chore: respond to PR feedback

- added correct annotations to the secret - pulled duplicated types out to shared context Signed-off-by: Devin Christensen <[email protected]>
bank-vaults · Aug 5, 2024 · d247832 · d247832
1 parent ba2ddbe
commit d247832
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 53 deletions.
diff --git a/e2e/test/secret-docker-json-key-vault.yaml b/e2e/test/secret-docker-json-key-vault.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test-secret-docker-json-key-vault
+  annotations:
+    secrets-webhook.security.bank-vaults.io/provider: "vault"
+    secrets-webhook.security.bank-vaults.io/vault-addr: "https://vault.default.svc.cluster.local:8200"
+    secrets-webhook.security.bank-vaults.io/vault-role: "default"
+    secrets-webhook.security.bank-vaults.io/vault-tls-secret: vault-tls
+    # secrets-webhook.security.bank-vaults.io/vault-skip-verify: "true"
+    secrets-webhook.security.bank-vaults.io/vault-path: "kubernetes"
+type: kubernetes.io/dockerconfigjson
+stringData:
+  .dockerconfigjson: |
+    {
+        "auths": {
+            "https://index.docker.io/v1/": {
+                "auth": "dmF1bHQ6c2VjcmV0L2RhdGEvZG9ja2VycmVwbyNET0NLRVJfUkVQT19KU09OX0tFWQ=="
+            }
+        }
+    }
diff --git a/e2e/test/secret-docker-json-key.yaml b/e2e/test/secret-docker-json-key.yaml
diff --git a/e2e/webhook_test.go b/e2e/webhook_test.go
@@ -39,6 +39,19 @@ import (
 )
 
 func TestSecretValueInjection(t *testing.T) {
+	type dockerAuth struct {
+		Username string `json:"username"`
+		Password string `json:"password"`
+		Auth     string `json:"auth"`
+	}
+
+	type auths struct {
+		DockerAuth dockerAuth `json:"https://index.docker.io/v1/"`
+	}
+
+	type dockerconfig struct {
+		Auths auths `json:"auths"`
+	}
 	secretVault := applyResource(features.New("secret-vault"), "secret-vault.yaml").
 		Assess("object created", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
 			secrets := &v1.SecretList{
@@ -61,41 +74,27 @@ func TestSecretValueInjection(t *testing.T) {
 			err := cfg.Client().Resources(cfg.Namespace()).Get(ctx, "test-secret-vault", cfg.Namespace(), &secret)
 			require.NoError(t, err)
 
-			type v1 struct {
-				Username string `json:"username"`
-				Password string `json:"password"`
-				Auth     string `json:"auth"`
-			}
-
-			type auths struct {
-				V1 v1 `json:"https://index.docker.io/v1/"`
-			}
-
-			type dockerconfig struct {
-				Auths auths `json:"auths"`
-			}
-
 			var dockerconfigjson dockerconfig
 
 			err = json.Unmarshal(secret.Data[".dockerconfigjson"], &dockerconfigjson)
 			require.NoError(t, err)
 
 			dockerrepoauth := base64.StdEncoding.EncodeToString([]byte("dockerrepouser:dockerrepopassword"))
-			assert.Equal(t, "dockerrepouser", dockerconfigjson.Auths.V1.Username)
-			assert.Equal(t, "dockerrepopassword", dockerconfigjson.Auths.V1.Password)
-			assert.Equal(t, dockerrepoauth, dockerconfigjson.Auths.V1.Auth)
+			assert.Equal(t, "dockerrepouser", dockerconfigjson.Auths.DockerAuth.Username)
+			assert.Equal(t, "dockerrepopassword", dockerconfigjson.Auths.DockerAuth.Password)
+			assert.Equal(t, dockerrepoauth, dockerconfigjson.Auths.DockerAuth.Auth)
 			assert.Equal(t, "Inline: secretId AWS_ACCESS_KEY_ID", string(secret.Data["inline"]))
 
 			return ctx
 		}).
 		Feature()
 
-	secretDockerJsonKey := applyResource(features.New("secret-docker-json-key"), "secret-docker-json-key.yaml").
+	secretDockerJsonKey := applyResource(features.New("secret-docker-json-key-vault"), "secret-docker-json-key-vault.yaml").
 		Assess("object created", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
 			secrets := &v1.SecretList{
 				Items: []v1.Secret{
 					{
-						ObjectMeta: metav1.ObjectMeta{Name: "test-secret-docker-json-key", Namespace: cfg.Namespace()},
+						ObjectMeta: metav1.ObjectMeta{Name: "test-secret-docker-json-key-vault", Namespace: cfg.Namespace()},
 					},
 				},
 			}
@@ -109,28 +108,16 @@ func TestSecretValueInjection(t *testing.T) {
 		Assess("secret values are injected", func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context {
 			var secret v1.Secret
 
-			err := cfg.Client().Resources(cfg.Namespace()).Get(ctx, "test-secret-docker-json-key", cfg.Namespace(), &secret)
+			err := cfg.Client().Resources(cfg.Namespace()).Get(ctx, "test-secret-docker-json-key-vault", cfg.Namespace(), &secret)
 			require.NoError(t, err)
 
-			type v1 struct {
-				Auth     string `json:"auth"`
-			}
-
-			type auths struct {
-				V1 v1 `json:"https://index.docker.io/v1/"`
-			}
-
-			type dockerconfig struct {
-				Auths auths `json:"auths"`
-			}
-
 			var dockerconfigjson dockerconfig
 
 			err = json.Unmarshal(secret.Data[".dockerconfigjson"], &dockerconfigjson)
 			require.NoError(t, err)
 
 			dockerrepoauth := base64.StdEncoding.EncodeToString([]byte("_json_key: {\n  \"type\": \"service_account\",\n  \"project_id\": \"test\"\n}\n"))
-			assert.Equal(t, dockerrepoauth, dockerconfigjson.Auths.V1.Auth)
+			assert.Equal(t, dockerrepoauth, dockerconfigjson.Auths.DockerAuth.Auth)
 
 			return ctx
 		}).