From a986aa0853b39900dcc6be71cd8e9cdd73d8df26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Thu, 7 May 2020 00:03:40 +0200 Subject: [PATCH] Remove secret file name restriction --- CHANGELOG.md | 2 + USAGE.md | 2 + scripts/commands/clean.sh | 2 +- scripts/commands/helm.sh | 2 +- scripts/commands/view.sh | 2 +- scripts/drivers/noop.sh | 2 +- scripts/run.sh | 2 +- tests/assets/values/noop/some-secrets.yaml | 22 ++++++++ .../assets/values/sops/some-secrets.dec.yaml | 23 +++++++++ tests/assets/values/sops/some-secrets.yaml | 28 +++++++++++ tests/assets/values/vault/seed.sh | 2 +- tests/assets/values/vault/some-secrets.yaml | 4 ++ tests/it/diff.bats | 27 +++++++--- tests/it/install.bats | 29 ++++++++--- tests/it/upgrade.bats | 29 ++++++++--- tests/lib/helper.bash | 5 +- tests/unit/clean.bats | 13 ++++- tests/unit/dec.bats | 50 +++++++++++++------ tests/unit/edit.bats | 18 +++++++ tests/unit/enc.bats | 18 +++++++ tests/unit/kubeval.bats | 29 ++++++++--- tests/unit/lint.bats | 43 ++++++++++------ tests/unit/template.bats | 29 ++++++++--- tests/unit/view.bats | 11 +++- 24 files changed, 323 insertions(+), 71 deletions(-) create mode 100644 tests/assets/values/noop/some-secrets.yaml create mode 100644 tests/assets/values/sops/some-secrets.dec.yaml create mode 100644 tests/assets/values/sops/some-secrets.yaml create mode 100644 tests/assets/values/vault/some-secrets.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index eeeb51e0..6287eac0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ### Added +* Add Vault support (https://github.com/jkroepke/helm-secrets/pull/22) * Secret driver to gain secrets from other sources then sops. (https://github.com/jkroepke/helm-secrets/pull/16) +* Remove name restriction (https://github.com/jkroepke/helm-secrets/pull/23) ### Changed diff --git a/USAGE.md b/USAGE.md index 18cc4249..48ad40b5 100644 --- a/USAGE.md +++ b/USAGE.md @@ -22,6 +22,8 @@ Available Commands: By convention, files containing secrets are named `secrets.yaml`, or anything beginning with "secrets" and ending with ".yaml". E.g. `secrets.test.yaml`, `secrets.prod.yaml` `secretsCOOL.yaml`. +**But unlike zendesk/helm-secrets, you can name your secret file as you want** + Decrypted files have the suffix ".yaml.dec" by default. This can be changed using the `HELM_SECRETS_DEC_SUFFIX` environment variable. ## Basic commands: diff --git a/scripts/commands/clean.sh b/scripts/commands/clean.sh index e4f61e7f..bc1e286e 100644 --- a/scripts/commands/clean.sh +++ b/scripts/commands/clean.sh @@ -27,5 +27,5 @@ clean() { exit 1 fi - find "$basedir" -type f -name "secrets*${DEC_SUFFIX}" -exec rm -v {} \; + find "$basedir" -type f -name "*${DEC_SUFFIX}" -exec rm -v {} \; } diff --git a/scripts/commands/helm.sh b/scripts/commands/helm.sh index 04c4fe06..b6e54dd5 100644 --- a/scripts/commands/helm.sh +++ b/scripts/commands/helm.sh @@ -10,7 +10,7 @@ helm_command_usage() { helm secrets $1 [ --driver | -d ] [ --quiet | -q ] This is a wrapper for "helm [command]". It will detect -f and ---values options, and decrypt any secrets*.yaml files before running "helm +--values options, and decrypt any encrypted *.yaml files before running "helm [command]". Example: diff --git a/scripts/commands/view.sh b/scripts/commands/view.sh index ecd0028a..a4cf382c 100644 --- a/scripts/commands/view.sh +++ b/scripts/commands/view.sh @@ -6,7 +6,7 @@ view_usage() { cat < | -d ] -View specified secrets[.*].yaml file +View specified encrypted yaml file Typical usage: $ helm secrets view secrets/myproject/nginx/secrets.yaml | grep basic_auth diff --git a/scripts/drivers/noop.sh b/scripts/drivers/noop.sh index 31a4f349..576e0061 100644 --- a/scripts/drivers/noop.sh +++ b/scripts/drivers/noop.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh driver_is_file_encrypted() { - false + true } driver_encrypt_file() { diff --git a/scripts/run.sh b/scripts/run.sh index f17a1915..16be25cc 100755 --- a/scripts/run.sh +++ b/scripts/run.sh @@ -36,7 +36,7 @@ Available Commands: view Print secrets decrypted edit Edit secrets file and encrypt afterwards clean Remove all decrypted files in specified directory (recursively) - wrapper that decrypts secrets[.