Skip to content

Commit

Permalink
Refactor mocks
Browse files Browse the repository at this point in the history
Moves Conjur mocks to dedicated directory. Binds mocks to struct instances instead of using global variables
  • Loading branch information
doodlesbykumbi authored Oct 5, 2021
1 parent 0e55ab3 commit 2c8e391
Show file tree
Hide file tree
Showing 6 changed files with 208 additions and 218 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,24 +11,45 @@ import (
aren't concerned with if some Conjur secrets have permissions and others don't. Our main priority is
validating that those secrets with 'execute' permissions can be fetched.
*/
var CanExecuteConjurVar bool

func RetrieveConjurSecrets(_ []byte, variableIDs []string) (map[string][]byte, error) {
type ConjurMockClient struct {
CanExecute bool
// TODO: CanExecute is really just used to assert on the presence of errors
// and should probably just be an optional error.
Database map[string]string
}

func (c ConjurMockClient) RetrieveSecrets (_ []byte, variableIDs []string) (map[string][]byte, error) {
conjurSecrets := make(map[string][]byte)

if !CanExecuteConjurVar {
if !c.CanExecute {
return nil, errors.New("custom error")
}

for _, variableId := range variableIDs {
// Check if the secret exists in the mock Conjur DB
if _, ok := MockConjurDB[variableId]; !ok {
variableData, ok := c.Database[variableId]
if !ok {
return nil, errors.New("no_conjur_secret_error")
}

fullVariableId := fmt.Sprintf("account:variable:%s", variableId)
conjurSecrets[fullVariableId] = MockConjurDB[variableId]
conjurSecrets[fullVariableId] = []byte(variableData)
}

return conjurSecrets, nil
}

func NewConjurMockClient() ConjurMockClient {
database := map[string]string{
"conjur_variable1": "conjur_secret1",
"conjur_variable2": "conjur_secret2",
"conjur_variable_empty_secret": "",
}

return ConjurMockClient{
CanExecute: true,
Database: database,
}
}

4 changes: 0 additions & 4 deletions pkg/secrets/k8s_secrets_storage/mocks/conjur_db.go

This file was deleted.

36 changes: 0 additions & 36 deletions pkg/secrets/k8s_secrets_storage/mocks/k8s_db.go

This file was deleted.

54 changes: 45 additions & 9 deletions pkg/secrets/k8s_secrets_storage/mocks/k8s_secrets_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,69 @@ package mocks
import (
"errors"

"gopkg.in/yaml.v3"
v1 "k8s.io/api/core/v1"
)

var CanGetK8sSecrets bool
var CanUpdateK8sSecrets bool
type KubeSecretsMockClient struct {
// Mocks a K8s database. Maps k8s secret names to mock K8s secrets.
Database map[string]map[string][]byte
// TODO: CanRetrieve and CanUpdate are really just used to assert on the presence of errors
// and should probably just be an optional error.
CanRetrieve bool
CanUpdate bool
}

func NewKubeSecretsMockClient() KubeSecretsMockClient {
client := KubeSecretsMockClient{
Database: map[string]map[string][]byte{},
CanRetrieve: true,
CanUpdate: true,
}

return client
}

func (c KubeSecretsMockClient) AddSecret(
secretName string,
key string,
keyConjurPath string,
) {
conjurMap := map[string]string{
key: keyConjurPath,
}
conjurMapBytes, err := yaml.Marshal(conjurMap)
if err != nil {
panic(err)
}

c.Database[secretName] = map[string][]byte{
"conjur-map": conjurMapBytes,
}
}

func RetrieveK8sSecret(_ string, secretName string) (*v1.Secret, error) {
if !CanGetK8sSecrets {
func (c KubeSecretsMockClient) RetrieveSecret(_ string, secretName string) (*v1.Secret, error) {
if !c.CanRetrieve {
return nil, errors.New("custom error")
}

// Check if the secret exists in the mock K8s DB
if _, ok := MockK8sDB[secretName]; !ok {
secretData, ok := c.Database[secretName]
if !ok {
return nil, errors.New("custom error")
}

return &v1.Secret{
Data: MockK8sDB[secretName],
Data: secretData,
}, nil
}

func UpdateK8sSecret(_ string, secretName string, originalK8sSecret *v1.Secret, stringDataEntriesMap map[string][]byte) error {
if !CanUpdateK8sSecrets {
func (c KubeSecretsMockClient) UpdateSecret(_ string, secretName string, originalK8sSecret *v1.Secret, stringDataEntriesMap map[string][]byte) error {
if !c.CanUpdate {
return errors.New("custom error")
}

secretToUpdate := MockK8sDB[secretName]
secretToUpdate := c.Database[secretName]
for key, value := range stringDataEntriesMap {
secretToUpdate[key] = value
}
Expand Down
Loading

0 comments on commit 2c8e391

Please sign in to comment.