Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jkroepke/helm-secrets
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.1.0
Choose a base ref
...
head repository: jkroepke/helm-secrets
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.2.0
Choose a head ref

Commits on Apr 27, 2020

  1. Set next version

    jkroepke committed Apr 27, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    41a64e0 View commit details
  2. Create secret driver engine

    jkroepke committed Apr 27, 2020
    Copy the full SHA
    00fa306 View commit details
  3. Copy the full SHA
    65232d8 View commit details
  4. Merge pull request #16 from jkroepke/secret-drivers

    Create secret driver engine
    jkroepke authored Apr 27, 2020
    Copy the full SHA
    45c9bfa View commit details
  5. Copy the full SHA
    ce6b190 View commit details

Commits on May 1, 2020

  1. Update CHANGELOG.md

    jkroepke authored May 1, 2020
    Copy the full SHA
    4a415e7 View commit details
  2. Copy the full SHA
    8851ca8 View commit details

Commits on May 2, 2020

  1. Test more shells (#17)

    jkroepke authored May 2, 2020
    Copy the full SHA
    c625a01 View commit details
  2. Add checkbashisms (#19)

    jkroepke authored May 2, 2020
    Copy the full SHA
    0d85969 View commit details
  3. Added bats-file (#20)

    jkroepke authored May 2, 2020
    Copy the full SHA
    42d9314 View commit details

Commits on May 6, 2020

  1. Add Vault Support

    jkroepke committed May 6, 2020
    Copy the full SHA
    61e82da View commit details
  2. Merge pull request #22 from jkroepke/vault

    WIP: Vault support
    jkroepke authored May 6, 2020
    Copy the full SHA
    3b9c0b2 View commit details
  3. Copy the full SHA
    a986aa0 View commit details
  4. Merge pull request #23 from jkroepke/name-secret-yaml

    Remove secret file name restriction
    jkroepke authored May 6, 2020
    Copy the full SHA
    441c4d8 View commit details

Commits on May 7, 2020

  1. Update README.md

    jkroepke authored May 7, 2020
    Copy the full SHA
    0899294 View commit details
  2. Update README.md

    jkroepke authored May 7, 2020
    Copy the full SHA
    2161ecf View commit details
  3. Reformat Changelog

    jkroepke committed May 7, 2020
    Copy the full SHA
    93da2ff View commit details

Commits on May 8, 2020

  1. Copy the full SHA
    a640972 View commit details
  2. Copy the full SHA
    f1bacde View commit details
  3. Prepare 3.2.0

    jkroepke committed May 8, 2020
    Copy the full SHA
    0e92c4b View commit details
  4. Release v3.2.0

