feat: [MEC-1478] fix tests

ContentfulCormac · ContentfulCormac · commit b47fb6a33b1a · 2025-02-06T12:07:56.000Z
diff --git a/controllers/syncedsecret_controller_test.go b/controllers/syncedsecret_controller_test.go
@@ -2,6 +2,7 @@ package controllers
 
 import (
 	"context"
+	"fmt"
 	"reflect"
 	"time"
 
@@ -217,7 +218,7 @@ var _ = Describe("SyncedSecret Controller", func() {
 		})
 	})
 
-	Context("For a single SyncedSecret with AWSAccountID", func() {
+	Context("For a single SyncedSecret (using Data) with AWSAccountID", func() {
 		// TODO do a test for DataFrom as well
 		secretKey := types.NamespacedName{
 			Name:      "another-secret-name",
@@ -415,4 +416,211 @@ var _ = Describe("SyncedSecret Controller", func() {
 			}, timeout, interval).Should(BeTrue())
 		})
 	})
+
+	Context("For a single SyncedSecret (using DataFrom) with AWSAccountID", func() {
+		// TODO do a test for DataFrom as well
+		secretKey := types.NamespacedName{
+			Name:      "secret-name-from-data",
+			Namespace: TEST_NAMESPACE2,
+		}
+
+		resourceVersion := ""
+
+		It("Should Create K8S Secrets for SyncedSecret (using Data) CRD with AWSAccountID", func() {
+			MockSecretsOutput.SecretsValueOutput = &secretsmanager.GetSecretValueOutput{
+				SecretString: _s(`{"database_name":"secretDB","database_pass":"cupofcoffee", "database_name1":"secretDB02"}`),
+				VersionId:    _s(`005`),
+			}
+
+			toCreate := &secretsv1.SyncedSecret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:            secretKey.Name,
+					Namespace:       secretKey.Namespace,
+					ResourceVersion: resourceVersion,
+				},
+				Spec: secretsv1.SyncedSecretSpec{
+					SecretMetadata: metav1.ObjectMeta{
+						Name:      secretKey.Name,
+						Namespace: secretKey.Namespace,
+					},
+					AWSAccountID: _s("12345678910"),
+					IAMRole:      _s("test"), // TODO Make this optional in CRD
+					DataFrom: &secretsv1.DataFrom{
+						SecretRef: &secretsv1.SecretRef{
+							Name: _s("random/aws/secret004"),
+						},
+					},
+					// Data: []*secretsv1.SecretField{
+					// 	{
+					// 		Name: _s("DB_NAME"),
+					// 		ValueFrom: &secretsv1.ValueFrom{
+					// 			SecretKeyRef: &secretsv1.SecretKeyRef{
+					// 				Name: _s("random/aws/secret004"),
+					// 				Key:  _s("database_name"),
+					// 			},
+					// 		},
+					// 	},
+					// 	{
+					// 		Name: _s("DB_PASS"),
+					// 		ValueFrom: &secretsv1.ValueFrom{
+					// 			SecretKeyRef: &secretsv1.SecretKeyRef{
+					// 				Name: _s("random/aws/secret004"),
+					// 				Key:  _s("database_pass"),
+					// 			},
+					// 		},
+					// 	},
+					// },
+				},
+			}
+			secretExpect := &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      secretKey.Name,
+					Namespace: secretKey.Namespace,
+				},
+				Type: "Opaque",
+				Data: map[string][]byte{
+					"DB_NAME": []byte("secretDB"),
+					"DB_PASS": []byte("cupofcoffee"),
+				},
+			}
+			err := k8sClient.Create(context.Background(), toCreate)
+			Expect(err).ToNot(HaveOccurred())
+
+			fetchedSecret := &corev1.Secret{}
+			Eventually(func() bool {
+				err := k8sClient.Get(context.Background(), secretKey, fetchedSecret)
+				return k8serrors.IsNotFound(err)
+			}, timeout, interval).Should(BeFalse())
+
+			fmt.Printf("fetchedSecret.Data %v", fetchedSecret.Data)
+			fmt.Printf("secretExpect.Data %v", fetchedSecret.Data)
+
+			// we need to ensure that that secretExpect.Data is a subset of fetchedSecret.Data
+			// the kubernetes client.go doesn't base64 values this is something that kubectl maybe does
+			Expect(reflect.DeepEqual(fetchedSecret.Data, secretExpect.Data)).To(BeTrue())
+
+			fetchedCfSecret := &secretsv1.SyncedSecret{}
+			err = k8sClient.Get(context.Background(), secretKey, fetchedCfSecret)
+			Expect(err).ToNot(HaveOccurred())
+			resourceVersion = fetchedCfSecret.ResourceVersion
+
+		})
+
+		// It("Should update k8s secret object if there is change in AwsSecret CRD with AWSAccountID", func() {
