spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into gcp_secret_manager_adapter

Browse Source
This commit is contained in:
André Laszlo
2024-11-27 13:42:21 +01:00
parent 0c9a367efc 69867e2650
commit b87bcae6a3
27 changed files with 675 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
test/secrets/aws_secrets_manager_adapter_test.rb Normal file
View File

@@ -0,0 +1,98 @@
require "test_helper"
class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
test "fetch" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 secret2/KEY3 --profile default")
.returns(<<~JSON)
{
"SecretValues": [
{
"ARN": "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaaa:secret:secret",
"Name": "secret",
"VersionId": "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv",
"SecretString": "{\\"KEY1\\":\\"VALUE1\\", \\"KEY2\\":\\"VALUE2\\"}",
"VersionStages": [
"AWSCURRENT"
],
"CreatedDate": "2024-01-01T00:00:00.000000"
},
{
"ARN": "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaaa:secret:secret2",
"Name": "secret2",
"VersionId": "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv",
"SecretString": "{\\"KEY3\\":\\"VALUE3\\"}",
"VersionStages": [
"AWSCURRENT"
],
"CreatedDate": "2024-01-01T00:00:00.000000"
}
],
"Errors": []
}
JSON
json = JSON.parse(shellunescape(run_command("fetch", "secret/KEY1", "secret/KEY2", "secret2/KEY3")))
expected_json = {
"secret/KEY1"=>"VALUE1",
"secret/KEY2"=>"VALUE2",
"secret2/KEY3"=>"VALUE3"
}
assert_equal expected_json, json
end
test "fetch with secret names" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 --profile default")
.returns(<<~JSON)
{
"SecretValues": [
{
"ARN": "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaaa:secret:secret",
"Name": "secret",
"VersionId": "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv",
"SecretString": "{\\"KEY1\\":\\"VALUE1\\", \\"KEY2\\":\\"VALUE2\\"}",
"VersionStages": [
"AWSCURRENT"
],
"CreatedDate": "2024-01-01T00:00:00.000000"
}
],
"Errors": []
}
JSON
json = JSON.parse(shellunescape(run_command("fetch", "--from", "secret", "KEY1", "KEY2")))
expected_json = {
"secret/KEY1"=>"VALUE1",
"secret/KEY2"=>"VALUE2"
}
assert_equal expected_json, json
end
test "fetch without CLI installed" do
stub_ticks_with("aws --version 2> /dev/null", succeed: false)
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "SECRET1")))
end
assert_equal "AWS CLI is not installed", error.message
end
private
def run_command(*command)
stdouted do
Kamal::Cli::Secrets.start \
[ *command,
"-c", "test/fixtures/deploy_with_accessories.yml",
"--adapter", "aws_secrets_manager",
"--account", "default" ]
end
end
end

186
test/secrets/doppler_adapter_test.rb Normal file
View File

@@ -0,0 +1,186 @@
require "test_helper"
class DopplerAdapterTest < SecretAdapterTestCase
setup do
`true` # Ensure $? is 0
end
test "fetch" do
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
stub_ticks.with("doppler me --json 2> /dev/null")
stub_ticks
.with("doppler secrets get SECRET1 FSECRET1 FSECRET2 --json -p my-project -c prd")
.returns(<<~JSON)
{
"SECRET1": {
"computed":"secret1",
"computedVisibility":"unmasked",
"note":""
},
"FSECRET1": {
"computed":"fsecret1",
"computedVisibility":"unmasked",
"note":""
},
"FSECRET2": {
"computed":"fsecret2",
"computedVisibility":"unmasked",
"note":""
}
}
JSON
json = JSON.parse(
shellunescape run_command("fetch", "--from", "my-project/prd", "SECRET1", "FSECRET1", "FSECRET2")
)
expected_json = {
"SECRET1"=>"secret1",
"FSECRET1"=>"fsecret1",
"FSECRET2"=>"fsecret2"
}
assert_equal expected_json, json
end
test "fetch having DOPPLER_TOKEN" do
ENV["DOPPLER_TOKEN"] = "dp.st.xxxxxxxxxxxxxxxxxxxxxx"
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
stub_ticks.with("doppler me --json 2> /dev/null")
stub_ticks
.with("doppler secrets get SECRET1 FSECRET1 FSECRET2 --json ")
.returns(<<~JSON)
{
"SECRET1": {
"computed":"secret1",
"computedVisibility":"unmasked",
"note":""
},
"FSECRET1": {
"computed":"fsecret1",
"computedVisibility":"unmasked",
"note":""
},
"FSECRET2": {
"computed":"fsecret2",
"computedVisibility":"unmasked",
"note":""
}
}
JSON
json = JSON.parse(
shellunescape run_command("fetch", "SECRET1", "FSECRET1", "FSECRET2")
)
expected_json = {
"SECRET1"=>"secret1",
"FSECRET1"=>"fsecret1",
"FSECRET2"=>"fsecret2"
}
assert_equal expected_json, json
ENV.delete("DOPPLER_TOKEN")
end
test "fetch with folder in secret" do
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
stub_ticks.with("doppler me --json 2> /dev/null")
stub_ticks
.with("doppler secrets get SECRET1 FSECRET1 FSECRET2 --json -p my-project -c prd")
.returns(<<~JSON)
{
"SECRET1": {
"computed":"secret1",
"computedVisibility":"unmasked",
"note":""
},
"FSECRET1": {
"computed":"fsecret1",
"computedVisibility":"unmasked",
"note":""
},
"FSECRET2": {
"computed":"fsecret2",
"computedVisibility":"unmasked",
"note":""
}
}
JSON
json = JSON.parse(
shellunescape run_command("fetch", "my-project/prd/SECRET1", "my-project/prd/FSECRET1", "my-project/prd/FSECRET2")
)
expected_json = {
"SECRET1"=>"secret1",
"FSECRET1"=>"fsecret1",
"FSECRET2"=>"fsecret2"
}
assert_equal expected_json, json
end
test "fetch without --from" do
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
stub_ticks.with("doppler me --json 2> /dev/null")
error = assert_raises RuntimeError do
run_command("fetch", "FSECRET1", "FSECRET2")
end
assert_equal "Missing project or config from '--from=project/config' option", error.message
end
test "fetch with signin" do
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
stub_ticks_with("doppler me --json 2> /dev/null", succeed: false)
stub_ticks_with("doppler login -y", succeed: true).returns("")
stub_ticks.with("doppler secrets get SECRET1 --json -p my-project -c prd").returns(single_item_json)
json = JSON.parse(shellunescape(run_command("fetch", "--from", "my-project/prd", "SECRET1")))
expected_json = {
"SECRET1"=>"secret1"
}
assert_equal expected_json, json
end
test "fetch without CLI installed" do
stub_ticks_with("doppler --version 2> /dev/null", succeed: false)
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "HOST", "PORT")))
end
assert_equal "Doppler CLI is not installed", error.message
end
private
def run_command(*command)
stdouted do
Kamal::Cli::Secrets.start \
[ *command,
"-c", "test/fixtures/deploy_with_accessories.yml",
"--adapter", "doppler" ]
end
end
def single_item_json
<<~JSON
{
"SECRET1": {
"computed":"secret1",
"computedVisibility":"unmasked",
"note":""
}
}
JSON
end
end