chore: MEC-1478 fix tests

orYoffe · orYoffe · commit 1449497cc6f3 · 2025-02-06T13:50:42.000+01:00
diff --git a/controllers/suite_test.go b/controllers/suite_test.go
@@ -57,6 +57,7 @@ var testEnv *envtest.Environment
 
 const TEST_NAMESPACE = "secret-sync-test"
 const TEST_NAMESPACE2 = "secret-sync-test2"
+const TEST_NAMESPACE3 = "secret-sync-test3"
 
 var time_now = time.Now()
 
@@ -186,6 +187,17 @@ var _ = BeforeSuite(func(done Done) {
 						_s("AWSPREVIOUS"),
 					},
 				},
+			}, {
+				Name:            _s("random/aws/secret005"),
+				LastChangedDate: _t(time_now.AddDate(0, 0, -3)),
+				SecretVersionsToStages: map[string][]*string{
+					"006": {
+						_s("AWSCURRENT"),
+					},
+					"005": {
+						_s("AWSPREVIOUS"),
+					},
+				},
 			},
 		},
 	}
@@ -199,6 +211,7 @@ var _ = BeforeSuite(func(done Done) {
 		ARN: _s("arn:aws:secretsmanager:us-west-2:123456789012:secret:random/aws/secret003-abc"),
 		Tags: []*secretsmanager.Tag{
 			keyValue("k8s.contentful.com/namespace_type/secret-sync-test2", "1"),
+			keyValue("k8s.contentful.com/namespace_type/secret-sync-test3", "1"),
 		},
 	}
 
@@ -239,10 +252,19 @@ var _ = BeforeSuite(func(done Done) {
 			Name: TEST_NAMESPACE2,
 		},
 	}
+	toCreate3 := &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: TEST_NAMESPACE3,
+		},
+	}
 
 	err = k8sClient.Create(context.Background(), toCreate)
+	Expect(err).To(BeNil())
 	err = k8sClient.Create(context.Background(), toCreate2)
 	Expect(err).To(BeNil())
+	err = k8sClient.Create(context.Background(), toCreate3)
+	Expect(err).To(BeNil())
+	Expect(err).To(BeNil())
 
 	close(done)
 }, 60)
diff --git a/controllers/syncedsecret_controller.go b/controllers/syncedsecret_controller.go
@@ -192,15 +192,12 @@ func (r *SyncedSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request
 
 func (r *SyncedSecretReconciler) secretAllowedInNamespace(secretID string, IAMRole string, namespace string, name string) (bool, error) {
 	log := r.Log.WithValues(LogFieldSyncedSecret, namespace)
-	log.Info("BEFOREEEEEEEE-----DescribeSecret--secretID", secretID, IAMRole)
 	secret, err := r.poller.DescribeSecret(aws.String(secretID), IAMRole)
-	log.Info("AFTERRRRRRRRR-----DescribeSecret--secretID", secretID, IAMRole)
 	if err != nil {
 		log.Error(err, "failed to describe secret", "role", IAMRole, "namespace", namespace)
 		return false, errors.WithMessagef(err, "failed to fetch secret %s with role %s in namespace %s", secretID, IAMRole, namespace)
 	}
 
-	// TODO: Move this to secretvalidator similar to rolevalidator
 	allowed, err := r.NamespaceValidator.HasNamespaceType(secret, namespace)
 	if !allowed {
 		r.sync_state[name] = false
diff --git a/controllers/syncedsecret_controller_test.go b/controllers/syncedsecret_controller_test.go
@@ -2,7 +2,6 @@ package controllers
 
 import (
 	"context"
-	"fmt"
 	"reflect"
 	"time"
 
@@ -219,7 +218,6 @@ var _ = Describe("SyncedSecret Controller", func() {
 	})
 
 	Context("For a single SyncedSecret (using Data) with AWSAccountID", func() {
-		// TODO do a test for DataFrom as well
 		secretKey := types.NamespacedName{
 			Name:      "another-secret-name",
 			Namespace: TEST_NAMESPACE2,
@@ -245,7 +243,7 @@ var _ = Describe("SyncedSecret Controller", func() {
 						Namespace: secretKey.Namespace,
 					},
 					AWSAccountID: _s("12345678910"),
-					IAMRole:      _s("test"), // TODO Make this optional in CRD
+					IAMRole:      _s("test"),
 					Data: []*secretsv1.SecretField{
 						{
 							Name: _s("DB_NAME"),
@@ -418,18 +416,17 @@ var _ = Describe("SyncedSecret Controller", func() {
 	})
 
