Skip to content

Commit

Permalink
chore: respond to PR feedback
Browse files Browse the repository at this point in the history
- added correct annotations to the secret
- pulled duplicated types out to shared context
  • Loading branch information
quixoten committed Aug 5, 2024
1 parent ba2ddbe commit 8ac8c92
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 53 deletions.
21 changes: 21 additions & 0 deletions e2e/test/secret-docker-json-key-vault.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: v1
kind: Secret
metadata:
name: test-secret-docker-json-key-vault
annotations:
secrets-webhook.security.bank-vaults.io/provider: "vault"
secrets-webhook.security.bank-vaults.io/vault-addr: "https://vault.default.svc.cluster.local:8200"
secrets-webhook.security.bank-vaults.io/vault-role: "default"
secrets-webhook.security.bank-vaults.io/vault-tls-secret: vault-tls
# secrets-webhook.security.bank-vaults.io/vault-skip-verify: "true"
secrets-webhook.security.bank-vaults.io/vault-path: "kubernetes"
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: |
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "dmF1bHQ6c2VjcmV0L2RhdGEvZG9ja2VycmVwbyNET0NLRVJfUkVQT19KU09OX0tFWQ=="
}
}
}
20 changes: 0 additions & 20 deletions e2e/test/secret-docker-json-key.yaml

This file was deleted.

53 changes: 20 additions & 33 deletions e2e/webhook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,19 @@ import (
)

func TestSecretValueInjection(t *testing.T) {
type dockerAuth struct {
Username string `json:"username"`
Password string `json:"password"`
Auth string `json:"auth"`
}

type auths struct {
DockerAuth dockerAuth `json:"https://index.docker.io/v1/"`
}

type dockerconfig struct {
Auths auths `json:"auths"`
}
secretVault := applyResource(features.New("secret-vault"), "secret-vault.yaml").
Assess("object created", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
secrets := &v1.SecretList{
Expand All @@ -61,41 +74,27 @@ func TestSecretValueInjection(t *testing.T) {
err := cfg.Client().Resources(cfg.Namespace()).Get(ctx, "test-secret-vault", cfg.Namespace(), &secret)
require.NoError(t, err)

type v1 struct {
Username string `json:"username"`
Password string `json:"password"`
Auth string `json:"auth"`
}

type auths struct {
V1 v1 `json:"https://index.docker.io/v1/"`
}

type dockerconfig struct {
Auths auths `json:"auths"`
}

var dockerconfigjson dockerconfig

err = json.Unmarshal(secret.Data[".dockerconfigjson"], &dockerconfigjson)
require.NoError(t, err)

dockerrepoauth := base64.StdEncoding.EncodeToString([]byte("dockerrepouser:dockerrepopassword"))
assert.Equal(t, "dockerrepouser", dockerconfigjson.Auths.V1.Username)
assert.Equal(t, "dockerrepopassword", dockerconfigjson.Auths.V1.Password)
assert.Equal(t, dockerrepoauth, dockerconfigjson.Auths.V1.Auth)
assert.Equal(t, "dockerrepouser", dockerconfigjson.Auths.DockerAuth.Username)
assert.Equal(t, "dockerrepopassword", dockerconfigjson.Auths.DockerAuth.Password)
assert.Equal(t, dockerrepoauth, dockerconfigjson.Auths.DockerAuth.Auth)
assert.Equal(t, "Inline: secretId AWS_ACCESS_KEY_ID", string(secret.Data["inline"]))

return ctx
}).
Feature()

secretDockerJsonKey := applyResource(features.New("secret-docker-json-key"), "secret-docker-json-key.yaml").
secretDockerJsonKey := applyResource(features.New("secret-docker-json-key-vault"), "secret-docker-json-key-vault.yaml").
Assess("object created", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
secrets := &v1.SecretList{
Items: []v1.Secret{
{
ObjectMeta: metav1.ObjectMeta{Name: "test-secret-docker-json-key", Namespace: cfg.Namespace()},
ObjectMeta: metav1.ObjectMeta{Name: "test-secret-docker-json-key-vault", Namespace: cfg.Namespace()},
},
},
}
Expand All @@ -109,28 +108,16 @@ func TestSecretValueInjection(t *testing.T) {
Assess("secret values are injected", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
var secret v1.Secret

err := cfg.Client().Resources(cfg.Namespace()).Get(ctx, "test-secret-docker-json-key", cfg.Namespace(), &secret)
err := cfg.Client().Resources(cfg.Namespace()).Get(ctx, "test-secret-docker-json-key-vault", cfg.Namespace(), &secret)
require.NoError(t, err)

type v1 struct {
Auth string `json:"auth"`
}

type auths struct {
V1 v1 `json:"https://index.docker.io/v1/"`
}

type dockerconfig struct {
Auths auths `json:"auths"`
}

var dockerconfigjson dockerconfig

err = json.Unmarshal(secret.Data[".dockerconfigjson"], &dockerconfigjson)
require.NoError(t, err)

dockerrepoauth := base64.StdEncoding.EncodeToString([]byte("_json_key: {\n \"type\": \"service_account\",\n \"project_id\": \"test\"\n}\n"))
assert.Equal(t, dockerrepoauth, dockerconfigjson.Auths.V1.Auth)
assert.Equal(t, dockerrepoauth, dockerconfigjson.Auths.DockerAuth.Auth)

return ctx
}).
Expand Down

0 comments on commit 8ac8c92

Please sign in to comment.