From eb63e796a878ecb3fd0a96ad2690dcef1a239221 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Thu, 19 Nov 2020 14:03:48 +0100
Subject: [PATCH] e2e: deleted secrets from Vault are available, but empty

Once the Vault API removed a secret, the contents will have been wiped.
The key is still available, until it gets destroyed. This causes the e2e
test to detect an empty secret, and assume that it has not been deleted
yet.

By requesting the `data` field from the secret, an error is thrown in
case the secret has been wiped. This makes it possible for the e2e test
to detect that the secret has been removed and scheduled for destroying.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 e2e/utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/e2e/utils.go b/e2e/utils.go
index 0e72f29d4..8183f5f66 100644
--- a/e2e/utils.go
+++ b/e2e/utils.go
@@ -244,7 +244,7 @@ func getMountType(appName, appNamespace, mountPath string, f *framework.Framewor
 // or stdErr (second entry in tuple) - error getting the key.
 func readVaultSecret(key string, f *framework.Framework) (string, string) {
 	loginCmd := fmt.Sprintf("vault login -address=%s sample_root_token_id > /dev/null", vaultAddr)
-	readSecret := fmt.Sprintf("vault kv get -address=%s %s%s", vaultAddr, vaultSecretNs, key)
+	readSecret := fmt.Sprintf("vault kv get -address=%s -field=data %s%s", vaultAddr, vaultSecretNs, key)
 	cmd := fmt.Sprintf("%s && %s", loginCmd, readSecret)
 	opt := metav1.ListOptions{
 		LabelSelector: "app=vault",