e2e: deleted secrets from Vault are available, but empty

Once the Vault API removed a secret, the contents will have been wiped. The key is still available, until it gets destroyed. This causes the e2e test to detect an empty secret, and assume that it has not been deleted yet. By requesting the `data` field from the secret, an error is thrown in case the secret has been wiped. This makes it possible for the e2e test to detect that the secret has been removed and scheduled for destroying. Signed-off-by: Niels de Vos <ndevos@redhat.com>
2024-11-22 06:10:22 +00:00 · 2020-11-19 14:03:48 +01:00 · 2020-11-19 14:03:48 +01:00 · eb63e796a8
commit eb63e796a8
parent 5fba89f783
1 changed files with 1 additions and 1 deletions
--- a/e2e/utils.go
+++ b/e2e/utils.go
@ -244,7 +244,7 @@ func getMountType(appName, appNamespace, mountPath string, f *framework.Framewor
 // or stdErr (second entry in tuple) - error getting the key.
 func readVaultSecret(key string, f *framework.Framework) (string, string) {
 	loginCmd := fmt.Sprintf("vault login -address=%s sample_root_token_id > /dev/null", vaultAddr)
-	readSecret := fmt.Sprintf("vault kv get -address=%s %s%s", vaultAddr, vaultSecretNs, key)
+	readSecret := fmt.Sprintf("vault kv get -address=%s -field=data %s%s", vaultAddr, vaultSecretNs, key)
 	cmd := fmt.Sprintf("%s && %s", loginCmd, readSecret)
 	opt := metav1.ListOptions{
 		LabelSelector: "app=vault",