Merge pull request #532 from aramase/vault-nested-path

test: include nested path in secret sync and update vault suite

Author: k8s-ci-robot

Makefile

@@ -84,8 +84,8 @@ KUBECTL := kubectl
 ENVSUBST := envsubst
 
 # Test variables
-KIND_VERSION ?= 0.8.1
-KUBERNETES_VERSION ?= 1.18.2
+KIND_VERSION ?= 0.10.0
+KUBERNETES_VERSION ?= 1.20.2
 BATS_VERSION ?= 1.2.1
 TRIVY_VERSION ?= 0.14.0
 PROTOC_VERSION ?= 3.15.2

test/bats/tests/vault/vault.yaml

@@ -14,17 +14,18 @@ spec:
       key: pwd
     - objectName: bar1
       key: username
+    - objectName: nested/bar
+      key: nested
   parameters:
-    roleName: "example-role"
-    vaultAddress: http://${VAULT_SERVICE_IP}:8200
-    vaultSkipTLSVerify: "true"
+    roleName: "csi"
+    vaultAddress: "http://vault.vault:8200"
     objects:  |
-      array:
-        - |
-          objectPath: "v1/secret/foo"
-          objectName: "bar"
-          objectVersion: ""
-        - |
-          objectPath: "v1/secret/foo1"
-          objectName: "bar1"
-          objectVersion: ""
+      - secretPath: "secret/data/foo"
+        objectName: "bar"
+        secretKey: "bar"
+      - secretPath: "secret/data/foo1"
+        objectName: "bar1"
+        secretKey: "bar1"
+      - secretPath: "secret/data/foo"
+        objectName: "nested/bar"
+        secretKey: "bar"

test/bats/tests/vault/vault_synck8s_v1alpha1_secretproviderclass.yaml

@@ -13,19 +13,15 @@ spec:
     - objectName: bar1
       key: username
   parameters:
-    roleName: "example-role"
-    vaultAddress: http://${VAULT_SERVICE_IP}:8200
-    vaultSkipTLSVerify: "true"
+    roleName: "csi"
+    vaultAddress: "http://vault.vault:8200"
     objects:  |
-      array:
-        - |
-          objectPath: "v1/secret/foo"
+        - secretPath: "secret/data/foo"
           objectName: "bar"
-          objectVersion: ""
-        - |
-          objectPath: "v1/secret/foo1"
+          secretKey: "bar"
+        - secretPath: "secret/data/foo1"
           objectName: "bar1"
-          objectVersion: ""
+          secretKey: "bar1"
 ---
 apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
 kind: SecretProviderClass
@@ -42,16 +38,12 @@ spec:
     - objectName: bar1
       key: username
   parameters:
-    roleName: "example-role"
-    vaultAddress: http://${VAULT_SERVICE_IP}:8200
-    vaultSkipTLSVerify: "true"
+    roleName: "csi"
+    vaultAddress: "http://vault.vault:8200"
     objects:  |
-      array:
-        - |
-          objectPath: "v1/secret/foo"
-          objectName: "bar"
-          objectVersion: ""
-        - |
-          objectPath: "v1/secret/foo1"
-          objectName: "bar1"
-          objectVersion: ""
+      - secretPath: "secret/data/foo"
+        objectName: "bar"
+        secretKey: "bar"
+      - secretPath: "secret/data/foo1"
+        objectName: "bar1"
+        secretKey: "bar1"

test/bats/tests/vault/vault_v1alpha1_multiple_secretproviderclass.yaml

@@ -5,16 +5,12 @@ metadata:
 spec:
   provider: vault
   parameters:
-    roleName: "example-role"
-    vaultAddress: http://${VAULT_SERVICE_IP}:8200
-    vaultSkipTLSVerify: "true"
+    roleName: "csi"
+    vaultAddress: "http://vault.vault:8200"
     objects:  |
-      array:
-        - |
-          objectPath: "v1/secret/foo"
-          objectName: "bar"
-          objectVersion: ""
-        - |
-          objectPath: "v1/secret/foo1"
-          objectName: "bar1"
-          objectVersion: ""
+      - secretPath: "secret/data/foo"
+        objectName: "bar"
+        secretKey: "bar"
+      - secretPath: "secret/data/foo1"
+        objectName: "bar1"
+        secretKey: "bar1"

test/bats/tests/vault/vault_v1alpha1_secretproviderclass.yaml

@@ -14,19 +14,15 @@ spec:
     - objectName: bar1
       key: username
   parameters:
-    roleName: "example-role"
-    vaultAddress: http://${VAULT_SERVICE_IP}:8200
-    vaultSkipTLSVerify: "true"
+    roleName: "csi"
+    vaultAddress: "http://vault.vault:8200"
     objects:  |
-      array:
-        - |
-          objectPath: "v1/secret/foo"
+        - secretPath: "secret/data/foo"
           objectName: "bar"
-          objectVersion: ""
-        - |
-          objectPath: "v1/secret/foo1"
+          secretKey: "bar"
+        - secretPath: "secret/data/foo1"
           objectName: "bar1"
-          objectVersion: ""
+          secretKey: "bar1"
 ---
 apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
 kind: SecretProviderClass
@@ -44,16 +40,12 @@ spec:
     - objectName: bar1
       key: username
   parameters:
-    roleName: "example-role"
-    vaultAddress: http://${VAULT_SERVICE_IP}:8200
-    vaultSkipTLSVerify: "true"
+    roleName: "csi"
+    vaultAddress: "http://vault.vault:8200"
     objects:  |
-      array:
-        - |
-          objectPath: "v1/secret/foo"
-          objectName: "bar"
-          objectVersion: ""
-        - |
-          objectPath: "v1/secret/foo1"
-          objectName: "bar1"
-          objectVersion: ""
+      - secretPath: "secret/data/foo"
+        objectName: "bar"
+        secretKey: "bar"
+      - secretPath: "secret/data/foo1"
+        objectName: "bar1"
+        secretKey: "bar1"