Skip to content

Commit c404b4c

Browse files
maelvlsmaelvls
committed
fieldfilter: labels on secrets are now included in the data collected
1 parent ef1dc0a commit c404b4c

File tree

2 files changed

+118
-155
lines changed

2 files changed

+118
-155
lines changed

pkg/datagatherer/k8s/fieldfilter.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ var SecretSelectedFields = []string{
1515
"kind",
1616
"apiVersion",
1717
"metadata.annotations",
18+
"metadata.labels",
1819
"metadata.name",
1920
"metadata.namespace",
2021
"metadata.ownerReferences",

pkg/datagatherer/k8s/fieldfilter_test.go

Lines changed: 117 additions & 155 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,15 @@ import (
44
"encoding/json"
55
"testing"
66

7+
"github.com/jetstack/preflight/pkg/testutil"
8+
"github.com/stretchr/testify/assert"
9+
"github.com/stretchr/testify/require"
710
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
811
)
912

1013
func TestSelect(t *testing.T) {
11-
// secret objects
12-
secretResource := &unstructured.Unstructured{
13-
Object: map[string]interface{}{
14+
t.Run("secret", run_TestSelect(
15+
map[string]interface{}{
1416
"apiVersion": "v1",
1517
"kind": "Secret",
1618
"metadata": map[string]interface{}{
@@ -19,46 +21,52 @@ func TestSelect(t *testing.T) {
1921
"annotations": map[string]string{
2022
"kubectl.kubernetes.io/last-applied-configuration": "secret",
2123
},
24+
"labels": map[string]string{
25+
"foo": "bar",
26+
},
2227
},
2328
"type": "kubernetes.io/tls",
2429
"data": map[string]interface{}{
2530
"tls.crt": "cert data",
2631
"tls.key": "secret",
2732
},
2833
},
29-
}
30-
31-
secretFieldsToSelect := []string{
32-
"apiVersion",
33-
"kind",
34-
"metadata.name",
35-
"metadata.namespace",
36-
"type",
37-
"/data/tls.crt",
38-
}
34+
SecretSelectedFields,
35+
map[string]interface{}{
36+
"apiVersion": "v1",
37+
"kind": "Secret",
38+
"metadata": map[string]interface{}{
39+
"name": "example",
40+
"namespace": "example",
41+
"annotations": map[string]interface{}{
42+
// The "last-applied-configuration" isn't ignored in
43+
// "Select". "Redact" removes it.
44+
"kubectl.kubernetes.io/last-applied-configuration": "secret",
45+
},
46+
"labels": map[string]interface{}{
47+
"foo": "bar",
48+
},
49+
},
50+
"type": "kubernetes.io/tls",
51+
"data": map[string]interface{}{
52+
// The "tls.key" is ignored.
53+
"tls.crt": "cert data",
54+
},
55+
},
56+
))
3957

