From 724473462be9815dae8356c00417c2059b040f4e Mon Sep 17 00:00:00 2001
From: Nghia Tran <tcnghia@gmail.com>
Date: Thu, 11 Feb 2021 14:40:32 -0800
Subject: [PATCH] Run conformance tests for Kuberentes secret store (#673)

* Run K8s secret store tests

* Add workaround for https://github.com/golang/go/issues/40795

* Add clarity to the hack
---
 .github/workflows/conformance.yml             | 11 ++++++++
 Makefile                                      |  4 ++-
 tests/config/kind-data.yaml                   | 15 +++++++++++
 .../kubernetes/kubernetes-secrets.yaml        |  9 +++++++
 tests/config/secretstores/tests.yml           |  3 ++-
 tests/conformance/common.go                   | 11 +++++---
 .../conformance/secretstores/secretstores.go  | 26 ++++++++++++-------
 7 files changed, 64 insertions(+), 15 deletions(-)
 create mode 100644 tests/config/kind-data.yaml
 create mode 100644 tests/config/secretstores/kubernetes/kubernetes-secrets.yaml

diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index 4e5e23bc8..c7c0df35b 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -32,6 +32,7 @@ jobs:
         - bindings.kafka
         - bindings.redis
         - pubsub.redis
+        - secretstores.kubernetes
         - secretstores.localenv
         - secretstores.localfile
         - state.mongodb
@@ -167,6 +168,16 @@ jobs:
       run: docker-compose -f ./.github/infrastructure/docker-compose-kafka.yml up -d
       if: contains(matrix.component, 'kafka')
 
+    - name: Start KinD
+      uses: helm/kind-action@v1.0.0
+      if: contains(matrix.component, 'kubernetes')
+
+    - name: Setup KinD test data
+      if: contains(matrix.component, 'kubernetes')
+      run: |
+        kubectl apply -f tests/config/kind-data.yaml
+        echo "NAMESPACE=default" >> $GITHUB_ENV
+
     - name: Set up Go
       uses: actions/setup-go@v2
 
diff --git a/Makefile b/Makefile
index e93c1c399..c9df1a202 100644
--- a/Makefile
+++ b/Makefile
@@ -41,6 +41,8 @@ export GOOS ?= $(TARGET_OS_LOCAL)
 ifeq ($(GOOS),windows)
 BINARY_EXT_LOCAL:=.exe
 GOLANGCI_LINT:=golangci-lint.exe
+# Workaround for https://github.com/golang/go/issues/40795
+BUILDMODE:=-buildmode=exe
 else
 BINARY_EXT_LOCAL:=
 GOLANGCI_LINT:=golangci-lint
@@ -51,7 +53,7 @@ endif
 ################################################################################
 .PHONY: test
 test:
-	go test ./... $(COVERAGE_OPTS)
+	go test ./... $(COVERAGE_OPTS) $(BUILDMODE)
 
