Add secret type credential to validation code (#308)

* Add secret type credential to validation code * Add secret type credential to validation code * Fix import order * Add more test for KeyPair case
kanisterio · Sep 20, 2019 · 9178d4c · 9178d4c
1 parent 373bab3
commit 9178d4c
Show file tree

Hide file tree

Showing 2 changed files with 141 additions and 9 deletions.
diff --git a/pkg/validate/validate.go b/pkg/validate/validate.go
@@ -135,23 +135,40 @@ func ProfileSchema(p *crv1alpha1.Profile) error {
 	if !supported(p.Location.Type) {
 		return errorf("unknown or unsupported location type '%s'", p.Location.Type)
 	}
-	if p.Credential.Type != crv1alpha1.CredentialTypeKeyPair {
-		return errorf("unknown or unsupported credential type '%s'", p.Credential.Type)
+	if err := validateCredentialType(&p.Credential); err != nil {
+		return err
 	}
 	if p.Location.Type == crv1alpha1.LocationTypeS3Compliant {
 		if p.Location.Bucket != "" && p.Location.Endpoint == "" && p.Location.Region == "" {
 			return errorf("Bucket region not specified")
 		}
 	}
-	if p.Credential.KeyPair.Secret.Name == "" {
-		return errorf("secret for bucket credentials not specified")
-	}
-	if p.Credential.KeyPair.SecretField == "" || p.Credential.KeyPair.IDField == "" {
-		return errorf("secret field or id field empty")
-	}
 	return nil
 }
 
+func validateCredentialType(creds *crv1alpha1.Credential) error {
+	switch creds.Type {
+	case crv1alpha1.CredentialTypeKeyPair:
+		if creds.KeyPair.Secret.Name == "" {
+			return errorf("Secret for bucket credentials not specified")
+		}
+		if creds.KeyPair.SecretField == "" || creds.KeyPair.IDField == "" {
+			return errorf("Secret field or id field empty")
+		}
+		return nil
+	case crv1alpha1.CredentialTypeSecret:
+		if creds.Secret.Name == "" {
+			return errorf("Secret name is empty")
+		}
+		if creds.Secret.Namespace == "" {
+			return errorf("Secret namespace is empty")
+		}
+		return nil
+	default:
+		return errorf("Unsupported credential type '%s'", creds.Type)
+	}
+}
+
 func supported(t crv1alpha1.LocationType) bool {
 	return t == crv1alpha1.LocationTypeS3Compliant || t == crv1alpha1.LocationTypeGCS || t == crv1alpha1.LocationTypeAzure
 }

diff --git a/pkg/validate/validate_test.go b/pkg/validate/validate_test.go
@@ -15,13 +15,13 @@
 package validate
 
 import (
-	"github.com/kanisterio/kanister/pkg/param"
 	"testing"
 
 	. "gopkg.in/check.v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	crv1alpha1 "github.com/kanisterio/kanister/pkg/apis/cr/v1alpha1"
+	"github.com/kanisterio/kanister/pkg/param"
 )
 
 // Hook up gocheck into the "go test" runner.
@@ -480,3 +480,118 @@ func (s *ValidateSuite) TestBlueprint(c *C) {
 	err := Blueprint(nil)
 	c.Assert(err, IsNil)
 }
+
+func (s *ValidateSuite) TestProfileSchema(c *C) {
+	tcs := []struct {
+		profile *crv1alpha1.Profile
+		checker Checker
+	}{
+		{
+			profile: &crv1alpha1.Profile{
+				Location: crv1alpha1.Location{
+					Type: crv1alpha1.LocationTypeS3Compliant,
+				},
+				Credential: crv1alpha1.Credential{
+					Type: crv1alpha1.CredentialTypeSecret,
+					Secret: &crv1alpha1.ObjectReference{
+						Name:      "secret-name",
+						Namespace: "secret-namespace",
+					},
+				},
+			},
+			checker: IsNil,
+		},
+		{
+			profile: &crv1alpha1.Profile{
+				Location: crv1alpha1.Location{
+					Type: crv1alpha1.LocationTypeS3Compliant,
+				},
+				Credential: crv1alpha1.Credential{
+					Type: crv1alpha1.CredentialTypeKeyPair,
+					KeyPair: &crv1alpha1.KeyPair{
+						IDField:     "id",
+						SecretField: "secret",
+						Secret: crv1alpha1.ObjectReference{
+							Name:      "secret-name",
+							Namespace: "secret-namespace",
+						},
+					},
+				},
+			},
+			checker: IsNil,
+		},
+		// Missing secret namespace
+		{
+			profile: &crv1alpha1.Profile{
+				Location: crv1alpha1.Location{
+					Type: crv1alpha1.LocationTypeS3Compliant,
+				},
+				Credential: crv1alpha1.Credential{
+					Type: crv1alpha1.CredentialTypeSecret,
+					Secret: &crv1alpha1.ObjectReference{
+						Name: "secret-name",
+					},
+				},
+			},
+			checker: NotNil,
+		},
+		// Missing secret name
+		{
+			profile: &crv1alpha1.Profile{
+				Location: crv1alpha1.Location{
+					Type: crv1alpha1.LocationTypeS3Compliant,
+				},
+				Credential: crv1alpha1.Credential{
+					Type: crv1alpha1.CredentialTypeSecret,
+					Secret: &crv1alpha1.ObjectReference{
+						Namespace: "secret-namespace",
+					},
+				},
+			},
+			checker: NotNil,
+		},
+		// Missing secret field
+		{
+			profile: &crv1alpha1.Profile{
+				Location: crv1alpha1.Location{
+					Type: crv1alpha1.LocationTypeS3Compliant,
+				},
+				Credential: crv1alpha1.Credential{
+					Type: crv1alpha1.CredentialTypeKeyPair,
+					KeyPair: &crv1alpha1.KeyPair{
+						IDField: "id",
+						Secret: crv1alpha1.ObjectReference{
+							Name:      "secret-name",
+							Namespace: "secret-namespace",
+						},
+					},
+				},
+			},
+			checker: NotNil,
+		},
+		// Missing id field
+		{
+			profile: &crv1alpha1.Profile{
+				Location: crv1alpha1.Location{
+					Type: crv1alpha1.LocationTypeS3Compliant,
+				},
+				Credential: crv1alpha1.Credential{
+					Type: crv1alpha1.CredentialTypeKeyPair,
+					KeyPair: &crv1alpha1.KeyPair{
+						SecretField: "secret",
+						Secret: crv1alpha1.ObjectReference{
+							Name:      "secret-name",
+							Namespace: "secret-namespace",
+						},
+					},
+				},
+			},
+			checker: NotNil,
+		},
+	}
+
+	for _, tc := range tcs {
+		err := ProfileSchema(tc.profile)
+		c.Check(err, tc.checker)
+	}
+}