target.Name == "" {
+			TargetSecretName = tc.ExternalSecret.ObjectMeta.Name
+		}
+
+		// wait for Kind=Secret to have the expected data
+		executeAfterSync(tc, f, prov)
+	}
+}
+
+func executeAfterSync(tc *TestCase, f *Framework, prov SecretStoreProvider) {
+	if tc.ExpectedSecret != nil {
+		secret, err := tc.Framework.WaitForSecretValue(tc.Framework.Namespace.Name, TargetSecretName, tc.ExpectedSecret)
+		if err != nil {
+			f.printESDebugLogs(tc.ExternalSecret.Name, tc.ExternalSecret.Namespace)
+			log.Logf("Did not match. Expected: %+v, Got: %+v", tc.ExpectedSecret, secret)
+		}
+
+		Expect(err).ToNot(HaveOccurred())
+		tc.AfterSync(prov, secret)
+	} else {
+		tc.AfterSync(prov, nil)
+	}
+}
+
+func generateAdditionalObjects(tc *TestCase) {
+	if tc.AdditionalObjects != nil {
+		for _, obj := range tc.AdditionalObjects {
+			err := tc.Framework.CRClient.Create(context.Background(), obj)
+			Expect(err).ToNot(HaveOccurred())
+		}
+	}
+}
+
+func createProvidedExternalSecret(tc *TestCase) {
+	if tc.ExternalSecretV1Alpha1 != nil {
+		err := tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecretV1Alpha1)
+		Expect(err).ToNot(HaveOccurred())
+	} else if tc.ExternalSecret != nil {
+		// create v1beta1 external secret otherwise
+		err := tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecret)
+		Expect(err).ToNot(HaveOccurred())
+	}
+}
+
+// TableFuncWithPushSecret returns the main func that runs a TestCase in a table driven test for push secrets.
+func TableFuncWithPushSecret(f *Framework, prov SecretStoreProvider, pushClient esv1beta1.SecretsClient) func(...func(*TestCase)) {
 	return func(tweaks ...func(*TestCase)) {
 		var err error
 
 		// make default test case
 		// and apply customization to it
-		tc := makeDefaultTestCase(f)
+		tc := makeDefaultPushSecretTestCase(f)
 		for _, tweak := range tweaks {
 			tweak(tc)
 		}
 
 		// create secrets & defer delete
+		var deferRemoveKeys []string
 		for k, v := range tc.Secrets {
 			key := k
 			prov.CreateSecret(key, v)
-			defer func() {
-				prov.DeleteSecret(key)
-			}()
+			deferRemoveKeys = append(deferRemoveKeys, key)
 		}
 
+		defer func() {
+			for _, k := range deferRemoveKeys {
+				prov.DeleteSecret(k)
+			}
+		}()
+
 		// create v1alpha1 external secret, if provided
-		if tc.ExternalSecretV1Alpha1 != nil {
-			err = tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecretV1Alpha1)
-			Expect(err).ToNot(HaveOccurred())
-		} else if tc.ExternalSecret != nil {
+
+		if tc.PushSecret != nil {
 			// create v1beta1 external secret otherwise
-			err = tc.Framework.CRClient.Create(context.Background(), tc.ExternalSecret)
+			err = tc.Framework.CRClient.Create(context.Background(), tc.PushSecret)
 			Expect(err).ToNot(HaveOccurred())
 		}
+
 		if tc.AdditionalObjects != nil {
 			for _, obj := range tc.AdditionalObjects {
 				err = tc.Framework.CRClient.Create(context.Background(), obj)
 				Expect(err).ToNot(HaveOccurred())
 			}
 		}
-		// in case target name is empty
-		if tc.ExternalSecret != nil && tc.ExternalSecret.Spec.Target.Name == "" {
-			TargetSecretName = tc.ExternalSecret.ObjectMeta.Name
-		}
-
-		// wait for Kind=Secret to have the expected data
-		if tc.ExpectedSecret != nil {
-			secret, err := tc.Framework.WaitForSecretValue(tc.Framework.Namespace.Name, TargetSecretName, tc.ExpectedSecret)
-			if err != nil {
-				f.printESDebugLogs(tc.ExternalSecret.Name, tc.ExternalSecret.Namespace)
-				log.Logf("Did not match. Expected: %+v, Got: %+v", tc.ExpectedSecret, secret)
-			}
 
-			Expect(err).ToNot(HaveOccurred())
-			tc.AfterSync(prov, secret)
-		} else {
-			tc.AfterSync(prov, nil)
-		}
+		// Run verification?
+		//ps := &esv1alpha1.PushSecret{}
+		//err = f.CRClient.Get(context.Background(), types.NamespacedName{
+		//	Namespace: tc.PushSecret.Name,
+		//	Name:      tc.PushSecret.Namespace,
+		//}, ps)
+		//
+		//Expect(err).ToNot(HaveOccurred())
+		//
+		//// should verify status of the push secret
+		//tc.AfterPush(nil, ps, pushClient)
 	}
 }
 
-func makeDefaultTestCase(f *Framework) *TestCase {
+func makeDefaultExternalSecretTestCase(f *Framework) *TestCase {
 	return &TestCase{
 		AfterSync: func(ssp SecretStoreProvider, s *v1.Secret) {},
 		Framework: f,
@@ -130,3 +205,24 @@ func makeDefaultTestCase(f *Framework) *TestCase {
 		},
 	}
 }
+
+func makeDefaultPushSecretTestCase(f *Framework) *TestCase {
+	return &TestCase{
+		AfterSync: func(ssp SecretStoreProvider, s *v1.Secret) {},
+		Framework: f,
+		PushSecret: &esv1alpha1.PushSecret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "e2e-ps",
+				Namespace: f.Namespace.Name,
+			},
+			Spec: esv1alpha1.PushSecretSpec{
+				RefreshInterval: &metav1.Duration{Duration: time.Second * 5},
+				SecretStoreRefs: []esv1alpha1.PushSecretStoreRef{
+					{
+						Name: f.Namespace.Name,
+					},
+				},
+			},
+		},
+	}
+}
diff --git a/e2e/framework/util/util.go b/e2e/framework/util/util.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package util
 
 import (

diff --git a/e2e/suites/argocd/argocd.go b/e2e/suites/argocd/argocd.go
@@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package argocd
 
 import (
@@ -28,7 +29,7 @@ var _ = Describe("argocd", Label("argocd"), func() {
 	f := framework.New("argocd")
 	prov := fake.NewProvider(f)
 
-	DescribeTable("sync secrets", framework.TableFunc(f, prov),
+	DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, prov),
 		Entry(common.SimpleDataSync(f)),
 		Entry(common.JSONDataFromSync(f)),
 		Entry(common.SSHKeySync(f)),

diff --git a/e2e/suites/argocd/install.go b/e2e/suites/argocd/install.go
@@ -12,6 +12,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package argocd
 
 import (

diff --git a/e2e/suites/argocd/suite_test.go b/e2e/suites/argocd/suite_test.go
@@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+
 package argocd
 
 import (