 ################################################################################
 # Target: lint                                                                 #
diff --git a/tests/config/kind-data.yaml b/tests/config/kind-data.yaml
new file mode 100644
index 000000000..ecdef3b49
--- /dev/null
+++ b/tests/config/kind-data.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: conftestsecret
+type: Opaque
+stringData:
+  conftestsecret: abcd
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secondsecret
+type: Opaque
+stringData:
+  secondsecret: efgh
diff --git a/tests/config/secretstores/kubernetes/kubernetes-secrets.yaml b/tests/config/secretstores/kubernetes/kubernetes-secrets.yaml
new file mode 100644
index 000000000..0ff19381a
--- /dev/null
+++ b/tests/config/secretstores/kubernetes/kubernetes-secrets.yaml
@@ -0,0 +1,9 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: kubernetes
+spec:
+  type: secretstores.kubernetes
+  metadata:
+  - name: namespace
+    value: default
diff --git a/tests/config/secretstores/tests.yml b/tests/config/secretstores/tests.yml
index 2dc64ae0a..0bd46b129 100644
--- a/tests/config/secretstores/tests.yml
+++ b/tests/config/secretstores/tests.yml
@@ -6,4 +6,5 @@ components:
     allOperations: true
   - component: azure.keyvault
     allOperations: true
-
+  - component: kubernetes
+    allOperations: true
diff --git a/tests/conformance/common.go b/tests/conformance/common.go
index 4f7fc6fb9..85fa87f52 100644
--- a/tests/conformance/common.go
+++ b/tests/conformance/common.go
@@ -28,6 +28,7 @@ import (
 	p_redis "github.com/dapr/components-contrib/pubsub/redis"
 	"github.com/dapr/components-contrib/secretstores"
 	ss_azure "github.com/dapr/components-contrib/secretstores/azure/keyvault"
+	ss_kubernetes "github.com/dapr/components-contrib/secretstores/kubernetes"
 	ss_local_env "github.com/dapr/components-contrib/secretstores/local/env"
 	ss_local_file "github.com/dapr/components-contrib/secretstores/local/file"
 	"github.com/dapr/components-contrib/state"
@@ -271,12 +272,14 @@ func loadPubSub(tc TestComponent) pubsub.PubSub {
 func loadSecretStore(tc TestComponent) secretstores.SecretStore {
 	var store secretstores.SecretStore
 	switch tc.Component {
-	case "localfile":
-		store = ss_local_file.NewLocalSecretStore(testLogger)
-	case "localenv":
-		store = ss_local_env.NewEnvSecretStore(testLogger)
 	case "azure.keyvault":
 		store = ss_azure.NewAzureKeyvaultSecretStore(testLogger)
+	case "kubernetes":
+		store = ss_kubernetes.NewKubernetesSecretStore(testLogger)
+	case "localenv":
+		store = ss_local_env.NewEnvSecretStore(testLogger)
+	case "localfile":
+		store = ss_local_file.NewLocalSecretStore(testLogger)
 	default:
 		return nil
 	}
diff --git a/tests/conformance/secretstores/secretstores.go b/tests/conformance/secretstores/secretstores.go
index 4d972b9fc..6559c8ed7 100644
--- a/tests/conformance/secretstores/secretstores.go
+++ b/tests/conformance/secretstores/secretstores.go
@@ -70,14 +70,12 @@ func ConformanceTests(t *testing.T, props map[string]string, store secretstores.
 	// Bulkget
 	if config.HasOperation("bulkget") {
 		bulkReq := secretstores.BulkGetSecretRequest{}
-		bulkResponse := secretstores.BulkGetSecretResponse{
-			Data: map[string]map[string]string{
-				"conftestsecret": {
-					"conftestsecret": "abcd",
-				},
-				"secondsecret": {
-					"secondsecret": "efgh",
-				},
+		expectedData := map[string]map[string]string{
+			"conftestsecret": {
+				"conftestsecret": "abcd",
+			},
+			"secondsecret": {
+				"secondsecret": "efgh",
 			},
 		}
 
@@ -86,7 +84,17 @@ func ConformanceTests(t *testing.T, props map[string]string, store secretstores.
 			assert.NoError(t, err, "expected no error on getting secret %v", bulkReq)
 			assert.NotNil(t, resp, "expected value to be returned")
 			assert.NotNil(t, resp.Data, "expected value to be returned")
-			assert.Equal(t, bulkResponse.Data, resp.Data, "expected values to be equal")
+
+			// Many secret stores don't allow us to start with an
+			// empty set of secrets.  For example, every Kubernetes
+			// namespace will contain a secret token.
+			//
+			// As a result, here we can only confirm that the secret
+			// store contains all that we expected, but it is possible that
+			// it may have more.
+			for k, m := range expectedData {
+				assert.Equal(t, m, resp.Data[k], "expected values to be equal")
+			}
 		})
 	}
 }