    jkroepke committed May 8, 2020
    Copy the full SHA
    53e75a8 View commit details
Showing with 3,997 additions and 2,547 deletions.
  1. +5 −0 .editorconfig
  2. +58 −9 .github/workflows/ci.yaml
  3. +4 −0 .github/workflows/release.yaml
  4. +2 −6 .gitignore
  5. +5 −2 .gitmodules
  6. +24 −12 CHANGELOG.md
  7. +76 −0 CODE_OF_CONDUCT.md
  8. +13 −0 CONTRIBUTING.md
  9. +1 −1 LICENSE
  10. +57 −355 README.md
  11. +325 −0 USAGE.md
  12. +2 −22 completion.yaml
  13. +23 −0 examples/sops/.helmignore
  14. +1 −1 {tests/assets/helm_vars/projectX → examples/sops}/.sops.yaml
  15. +23 −0 examples/sops/Chart.yaml
  16. +32 −0 examples/sops/secrets.yaml
  17. +2 −0 examples/sops/secrets.yaml.dec
  18. +21 −0 examples/sops/templates/NOTES.txt
  19. +63 −0 examples/sops/templates/_helpers.tpl
  20. +61 −0 examples/sops/templates/deployment.yaml
  21. +28 −0 examples/sops/templates/hpa.yaml
  22. +41 −0 examples/sops/templates/ingress.yaml
  23. +15 −0 examples/sops/templates/service.yaml
  24. +12 −0 examples/sops/templates/serviceaccount.yaml
  25. +15 −0 examples/sops/templates/tests/test-connection.yaml
  26. +79 −0 examples/sops/values.yaml
  27. +23 −0 examples/vault/.helmignore
  28. +23 −0 examples/vault/Chart.yaml
  29. +2 −0 examples/vault/secrets.yaml
  30. +21 −0 examples/vault/templates/NOTES.txt
  31. +63 −0 examples/vault/templates/_helpers.tpl
  32. +61 −0 examples/vault/templates/deployment.yaml
  33. +28 −0 examples/vault/templates/hpa.yaml
  34. +41 −0 examples/vault/templates/ingress.yaml
  35. +15 −0 examples/vault/templates/service.yaml
  36. +12 −0 examples/vault/templates/serviceaccount.yaml
  37. +15 −0 examples/vault/templates/tests/test-connection.yaml
  38. +79 −0 examples/vault/values.yaml
  39. +1 −1 plugin.yaml
  40. +31 −0 scripts/commands/clean.sh
  41. +60 −0 scripts/commands/dec.sh
  42. +45 −0 scripts/commands/edit.sh
  43. +71 −0 scripts/commands/enc.sh
  44. +108 −0 scripts/commands/helm.sh
  45. +35 −0 scripts/commands/view.sh
  46. +41 −0 scripts/drivers/noop.sh
  47. +39 −0 scripts/drivers/sops.sh
  48. +90 −0 scripts/drivers/vault.sh
  49. +5 −3 scripts/install.sh
  50. +107 −388 scripts/run.sh
  51. +110 −0 tests/README.md
  52. +58 −0 tests/assets/gpg/private.gpg
  53. +0 −3 tests/assets/helm_vars/.sops.yaml
  54. +0 −31 tests/assets/helm_vars/projectX/production/us-east-1/java-app/secrets.yaml
  55. +0 −1 tests/assets/helm_vars/projectX/production/us-east-1/java-app/value.yaml
  56. +0 −31 tests/assets/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
  57. +0 −1 tests/assets/helm_vars/projectX/sandbox/us-east-1/java-app/value.yaml
  58. +0 −3 tests/assets/helm_vars/projectY/.sops.yaml
  59. +0 −31 tests/assets/helm_vars/projectY/production/us-east-1/java-app/secrets.yaml
  60. +0 −1 tests/assets/helm_vars/projectY/production/us-east-1/java-app/value.yaml
  61. +0 −31 tests/assets/helm_vars/projectY/sandbox/us-east-1/java-app/secrets.yaml
  62. +0 −1 tests/assets/helm_vars/projectY/sandbox/us-east-1/java-app/value.yaml
  63. +0 −52 tests/assets/helm_vars/secrets.yaml
  64. +0 −1 tests/assets/helm_vars/values.yaml
  65. +0 −105 tests/assets/pgp/projectx.asc
  66. +0 −105 tests/assets/pgp/projecty.asc
  67. +22 −0 tests/assets/values/noop/secrets.yaml
  68. +22 −0 tests/assets/values/noop/some-secrets.yaml
  69. +3 −0 tests/assets/values/sops/.sops.yaml
  70. +23 −0 tests/assets/values/sops/secrets.dec.yaml
  71. +28 −0 tests/assets/values/sops/secrets.yaml
  72. +23 −0 tests/assets/values/sops/some-secrets.dec.yaml
  73. +28 −0 tests/assets/values/sops/some-secrets.yaml
  74. +4 −0 tests/assets/values/vault/secrets.yaml
  75. +22 −0 tests/assets/values/vault/seed.sh
  76. +4 −0 tests/assets/values/vault/some-secrets.yaml
  77. +1 −1 tests/bats/core
  78. +1 −1 tests/bats/extensions/bats-assert
  79. +1 −0 tests/bats/extensions/bats-file
  80. +1 −1 tests/bats/extensions/bats-support
  81. +0 −56 tests/helper.bash
  82. +0 −15 tests/it/0-setup.bats
  83. +0 −201 tests/it/2-install.bats
  84. +0 −201 tests/it/3-upgrade.bats
  85. +0 −158 tests/it/4-diff.bats
  86. +0 −9 tests/it/99-cleanup.bats
  87. +163 −0 tests/it/diff.bats
  88. +173 −0 tests/it/install.bats
  89. +172 −0 tests/it/upgrade.bats
  90. +47 −0 tests/lib/create_encrypted_file.bash
  91. +129 −0 tests/lib/helper.bash
  92. +0 −9 tests/unit/0-setup.bats
  93. +0 −29 tests/unit/1-plugin-install.bats
  94. +0 −31 tests/unit/2-view.bats
  95. +0 −68 tests/unit/3-dec.bats
  96. +0 −70 tests/unit/4-enc.bats
  97. +0 −37 tests/unit/5-edit.bats
  98. +0 −146 tests/unit/7-lint.bats
  99. +0 −146 tests/unit/8-template.bats
  100. +0 −151 tests/unit/9-kubeval.bats
  101. +0 −9 tests/unit/99-cleanup.bats
  102. +20 −8 tests/unit/{6-clean.bats → clean.bats}
  103. +100 −0 tests/unit/dec.bats
  104. +79 −0 tests/unit/edit.bats
  105. +141 −0 tests/unit/enc.bats
  106. +162 −0 tests/unit/kubeval.bats
  107. +137 −0 tests/unit/lint.bats
  108. +16 −3 tests/{it/1-plugin-install.bats → unit/plugin-install.bats}
  109. +111 −0 tests/unit/secret-driver.bats
  110. +141 −0 tests/unit/template.bats
  111. +51 −0 tests/unit/view.bats
5 changes: 5 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -9,4 +9,9 @@ indent_style = space
indent_size = 4
max_line_length = 80
trim_trailing_whitespace = true

