Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret DataStore Crypto Key should not be created when existing provided #385

Merged
merged 2 commits into from
Jan 23, 2024
Merged

Secret DataStore Crypto Key should not be created when existing provided #385

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4a8db8a
Prevent datastore crypto key secret from being created when existing …
bmarick Jan 19, 2024
95ece73
revert unit test changes that failed in remote, but fixed local
bmarick Jan 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion templates/secrets_datastore_crypto_key.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
{{- $deprecated_crypto_key := (default (dict) (default (dict) .Values.secrets).st2).datastore_crypto_key }}
{{- if $deprecated_crypto_key }}
{{- fail "Please update your values! The datastore_crypto_key value moved from secrets.st2.* to st2.*" }}
{{- else if ne "disable" (default "" .Values.st2.datastore_crypto_key) }}
{{- else if and (ne "disable" (default "" .Values.st2.datastore_crypto_key)) (not .Values.st2.existingDatastoreSecret) }}
---
apiVersion: v1
kind: Secret
Expand Down
109 changes: 109 additions & 0 deletions tests/unit/secrets_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
suite: Secret files
templates:
# primary template files
- secrets_datastore_crypto_key.yaml
- secrets_st2auth.yaml
- deployments.yaml
- jobs.yaml
Expand Down Expand Up @@ -113,3 +114,111 @@ tests:
path: spec.template.spec.initContainers[1].envFrom[1].secretRef.name
value: "hello-world"
documentIndex: 1 # st2-key-load

- it: ST2 Datastore Crypto Key Secret include by default
template: secrets_datastore_crypto_key.yaml
set:
st2: {}
release:
name: st2ha
asserts:
- hasDocuments:
count: 1
- isNotEmpty:
path: data.datastore_crypto_key
documentIndex: 0

- it: ST2 Datastore Crypto Key Secret set custom username and password
template: secrets_datastore_crypto_key.yaml
set:
st2:
datastore_crypto_key: >-
{"hmacKey": {"hmacKeyString": "", "size": 256}, "size": 256, "aesKeyString": "", "mode": "CBC"}
release:
name: st2ha
asserts:
- hasDocuments:
count: 1
- equal:
path: data.datastore_crypto_key
value: "eyJobWFjS2V5IjogeyJobWFjS2V5U3RyaW5nIjogIiIsICJzaXplIjogMjU2fSwgInNpemUiOiAyNTYsICJhZXNLZXlTdHJpbmciOiAiIiwgIm1vZGUiOiAiQ0JDIn0=" # Base64 encoded value

- it: ST2 Datastore Crypto Key Secret disable generation
template: secrets_datastore_crypto_key.yaml
set:
st2:
existingDatastoreSecret: "hello-world"
release:
name: st2ha
asserts:
- hasDocuments:
count: 0

- it: ST2 Datastore Crypto Key Secret custom secret Name
template: deployments.yaml
set:
st2:
existingDatastoreSecret: "hello-world"
st2chatops:
enabled: true
release:
name: st2ha
asserts:
- hasDocuments:
count: 14
- equal:
path: metadata.name
value: st2ha-st2api
documentIndex: &deployment_st2api_doc 1
- equal:
path: spec.template.spec.volumes[0].secret.secretName
value: "hello-world"
documentIndex: *deployment_st2api_doc
- equal:
path: metadata.name
value: st2ha-st2rulesengine
documentIndex: &deployment_st2rulesengine_doc 4
- equal:
path: spec.template.spec.volumes[1].secret.secretName
value: "hello-world"
documentIndex: *deployment_st2rulesengine_doc
- equal:
path: metadata.name
value: st2ha-st2workflowengine
documentIndex: &deployment_st2workflowengine_doc 6
- equal:
path: spec.template.spec.volumes[1].secret.secretName
value: "hello-world"
documentIndex: *deployment_st2workflowengine_doc
- equal:
path: metadata.name
value: st2ha-st2scheduler
documentIndex: &deployment_st2scheduler_doc 7
- equal:
path: spec.template.spec.volumes[0].secret.secretName
value: "hello-world"
documentIndex: *deployment_st2scheduler_doc
- equal:
path: metadata.name
value: st2ha-st2sensorcontainer
documentIndex: &deployment_st2sensorcontainer_doc 9
- equal:
path: spec.template.spec.volumes[0].secret.secretName
value: "hello-world"
documentIndex: *deployment_st2sensorcontainer_doc
- equal:
path: metadata.name
value: st2ha-st2actionrunner
documentIndex: &deployment_st2actionrunner_doc 10
- equal:
path: spec.template.spec.volumes[0].secret.secretName
value: "hello-world"
documentIndex: *deployment_st2actionrunner_doc
- equal:
path: metadata.name
value: st2ha-st2client
documentIndex: &deployment_st2client_doc 12
- equal:
path: spec.template.spec.volumes[0].secret.secretName
value: "hello-world"
documentIndex: *deployment_st2client_doc
Loading