implement including all keys

Signed-off-by: Julio Camarero <julio.camarero@elastic.co>
guntiskarulis · Oct 23, 2024 · 2cf654a · 2cf654a
1 parent 5362ff7
commit 2cf654a
Show file tree

Hide file tree

Showing 2 changed files with 95 additions and 13 deletions.
diff --git a/pkg/bundle/source.go b/pkg/bundle/source.go
@@ -145,12 +145,19 @@ func (b *bundle) configMapBundle(ctx context.Context, ref *trustapi.SourceObject
 
 	var results strings.Builder
 	for _, cm := range configMaps {
-		data, ok := cm.Data[ref.Key]
-		if !ok {
-			return "", notFoundError{fmt.Errorf("no data found in ConfigMap %s/%s at key %q", cm.Namespace, cm.Name, ref.Key)}
+		if len(ref.Key) > 0 {
+			data, ok := cm.Data[ref.Key]
+			if !ok {
+				return "", notFoundError{fmt.Errorf("no data found in ConfigMap %s/%s at key %q", cm.Namespace, cm.Name, ref.Key)}
+			}
+			results.WriteString(data)
+			results.WriteByte('\n')
+		} else if ref.IncludeAllKeys {
+			for _, data := range cm.Data {
+				results.WriteString(data)
+				results.WriteByte('\n')
+			}
 		}
-		results.WriteString(data)
-		results.WriteByte('\n')
 	}
 	return results.String(), nil
 }
@@ -192,12 +199,19 @@ func (b *bundle) secretBundle(ctx context.Context, ref *trustapi.SourceObjectKey
 