 	Context("For a single SyncedSecret (using DataFrom) with AWSAccountID", func() {
-		// TODO do a test for DataFrom as well
 		secretKey := types.NamespacedName{
 			Name:      "secret-name-from-data",
-			Namespace: TEST_NAMESPACE2,
+			Namespace: TEST_NAMESPACE3,
 		}
 
 		resourceVersion := ""
 
 		It("Should Create K8S Secrets for SyncedSecret (using Data) CRD with AWSAccountID", func() {
 			MockSecretsOutput.SecretsValueOutput = &secretsmanager.GetSecretValueOutput{
-				SecretString: _s(`{"database_name":"secretDB","database_pass":"cupofcoffee", "database_name1":"secretDB02"}`),
-				VersionId:    _s(`005`),
+				SecretString: _s(`{"DB_NAME":"secretDB","DB_PASS":"cupofcoffee"}`),
+				VersionId:    _s(`006`),
 			}
 
 			toCreate := &secretsv1.SyncedSecret{
@@ -444,32 +441,12 @@ var _ = Describe("SyncedSecret Controller", func() {
 						Namespace: secretKey.Namespace,
 					},
 					AWSAccountID: _s("12345678910"),
-					IAMRole:      _s("test"), // TODO Make this optional in CRD
+					IAMRole:      _s("test"),
 					DataFrom: &secretsv1.DataFrom{
 						SecretRef: &secretsv1.SecretRef{
-							Name: _s("random/aws/secret004"),
+							Name: _s("random/aws/secret005"),
 						},
 					},
-					// Data: []*secretsv1.SecretField{
-					// 	{
-					// 		Name: _s("DB_NAME"),
-					// 		ValueFrom: &secretsv1.ValueFrom{
-					// 			SecretKeyRef: &secretsv1.SecretKeyRef{
-					// 				Name: _s("random/aws/secret004"),
-					// 				Key:  _s("database_name"),
-					// 			},
-					// 		},
-					// 	},
-					// 	{
-					// 		Name: _s("DB_PASS"),
-					// 		ValueFrom: &secretsv1.ValueFrom{
-					// 			SecretKeyRef: &secretsv1.SecretKeyRef{
-					// 				Name: _s("random/aws/secret004"),
-					// 				Key:  _s("database_pass"),
-					// 			},
-					// 		},
-					// 	},
-					// },
 				},
 			}
 			secretExpect := &corev1.Secret{
@@ -492,9 +469,6 @@ var _ = Describe("SyncedSecret Controller", func() {
 				return k8serrors.IsNotFound(err)
 			}, timeout, interval).Should(BeFalse())
 
-			fmt.Printf("fetchedSecret.Data %v", fetchedSecret.Data)
-			fmt.Printf("secretExpect.Data %v", fetchedSecret.Data)
-
 			// we need to ensure that that secretExpect.Data is a subset of fetchedSecret.Data
 			// the kubernetes client.go doesn't base64 values this is something that kubectl maybe does
 			Expect(reflect.DeepEqual(fetchedSecret.Data, secretExpect.Data)).To(BeTrue())
@@ -506,121 +480,99 @@ var _ = Describe("SyncedSecret Controller", func() {
 
 		})
 