[*.sh]
shell_variant = posix

[*.{bash,bats}]
shell_variant = bash
67 changes: 58 additions & 9 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -23,17 +23,43 @@ jobs:
with:
sh_checker_comment: true
sh_checker_exclude: "tests"

# https://github.com/luizm/action-sh-checker/issues/5
- name: Install checkbashisms
run: |-
sudo apt-get update -qq
sudo apt-get install -y -qq curl
curl -sSLf https://deb.debian.org/debian/pool/main/d/devscripts/devscripts_2.20.3_amd64.deb -o /tmp/devscripts.deb
set +e
sudo dpkg -i /tmp/devscripts.deb
set -e
sudo apt-get install -y -qq -f
- name: Run checkbashisms
run: checkbashisms -p scripts/*

unit-tests:
runs-on: ${{ matrix.os }}
container: ${{ matrix.container }}
if: "!contains(github.event.head_commit.message, '[ci skip]')"
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
os: [ubuntu-latest, macos-latest] # [dash, zsh]
container: [~]
include:
- os: ubuntu-latest
container: alpine # ash
- os: ubuntu-latest
container: centos:8 # bash
steps:
- uses: actions/cache@v1
with:
path: ${{ github.workspace }}/bin
key: sops-${{ env.SOPS_VERSION }}
- name: Install git & curl
run: |-
if command -v apk > /dev/null; then
apk add --no-cache bash git curl gnupg
elif command -v yum > /dev/null; then
yum install -y git-core unzip
fi
- uses: actions/checkout@v2
with:
@@ -44,22 +70,45 @@ jobs:
with:
version: v3.2.0

- name: Setup vault
uses: volcano-coffee-company/setup-vault@v1
with:
version: '1.4.1'

- name: Install dependencies
run: |-
mkdir -p "$GITHUB_WORKSPACE/bin"
curl -sSfL "https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.$(uname | awk '{print tolower($0)}')" -z "$GITHUB_WORKSPACE/bin/sops" -o "$GITHUB_WORKSPACE/bin/sops"
export PATH="$GITHUB_WORKSPACE/bin/:$PATH"
echo "::add-path::$GITHUB_WORKSPACE/bin/"
curl -sSfL "https://github.com/mozilla/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.$(uname | awk '{print tolower($0)}')" -z "$GITHUB_WORKSPACE/bin/sops" -o "$GITHUB_WORKSPACE/bin/sops"
chmod +x "$GITHUB_WORKSPACE/bin/sops"
sops --version
- name: Print Environment
run: |-
tests/bats/core/install.sh "$GITHUB_WORKSPACE"
echo "Shell: $(readlink /bin/sh || readlink /var/select/sh)"
bats -v
sops --version
gpg --version
- name: helm plugin install
run: helm plugin install .

- run: bats --tap -r tests/unit
- name: HELM_SECRETS_DRIVER=sops bats --tap -r tests/unit
run: |
bats --tap -r tests/unit
env:
HELM_SECRETS_DRIVER: sops

- name: HELM_SECRETS_DRIVER=vault bats --tap -r tests/unit
run: |
vault server -dev -dev-root-token-id=test &>/dev/null &
bats --tap -r tests/unit
env:
HELM_SECRETS_DRIVER: vault
VAULT_ADDR: 'http://127.0.0.1:8200'

integration-tests:
needs: [unit-tests]
runs-on: ubuntu-latest
4 changes: 4 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -23,3 +23,7 @@ jobs:
release_name: Release ${{ github.ref }}
draft: false
prerelease: false
body: |-
# CHANGELOG
* https://github.com/jkroepke/helm-secrets/blob/${{ github.ref }}/CHANGELOG.md
8 changes: 2 additions & 6 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,8 +1,4 @@
*.iml
/.idea/

tests/.home/
tests/.tmp/
tests/assets/**/*.yaml.dec
tests/assets/**/*.yaml.test
tests/assets/**/*.tmp.yaml
/tests/.tmp/
/tests/coverage/
7 changes: 5 additions & 2 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -3,7 +3,10 @@
url = https://github.com/bats-core/bats-core.git
[submodule "tests/bats/extensions/bats-assert"]
path = tests/bats/extensions/bats-assert
url = https://github.com/bats-core/bats-assert
url = https://github.com/bats-core/bats-assert.git
[submodule "tests/bats/extensions/bats-file"]
path = tests/bats/extensions/bats-file
url = https://github.com/bats-core/bats-file.git
[submodule "tests/bats/extensions/bats-support"]
path = tests/bats/extensions/bats-support
url = https://github.com/bats-core/bats-support
url = https://github.com/bats-core/bats-support.git
36 changes: 24 additions & 12 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -6,34 +6,46 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [3.2.0] - 2020-05-08

