PR Feedback 1

backend/lib/services/cloudProviderCredentials.js

@@ -56,7 +56,7 @@ exports.create = async function ({ user, params }) {
 
   if (bindingNamespace !== secretRefNamespace ||
     secretRefNamespace !== secretNamespace) {
-    throw createError(422, 'Create allowed only for secrets in own namespace')
+    throw createError(422, 'Create allowed if secret and secretBinding are in the same namespace')
   }
 
   secret = await client.core.secrets.create(secretNamespace, secret)
@@ -93,7 +93,7 @@ exports.patch = async function ({ user, params }) {
   }
   if (bindingNamespace !== secretRefNamespace ||
     secretRefNamespace !== secretNamespace) {
-    throw createError(422, 'Patch allowed only for secrets in own namespace')
+    throw createError(422, 'Patch allowed only if secret and secretBinding are in the same namespace')
   }
   secret = await client.core.secrets.update(bindingNamespace, secretName, secret)
 
@@ -113,7 +113,7 @@ exports.remove = async function ({ user, params }) {
     throw createError(404)
   }
   if (secretBinding.metadata.namespace !== secretBinding.secretRef.namespace) {
-    throw createError(422, 'Remove allowed only for secrets in own namespace')
+    throw createError(422, 'Remove allowed only if secret and secretBinding are in the same namespace')
   }
 
   const secretRef = secretBinding.secretRef

frontend/__fixtures__/credentials.js

@@ -38,7 +38,7 @@ function createProviderCredentials (type, options = {}) {
         name: secretName,
       },
       data: {
-        secret: 'c3VwZXJzZWNyZXQ=',
+        secret: 'cw==',
       },
     }
   }

frontend/__tests__/composables/useCredentialContext.spec.js

@@ -17,6 +17,8 @@ import { useAuthzStore } from '@/store/authz'
 
 import { createCredentialContextComposable } from '@/composables/useCredentialContext'
 
+import { encodeBase64 } from '@/utils'
+
 describe('composables', () => {
   describe('useCredentialContext', () => {
     const testNamespace = 'garden-foo'
@@ -32,7 +34,15 @@ describe('composables', () => {
     })
 
     it('should set SecretBinding manifest', () => {
-      const manifest = { metadata: { name: 'foo', namespace: testNamespace }, provider: { type: 'aws' } }
+      const manifest = {
+        metadata: {
+          name: 'foo',
+          namespace: testNamespace,
+        },
+        provider: {
+          type: 'aws',
+        },
+      }
       credentialContext.setSecretBindingManifest(manifest)
 
       expect(credentialContext.secretBindingName).toBe('foo')
@@ -58,12 +68,17 @@ describe('composables', () => {
 
     it('should set and create Secret manifest', () => {
       const secretManifest = {
-        metadata: { name: 'my-secret', namespace: testNamespace },
-        data: { foo: 'YmFy' },
+        metadata: {
+          name: 'my-secret',
+          namespace: testNamespace,
+        },
+        data: {
+          foo: 'dummy-data',
+        },
       }
       credentialContext.setSecretManifest(secretManifest)
       expect(credentialContext.secretName).toBe('my-secret')
-      expect(credentialContext.secretData).toEqual({ foo: 'YmFy' })
+      expect(credentialContext.secretData).toEqual({ foo: 'dummy-data' })
 
       credentialContext.createSecretManifest()
       expect(credentialContext.secretName).toBe('')
@@ -77,15 +92,36 @@ describe('composables', () => {
       expect(credentialContext.isSecretDirty).toBe(true)
     })
 
-    it('should update and encode/decode secretStringData', () => {
+    it('should update secretStringDataRefs via secretData', async () => {
       credentialContext.createSecretManifest()
-      credentialContext.secretStringData = { password: 'secret' }
-      expect(credentialContext.secretData).toEqual({ password: 'c2VjcmV0' })
-      expect(credentialContext.secretStringData).toEqual({ password: 'secret' })
+
+      const keyMapping = { password: 'pwdVar', token: 'tokenVar' }
+      const refs = credentialContext.secretStringDataRefs(keyMapping)
+
+      await nextTick()
+      expect(refs.pwdVar.value).toBe('')
+      expect(refs.tokenVar.value).toBe('')
+
+      const password = encodeBase64('mypassword')
+      const token = encodeBase64('mytoken')
+
+      credentialContext.secretData = { password, token }
+
+      await nextTick()
+      expect(refs.pwdVar.value).toBe('mypassword')
+      expect(refs.tokenVar.value).toBe('mytoken')
     })
 
