Add unit tests for validating repository server secrets [PR#1] (#2128)

* add unit tests for repository server secrets package * address review comments * remove unwanted space * make lint happy * fix tests * fix lint * fix e2e volume snapshot test (#2141) * Remove unused dirs to increase free space in GH runner (#2138) * Refactoring push_images.sh to consume a single source of truth containing valid images (#2147) * Refactoring push_images.sh to take in the single source of truth Made change * Added single source of truth file * Fixing issue with image list * Update RepositoryServer CR Status field to add `metav1.Condition` (#2135) * Update RepositoryServer CR Status fields, add metav1.conditions Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Update RepositoryServer CRD Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Run 'make codegen' Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Fix Lint Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Refactor name, set ClientInitialized to ClientUserInitialized Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> --------- Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> * add checker for secret created * correct spelling mistake in the comment --------- Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> Co-authored-by: alexy.bee <alexey.blokhin@kasten.io> Co-authored-by: Pavan Navarathna <6504783+pavannd1@users.noreply.github.com> Co-authored-by: Nishant Ravi Shankar <23146332+mellon-collie@users.noreply.github.com> Co-authored-by: Akanksha kumari <akankshakumari393@gmail.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
kanisterio · Jul 7, 2023 · 48eee5d · 48eee5d
1 parent 83db2d6
commit 48eee5d
Show file tree

Hide file tree

Showing 2 changed files with 218 additions and 0 deletions.
diff --git a/pkg/secrets/gcp_test.go b/pkg/secrets/gcp_test.go
@@ -0,0 +1,119 @@
+// Copyright 2023 The Kanister Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package secrets
+
+import (
+	"encoding/base64"
+
+	secerrors "github.com/kanisterio/kanister/pkg/secrets/errors"
+	"github.com/pkg/errors"
+	. "gopkg.in/check.v1"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type GCPSecretSuite struct{}
+
+var _ = Suite(&GCPSecretSuite{})
+
+func (s *GCPSecretSuite) TestValidateGCPCredentials(c *C) {
+	serviceAccountJson := make([]byte, base64.StdEncoding.EncodedLen(len([]byte("service_account_json"))))
+	base64.StdEncoding.Encode(serviceAccountJson, []byte("service_account_json"))
+	for i, tc := range []struct {
+		secret      *v1.Secret
+		errChecker  Checker
+		expectedErr error
+	}{
+		{
+			secret: &v1.Secret{
+				Type: v1.SecretType(GCPSecretType),
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "sec",
+					Namespace: "ns",
+				},
+				Data: map[string][]byte{
+					GCPProjectID:             []byte("key_id"),
+					GCPServiceAccountJsonKey: serviceAccountJson,
+				},
+			},
+			errChecker:  IsNil,
+			expectedErr: nil,
+		},
+		{ // Incompatible secret type
+			secret: &v1.Secret{
+				Type: v1.SecretType(AWSSecretType),
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "sec",
+					Namespace: "ns",
+				},
+				Data: map[string][]byte{
+					GCPProjectID:             []byte("key_id"),
+					GCPServiceAccountJsonKey: serviceAccountJson,
+				},
+			},
+			errChecker:  NotNil,
+			expectedErr: errors.Wrapf(secerrors.ErrValidate, secerrors.IncompatibleSecretTypeErrorMsg, GCPSecretType, "ns", "sec"),
+		},
+		{ // missing field - GCPServiceKey
+			secret: &v1.Secret{
+				Type: v1.SecretType(GCPSecretType),
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "sec",
+					Namespace: "ns",
+				},
+				Data: map[string][]byte{
+					GCPProjectID: []byte("key_id"),
+				},
+			},
+			expectedErr: errors.Wrapf(secerrors.ErrValidate, secerrors.MissingRequiredFieldErrorMsg, GCPServiceAccountJsonKey, "ns", "sec"),
+			errChecker:  NotNil,
+		},
+		{ // missing field - GCPProjectID
+			secret: &v1.Secret{
+				Type: v1.SecretType(GCPSecretType),
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "sec",
+					Namespace: "ns",
+				},
+				Data: map[string][]byte{
+					GCPServiceAccountJsonKey: []byte("service_account_json"),
+				},
+			},
+			expectedErr: errors.Wrapf(secerrors.ErrValidate, secerrors.MissingRequiredFieldErrorMsg, GCPProjectID, "ns", "sec"),
+			errChecker:  NotNil,
+		},
+		{ // secret is Empty
+			secret: &v1.Secret{
+				Type: v1.SecretType(GCPSecretType),
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "sec",
+					Namespace: "ns",
+				},
+			},
+			expectedErr: errors.Wrapf(secerrors.ErrValidate, secerrors.EmptySecretErrorMessage, "ns", "sec"),
+			errChecker:  NotNil,
+		},
+		{ // secret is nil
+			secret:      nil,
+			expectedErr: errors.Wrapf(secerrors.ErrValidate, secerrors.NilSecretErrorMessage),
+			errChecker:  NotNil,
+		},
+	} {
+		err := ValidateGCPCredentials(tc.secret)
+		if err != nil {
+			c.Check(err.Error(), Equals, tc.expectedErr.Error(), Commentf("test number: %d", i))
+		}
+	}
+}
diff --git a/pkg/secrets/secrets_test.go b/pkg/secrets/secrets_test.go
@@ -17,7 +17,106 @@ package secrets
 import (
 	"testing"
 
