hide sensitive data for GetPackageRepoDetail and UpdatePackageRepository with kubeapps managed secrets

cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go

@@ -2179,26 +2179,24 @@ var (
 		},
 	}
 
-	get_repo_detail_resp_6a = func(ca []byte) *corev1.GetPackageRepositoryDetailResponse {
-		return &corev1.GetPackageRepositoryDetailResponse{
-			Detail: &corev1.PackageRepositoryDetail{
-				PackageRepoRef:  get_repo_detail_package_resp_ref,
-				Name:            "repo-1",
-				Description:     "",
-				NamespaceScoped: false,
-				Type:            "helm",
-				Url:             "https://example.repo.com/charts",
-				Interval:        60,
-				Auth:            &corev1.PackageRepositoryAuth{PassCredentials: false},
-				TlsConfig: &corev1.PackageRepositoryTlsConfig{
-					InsecureSkipVerify: false,
-					PackageRepoTlsConfigOneOf: &corev1.PackageRepositoryTlsConfig_CertAuthority{
-						CertAuthority: string(ca),
-					},
+	get_repo_detail_resp_6a = &corev1.GetPackageRepositoryDetailResponse{
+		Detail: &corev1.PackageRepositoryDetail{
+			PackageRepoRef:  get_repo_detail_package_resp_ref,
+			Name:            "repo-1",
+			Description:     "",
+			NamespaceScoped: false,
+			Type:            "helm",
+			Url:             "https://example.repo.com/charts",
+			Interval:        60,
+			Auth:            &corev1.PackageRepositoryAuth{PassCredentials: false},
+			TlsConfig: &corev1.PackageRepositoryTlsConfig{
+				InsecureSkipVerify: false,
+				PackageRepoTlsConfigOneOf: &corev1.PackageRepositoryTlsConfig_CertAuthority{
+					CertAuthority: redactedString,
 				},
-				Status: podinfo_repo_status_2,
 			},
-		}
+			Status: podinfo_repo_status_2,
+		},
 	}
 
 	get_repo_detail_resp_7 = &corev1.GetPackageRepositoryDetailResponse{
@@ -2259,20 +2257,18 @@ var (
 		},
 	}
 
-	get_repo_detail_resp_9a = func(pub, priv []byte) *corev1.GetPackageRepositoryDetailResponse {
-		return &corev1.GetPackageRepositoryDetailResponse{
-			Detail: &corev1.PackageRepositoryDetail{
-				PackageRepoRef:  get_repo_detail_package_resp_ref,
-				Name:            "repo-1",
-				Description:     "",
-				NamespaceScoped: false,
-				Type:            "helm",
-				Url:             "https://example.repo.com/charts",
-				Interval:        60,
-				Auth:            tls_auth(pub, priv),
-				Status:          podinfo_repo_status_2,
-			},
-		}
+	get_repo_detail_resp_9a = &corev1.GetPackageRepositoryDetailResponse{
+		Detail: &corev1.PackageRepositoryDetail{
+			PackageRepoRef:  get_repo_detail_package_resp_ref,
+			Name:            "repo-1",
+			Description:     "",
+			NamespaceScoped: false,
+			Type:            "helm",
+			Url:             "https://example.repo.com/charts",
+			Interval:        60,
+			Auth:            tls_auth_redacted,
+			Status:          podinfo_repo_status_2,
+		},
 	}
 
 	get_repo_detail_req_6 = &corev1.GetPackageRepositoryDetailRequest{
@@ -2302,7 +2298,7 @@ var (
 			Type:            "helm",
 			Url:             "https://example.repo.com/charts",
 			Interval:        60,
-			Auth:            foo_bar_auth,
+			Auth:            foo_bar_auth_redacted,
 			Status:          podinfo_repo_status_2,
 		},
 	}
@@ -2384,7 +2380,7 @@ var (
 			Type:            "helm",
 			Url:             podinfo_basic_auth_repo_url,
 			Interval:        600,
-			Auth:            foo_bar_auth,
+			Auth:            foo_bar_auth_redacted,
 			Status:          podinfo_repo_status_1,
 		},
 	}
@@ -2631,6 +2627,18 @@ var (
 		Auth:           foo_bar_auth,
 	}
 
