kubernetes · k8s-ci-robot · Jan 11, 2020 · Jan 6, 2020 · Jan 6, 2020 · Jan 7, 2020
diff --git a/test/e2e/common/secrets.go b/test/e2e/common/secrets.go
@@ -17,6 +17,7 @@ limitations under the License.
 package common
 
 import (
+	"encoding/json"
 	"fmt"
 
 	"k8s.io/api/core/v1"
@@ -25,7 +26,9 @@ import (
 	"k8s.io/kubernetes/test/e2e/framework"
 	imageutils "k8s.io/kubernetes/test/utils/image"
 
+	"encoding/base64"
 	"github.com/onsi/ginkgo"
+	"k8s.io/apimachinery/pkg/types"
 )
 
 var _ = ginkgo.Describe("[sig-api-machinery] Secrets", func() {
@@ -134,6 +137,89 @@ var _ = ginkgo.Describe("[sig-api-machinery] Secrets", func() {
 		secret, err := createEmptyKeySecretForTest(f)
 		framework.ExpectError(err, "created secret %q with empty key in namespace %q", secret.Name, f.Namespace.Name)
 	})
+
+	ginkgo.It("should patch a secret", func() {
+		ginkgo.By("creating a secret")
+
+		secretTestName := "test-secret-" + string(uuid.NewUUID())
+
+		// create a secret in the test namespace
+		_, err := f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Create(&v1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: secretTestName,
+				Labels: map[string]string{
+					"testsecret-constant": "true",
+				},
+			},
+			Data: map[string][]byte{
+				"key": []byte("value"),
+			},
+			Type: "Opaque",
+		})
+		framework.ExpectNoError(err, "failed to create secret")
+
+		ginkgo.By("listing secrets in all namespaces to ensure that there are more than zero")
+		// list all secrets in all namespaces to ensure endpoint coverage
+		secretsList, err := f.ClientSet.CoreV1().Secrets("").List(metav1.ListOptions{
+			LabelSelector: "testsecret-constant=true",
+		})
+		framework.ExpectNoError(err, "failed to list secrets")
+		framework.ExpectNotEqual(len(secretsList.Items), 0, "no secrets found")
+
+		foundCreatedSecret := false
+		var secretCreatedName string
+		for _, val := range secretsList.Items {
+			if val.ObjectMeta.Name == secretTestName && val.ObjectMeta.Namespace == f.Namespace.Name {
+				foundCreatedSecret = true
+				secretCreatedName = val.ObjectMeta.Name
+				break
+			}
+		}
+		framework.ExpectEqual(foundCreatedSecret, true, "unable to find secret by its value")
+
+		ginkgo.By("patching the secret")
+		// patch the secret in the test namespace
+		secretPatchNewData := base64.StdEncoding.EncodeToString([]byte("value1"))
+		secretPatch, err := json.Marshal(map[string]interface{}{
+			"metadata": map[string]interface{}{
+				"labels": map[string]string{"testsecret": "true"},
+			},
+			"data": map[string][]byte{"key": []byte(secretPatchNewData)},
+		})
+		framework.ExpectNoError(err, "failed to marshal JSON")
+		_, err = f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Patch(secretCreatedName, types.StrategicMergePatchType, []byte(secretPatch))
+		framework.ExpectNoError(err, "failed to patch secret")
+
+		secret, err := f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Get(secretCreatedName, metav1.GetOptions{})
+		framework.ExpectNoError(err, "failed to get secret")
+
+		secretDecodedstring, err := base64.StdEncoding.DecodeString(string(secret.Data["key"]))
+		framework.ExpectNoError(err, "failed to decode secret from Base64")
+
+		framework.ExpectEqual(string(secretDecodedstring), "value1", "found secret, but the data wasn't updated from the patch")
+
+		ginkgo.By("deleting the secret using a LabelSelector")
+		err = f.ClientSet.CoreV1().Secrets(f.Namespace.Name).DeleteCollection(&metav1.DeleteOptions{}, metav1.ListOptions{
+			LabelSelector: "testsecret=true",
+		})
+		framework.ExpectNoError(err, "failed to delete patched secret")
+
+		ginkgo.By("listing secrets in all namespaces, searching for label name and value in patch")
+		// list all secrets in all namespaces
+		secretsList, err = f.ClientSet.CoreV1().Secrets("").List(metav1.ListOptions{
+			LabelSelector: "testsecret-constant=true",
+		})
+		framework.ExpectNoError(err, "failed to list secrets")
+
+		foundCreatedSecret = false
+		for _, val := range secretsList.Items {
+			if val.ObjectMeta.Name == secretTestName && val.ObjectMeta.Namespace == f.Namespace.Name {
+				foundCreatedSecret = true
+				break
+			}
+		}
+		framework.ExpectEqual(foundCreatedSecret, false, "secret was not deleted successfully")
+	})
 })
 
 func newEnvFromSecret(namespace, name string) *v1.Secret {