40-
secretExpectedJSON := `{
41-
"apiVersion": "v1",
42-
"data": {
43-
"tls.crt": "cert data"
44-
},
45-
"kind": "Secret",
46-
"metadata": {
47-
"name": "example",
48-
"namespace": "example"
49-
},
50-
"type": "kubernetes.io/tls"
51-
}`
52-
// route objects
53-
routeResource := &unstructured.Unstructured{
54-
Object: map[string]interface{}{
58+
t.Run("route", run_TestSelect(
59+
map[string]interface{}{
5560
"apiVersion": "v1",
5661
"kind": "Route",
5762
"metadata": map[string]interface{}{
5863
"name": "example",
5964
"annotations": map[string]string{
6065
"kubectl.kubernetes.io/last-applied-configuration": "secret",
6166
},
67+
"labels": map[string]string{
68+
"foo": "bar",
69+
},
6270
},
6371
"spec": map[string]interface{}{
6472
"host": "www.example.com",
@@ -74,68 +82,44 @@ func TestSelect(t *testing.T) {
7482
"destinationCACertificate": "destinationCaCert data",
7583
},
7684
},
85+
}, RouteSelectedFields,
86+
map[string]interface{}{
87+
"apiVersion": "v1",
88+
"kind": "Route",
89+
"metadata": map[string]interface{}{
90+
"name": "example",
91+
"annotations": map[string]interface{}{
92+
// The "last-applied-configuration" isn't ignored in
93+
// "Select". "Redact" removes it.
94+
"kubectl.kubernetes.io/last-applied-configuration": "secret",
95+
},
96+
},
97+
"spec": map[string]interface{}{
98+
"host": "www.example.com",
99+
"to": map[string]interface{}{
100+
"kind": "Service",
101+
"name": "frontend",
102+
},
103+
"tls": map[string]interface{}{
104+
"termination": "reencrypt",
105+
// The "key" field is ignored.
106+
"certificate": "cert data",
107+
"caCertificate": "caCert data",
108+
"destinationCACertificate": "destinationCaCert data",
109+
},
110+
},
77111
},
78-
}
79-
80-
routeFieldsToSelect := []string{
81-
"apiVersion",
82-
"kind",
83-
"metadata.name",
84-
"spec.host",
85-
"spec.to.kind",
86-
"spec.to.name",
87-
"spec.tls.termination",
88-
"spec.tls.certificate",
89-
"spec.tls.caCertificate",
90-
"spec.tls.destinationCACertificate",
91-
}
92-
93-
routeExpectedJSON := `{
94-
"apiVersion": "v1",
95-
"kind": "Route",
96-
"metadata": {
97-
"name": "example"
98-
},
99-
"spec": {
100-
"host": "www.example.com",
101-
"tls": {
102-
"caCertificate": "caCert data",
103-
"certificate": "cert data",
104-
"destinationCACertificate": "destinationCaCert data",
105-
"termination": "reencrypt"
106-
},
107-
"to": {
108-
"kind": "Service",
109-
"name": "frontend"
110-
}
111-
}
112-
}`
113-
114-
tests := map[string]struct {
115-
resource *unstructured.Unstructured
116-
fieldsToSelect []string
117-
expectedJSON string
118-
}{
119-
"secret": {secretResource, secretFieldsToSelect, secretExpectedJSON},
120-
"route": {routeResource, routeFieldsToSelect, routeExpectedJSON},
121-
}
122-
123-
for name, test := range tests {
124-
err := Select(test.fieldsToSelect, test.resource)
125-
if err != nil {
126-
t.Fatalf("unexpected error: %s", err)
127-
}
112+
))
113+
}
128114

129-
bytes, err := json.MarshalIndent(test.resource, "", " ")
130-
if err != nil {
131-
t.Fatalf("unexpected error: %s", err)
132-
}
115+
func run_TestSelect(given map[string]interface{}, givenSelect []string, expect map[string]interface{}) func(*testing.T) {
116+
return func(t *testing.T) {
117+
t.Helper()
118+
givenPtr := unstructured.Unstructured{Object: given}
119+
err := Select(givenSelect, &givenPtr)
120+
require.NoError(t, err)
133121

134-
t.Run(name, func(t *testing.T) {
135-
if string(bytes) != test.expectedJSON {
136-
t.Fatalf("unexpected JSON: \ngot \n%s\nwant\n%s", string(bytes), test.expectedJSON)
137-
}
138-
})
122+
assert.Equal(t, expect, givenPtr.Object)
139123
}
140124
}
141125

@@ -153,21 +137,15 @@ func TestSelectMissingSelectedField(t *testing.T) {
153137
}
154138

155139
err := Select(fieldsToSelect, resource)
156-
if err != nil {
157-
t.Fatalf("unexpected error: %s", err)
158-
}
159-
140+
require.NoError(t, err)
160141
bytes, err := json.MarshalIndent(resource, "", " ")
161-
if err != nil {
162-
t.Fatalf("unexpected error: %s", err)
163-
}
142+
require.NoError(t, err)
164143

165-
expectedJSON := `{
166-
"kind": "Secret"
167-
}`
168-
if string(bytes) != expectedJSON {
169-
t.Fatalf("unexpected JSON: \ngot \n%s\nwant\n%s", string(bytes), expectedJSON)
170-
}
144+
expectedJSON := testutil.Undent(`
145+
{
146+
"kind": "Secret"
147+
}`)
148+
assert.Equal(t, expectedJSON, string(bytes))
171149
}
172150