-		// It("Should update k8s secret object if there is change in AwsSecret CRD with AWSAccountID", func() {
-		// 	MockSecretsOutput.SecretsValueOutput = &secretsmanager.GetSecretValueOutput{
-		// 		SecretString: _s(`{"database_name":"secretDB","database_pass":"cupofcoffee", "database_name1":"secretDB02"}`),
-		// 		VersionId:    _s(`005`),
-		// 	}
-		// 	toUpdate := &secretsv1.SyncedSecret{
-		// 		ObjectMeta: metav1.ObjectMeta{
-		// 			Name:            secretKey.Name,
-		// 			Namespace:       secretKey.Namespace,
-		// 			ResourceVersion: resourceVersion,
-		// 		},
-		// 		Spec: secretsv1.SyncedSecretSpec{
-		// 			SecretMetadata: metav1.ObjectMeta{
-		// 				Name:      secretKey.Name,
-		// 				Namespace: secretKey.Namespace,
-		// 			},
-		// 			IAMRole:      _s("test"),
-		// 			AWSAccountID: _s("12345678910"),
-		// 			Data: []*secretsv1.SecretField{
-		// 				{
-		// 					Name: _s("DB_NAME"),
-		// 					ValueFrom: &secretsv1.ValueFrom{
-		// 						SecretKeyRef: &secretsv1.SecretKeyRef{
-		// 							Name: _s("random/aws/secret003"),
-		// 							Key:  _s("database_name1"),
-		// 						},
-		// 					},
-		// 				},
-		// 				{
-		// 					Name: _s("DB_PASS"),
-		// 					ValueFrom: &secretsv1.ValueFrom{
-		// 						SecretKeyRef: &secretsv1.SecretKeyRef{
-		// 							Name: _s("random/aws/secret003"),
-		// 							Key:  _s("database_pass"),
-		// 						},
-		// 					},
-		// 				},
-		// 			},
-		// 		},
-		// 	}
-
-		// 	secretExpect := &corev1.Secret{
-		// 		ObjectMeta: metav1.ObjectMeta{
-		// 			Name:      secretKey.Name,
-		// 			Namespace: secretKey.Namespace,
-		// 		},
-		// 		Type: "Opaque",
-		// 		Data: map[string][]byte{
-		// 			"DB_NAME": []byte("secretDB02"),
-		// 			"DB_PASS": []byte("cupofcoffee"),
-		// 		},
-		// 	}
-
-		// 	Expect(k8sClient.Update(context.Background(), toUpdate)).Should(Succeed())
-
-		// 	fetchedSecret := &corev1.Secret{}
-		// 	Eventually(func() bool {
-		// 		k8sClient.Get(context.Background(), secretKey, fetchedSecret)
-		// 		return reflect.DeepEqual(fetchedSecret.Data, secretExpect.Data)
-		// 	}, timeout, interval).Should(BeTrue())
-
-		// 	fetchedCfSecret := &secretsv1.SyncedSecret{}
-		// 	err := k8sClient.Get(context.Background(), secretKey, fetchedCfSecret)
-		// 	Expect(err).ToNot(HaveOccurred())
-		// 	resourceVersion = fetchedCfSecret.ResourceVersion
-		// })
-
-		// It("Should update the k8s secret object if the mapped AWS Secret changes with AWSAccountID", func() {
-		// 	MockSecretsOutput.SecretsValueOutput = &secretsmanager.GetSecretValueOutput{
-		// 		SecretString: _s(`{"database_pass":"cupoftea", "database_name1":"secretDB02"}`),
-		// 		VersionId:    _s(`006`),
-		// 	}
-
-		// 	MockSecretsOutput.SecretsPageOutput = &secretsmanager.ListSecretsOutput{
-		// 		SecretList: []*secretsmanager.SecretListEntry{
-		// 			{
-		// 				Name:            _s("random/aws/secret003"),
-		// 				LastChangedDate: _t(time_now.AddDate(0, 0, -2)),
-		// 				SecretVersionsToStages: map[string][]*string{
-		// 					"002": []*string{
-		// 						_s("AWSCURRENT"),
-		// 					},
-		// 				},
-		// 			}, {
-		// 				Name:            _s("random/aws/secret003"),
-		// 				LastChangedDate: _t(time_now.AddDate(0, 0, -1)),
-		// 				SecretVersionsToStages: map[string][]*string{
-		// 					"005": {
-		// 						_s("AWSPREVIOUS"),
-		// 					},
-		// 					"006": {
-		// 						_s("AWSCURRENT"),
-		// 					},
-		// 				},
-		// 			},
-		// 		},
-		// 	}
-
-		// 	secretExpect := &corev1.Secret{
-		// 		ObjectMeta: metav1.ObjectMeta{
