fix: enable secrets endpoint (#4469)

* fix: enable secrets endpoint

* fix: env mame typo

* fix: visibility label for secrets

* fix: dep update

* fix: dep update

cmd/api-server/main.go

@@ -435,6 +435,7 @@ func main() {
 		cfg.TestkubeHelmchartVersion,
 		mode,
 		eventBus,
+		cfg.EnableSecretsEndpoint,
 	)
 
 	if mode == common.ModeAgent {

docs/docs/articles/helm-chart.md

@@ -115,7 +115,8 @@ The following Helm defaults are used in the `testkube` chart:
 | testkube-api.cdeventsTarget            | yes         | ""                                   |
 | testkube-api.dashboardUri              | yes         | ""                                   |
 | testkube-api.clusterName               | yes         | ""                                   |
-| testkube-api.storage.compressArtifacts | yes         | true                                 
+| testkube-api.storage.compressArtifacts | yes         | true                                 |
+| testkube-api.enableSecretsEndpoint     | yes         | false                                |
 
 >For more configuration parameters of a `MongoDB` chart please visit: 
 <https://github.com/bitnami/charts/tree/master/bitnami/mongodb#parameters>

go.mod

@@ -25,7 +25,7 @@ require (
 	github.com/gorilla/websocket v1.5.0
 	github.com/joshdk/go-junit v1.0.0
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/kubeshop/testkube-operator v1.10.8-0.20231020122730-3ec11798a62f
+	github.com/kubeshop/testkube-operator v1.10.8-0.20231020154056-62a79514fcf5
 	github.com/minio/minio-go/v7 v7.0.47
 	github.com/montanaflynn/stats v0.6.6
 	github.com/moogar0880/problems v0.1.1

go.sum

@@ -240,8 +240,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kubeshop/testkube-operator v1.10.8-0.20231020122730-3ec11798a62f h1:ce4ifn6U9c442YSdkoDLcqwCNS6c84gLj/Pbl8mEygY=
-github.com/kubeshop/testkube-operator v1.10.8-0.20231020122730-3ec11798a62f/go.mod h1:iwzgZriFxOzstinAqWB32g9iAMSORiQvGYWzX0FWbQk=
+github.com/kubeshop/testkube-operator v1.10.8-0.20231020154056-62a79514fcf5 h1:FqvYIScljavtmGde5c+Tj2toqofWEh7+ntf/d2Rcznw=
+github.com/kubeshop/testkube-operator v1.10.8-0.20231020154056-62a79514fcf5/go.mod h1:iwzgZriFxOzstinAqWB32g9iAMSORiQvGYWzX0FWbQk=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8LFgLN4=

internal/app/api/v1/server.go

@@ -87,6 +87,7 @@ func NewTestkubeAPI(
 	helmchartVersion string,
 	mode string,
 	eventsBus bus.Bus,
+	enableSecretsEndpoint bool,
 ) TestkubeAPI {
 
 	var httpConfig server.Config
@@ -103,34 +104,35 @@ func NewTestkubeAPI(
 	}
 
 	s := TestkubeAPI{
-		HTTPServer:           server.NewServer(httpConfig),
-		TestExecutionResults: testsuiteExecutionsResults,
-		ExecutionResults:     testExecutionResults,
-		TestsClient:          testsClient,
-		ExecutorsClient:      executorsClient,
-		SecretClient:         secretClient,
-		Clientset:            clientset,
-		TestsSuitesClient:    testsuitesClient,
-		TestKubeClientset:    testkubeClientset,
-		Metrics:              metrics,
-		Events:               eventsEmitter,
-		WebhooksClient:       webhookClient,
-		TestSourcesClient:    testsourcesClient,
-		Namespace:            namespace,
-		ConfigMap:            configMap,
-		Executor:             executor,
-		ContainerExecutor:    containerExecutor,
-		jobTemplate:          jobTemplate,
-		scheduler:            scheduler,
-		slackLoader:          slackLoader,
-		Storage:              storage,
-		graphqlPort:          graphqlPort,
-		artifactsStorage:     artifactsStorage,
-		TemplatesClient:      templatesClient,
-		dashboardURI:         dashboardURI,
-		helmchartVersion:     helmchartVersion,
-		mode:                 mode,
-		eventsBus:            eventsBus,
+		HTTPServer:            server.NewServer(httpConfig),
+		TestExecutionResults:  testsuiteExecutionsResults,
+		ExecutionResults:      testExecutionResults,
+		TestsClient:           testsClient,
+		ExecutorsClient:       executorsClient,
+		SecretClient:          secretClient,
+		Clientset:             clientset,
+		TestsSuitesClient:     testsuitesClient,
+		TestKubeClientset:     testkubeClientset,
+		Metrics:               metrics,
+		Events:                eventsEmitter,
+		WebhooksClient:        webhookClient,
+		TestSourcesClient:     testsourcesClient,
+		Namespace:             namespace,
+		ConfigMap:             configMap,
+		Executor:              executor,
+		ContainerExecutor:     containerExecutor,
+		jobTemplate:           jobTemplate,
+		scheduler:             scheduler,
+		slackLoader:           slackLoader,
+		Storage:               storage,
+		graphqlPort:           graphqlPort,
+		artifactsStorage:      artifactsStorage,
+		TemplatesClient:       templatesClient,
+		dashboardURI:          dashboardURI,
+		helmchartVersion:      helmchartVersion,
+		mode:                  mode,
+		eventsBus:             eventsBus,
+		enableSecretsEndpoint: enableSecretsEndpoint,
 	}
 