*].yaml files before running helm + wrapper that decrypts encrypted yaml files before running helm EOF } diff --git a/tests/assets/values/noop/some-secrets.yaml b/tests/assets/values/noop/some-secrets.yaml new file mode 100644 index 00000000..701fd0e8 --- /dev/null +++ b/tests/assets/values/noop/some-secrets.yaml @@ -0,0 +1,22 @@ +global_secret: global_bar +key: |- + -----BEGIN PGP MESSAGE----- + + wcFMAxYpv4YXKfBAARAAVzE7/FMD7+UWwMls23zKKLoTs+5w9GMvugn0wi5KOJ8P + PSrRY4r27VhwQH38gWDrzo3RCmO9414xZ0JW0HaN2Pgd3ml6mYCY/5RE7apgGZQI + 3Im0fv8bhIwaP2UWPp74EXLzA3mh1dUtwxmuWOeoSq+Vm5NtbjkfUt/4MIcF5IAY + c+U4ZOdQlzgExwu+VtOpeBrkwfglh5fFuKqM8Fg1IICi/Pp6YAlpAdGqlt1zS4Pj + yjAS6eAvnpM0eA5hShuoO9JsAu4kVjaaBlipVpc1I2zdcT3H/1d7ASziwbKOm6jE + PJxzaMDxn0UfMjkhTaTZ8v27lz6W7qdlHdCWGGI348QkSoDotm7OzMC7ZLfps3+9 + GrXo9Kwxkj6oy/thn92W2cRSeSD28g6kcUkHeG8L3mMv+gpTjIhM+Z8x3jJcVp2i + yoA2dO/kO2/HTcUfnEjppKigqUlRuKfDn8ercjYiq+foqtimH192iXXyRmltYlH0 + GUSJ1FcNLAC9g0WLFPQnMFh5KxSweavpbdd6PILqEsyKvZpC5a+hzLKwGjWOveW1 + K34QZf6Ay3CPCegAyGVjxmsg1vPKD+9WAZinveCl37l3cCQW1VZzbGkHgtLQ30Qr + DCRFZEstraLAQUf6VLAk9bPYX/fvkXmra970i/CfJjIg0SpOXbADBR4x+zRRZqrS + 4AHkWTmhH/xXWyAgmh+sGs18OOFGfeC04AjhMmvg4uKzly6+4IDlNhPif2VpJYOi + EmU8gQoUsAHKYro0hPfzBZyJlL+TqCPgHeRPANVgm4Ww6RlVrNFpTy9H4m4s5y/h + EzAA + =jf7D + -----END PGP MESSAGE----- +service: + port: 83 diff --git a/tests/assets/values/sops/some-secrets.dec.yaml b/tests/assets/values/sops/some-secrets.dec.yaml new file mode 100644 index 00000000..76f5581a --- /dev/null +++ b/tests/assets/values/sops/some-secrets.dec.yaml @@ -0,0 +1,23 @@ +global_secret: global_bar +key: |- + -----BEGIN PGP MESSAGE----- + + wcFMAxYpv4YXKfBAARAAVzE7/FMD7+UWwMls23zKKLoTs+5w9GMvugn0wi5KOJ8P + PSrRY4r27VhwQH38gWDrzo3RCmO9414xZ0JW0HaN2Pgd3ml6mYCY/5RE7apgGZQI + 3Im0fv8bhIwaP2UWPp74EXLzA3mh1dUtwxmuWOeoSq+Vm5NtbjkfUt/4MIcF5IAY + c+U4ZOdQlzgExwu+VtOpeBrkwfglh5fFuKqM8Fg1IICi/Pp6YAlpAdGqlt1zS4Pj + yjAS6eAvnpM0eA5hShuoO9JsAu4kVjaaBlipVpc1I2zdcT3H/1d7ASziwbKOm6jE + PJxzaMDxn0UfMjkhTaTZ8v27lz6W7qdlHdCWGGI348QkSoDotm7OzMC7ZLfps3+9 + GrXo9Kwxkj6oy/thn92W2cRSeSD28g6kcUkHeG8L3mMv+gpTjIhM+Z8x3jJcVp2i + yoA2dO/kO2/HTcUfnEjppKigqUlRuKfDn8ercjYiq+foqtimH192iXXyRmltYlH0 + GUSJ1FcNLAC9g0WLFPQnMFh5KxSweavpbdd6PILqEsyKvZpC5a+hzLKwGjWOveW1 + K34QZf6Ay3CPCegAyGVjxmsg1vPKD+9WAZinveCl37l3cCQW1VZzbGkHgtLQ30Qr + DCRFZEstraLAQUf6VLAk9bPYX/fvkXmra970i/CfJjIg0SpOXbADBR4x+zRRZqrS + 4AHkWTmhH/xXWyAgmh+sGs18OOFGfeC04AjhMmvg4uKzly6+4IDlNhPif2VpJYOi + EmU8gQoUsAHKYro0hPfzBZyJlL+TqCPgHeRPANVgm4Ww6RlVrNFpTy9H4m4s5y/h + EzAA + =jf7D + -----END PGP MESSAGE----- +service: + port: 83 + diff --git a/tests/assets/values/sops/some-secrets.yaml b/tests/assets/values/sops/some-secrets.yaml new file mode 100644 index 00000000..11dc14cd --- /dev/null +++ b/tests/assets/values/sops/some-secrets.yaml @@ -0,0 +1,28 @@ +global_secret: ENC[AES256_GCM,data:QSuqKj9jUft+Ug==,iv:CXfhR2O5l6IF8KI5SSDxMiWQ7kghfHHb1wASAJ7JMPw=,tag:g/n7/KeltD1ODvolNCLD1w==,type:str] +key: ENC[AES256_GCM,data:9nAQWTLrA71vJ82ebiEWOP/bt3B3AjCllGRiAU1szxcN95papkFeNRl3mBJT0fqhbsMD/B3hmO+kRbxxzoDAezXI0gDIrlo9fyxoSwzsRxYBzHqg4USFs6iI+THFQLkxDaCu45Ku2cxksdBTBFpswkyk0ZBFhASLfT59GhWji4+n19MXPwb0tyGiCyIpgteXBA7FdMCiLc4ZRTZechZVpvfu1EJf5UgDT39dBAn9+Rwn0oQpDKTHij908VLsH18XcCgISYnixyoShqQxtmFbLipi1Blzs5zqgYFE7BbZ6ZgdCm69/WSXBiLabG+KYMPeEYXI6IRMbf+5qteWqEriRLmjKKbRFRjIdPI3+6ysySje0xYSUHOD3YjpzzeiQPT0OqzPJ/H7LZAO+/MUhel7h83HxzWYR33ieJLE/MghpQYN4zPgqzK4XQpb5ERHtpGrXSbzcSIcICTDrlNf9T7r3SzmHXulUMAIx/AH0s3Kyuv0BzUKWYNNgwj9j99FxofQsdJHx16qph0vu7y1iKu9/Jy89rPWn/LOh8llCGztQj+TXygnUyUfMHXMBAe0X+abCu7WcWuij9ow+adA9HxCA8ezue1pPPDoPTk0OnM7FUxVdgLgEBZu0gEl3jkhVEhouLIka08fE6eJL/iNmepqFb+x815pPVVsJkDDeKxjxt+YwAYgm3BX+ZZdLZVtg93AIEPUeBgZRGw4bYQWvsKwmC8zZhLvMsyX4NwKTj+gViXsCrSv92i1epZZwrzj+xszExz3k3633VdwMOqNtK0/c9GhzSNSktkw9yKMSGTEp4O8TYepovjM/Vei0M9FQ0+rQfLEaRyPMeCIhysh2ggXxIWr5kQdEH3KCIm1aJDRA9QVOvUeXcenfN7x9pG9mqMNkumVu4ops4rDCOy/NlSvJW+n7vk+wHqSIKtwWZxNX+HRQgSmHZmvQS8IEyK5vQOxD8rQD2Er+w6Io6PvLm2F1Op1mV7ea+Lvg2pStFkQVCgRP/TbejN7gNBEsNTkel1D1uEgT2wvN+j2iFvNyEhUFUylaeUBYmDHJ9ZjQqJ2/3QZzR2yN2i+HN9sVZGdHm6bBH08GtDmjliqh8CKRjh0OMJfCZ1ZcoSBz1/m0E5zAZl3ZMuTDZaW70QsO4FoxA0oUqD14c4nxhqL3B9SxA6ErrYWY1+j3vo/ws6sBzWWzLXC59SwlwMg3PytxNWLpw==,iv:w0KBImdBsS63co+HyQVOYOxOFI/tLeRYnr+L+lCcNo8=,tag:ReQ99Km7LDQwEnlN/ppmxg==,type:str] +service: + port: ENC[AES256_GCM,data:KVc=,iv:chJgrn3o4I9D8njAeHPJRfVehfYpOcIWdcVfODvUDp8=,tag:KQH65Yuys5EuzyYJzER/cg==,type:int] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + lastmodified: '2020-05-06T21:50:37Z' + mac: ENC[AES256_GCM,data:ZDosePjT2f1T172mFm/zb6znA/uhv3e5cNrlC9krjRXtLBw8GWwn6Zd7OgJ2h38cDuaLpvl56uGmdCSx0rVzRZUwMfkrbQLHOLnwkxeKEPPqhqsKCVIcuHNwlkrTpVfIlfFy4zAiA4UdoSWZtMY2HdA6Ol/D5HZDqQCYSUbWpV0=,iv:V9O/qgUN4PGDB30QKi1A6DYW0Fb9AVfWmzAnRexyzKw=,tag:TBl02haJuEbBd0PYyXEPKQ==,type:str] + pgp: + - created_at: '2020-05-06T20:54:30Z' + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA9ce5qCwOO4MAQgAhLFu+zlo/fPrfAVGeQVEIEttihpMzo7CSRJDGYqSqgOO + g/NbA/hDVWkE9jzGnxDY01W9RR4FOss+yd1SHlNzsPDDfkXi8e2PA8tNR6XKyoSq + aCMYE4TP8JnH2hplxWucib5va2EUkgwAF+86I/ISlMLIXqeVE6xKJAuGcPQ8UwDG + YUO5KzcLF8oTyoRGxvakIiCAfCWrzz7wBkT8KG5t8pQvucTtvzOpiexRL/9OU+SA + Spgp8WPds+A9WArkLVQ7lcZhI0XiMxITmZdBgXGIG+1pMoGjajXUk2SA5FXeHkgH + kgfAhsDlEI3mfSwYMwuFP5/659Wl3gWkMIlTpfBY2NJeAUeCmOKYRwTHR8UFa2Gg + wF7wB+aj71S6v4kO932ZFHNNL0JS8OGqg/IigOhgjIC/7ozHehhKNIxCUre2g1Ws + dj7U81vziuDuH/sOrgwYdqfQHa6ytoomZbiYLQl4wg== + =5Jl6 + -----END PGP MESSAGE----- + fp: D6174A02027050E59C711075B430C4E58E2BBBA3 + unencrypted_suffix: _unencrypted + version: 3.5.0 diff --git a/tests/assets/values/vault/seed.sh b/tests/assets/values/vault/seed.sh index b7d260c5..f8b4edb8 100755 --- a/tests/assets/values/vault/seed.sh +++ b/tests/assets/values/vault/seed.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -vault kv put secret/production global_secret=global_bar port=81 +vault kv put secret/production global_secret=global_bar port=81 port2=83 vault kv put secret/gpg key="-----BEGIN PGP MESSAGE----- diff --git a/tests/assets/values/vault/some-secrets.yaml b/tests/assets/values/vault/some-secrets.yaml new file mode 100644 index 00000000..7e001366 --- /dev/null +++ b/tests/assets/values/vault/some-secrets.yaml @@ -0,0 +1,4 @@ +global_secret: !vault secret/production#global_secret +key: !vault secret/gpg#key +service: + port: !vault secret/production#port2 diff --git a/tests/it/diff.bats b/tests/it/diff.bats index c1c6aef5..8b51d85c 100755 --- a/tests/it/diff.bats +++ b/tests/it/diff.bats @@ -36,7 +36,7 @@ load '../bats/extensions/bats-file/load' assert [ ! -f "${FILE}.dec" ] } -@test "diff: helm diff upgrade w/ chart + secret file" { +@test "diff: helm diff upgrade w/ chart + secrets.yaml" { helm_plugin_install "diff" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="diff-$(date +%s)-${SEED}" @@ -51,7 +51,22 @@ load '../bats/extensions/bats-file/load' assert [ ! -f "${FILE}.dec" ] } -@test "diff: helm diff upgrade w/ chart + secret file + helm flag" { +@test "diff: helm diff upgrade w/ chart + some-secrets.yaml" { + helm_plugin_install "diff" + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + RELEASE="diff-$(date +%s)-${SEED}" + + create_chart "${TEST_TEMP_DIR}" + + run helm secrets diff upgrade --no-color --allow-unreleased "${RELEASE}" "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1 + assert_success + assert_output --partial "[helm-secrets] Decrypt: ${FILE}" + assert_output --partial "port: 83" + assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert [ ! -f "${FILE}.dec" ] +} + +@test "diff: helm diff upgrade w/ chart + secrets.yaml + helm flag" { helm_plugin_install "diff" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="diff-$(date +%s)-${SEED}" @@ -67,7 +82,7 @@ load '../bats/extensions/bats-file/load' assert [ ! -f "${FILE}.dec" ] } -@test "diff: helm diff upgrade w/ chart + pre decrypted secret file" { +@test "diff: helm diff upgrade w/ chart + pre decrypted secrets.yaml" { helm_plugin_install "diff" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="diff-$(date +%s)-${SEED}" @@ -85,7 +100,7 @@ load '../bats/extensions/bats-file/load' assert_success } -@test "diff: helm diff upgrade w/ chart + secret file + q flag" { +@test "diff: helm diff upgrade w/ chart + secrets.yaml + q flag" { helm_plugin_install "diff" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="diff-$(date +%s)-${SEED}" @@ -100,7 +115,7 @@ load '../bats/extensions/bats-file/load' assert [ ! -f "${FILE}.dec" ] } -@test "diff: helm diff upgrade w/ chart + secret file + quiet flag" { +@test "diff: helm diff upgrade w/ chart + secrets.yaml + quiet flag" { helm_plugin_install "diff" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="diff-$(date +%s)-${SEED}" @@ -115,7 +130,7 @@ load '../bats/extensions/bats-file/load' assert [ ! -f "${FILE}.dec" ] } -@test "diff: helm diff upgrade w/ chart + secret file + special path" { +@test "diff: helm diff upgrade w/ chart + secrets.yaml + special path" { helm_plugin_install "diff" FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="diff-$(date +%s)-${SEED}" diff --git a/tests/it/install.bats b/tests/it/install.bats index 061c8676..b0fed53f 100755 --- a/tests/it/install.bats +++ b/tests/it/install.bats @@ -33,7 +33,7 @@ load '../bats/extensions/bats-file/load' assert_success } -@test "install: helm install w/ chart + secret file" { +@test "install: helm install w/ chart + secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="install-$(date +%s)-${SEED}" create_chart "${TEST_TEMP_DIR}" @@ -50,7 +50,24 @@ load '../bats/extensions/bats-file/load' assert_output --partial "port: 81" } -@test "install: helm install w/ chart + secret file + helm flag" { +@test "install: helm install w/ chart + some-secrets.yaml" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + RELEASE="install-$(date +%s)-${SEED}" + create_chart "${TEST_TEMP_DIR}" + + run helm secrets install "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1 + assert_success + assert_output --partial "[helm-secrets] Decrypt: ${FILE}" + assert_output --partial "STATUS: deployed" + assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert [ ! -f "${FILE}.dec" ] + + run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}" + assert_success + assert_output --partial "port: 83" +} + +@test "install: helm install w/ chart + secrets.yaml + helm flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="install-$(date +%s)-${SEED}" create_chart "${TEST_TEMP_DIR}" @@ -68,7 +85,7 @@ load '../bats/extensions/bats-file/load' assert_output --partial "type: NodePort" } -@test "install: helm install w/ chart + pre decrypted secret file" { +@test "install: helm install w/ chart + pre decrypted secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="install-$(date +%s)-${SEED}" printf 'service:\n port: 82' > "${FILE}.dec" @@ -88,7 +105,7 @@ load '../bats/extensions/bats-file/load' assert_output --partial "port: 82" } -@test "install: helm install w/ chart + secret file + q flag" { +@test "install: helm install w/ chart + secrets.yaml + q flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="install-$(date +%s)-${SEED}" create_chart "${TEST_TEMP_DIR}" @@ -105,7 +122,7 @@ load '../bats/extensions/bats-file/load' assert_output --partial "port: 81" } -@test "install: helm install w/ chart + secret file + quiet flag" { +@test "install: helm install w/ chart + secrets.yaml + quiet flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="install-$(date +%s)-${SEED}" create_chart "${TEST_TEMP_DIR}" @@ -122,7 +139,7 @@ load '../bats/extensions/bats-file/load' assert_output --partial "port: 81" } -@test "install: helm install w/ chart + secret file + special path" { +@test "install: helm install w/ chart + secrets.yaml + special path" { FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="install-$(date +%s)-${SEED}" create_chart "${SPECIAL_CHAR_DIR}" diff --git a/tests/it/upgrade.bats b/tests/it/upgrade.bats index 5bb68a6e..62b97493 100755 --- a/tests/it/upgrade.bats +++ b/tests/it/upgrade.bats @@ -33,7 +33,7 @@ load '../bats/extensions/bats-file/load' assert_success } -@test "upgrade: helm upgrade w/ chart + secret file" { +@test "upgrade: helm upgrade w/ chart + secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="upgrade-$(date +%s)-${SEED}" create_chart "${TEST_TEMP_DIR}" @@ -50,7 +50,24 @@ load '../bats/extensions/bats-file/load' assert_output --partial "port: 81" } -@test "upgrade: helm upgrade w/ chart + secret file + helm flag" { +@test "upgrade: helm upgrade w/ chart + some-secrets.yaml" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + RELEASE="upgrade-$(date +%s)-${SEED}" + create_chart "${TEST_TEMP_DIR}" + + run helm secrets upgrade -i "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1 + assert_success + assert_output --partial "[helm-secrets] Decrypt: ${FILE}" + assert_output --partial "STATUS: deployed" + assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert [ ! -f "${FILE}.dec" ] + + run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}" + assert_success + assert_output --partial "port: 83" +} + +@test "upgrade: helm upgrade w/ chart + secrets.yaml + helm flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="upgrade-$(date +%s)-${SEED}" create_chart "${TEST_TEMP_DIR}" @@ -68,7 +85,7 @@ load '../bats/extensions/bats-file/load' assert_output --partial "type: NodePort" } -@test "upgrade: helm upgrade w/ chart + pre decrypted secret file" { +@test "upgrade: helm upgrade w/ chart + pre decrypted secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="upgrade-$(date +%s)-${SEED}" printf 'service:\n port: 82' > "${FILE}.dec" @@ -88,7 +105,7 @@ load '../bats/extensions/bats-file/load' assert_output --partial "port: 82" } -@test "upgrade: helm upgrade w/ chart + secret file + q flag" { +@test "upgrade: helm upgrade w/ chart + secrets.yaml + q flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="upgrade-$(date +%s)-${SEED}" create_chart "${TEST_TEMP_DIR}" @@ -105,7 +122,7 @@ load '../bats/extensions/bats-file/load' assert_output --partial "port: 81" } -@test "upgrade: helm upgrade w/ chart + secret file + quiet flag" { +@test "upgrade: helm upgrade w/ chart + secrets.yaml + quiet flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="upgrade-$(date +%s)-${SEED}" create_chart "${TEST_TEMP_DIR}" @@ -122,7 +139,7 @@ load '../bats/extensions/bats-file/load' assert_output --partial "port: 81" } -@test "upgrade: helm upgrade w/ chart + secret file + special path" { +@test "upgrade: helm upgrade w/ chart + secrets.yaml + special path" { FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" RELEASE="upgrade-$(date +%s)-${SEED}" create_chart "${SPECIAL_CHAR_DIR}" diff --git a/tests/lib/helper.bash b/tests/lib/helper.bash index dbfa984c..b2209a97 100644 --- a/tests/lib/helper.bash +++ b/tests/lib/helper.bash @@ -1,7 +1,7 @@ GIT_ROOT="$(git rev-parse --show-toplevel)" TEST_DIR="${GIT_ROOT}/tests" HELM_SECRETS_DRIVER="${HELM_SECRETS_DRIVER:-"sops"}" -HELM_CACHE="${TEST_DIR}/.tmp/cache/helm" +HELM_CACHE="${TEST_DIR}/.tmp/cache/$(uname)/helm" REAL_HOME="${HOME}" _shasum() { @@ -80,6 +80,9 @@ setup() { _sed_i "s!vault secret/!vault secret/${SEED}/!g" "$(printf '%s/values/vault/secrets.yaml' "${TEST_TEMP_DIR}")" _sed_i "s!vault secret/!vault secret/${SEED}/!g" "$(printf '%s/values/vault/secrets.yaml' "${SPECIAL_CHAR_DIR}")" + _sed_i "s!vault secret/!vault secret/${SEED}/!g" "$(printf '%s/values/vault/some-secrets.yaml' "${TEST_TEMP_DIR}")" + _sed_i "s!vault secret/!vault secret/${SEED}/!g" "$(printf '%s/values/vault/some-secrets.yaml' "${SPECIAL_CHAR_DIR}")" + sh "${TEST_TEMP_DIR}/values/vault/seed.sh" ;; esac diff --git a/tests/unit/clean.bats b/tests/unit/clean.bats index cd83b566..db113d70 100755 --- a/tests/unit/clean.bats +++ b/tests/unit/clean.bats @@ -35,7 +35,6 @@ load '../bats/extensions/bats-file/load' assert_output --partial "${FILE}.dec" } - @test "clean: Cleanup with HELM_SECRETS_DEC_SUFFIX" { HELM_SECRETS_DEC_SUFFIX=.yaml.test export HELM_SECRETS_DEC_SUFFIX @@ -50,3 +49,15 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.test" assert_output --partial "${FILE}.test" } + +@test "clean: Cleanup with custom name" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + + run helm secrets dec "${FILE}" + assert_success + assert_file_exist "${FILE}.dec" + + run helm secrets clean "$(dirname "${FILE}")" + assert_file_not_exist "${FILE}.dec" + assert_output --partial "${FILE}.dec" +} diff --git a/tests/unit/dec.bats b/tests/unit/dec.bats index 90977297..72a0e213 100755 --- a/tests/unit/dec.bats +++ b/tests/unit/dec.bats @@ -24,51 +24,73 @@ load '../bats/extensions/bats-file/load' } @test "dec: Decrypt secrets.yaml" { - run helm secrets dec "${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + + run helm secrets dec "${FILE}" + assert_success + assert_output "Decrypting ${FILE}" + assert_file_exist "${FILE}.dec" + + run cat "${FILE}.dec" + assert_success + assert_output --partial 'global_secret: ' + assert_output --partial 'global_bar' +} + +@test "dec: Decrypt some-secrets.yaml" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + + run helm secrets dec "${FILE}" assert_success - assert_output "Decrypting ${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" - assert_file_exist "${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml.dec" + assert_output "Decrypting ${FILE}" + assert_file_exist "${FILE}.dec" - run cat "${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml.dec" + run cat "${FILE}.dec" assert_success assert_output --partial 'global_secret: ' assert_output --partial 'global_bar' } @test "dec: Decrypt secrets.yaml + special char directory name" { - run helm secrets dec "${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + + run helm secrets dec "${FILE}" assert_success - assert_output "Decrypting ${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" - assert_file_exist "${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml.dec" + assert_output "Decrypting ${FILE}" + assert_file_exist "${FILE}.dec" - run cat "${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml.dec" + run cat "${FILE}.dec" assert_success assert_output --partial 'global_secret: ' assert_output --partial 'global_bar' } @test "dec: Decrypt secrets.yaml + HELM_SECRETS_DEC_SUFFIX" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + HELM_SECRETS_DEC_SUFFIX=.yaml.test export HELM_SECRETS_DEC_SUFFIX - run helm secrets dec "${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + run helm secrets dec "${FILE}" assert_success - assert_output "Decrypting ${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" - assert [ -e "${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml.test" ] + assert_output "Decrypting ${FILE}" + assert [ -e "${FILE}.test" ] - run cat "${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml.test" + run cat "${FILE}.test" assert_success assert_output --partial 'global_secret: ' assert_output --partial 'global_bar' } @test "dec: Decrypt secrets.yaml + HELM_SECRETS_DEC_DIR" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + HELM_SECRETS_DEC_DIR="$(mktemp -d)" export HELM_SECRETS_DEC_DIR - run helm secrets dec "${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + run helm secrets dec "${FILE}" assert_success - assert_output "Decrypting ${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + assert_output "Decrypting ${FILE}" assert_file_exist "${HELM_SECRETS_DEC_DIR}/secrets.yaml.dec" run cat "${HELM_SECRETS_DEC_DIR}/secrets.yaml.dec" diff --git a/tests/unit/edit.bats b/tests/unit/edit.bats index 79728c52..0db2b3af 100755 --- a/tests/unit/edit.bats +++ b/tests/unit/edit.bats @@ -41,6 +41,24 @@ load '../bats/extensions/bats-file/load' assert_output "hello: world" } +@test "edit: some-secrets.yaml" { + if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then + skip + fi + + EDITOR="${TEST_DIR}/assets/mock-editor/editor.sh" + export EDITOR + + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + + run helm secrets edit "${FILE}" + assert_success + + run helm secrets view "${FILE}" + assert_success + assert_output "hello: world" +} + @test "edit: secrets.yaml + special path" { if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then diff --git a/tests/unit/enc.bats b/tests/unit/enc.bats index d6f61046..33a45269 100755 --- a/tests/unit/enc.bats +++ b/tests/unit/enc.bats @@ -41,6 +41,24 @@ load '../bats/extensions/bats-file/load' assert_output --partial 'global_bar' } +@test "enc: Encrypt some-secrets.yaml" { + if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then + skip + fi + + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.dec.yaml" + + run helm secrets enc "${FILE}" + + assert_output --partial "Encrypting ${FILE}" + assert_output --partial "Encrypted some-secrets.dec.yaml" + + run helm secrets view "${FILE}" + assert_success + assert_output --partial 'global_secret: ' + assert_output --partial 'global_bar' +} + @test "enc: Encrypt secrets.yaml.dec" { if [ "${HELM_SECRETS_DRIVER}" != "sops" ]; then skip diff --git a/tests/unit/kubeval.bats b/tests/unit/kubeval.bats index 19062986..2b848ab4 100644 --- a/tests/unit/kubeval.bats +++ b/tests/unit/kubeval.bats @@ -35,7 +35,7 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "kubeval: helm kubeval w/ chart + secret file" { +@test "kubeval: helm kubeval w/ chart + secrets.yaml" { helm_plugin_install "kubeval" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" @@ -50,14 +50,29 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "kubeval: helm kubeval w/ chart + secret file + helm flag" { +@test "kubeval: helm kubeval w/ chart + some-secrets.yaml" { + helm_plugin_install "kubeval" + + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + + create_chart "${TEST_TEMP_DIR}" + + run helm secrets kubeval "${TEST_TEMP_DIR}/chart" -f "${FILE}" --strict 2>&1 + assert_success + assert_output --partial "[helm-secrets] Decrypt: ${FILE}" + assert_output --partial "The file chart/templates/serviceaccount.yaml contains a valid ServiceAccount" + assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert_file_not_exist "${FILE}.dec" +} + +@test "kubeval: helm kubeval w/ chart + secrets.yaml + helm flag" { helm_plugin_install "kubeval" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" - run helm secrets kubeval "${TEST_TEMP_DIR}/chart" -f "${FILE}" --set image.pullPolicy=Always --strict 2>&1 + run helm secrets kubeval "${TEST_TEMP_DIR}/chart" -f "${FILE}" --set service.type=NodePort --strict 2>&1 assert_success assert_output --partial "[helm-secrets] Decrypt: ${FILE}" assert_output --partial "The file chart/templates/serviceaccount.yaml contains a valid ServiceAccount" @@ -65,7 +80,7 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "kubeval: helm kubeval w/ chart + pre decrypted secret file" { +@test "kubeval: helm kubeval w/ chart + pre decrypted secrets.yaml" { helm_plugin_install "kubeval" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" @@ -84,7 +99,7 @@ load '../bats/extensions/bats-file/load' assert_success } -@test "kubeval: helm kubeval w/ chart + secret file + q flag" { +@test "kubeval: helm kubeval w/ chart + secrets.yaml + q flag" { helm_plugin_install "kubeval" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" @@ -99,7 +114,7 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "kubeval: helm kubeval w/ chart + secret file + quiet flag" { +@test "kubeval: helm kubeval w/ chart + secrets.yaml + quiet flag" { helm_plugin_install "kubeval" FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" @@ -114,7 +129,7 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "kubeval: helm kubeval w/ chart + secret file + special path" { +@test "kubeval: helm kubeval w/ chart + secrets.yaml + special path" { helm_plugin_install "kubeval" FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" diff --git a/tests/unit/lint.bats b/tests/unit/lint.bats index 54dae59e..b3549b11 100755 --- a/tests/unit/lint.bats +++ b/tests/unit/lint.bats @@ -25,11 +25,11 @@ load '../bats/extensions/bats-file/load' assert_success refute_output --partial "[helm-secrets] Decrypt: ${TEST_TEMP_DIR}/chart/secrets.yaml" assert_output --partial '1 chart(s) linted, 0 chart(s) failed' - refute_output --partial "[helm-secrets] Removed: ${TEST_TEMP_DIR}/chart/secrets.yaml.dec" - assert_file_not_exist "${TEST_TEMP_DIR}/chart/secrets.yaml.dec" + refute_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert_file_not_exist "${FILE}.dec" } -@test "lint: helm lint w/ chart + secret file" { +@test "lint: helm lint w/ chart + secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" @@ -39,23 +39,36 @@ load '../bats/extensions/bats-file/load' assert_output --partial "[helm-secrets] Decrypt: ${FILE}" assert_output --partial "1 chart(s) linted, 0 chart(s) failed" assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" - assert_file_not_exist "${TEST_TEMP_DIR}/chart/secrets.yaml.dec" + assert_file_not_exist "${FILE}.dec" } -@test "lint: helm lint w/ chart + secret file + helm flag" { +@test "lint: helm lint w/ chart + some-secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" - run helm secrets lint "${TEST_TEMP_DIR}/chart" -f "${FILE}" --set image.pullPolicy=Always 2>&1 + run helm secrets lint "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1 assert_success assert_output --partial "[helm-secrets] Decrypt: ${FILE}" assert_output --partial "1 chart(s) linted, 0 chart(s) failed" assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" - assert_file_not_exist "${TEST_TEMP_DIR}/chart/secrets.yaml.dec" + assert_file_not_exist "${FILE}.dec" } -@test "lint: helm lint w/ chart + pre decrypted secret file" { +@test "lint: helm lint w/ chart + secrets.yaml + helm flag" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" + + create_chart "${TEST_TEMP_DIR}" + + run helm secrets lint "${TEST_TEMP_DIR}/chart" -f "${FILE}" --set service.type=NodePort 2>&1 + assert_success + assert_output --partial "[helm-secrets] Decrypt: ${FILE}" + assert_output --partial "1 chart(s) linted, 0 chart(s) failed" + assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert_file_not_exist "${FILE}.dec" +} + +@test "lint: helm lint w/ chart + pre decrypted secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" printf 'service:\n port: 82' > "${FILE}.dec" @@ -69,7 +82,7 @@ load '../bats/extensions/bats-file/load' assert_file_exist "${FILE}.dec" } -@test "lint: helm lint w/ chart + secret file + q flag" { +@test "lint: helm lint w/ chart + secrets.yaml + q flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" @@ -78,11 +91,11 @@ load '../bats/extensions/bats-file/load' assert_success refute_output --partial "[helm-secrets] Decrypt: ${TEST_TEMP_DIR}/chart/secrets.yaml" assert_output --partial "1 chart(s) linted, 0 chart(s) failed" - refute_output --partial "[helm-secrets] Removed: ${TEST_TEMP_DIR}/chart/secrets.yaml.dec" - assert_file_not_exist "${TEST_TEMP_DIR}/chart/secrets.yaml.dec" + refute_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert_file_not_exist "${FILE}.dec" } -@test "lint: helm lint w/ chart + secret file + quiet flag" { +@test "lint: helm lint w/ chart + secrets.yaml + quiet flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" @@ -91,11 +104,11 @@ load '../bats/extensions/bats-file/load' assert_success refute_output --partial "[helm-secrets] Decrypt: ${TEST_TEMP_DIR}/chart/secrets.yaml" assert_output --partial "1 chart(s) linted, 0 chart(s) failed" - refute_output --partial "[helm-secrets] Removed: ${TEST_TEMP_DIR}/chart/secrets.yaml.dec" - assert_file_not_exist "${TEST_TEMP_DIR}/chart/secrets.yaml.dec" + refute_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert_file_not_exist "${FILE}.dec" } -@test "lint: helm lint w/ chart + secret file + special path" { +@test "lint: helm lint w/ chart + secrets.yaml + special path" { FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${SPECIAL_CHAR_DIR}" diff --git a/tests/unit/template.bats b/tests/unit/template.bats index 6a92a9fc..bdf440ae 100755 --- a/tests/unit/template.bats +++ b/tests/unit/template.bats @@ -29,7 +29,7 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "template: helm template w/ chart + secret file" { +@test "template: helm template w/ chart + secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" @@ -42,21 +42,34 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "template: helm template w/ chart + secret file + helm flag" { +@test "template: helm template w/ chart + some-secrets.yaml" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + + create_chart "${TEST_TEMP_DIR}" + + run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1 + assert_success + assert_output --partial "[helm-secrets] Decrypt: ${FILE}" + assert_output --partial "port: 83" + assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" + assert_file_not_exist "${FILE}.dec" +} + +@test "template: helm template w/ chart + secrets.yaml + helm flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" - run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" --set image.pullPolicy=Always 2>&1 + run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" --set service.type=NodePort 2>&1 assert_success assert_output --partial "[helm-secrets] Decrypt: ${FILE}" assert_output --partial "port: 81" - assert_output --partial "imagePullPolicy: Always" + assert_output --partial "type: NodePort" assert_output --partial "[helm-secrets] Removed: ${FILE}.dec" assert_file_not_exist "${FILE}.dec" } -@test "template: helm template w/ chart + pre decrypted secret file" { +@test "template: helm template w/ chart + pre decrypted secrets.yaml" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" printf 'service:\n port: 82' > "${FILE}.dec" @@ -73,7 +86,7 @@ load '../bats/extensions/bats-file/load' assert_success } -@test "template: helm template w/ chart + secret file + q flag" { +@test "template: helm template w/ chart + secrets.yaml + q flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" @@ -86,7 +99,7 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "template: helm template w/ chart + secret file + quiet flag" { +@test "template: helm template w/ chart + secrets.yaml + quiet flag" { FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${TEST_TEMP_DIR}" @@ -99,7 +112,7 @@ load '../bats/extensions/bats-file/load' assert_file_not_exist "${FILE}.dec" } -@test "template: helm template w/ chart + secret file + special path" { +@test "template: helm template w/ chart + secrets.yaml + special path" { FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml" create_chart "${SPECIAL_CHAR_DIR}" diff --git a/tests/unit/view.bats b/tests/unit/view.bats index b55058b0..345e6efd 100755 --- a/tests/unit/view.bats +++ b/tests/unit/view.bats @@ -14,7 +14,7 @@ load '../bats/extensions/bats-file/load' @test "view: helm view --help" { run helm secrets view --help assert_success - assert_output --partial 'View specified secrets[.*].yaml file' + assert_output --partial 'View specified encrypted yaml file' } @test "view: File not exits" { @@ -32,6 +32,15 @@ load '../bats/extensions/bats-file/load' assert_output --partial 'global_bar' } +@test "view: some-secrets.yaml" { + FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/some-secrets.yaml" + + run helm secrets view "${FILE}" + assert_success + assert_output --partial 'global_secret: ' + assert_output --partial 'global_bar' +} + @test "view: secrets.yaml + special char directory name" { FILE="${SPECIAL_CHAR_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"