Catch up with main

This commit is contained in:
Nick Hammond
2024-10-28 08:26:40 -07:00
29 changed files with 308 additions and 52 deletions

View File

@@ -8,17 +8,17 @@ PATH
concurrent-ruby (~> 1.2) concurrent-ruby (~> 1.2)
dotenv (~> 3.1) dotenv (~> 3.1)
ed25519 (~> 1.2) ed25519 (~> 1.2)
net-ssh (~> 7.0) net-ssh (~> 7.3)
sshkit (>= 1.23.0, < 2.0) sshkit (>= 1.23.0, < 2.0)
thor (~> 1.3) thor (~> 1.3)
zeitwerk (~> 2.5) zeitwerk (>= 2.6.18, < 3.0)
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
specs: specs:
actionpack (7.1.3.4) actionpack (7.1.4.1)
actionview (= 7.1.3.4) actionview (= 7.1.4.1)
activesupport (= 7.1.3.4) activesupport (= 7.1.4.1)
nokogiri (>= 1.8.5) nokogiri (>= 1.8.5)
racc racc
rack (>= 2.2.4) rack (>= 2.2.4)
@@ -26,13 +26,13 @@ GEM
rack-test (>= 0.6.3) rack-test (>= 0.6.3)
rails-dom-testing (~> 2.2) rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6) rails-html-sanitizer (~> 1.6)
actionview (7.1.3.4) actionview (7.1.4.1)
activesupport (= 7.1.3.4) activesupport (= 7.1.4.1)
builder (~> 3.1) builder (~> 3.1)
erubi (~> 1.11) erubi (~> 1.11)
rails-dom-testing (~> 2.2) rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6) rails-html-sanitizer (~> 1.6)
activesupport (7.1.3.4) activesupport (7.1.4.1)
base64 base64
bigdecimal bigdecimal
concurrent-ruby (~> 1.0, >= 1.0.2) concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -49,7 +49,7 @@ GEM
bcrypt_pbkdf (1.1.1-x86_64-darwin) bcrypt_pbkdf (1.1.1-x86_64-darwin)
bigdecimal (3.1.8) bigdecimal (3.1.8)
builder (3.3.0) builder (3.3.0)
concurrent-ruby (1.3.3) concurrent-ruby (1.3.4)
connection_pool (2.4.1) connection_pool (2.4.1)
crass (1.0.6) crass (1.0.6)
debug (1.9.2) debug (1.9.2)
@@ -59,7 +59,7 @@ GEM
drb (2.2.1) drb (2.2.1)
ed25519 (1.3.0) ed25519 (1.3.0)
erubi (1.13.0) erubi (1.13.0)
i18n (1.14.5) i18n (1.14.6)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
io-console (0.7.2) io-console (0.7.2)
irb (1.14.0) irb (1.14.0)
@@ -70,7 +70,7 @@ GEM
loofah (2.22.0) loofah (2.22.0)
crass (~> 1.0.2) crass (~> 1.0.2)
nokogiri (>= 1.12.0) nokogiri (>= 1.12.0)
minitest (5.24.1) minitest (5.25.1)
mocha (2.4.5) mocha (2.4.5)
ruby2_keywords (>= 0.0.5) ruby2_keywords (>= 0.0.5)
mutex_m (0.2.0) mutex_m (0.2.0)
@@ -78,7 +78,7 @@ GEM
net-ssh (>= 2.6.5, < 8.0.0) net-ssh (>= 2.6.5, < 8.0.0)
net-sftp (4.0.0) net-sftp (4.0.0)
net-ssh (>= 5.0.0, < 8.0.0) net-ssh (>= 5.0.0, < 8.0.0)
net-ssh (7.2.3) net-ssh (7.3.0)
nokogiri (1.16.7-arm64-darwin) nokogiri (1.16.7-arm64-darwin)
racc (~> 1.4) racc (~> 1.4)
nokogiri (1.16.7-x86_64-darwin) nokogiri (1.16.7-x86_64-darwin)
@@ -92,7 +92,7 @@ GEM
psych (5.1.2) psych (5.1.2)
stringio stringio
racc (1.8.1) racc (1.8.1)
rack (3.1.7) rack (3.1.8)
rack-session (2.0.0) rack-session (2.0.0)
rack (>= 3.0.0) rack (>= 3.0.0)
rack-test (2.1.0) rack-test (2.1.0)
@@ -107,9 +107,9 @@ GEM
rails-html-sanitizer (1.6.0) rails-html-sanitizer (1.6.0)
loofah (~> 2.21) loofah (~> 2.21)
nokogiri (~> 1.14) nokogiri (~> 1.14)
railties (7.1.3.4) railties (7.1.4.1)
actionpack (= 7.1.3.4) actionpack (= 7.1.4.1)
activesupport (= 7.1.3.4) activesupport (= 7.1.4.1)
irb irb
rackup (>= 1.0.0) rackup (>= 1.0.0)
rake (>= 12.2) rake (>= 12.2)
@@ -122,7 +122,7 @@ GEM
regexp_parser (2.9.2) regexp_parser (2.9.2)
reline (0.5.9) reline (0.5.9)
io-console (~> 0.5) io-console (~> 0.5)
rexml (3.3.4) rexml (3.3.6)
strscan strscan
rubocop (1.65.1) rubocop (1.65.1)
json (~> 2.3) json (~> 2.3)
@@ -166,8 +166,8 @@ GEM
tzinfo (2.0.6) tzinfo (2.0.6)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
unicode-display_width (2.5.0) unicode-display_width (2.5.0)
webrick (1.8.1) webrick (1.8.2)
zeitwerk (2.6.17) zeitwerk (2.7.1)
PLATFORMS PLATFORMS
arm64-darwin arm64-darwin

