github.com/argoproj/argo-cd/v2@v2.10.5/util/kube/util_test.go (about) 1 package kube 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 apiv1 "k8s.io/api/core/v1" 10 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 11 "k8s.io/client-go/kubernetes" 12 "k8s.io/client-go/kubernetes/fake" 13 ) 14 15 // nolint:unparam 16 func getSecret(client kubernetes.Interface, ns, name string) (*apiv1.Secret, error) { 17 s, err := client.CoreV1().Secrets(ns).Get(context.TODO(), name, metav1.GetOptions{}) 18 if err != nil { 19 return nil, err 20 } 21 return s, nil 22 } 23 24 func Test_CreateOrUpdateSecretField(t *testing.T) { 25 secret := &apiv1.Secret{ 26 ObjectMeta: metav1.ObjectMeta{ 27 Name: "test-secret", 28 Namespace: "test", 29 Labels: map[string]string{ 30 "label1": "bar", 31 "label2": "baz", 32 }, 33 Annotations: map[string]string{ 34 "annotation1": "bar", 35 "annotation2": "baz", 36 }, 37 }, 38 Data: map[string][]byte{ 39 "password": []byte("foobar"), 40 }, 41 } 42 43 labels := map[string]string{ 44 "label3": "foo", 45 } 46 annotations := map[string]string{ 47 "annotation3": "foo", 48 } 49 50 client := fake.NewSimpleClientset(secret) 51 52 t.Run("Change field in existing secret", func(t *testing.T) { 53 ku := NewKubeUtil(client, context.TODO()) 54 err := ku.CreateOrUpdateSecretField("test", "test-secret", "password", "barfoo") 55 require.NoError(t, err) 56 s, err := getSecret(client, "test", "test-secret") 57 require.NoError(t, err) 58 59 // password field should be updated 60 assert.Equal(t, "barfoo", string(s.Data["password"])) 61 62 // Labels and annotations should be untouched 63 assert.Len(t, s.Labels, 2) 64 assert.Len(t, s.Annotations, 2) 65 }) 66 67 t.Run("Change field in non-existing secret", func(t *testing.T) { 68 ku := NewKubeUtil(client, context.TODO()) 69 err := ku.CreateOrUpdateSecretField("test", "nonexist-secret", "password", "foobaz") 70 require.NoError(t, err) 71 s, err := getSecret(client, "test", "nonexist-secret") 72 require.NoError(t, err) 73 74 // password field should be requested value 75 assert.Equal(t, "foobaz", string(s.Data["password"])) 76 77 // Labels and annotations should be untouched 78 assert.Len(t, s.Labels, 0) 79 assert.Len(t, s.Annotations, 0) 80 }) 81 82 t.Run("Change field in existing secret with labels", func(t *testing.T) { 83 ku := NewKubeUtil(client, context.TODO()).WithAnnotations(annotations).WithLabels(labels) 84 err := ku.CreateOrUpdateSecretField("test", "test-secret", "password", "barfoo") 85 require.NoError(t, err) 86 s, err := getSecret(client, "test", "test-secret") 87 require.NoError(t, err) 88 89 // password field should be updated 90 assert.Equal(t, "barfoo", string(s.Data["password"])) 91 92 // Labels and annotations should be untouched 93 assert.Len(t, s.Labels, 2) 94 assert.Len(t, s.Annotations, 2) 95 }) 96 97 t.Run("Change field in existing secret with labels", func(t *testing.T) { 98 ku := NewKubeUtil(client, context.TODO()).WithAnnotations(annotations).WithLabels(labels) 99 err := ku.CreateOrUpdateSecretField("test", "nonexisting-secret", "password", "barfoo") 100 require.NoError(t, err) 101 s, err := getSecret(client, "test", "nonexisting-secret") 102 require.NoError(t, err) 103 104 // password field should be updated 105 assert.Equal(t, "barfoo", string(s.Data["password"])) 106 107 // Labels and annotations should be applied 108 assert.Len(t, s.Labels, 1) 109 assert.Len(t, s.Annotations, 1) 110 assert.Contains(t, s.Labels, "label3") 111 assert.Contains(t, s.Annotations, "annotation3") 112 }) 113 114 } 115 116 func Test_CreateOrUpdateSecretData(t *testing.T) { 117 secret := &apiv1.Secret{ 118 ObjectMeta: metav1.ObjectMeta{ 119 Name: "test-secret", 120 Namespace: "test", 121 }, 122 Data: map[string][]byte{ 123 "something": []byte("something"), 124 "password": []byte("foobar"), 125 "foobar": []byte("barfoo"), 126 }, 127 } 128 129 data1 := map[string][]byte{ 130 "password": []byte("barfoo"), 131 } 132 133 data2 := map[string][]byte{ 134 "password": []byte("foobarbaz"), 135 } 136 137 client := fake.NewSimpleClientset(secret) 138 139 t.Run("Change data in existing secret with merge", func(t *testing.T) { 140 ku := NewKubeUtil(client, context.TODO()) 141 err := ku.CreateOrUpdateSecretData("test", "test-secret", data1, true) 142 require.NoError(t, err) 143 s, err := getSecret(client, "test", "test-secret") 144 require.NoError(t, err) 145 require.Contains(t, s.Data, "something") 146 require.Contains(t, s.Data, "password") 147 require.Equal(t, "barfoo", string(s.Data["password"])) 148 }) 149 150 t.Run("Change data in non-existing secret with merge", func(t *testing.T) { 151 ku := NewKubeUtil(client, context.TODO()) 152 err := ku.CreateOrUpdateSecretData("test", "nonexist-secret", data1, true) 153 require.NoError(t, err) 154 s, err := getSecret(client, "test", "nonexist-secret") 155 require.NoError(t, err) 156 require.Len(t, s.Data, 1) 157 require.Equal(t, "barfoo", string(s.Data["password"])) 158 }) 159 160 t.Run("Change data in existing secret without merge", func(t *testing.T) { 161 ku := NewKubeUtil(client, context.TODO()) 162 err := ku.CreateOrUpdateSecretData("test", "test-secret", data2, false) 163 require.NoError(t, err) 164 s, err := getSecret(client, "test", "test-secret") 165 require.NoError(t, err) 166 require.Contains(t, s.Data, "password") 167 require.NotContains(t, s.Data, "something") 168 require.NotContains(t, s.Data, "foobar") 169 require.Equal(t, "foobarbaz", string(s.Data["password"])) 170 }) 171 172 t.Run("Change data in non-existing secret without merge", func(t *testing.T) { 173 ku := NewKubeUtil(client, context.TODO()) 174 err := ku.CreateOrUpdateSecretData("test", "nonexist-secret", data2, false) 175 require.NoError(t, err) 176 s, err := getSecret(client, "test", "nonexist-secret") 177 require.NoError(t, err) 178 require.Len(t, s.Data, 1) 179 require.Equal(t, "foobarbaz", string(s.Data["password"])) 180 }) 181 182 }