github.com/nginxinc/kubernetes-ingress@v1.12.5/internal/k8s/secrets/store_test.go (about) 1 package secrets 2 3 import ( 4 "errors" 5 "testing" 6 7 "github.com/google/go-cmp/cmp" 8 api_v1 "k8s.io/api/core/v1" 9 meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 10 ) 11 12 type fakeSecretFileManager struct { 13 AddedOrUpdatedSecret *api_v1.Secret 14 DeletedSecret string 15 } 16 17 func (m *fakeSecretFileManager) AddOrUpdateSecret(secret *api_v1.Secret) string { 18 m.AddedOrUpdatedSecret = secret 19 return "testpath" 20 } 21 22 func (m *fakeSecretFileManager) DeleteSecret(key string) { 23 m.DeletedSecret = key 24 } 25 26 func (m *fakeSecretFileManager) Reset() { 27 m.AddedOrUpdatedSecret = nil 28 m.DeletedSecret = "" 29 } 30 31 var ( 32 validSecret = &api_v1.Secret{ 33 ObjectMeta: meta_v1.ObjectMeta{ 34 Name: "tls-secret", 35 Namespace: "default", 36 }, 37 Type: api_v1.SecretTypeTLS, 38 Data: map[string][]byte{ 39 "tls.crt": validCert, 40 "tls.key": validKey, 41 }, 42 } 43 invalidSecret = &api_v1.Secret{ 44 ObjectMeta: meta_v1.ObjectMeta{ 45 Name: "tls-secret", 46 Namespace: "default", 47 }, 48 Type: api_v1.SecretTypeTLS, 49 Data: map[string][]byte{ 50 "tls.crt": invalidCert, 51 "tls.key": validKey, 52 }, 53 } 54 ) 55 56 func errorComparer(e1, e2 error) bool { 57 if e1 == nil || e2 == nil { 58 return errors.Is(e1, e2) 59 } 60 61 return e1.Error() == e2.Error() 62 } 63 64 func TestAddOrUpdateSecret(t *testing.T) { 65 manager := &fakeSecretFileManager{} 66 67 store := NewLocalSecretStore(manager) 68 69 // Add the valid secret 70 71 expectedManager := &fakeSecretFileManager{} 72 73 store.AddOrUpdateSecret(validSecret) 74 75 if diff := cmp.Diff(expectedManager, manager); diff != "" { 76 t.Errorf("AddOrUpdateSecret() returned unexpected result (-want +got):\n%s", diff) 77 } 78 79 // Get the secret 80 81 expectedSecretRef := &SecretReference{ 82 Secret: validSecret, 83 Path: "testpath", 84 Error: nil, 85 } 86 expectedManager = &fakeSecretFileManager{ 87 AddedOrUpdatedSecret: validSecret, 88 } 89 90 manager.Reset() 91 secretRef := store.GetSecret("default/tls-secret") 92 93 if diff := cmp.Diff(expectedSecretRef, secretRef, cmp.Comparer(errorComparer)); diff != "" { 94 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 95 } 96 if diff := cmp.Diff(expectedManager, manager); diff != "" { 97 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 98 } 99 100 // Make the secret invalid 101 102 expectedManager = &fakeSecretFileManager{ 103 DeletedSecret: "default/tls-secret", 104 } 105 106 manager.Reset() 107 store.AddOrUpdateSecret(invalidSecret) 108 109 if diff := cmp.Diff(expectedManager, manager); diff != "" { 110 t.Errorf("AddOrUpdateSecret() returned unexpected result (-want +got):\n%s", diff) 111 } 112 113 // Get the secret 114 115 expectedSecretRef = &SecretReference{ 116 Secret: invalidSecret, 117 Path: "", 118 Error: errors.New("Failed to validate TLS cert and key: x509: malformed certificate"), 119 } 120 expectedManager = &fakeSecretFileManager{} 121 122 manager.Reset() 123 secretRef = store.GetSecret("default/tls-secret") 124 125 if diff := cmp.Diff(expectedSecretRef, secretRef, cmp.Comparer(errorComparer)); diff != "" { 126 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 127 } 128 if diff := cmp.Diff(expectedManager, manager); diff != "" { 129 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 130 } 131 132 // Restore the valid secret 133 134 expectedManager = &fakeSecretFileManager{} 135 136 manager.Reset() 137 store.AddOrUpdateSecret(validSecret) 138 139 if diff := cmp.Diff(expectedManager, manager); diff != "" { 140 t.Errorf("AddOrUpdateSecret() returned unexpected result (-want +got):\n%s", diff) 141 } 142 143 // Get the secret 144 145 expectedSecretRef = &SecretReference{ 146 Secret: validSecret, 147 Path: "testpath", 148 Error: nil, 149 } 150 expectedManager = &fakeSecretFileManager{ 151 AddedOrUpdatedSecret: validSecret, 152 } 153 154 manager.Reset() 155 secretRef = store.GetSecret("default/tls-secret") 156 157 if diff := cmp.Diff(expectedSecretRef, secretRef, cmp.Comparer(errorComparer)); diff != "" { 158 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 159 } 160 if diff := cmp.Diff(expectedManager, manager); diff != "" { 161 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 162 } 163 164 // Update the secret 165 166 expectedManager = &fakeSecretFileManager{ 167 AddedOrUpdatedSecret: validSecret, 168 } 169 170 manager.Reset() 171 // for the test, it is ok to use the same version 172 store.AddOrUpdateSecret(validSecret) 173 174 if diff := cmp.Diff(expectedManager, manager); diff != "" { 175 t.Errorf("AddOrUpdateSecret() returned unexpected result (-want +got):\n%s", diff) 176 } 177 178 // Get the secret 179 180 expectedSecretRef = &SecretReference{ 181 Secret: validSecret, 182 Path: "testpath", 183 Error: nil, 184 } 185 expectedManager = &fakeSecretFileManager{} 186 187 manager.Reset() 188 secretRef = store.GetSecret("default/tls-secret") 189 190 if diff := cmp.Diff(expectedSecretRef, secretRef, cmp.Comparer(errorComparer)); diff != "" { 191 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 192 } 193 if diff := cmp.Diff(expectedManager, manager); diff != "" { 194 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 195 } 196 } 197 198 func TestDeleteSecretNonExisting(t *testing.T) { 199 manager := &fakeSecretFileManager{} 200 store := NewLocalSecretStore(manager) 201 202 expectedManager := &fakeSecretFileManager{} 203 204 store.DeleteSecret("default/tls-secret") 205 206 if diff := cmp.Diff(expectedManager, manager); diff != "" { 207 t.Errorf("DeleteSecret() returned unexpected result (-want +got):\n%s", diff) 208 } 209 } 210 211 func TestDeleteSecretValidSecret(t *testing.T) { 212 manager := &fakeSecretFileManager{} 213 store := NewLocalSecretStore(manager) 214 215 // Add the valid secret 216 217 expectedManager := &fakeSecretFileManager{} 218 219 store.AddOrUpdateSecret(validSecret) 220 221 if diff := cmp.Diff(expectedManager, manager); diff != "" { 222 t.Errorf("AddOrUpdateSecret() returned unexpected result (-want +got):\n%s", diff) 223 } 224 225 // Get the secret 226 227 expectedSecretRef := &SecretReference{ 228 Secret: validSecret, 229 Path: "testpath", 230 Error: nil, 231 } 232 expectedManager = &fakeSecretFileManager{ 233 AddedOrUpdatedSecret: validSecret, 234 } 235 236 manager.Reset() 237 secretRef := store.GetSecret("default/tls-secret") 238 239 if diff := cmp.Diff(expectedSecretRef, secretRef, cmp.Comparer(errorComparer)); diff != "" { 240 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 241 } 242 if diff := cmp.Diff(expectedManager, manager); diff != "" { 243 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 244 } 245 246 // Delete the secret 247 248 expectedManager = &fakeSecretFileManager{ 249 DeletedSecret: "default/tls-secret", 250 } 251 252 manager.Reset() 253 store.DeleteSecret("default/tls-secret") 254 255 if diff := cmp.Diff(expectedManager, manager); diff != "" { 256 t.Errorf("DeleteSecret() returned unexpected result (-want +got):\n%s", diff) 257 } 258 259 // Get the secret 260 261 expectedSecretRef = &SecretReference{ 262 Error: errors.New("secret doesn't exist or of an unsupported type"), 263 } 264 expectedManager = &fakeSecretFileManager{} 265 266 manager.Reset() 267 secretRef = store.GetSecret("default/tls-secret") 268 269 if diff := cmp.Diff(expectedSecretRef, secretRef, cmp.Comparer(errorComparer)); diff != "" { 270 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 271 } 272 if diff := cmp.Diff(expectedManager, manager); diff != "" { 273 t.Errorf("GetSecret() returned unexpected result (-want +got):\n%s", diff) 274 } 275 } 276 277 func TestDeleteSecretInvalidSecret(t *testing.T) { 278 manager := &fakeSecretFileManager{} 279 store := NewLocalSecretStore(manager) 280 281 // Add invalid secret 282 283 expectedManager := &fakeSecretFileManager{} 284 285 store.AddOrUpdateSecret(invalidSecret) 286 287 if diff := cmp.Diff(expectedManager, manager); diff != "" { 288 t.Errorf("AddOrUpdateSecret() returned unexpected result (-want +got):\n%s", diff) 289 } 290 291 // Delete invalid secret 292 293 expectedManager = &fakeSecretFileManager{} 294 295 manager.Reset() 296 store.DeleteSecret("default/tls-secret") 297 298 if diff := cmp.Diff(expectedManager, manager); diff != "" { 299 t.Errorf("DeleteSecret() returned unexpected result (-want +got):\n%s", diff) 300 } 301 }