+		// 	MockSecretsOutput.SecretsValueOutput = &secretsmanager.GetSecretValueOutput{
+		// 		SecretString: _s(`{"database_name":"secretDB","database_pass":"cupofcoffee", "database_name1":"secretDB02"}`),
+		// 		VersionId:    _s(`005`),
+		// 	}
+		// 	toUpdate := &secretsv1.SyncedSecret{
+		// 		ObjectMeta: metav1.ObjectMeta{
+		// 			Name:            secretKey.Name,
+		// 			Namespace:       secretKey.Namespace,
+		// 			ResourceVersion: resourceVersion,
+		// 		},
+		// 		Spec: secretsv1.SyncedSecretSpec{
+		// 			SecretMetadata: metav1.ObjectMeta{
+		// 				Name:      secretKey.Name,
+		// 				Namespace: secretKey.Namespace,
+		// 			},
+		// 			IAMRole:      _s("test"),
+		// 			AWSAccountID: _s("12345678910"),
+		// 			Data: []*secretsv1.SecretField{
+		// 				{
+		// 					Name: _s("DB_NAME"),
+		// 					ValueFrom: &secretsv1.ValueFrom{
+		// 						SecretKeyRef: &secretsv1.SecretKeyRef{
+		// 							Name: _s("random/aws/secret003"),
+		// 							Key:  _s("database_name1"),
+		// 						},
+		// 					},
+		// 				},
+		// 				{
+		// 					Name: _s("DB_PASS"),
+		// 					ValueFrom: &secretsv1.ValueFrom{
+		// 						SecretKeyRef: &secretsv1.SecretKeyRef{
+		// 							Name: _s("random/aws/secret003"),
+		// 							Key:  _s("database_pass"),
+		// 						},
+		// 					},
+		// 				},
+		// 			},
+		// 		},
+		// 	}
+
+		// 	secretExpect := &corev1.Secret{
+		// 		ObjectMeta: metav1.ObjectMeta{
+		// 			Name:      secretKey.Name,
+		// 			Namespace: secretKey.Namespace,
+		// 		},
+		// 		Type: "Opaque",
+		// 		Data: map[string][]byte{
+		// 			"DB_NAME": []byte("secretDB02"),
+		// 			"DB_PASS": []byte("cupofcoffee"),
+		// 		},
+		// 	}
+
+		// 	Expect(k8sClient.Update(context.Background(), toUpdate)).Should(Succeed())
+
+		// 	fetchedSecret := &corev1.Secret{}
+		// 	Eventually(func() bool {
+		// 		k8sClient.Get(context.Background(), secretKey, fetchedSecret)
+		// 		return reflect.DeepEqual(fetchedSecret.Data, secretExpect.Data)
+		// 	}, timeout, interval).Should(BeTrue())
+
+		// 	fetchedCfSecret := &secretsv1.SyncedSecret{}
+		// 	err := k8sClient.Get(context.Background(), secretKey, fetchedCfSecret)
+		// 	Expect(err).ToNot(HaveOccurred())
+		// 	resourceVersion = fetchedCfSecret.ResourceVersion
+		// })
+
+		// It("Should update the k8s secret object if the mapped AWS Secret changes with AWSAccountID", func() {
+		// 	MockSecretsOutput.SecretsValueOutput = &secretsmanager.GetSecretValueOutput{
+		// 		SecretString: _s(`{"database_pass":"cupoftea", "database_name1":"secretDB02"}`),
+		// 		VersionId:    _s(`006`),
+		// 	}
+
+		// 	MockSecretsOutput.SecretsPageOutput = &secretsmanager.ListSecretsOutput{
+		// 		SecretList: []*secretsmanager.SecretListEntry{
+		// 			{
+		// 				Name:            _s("random/aws/secret003"),
+		// 				LastChangedDate: _t(time_now.AddDate(0, 0, -2)),
+		// 				SecretVersionsToStages: map[string][]*string{
+		// 					"002": []*string{
+		// 						_s("AWSCURRENT"),
+		// 					},
+		// 				},
+		// 			}, {
+		// 				Name:            _s("random/aws/secret003"),
+		// 				LastChangedDate: _t(time_now.AddDate(0, 0, -1)),
+		// 				SecretVersionsToStages: map[string][]*string{
+		// 					"005": {
+		// 						_s("AWSPREVIOUS"),
+		// 					},
+		// 					"006": {
+		// 						_s("AWSCURRENT"),
+		// 					},
+		// 				},
+		// 			},
+		// 		},
+		// 	}
+
+		// 	secretExpect := &corev1.Secret{
+		// 		ObjectMeta: metav1.ObjectMeta{
+		// 			Name:      secretKey.Name,
+		// 			Namespace: secretKey.Namespace,
+		// 		},
+		// 		Type: "Opaque",
+		// 		Data: map[string][]byte{
+		// 			"DB_NAME": []byte("secretDB02"),
+		// 			"DB_PASS": []byte("cupoftea"),
+		// 		},
+		// 	}
+
+		// 	fetchedSecret := &corev1.Secret{}
+		// 	Eventually(func() bool {
+		// 		k8sClient.Get(context.Background(), secretKey, fetchedSecret)
+		// 		return reflect.DeepEqual(fetchedSecret.Data, secretExpect.Data)
+		// 	}, timeout, interval).Should(BeTrue())
+		// })
+	})
 })