View File

@@ -13,10 +13,10 @@ Gem::Specification.new do |spec|
spec.add_dependency "activesupport", ">= 7.0" spec.add_dependency "activesupport", ">= 7.0"
spec.add_dependency "sshkit", ">= 1.23.0", "< 2.0" spec.add_dependency "sshkit", ">= 1.23.0", "< 2.0"
spec.add_dependency "net-ssh", "~> 7.0" spec.add_dependency "net-ssh", "~> 7.3"
spec.add_dependency "thor", "~> 1.3" spec.add_dependency "thor", "~> 1.3"
spec.add_dependency "dotenv", "~> 3.1" spec.add_dependency "dotenv", "~> 3.1"
spec.add_dependency "zeitwerk", "~> 2.5" spec.add_dependency "zeitwerk", ">= 2.6.18", "< 3.0"
spec.add_dependency "ed25519", "~> 1.2" spec.add_dependency "ed25519", "~> 1.2"
spec.add_dependency "bcrypt_pbkdf", "~> 1.0" spec.add_dependency "bcrypt_pbkdf", "~> 1.0"
spec.add_dependency "concurrent-ruby", "~> 1.2" spec.add_dependency "concurrent-ruby", "~> 1.2"

View File

@@ -14,7 +14,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
version = capture_with_info(*KAMAL.proxy.version).strip.presence version = capture_with_info(*KAMAL.proxy.version).strip.presence
if version && Kamal::Utils.older_version?(version, Kamal::Configuration::PROXY_MINIMUM_VERSION) if version && Kamal::Utils.older_version?(version, Kamal::Configuration::PROXY_MINIMUM_VERSION)
raise "kamal-proxy version #{version} is too old, please reboot to update to at least #{Kamal::Configuration::PROXY_MINIMUM_VERSION}" raise "kamal-proxy version #{version} is too old, run `kamal proxy reboot` in order to update to at least #{Kamal::Configuration::PROXY_MINIMUM_VERSION}"
end end
execute *KAMAL.proxy.start_or_run execute *KAMAL.proxy.start_or_run
end end