-		// 			Name:      secretKey.Name,
-		// 			Namespace: secretKey.Namespace,
-		// 		},
-		// 		Type: "Opaque",
-		// 		Data: map[string][]byte{
-		// 			"DB_NAME": []byte("secretDB02"),
-		// 			"DB_PASS": []byte("cupoftea"),
-		// 		},
-		// 	}
-
-		// 	fetchedSecret := &corev1.Secret{}
-		// 	Eventually(func() bool {
-		// 		k8sClient.Get(context.Background(), secretKey, fetchedSecret)
-		// 		return reflect.DeepEqual(fetchedSecret.Data, secretExpect.Data)
-		// 	}, timeout, interval).Should(BeTrue())
-		// })
+		It("Should update k8s secret object if there is change in AwsSecret CRD with AWSAccountID", func() {
+			MockSecretsOutput.SecretsValueOutput = &secretsmanager.GetSecretValueOutput{
+				SecretString: _s(`{"DB_NAME":"secretDB02","DB_PASS":"cupofcoffee"}`),
+				VersionId:    _s(`006`),
+			}
+
+			toUpdate := &secretsv1.SyncedSecret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:            secretKey.Name,
+					Namespace:       secretKey.Namespace,
+					ResourceVersion: resourceVersion,
+				},
+				Spec: secretsv1.SyncedSecretSpec{
+					SecretMetadata: metav1.ObjectMeta{
+						Name:      secretKey.Name,
+						Namespace: secretKey.Namespace,
+					},
+					IAMRole:      _s("test"),
+					AWSAccountID: _s("12345678910"),
+					DataFrom: &secretsv1.DataFrom{
+						SecretRef: &secretsv1.SecretRef{
+							Name: _s("random/aws/secret006"),
+						},
+					},
+				},
+			}
+
+			secretExpect := &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      secretKey.Name,
+					Namespace: secretKey.Namespace,
+				},
+				Type: "Opaque",
+				Data: map[string][]byte{
+					"DB_NAME": []byte("secretDB02"),
+					"DB_PASS": []byte("cupofcoffee"),
+				},
+			}
+
+			Expect(k8sClient.Update(context.Background(), toUpdate)).Should(Succeed())
+
+			fetchedSecret := &corev1.Secret{}
+			Eventually(func() bool {
+				k8sClient.Get(context.Background(), secretKey, fetchedSecret)
+				return reflect.DeepEqual(fetchedSecret.Data, secretExpect.Data)
+			}, timeout, interval).Should(BeTrue())
+
+			fetchedCfSecret := &secretsv1.SyncedSecret{}
+			err := k8sClient.Get(context.Background(), secretKey, fetchedCfSecret)
+			Expect(err).ToNot(HaveOccurred())
+			resourceVersion = fetchedCfSecret.ResourceVersion
+		})
+
+		It("Should update the k8s secret object if the mapped AWS Secret changes with AWSAccountID", func() {
+			MockSecretsOutput.SecretsValueOutput = &secretsmanager.GetSecretValueOutput{
+				SecretString: _s(`{"DB_PASS":"cupoftea3", "DB_NAME":"secretDB03"}`),
+				VersionId:    _s(`007`),
+			}
+
+			MockSecretsOutput.SecretsPageOutput = &secretsmanager.ListSecretsOutput{
+				SecretList: []*secretsmanager.SecretListEntry{
+					{
+						Name:            _s("random/aws/secret006"),
+						LastChangedDate: _t(time_now.AddDate(0, 0, -1)),
+						SecretVersionsToStages: map[string][]*string{
+							"006": {
+								_s("AWSPREVIOUS"),
+							},
+							"007": {
+								_s("AWSCURRENT"),
+							},
+						},
+					},
+				},
+			}
+
+			secretExpect := &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      secretKey.Name,
+					Namespace: secretKey.Namespace,
+				},
+				Type: "Opaque",
+				Data: map[string][]byte{
+					"DB_NAME": []byte("secretDB03"),
+					"DB_PASS": []byte("cupoftea3"),
+				},
+			}
+
+			fetchedSecret := &corev1.Secret{}
+			Eventually(func() bool {
+				k8sClient.Get(context.Background(), secretKey, fetchedSecret)
+				return reflect.DeepEqual(fetchedSecret.Data, secretExpect.Data)
+			}, timeout, interval).Should(BeTrue())
+		})
 	})
 })