 	var results strings.Builder
 	for _, secret := range secrets {
-		data, ok := secret.Data[ref.Key]
-		if !ok {
-			return "", notFoundError{fmt.Errorf("no data found in Secret %s/%s at key %q", secret.Namespace, secret.Name, ref.Key)}
+		if len(ref.Key) > 0 {
+			data, ok := secret.Data[ref.Key]
+			if !ok {
+				return "", notFoundError{fmt.Errorf("no data found in Secret %s/%s at key %q", secret.Namespace, secret.Name, ref.Key)}
+			}
+			results.Write(data)
+			results.WriteByte('\n')
+		} else if ref.IncludeAllKeys {
+			for _, data := range secret.Data {
+				results.Write(data)
+				results.WriteByte('\n')
+			}
 		}
-		results.Write(data)
-		results.WriteByte('\n')
 	}
 	return results.String(), nil
 }
diff --git a/pkg/bundle/source_test.go b/pkg/bundle/source_test.go
@@ -97,7 +97,7 @@ func Test_buildSourceBundle(t *testing.T) {
 			expError:         true,
 			expNotFoundError: true,
 		},
-		"if single ConfigMap source, return data": {
+		"if single ConfigMap source referencing single key, return data": {
 			sources: []trustapi.BundleSource{
 				{ConfigMap: &trustapi.SourceObjectKeySelector{Name: "configmap", KeySelector: trustapi.KeySelector{Key: "key"}}},
 			},
@@ -109,6 +109,18 @@ func Test_buildSourceBundle(t *testing.T) {
 			expError:         false,
 			expNotFoundError: false,
 		},
+		"if single ConfigMap source including all keys, return data": {
+			sources: []trustapi.BundleSource{
+				{ConfigMap: &trustapi.SourceObjectKeySelector{Name: "configmap", IncludeAllKeys: true}},
+			},
+			objects: []runtime.Object{&corev1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{Name: "configmap"},
+				Data:       map[string]string{"cert-1": dummy.TestCertificate1 + "\n" + dummy.TestCertificate2, "cert-2": dummy.TestCertificate3},
+			}},
+			expData:          dummy.JoinCerts(dummy.TestCertificate2, dummy.TestCertificate1, dummy.TestCertificate3),
+			expError:         false,
+			expNotFoundError: false,
+		},
 		"if single ConfigMap source, return data even when order changes": {
 			// Test uses the same data as the previous one but with different order
 			sources: []trustapi.BundleSource{
@@ -144,6 +156,28 @@ func Test_buildSourceBundle(t *testing.T) {
 			expError:         false,
 			expNotFoundError: false,
 		},
+		"if selects at least one ConfigMap source including all keys, return data": {
+			sources: []trustapi.BundleSource{
+				{ConfigMap: &trustapi.SourceObjectKeySelector{IncludeAllKeys: true, Selector: &metav1.LabelSelector{MatchLabels: map[string]string{"trust-bundle.certs": "includes"}}}},
+			},
+			objects: []runtime.Object{
+				&corev1.ConfigMap{
+					ObjectMeta: metav1.ObjectMeta{Name: "configmap", Labels: map[string]string{"trust-bundle.certs": "includes"}},
+					Data: map[string]string{
+						"cert-1": dummy.TestCertificate1 + "\n" + dummy.TestCertificate2,
+						"cert-3": dummy.TestCertificate3,
+					},
+				},
+				&corev1.ConfigMap{
+					ObjectMeta: metav1.ObjectMeta{Name: "configmap2", Labels: map[string]string{"trust-bundle.certs": "includes"}},
+					Data: map[string]string{
+						"cert-4": dummy.TestCertificate4,
+					},
+				}},
+			expData:          dummy.JoinCerts(dummy.TestCertificate2, dummy.TestCertificate1, dummy.TestCertificate4, dummy.TestCertificate3),
+			expError:         false,
+			expNotFoundError: false,
+		},
 		"if ConfigMap and InLine source, return concatenated data": {
 			sources: []trustapi.BundleSource{
 				{ConfigMap: &trustapi.SourceObjectKeySelector{Name: "configmap", KeySelector: trustapi.KeySelector{Key: "key"}}},
@@ -175,7 +209,7 @@ func Test_buildSourceBundle(t *testing.T) {
 			expError:         true,
 			expNotFoundError: true,
 		},
-		"if single Secret source, return data": {
+		"if single Secret source referencing single key, return data": {
 			sources: []trustapi.BundleSource{
 				{Secret: &trustapi.SourceObjectKeySelector{Name: "secret", KeySelector: trustapi.KeySelector{Key: "key"}}},
 			},
@@ -187,6 +221,18 @@ func Test_buildSourceBundle(t *testing.T) {
 			expError:         false,
 			expNotFoundError: false,
 		},
+		"if single Secret source including all keys, return data": {
+			sources: []trustapi.BundleSource{
+				{Secret: &trustapi.SourceObjectKeySelector{Name: "secret", IncludeAllKeys: true}},
+			},
+			objects: []runtime.Object{&corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{Name: "secret"},
+				Data:       map[string][]byte{"cert-1": []byte(dummy.TestCertificate1 + "\n" + dummy.TestCertificate2), "cert-9": []byte(dummy.TestCertificate4)},
+			}},
+			expData:          dummy.JoinCerts(dummy.TestCertificate2, dummy.TestCertificate1, dummy.TestCertificate4),
+			expError:         false,
+			expNotFoundError: false,
+		},
 		"if Secret and InLine source, return concatenated data": {
 			sources: []trustapi.BundleSource{
 				{Secret: &trustapi.SourceObjectKeySelector{Name: "secret", KeySelector: trustapi.KeySelector{Key: "key"}}},
@@ -200,7 +246,7 @@ func Test_buildSourceBundle(t *testing.T) {
 			expError:         false,
 			expNotFoundError: false,
 		},
-		"if Secret, ConfigmMap and InLine source, return concatenated data": {
+		"if Secret, ConfigMap and InLine source, return concatenated data": {
 			sources: []trustapi.BundleSource{
 				{ConfigMap: &trustapi.SourceObjectKeySelector{Name: "configmap", KeySelector: trustapi.KeySelector{Key: "key"}}},
 				{InLine: ptr.To(dummy.TestCertificate3)},
@@ -250,6 +296,28 @@ func Test_buildSourceBundle(t *testing.T) {
 			expError:         true,
 			expNotFoundError: true,
 		},
+		"if selects at least one Secret source including all keys, return data": {
+			sources: []trustapi.BundleSource{
+				{Secret: &trustapi.SourceObjectKeySelector{IncludeAllKeys: true, Selector: &metav1.LabelSelector{MatchLabels: map[string]string{"trust-bundle.certs": "includes"}}}},
+			},
+			objects: []runtime.Object{
+				&corev1.Secret{
+					ObjectMeta: metav1.ObjectMeta{Name: "secret1", Labels: map[string]string{"trust-bundle.certs": "includes"}},
+					Data: map[string][]byte{
+						"cert-1": []byte(dummy.TestCertificate1 + "\n" + dummy.TestCertificate2),
+						"cert-3": []byte(dummy.TestCertificate3),
+					},
+				},
+				&corev1.Secret{
+					ObjectMeta: metav1.ObjectMeta{Name: "secret2", Labels: map[string]string{"trust-bundle.certs": "includes"}},
+					Data: map[string][]byte{
+						"cert-4": []byte(dummy.TestCertificate4),
+					},
+				}},
+			expData:          dummy.JoinCerts(dummy.TestCertificate2, dummy.TestCertificate1, dummy.TestCertificate4, dummy.TestCertificate3),
+			expError:         false,
+			expNotFoundError: false,
+		},
 		"if has JKS target, return binaryData with encoded JKS": {
 			sources: []trustapi.BundleSource{
 				{ConfigMap: &trustapi.SourceObjectKeySelector{Name: "configmap", KeySelector: trustapi.KeySelector{Key: "key"}}},