From b8a27c48346e3a708c4e86164e2f21ff02d862d0 Mon Sep 17 00:00:00 2001 From: "greg.guydo" Date: Tue, 14 May 2024 02:13:31 +0000 Subject: [PATCH] Removed logging, added test cases --- pkg/deploy/gateway/oauth_proxy.go | 10 +- pkg/deploy/gateway/oauth_proxy_test.go | 134 +++++++++++++++++++++++++ 2 files changed, 137 insertions(+), 7 deletions(-) diff --git a/pkg/deploy/gateway/oauth_proxy.go b/pkg/deploy/gateway/oauth_proxy.go index 98a3b09aa..bc13058b7 100644 --- a/pkg/deploy/gateway/oauth_proxy.go +++ b/pkg/deploy/gateway/oauth_proxy.go @@ -101,24 +101,20 @@ skip_provider_button = false func getSecretValue(ctx *chetypes.DeployContext) string { secret := &corev1.Secret{} - exists, err := deploy.GetNamespacedObject(ctx, ctx.CheCluster.Spec.Networking.Auth.OAuthSecret, secret) - if err != nil { - logrus.Debug(err) - } + exists, _ := deploy.GetNamespacedObject(ctx, ctx.CheCluster.Spec.Networking.Auth.OAuthSecret, secret) if !exists { - logrus.Infof("Kubernetes secret with name '%s' not found. Assuming oAuthSecret provided is the actual secret.", ctx.CheCluster.Spec.Networking.Auth.OAuthSecret) + // Kubernetes secret provided name not found. Assuming oAuthSecret provided is the actual secret. return ctx.CheCluster.Spec.Networking.Auth.OAuthSecret } // Retrieve the value associated with the key "oAuthSecret" value, found := secret.Data["oAuthSecret"] if !found { - logrus.Warn("Key 'oAuthSecret' not found. Assuming oAuthSecret provided is the actual secret.") + // Key 'oAuthSecret' not found. Assuming oAuthSecret provided is the actual secret. return ctx.CheCluster.Spec.Networking.Auth.OAuthSecret } // Convert the byte slice to a string - logrus.Infof("Using oAuthSecret found in Kubernetes secret %s", ctx.CheCluster.Spec.Networking.Auth.OAuthSecret) secretValue := string(value) return secretValue } diff --git a/pkg/deploy/gateway/oauth_proxy_test.go b/pkg/deploy/gateway/oauth_proxy_test.go index bd28c18a1..4ba3008eb 100644 --- a/pkg/deploy/gateway/oauth_proxy_test.go +++ b/pkg/deploy/gateway/oauth_proxy_test.go @@ -17,8 +17,13 @@ import ( "k8s.io/utils/pointer" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" + "github.com/eclipse-che/che-operator/pkg/common/constants" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/stretchr/testify/assert" ) @@ -63,6 +68,135 @@ func TestCookieExpireKubernetesOauthProxyConfig(t *testing.T) { assert.Contains(t, config, "cookie_expire = \"1h1m5s\"") } +func TestKubernetesOauthProxySecretSecretFoundWithKey(t *testing.T) { + ctx := test.GetDeployContext( + &chev2.CheCluster{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "eclipse-che", + }, + Spec: chev2.CheClusterSpec{ + Networking: chev2.CheClusterSpecNetworking{ + Auth: chev2.Auth{ + OAuthSecret: "my-secret", + }, + }}, + }, + []runtime.Object{ + &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-secret", + Namespace: "eclipse-che", + Labels: map[string]string{constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg}, + }, + Type: corev1.SecretTypeOpaque, + Data: map[string][]byte{"oAuthSecret": []byte("my")}, + }, + }) + ctx.CheHost = "che-site.che-domain.com" + infrastructure.InitializeForTesting(infrastructure.Kubernetes) + + config := kubernetesOauthProxyConfig(ctx, "blabol") + assert.Contains(t, config, "client_secret = \"my\"") +} + +func TestKubernetesOauthProxySecretSecretFoundWithWrongKey(t *testing.T) { + ctx := test.GetDeployContext( + &chev2.CheCluster{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "eclipse-che", + }, + Spec: chev2.CheClusterSpec{ + Networking: chev2.CheClusterSpecNetworking{ + Auth: chev2.Auth{ + OAuthSecret: "my-secret", + }, + }}, + }, + []runtime.Object{ + &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-secret", + Namespace: "eclipse-che", + Labels: map[string]string{constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg}, + }, + Type: corev1.SecretTypeOpaque, + Data: map[string][]byte{"keyIsNotoAuthSecret": []byte("my")}, + }, + }) + ctx.CheHost = "che-site.che-domain.com" + infrastructure.InitializeForTesting(infrastructure.Kubernetes) + + config := kubernetesOauthProxyConfig(ctx, "blabol") + //expect interpret as literal secret + assert.Contains(t, config, "client_secret = \"my-secret\"") +} + +func TestKubernetesOauthProxySecretSecretFoundWithWrongSecretName(t *testing.T) { + ctx := test.GetDeployContext( + &chev2.CheCluster{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "eclipse-che", + }, + Spec: chev2.CheClusterSpec{ + Networking: chev2.CheClusterSpecNetworking{ + Auth: chev2.Auth{ + OAuthSecret: "wrong-secret-name", + }, + }}, + }, + []runtime.Object{ + &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-secret", + Namespace: "eclipse-che", + Labels: map[string]string{constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg}, + }, + Type: corev1.SecretTypeOpaque, + Data: map[string][]byte{"oAuthSecret": []byte("my")}, + }, + }) + ctx.CheHost = "che-site.che-domain.com" + infrastructure.InitializeForTesting(infrastructure.Kubernetes) + + config := kubernetesOauthProxyConfig(ctx, "blabol") + //expect interpret as literal secret + assert.Contains(t, config, "client_secret = \"wrong-secret-name\"") +} + +func TestKubernetesOauthProxySecretLegacyPlaintextSecretName(t *testing.T) { + ctx := test.GetDeployContext( + &chev2.CheCluster{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "eclipse-che", + }, + Spec: chev2.CheClusterSpec{ + Networking: chev2.CheClusterSpecNetworking{ + Auth: chev2.Auth{ + OAuthSecret: "abcdefPlainTextSecret", + }, + }, + }, + }, nil) + ctx.CheHost = "che-site.che-domain.com" + infrastructure.InitializeForTesting(infrastructure.Kubernetes) + + config := kubernetesOauthProxyConfig(ctx, "blabol") + //expect interpret as literal secret + assert.Contains(t, config, "client_secret = \"abcdefPlainTextSecret\"") +} + func TestKubernetesOauthProxyConfig(t *testing.T) { ctx := test.GetDeployContext( &chev2.CheCluster{