feat: implement SecretLoader as interface and enforce Fluentd tests u…

apis/fluentd/v1alpha1/plugins/secret_types.go

@@ -23,19 +23,23 @@ type ValueSource struct {
 	SecretKeyRef corev1.SecretKeySelector `json:"secretKeyRef,omitempty"`
 }
 
-type SecretLoader struct {
+type SecretLoader interface {
+	LoadSecret(s Secret) (string, error)
+}
+
+type SecretLoaderStruct struct {
 	client    client.Client
 	namespace string
 }
 
 func NewSecretLoader(c client.Client, ns string, l logr.Logger) SecretLoader {
-	return SecretLoader{
+	return SecretLoaderStruct{
 		client:    c,
 		namespace: ns,
 	}
 }
 
-func (sl SecretLoader) LoadSecret(s Secret) (string, error) {
+func (sl SecretLoaderStruct) LoadSecret(s Secret) (string, error) {
 	var secret corev1.Secret
 	if err := sl.client.Get(context.Background(), client.ObjectKey{Name: s.ValueFrom.SecretKeyRef.Name, Namespace: sl.namespace}, &secret); err != nil {
 		return "", err

apis/fluentd/v1alpha1/tests/expected/fluentd-cluster-cfg-output-loki.cfg

@@ -30,8 +30,11 @@
     extract_kubernetes_labels  true
     include_thread_label  true
     insecure_tls  true
+    password  s3cr3tP@ssword
     remove_keys  key31,key32
+    tenant  0c3ba7a4-3148-4605-b62a-afc92dd1c4d7
     url  http://loki-logging-data.kubesphere-logging-system.svc:3100
+    username  s3cr3tUsern4me
     <label>
       key21  key21
       key22  key22

apis/fluentd/v1alpha1/tests/expected/fluentd-mixed-cfgs-output-copy-1.cfg

@@ -26,8 +26,11 @@
       extract_kubernetes_labels  true
       include_thread_label  true
       insecure_tls  true
+      password  s3cr3tP@ssword
       remove_keys  key31,key32
+      tenant  0c3ba7a4-3148-4605-b62a-afc92dd1c4d7
       url  http://loki-logging-data.kubesphere-logging-system.svc:3100
+      username  s3cr3tUsern4me
       <label>
         key21  key21
         key22  key22

apis/fluentd/v1alpha1/tests/expected/fluentd-mixed-cfgs-output-copy-4.cfg

@@ -97,9 +97,11 @@
       @type  elasticsearch
       host  elasticsearch-logging-data.kubesphere-logging-system.svc
       index_name  es1-notag-2
+      password  s3cr3tP@ssword
       port  9243
       scheme  https
       ssl_verify  false
+      user  s3cr3tUsern4me
     </store>
     <store>
       @id  FluentdConfig-fluent-fluentd-config::fluent::output::fluentd-output-es4-0

apis/fluentd/v1alpha1/tests/helper_test.go

@@ -6,8 +6,10 @@ import (
 	"testing"
 
 	"github.com/go-logr/logr"
+	"github.com/go-openapi/errors"
 
 	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	fluentdv1alpha1 "github.com/fluent/fluent-operator/v2/apis/fluentd/v1alpha1"
@@ -218,7 +220,7 @@ func Test_ClusterCfgOutput2Kafka(t *testing.T) {
 
 func Test_ClusterCfgOutput2Loki(t *testing.T) {
 	g := NewGomegaWithT(t)
-	sl := plugins.NewSecretLoader(nil, Fluentd.Namespace, logr.Logger{})
+	sl := NewSecretLoader(logr.Logger{}, lokiHttpCredentials, lokiTenantName)
 
 	psr := fluentdv1alpha1.NewGlobalPluginResources("main")
 	psr.CombineGlobalInputsPlugins(sl, Fluentd.Spec.GlobalInputs)
@@ -329,7 +331,7 @@ func Test_ClusterCfgOutput2Datadog(t *testing.T) {
 
 func Test_MixedCfgCopy1(t *testing.T) {
 	g := NewGomegaWithT(t)
-	sl := plugins.NewSecretLoader(nil, Fluentd.Namespace, logr.Logger{})
+	sl := NewSecretLoader(logr.Logger{}, lokiHttpCredentials, lokiTenantName)
 
 	psr := fluentdv1alpha1.NewGlobalPluginResources("main")
 	psr.CombineGlobalInputsPlugins(sl, Fluentd.Spec.GlobalInputs)
@@ -429,7 +431,7 @@ func Test_MixedCfgCopy3(t *testing.T) {
 
 func Test_MixedCfgCopy4(t *testing.T) {
 	g := NewGomegaWithT(t)
-	sl := plugins.NewSecretLoader(nil, Fluentd.Namespace, logr.Logger{})
+	sl := NewSecretLoader(logr.Logger{}, esCredentials)
 
