From 354df4cc1aad24ea96864fd27e432a908bc75cea Mon Sep 17 00:00:00 2001 From: Danil Grigorev Date: Tue, 7 May 2024 12:46:07 +0200 Subject: [PATCH] B64 encode gcp credentials for credentials sync Signed-off-by: Danil Grigorev --- internal/sync/secret_mapper_sync.go | 2 +- internal/sync/secret_mapper_sync_test.go | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/internal/sync/secret_mapper_sync.go b/internal/sync/secret_mapper_sync.go index 27c6476c..14a5d3e1 100644 --- a/internal/sync/secret_mapper_sync.go +++ b/internal/sync/secret_mapper_sync.go @@ -84,7 +84,7 @@ var ( {to: "VSPHERE_USERNAME", from: Raw{source: "vmwarevsphere-username"}}, }, "gcp": { - {to: "GCP_B64ENCODED_CREDENTIALS", from: Raw{source: "googlecredentialConfig-authEncodedJson"}}, + {to: "GCP_B64ENCODED_CREDENTIALS", from: B64{source: "googlecredentialConfig-authEncodedJson"}}, }, "digitalocean": { {to: "DIGITALOCEAN_ACCESS_TOKEN", from: Raw{source: "digitaloceancredentialConfig-accessToken"}}, diff --git a/internal/sync/secret_mapper_sync_test.go b/internal/sync/secret_mapper_sync_test.go index 3428a04d..f8bb061a 100644 --- a/internal/sync/secret_mapper_sync_test.go +++ b/internal/sync/secret_mapper_sync_test.go @@ -347,6 +347,28 @@ var _ = Describe("SecretMapperSync get", func() { })) }).Should(Succeed()) }) + + It("converts GCP credentials with double B64 encode", func() { + capiProvider.Spec.Name = "gcp" + rancherSecret.Annotations[sync.DriverNameAnnotation] = "gcp" + rancherSecret.Data = map[string][]byte{ + "googlecredentialConfig-authEncodedJson": []byte("test"), + } + Expect(testEnv.Client.Create(ctx, rancherSecret)).ToNot(HaveOccurred()) + + Eventually(ctx, func(g Gomega) { + syncer := sync.NewSecretMapperSync(ctx, testEnv, capiProvider).(*sync.SecretMapperSync) + g.Expect(syncer.Get(ctx)).ToNot(HaveOccurred()) + g.Expect(syncer.Sync(context.Background())).ToNot(HaveOccurred()) + g.Expect(conditions.Get(syncer.Source, turtlesv1.RancherCredentialsSecretCondition)).ToNot(BeNil()) + g.Expect(conditions.IsTrue(syncer.Source, turtlesv1.RancherCredentialsSecretCondition)).To(BeTrue()) + + g.Expect(syncer.Secret.StringData).To(Equal(map[string]string{ + "GCP_B64ENCODED_CREDENTIALS": "dGVzdA==", + })) + }).Should(Succeed()) + }) + It("provider requirements digitalocean", func() { capiProvider.Spec.Name = "digitalocean" rancherSecret.Annotations[sync.DriverNameAnnotation] = "digitalocean"