• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• vault-crd-master
  • .github
    • workflows
      • maven.yaml
  • src
    • main
      • resources
        • application.properties
      • java
        • de
          • koudingspawn
            • vault
              • VaultApplication.java
              • Constants.java
              • admissionreview
                • AdmissionReviewRestService.java
                • AdmissionReviewService.java
              • crd
                • VaultJKSConfiguration.java
                • VaultVersionedConfiguration.java
                • DoneableVault.java
                • VaultList.java
                • VaultSpec.java
                • VaultDockerCfgConfiguration.java
                • Vault.java
                • VaultPkiConfiguration.java
                • VaultType.java
                • VaultPropertiesConfiguration.java
              • vault
                • impl
                  • CertJksGenerator.java
                  • KeyValueGenerator.java
                  • DockerCfgGenerator.java
                  • properties
                    • VaultJinjaLookup.java
                  • dockercfg
                    • PullSecret.java
                  • PropertiesGenerator.java
                  • PkiJksGenerator.java
                  • KeyValueV2Generator.java
                  • PkiSecretGenerator.java
                  • Sha256.java
                  • SharedVaultResponseMapper.java
                  • CertGenerator.java
                  • pki
                    • PKIRequest.java
                    • PKIResponse.java
                    • VaultResponseData.java
                • VaultSecret.java
                • TypedSecretGenerator.java
                • VaultService.java
                • communication
                  • SecretNotAccessibleException.java
                  • TokenLookupData.java
                  • TokenLookup.java
                • VaultConfiguration.java
                • TypedSecretGeneratorFactory.java
                • VaultHealthCheck.java
                • VaultCommunication.java
              • kubernetes
                • KubernetesService.java
                • Watcher.java
                • scheduler
                  • impl
                    • CompareHash.java
                    • KeyValueV2Refresh.java
                    • CertJksRefresh.java
                    • PropertiesRefresh.java
                    • CertRefresh.java
                    • DockerCfgRefresh.java
                    • PkiJksRefresh.java
                    • KeyValueRefresh.java
                    • PkiRefresh.java
                  • TypeRefreshFactory.java
                  • RefreshConfiguration.java
                  • ScheduledRefresh.java
                  • RequiresRefresh.java
                • KubernetesConnection.java
                • EventHandler.java
    • test
      • resources
        • vault-crd.yaml
        • test.properties
        • application.properties
      • java
        • de
          • koudingspawn
            • vault
              • PKITest.java
              • TestHelper.java
              • CertTest.java
              • KeyValueV2Test.java
              • PKIChainTest.java
              • admissionreview
                • AdmissionReviewTest.java
              • DockerCfgTest.java
              • PropertiesTest.java
              • KeyValueTest.java
              • vault
                • VaultHealthCheckTest.java
              • kubernetes
                • EventHandlerTest.java
                • KubernetesServiceTest.java
              • CertChainTest.java
  • crd.yml
  • examples
    • keyvaluev2.yml
    • properties.yml
    • dockercfg-error.yml
    • keyvalue.yml
    • pki.yml
    • pkijks.yml
    • certjks.yml
    • kind
      • run.sh
      • vault.yaml
      • cluster.yaml
    • pki_chain.yml
    • dockercfg.yml
    • cert.yml
    • keyvaluev2-version.yml
  • pom.xml
  • mvnw
  • LICENSE
  • deploy
    • rbac.yaml
    • admission-webhook.yaml
  • .mvn
    • wrapper
      • maven-wrapper.jar
      • maven-wrapper.properties
  • readme.md
  • Dockerfile
  • .gitignore
  • mvnw.cmd

package de.koudingspawn.vault.admissionreview;

import de.koudingspawn.vault.crd.DoneableVault;
import de.koudingspawn.vault.crd.Vault;
import de.koudingspawn.vault.crd.VaultList;
import de.koudingspawn.vault.vault.VaultSecret;
import de.koudingspawn.vault.vault.VaultService;
import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException;
import io.fabric8.kubernetes.client.dsl.MixedOperation;
import io.fabric8.kubernetes.client.dsl.Resource;
import io.fabric8.kubernetes.internal.KubernetesDeserializer;
import org.apache.commons.lang3.StringUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;

import java.util.HashMap;

import static org.mockito.ArgumentMatchers.any;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

