@@ -52,17 +52,22 @@ func getObject(version, kind, name, namespace string, withManagedFields bool) *u
5252 }
5353}
5454
55- func getSecret (name , namespace string , data map [string ]interface {}, isTLS bool , withLastApplied bool ) * unstructured.Unstructured {
55+ type secretType string
56+
57+ var (
58+ opaque secretType = "Opaque"
59+ tls secretType = "kubernetes.io/tls"
60+ istio secretType = "istio.io/ca-root"
61+ )
62+
63+ func getSecret (name , namespace string , data map [string ]interface {}, t secretType , withLastApplied bool ) * unstructured.Unstructured {
5664 object := getObject ("v1" , "Secret" , name , namespace , false )
5765
5866 if data != nil {
5967 object .Object ["data" ] = data
6068 }
6169
62- object .Object ["type" ] = "Opaque"
63- if isTLS {
64- object .Object ["type" ] = "kubernetes.io/tls"
65- }
70+ object .Object ["type" ] = string (t )
6671
6772 metadata , _ := object .Object ["metadata" ].(map [string ]interface {})
6873 annotations := make (map [string ]interface {})
@@ -510,17 +515,17 @@ func TestDynamicGatherer_Fetch(t *testing.T) {
510515 addObjects : []runtime.Object {
511516 getSecret ("testsecret" , "testns1" , map [string ]interface {}{
512517 "secretKey" : "secretValue" ,
513- }, false , true ),
518+ }, opaque , true ),
514519 getSecret ("anothertestsecret" , "testns2" , map [string ]interface {}{
515520 "secretNumber" : "12345" ,
516- }, false , true ),
521+ }, opaque , true ),
517522 },
518523 expected : []* api.GatheredResource {
519524 {
520- Resource : getSecret ("testsecret" , "testns1" , nil , false , false ),
525+ Resource : getSecret ("testsecret" , "testns1" , nil , opaque , false ),
521526 },
522527 {
523- Resource : getSecret ("anothertestsecret" , "testns2" , nil , false , false ),
528+ Resource : getSecret ("anothertestsecret" , "testns2" , nil , opaque , false ),
524529 },
525530 },
526531 },
@@ -534,23 +539,55 @@ func TestDynamicGatherer_Fetch(t *testing.T) {
534539 "tls.key" : "secretValue" ,
535540 "tls.crt" : "value" ,
536541 "ca.crt" : "value" ,
537- }, true , true ),
542+ }, tls , true ),
538543 getSecret ("anothertestsecret" , "testns2" , map [string ]interface {}{
539544 "example.key" : "secretValue" ,
540545 "example.crt" : "value" ,
541- }, true , true ),
546+ }, tls , true ),
542547 },
543548 expected : []* api.GatheredResource {
544549 {
545550 // only tls.crt and ca.cert remain
546551 Resource : getSecret ("testsecret" , "testns1" , map [string ]interface {}{
547552 "tls.crt" : "value" ,
548553 "ca.crt" : "value" ,
549- }, true , false ),
554+ }, tls , false ),
550555 },
551556 {
552557 // all other keys removed
553- Resource : getSecret ("anothertestsecret" , "testns2" , nil , true , false ),
558+ Resource : getSecret ("anothertestsecret" , "testns2" , nil , tls , false ),
559+ },
560+ },
561+ },
562+ "Secret of type istio.io/ca-root should have crts and not keys" : {
563+ config : ConfigDynamic {
564+ IncludeNamespaces : []string {"" },
565+ GroupVersionResource : schema.GroupVersionResource {Group : "" , Version : "v1" , Resource : "secrets" },
566+ },
567+ addObjects : []runtime.Object {
568+ getSecret ("cacerts" , "testns1" , map [string ]interface {}{
569+ "root-cert.pem" : "cert" ,
570+ "ca-cert.pem" : "cert" ,
571+ "ca-key.pem" : "privatekey" ,
572+ "cert-chain.pem" : "cert" ,
573+ }, opaque , true ),
574+ getSecret ("istio-ca-secret" , "testns2" , map [string ]interface {}{
575+ "ca-cert.pem" : "cert" ,
576+ "ca-key.pem" : "privatekey" ,
577+ }, istio , true ),
578+ },
579+ expected : []* api.GatheredResource {
580+ {
581+ Resource : getSecret ("cacerts" , "testns1" , map [string ]interface {}{
582+ "root-cert.pem" : "cert" ,
583+ "ca-cert.pem" : "cert" ,
584+ "cert-chain.pem" : "cert" ,
585+ }, opaque , false ),
586+ },
587+ {
588+ Resource : getSecret ("istio-ca-secret" , "testns2" , map [string ]interface {}{
589+ "ca-cert.pem" : "cert" ,
590+ }, istio , false ),
554591 },
555592 },
556593 },
0 commit comments