adding check for push secret changes and status update

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>
external-secrets · Jan 30, 2024 · ecc561f · ecc561f
1 parent 0bf7ca2
commit ecc561f
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 33 deletions.
diff --git a/e2e/framework/testcase.go b/e2e/framework/testcase.go
@@ -36,6 +36,7 @@ type TestCase struct {
 	ExternalSecret          *esv1beta1.ExternalSecret
 	ExternalSecretV1Alpha1  *esv1alpha1.ExternalSecret
 	PushSecret              *esv1alpha1.PushSecret
+	PushSecretSource        *v1.Secret
 	AdditionalObjects       []client.Object
 	Secrets                 map[string]SecretEntry
 	ExpectedSecret          *v1.Secret
@@ -142,20 +143,11 @@ func TableFuncWithPushSecret(f *Framework, prov SecretStoreProvider, pushClient
 			tweak(tc)
 		}
 
-		// create secrets & defer delete
-		var deferRemoveKeys []string
-		for k, v := range tc.Secrets {
-			key := k
-			prov.CreateSecret(key, v)
-			deferRemoveKeys = append(deferRemoveKeys, key)
+		if tc.PushSecretSource != nil {
+			err := tc.Framework.CRClient.Create(context.Background(), tc.PushSecretSource)
+			Expect(err).ToNot(HaveOccurred())
 		}
 
-		defer func() {
-			for _, k := range deferRemoveKeys {
-				prov.DeleteSecret(k)
-			}
-		}()
-
 		// create v1alpha1 push secret, if provided
 		if tc.PushSecret != nil {
 			// create v1beta1 external secret otherwise

diff --git a/e2e/suites/provider/cases/fake/provider.go b/e2e/suites/provider/cases/fake/provider.go
@@ -17,7 +17,6 @@ package fake
 import (
 	"context"
 	"encoding/json"
-
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 

diff --git a/e2e/suites/provider/cases/template/template.go b/e2e/suites/provider/cases/template/template.go
@@ -15,13 +15,17 @@ package template
 
 import (
 	"context"
+	"fmt"
+	"time"
 
 	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	"github.com/external-secrets/external-secrets/pkg/provider/testing/fake"
 	"github.com/onsi/gomega"
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
@@ -115,27 +119,47 @@ func genericExternalSecretTemplate(f *framework.Framework) (string, func(*framew
 // This case uses template engine v1.
 func genericPushSecretTemplate(f *framework.Framework) (string, func(*framework.TestCase)) {
 	return "[template] should execute template v1", func(tc *framework.TestCase) {
-		tc.ExpectedSecret = &v1.Secret{
+		secretKey1 := fmt.Sprintf("%s-%s", f.Namespace.Name, "one")
+		tc.PushSecretSource = &v1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      secretKey1,
+				Namespace: f.Namespace.Name,
+			},
+			Data: map[string][]byte{
+				"singlefoo": []byte("bar"),
+			},
 			Type: v1.SecretTypeOpaque,
 		}
+		tc.PushSecret.Spec.Selector = esv1alpha1.PushSecretSelector{
+			Secret: esv1alpha1.PushSecretSecret{
+				Name: secretKey1,
+			},
+		}
 		tc.PushSecret.Spec.Data = []esv1alpha1.PushSecretData{
 			{
 				Match: esv1alpha1.PushSecretMatch{
 					SecretKey: "singlefoo",
 					RemoteRef: esv1alpha1.PushSecretRemoteRef{
 						RemoteKey: "foo",
+						Property:  "singlefoo",
 					},
 				},
 			},
 		}
 		tc.VerifyPushSecretOutcome = func(sourcePs *esv1alpha1.PushSecret, pushClient esv1beta1.SecretsClient) {
-			gotPs, err := pushClient.GetSecret(context.Background(), esv1beta1.ExternalSecretDataRemoteRef{
-				Key:      sourcePs.Spec.Data[0].GetSecretKey(),
-				Property: sourcePs.Spec.Data[0].GetProperty(),
-			})
-			gomega.Expect(err).ToNot(gomega.HaveOccurred())
+			gomega.Eventually(func() bool {
+				s := &esv1alpha1.PushSecret{}
+				err := tc.Framework.CRClient.Get(context.Background(), types.NamespacedName{Name: tc.PushSecret.Name, Namespace: tc.PushSecret.Namespace}, s)
+				gomega.Expect(err).ToNot(gomega.HaveOccurred())
+				for i := range s.Status.Conditions {
+					c := s.Status.Conditions[i]
+					if c.Type == esv1alpha1.PushSecretReady && c.Status == v1.ConditionTrue {
+						return true
+					}
+				}
 