 	// will be reused in websockets handler
@@ -157,36 +159,37 @@ func NewTestkubeAPI(
 
 type TestkubeAPI struct {
 	server.HTTPServer
-	ExecutionResults     result.Repository
-	TestExecutionResults testresult.Repository
-	Executor             client.Executor
-	ContainerExecutor    client.Executor
-	TestsSuitesClient    *testsuitesclientv3.TestSuitesClient
-	TestsClient          *testsclientv3.TestsClient
-	ExecutorsClient      *executorsclientv1.ExecutorsClient
-	SecretClient         *secret.Client
-	WebhooksClient       *executorsclientv1.WebhooksClient
-	TestKubeClientset    testkubeclientset.Interface
-	TestSourcesClient    *testsourcesclientv1.TestSourcesClient
-	Metrics              metrics.Metrics
-	Storage              storage.Client
-	storageParams        storageParams
-	Namespace            string
-	oauthParams          oauthParams
-	WebsocketLoader      *ws.WebsocketLoader
-	Events               *event.Emitter
-	ConfigMap            config.Repository
-	jobTemplate          string
-	scheduler            *scheduler.Scheduler
-	Clientset            kubernetes.Interface
-	slackLoader          *slack.SlackLoader
-	graphqlPort          string
-	artifactsStorage     storage.ArtifactsStorage
-	TemplatesClient      *templatesclientv1.TemplatesClient
-	dashboardURI         string
-	helmchartVersion     string
-	mode                 string
-	eventsBus            bus.Bus
+	ExecutionResults      result.Repository
+	TestExecutionResults  testresult.Repository
+	Executor              client.Executor
+	ContainerExecutor     client.Executor
+	TestsSuitesClient     *testsuitesclientv3.TestSuitesClient
+	TestsClient           *testsclientv3.TestsClient
+	ExecutorsClient       *executorsclientv1.ExecutorsClient
+	SecretClient          *secret.Client
+	WebhooksClient        *executorsclientv1.WebhooksClient
+	TestKubeClientset     testkubeclientset.Interface
+	TestSourcesClient     *testsourcesclientv1.TestSourcesClient
+	Metrics               metrics.Metrics
+	Storage               storage.Client
+	storageParams         storageParams
+	Namespace             string
+	oauthParams           oauthParams
+	WebsocketLoader       *ws.WebsocketLoader
+	Events                *event.Emitter
+	ConfigMap             config.Repository
+	jobTemplate           string
+	scheduler             *scheduler.Scheduler
+	Clientset             kubernetes.Interface
+	slackLoader           *slack.SlackLoader
+	graphqlPort           string
+	artifactsStorage      storage.ArtifactsStorage
+	TemplatesClient       *templatesclientv1.TemplatesClient
+	dashboardURI          string
+	helmchartVersion      string
+	mode                  string
+	eventsBus             bus.Bus
+	enableSecretsEndpoint bool
 }
 
 type storageParams struct {
@@ -384,6 +387,11 @@ func (s *TestkubeAPI) InitRoutes() {
 	files := s.Routes.Group("/uploads")
 	files.Post("/", s.UploadFiles())
 
+	if s.enableSecretsEndpoint {
+		files := s.Routes.Group("/secrets")
+		files.Get("/", s.ListSecretsHandler())
+	}
+
 	repositories := s.Routes.Group("/repositories")
 	repositories.Post("/", s.ValidateRepositoryHandler())
 

internal/config/config.go

@@ -66,6 +66,7 @@ type Config struct {
 	TestkubeHelmchartVersion          string        `envconfig:"TESTKUBE_HELMCHART_VERSION" default:""`
 	DebugListenAddr                   string        `envconfig:"DEBUG_LISTEN_ADDR" default:"0.0.0.0:1337"`
 	EnableDebugServer                 bool          `envconfig:"ENABLE_DEBUG_SERVER" default:"false"`
+	EnableSecretsEndpoint             bool          `envconfig:"ENABLE_SECRETS_ENDPOINT" default:"false"`
 }
 
 func Get() (*Config, error) {

pkg/secret/client.go

@@ -85,7 +85,7 @@ func (c *Client) List(all bool) (map[string]map[string]string, error) {
 	secretsClient := c.ClientSet.CoreV1().Secrets(c.Namespace)
 	ctx := context.Background()
 
-	selector := ""
+	selector := "visibility=testkube"
 	if !all {
 		selector = fmt.Sprintf("testkube=%s", testkubeTestSecretLabel)
 	}
@@ -185,7 +185,7 @@ func NewSpec(id, namespace string, labels, stringData map[string]string) *v1.Sec
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      id,
 			Namespace: namespace,
-			Labels:    map[string]string{"testkube": testkubeTestSecretLabel},
+			Labels:    map[string]string{"testkube": testkubeTestSecretLabel, "visibility": "testkube"},
 		},
 		Type:       v1.SecretTypeOpaque,
 		StringData: stringData,