Add implementation for resources.GetSecretNames.

Signed-off-by: Michael Nelson <minelson@vmware.com>
vmware-tanzu · Dec 13, 2021 · 275bf2d · 275bf2d
1 parent 412ab0c
commit 275bf2d
Show file tree

Hide file tree

Showing 2 changed files with 174 additions and 2 deletions.
diff --git a/cmd/kubeapps-apis/plugins/resources/v1alpha1/secrets.go b/cmd/kubeapps-apis/plugins/resources/v1alpha1/secrets.go
@@ -45,7 +45,7 @@ func (s *Server) CreateSecret(ctx context.Context, r *v1alpha1.CreateSecretReque
 			Namespace: namespace,
 			Name:      r.GetName(),
 		},
-		Type:       secretTypeForEnum(r.GetType()),
+		Type:       k8sTypeForProtoType(r.GetType()),
 		StringData: r.GetStringData(),
 	}, metav1.CreateOptions{})
 	if err != nil {
@@ -55,7 +55,7 @@ func (s *Server) CreateSecret(ctx context.Context, r *v1alpha1.CreateSecretReque
 	return &v1alpha1.CreateSecretResponse{}, nil
 }
 
-func secretTypeForEnum(secretType v1alpha1.SecretType) core.SecretType {
+func k8sTypeForProtoType(secretType v1alpha1.SecretType) core.SecretType {
 	switch secretType {
 	case v1alpha1.SecretType_SECRET_TYPE_OPAQUE_UNSPECIFIED:
 		return core.SecretTypeOpaque
@@ -76,3 +76,52 @@ func secretTypeForEnum(secretType v1alpha1.SecretType) core.SecretType {
 	}
 	return core.SecretTypeOpaque
 }
+
+func protoTypeForK8sType(secretType core.SecretType) v1alpha1.SecretType {
+	switch secretType {
+	case core.SecretTypeOpaque:
+		return v1alpha1.SecretType_SECRET_TYPE_OPAQUE_UNSPECIFIED
+	case core.SecretTypeServiceAccountToken:
+		return v1alpha1.SecretType_SECRET_TYPE_SERVICE_ACCOUNT_TOKEN
+	case core.SecretTypeDockercfg:
+		return v1alpha1.SecretType_SECRET_TYPE_DOCKER_CONFIG
+	case core.SecretTypeDockerConfigJson:
+		return v1alpha1.SecretType_SECRET_TYPE_DOCKER_CONFIG_JSON
+	case core.SecretTypeBasicAuth:
+		return v1alpha1.SecretType_SECRET_TYPE_BASIC_AUTH
+	case core.SecretTypeSSHAuth:
+		return v1alpha1.SecretType_SECRET_TYPE_SSH_AUTH
+	case core.SecretTypeTLS:
+		return v1alpha1.SecretType_SECRET_TYPE_TLS
+	case core.SecretTypeBootstrapToken:
+		return v1alpha1.SecretType_SECRET_TYPE_BOOTSTRAP_TOKEN
+	}
+	return v1alpha1.SecretType_SECRET_TYPE_OPAQUE_UNSPECIFIED
+}
+
+// GetSecretNames returns a map of secret names with their types for the given
+// context if the user has the required RBAC.
+func (s *Server) GetSecretNames(ctx context.Context, r *v1alpha1.GetSecretNamesRequest) (*v1alpha1.GetSecretNamesResponse, error) {
+	cluster := r.GetContext().GetCluster()
+	namespace := r.GetContext().GetNamespace()
+	log.Infof("+resources GetSecretNames (cluster: %q, namespace: %q)", cluster, namespace)
+
+	typedClient, _, err := s.clientGetter(ctx, cluster)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "unable to get the k8s client: '%v'", err)
+	}
+
+	secretList, err := typedClient.CoreV1().Secrets(namespace).List(ctx, metav1.ListOptions{})
+	if err != nil {
+		return nil, errorByStatus("list", "Secrets", "", err)
+	}
+
+	secrets := map[string]v1alpha1.SecretType{}
+	for _, s := range secretList.Items {
+		secrets[s.Name] = protoTypeForK8sType(s.Type)
+	}
+
+	return &v1alpha1.GetSecretNamesResponse{
+		SecretNames: secrets,
+	}, nil
+}
diff --git a/cmd/kubeapps-apis/plugins/resources/v1alpha1/secrets_test.go b/cmd/kubeapps-apis/plugins/resources/v1alpha1/secrets_test.go
@@ -24,6 +24,7 @@ import (
 	"github.com/kubeapps/kubeapps/cmd/kubeapps-apis/gen/plugins/resources/v1alpha1"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	core "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -143,3 +144,125 @@ func TestCreateSecret(t *testing.T) {
 		})
 	}
 }
+
