Merge remote-tracking branch 'origin/main' into gcp_secret_manager_adapter
This commit is contained in:
98
test/secrets/aws_secrets_manager_adapter_test.rb
Normal file
98
test/secrets/aws_secrets_manager_adapter_test.rb
Normal file
@@ -0,0 +1,98 @@
|
||||
require "test_helper"
|
||||
|
||||
class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
|
||||
test "fetch" do
|
||||
stub_ticks.with("aws --version 2> /dev/null")
|
||||
stub_ticks
|
||||
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 secret2/KEY3 --profile default")
|
||||
.returns(<<~JSON)
|
||||
{
|
||||
"SecretValues": [
|
||||
{
|
||||
"ARN": "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaaa:secret:secret",
|
||||
"Name": "secret",
|
||||
"VersionId": "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv",
|
||||
"SecretString": "{\\"KEY1\\":\\"VALUE1\\", \\"KEY2\\":\\"VALUE2\\"}",
|
||||
"VersionStages": [
|
||||
"AWSCURRENT"
|
||||
],
|
||||
"CreatedDate": "2024-01-01T00:00:00.000000"
|
||||
},
|
||||
{
|
||||
"ARN": "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaaa:secret:secret2",
|
||||
"Name": "secret2",
|
||||
"VersionId": "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv",
|
||||
"SecretString": "{\\"KEY3\\":\\"VALUE3\\"}",
|
||||
"VersionStages": [
|
||||
"AWSCURRENT"
|
||||
],
|
||||
"CreatedDate": "2024-01-01T00:00:00.000000"
|
||||
}
|
||||
],
|
||||
"Errors": []
|
||||
}
|
||||
JSON
|
||||
|
||||
json = JSON.parse(shellunescape(run_command("fetch", "secret/KEY1", "secret/KEY2", "secret2/KEY3")))
|
||||
|
||||
expected_json = {
|
||||
"secret/KEY1"=>"VALUE1",
|
||||
"secret/KEY2"=>"VALUE2",
|
||||
"secret2/KEY3"=>"VALUE3"
|
||||
}
|
||||
|
||||
assert_equal expected_json, json
|
||||
end
|
||||
|
||||
test "fetch with secret names" do
|
||||
stub_ticks.with("aws --version 2> /dev/null")
|
||||
stub_ticks
|
||||
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 --profile default")
|
||||
.returns(<<~JSON)
|
||||
{
|
||||
"SecretValues": [
|
||||
{
|
||||
"ARN": "arn:aws:secretsmanager:us-east-1:aaaaaaaaaaaa:secret:secret",
|
||||
"Name": "secret",
|
||||
"VersionId": "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv",
|
||||
"SecretString": "{\\"KEY1\\":\\"VALUE1\\", \\"KEY2\\":\\"VALUE2\\"}",
|
||||
"VersionStages": [
|
||||
"AWSCURRENT"
|
||||
],
|
||||
"CreatedDate": "2024-01-01T00:00:00.000000"
|
||||
}
|
||||
],
|
||||
"Errors": []
|
||||
}
|
||||
JSON
|
||||
|
||||
json = JSON.parse(shellunescape(run_command("fetch", "--from", "secret", "KEY1", "KEY2")))
|
||||
|
||||
expected_json = {
|
||||
"secret/KEY1"=>"VALUE1",
|
||||
"secret/KEY2"=>"VALUE2"
|
||||
}
|
||||
|
||||
assert_equal expected_json, json
|
||||
end
|
||||
|
||||
test "fetch without CLI installed" do
|
||||
stub_ticks_with("aws --version 2> /dev/null", succeed: false)
|
||||
|
||||
error = assert_raises RuntimeError do
|
||||
JSON.parse(shellunescape(run_command("fetch", "SECRET1")))
|
||||
end
|
||||
assert_equal "AWS CLI is not installed", error.message
|
||||
end
|
||||
|
||||
private
|
||||
def run_command(*command)
|
||||
stdouted do
|
||||
Kamal::Cli::Secrets.start \
|
||||
[ *command,
|
||||
"-c", "test/fixtures/deploy_with_accessories.yml",
|
||||
"--adapter", "aws_secrets_manager",
|
||||
"--account", "default" ]
|
||||
end
|
||||
end
|
||||
end
|
||||
186
test/secrets/doppler_adapter_test.rb
Normal file
186
test/secrets/doppler_adapter_test.rb
Normal file
@@ -0,0 +1,186 @@
|
||||
require "test_helper"
|
||||
|
||||
class DopplerAdapterTest < SecretAdapterTestCase
|
||||
setup do
|
||||
`true` # Ensure $? is 0
|
||||
end
|
||||
|
||||
test "fetch" do
|
||||
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
|
||||
stub_ticks.with("doppler me --json 2> /dev/null")
|
||||
|
||||
stub_ticks
|
||||
.with("doppler secrets get SECRET1 FSECRET1 FSECRET2 --json -p my-project -c prd")
|
||||
.returns(<<~JSON)
|
||||
{
|
||||
"SECRET1": {
|
||||
"computed":"secret1",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
},
|
||||
"FSECRET1": {
|
||||
"computed":"fsecret1",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
},
|
||||
"FSECRET2": {
|
||||
"computed":"fsecret2",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
}
|
||||
}
|
||||
JSON
|
||||
