Always send the clear env to the container
Secret and clear env variables have different lifecycles. The clear ones are part of the repo, so it makes sense to always deploy them with the rest of the repo. The secret ones are external so we can't be sure that they are up to date, therefore they require an explicit push via `envify` or `env push`. We'll keep the env file, but now it just contains secrets. The clear values are passed directly to `docker run`.
This commit is contained in:
Donal McBreen
@@ -70,14 +70,10 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
|
||||
end
|
||||
|
||||
test "env overwritten by role" do
|
||||
assert_equal "redis://a/b", @config_with_roles.role(:workers).env["REDIS_URL"]
|
||||
assert_equal "redis://a/b", @config_with_roles.role(:workers).env.clear["REDIS_URL"]
|
||||
|
||||
expected_env = <<~ENV
|
||||
REDIS_URL=redis://a/b
|
||||
WEB_CONCURRENCY=4
|
||||
ENV
|
||||
|
||||
assert_equal expected_env, @config_with_roles.role(:workers).env_file.to_s
|
||||
assert_equal "\n", @config_with_roles.role(:workers).env.secrets_io.string
|
||||
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://a/b\"", "--env", "WEB_CONCURRENCY=\"4\"" ], @config_with_roles.role(:workers).env_args
|
||||
end
|
||||
|
||||
test "container name" do
|
||||
@@ -90,7 +86,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
|
||||
end
|
||||
|
||||
test "env args" do
|
||||
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env" ], @config_with_roles.role(:workers).env_args
|
||||
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://a/b\"", "--env", "WEB_CONCURRENCY=\"4\"" ], @config_with_roles.role(:workers).env_args
|
||||
end
|
||||
|
||||
test "env secret overwritten by role" do
|
||||
@@ -116,14 +112,13 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
|
||||
ENV["REDIS_PASSWORD"] = "secret456"
|
||||
ENV["DB_PASSWORD"] = "secret&\"123"
|
||||
|
||||
expected = <<~ENV
|
||||
expected_secrets_file = <<~ENV
|
||||
REDIS_PASSWORD=secret456
|
||||
DB_PASSWORD=secret&\"123
|
||||
REDIS_URL=redis://a/b
|
||||
WEB_CONCURRENCY=4
|
||||
ENV
|
||||
|
||||
assert_equal expected, @config_with_roles.role(:workers).env_file.to_s
|
||||
assert_equal expected_secrets_file, @config_with_roles.role(:workers).env.secrets_io.string
|
||||
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://a/b\"", "--env", "WEB_CONCURRENCY=\"4\"" ], @config_with_roles.role(:workers).env_args
|
||||
ensure
|
||||
ENV["REDIS_PASSWORD"] = nil
|
||||
ENV["DB_PASSWORD"] = nil
|
||||
@@ -142,13 +137,12 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
|
||||
|
||||
ENV["DB_PASSWORD"] = "secret123"
|
||||
|
||||
expected = <<~ENV
|
||||
expected_secrets_file = <<~ENV
|
||||
DB_PASSWORD=secret123
|
||||
REDIS_URL=redis://a/b
|
||||
WEB_CONCURRENCY=4
|
||||
ENV
|
||||
|
||||
assert_equal expected, @config_with_roles.role(:workers).env_file.to_s
|
||||
assert_equal expected_secrets_file, @config_with_roles.role(:workers).env.secrets_io.string
|
||||
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://a/b\"", "--env", "WEB_CONCURRENCY=\"4\"" ], @config_with_roles.role(:workers).env_args
|
||||
ensure
|
||||
ENV["DB_PASSWORD"] = nil
|
||||
end
|
||||
@@ -165,13 +159,12 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
|
||||
|
||||
ENV["REDIS_PASSWORD"] = "secret456"
|
||||
|
||||
expected = <<~ENV
|
||||
expected_secrets_file = <<~ENV
|
||||
REDIS_PASSWORD=secret456
|
||||
REDIS_URL=redis://a/b
|
||||
WEB_CONCURRENCY=4
|
||||
ENV
|
||||
|
||||
assert_equal expected, @config_with_roles.role(:workers).env_file.to_s
|
||||
assert_equal expected_secrets_file, @config_with_roles.role(:workers).env.secrets_io.string
|
||||
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://a/b\"", "--env", "WEB_CONCURRENCY=\"4\"" ], @config_with_roles.role(:workers).env_args
|
||||
ensure
|
||||
ENV["REDIS_PASSWORD"] = nil
|
||||
end
|
||||
@@ -194,22 +187,18 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
|
||||
|
||||
ENV["REDIS_PASSWORD"] = "secret456"
|
||||
|
||||
expected = <<~ENV
|
||||
expected_secrets_file = <<~ENV
|
||||
REDIS_PASSWORD=secret456
|
||||
REDIS_URL=redis://c/d
|
||||
ENV
|
||||
|
||||
assert_equal expected, @config_with_roles.role(:workers).env_file.to_s
|
||||
assert_equal expected_secrets_file, @config_with_roles.role(:workers).env.secrets_io.string
|
||||
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://c/d\"" ], @config_with_roles.role(:workers).env_args
|
||||
ensure
|
||||
ENV["REDIS_PASSWORD"] = nil
|
||||
end
|
||||
|
||||
test "host_env_directory" do
|
||||
assert_equal ".kamal/env/roles", @config_with_roles.role(:workers).host_env_directory
|
||||
end
|
||||
|
||||
test "host_env_file_path" do
|
||||
assert_equal ".kamal/env/roles/app-workers.env", @config_with_roles.role(:workers).host_env_file_path
|
||||
test "env secrets_file" do
|
||||
assert_equal ".kamal/env/roles/app-workers.env", @config_with_roles.role(:workers).env.secrets_file
|
||||
end
|
||||
|
||||
test "uses cord" do
|
||||
|
||||
Reference in New Issue
Block a user