@RunWith(SpringRunner.class)
@SpringBootTest(
        properties = {
                "kubernetes.vault.url=http://localhost:8206/v1/",
                "kubernetes.initial-delay=5000000",
                "kubernetes.vault.token=c73ab0cb-41e6-b89c-7af6-96b36f1ac87b"
        }
)
@AutoConfigureMockMvc
@ActiveProfiles("test")
public class AdmissionReviewTest {

    @MockBean
    VaultService vaultService;

    @MockBean
    MixedOperation<Vault, VaultList, DoneableVault, Resource<Vault, DoneableVault>> customResource;

    @Autowired
    private MockMvc mvc;

    @Before
    public void setup() {
        String kind = StringUtils.substringAfter("vault.koudingspawn.de", ".") + "/v1#Vault";
        KubernetesDeserializer.registerCustomKind(kind, Vault.class);
    }

    @Test
    public void shouldFailWithInvalidRequest() throws Exception {
        SecretNotAccessibleException secretException = new SecretNotAccessibleException("Secret is not accessible");
        Mockito.when(vaultService.generateSecret(any())).thenThrow(secretException);

        mvc.perform(post("/validation/vault-crd").content("{\n" +
                "  \"apiVersion\": \"admission.k8s.io/v1\",\n" +
                "  \"kind\": \"AdmissionReview\",\n" +
                "  \"request\": {\n" +
                "    \"uid\": \"705ab4f5-6393-11e8-b7cc-42010a800002\",\n" +
                "    \"object\": {\n" +
                "      \"apiVersion\": \"koudingspawn.de/v1\",\n" +
                "      \"kind\": \"Vault\",\n" +
                "      \"metadata\": {\n" +
                "        \"name\": \"test-vault\",\n" +
                "        \"namespace\": \"default\"\n" +
                "      " +
                "},\n" +
                "      \"spec\": {\n" +
                "        \"type\": \"KEYVALUE\",\n" +
                "        \"path\": \"secret/qweasd\"\n" +
                "      }\n" +
                "    }\n" +
                "  }\n" +
                "}").contentType("application/json"))
                .andDo(print())
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.response.uid").value("705ab4f5-6393-11e8-b7cc-42010a800002"))
                .andExpect(jsonPath("$.response.allowed").value("false"))
                .andExpect(jsonPath("$.response.status.code").value("400"))
                .andExpect(jsonPath("$.response.status.message").value("Secret is not accessible"));
    }

    @Test
    public void shouldReturnValidValue() throws Exception {
        VaultSecret vaultSecret = new VaultSecret(new HashMap<>(), "qweasd");
        Mockito.when(vaultService.generateSecret(any())).thenReturn(vaultSecret);

        mvc.perform(post("/validation/vault-crd").content("{\n" +
                "  \"apiVersion\": \"admission.k8s.io/v1\",\n" +
                "  \"kind\": \"AdmissionReview\",\n" +
                "  \"request\": {\n" +
                "    \"uid\": \"705ab4f5-6393-11e8-b7cc-42010a800002\",\n" +
                "    \"object\": {\n" +
                "      \"apiVersion\": \"koudingspawn.de/v1\",\n" +
                "      \"kind\": \"Vault\",\n" +
                "      \"metadata\": {\n" +
                "        \"name\": \"test-vault\",\n" +
                "        \"namespace\": \"default\"\n" +
                "      " +
                "},\n" +
                "      \"spec\": {\n" +
                "        \"type\": \"KEYVALUE\",\n" +
                "        \"path\": \"secret/qweasd\"\n" +
                "      }\n" +
                "    }\n" +
                "  }\n" +
                "}").contentType("application/json"))
                .andDo(print())
                .andExpect(status().isOk())
                .andExpect(jsonPath("$.response.uid").value("705ab4f5-6393-11e8-b7cc-42010a800002"))
                .andExpect(jsonPath("$.response.allowed").value("true"));
    }

}