Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add validation to not fail on same secret #239

Merged
merged 4 commits into from
Mar 22, 2023
Merged

fix: Add validation to not fail on same secret #239

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5f1d9d3
fix: Add validation to not fail on same secret
odinnordico Mar 16, 2023
8f5ddd9
test: Add unit test to GetSecret func
odinnordico Mar 17, 2023
5d8620a
fix: Changed the validation to be on load
odinnordico Mar 22, 2023
0625838
test: Remove e2e and assert error message
odinnordico Mar 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions pkg/vendir/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package config
import (
"fmt"
"path/filepath"
"reflect"
"strings"

semver "github.com/hashicorp/go-version"
Expand All @@ -31,7 +32,7 @@ func NewConfigFromFiles(paths []string) (Config, []Secret, []ConfigMap, error) {
var configs []Config
var secrets []Secret
var configMaps []ConfigMap

secretsNames := map[string][]Secret{}
err := parseResources(paths, func(docBytes []byte) error {
var res resource

Expand All @@ -48,7 +49,17 @@ func NewConfigFromFiles(paths []string) (Config, []Secret, []ConfigMap, error) {
if err != nil {
return fmt.Errorf("Unmarshaling secret: %s", err)
}
secrets = append(secrets, secret)

if s, ok := secretsNames[secret.Metadata.Name]; ok {
if len(s) == 1 {
odinnordico marked this conversation as resolved.
Show resolved Hide resolved
if !reflect.DeepEqual(s[0].Data, secret.Data) {
return fmt.Errorf(
"Expected to find one secret '%s', but found multiple", s[0].Metadata.Name)
}
}
return nil
}
secretsNames[secret.Metadata.Name] = []Secret{secret}

case res.APIVersion == "v1" && res.Kind == "ConfigMap":
var cm ConfigMap
Expand All @@ -72,6 +83,11 @@ func NewConfigFromFiles(paths []string) (Config, []Secret, []ConfigMap, error) {
}
return nil
})

for _, v := range secretsNames {
secrets = append(secrets, v...)
}

if err != nil {
return Config{}, nil, nil, err
}
Expand Down
229 changes: 229 additions & 0 deletions pkg/vendir/config/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,232 @@ kind: Config`)
require.NoError(t, err)
})
}

func TestSecretsForNewConfigFromFiles(t *testing.T) {
t.Run("Config with single secret", func(t *testing.T) {
tempConfigPath := filepath.Join(t.TempDir(), "config.yml")
configWithWhitespace := []byte(`
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
- path: "repo"
contents:
- path: "folder-1"
git:
url: [email protected]:my-user/my-repo.git
secretRef:
name: ssh-key-secret
ref: origin/main
includePaths:
- folder-1/**/*
- path: "folder-2"
git:
url: [email protected]:my-user/my-repo.git
secretRef:
name: ssh-key-secret
ref: origin/main
includePaths:
- folder-2/**/*
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
`)

require.NoError(t, os.WriteFile(tempConfigPath, configWithWhitespace, 0666))

_, _, _, err := config.NewConfigFromFiles([]string{tempConfigPath})
require.NoError(t, err)
})

t.Run("Config with same secret", func(t *testing.T) {
tempConfigPath := filepath.Join(t.TempDir(), "config.yml")
configWithWhitespace := []byte(`
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
- path: "repo"
contents:
- path: "folder-1"
git:
url: [email protected]:my-user/my-repo.git
secretRef:
name: ssh-key-secret
ref: origin/main
includePaths:
- folder-1/**/*
- path: "folder-2"
git:
url: [email protected]:my-user/my-repo.git
secretRef:
name: ssh-key-secret
ref: origin/main
includePaths:
- folder-2/**/*
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
`)

require.NoError(t, os.WriteFile(tempConfigPath, configWithWhitespace, 0666))

_, _, _, err := config.NewConfigFromFiles([]string{tempConfigPath})
require.NoError(t, err)
})

t.Run("Config with multiple secret", func(t *testing.T) {
tempConfigPath := filepath.Join(t.TempDir(), "config.yml")
configWithWhitespace := []byte(`
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
- path: "repo"
contents:
- path: "folder-1"
git:
url: [email protected]:my-user/my-repo.git
secretRef:
name: ssh-key-secret
ref: origin/main
includePaths:
- folder-1/**/*
- path: "folder-2"
git:
url: [email protected]:my-user/my-repo.git
secretRef:
name: ssh-key-secret
ref: origin/main
includePaths:
- folder-2/**/*
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
---
---
apiVersion: v1
data:
ssh-privatekey: BAR=
kind: Secret
metadata:
name: another-secret
---
apiVersion: v1
data:
ssh-privatekey: BAR=
kind: Secret
metadata:
name: another-secret
`)

require.NoError(t, os.WriteFile(tempConfigPath, configWithWhitespace, 0666))

_, _, _, err := config.NewConfigFromFiles([]string{tempConfigPath})
require.NoError(t, err)
})

t.Run("Config with same secrets name but different data", func(t *testing.T) {
tempConfigPath := filepath.Join(t.TempDir(), "config.yml")
configWithWhitespace := []byte(`
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
- path: "repo"
contents:
- path: "folder-1"
git:
url: [email protected]:my-user/my-repo.git
secretRef:
name: ssh-key-secret
ref: origin/main
includePaths:
- folder-1/**/*
- path: "folder-2"
git:
url: [email protected]:my-user/my-repo.git
secretRef:
name: ssh-key-secret
ref: origin/main
includePaths:
- folder-2/**/*
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
---
apiVersion: v1
data:
ssh-privatekey: FOO=
kind: Secret
metadata:
name: ssh-key-secret
---
apiVersion: v1
data:
ssh-privatekey: BAR=
kind: Secret
metadata:
name: ssh-key-secret
---
apiVersion: v1
data:
ssh-privatekey: BAR=
kind: Secret
metadata:
name: another-secret
---
apiVersion: v1
data:
ssh-privatekey: BAZ=
kind: Secret
metadata:
name: another-secret
`)

require.NoError(t, os.WriteFile(tempConfigPath, configWithWhitespace, 0666))

_, _, _, err := config.NewConfigFromFiles([]string{tempConfigPath})
require.Error(t, err)
odinnordico marked this conversation as resolved.
Show resolved Hide resolved
})
}
9 changes: 8 additions & 1 deletion test/e2e/git_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,13 @@ metadata:
data:
valid.pub: "%s"
---
apiVersion: v1
kind: Secret
metadata:
name: git-pubs
data:
valid.pub: "%s"
---
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
directories:
Expand All @@ -63,7 +70,7 @@ directories:
verification:
publicKeysSecretRef:
name: git-pubs
`, encodedPubKeys, repoPath, ref))
`, encodedPubKeys, encodedPubKeys, repoPath, ref))
odinnordico marked this conversation as resolved.
Show resolved Hide resolved
}

yamlConfig := func(ref string) io.Reader {
Expand Down