View File

@@ -1,7 +1,7 @@
class Kamal::Commands::Accessory < Kamal::Commands::Base class Kamal::Commands::Accessory < Kamal::Commands::Base
attr_reader :accessory_config attr_reader :accessory_config
delegate :service_name, :image, :hosts, :port, :files, :directories, :cmd, delegate :service_name, :image, :hosts, :port, :files, :directories, :cmd,
:publish_args, :env_args, :volume_args, :label_args, :option_args, :network_args, :publish_args, :env_args, :volume_args, :label_args, :option_args,
:secrets_io, :secrets_path, :env_directory, :secrets_io, :secrets_path, :env_directory,
to: :accessory_config to: :accessory_config
@@ -15,7 +15,7 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
"--name", service_name, "--name", service_name,
"--detach", "--detach",
"--restart", "unless-stopped", "--restart", "unless-stopped",
"--network", "kamal", *network_args,
*config.logging_args, *config.logging_args,
*publish_args, *publish_args,
*env_args, *env_args,
@@ -64,7 +64,7 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
docker :run, docker :run,
("-it" if interactive), ("-it" if interactive),
"--rm", "--rm",
"--network", "kamal", *network_args,
*env_args, *env_args,
*volume_args, *volume_args,
image, image,

View File

@@ -7,7 +7,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
delegate \ delegate \
:args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote, :args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
:pack?, :pack_builder, :pack_buildpacks, :pack?, :pack_builder, :pack_buildpacks,
:cache_from, :cache_to, :ssh, :driver, :docker_driver?, :cache_from, :cache_to, :ssh, :provenance, :driver, :docker_driver?,
to: :builder_config to: :builder_config
def clean def clean
@@ -38,7 +38,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
end end
def build_options def build_options
[ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh ] [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh, *builder_provenance ]
end end
def build_context def build_context
@@ -98,6 +98,10 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
argumentize "--ssh", ssh if ssh.present? argumentize "--ssh", ssh if ssh.present?
end end
def builder_provenance
argumentize "--provenance", provenance unless provenance.nil?
end
def builder_config def builder_config
config.builder config.builder
end end

View File

@@ -254,7 +254,7 @@ class Kamal::Configuration
end end
def proxy_logging_args(max_size) def proxy_logging_args(max_size)
argumentize "--log-opt", "max-size=#{max_size}" argumentize "--log-opt", "max-size=#{max_size}" if max_size.present?
end end
def proxy_options_default def proxy_options_default

View File

@@ -1,6 +1,8 @@
class Kamal::Configuration::Accessory class Kamal::Configuration::Accessory
include Kamal::Configuration::Validation include Kamal::Configuration::Validation
DEFAULT_NETWORK = "kamal"
delegate :argumentize, :optionize, to: Kamal::Utils delegate :argumentize, :optionize, to: Kamal::Utils
attr_reader :name, :accessory_config, :env attr_reader :name, :accessory_config, :env
@@ -38,6 +40,10 @@ class Kamal::Configuration::Accessory
end end
end end
def network_args
argumentize "--network", network
end
def publish_args def publish_args
argumentize "--publish", port if port argumentize "--publish", port if port
end end
@@ -173,4 +179,8 @@ class Kamal::Configuration::Accessory
accessory_config["roles"].flat_map { |role| config.role(role).hosts } accessory_config["roles"].flat_map { |role| config.role(role).hosts }
end end
end end
def network
accessory_config["network"] || DEFAULT_NETWORK
end
end end

View File

@@ -123,6 +123,10 @@ class Kamal::Configuration::Builder
builder_config["ssh"] builder_config["ssh"]
end end
def provenance
builder_config["provenance"]
end
def git_clone? def git_clone?
Kamal::Git.used? && builder_config["context"].nil? Kamal::Git.used? && builder_config["context"].nil?
end end
@@ -178,7 +182,7 @@ class Kamal::Configuration::Builder
end end
def cache_to_config_for_registry def cache_to_config_for_registry
[ "type=registry", builder_config["cache"]&.fetch("options", nil), "ref=#{cache_image_ref}" ].compact.join(",") [ "type=registry", "ref=#{cache_image_ref}", builder_config["cache"]&.fetch("options", nil) ].compact.join(",")
end end
def repo_basename def repo_basename