### Added
- Add Vault support (https://github.com/jkroepke/helm-secrets/pull/22)
- Secret driver to gain secrets from other sources then sops. (https://github.com/jkroepke/helm-secrets/pull/16)
- Remove name restriction (https://github.com/jkroepke/helm-secrets/pull/23)

### Changed
- Run unit tests on bash, dash and ash (busybox), too.

## [3.1.0] - 2020-04-27

### Added

* completion.yaml for helm shell auto completion
* Tests for all `helm secrets` commands
* Added quiet flag for helm secrets (https://github.com/jkroepke/helm-secrets/pull/8)
- completion.yaml for helm shell auto completion
- Tests for all `helm secrets` commands
- Added quiet flag for helm secrets (https://github.com/jkroepke/helm-secrets/pull/8)

### Changed

* Escape special chars in paths correctly (https://github.com/jkroepke/helm-secrets/pull/9)
- Escape special chars in paths correctly (https://github.com/jkroepke/helm-secrets/pull/9)

## [3.0.0] - 2020-04-26

Started a fork of https://github.com/zendesk/helm-secrets

### Added
* POSIX compatibility (https://github.com/jkroepke/helm-secrets/pull/1)
* Optionally decrypt helm secrets in a temporary directory (https://github.com/jkroepke/helm-secrets/pull/5)
* Added CI tests (https://github.com/jkroepke/helm-secrets/pull/2)
- POSIX compatibility (https://github.com/jkroepke/helm-secrets/pull/1)
- Optionally decrypt helm secrets in a temporary directory (https://github.com/jkroepke/helm-secrets/pull/5)
- Added CI tests (https://github.com/jkroepke/helm-secrets/pull/2)

### Changed
* Changed secrets.yaml prefix just to `secrets`. All files like `secrets*` are now decrypted
* Remove dependency against gnu-getops
* Remove run as root dependency on helm plugin install
* Verbose output is now on stderr
* Support all helm sub commands and plugins
- Changed secrets.yaml prefix just to `secrets`. All files like `secrets*` are now decrypted
- Remove dependency against gnu-getops
- Remove run as root dependency on helm plugin install
- Verbose output is now on stderr
- Support all helm sub commands and plugins


[Unreleased]: https://github.com/jkroepke/helm-secrets/compare/v3.2.0...HEAD
[3.2.0]: https://github.com/jkroepke/helm-secrets/compare/v3.1.0...v3.2.0
[3.1.0]: https://github.com/jkroepke/helm-secrets/compare/v3.0.0...v3.1.0
[3.0.0]: https://github.com/jkroepke/helm-secrets/compare/5f91bdf...v3.0.0
76 changes: 76 additions & 0 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# Contributor Covenant Code of Conduct

## Our Pledge

In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.

## Our Standards

Examples of behavior that contributes to creating a positive environment
include:

* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members

Examples of unacceptable behavior by participants include:

* The use of sexualized language or imagery and unwelcome sexual attention or
advances
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting

## Our Responsibilities

Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.

Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.

## Scope

This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.

## Enforcement

Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at mail@jkroepke.de. All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.

## Attribution

This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html

[homepage]: https://www.contributor-covenant.org

For answers to common questions about this code of conduct, see
https://www.contributor-covenant.org/faq
13 changes: 13 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Contributing

When contributing to this repository, please first discuss the change you wish to make via issue before making a change.

Please note we have a code of conduct, please follow it in all your interactions with the project.

## Pull Request Process

1. Update the [README.md](README.md) or [USAGE.md](USAGE.md) with details of changes to the interface, this includes new environment
variables, useful file locations and other parameters.
2. If possible add [test cases](tests/README.md) to cover the issues or new feature.
3. You may merge the Pull Request in once you have the sign-off of two other developers, or if you
do not have permission to do that, you may request the second reviewer to merge it for you.
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -187,7 +187,7 @@
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright 2020 Jan-Otto Kröpke <helm@jkroepke.de>
Copyright 2020 Jan-Otto Kröpke (jkroepke) <mail@jkroepke.de>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Loading