Update tests and add new test

This commit is contained in:
Marton Soos
2022-02-18 10:47:14 +01:00
parent 285496dc7e
commit b16960057a
3 changed files with 54 additions and 10 deletions

View File

@@ -329,7 +329,7 @@ var tests = []testReconcileItem{
op.VersionAnnotation: "456", op.VersionAnnotation: "456",
}, },
}, },
Type: corev1.SecretTypeOpaque, Type: corev1.SecretType(""),
Data: expectedSecretData, Data: expectedSecretData,
}, },
expectedError: nil, expectedError: nil,
@@ -341,7 +341,7 @@ var tests = []testReconcileItem{
op.VersionAnnotation: fmt.Sprint(version), op.VersionAnnotation: fmt.Sprint(version),
}, },
}, },
Type: corev1.SecretTypeOpaque, Type: corev1.SecretType(""),
Data: expectedSecretData, Data: expectedSecretData,
}, },
opItem: map[string]string{ opItem: map[string]string{
@@ -375,7 +375,7 @@ var tests = []testReconcileItem{
op.VersionAnnotation: fmt.Sprint(version), op.VersionAnnotation: fmt.Sprint(version),
}, },
}, },
Type: corev1.SecretTypeOpaque, Type: corev1.SecretType(""),
Data: expectedSecretData, Data: expectedSecretData,
}, },
opItem: map[string]string{ opItem: map[string]string{

View File

@@ -5,6 +5,7 @@ import (
"fmt" "fmt"
"testing" "testing"
"github.com/1Password/onepassword-operator/pkg/kubernetessecrets"
"github.com/1Password/onepassword-operator/pkg/mocks" "github.com/1Password/onepassword-operator/pkg/mocks"
op "github.com/1Password/onepassword-operator/pkg/onepassword" op "github.com/1Password/onepassword-operator/pkg/onepassword"
@@ -185,7 +186,6 @@ var tests = []testReconcileItem{
}, },
Labels: map[string]string{}, Labels: map[string]string{},
}, },
Type: corev1.SecretTypeOpaque,
Data: expectedSecretData, Data: expectedSecretData,
}, },
opItem: map[string]string{ opItem: map[string]string{
@@ -224,7 +224,7 @@ var tests = []testReconcileItem{
}, },
Labels: map[string]string{}, Labels: map[string]string{},
}, },
Type: corev1.SecretTypeOpaque, Type: corev1.SecretTypeBasicAuth,
Data: expectedSecretData, Data: expectedSecretData,
}, },
expectedError: nil, expectedError: nil,
@@ -280,6 +280,50 @@ var tests = []testReconcileItem{
passKey: password, passKey: password,
}, },
}, },
{
testName: "Error if secret type is changed",
customResource: &onepasswordv1.OnePasswordItem{
TypeMeta: metav1.TypeMeta{
Kind: onePasswordItemKind,
APIVersion: onePasswordItemAPIVersion,
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
},
Spec: onepasswordv1.OnePasswordItemSpec{
ItemPath: itemPath,
},
Type: "custom",
},
existingSecret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
Annotations: map[string]string{
op.VersionAnnotation: fmt.Sprint(version),
},
},
Type: corev1.SecretTypeOpaque,
Data: expectedSecretData,
},
expectedError: kubernetessecrets.ErrCannotUpdateSecretType,
expectedResultSecret: &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
Annotations: map[string]string{
op.VersionAnnotation: fmt.Sprint(version),
},
},
Type: corev1.SecretTypeOpaque,
Data: expectedSecretData,
},
opItem: map[string]string{
userKey: username,
passKey: password,
},
},
{ {
testName: "Secret from 1Password item with invalid K8s labels", testName: "Secret from 1Password item with invalid K8s labels",
customResource: &onepasswordv1.OnePasswordItem{ customResource: &onepasswordv1.OnePasswordItem{
@@ -305,7 +349,6 @@ var tests = []testReconcileItem{
op.VersionAnnotation: fmt.Sprint(version), op.VersionAnnotation: fmt.Sprint(version),
}, },
}, },
Type: corev1.SecretTypeOpaque,
Data: expectedSecretData, Data: expectedSecretData,
}, },
opItem: map[string]string{ opItem: map[string]string{
@@ -338,7 +381,6 @@ var tests = []testReconcileItem{
op.VersionAnnotation: fmt.Sprint(version), op.VersionAnnotation: fmt.Sprint(version),
}, },
}, },
Type: corev1.SecretTypeOpaque,
Data: map[string][]byte{ Data: map[string][]byte{
"password": []byte(password), "password": []byte(password),
"username": []byte(username), "username": []byte(username),
@@ -380,7 +422,6 @@ var tests = []testReconcileItem{
op.VersionAnnotation: fmt.Sprint(version), op.VersionAnnotation: fmt.Sprint(version),
}, },
}, },
Type: corev1.SecretTypeOpaque,
Data: map[string][]byte{ Data: map[string][]byte{
"password": []byte(password), "password": []byte(password),
"username": []byte(username), "username": []byte(username),

View File

@@ -9,6 +9,8 @@ import (
"reflect" "reflect"
errs "errors"
"github.com/1Password/connect-sdk-go/onepassword" "github.com/1Password/connect-sdk-go/onepassword"
"github.com/1Password/onepassword-operator/pkg/utils" "github.com/1Password/onepassword-operator/pkg/utils"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
@@ -16,7 +18,6 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
kubeValidate "k8s.io/apimachinery/pkg/util/validation" kubeValidate "k8s.io/apimachinery/pkg/util/validation"
errs "errors"
kubernetesClient "sigs.k8s.io/controller-runtime/pkg/client" kubernetesClient "sigs.k8s.io/controller-runtime/pkg/client"
logf "sigs.k8s.io/controller-runtime/pkg/log" logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -29,6 +30,8 @@ const restartAnnotation = OnepasswordPrefix + "/last-restarted"
const ItemPathAnnotation = OnepasswordPrefix + "/item-path" const ItemPathAnnotation = OnepasswordPrefix + "/item-path"
const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart" const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto-restart"
var ErrCannotUpdateSecretType = errs.New("Cannot change secret type. Secret type is immutable")
var log = logf.Log var log = logf.Log
func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string, labels map[string]string, secretType string, secretAnnotations map[string]string) error { func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string, labels map[string]string, secretType string, secretAnnotations map[string]string) error {
@@ -68,7 +71,7 @@ func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretNa
currentLabels := currentSecret.Labels currentLabels := currentSecret.Labels
currentSecretType := string(currentSecret.Type) currentSecretType := string(currentSecret.Type)
if !reflect.DeepEqual(currentSecretType, secretType) { if !reflect.DeepEqual(currentSecretType, secretType) {
return errs.New("Cannot change secret type. Secret type is immutable") return ErrCannotUpdateSecretType
} }
if !reflect.DeepEqual(currentAnnotations, secretAnnotations) || !reflect.DeepEqual(currentLabels, labels) { if !reflect.DeepEqual(currentAnnotations, secretAnnotations) || !reflect.DeepEqual(currentLabels, labels) {