remotesecret

package

v0.0.0-...-317aa01 Latest Latest Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Remote Secret tests suite

This suite contains a set of tests that covers Remote Secret scenarios. For detailed information regarding the remote-secret functionalities, please read the remote-secret documentation.

Steps to run 'remotesecret-suite':

Follow the instructions from the Readme scripts to install AppStudio in e2e mode
Run make build
Run the e2e suite: ./bin/e2e-appstudio --ginkgo.focus="remotesecret-suite"

Scenarios

Remote Secret interaction with Environments (SVPI-632, SVPI-633, SVPI-653, SVPI-654,environments.go)

This scenario ensures that:

Remote Secret is created in target namespaces of all Environments of an Application and Component (no "appstudio.redhat.com/environment" label is specified)
Remote Secret is created only in target namespace of the specified Environments of an Application and Component ("appstudio.redhat.com/environment" label is specified)
Remote Secret is created in all target namespaces of specified multiple Environments ("appstudio.redhat.com/environment" annotation is specified)
Remote Secret is deleted when Environment is deleted
Remote Secret target namespace is added to Status.Targets
Remote Secret target namespace is deleted from Status.Targets when Environment is deleted

To check the above cases, three different Environments are created, using the same test cluster as BYOC target for simplicity. Three Remote Secrets with different labels and annotations (based on the required case) are then created and all the checks for each case are performed (secret existence or removal in target namespace, Status.Target updated).

Kubeconfig auth (SVPI-558, kubeconfig-auth.go)

Kubeconfig auth is an authorization option that allows deploying the secrets defined by the remote secret to a completely different cluster using a referenced kubeconfig configuration.

To avoid the complexity of using two clusters on the test, the test points to the running cluster kubeconfig, since the goal is to test the kubeconfig auth.

Service account auth (SVPI-558, service-account-auth.go)

Service account auth is an authorization option for deploying secrets to different target namespace than where the remote secret lives.

Target current namespace where the remote secret lives (SVPI-558, target-current-namespace.go)

Current namespace auth is the simplest way of authorization since targeting current namespace where the remote secret lives is always allowed.

Documentation ¶

Index ¶

func IsRobotAccountTokenCorrect(secretName, ns, secretType string, image *image.ImageRepository, ...)
func IsTargetSecretLinkedToRightSA(ns, imageRemoteSecretName, serviceAccountName string, target rs.TargetStatus)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsRobotAccountTokenCorrect ¶

func IsRobotAccountTokenCorrect(secretName, ns, secretType string, image *image.ImageRepository, fw *framework.Framework)

func IsTargetSecretLinkedToRightSA ¶

func IsTargetSecretLinkedToRightSA(ns, imageRemoteSecretName, serviceAccountName string, target rs.TargetStatus)

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL