github.com/argoproj/argo-cd/v3@v3.2.1/util/kube/util_test.go (about) 1 package kube 2 3 import ( 4 "context" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 corev1 "k8s.io/api/core/v1" 10 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 11 "k8s.io/client-go/kubernetes" 12 "k8s.io/client-go/kubernetes/fake" 13 ) 14 15 func getSecret(client kubernetes.Interface, ns, name string) (*corev1.Secret, error) { 16 s, err := client.CoreV1().Secrets(ns).Get(context.TODO(), name, metav1.GetOptions{}) 17 if err != nil { 18 return nil, err 19 } 20 return s, nil 21 } 22 23 func Test_CreateOrUpdateSecretField(t *testing.T) { 24 secret := &corev1.Secret{ 25 ObjectMeta: metav1.ObjectMeta{ 26 Name: "test-secret", 27 Namespace: "test", 28 Labels: map[string]string{ 29 "label1": "bar", 30 "label2": "baz", 31 }, 32 Annotations: map[string]string{ 33 "annotation1": "bar", 34 "annotation2": "baz", 35 }, 36 }, 37 Data: map[string][]byte{ 38 "password": []byte("foobar"), 39 }, 40 } 41 42 labels := map[string]string{ 43 "label3": "foo", 44 } 45 annotations := map[string]string{ 46 "annotation3": "foo", 47 } 48 49 client := fake.NewClientset(secret) 50 51 t.Run("Change field in existing secret", func(t *testing.T) { 52 ku := NewKubeUtil(t.Context(), client) 53 err := ku.CreateOrUpdateSecretField("test", "test-secret", "password", "barfoo") 54 require.NoError(t, err) 55 s, err := getSecret(client, "test", "test-secret") 56 require.NoError(t, err) 57 58 // password field should be updated 59 assert.Equal(t, "barfoo", string(s.Data["password"])) 60 61 // Labels and annotations should be untouched 62 assert.Len(t, s.Labels, 2) 63 assert.Len(t, s.Annotations, 2) 64 }) 65 66 t.Run("Change field in non-existing secret", func(t *testing.T) { 67 ku := NewKubeUtil(t.Context(), client) 68 err := ku.CreateOrUpdateSecretField("test", "nonexist-secret", "password", "foobaz") 69 require.NoError(t, err) 70 s, err := getSecret(client, "test", "nonexist-secret") 71 require.NoError(t, err) 72 73 // password field should be requested value 74 assert.Equal(t, "foobaz", string(s.Data["password"])) 75 76 // Labels and annotations should be untouched 77 assert.Empty(t, s.Labels) 78 assert.Empty(t, s.Annotations) 79 }) 80 81 t.Run("Change field in existing secret with labels", func(t *testing.T) { 82 ku := NewKubeUtil(t.Context(), client).WithAnnotations(annotations).WithLabels(labels) 83 err := ku.CreateOrUpdateSecretField("test", "test-secret", "password", "barfoo") 84 require.NoError(t, err) 85 s, err := getSecret(client, "test", "test-secret") 86 require.NoError(t, err) 87 88 // password field should be updated 89 assert.Equal(t, "barfoo", string(s.Data["password"])) 90 91 // Labels and annotations should be untouched 92 assert.Len(t, s.Labels, 2) 93 assert.Len(t, s.Annotations, 2) 94 }) 95 96 t.Run("Change field in existing secret with labels", func(t *testing.T) { 97 ku := NewKubeUtil(t.Context(), client).WithAnnotations(annotations).WithLabels(labels) 98 err := ku.CreateOrUpdateSecretField("test", "nonexisting-secret", "password", "barfoo") 99 require.NoError(t, err) 100 s, err := getSecret(client, "test", "nonexisting-secret") 101 require.NoError(t, err) 102 103 // password field should be updated 104 assert.Equal(t, "barfoo", string(s.Data["password"])) 105 106 // Labels and annotations should be applied 107 assert.Len(t, s.Labels, 1) 108 assert.Len(t, s.Annotations, 1) 109 assert.Contains(t, s.Labels, "label3") 110 assert.Contains(t, s.Annotations, "annotation3") 111 }) 112 } 113 114 func Test_CreateOrUpdateSecretData(t *testing.T) { 115 secret := &corev1.Secret{ 116 ObjectMeta: metav1.ObjectMeta{ 117 Name: "test-secret", 118 Namespace: "test", 119 }, 120 Data: map[string][]byte{ 121 "something": []byte("something"), 122 "password": []byte("foobar"), 123 "foobar": []byte("barfoo"), 124 }, 125 } 126 127 data1 := map[string][]byte{ 128 "password": []byte("barfoo"), 129 } 130 131 data2 := map[string][]byte{ 132 "password": []byte("foobarbaz"), 133 } 134 135 client := fake.NewClientset(secret) 136 137 t.Run("Change data in existing secret with merge", func(t *testing.T) { 138 ku := NewKubeUtil(t.Context(), client) 139 err := ku.CreateOrUpdateSecretData("test", "test-secret", data1, true) 140 require.NoError(t, err) 141 s, err := getSecret(client, "test", "test-secret") 142 require.NoError(t, err) 143 require.Contains(t, s.Data, "something") 144 require.Contains(t, s.Data, "password") 145 require.Equal(t, "barfoo", string(s.Data["password"])) 146 }) 147 148 t.Run("Change data in non-existing secret with merge", func(t *testing.T) { 149 ku := NewKubeUtil(t.Context(), client) 150 err := ku.CreateOrUpdateSecretData("test", "nonexist-secret", data1, true) 151 require.NoError(t, err) 152 s, err := getSecret(client, "test", "nonexist-secret") 153 require.NoError(t, err) 154 require.Len(t, s.Data, 1) 155 require.Equal(t, "barfoo", string(s.Data["password"])) 156 }) 157 158 t.Run("Change data in existing secret without merge", func(t *testing.T) { 159 ku := NewKubeUtil(t.Context(), client) 160 err := ku.CreateOrUpdateSecretData("test", "test-secret", data2, false) 161 require.NoError(t, err) 162 s, err := getSecret(client, "test", "test-secret") 163 require.NoError(t, err) 164 require.Contains(t, s.Data, "password") 165 require.NotContains(t, s.Data, "something") 166 require.NotContains(t, s.Data, "foobar") 167 require.Equal(t, "foobarbaz", string(s.Data["password"])) 168 }) 169 170 t.Run("Change data in non-existing secret without merge", func(t *testing.T) { 171 ku := NewKubeUtil(t.Context(), client) 172 err := ku.CreateOrUpdateSecretData("test", "nonexist-secret", data2, false) 173 require.NoError(t, err) 174 s, err := getSecret(client, "test", "nonexist-secret") 175 require.NoError(t, err) 176 require.Len(t, s.Data, 1) 177 require.Equal(t, "foobarbaz", string(s.Data["password"])) 178 }) 179 }