externalsecrets

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2025 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package externalsecrets provides Terratest-style helpers for testing External Secrets Operator (ESO) resources including SecretStores, ClusterSecretStores, ExternalSecrets, and PushSecrets. Helpers wait for readiness conditions and validate that secrets have been reconciled properly.

Index

Constants

This section is empty.

Variables

View Source 
var NewESOClient = newESOClient

NewESOClient creates and returns a new controller-runtime client for interacting with ExternalSecrets resources. It initializes a runtime scheme and adds the ExternalSecrets API types to it. Returns the client or an error if the client could not be created.

Parameters: 

cfg - The Kubernetes REST configuration to use for the client.

Returns: 

client.Client - The initialized client for ExternalSecrets resources.
error         - An error if the client could not be created.

Functions

func IsClusterExternalSecretReady 

func IsClusterExternalSecretReady(secStatus esov1.ClusterExternalSecretStatus) bool

IsClusterExternalSecretReady checks if the ClusterExternalSecret resource is in a ready state. It returns true if any of the conditions in the provided ClusterExternalSecretStatus has a type of ClusterExternalSecretReady and a status of ConditionTrue, indicating readiness. Otherwise, it returns false.

func IsExternalSecretReady 

func IsExternalSecretReady(secStatus esov1.ExternalSecretStatus) bool

IsExternalSecretReady checks if the provided ExternalSecret resource has a condition of type ExternalSecretReady with a status of ConditionTrue, indicating that the external secret is ready. It returns true if such a condition is found, otherwise false.

Parameters: 

sec - Pointer to an esov1.ExternalSecret resource.

Returns: 

bool - true if the ExternalSecret is ready, false otherwise.

func ListClusterExternalSecrets added in v0.0.5 

func ListClusterExternalSecrets(t *testing.T, options *k8s.KubectlOptions, namespace string) []esov1.ClusterExternalSecret

ListClusterExternalSecrets retrieves a list of ClusterExternalSecret resources from the specified namespace using the provided Kubernetes KubectlOptions. It returns a slice of ClusterExternalSecret objects. The function requires a testing.T instance for error handling and test context propagation. It fails the test if the External Secrets client cannot be created or if listing the secrets fails.

Parameters:

  • t: The testing.T instance used for test context and assertions.
  • options: The KubectlOptions specifying the Kubernetes context and configuration.
  • namespace: The namespace from which to list ClusterExternalSecrets.

Returns:

  • []esov1.ClusterExternalSecret: A slice containing the ClusterExternalSecret resources found in the namespace.

func ListClusterSecretStores added in v0.0.5 

func ListClusterSecretStores(t *testing.T, options *k8s.KubectlOptions, namespace string) []esov1.ClusterSecretStore

ListClusterSecretStores retrieves a list of ClusterSecretStore resources from the specified namespace using the provided Kubernetes options. It returns a slice of ClusterSecretStore objects. The function fails the test if the External Secrets client cannot be created or if the list operation fails.

Parameters:

  • t: The testing context.
  • options: The kubectl options to use for connecting to the Kubernetes cluster.
  • namespace: The namespace from which to list ClusterSecretStores.

Returns:

  • A slice of esov1.ClusterSecretStore representing the ClusterSecretStores found in the namespace.

func ListExternalSecrets added in v0.0.5 

func ListExternalSecrets(t *testing.T, options *k8s.KubectlOptions, namespace string) []esov1.ExternalSecret

ListExternalSecrets retrieves all ExternalSecret resources in the specified namespace using the provided Kubernetes options. It returns a slice of ExternalSecret objects. The function fails the test if the client cannot be created or if listing the ExternalSecrets fails.

Parameters:

  • t: The testing context.
  • options: The kubectl options for connecting to the Kubernetes cluster.
  • namespace: The namespace from which to list ExternalSecrets.

Returns:

  • A slice of ExternalSecret objects found in the specified namespace.

func ListPushSecrets added in v0.0.5 

func ListPushSecrets(t *testing.T, options *k8s.KubectlOptions, namespace string, opts ...ctrlclient.ListOption) []esov1alpha1.PushSecret

ListPushSecrets retrieves all PushSecret resources in the specified Kubernetes namespace. It uses the provided testing context and KubectlOptions to create an External Secrets Operator (ESO) client, then lists all PushSecrets within the given namespace. The function fails the test if any error occurs during client creation or resource listing.