View File

@@ -90,3 +90,11 @@ accessories:
# They are not created or copied before mounting: # They are not created or copied before mounting:
volumes: volumes:
- /path/to/mysql-logs:/var/log/mysql - /path/to/mysql-logs:/var/log/mysql
# Network
#
# The network the accessory will be attached to.
#
# Defaults to kamal:
network: custom

View File

@@ -114,3 +114,9 @@ builder:
# #
# The build driver to use, defaults to `docker-container`: # The build driver to use, defaults to `docker-container`:
driver: docker driver: docker
# Provenance
#
# It is used to configure provenance attestations for the build result.
# The value can also be a boolean to enable or disable provenance attestations.
provenance: mode=max

View File

@@ -37,6 +37,8 @@ class Kamal::EnvFile
def escape_docker_env_file_ascii_value(value) def escape_docker_env_file_ascii_value(value)
# Doublequotes are treated literally in docker env files # Doublequotes are treated literally in docker env files
# so remove leading and trailing ones and unescape any others # so remove leading and trailing ones and unescape any others
value.to_s.dump[1..-2].gsub(/\\"/, "\"") value.to_s.dump[1..-2]
.gsub(/\\"/, "\"")
.gsub(/\\#/, "#")
end end
end end

View File

@@ -1,13 +1,10 @@
require "dotenv" require "dotenv"
class Kamal::Secrets class Kamal::Secrets
attr_reader :secrets_files
Kamal::Secrets::Dotenv::InlineCommandSubstitution.install! Kamal::Secrets::Dotenv::InlineCommandSubstitution.install!
def initialize(destination: nil) def initialize(destination: nil)
@secrets_files = \ @destination = destination
[ ".kamal/secrets-common", ".kamal/secrets#{(".#{destination}" if destination)}" ].select { |f| File.exist?(f) }
@mutex = Mutex.new @mutex = Mutex.new
end end
@@ -17,10 +14,10 @@ class Kamal::Secrets
secrets.fetch(key) secrets.fetch(key)
end end
rescue KeyError rescue KeyError
if secrets_files if secrets_files.present?
raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_files.join(", ")}" raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_files.join(", ")}"
else else
raise Kamal::ConfigurationError, "Secret '#{key}' not found, no secret files provided" raise Kamal::ConfigurationError, "Secret '#{key}' not found, no secret files (#{secrets_filenames.join(", ")}) provided"
end end
end end
@@ -28,10 +25,18 @@ class Kamal::Secrets
secrets secrets
end end
def secrets_files
@secrets_files ||= secrets_filenames.select { |f| File.exist?(f) }
end
private private
def secrets def secrets
@secrets ||= secrets_files.inject({}) do |secrets, secrets_file| @secrets ||= secrets_files.inject({}) do |secrets, secrets_file|
secrets.merge!(::Dotenv.parse(secrets_file)) secrets.merge!(::Dotenv.parse(secrets_file))
end end
end end
def secrets_filenames
[ ".kamal/secrets-common", ".kamal/secrets#{(".#{@destination}" if @destination)}" ]
end
end end

View File

@@ -2,6 +2,7 @@ class Kamal::Secrets::Adapters::Base
delegate :optionize, to: Kamal::Utils delegate :optionize, to: Kamal::Utils
def fetch(secrets, account:, from: nil) def fetch(secrets, account:, from: nil)
check_dependencies!
session = login(account) session = login(account)
full_secrets = secrets.map { |secret| [ from, secret ].compact.join("/") } full_secrets = secrets.map { |secret| [ from, secret ].compact.join("/") }
fetch_secrets(full_secrets, account: account, session: session) fetch_secrets(full_secrets, account: account, session: session)
@@ -15,4 +16,8 @@ class Kamal::Secrets::Adapters::Base
def fetch_secrets(...) def fetch_secrets(...)
raise NotImplementedError raise NotImplementedError
end end
def check_dependencies!
raise NotImplementedError
end
end end