+func TestGetSecretNames(t *testing.T) {
+
+	ignoredUnexported := cmpopts.IgnoreUnexported(
+		v1alpha1.GetSecretNamesResponse{},
+	)
+
+	testCases := []struct {
+		name              string
+		request           *v1alpha1.GetSecretNamesRequest
+		k8sError          error
+		expectedResponse  *v1alpha1.GetSecretNamesResponse
+		expectedErrorCode codes.Code
+		existingObjects   []runtime.Object
+	}{
+		{
+			name: "returns existing namespaces from the context namespace only if user has RBAC",
+			request: &v1alpha1.GetSecretNamesRequest{
+				Context: &pkgsGRPCv1alpha1.Context{
+					Cluster:   "default",
+					Namespace: "default",
+				},
+			},
+			existingObjects: []runtime.Object{
+				&core.Secret{
+					TypeMeta: metav1.TypeMeta{
+						Kind:       "Namespace",
+						APIVersion: "v1",
+					},
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "secret-1",
+						Namespace: "default",
+					},
+					Type: core.SecretTypeOpaque,
+					StringData: map[string]string{
+						"ignored": "we don't use it",
+					},
+				},
+				&core.Secret{
+					TypeMeta: metav1.TypeMeta{
+						Kind:       "Namespace",
+						APIVersion: "v1",
+					},
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "secret-2",
+						Namespace: "default",
+					},
+					Type: core.SecretTypeDockerConfigJson,
+				},
+				&core.Secret{
+					TypeMeta: metav1.TypeMeta{
+						Kind:       "Namespace",
+						APIVersion: "v1",
+					},
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "secret-other-namespace",
+						Namespace: "other-namespace",
+					},
+					Type: core.SecretTypeDockerConfigJson,
+				},
+			},
+			expectedResponse: &v1alpha1.GetSecretNamesResponse{
+				SecretNames: map[string]v1alpha1.SecretType{
+					"secret-1": v1alpha1.SecretType_SECRET_TYPE_OPAQUE_UNSPECIFIED,
+					"secret-2": v1alpha1.SecretType_SECRET_TYPE_DOCKER_CONFIG_JSON,
+				},
+			},
+		},
+		{
+			name: "returns permission denied if k8s returns a forbidden error",
+			request: &v1alpha1.GetSecretNamesRequest{
+				Context: &pkgsGRPCv1alpha1.Context{
+					Cluster:   "default",
+					Namespace: "default",
+				},
+			},
+			k8sError: k8serrors.NewForbidden(schema.GroupResource{
+				Group:    "v1",
+				Resource: "secrets",
+			}, "default", errors.New("Bang")),
+			expectedErrorCode: codes.PermissionDenied,
+		},
+		{
+			name: "returns an internal error if k8s returns an unexpected error",
+			request: &v1alpha1.GetSecretNamesRequest{
+				Context: &pkgsGRPCv1alpha1.Context{
+					Cluster:   "default",
+					Namespace: "default",
+				},
+			},
+			k8sError:          k8serrors.NewInternalError(errors.New("Bang")),
+			expectedErrorCode: codes.Internal,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+
+			fakeClient := typfake.NewSimpleClientset(tc.existingObjects...)
+			if tc.k8sError != nil {
+				fakeClient.CoreV1().(*fakecorev1.FakeCoreV1).PrependReactor("list", "secrets", func(action clientGoTesting.Action) (handled bool, ret runtime.Object, err error) {
+					return true, &v1.SecretList{}, tc.k8sError
+				})
+			}
+			s := Server{
+				clientGetter: func(context.Context, string) (kubernetes.Interface, dynamic.Interface, error) {
+					return fakeClient, nil, nil
+				},
+			}
+
+			response, err := s.GetSecretNames(context.Background(), tc.request)
+
+			if got, want := status.Code(err), tc.expectedErrorCode; got != want {
+				t.Fatalf("got: %d, want: %d, err: %+v", got, want, err)
+			}
+
+			if got, want := response, tc.expectedResponse; !cmp.Equal(got, want, ignoredUnexported) {
+				t.Errorf("mismatch (-want +got):\n%s", cmp.Diff(want, got, ignoredUnexported))
+			}
+		})
+	}
+}