-			gomega.Expect(gotPs).To(gomega.BeEmpty())
+				return false
+			}, time.Minute*1, time.Second*5).Should(gomega.BeTrue())
 		}
 	}
 }
@@ -145,12 +169,7 @@ func useTemplateWithPushSecret(tc *framework.TestCase) {
 	tc.PushSecret.Spec.Template = &esv1beta1.ExternalSecretTemplate{
 		EngineVersion: esv1beta1.TemplateEngineV2,
 		Data: map[string]string{
-			"tplv1": "executed: {{ .singlefoo | toString }}|{{ .singlebaz | toString }}",
-			"other": `{{ .foo | toString }}|{{ .bar | toString }}`,
+			"singlefoo": "executed: {{ .singlefoo | upper }}",
 		},
 	}
-	tc.ExpectedSecret.Data = map[string][]byte{
-		"tplv1": []byte(`executed: bar|bang`),
-		"other": []byte(`barmap|bangmap`),
-	}
 }
diff --git a/e2e/suites/provider/cases/vault/vault.go b/e2e/suites/provider/cases/vault/vault.go
@@ -125,10 +125,10 @@ var _ = Describe("[vault]", Label("vault"), func() {
 
 var _ = Describe("[vault] with mTLS", Label("vault", "vault-mtls"), func() {
 	f := framework.New("eso-vault")
-	//prov := newVaultProvider(f)
+	prov := newVaultProvider(f)
 
 	DescribeTable("sync secrets",
-		//framework.TableFunc(f, prov),
+		framework.TableFuncWithExternalSecret(f, prov),
 		// uses token auth
 		framework.Compose(withTokenAuthAndMTLS, f, common.FindByName, useMTLSAndTokenAuth),
 		// use referent auth

diff --git a/pkg/provider/fake/fake.go b/pkg/provider/fake/fake.go
@@ -114,18 +114,16 @@ func (p *Provider) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteR
 
 func (p *Provider) PushSecret(_ context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error {
 	value := secret.Data[data.GetSecretKey()]
-	currentData, ok := p.config[data.GetRemoteKey()]
+	_, ok := p.config[data.GetRemoteKey()]
 	if !ok {
 		p.config[data.GetRemoteKey()] = &Data{
 			Value:  string(value),
 			Origin: FakeSetSecret,
 		}
 		return nil
 	}
-	if currentData.Origin != FakeSetSecret {
-		return fmt.Errorf("key already exists")
-	}
-	currentData.Value = string(value)
+	p.config[data.GetRemoteKey()].Value = string(value)
+
 	return nil
 }
 

diff --git a/pkg/provider/testing/fake/fake.go b/pkg/provider/testing/fake/fake.go
@@ -16,6 +16,7 @@ package fake
 
 import (
 	"context"
+	"fmt"
 
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -81,6 +82,7 @@ func (v *Client) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecret
 }
 
 func (v *Client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error {
+	fmt.Println("CALLING PUSH SECRET: ", secret.Data, data)
 	v.SetSecretArgs[data.GetRemoteKey()] = SetSecretCallArgs{
 		Value:     secret.Data[data.GetSecretKey()],
 		RemoteRef: data,