def test_copy_secret_data_copies_data_to_multiple_destinations():
"""
Data fields are copied and the "watch" annotation added to multiple
destinations.
"""
with mk_k8s() as k8s:
dst1 = FakeSecret.mk_dst("ns/dst1")
k8s.secrets[("ns", "dst1")] = dst1.to_k8s_dict()
dst2 = FakeSecret.mk_dst("ns2/dst2")
k8s.secrets[("ns2", "dst2")] = dst2.to_k8s_dict()
src = FakeSecret.mk_src("ns/src", "dst1,ns2/dst2", {"foo": "aGVsbG8="})
k8s.secrets[("ns", "src")] = src.to_k8s_dict()
logger = logging.getLogger()
handlers.copy_secret_data(src.to_k8s_dict(), logger)
new_dst1 = k8s.secrets[("ns", "dst1")]
assert new_dst1["metadata"]["annotations"][ANN_WATCH] == "true"
assert new_dst1["data"] == {"foo": "aGVsbG8="}
new_dst2 = k8s.secrets[("ns2", "dst2")]
assert new_dst2["metadata"]["annotations"][ANN_WATCH] == "true"
assert new_dst2["data"] == {"foo": "aGVsbG8="}
def test_copy_secret_data_with_missing_dest_logs_warning(caplog):
"""
If the destination secret is missing, we log a warning and do nothing.
"""
with mk_k8s() as k8s:
src_secret = FakeSecret.mk_src("ns/src", "dst", {"foo": "aGVsbG8K"})
k8s.secrets[("ns", "src")] = src_secret.to_k8s_dict()
logger = logging.getLogger()
handlers.copy_secret_data(src_secret.to_k8s_dict(), logger)
msg = "Secret not found: ns/dst"
assert caplog.record_tuples == [(logger.name, logging.WARNING, msg)]
def test_copy_secret_data_keeps_unsynced_destination_fields():
"""
Any data fields in the destination that aren't in the source are left
untouched.
"""
with mk_k8s() as k8s:
src_secret = FakeSecret.mk_src("ns/src", "dst", {"foo": "aGVsbG8="})
k8s.secrets[("ns", "src")] = src_secret.to_k8s_dict()
dst_secret = FakeSecret.mk_dst("ns/dst", {"bar": "Z29vZGJ5ZQ=="})
k8s.secrets[("ns", "dst")] = dst_secret.to_k8s_dict()
logger = logging.getLogger()
handlers.copy_secret_data(src_secret.to_k8s_dict(), logger)
new_dst = k8s.secrets[("ns", "dst")]
assert new_dst["metadata"]["annotations"][ANN_WATCH] == "true"
assert new_dst["data"] == {"foo": "aGVsbG8=", "bar": "Z29vZGJ5ZQ=="}
def test_copy_secret_data_copies_data_and_adds_watch_annotation():
"""
All data fields from the source are copied to the destination and the
"watch" annotation is added to the destination.
"""
with mk_k8s() as k8s:
src_secret = FakeSecret.mk_src("ns/src", "dst", {"foo": "aGVsbG8="})
k8s.secrets[("ns", "src")] = src_secret.to_k8s_dict()
dst_secret = FakeSecret.mk_dst("ns/dst")
k8s.secrets[("ns", "dst")] = dst_secret.to_k8s_dict()
logger = logging.getLogger()
handlers.copy_secret_data(src_secret.to_k8s_dict(), logger)
new_dst = k8s.secrets[("ns", "dst")]
assert new_dst["metadata"]["annotations"][ANN_WATCH] == "true"
assert new_dst["data"] == {"foo": "aGVsbG8="}
def test_copy_secret_data_copies_data_to_different_namespace():
"""
Data fields are copied and the "watch" annotation added even if the
destination is in a different namespace.
"""
with mk_k8s() as k8s:
src = FakeSecret.mk_src("ns/src", "ns2/dst", {"foo": "aGVsbG8="})
k8s.secrets[("ns", "src")] = src.to_k8s_dict()
dst = FakeSecret.mk_dst("ns2/dst")
k8s.secrets[("ns2", "dst")] = dst.to_k8s_dict()
logger = logging.getLogger()
handlers.copy_secret_data(src.to_k8s_dict(), logger)
new_dst = k8s.secrets[("ns2", "dst")]
assert new_dst["metadata"]["annotations"][ANN_WATCH] == "true"
assert new_dst["data"] == {"foo": "aGVsbG8="}