+	update_repo_req_16 = &corev1.UpdatePackageRepositoryRequest{
+		PackageRepoRef: repoRefInReq("repo-1", "namespace-1"),
+		Url:            "http://newurl.com",
+		Auth:           foo_bar_auth_redacted,
+	}
+
+	update_repo_req_17 = &corev1.UpdatePackageRepositoryRequest{
+		PackageRepoRef: repoRefInReq("my-podinfo-6", "TBD"),
+		Url:            podinfo_basic_auth_repo_url,
+		Auth:           foo_bar_auth_redacted,
+	}
+
 	update_repo_resp_1 = &corev1.UpdatePackageRepositoryResponse{
 		PackageRepoRef: repoRef("repo-1", "namespace-1"),
 	}
@@ -2651,6 +2659,10 @@ var (
 		PackageRepoRef: repoRefWithId("my-podinfo-5"),
 	}
 
+	update_repo_resp_6 = &corev1.UpdatePackageRepositoryResponse{
+		PackageRepoRef: repoRefWithId("my-podinfo-6"),
+	}
+
 	update_repo_detail_1 = &corev1.GetPackageRepositoryDetailResponse{
 		Detail: &corev1.PackageRepositoryDetail{
 			PackageRepoRef:  get_repo_detail_package_resp_ref,
@@ -2757,20 +2769,18 @@ var (
 		},
 	}
 
-	update_repo_detail_8 = func(pub, priv []byte) *corev1.GetPackageRepositoryDetailResponse {
-		return &corev1.GetPackageRepositoryDetailResponse{
-			Detail: &corev1.PackageRepositoryDetail{
-				PackageRepoRef:  get_repo_detail_package_resp_ref,
-				Name:            "repo-1",
-				Description:     "",
-				NamespaceScoped: false,
-				Type:            "helm",
-				Url:             "https://example.repo.com/charts",
-				Interval:        600,
-				Auth:            tls_auth(pub, priv),
-				Status:          repo_status_pending,
-			},
-		}
+	update_repo_detail_8 = &corev1.GetPackageRepositoryDetailResponse{
+		Detail: &corev1.PackageRepositoryDetail{
+			PackageRepoRef:  get_repo_detail_package_resp_ref,
+			Name:            "repo-1",
+			Description:     "",
+			NamespaceScoped: false,
+			Type:            "helm",
+			Url:             "https://example.repo.com/charts",
+			Interval:        600,
+			Auth:            tls_auth_redacted,
+			Status:          repo_status_pending,
+		},
 	}
 
