Skip to content

Commit

Permalink
e2e.workloadsecret: add test to check for equality of set workload se…
Browse files Browse the repository at this point in the history
…crets
  • Loading branch information
jmxnzo committed Dec 30, 2024
1 parent 8d613cd commit 7436ceb
Showing 1 changed file with 38 additions and 0 deletions.
38 changes: 38 additions & 0 deletions e2e/workloadsecret/workloadsecret_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,44 @@ func TestWorkloadSecrets(t *testing.T) {
require.Len(emojiWorkloadSecretBytes, constants.SecretSeedSize)
require.NotEqual(webWorkloadSecretBytes, emojiWorkloadSecretBytes)
})

t.Run("workload secrets seeds can be set to be equal for different deployments", func(t *testing.T) {
require := require.New(t)
ctx, cancel := context.WithTimeout(context.Background(), ct.FactorPlatformTimeout(60*time.Second))
defer cancel()

ct.PatchManifest(t, patchWorkloadSecretID("web", "emoji"))

t.Run("set", ct.Set)
require.NoError(ct.Kubeclient.Restart(ctx, kubeclient.Deployment{}, ct.Namespace, "web"))
require.NoError(ct.Kubeclient.WaitFor(ctx, kubeclient.Ready, kubeclient.Deployment{}, ct.Namespace, "web"))

webPods, err = ct.Kubeclient.PodsFromDeployment(ctx, ct.Namespace, "web")
require.NoError(err)
require.Len(webPods, 2, "pod not found: %s/%s", ct.Namespace, "web")

stdout, stderr, err := ct.Kubeclient.Exec(ctx, ct.Namespace, webPods[0].Name, []string{"/bin/sh", "-c", "cat /contrast/secrets/workload-secret-seed"})
require.NoError(err, "stderr: %q", stderr)
require.NotEmpty(stdout)
webWorkloadSecretBytes, err = hex.DecodeString(stdout)
require.NoError(err)
require.Len(webWorkloadSecretBytes, constants.SecretSeedSize)
require.Equal(webWorkloadSecretBytes, emojiWorkloadSecretBytes)
})
}

// patchWorkloadSecretID allows to overwrite the workload secret specified in string args[0] with args[1]
// in the current manifest.
func patchWorkloadSecretID(expectedWorkloadSecretID string, patchWorkloadSecretID string) contrasttest.PatchManifestFunc {
return func(m manifest.Manifest) manifest.Manifest {
for key, policy := range m.Policies {
if policy.WorkloadSecretID == expectedWorkloadSecretID {
policy.WorkloadSecretID = patchWorkloadSecretID
m.Policies[key] = policy
}
}
return m
}
}

func TestMain(m *testing.M) {
Expand Down

0 comments on commit 7436ceb

Please sign in to comment.