+	"github.com/pkg/errors"
 	. "gopkg.in/check.v1"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	secerrors "github.com/kanisterio/kanister/pkg/secrets/errors"
+	"github.com/kanisterio/kanister/pkg/secrets/repositoryserver"
+	reposerver "github.com/kanisterio/kanister/pkg/secrets/repositoryserver"
 )
 
 func Test(t *testing.T) { TestingT(t) }
+
+type SecretUtilsSuite struct{}
+
+var _ = Suite(&SecretUtilsSuite{})
+
+func (s *SecretUtilsSuite) TestGetLocationSecret(c *C) {
+	for i, tc := range []struct {
+		secret                *v1.Secret
+		errChecker            Checker
+		locationSecretChecker Checker
+		expectedError         error
+	}{
+		{ // Valid secret type
+			secret: &v1.Secret{
+				Type: v1.SecretType(repositoryserver.Location),
+				Data: map[string][]byte{
+					reposerver.TypeKey: []byte(reposerver.LocTypeGCS),
+				},
+			},
+			errChecker:            IsNil,
+			locationSecretChecker: NotNil,
+			expectedError:         nil,
+		},
+		{ // Valid secret type
+			secret: &v1.Secret{
+				Type: v1.SecretType(repositoryserver.Location),
+				Data: map[string][]byte{
+					reposerver.TypeKey: []byte(reposerver.LocTypeAzure),
+				},
+			},
+			errChecker:            IsNil,
+			locationSecretChecker: NotNil,
+			expectedError:         nil,
+		},
+		{ // Valid secret type
+			secret: &v1.Secret{
+				Type: v1.SecretType(repositoryserver.Location),
+				Data: map[string][]byte{
+					reposerver.TypeKey: []byte(reposerver.LocTypeS3),
+				},
+			},
+			errChecker:            IsNil,
+			locationSecretChecker: NotNil,
+			expectedError:         nil,
+		},
+		{ // Valid secret type
+			secret: &v1.Secret{
+				Type: v1.SecretType(repositoryserver.Location),
+				Data: map[string][]byte{
+					reposerver.TypeKey: []byte(reposerver.LocTypeFilestore),
+				},
+			},
+			errChecker:            IsNil,
+			locationSecretChecker: NotNil,
+			expectedError:         nil,
+		},
+		{ // Missing location type
+			secret: &v1.Secret{
+				Type: v1.SecretType(repositoryserver.Location),
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "sec",
+					Namespace: "ns",
+				},
+			},
+			errChecker:            NotNil,
+			locationSecretChecker: IsNil,
+			expectedError:         errors.Wrapf(secerrors.ErrValidate, secerrors.MissingRequiredFieldErrorMsg, reposerver.TypeKey, "ns", "sec"),
+		},
+		{ // Unsupported location type
+			secret: &v1.Secret{
+				Type: v1.SecretType(repositoryserver.Location),
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "sec",
+					Namespace: "ns",
+				},
+				Data: map[string][]byte{
+					reposerver.TypeKey: []byte("invalid"),
+				},
+			},
+			errChecker:            NotNil,
+			locationSecretChecker: IsNil,
+			expectedError:         errors.Wrapf(secerrors.ErrValidate, secerrors.UnsupportedLocationTypeErrorMsg, "invalid", "ns", "sec"),
+		},
+	} {
+		rsecret, err := getLocationSecret(tc.secret)
+		c.Check(err, tc.errChecker)
+		c.Check(rsecret, tc.locationSecretChecker)
+		if err != nil {
+			c.Check(err.Error(), Equals, tc.expectedError.Error(), Commentf("test number: %d", i))
+		}
+	}
+}