 	update_repo_detail_9 = &corev1.GetPackageRepositoryDetailResponse{
@@ -2796,7 +2806,7 @@ var (
 			Type:            "helm",
 			Url:             "https://example.repo.com/charts",
 			Interval:        600,
-			Auth:            foo_bar_auth,
+			Auth:            foo_bar_auth_redacted,
 			Status:          repo_status_pending,
 		},
 	}
@@ -2810,7 +2820,7 @@ var (
 			Type:            "helm",
 			Url:             podinfo_basic_auth_repo_url,
 			Interval:        600,
-			Auth:            foo_bar_auth,
+			Auth:            foo_bar_auth_redacted,
 			Status:          podinfo_repo_status_1,
 		},
 	}
@@ -2824,7 +2834,7 @@ var (
 			Type:            "helm",
 			Url:             podinfo_basic_auth_repo_url,
 			Interval:        600,
-			Auth:            foo_bar_auth,
+			Auth:            foo_bar_auth_redacted,
 			Status:          podinfo_repo_status_1,
 		},
 	}
@@ -2852,7 +2862,35 @@ var (
 			Type:            "helm",
 			Url:             podinfo_basic_auth_repo_url,
 			Interval:        600,
-			Auth:            foo_bar_auth,
+			Auth:            foo_bar_auth_redacted,
+			Status:          podinfo_repo_status_1,
+		},
+	}
+
+	update_repo_detail_15 = &corev1.GetPackageRepositoryDetailResponse{
+		Detail: &corev1.PackageRepositoryDetail{
+			PackageRepoRef:  get_repo_detail_package_resp_ref,
+			Name:            "repo-1",
+			Description:     "",
+			NamespaceScoped: false,
+			Type:            "helm",
+			Url:             "http://newurl.com",
+			Interval:        600,
+			Auth:            foo_bar_auth_redacted,
+			Status:          repo_status_pending,
+		},
+	}
+
+	update_repo_detail_16 = &corev1.GetPackageRepositoryDetailResponse{
+		Detail: &corev1.PackageRepositoryDetail{
+			PackageRepoRef:  repoRefWithId("my-podinfo-6"),
+			Name:            "my-podinfo-6",
+			Description:     "",
+			NamespaceScoped: false,
+			Type:            "helm",
+			Url:             podinfo_basic_auth_repo_url,
+			Interval:        600,
+			Auth:            foo_bar_auth_redacted,
 			Status:          podinfo_repo_status_1,
 		},
 	}
@@ -2867,6 +2905,16 @@ var (
 		},
 	}
 
+	foo_bar_auth_redacted = &corev1.PackageRepositoryAuth{
+		Type: corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_BASIC_AUTH,
+		PackageRepoAuthOneOf: &corev1.PackageRepositoryAuth_UsernamePassword{
+			UsernamePassword: &corev1.UsernamePassword{
+				Username: redactedString,
+				Password: redactedString,
+			},
+		},
+	}
+
 	tls_auth = func(pub, priv []byte) *corev1.PackageRepositoryAuth {
 		return &corev1.PackageRepositoryAuth{
 			Type: corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_TLS,
@@ -2879,6 +2927,8 @@ var (
 		}
 	}
 
+	tls_auth_redacted = tls_auth([]byte(redactedString), []byte(redactedString))
+
 	secret_1_auth = &corev1.PackageRepositoryAuth{
 		Type: corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_BASIC_AUTH,
 		PackageRepoAuthOneOf: &corev1.PackageRepositoryAuth_SecretRef{

cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go

@@ -218,6 +218,23 @@ func kubeAddHelmRepository(t *testing.T, name, url, namespace, secretName string
 	}
 }
 
+func kubeGetHelmRepository(t *testing.T, name, namespace string) (*sourcev1.HelmRepository, error) {
+	t.Logf("+kubeGetHelmRepository(%s,%s)", name, namespace)
+
+	ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
+	defer cancel()
+	if ifc, err := kubeGetCtrlClient(); err != nil {
+		return nil, err
+	} else {
+		var repo sourcev1.HelmRepository
+		key := types.NamespacedName{Namespace: namespace, Name: name}
+		if err := ifc.Get(ctx, key, &repo); err != nil {
+			return nil, err
+		}
+		return &repo, nil
+	}
+}
+
 func kubeWaitUntilHelmRepositoryIsReady(t *testing.T, name, namespace string) error {
 	t.Logf("+kubeWaitUntilHelmRepositoryIsReady(%s,%s)", name, namespace)
 	defer func() {
@@ -639,31 +656,21 @@ func kubeDeleteNamespace(t *testing.T, namespace string) error {
 	return err
 }
 