View File

@@ -25,18 +25,15 @@ class Kamal::Secrets::Adapters::Bitwarden < Kamal::Secrets::Adapters::Base
{}.tap do |results| {}.tap do |results|
items_fields(secrets).each do |item, fields| items_fields(secrets).each do |item, fields|
item_json = run_command("get item #{item.shellescape}", session: session, raw: true) item_json = run_command("get item #{item.shellescape}", session: session, raw: true)
raise RuntimeError, "Could not read #{secret} from Bitwarden" unless $?.success? raise RuntimeError, "Could not read #{item} from Bitwarden" unless $?.success?
item_json = JSON.parse(item_json) item_json = JSON.parse(item_json)
if fields.any? if fields.any?
fields.each do |field| results.merge! fetch_secrets_from_fields(fields, item, item_json)
item_field = item_json["fields"].find { |f| f["name"] == field }
raise RuntimeError, "Could not find field #{field} in item #{item} in Bitwarden" unless item_field
value = item_field["value"]
results["#{item}/#{field}"] = value
end
elsif item_json.dig("login", "password") elsif item_json.dig("login", "password")
results[item] = item_json.dig("login", "password") results[item] = item_json.dig("login", "password")
elsif item_json["fields"]&.any?
fields = item_json["fields"].pluck("name")
results.merge! fetch_secrets_from_fields(fields, item, item_json)
else else
raise RuntimeError, "Item #{item} is not a login type item and no fields were specified" raise RuntimeError, "Item #{item} is not a login type item and no fields were specified"
end end
@@ -44,6 +41,15 @@ class Kamal::Secrets::Adapters::Bitwarden < Kamal::Secrets::Adapters::Base
end end
end end
def fetch_secrets_from_fields(fields, item, item_json)
fields.to_h do |field|
item_field = item_json["fields"].find { |f| f["name"] == field }
raise RuntimeError, "Could not find field #{field} in item #{item} in Bitwarden" unless item_field
value = item_field["value"]
[ "#{item}/#{field}", value ]
end
end
def items_fields(secrets) def items_fields(secrets)
{}.tap do |items| {}.tap do |items|
secrets.each do |secret| secrets.each do |secret|
@@ -63,4 +69,13 @@ class Kamal::Secrets::Adapters::Bitwarden < Kamal::Secrets::Adapters::Base
result = `#{full_command}`.strip result = `#{full_command}`.strip
raw ? result : JSON.parse(result) raw ? result : JSON.parse(result)
end end
def check_dependencies!
raise RuntimeError, "Bitwarden CLI is not installed" unless cli_installed?
end
def cli_installed?
`bw --version 2> /dev/null`
$?.success?
end
end end

View File

@@ -27,4 +27,13 @@ class Kamal::Secrets::Adapters::LastPass < Kamal::Secrets::Adapters::Base
end end
end end
end end
def check_dependencies!
raise RuntimeError, "LastPass CLI is not installed" unless cli_installed?
end
def cli_installed?
`lpass --version 2> /dev/null`
$?.success?
end
end end

View File

@@ -58,4 +58,13 @@ class Kamal::Secrets::Adapters::OnePassword < Kamal::Secrets::Adapters::Base
raise RuntimeError, "Could not read #{fields.join(", ")} from #{item} in the #{vault} 1Password vault" unless $?.success? raise RuntimeError, "Could not read #{fields.join(", ")} from #{item} in the #{vault} 1Password vault" unless $?.success?
end end
end end
def check_dependencies!
raise RuntimeError, "1Password CLI is not installed" unless cli_installed?
end
def cli_installed?
`op --version 2> /dev/null`
$?.success?
end
end end

