spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use env files for secrets

Browse Source 
Add env files back in for secrets - hides them from process lists and
allows you to pick up the latest env file when running
`kamal app exec` without reusing.
This commit is contained in:
Donal McBreen
2024-09-09 14:43:12 +01:00
parent 57cbf7cdb5
commit aed2ef99d0
25 changed files with 307 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
test/configuration/env_test.rb
View File

@@ -6,20 +6,20 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
test "simple" do
assert_config \
config: { "foo" => "bar", "baz" => "haz" },
results: { "foo" => "bar", "baz" => "haz" }
clear: { "foo" => "bar", "baz" => "haz" }
end
test "clear" do
assert_config \
config: { "clear" => { "foo" => "bar", "baz" => "haz" } },
results: { "foo" => "bar", "baz" => "haz" }
clear: { "foo" => "bar", "baz" => "haz" }
end
test "secret" do
with_test_secrets("secrets" => "PASSWORD=hello") do
assert_config \
config: { "secret" => [ "PASSWORD" ] },
results: { "PASSWORD" => "hello" }
secrets: { "PASSWORD" => "hello" }
end
end
@@ -28,7 +28,7 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
"secret" => [ "PASSWORD" ]
}
assert_raises(Kamal::ConfigurationError) { Kamal::Configuration::Env.new(config: { "secret" => [ "PASSWORD" ] }, secrets: Kamal::Secrets.new).args }
assert_raises(Kamal::ConfigurationError) { Kamal::Configuration::Env.new(config: { "secret" => [ "PASSWORD" ] }, secrets: Kamal::Secrets.new).secrets_io }
end
test "secret and clear" do
@@ -43,14 +43,17 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
assert_config \
config: config,
results: { "foo" => "bar", "baz" => "haz", "PASSWORD" => "hello" }
clear: { "foo" => "bar", "baz" => "haz" },
secrets: { "PASSWORD" => "hello" }
end
end
private
def assert_config(config:, results:)
def assert_config(config:, clear: {}, secrets: {})
env = Kamal::Configuration::Env.new config: config, secrets: Kamal::Secrets.new
expected_args = results.to_a.flat_map { |key, value| [ "--env", "#{key}=\"#{value}\"" ] }
assert_equal expected_args, env.args.map(&:to_s) #  to_s removes the redactions
expected_clear_args = clear.to_a.flat_map { |key, value| [ "--env", "#{key}=\"#{value}\"" ] }
assert_equal expected_clear_args, env.clear_args.map(&:to_s) #  to_s removes the redactions
expected_secrets = secrets.to_a.flat_map { |key, value| "#{key}=#{value}" }.join("\n") + "\n"
assert_equal expected_secrets, env.secrets_io.string
end
end