-func kubeGetSecret(t *testing.T, namespace, name, dataKey string) (string, error) {
-	t.Logf("+kubeGetSecret(%s, %s, %s)", namespace, name, dataKey)
-	typedClient, err := kubeGetTypedClient()
-	if err != nil {
-		return "", err
-	}
-	ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
-	defer cancel()
-	secret, err := typedClient.CoreV1().Secrets(namespace).Get(
-		ctx,
-		name,
-		metav1.GetOptions{})
-	if err != nil {
-		return "", err
-	} else {
+func kubeGetSecretToken(t *testing.T, namespace, name, dataKey string) (string, error) {
+	t.Logf("+kubeGetSecretToken(%s, %s, %s)", namespace, name, dataKey)
+	if secret, err := kubeGetSecret(t, namespace, name); err == nil && secret != nil {
 		token := secret.Data[dataKey]
 		if token == nil {
 			return "", errors.New("No data found")
 		}
 		return string(token), nil
+	} else {
+		return "", err
 	}
 }
 
 func kubeCreateSecret(t *testing.T, secret *apiv1.Secret) error {
-	t.Logf("+kubeCreateSecret(%s, %s", secret.Namespace, secret.Name)
+	t.Logf("+kubeCreateSecret(%s, %s)", secret.Namespace, secret.Name)
 	typedClient, err := kubeGetTypedClient()
 	if err != nil {
 		return err
@@ -691,16 +698,29 @@ func kubeDeleteSecret(t *testing.T, namespace, name string) error {
 		metav1.DeleteOptions{})
 }
 
-func kubeExistsSecret(t *testing.T, namespace, name string) (bool, error) {
-	t.Logf("+kubeExistsSecret(%s, %s)", namespace, name)
+func kubeGetSecret(t *testing.T, namespace, name string) (*apiv1.Secret, error) {
+	t.Logf("+kubeGetSecret(%s, %s)", namespace, name)
 	typedClient, err := kubeGetTypedClient()
 	if err != nil {
-		return false, err
+		return nil, err
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
 	defer cancel()
-	_, err = typedClient.CoreV1().Secrets(namespace).Get(ctx, name, metav1.GetOptions{})
-	return err == nil, nil
+	secret, err := typedClient.CoreV1().Secrets(namespace).Get(
+		ctx,
+		name,
+		metav1.GetOptions{})
+	if err != nil {
+		return nil, err
+	} else {
+		return secret, nil
+	}
+}
+
+func kubeExistsSecret(t *testing.T, namespace, name string) (bool, error) {
+	t.Logf("+kubeExistsSecret(%s, %s)", namespace, name)
+	secret, err := kubeGetSecret(t, namespace, name)
+	return err == nil && secret != nil, nil
 }
 
 func kubePortForwardToRedis(t *testing.T) error {
@@ -953,7 +973,7 @@ func newRedisClientForIntegrationTest(t *testing.T) (*redis.Client, error) {
 	if err := kubePortForwardToRedis(t); err != nil {
 		return nil, fmt.Errorf("kubePortForwardToRedis failed due to %+v", err)
 	}
-	redisPwd, err := kubeGetSecret(t, "kubeapps", "kubeapps-redis", "redis-password")
+	redisPwd, err := kubeGetSecretToken(t, "kubeapps", "kubeapps-redis", "redis-password")
 	if err != nil {
 		return nil, fmt.Errorf("%v", err)
 	}

cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go

@@ -509,10 +509,10 @@ func TestKindClusterDeleteInstalledPackage(t *testing.T) {
 					t.Errorf("expected pod with prefix [%s] not found in namespace [%s], pods found: [%v]",
 						tc.expectedPodPrefix, tc.request.TargetContext.Namespace, pods)
 				} else if i == maxWait {
-					t.Fatalf("Timed out waiting for garbage collection, of [%s], last error: [%v]", pods[0], err)
+					t.Fatalf("Timed out waiting for garbage collection of pod [%s]", pods[0])
 				} else {
-					t.Logf("Waiting 2s for garbage collection of [%s], attempt [%d/%d]...", pods[0], i+1, maxWait)
-					time.Sleep(2 * time.Second)
+					t.Logf("Waiting 3s for garbage collection of pod [%s], attempt [%d/%d]...", pods[0], i+1, maxWait)
+					time.Sleep(3 * time.Second)
 				}
 			}
 		})