This repository has been archived by the owner on Apr 10, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 93
/
secret_test.go
122 lines (114 loc) · 2.67 KB
/
secret_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package main
import (
"testing"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
testDockerconfig = `{"auth":{"gcr.io":{"username":"_json_key","password":"{}"}}}`
)
var testCasesVerifySecret = []struct {
name string
input *corev1.Secret
expected verifySecretResult
}{
{
name: "valid",
input: &corev1.Secret{
Type: corev1.SecretTypeDockerConfigJson,
Data: map[string][]byte{
corev1.DockerConfigJsonKey: []byte(testDockerconfig),
},
},
expected: secretOk,
},
{
name: "invalid secret type",
input: &corev1.Secret{
Type: corev1.SecretTypeOpaque,
Data: map[string][]byte{
corev1.DockerConfigJsonKey: []byte(testDockerconfig),
},
},
expected: secretWrongType,
},
{
name: "invalid secret key",
input: &corev1.Secret{
Type: corev1.SecretTypeDockerConfigJson,
Data: map[string][]byte{
"test": []byte(testDockerconfig),
},
},
expected: secretNoKey,
},
{
name: "invalid secret value",
input: &corev1.Secret{
Type: corev1.SecretTypeDockerConfigJson,
Data: map[string][]byte{
corev1.DockerConfigJsonKey: []byte(`{"auth":"invalid"}`),
},
},
expected: secretDataNotMatch,
},
}
func TestVerifySecret(t *testing.T) {
dockerConfigJSON = testDockerconfig
for _, testCase := range testCasesVerifySecret {
actual := verifySecret(testCase.input)
if actual != testCase.expected {
t.Errorf("verifySecret(%s) gives %s, expects %s", testCase.name, actual, testCase.expected)
}
}
}
func TestDockerconfigSecretIsValid(t *testing.T) {
result := verifySecret(dockerconfigSecret("default"))
if result != secretOk {
t.Errorf("dockerconfigSecret generates invalid secret: %s", result)
}
}
var validAnnotations = map[string]string{
annotationManagedBy: annotationAppName,
}
var testCasesForIsManagedSecret = []struct {
name string
input *corev1.Secret
expected bool
}{
{
name: "valid",
input: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Annotations: validAnnotations,
},
},
expected: true,
},
{
name: "no annotation",
input: &corev1.Secret{},
expected: false,
},
{
name: "different annotation",
input: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Annotations: map[string]string{
"notmatching": "annotation",
},
},
},
expected: false,
},
}
func TestIsManagedSecret(t *testing.T) {
configDockerconfigjson = testDockerconfig
for _, testCase := range testCasesForIsManagedSecret {
actual := isManagedSecret(testCase.input)
t.Logf("+%v\n", testCase.input.ObjectMeta.Annotations)
if actual != testCase.expected {
t.Errorf("verifySecret(%s) gives %t, expects %t", testCase.name, actual, testCase.expected)
}
}
}