Run conformance tests for Kuberentes secret store (#673)

* Run K8s secret store tests * Add workaround for https://github.com/golang/go/issues/40795 * Add clarity to the hack
2021-02-11 14:40:32 -08:00 · 2021-02-11 14:40:32 -08:00 · 724473462b
parent cf1f27e59f
commit 724473462b
7 changed files with 64 additions and 15 deletions
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@ -32,6 +32,7 @@ jobs:
        - bindings.kafka
        - bindings.redis
        - pubsub.redis
+        - secretstores.kubernetes
        - secretstores.localenv
        - secretstores.localfile
        - state.mongodb
@ -167,6 +168,16 @@ jobs:
      run: docker-compose -f ./.github/infrastructure/docker-compose-kafka.yml up -d
      if: contains(matrix.component, 'kafka')

+    - name: Start KinD
+      uses: helm/kind-action@v1.0.0
+      if: contains(matrix.component, 'kubernetes')
+
+    - name: Setup KinD test data
+      if: contains(matrix.component, 'kubernetes')
+      run: |
+        kubectl apply -f tests/config/kind-data.yaml
+        echo "NAMESPACE=default" >> $GITHUB_ENV
+
    - name: Set up Go
      uses: actions/setup-go@v2

--- a/4
+++ b/4
@ -41,6 +41,8 @@ export GOOS ?= $(TARGET_OS_LOCAL)
 ifeq ($(GOOS),windows)
 BINARY_EXT_LOCAL:=.exe
 GOLANGCI_LINT:=golangci-lint.exe
+# Workaround for https://github.com/golang/go/issues/40795
+BUILDMODE:=-buildmode=exe
 else
 BINARY_EXT_LOCAL:=
 GOLANGCI_LINT:=golangci-lint
@ -51,7 +53,7 @@ endif
 ################################################################################
 .PHONY: test
 test:
-	go test ./... $(COVERAGE_OPTS)
+	go test ./... $(COVERAGE_OPTS) $(BUILDMODE)

 ################################################################################
 # Target: lint                                                                 #
--- a/tests/config/kind-data.yaml
+++ b/tests/config/kind-data.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: conftestsecret
+type: Opaque
+stringData:
+  conftestsecret: abcd
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secondsecret
+type: Opaque
+stringData:
+  secondsecret: efgh
--- a/tests/config/secretstores/kubernetes/kubernetes-secrets.yaml
+++ b/tests/config/secretstores/kubernetes/kubernetes-secrets.yaml
@ -0,0 +1,9 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: kubernetes
+spec:
+  type: secretstores.kubernetes
+  metadata:
+  - name: namespace
+    value: default
--- a/tests/config/secretstores/tests.yml
+++ b/tests/config/secretstores/tests.yml
@ -6,4 +6,5 @@ components:
    allOperations: true
  - component: azure.keyvault
    allOperations: true
-
+  - component: kubernetes
+    allOperations: true
--- a/tests/conformance/common.go
+++ b/tests/conformance/common.go
@ -28,6 +28,7 @@ import (
 	p_redis "github.com/dapr/components-contrib/pubsub/redis"
 	"github.com/dapr/components-contrib/secretstores"
 	ss_azure "github.com/dapr/components-contrib/secretstores/azure/keyvault"
+	ss_kubernetes "github.com/dapr/components-contrib/secretstores/kubernetes"
 	ss_local_env "github.com/dapr/components-contrib/secretstores/local/env"
 	ss_local_file "github.com/dapr/components-contrib/secretstores/local/file"
 	"github.com/dapr/components-contrib/state"
@ -271,12 +272,14 @@ func loadPubSub(tc TestComponent) pubsub.PubSub {
 func loadSecretStore(tc TestComponent) secretstores.SecretStore {
 	var store secretstores.SecretStore
 	switch tc.Component {
-	case "localfile":
-		store = ss_local_file.NewLocalSecretStore(testLogger)
-	case "localenv":
-		store = ss_local_env.NewEnvSecretStore(testLogger)
 	case "azure.keyvault":
 		store = ss_azure.NewAzureKeyvaultSecretStore(testLogger)
+	case "kubernetes":
+		store = ss_kubernetes.NewKubernetesSecretStore(testLogger)
+	case "localenv":
+		store = ss_local_env.NewEnvSecretStore(testLogger)
+	case "localfile":
+		store = ss_local_file.NewLocalSecretStore(testLogger)
 	default:
 		return nil
 	}
--- a/tests/conformance/secretstores/secretstores.go
+++ b/tests/conformance/secretstores/secretstores.go
@ -70,14 +70,12 @@ func ConformanceTests(t *testing.T, props map[string]string, store secretstores.
 	// Bulkget
 	if config.HasOperation("bulkget") {
 		bulkReq := secretstores.BulkGetSecretRequest{}
-		bulkResponse := secretstores.BulkGetSecretResponse{
-			Data: map[string]map[string]string{
-				"conftestsecret": {
-					"conftestsecret": "abcd",
-				},
-				"secondsecret": {
-					"secondsecret": "efgh",
-				},
+		expectedData := map[string]map[string]string{
+			"conftestsecret": {
+				"conftestsecret": "abcd",
+			},
+			"secondsecret": {
+				"secondsecret": "efgh",
 			},
 		}

@ -86,7 +84,17 @@ func ConformanceTests(t *testing.T, props map[string]string, store secretstores.
 			assert.NoError(t, err, "expected no error on getting secret %v", bulkReq)
 			assert.NotNil(t, resp, "expected value to be returned")
 			assert.NotNil(t, resp.Data, "expected value to be returned")
-			assert.Equal(t, bulkResponse.Data, resp.Data, "expected values to be equal")
+
+			// Many secret stores don't allow us to start with an
+			// empty set of secrets.  For example, every Kubernetes
+			// namespace will contain a secret token.
+			//
+			// As a result, here we can only confirm that the secret
+			// store contains all that we expected, but it is possible that
+			// it may have more.
+			for k, m := range expectedData {
+				assert.Equal(t, m, resp.Data[k], "expected values to be equal")
+			}
 		})
 	}
 }