Skip to content

Commit 1c46d0f

Browse files
FxKuFxKu
committed
add annotation check for secret
1 parent 96c8cc4 commit 1c46d0f

File tree

1 file changed

+10
-8
lines changed

1 file changed

+10
-8
lines changed

e2e/tests/test_e2e.py

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1860,13 +1860,7 @@ def test_password_rotation(self):
18601860
self.eventuallyEqual(lambda: len(self.query_database_with_user(leader.metadata.name, "postgres", "SELECT 1", "foo_user")), 1,
18611861
"Could not connect to the database with rotation user {}".format(rotation_user), 10, 5)
18621862

1863-
# check if rotation has been ignored for user from test_cross_namespace_secrets test
1864-
db_user_secret = k8s.get_secret(username="test.db_user", namespace="test")
1865-
secret_username = str(base64.b64decode(db_user_secret.data["username"]), 'utf-8')
1866-
self.assertEqual("test.db_user", secret_username,
1867-
"Unexpected username in secret of test.db_user: expected {}, got {}".format("test.db_user", secret_username))
1868-
1869-
# do a cluster update which syncs secrets but not not init users
1863+
# add annotation which triggers syncSecrets call
18701864
pg_annotation_patch = {
18711865
"metadata": {
18721866
"annotations": {
@@ -1877,10 +1871,18 @@ def test_password_rotation(self):
18771871
k8s.api.custom_objects_api.patch_namespaced_custom_object(
18781872
"acid.zalan.do", "v1", "default", "postgresqls", "acid-minimal-cluster", pg_annotation_patch)
18791873
self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, "Operator does not get in sync")
1880-
18811874
time.sleep(10)
18821875
self.eventuallyEqual(lambda: k8s.count_secrets_with_label(cluster_label), secret_count, "Unexpected number of secrets")
18831876

1877+
# check if rotation has been ignored for user from test_cross_namespace_secrets test
1878+
db_user_secret = k8s.get_secret(username="test.db_user", namespace="test")
1879+
secret_username = str(base64.b64decode(db_user_secret.data["username"]), 'utf-8')
1880+
self.assertEqual("test.db_user", secret_username,
1881+
"Unexpected username in secret of test.db_user: expected {}, got {}".format("test.db_user", secret_username))
1882+
1883+
# check if annotation for secret has been updated
1884+
self.assertTrue("deployment-time" in db_user_secret.metadata.annotations, "Added annotation was not propagated to secret")
1885+
18841886
# disable password rotation for all other users (foo_user)
18851887
# and pick smaller intervals to see if the third fake rotation user is dropped
18861888
enable_password_rotation = {

0 commit comments

Comments
 (0)