 	psr := fluentdv1alpha1.NewGlobalPluginResources("main")
 	psr.CombineGlobalInputsPlugins(sl, Fluentd.Spec.GlobalInputs)
@@ -848,3 +850,31 @@ func Test_RecordTransformer(t *testing.T) {
 		i++
 	}
 }
+
+type SecretLoaderStruct struct {
+	secrets map[string]corev1.Secret
+}
+
+func NewSecretLoader(l logr.Logger, sec ...corev1.Secret) plugins.SecretLoader {
+	secrets := make(map[string]corev1.Secret)
+	for _, s := range sec {
+		secrets[s.Name] = s
+	}
+	return SecretLoaderStruct{
+		secrets: secrets,
+	}
+}
+
+func (sl SecretLoaderStruct) LoadSecret(s plugins.Secret) (string, error) {
+	var secret corev1.Secret
+	var ok bool
+	if secret, ok = sl.secrets[s.ValueFrom.SecretKeyRef.Name]; !ok {
+		return "", errors.NotFound(fmt.Sprintf("The secret %s is not found.", s.ValueFrom.SecretKeyRef.Name))
+	}
+
+	if v, ok := secret.StringData[s.ValueFrom.SecretKeyRef.Key]; !ok {
+		return "", errors.NotFound(fmt.Sprintf("The key %s is not found.", s.ValueFrom.SecretKeyRef.Key))
+	} else {
+		return strings.TrimSuffix(fmt.Sprintf("%s", v), "\n"), nil
+	}
+}

apis/fluentd/v1alpha1/tests/tools.go

@@ -5,6 +5,8 @@ import (
 	"os"
 	"sync"
 
+	corev1 "k8s.io/api/core/v1"
+
 	fluentdv1alpha1 "github.com/fluent/fluent-operator/v2/apis/fluentd/v1alpha1"
 	"github.com/fluent/fluent-operator/v2/apis/fluentd/v1alpha1/plugins/common"
 	"github.com/fluent/fluent-operator/v2/apis/fluentd/v1alpha1/plugins/filter"
@@ -390,6 +392,16 @@ spec:
       port: 9243
       scheme: https
       sslVerify: false
+      user:
+        valueFrom:
+          secretKeyRef:
+            key: username
+            name: es-credentials
+      password:
+        valueFrom:
+          secretKeyRef:
+            key: password
+            name: es-credentials
 `
 	FluentdOutput2ES2    fluentdv1alpha1.Output
 	FluentdOutput2ES2Raw = `
@@ -510,21 +522,21 @@ spec:
   - loki:
       url: http://loki-logging-data.kubesphere-logging-system.svc:3100
       extractKubernetesLabels: true
-#      tenantID:
-#        valueFrom:
-#          secretKeyRef:
-#            key: tenant_key
-#            name: tenant_name
-#      httpPassword:
-#        valueFrom:
-#          secretKeyRef:
-#            key: password_key
-#            name: password_name
-#      httpUser:
-#        valueFrom:
-#          secretKeyRef:
-#            key: user_key
-#            name: user_name
+      tenantID:
+        valueFrom:
+          secretKeyRef:
+            key: tenant_key
+            name: loki-tenant-name
+      httpPassword:
+        valueFrom:
+          secretKeyRef:
+            key: password_key
+            name: loki-http-credentials
+      httpUser:
+        valueFrom:
+          secretKeyRef:
+            key: user_key
+            name: loki-http-credentials
       labels:
         - key11=value11
         - key12 = value12
@@ -543,6 +555,31 @@ spec:
       insecure: true
 `
 
+	lokiHttpCredentials    corev1.Secret
+	lokiHttpCredentialsRaw = `
+apiVersion: v1
+kind: Secret
+metadata:
+  name: loki-http-credentials
+  namespace: fluent
+type: Opaque
+stringData:
+  password_key: s3cr3tP@ssword
+  user_key: s3cr3tUsern4me
+`
+
+	lokiTenantName    corev1.Secret
+	lokiTenantNameRaw = `
+apiVersion: v1
+kind: Secret
+metadata:
+  name: loki-tenant-name
+  namespace: fluent
+type: Opaque
+stringData:
+  tenant_key: 0c3ba7a4-3148-4605-b62a-afc92dd1c4d7
+`
+
 	FluentdClusterOutput2Loki1    fluentdv1alpha1.ClusterOutput
 	FluentdClusterOutput2Loki1Raw = `
 apiVersion: fluentd.fluent.io/v1alpha1
@@ -787,6 +824,20 @@ spec:
       includeThreadLabel: true
       insecure: true
 `
+
+	esCredentials    corev1.Secret
+	esCredentialsRaw = `
+apiVersion: v1
+kind: Secret
+metadata:
+  name: es-credentials
+  namespace: fluent
+type: Opaque
+stringData:
+  password: s3cr3tP@ssword
+  username: s3cr3tUsern4me
+`
+
 	once sync.Once
 )
 
@@ -936,6 +987,9 @@ func init() {
 			ParseIntoObject(FluentdOutputMixedCopy1Raw, &FluentdOutputMixedCopy1)
 			ParseIntoObject(FluentdOutputMixedCopy2Raw, &FluentdOutputMixedCopy2)
 			ParseIntoObject(FluentdOutputMixedCopy3Raw, &FluentdOutputMixedCopy3)
+			ParseIntoObject(esCredentialsRaw, &esCredentials)
+			ParseIntoObject(lokiHttpCredentialsRaw, &lokiHttpCredentials)
+			ParseIntoObject(lokiTenantNameRaw, &lokiTenantName)
 		},
 	)
 }