173151
func TestRedactSecret(t *testing.T) {
@@ -198,30 +176,25 @@ func TestRedactSecret(t *testing.T) {
198176
}
199177

200178
err := Redact(fieldsToRedact, resource)
201-
if err != nil {
202-
t.Fatalf("unexpected error: %s", err)
203-
}
179+
require.NoError(t, err)
204180

205181
bytes, err := json.MarshalIndent(resource, "", " ")
206-
if err != nil {
207-
t.Fatalf("unexpected error: %s", err)
208-
}
209-
expectedJSON := `{
210-
"apiVersion": "v1",
211-
"data": {
212-
"tls.crt": "cert data"
213-
},
214-
"kind": "Secret",
215-
"metadata": {
216-
"annotations": {},
217-
"name": "example",
218-
"namespace": "example"
219-
},
220-
"type": "kubernetes.io/tls"
221-
}`
222-
if string(bytes) != expectedJSON {
223-
t.Fatalf("unexpected JSON: \ngot \n%s\nwant\n%s", string(bytes), expectedJSON)
224-
}
182+
require.NoError(t, err)
183+
expectedJSON := testutil.Undent(`
184+
{
185+
"apiVersion": "v1",
186+
"data": {
187+
"tls.crt": "cert data"
188+
},
189+
"kind": "Secret",
190+
"metadata": {
191+
"annotations": {},
192+
"name": "example",
193+
"namespace": "example"
194+
},
195+
"type": "kubernetes.io/tls"
196+
}`)
197+
assert.Equal(t, expectedJSON, string(bytes))
225198
}
226199

227200
func TestRedactPod(t *testing.T) {
@@ -245,28 +218,23 @@ func TestRedactPod(t *testing.T) {
245218
}
246219

247220
err := Redact(fieldsToRedact, resource)
248-
if err != nil {
249-
t.Fatalf("unexpected error: %s", err)
250-
}
221+
require.NoError(t, err)
251222

252223
bytes, err := json.MarshalIndent(resource, "", " ")
253-
if err != nil {
254-
t.Fatalf("unexpected error: %s", err)
255-
}
256-
expectedJSON := `{
257-
"apiVersion": "v1",
258-
"kind": "Pod",
259-
"metadata": {
260-
"name": "example",
261-
"namespace": "example"
262-
},
263-
"spec": {
264-
"serviceAccountName": "example"
265-
}
266-
}`
267-
if string(bytes) != expectedJSON {
268-
t.Fatalf("unexpected JSON: \ngot \n%s\nwant\n%s", string(bytes), expectedJSON)
269-
}
224+
require.NoError(t, err)
225+
expectedJSON := testutil.Undent(`
226+
{
227+
"apiVersion": "v1",
228+
"kind": "Pod",
229+
"metadata": {
230+
"name": "example",
231+
"namespace": "example"
232+
},
233+
"spec": {
234+
"serviceAccountName": "example"
235+
}
236+
}`)
237+
assert.Equal(t, expectedJSON, string(bytes))
270238
}
271239

272240
func TestRedactMissingField(t *testing.T) {
@@ -282,19 +250,13 @@ func TestRedactMissingField(t *testing.T) {
282250
}
283251

284252
err := Redact(fieldsToRedact, resource)
285-
if err != nil {
286-
t.Fatalf("unexpected error: %s", err)
287-
}
288-
253+
require.NoError(t, err)
289254
bytes, err := json.MarshalIndent(resource, "", " ")
290-
if err != nil {
291-
t.Fatalf("unexpected error: %s", err)
292-
}
255+
require.NoError(t, err)
293256

294-
expectedJSON := `{
295-
"kind": "Secret"
296-
}`
297-
if string(bytes) != expectedJSON {
298-
t.Fatalf("unexpected JSON: \ngot \n%s\nwant\n%s", string(bytes), expectedJSON)
299-
}
257+
expectedJSON := testutil.Undent(`
258+
{
259+
"kind": "Secret"
260+
}`)
261+
assert.Equal(t, expectedJSON, string(bytes))
300262
}

0 commit comments

Comments
 (0)