Parameters:

  • t: The testing context.
  • options: The kubectl options used to configure the client.
  • namespace: The Kubernetes namespace to search for PushSecrets.

Returns:

  • A slice of PushSecret resources found in the specified namespace.

func ListSecretStores added in v0.0.5 

func ListSecretStores(t *testing.T, options *k8s.KubectlOptions, namespace string) []esov1.SecretStore

ListSecretStores retrieves a list of External Secrets SecretStore resources from the specified Kubernetes namespace. It uses the provided testing context and kubectl options to create an External Secrets client and perform the list operation. The function fails the test if the client cannot be created or if the list operation encounters an error.

Parameters:

  • t: The testing context.
  • options: The kubectl options used to configure the client.
  • namespace: The Kubernetes namespace from which to list SecretStores.

Returns:

  • A slice of esov1.SecretStore objects found in the specified namespace.

func WaitForClusterExternalSecretReady 

func WaitForClusterExternalSecretReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForClusterExternalSecretReady waits until the specified ClusterExternalSecret resource in the given namespace becomes ready within the provided timeout duration. It polls the resource status at regular intervals and fails the test if the resource does not become ready in time. This function requires a valid External Secrets client and uses the provided k8s.KubectlOptions for cluster access.

Parameters:

  • t: The testing context.
  • options: Kubernetes KubectlOptions containing cluster access configuration.
  • name: The name of the ClusterExternalSecret resource.
  • namespace: The namespace where the resource is located.
  • timeout: The maximum duration to wait for the resource to become ready.

Fails the test if the ClusterExternalSecret does not become ready within the timeout.

func WaitForClusterSecretStoreReady 

func WaitForClusterSecretStoreReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForClusterSecretStoreReady waits until the specified ClusterSecretStore resource is in a "Ready" state. It polls the Kubernetes API at regular intervals until the ClusterSecretStore's status condition `ReasonStoreValid` is `ConditionTrue`, or until the provided timeout is reached. If the ClusterSecretStore does not become ready within the timeout, the test fails.

Parameters:

  • t: The testing context.
  • options: Kubectl options containing the REST config for Kubernetes API access.
  • name: The name of the ClusterSecretStore resource.
  • namespace: The namespace of the ClusterSecretStore resource.
  • timeout: The maximum duration to wait for the ClusterSecretStore to become ready.

This function is intended for use in integration tests to ensure that ClusterSecretStore resources are fully initialized before proceeding.

func WaitForExternalSecretReady 

func WaitForExternalSecretReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForExternalSecretReady waits until the specified ExternalSecret resource in the given namespace becomes ready within the provided timeout duration. It polls the resource status at regular intervals and fails the test if the resource does not become ready in time.

Parameters: 

t        - The testing context.
options  - Kubectl options containing the REST config for Kubernetes client.
name     - The name of the ExternalSecret resource.
namespace- The namespace where the ExternalSecret is located.
timeout  - The maximum duration to wait for the resource to become ready.

The function uses the External Secrets Operator client to fetch the resource and checks its readiness using IsExternalSecretReady. If the resource does not become ready within the timeout, the test fails.

func WaitForPushSecretReady 

func WaitForPushSecretReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForPushSecretReady waits until the specified PushSecret resource in the given namespace becomes Ready within the provided timeout. It polls the Kubernetes API at regular intervals to check the status of the PushSecret's conditions. If the PushSecret does not become Ready within the timeout, the test fails. Parameters:

  • t: The testing context.
  • options: Kubectl options containing the REST config for Kubernetes API access.
  • name: The name of the PushSecret resource.
  • namespace: The namespace where the PushSecret is located.
  • timeout: The maximum duration to wait for the PushSecret to become Ready.

func WaitForSecretStoreReady 

func WaitForSecretStoreReady(t *testing.T, options *k8s.KubectlOptions, name, namespace string, timeout time.Duration)

WaitForSecretStoreReady waits until the specified SecretStore resource in the given namespace becomes Ready. It polls the SecretStore status at regular intervals until the Ready condition is met or the timeout is reached. If the SecretStore does not become Ready within the timeout, the test fails.

Parameters: 

t        - The testing context.
options  - Kubectl options containing the REST config for Kubernetes API access.
name     - The name of the SecretStore resource.
namespace- The namespace where the SecretStore is located.
timeout  - The maximum duration to wait for the SecretStore to become Ready.

This function requires the External Secrets Operator client to be available and the SecretStore resource to be present.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.