-    it('should update secret data via secretStringDataRefs', async () => {
-      credentialContext.setSecretManifest({ metadata: { name: 'my-secret', namespace: testNamespace }, data: { password: 'aW5pdGlhbA==' } })
+    it('should update secretData via secretStringDataRefs', async () => {
+      credentialContext.setSecretManifest({
+        metadata: {
+          name: 'my-secret',
+          namespace: testNamespace,
+        },
+        data: {
+          password: encodeBase64('initial'),
+        },
+      })
 
       const keyMapping = { password: 'pwdVar', token: 'tokenVar' }
       const refs = credentialContext.secretStringDataRefs(keyMapping)
@@ -97,13 +133,9 @@ describe('composables', () => {
       refs.tokenVar.value = 'mytoken'
 
       await nextTick()
-      expect(credentialContext.secretStringData).toEqual({
-        password: 'mypassword',
-        token: 'mytoken',
-      })
       expect(credentialContext.secretData).toEqual({
-        password: 'bXlwYXNzd29yZA==',
-        token: 'bXl0b2tlbg==',
+        password: encodeBase64('mypassword'),
+        token: encodeBase64('mytoken'),
       })
     })
 

frontend/__tests__/stores/__snapshots__/credential.spec.js.snap

@@ -0,0 +1,208 @@
+// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
+
+exports[`stores > credential > should deleteCredential secretbinding and referenced secret / quota 1`] = `
+{
+  "metadata": {
+    "name": "azure-secretbinding",
+    "namespace": "garden-test",
+  },
+  "provider": {
+    "type": "azure",
+  },
+  "quotas": [
+    {
+      "name": "azure-foo-quota",
+      "namespace": "garden-trial",
+    },
+    {
+      "name": "azure-bar-quota",
+      "namespace": "garden-test",
+    },
+  ],
+  "secretRef": {
+    "name": "azure-secret",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should deleteCredential secretbinding and referenced secret / quota 2`] = `
+{
+  "data": {
+    "secret": "cw==",
+  },
+  "metadata": {
+    "name": "azure-secret",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should deleteCredential secretbinding and referenced secret / quota 3`] = `
+{
+  "metadata": {
+    "name": "azure-foo-quota",
+    "namespace": "garden-trial",
+  },
+}
+`;
+
+exports[`stores > credential > should deleteCredential secretbinding and referenced secret / quota 4`] = `
+{
+  "metadata": {
+    "name": "azure-bar-quota",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should not delete secret or quota if referenced by other SecretBinding 1`] = `
+{
+  "metadata": {
+    "name": "azure-secretbinding",
+    "namespace": "garden-test",
+  },
+  "provider": {
+    "type": "azure",
+  },
+  "quotas": [
+    {
+      "name": "azure-foo-quota",
+      "namespace": "garden-trial",
+    },
+    {
+      "name": "azure-bar-quota",
+      "namespace": "garden-test",
+    },
+  ],
+  "secretRef": {
+    "name": "azure-secret",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should not delete secret or quota if referenced by other SecretBinding 2`] = `
+{
+  "data": {
+    "secret": "cw==",
+  },
+  "metadata": {
+    "name": "azure-secret",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should not delete secret or quota if referenced by other SecretBinding 3`] = `
+{
+  "metadata": {
+    "name": "azure-foo-quota",
+    "namespace": "garden-trial",
+  },
+}
+`;
+
+exports[`stores > credential > should not delete secret or quota if referenced by other SecretBinding 4`] = `
+{
+  "metadata": {
+    "name": "azure-bar-quota",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should not delete secret or quota if referenced by other SecretBinding 5`] = `
+{
+  "data": {
+    "secret": "cw==",
+  },
+  "metadata": {
+    "name": "azure-secret",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should not delete secret or quota if referenced by other SecretBinding 6`] = `
+{
+  "metadata": {
+    "name": "azure-foo-quota",
+    "namespace": "garden-trial",
+  },
+}
+`;
+
+exports[`stores > credential > should return dnsSecretBindingsList 1`] = `
+[
+  "aws-route53",
+  "azure-dns",
+  "azure-private-dns",
+  "google-clouddns",
+  "openstack-designate",
+  "alicloud-dns",
+  "infoblox-dns",
+  "netlify-dns",
+  "rfc2136",
+]
+`;
+
+exports[`stores > credential > should return infrastructureSecretBindingsList 1`] = `
+[
+  "aws",
+  "azure",
+  "gcp",
+  "openstack",
+  "alicloud",
+  "ironcore",
+]
+`;
+
+exports[`stores > credential > should return secret 1`] = `
+{
+  "data": {
+    "secret": "cw==",
+  },
+  "metadata": {
+    "name": "aws-secret",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should return secretBinding 1`] = `
+{
+  "metadata": {
+    "name": "aws-secretbinding",
+    "namespace": "garden-test",
+  },
+  "provider": {
+    "type": "aws",
+  },
+  "secretRef": {
+    "name": "aws-secret",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should return secretBindingList with multiple quotas 1`] = `
+{
+  "data": {
+    "secret": "cw==",
+  },
+  "metadata": {
+    "name": "azure-secret",
+    "namespace": "garden-test",
+  },
+}
+`;
+
+exports[`stores > credential > should return secretBindingList with multiple quotas 2`] = `
+{
+  "metadata": {
+    "name": "azure-bar-quota",
+    "namespace": "garden-test",
+  },
+}
+`;