diff --git a/test/e2e/common/secrets.go b/test/e2e/common/secrets.go index 33c896e700c..f28607cfc33 100644 --- a/test/e2e/common/secrets.go +++ b/test/e2e/common/secrets.go @@ -17,6 +17,7 @@ limitations under the License. package common import ( + "encoding/json" "fmt" "k8s.io/api/core/v1" @@ -25,7 +26,9 @@ import ( "k8s.io/kubernetes/test/e2e/framework" imageutils "k8s.io/kubernetes/test/utils/image" + "encoding/base64" "github.com/onsi/ginkgo" + "k8s.io/apimachinery/pkg/types" ) var _ = ginkgo.Describe("[sig-api-machinery] Secrets", func() { @@ -134,6 +137,89 @@ var _ = ginkgo.Describe("[sig-api-machinery] Secrets", func() { secret, err := createEmptyKeySecretForTest(f) framework.ExpectError(err, "created secret %q with empty key in namespace %q", secret.Name, f.Namespace.Name) }) + + ginkgo.It("should patch a secret", func() { + ginkgo.By("creating a secret") + + secretTestName := "test-secret-" + string(uuid.NewUUID()) + + // create a secret in the test namespace + _, err := f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Create(&v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretTestName, + Labels: map[string]string{ + "testsecret-constant": "true", + }, + }, + Data: map[string][]byte{ + "key": []byte("value"), + }, + Type: "Opaque", + }) + framework.ExpectNoError(err, "failed to create secret") + + ginkgo.By("listing secrets in all namespaces to ensure that there are more than zero") + // list all secrets in all namespaces to ensure endpoint coverage + secretsList, err := f.ClientSet.CoreV1().Secrets("").List(metav1.ListOptions{ + LabelSelector: "testsecret-constant=true", + }) + framework.ExpectNoError(err, "failed to list secrets") + framework.ExpectNotEqual(len(secretsList.Items), 0, "no secrets found") + + foundCreatedSecret := false + var secretCreatedName string + for _, val := range secretsList.Items { + if val.ObjectMeta.Name == secretTestName && val.ObjectMeta.Namespace == f.Namespace.Name { + foundCreatedSecret = true + secretCreatedName = val.ObjectMeta.Name + break + } + } + framework.ExpectEqual(foundCreatedSecret, true, "unable to find secret by its value") + + ginkgo.By("patching the secret") + // patch the secret in the test namespace + secretPatchNewData := base64.StdEncoding.EncodeToString([]byte("value1")) + secretPatch, err := json.Marshal(map[string]interface{}{ + "metadata": map[string]interface{}{ + "labels": map[string]string{"testsecret": "true"}, + }, + "data": map[string][]byte{"key": []byte(secretPatchNewData)}, + }) + framework.ExpectNoError(err, "failed to marshal JSON") + _, err = f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Patch(secretCreatedName, types.StrategicMergePatchType, []byte(secretPatch)) + framework.ExpectNoError(err, "failed to patch secret") + + secret, err := f.ClientSet.CoreV1().Secrets(f.Namespace.Name).Get(secretCreatedName, metav1.GetOptions{}) + framework.ExpectNoError(err, "failed to get secret") + + secretDecodedstring, err := base64.StdEncoding.DecodeString(string(secret.Data["key"])) + framework.ExpectNoError(err, "failed to decode secret from Base64") + + framework.ExpectEqual(string(secretDecodedstring), "value1", "found secret, but the data wasn't updated from the patch") + + ginkgo.By("deleting the secret using a LabelSelector") + err = f.ClientSet.CoreV1().Secrets(f.Namespace.Name).DeleteCollection(&metav1.DeleteOptions{}, metav1.ListOptions{ + LabelSelector: "testsecret=true", + }) + framework.ExpectNoError(err, "failed to delete patched secret") + + ginkgo.By("listing secrets in all namespaces, searching for label name and value in patch") + // list all secrets in all namespaces + secretsList, err = f.ClientSet.CoreV1().Secrets("").List(metav1.ListOptions{ + LabelSelector: "testsecret-constant=true", + }) + framework.ExpectNoError(err, "failed to list secrets") + + foundCreatedSecret = false + for _, val := range secretsList.Items { + if val.ObjectMeta.Name == secretTestName && val.ObjectMeta.Namespace == f.Namespace.Name { + foundCreatedSecret = true + break + } + } + framework.ExpectEqual(foundCreatedSecret, false, "secret was not deleted successfully") + }) }) func newEnvFromSecret(namespace, name string) *v1.Secret {