|
||||
json = JSON.parse(
|
||||
shellunescape run_command("fetch", "--from", "my-project/prd", "SECRET1", "FSECRET1", "FSECRET2")
|
||||
)
|
||||
|
||||
expected_json = {
|
||||
"SECRET1"=>"secret1",
|
||||
"FSECRET1"=>"fsecret1",
|
||||
"FSECRET2"=>"fsecret2"
|
||||
}
|
||||
|
||||
assert_equal expected_json, json
|
||||
end
|
||||
|
||||
test "fetch having DOPPLER_TOKEN" do
|
||||
ENV["DOPPLER_TOKEN"] = "dp.st.xxxxxxxxxxxxxxxxxxxxxx"
|
||||
|
||||
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
|
||||
stub_ticks.with("doppler me --json 2> /dev/null")
|
||||
|
||||
stub_ticks
|
||||
.with("doppler secrets get SECRET1 FSECRET1 FSECRET2 --json ")
|
||||
.returns(<<~JSON)
|
||||
{
|
||||
"SECRET1": {
|
||||
"computed":"secret1",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
},
|
||||
"FSECRET1": {
|
||||
"computed":"fsecret1",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
},
|
||||
"FSECRET2": {
|
||||
"computed":"fsecret2",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
}
|
||||
}
|
||||
JSON
|
||||
|
||||
json = JSON.parse(
|
||||
shellunescape run_command("fetch", "SECRET1", "FSECRET1", "FSECRET2")
|
||||
)
|
||||
|
||||
expected_json = {
|
||||
"SECRET1"=>"secret1",
|
||||
"FSECRET1"=>"fsecret1",
|
||||
"FSECRET2"=>"fsecret2"
|
||||
}
|
||||
|
||||
assert_equal expected_json, json
|
||||
|
||||
ENV.delete("DOPPLER_TOKEN")
|
||||
end
|
||||
|
||||
test "fetch with folder in secret" do
|
||||
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
|
||||
stub_ticks.with("doppler me --json 2> /dev/null")
|
||||
|
||||
stub_ticks
|
||||
.with("doppler secrets get SECRET1 FSECRET1 FSECRET2 --json -p my-project -c prd")
|
||||
.returns(<<~JSON)
|
||||
{
|
||||
"SECRET1": {
|
||||
"computed":"secret1",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
},
|
||||
"FSECRET1": {
|
||||
"computed":"fsecret1",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
},
|
||||
"FSECRET2": {
|
||||
"computed":"fsecret2",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
}
|
||||
}
|
||||
JSON
|
||||
|
||||
json = JSON.parse(
|
||||
shellunescape run_command("fetch", "my-project/prd/SECRET1", "my-project/prd/FSECRET1", "my-project/prd/FSECRET2")
|
||||
)
|
||||
|
||||
expected_json = {
|
||||
"SECRET1"=>"secret1",
|
||||
"FSECRET1"=>"fsecret1",
|
||||
"FSECRET2"=>"fsecret2"
|
||||
}
|
||||
|
||||
assert_equal expected_json, json
|
||||
end
|
||||
|
||||
test "fetch without --from" do
|
||||
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
|
||||
stub_ticks.with("doppler me --json 2> /dev/null")
|
||||
|
||||
error = assert_raises RuntimeError do
|
||||
run_command("fetch", "FSECRET1", "FSECRET2")
|
||||
end
|
||||
|
||||
assert_equal "Missing project or config from '--from=project/config' option", error.message
|
||||
end
|
||||
|
||||
test "fetch with signin" do
|
||||
stub_ticks_with("doppler --version 2> /dev/null", succeed: true)
|
||||
stub_ticks_with("doppler me --json 2> /dev/null", succeed: false)
|
||||
stub_ticks_with("doppler login -y", succeed: true).returns("")
|
||||
stub_ticks.with("doppler secrets get SECRET1 --json -p my-project -c prd").returns(single_item_json)
|
||||
|
||||
json = JSON.parse(shellunescape(run_command("fetch", "--from", "my-project/prd", "SECRET1")))
|
||||
|
||||
expected_json = {
|
||||
"SECRET1"=>"secret1"
|
||||
}
|
||||
|
||||
assert_equal expected_json, json
|
||||
end
|
||||
|
||||
test "fetch without CLI installed" do
|
||||
stub_ticks_with("doppler --version 2> /dev/null", succeed: false)
|
||||
|
||||
error = assert_raises RuntimeError do
|
||||
JSON.parse(shellunescape(run_command("fetch", "HOST", "PORT")))
|
||||
end
|
||||
|
||||
assert_equal "Doppler CLI is not installed", error.message
|
||||
end
|
||||
|
||||
private
|
||||
def run_command(*command)
|
||||
stdouted do
|
||||
Kamal::Cli::Secrets.start \
|
||||
[ *command,
|
||||
"-c", "test/fixtures/deploy_with_accessories.yml",
|
||||
"--adapter", "doppler" ]
|
||||
end
|
||||
end
|
||||
|
||||
def single_item_json
|
||||
<<~JSON
|
||||
{
|
||||
"SECRET1": {
|
||||
"computed":"secret1",
|
||||
"computedVisibility":"unmasked",
|
||||
"note":""
|
||||
}
|
||||
}
|
||||
JSON
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user