View File

@@ -7,4 +7,8 @@ class Kamal::Secrets::Adapters::Test < Kamal::Secrets::Adapters::Base
def fetch_secrets(secrets, account:, session:) def fetch_secrets(secrets, account:, session:)
secrets.to_h { |secret| [ secret, secret.reverse ] } secrets.to_h { |secret| [ secret, secret.reverse ] }
end end
def check_dependencies!
# no op
end
end end

View File

@@ -12,6 +12,8 @@ module Kamal::Utils
attr = "#{key}=#{escape_shell_value(value)}" attr = "#{key}=#{escape_shell_value(value)}"
attr = self.sensitive(attr, redaction: "#{key}=[REDACTED]") if sensitive attr = self.sensitive(attr, redaction: "#{key}=[REDACTED]") if sensitive
[ argument, attr ] [ argument, attr ]
elsif value == false
[ argument, "#{key}=false" ]
else else
[ argument, key ] [ argument, key ]
end end

View File

@@ -22,7 +22,7 @@ class CliProxyTest < CliTestCase
end end
end end
assert_includes exception.message, "kamal-proxy version v0.0.1 is too old, please reboot to update to at least #{Kamal::Configuration::PROXY_MINIMUM_VERSION}" assert_includes exception.message, "kamal-proxy version v0.0.1 is too old, run `kamal proxy reboot` in order to update to at least #{Kamal::Configuration::PROXY_MINIMUM_VERSION}"
ensure ensure
Thread.report_on_exception = false Thread.report_on_exception = false
end end
@@ -263,6 +263,15 @@ class CliProxyTest < CliTestCase
end end
end end
test "boot_config set no log max size" do
run_command("boot_config", "set", "--log-max-size=").tap do |output|
%w[ 1.1.1.1 1.1.1.2 ].each do |host|
assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output
assert_match "Uploading \"--publish 80:80 --publish 443:443\" to .kamal/proxy/options on #{host}", output
end
end
end
test "boot_config set custom ports" do test "boot_config set custom ports" do
run_command("boot_config", "set", "--http-port", "8080", "--https-port", "8443").tap do |output| run_command("boot_config", "set", "--http-port", "8080", "--https-port", "8443").tap do |output|
%w[ 1.1.1.1 1.1.1.2 ].each do |host| %w[ 1.1.1.1 1.1.1.2 ].each do |host|

View File

@@ -71,6 +71,14 @@ class CommandsAccessoryTest < ActiveSupport::TestCase
new_command(:busybox).run.join(" ") new_command(:busybox).run.join(" ")
end end
test "run in custom network" do
@config[:accessories]["mysql"]["network"] = "custom"
assert_equal \
"docker run --name app-mysql --detach --restart unless-stopped --network custom --log-opt max-size=\"10m\" --publish 3306:3306 --env MYSQL_ROOT_HOST=\"%\" --env-file .kamal/apps/app/env/accessories/mysql.env --label service=\"app-mysql\" private.registry/mysql:8.0",
new_command(:mysql).run.join(" ")
end
test "start" do test "start" do
assert_equal \ assert_equal \
"docker container start app-mysql", "docker container start app-mysql",

View File

@@ -170,6 +170,20 @@ class CommandsBuilderTest < ActiveSupport::TestCase
builder.push.join(" ") builder.push.join(" ")
end end
test "push with provenance" do
builder = new_builder_command(builder: { "provenance" => "mode=max" })
assert_equal \
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile --provenance mode=max .",
builder.push.join(" ")
end
test "push with provenance false" do
builder = new_builder_command(builder: { "provenance" => false })
assert_equal \
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile --provenance false .",
builder.push.join(" ")
end
test "mirror count" do test "mirror count" do
command = new_builder_command command = new_builder_command
assert_equal "docker info --format '{{index .RegistryConfig.Mirrors 0}}'", command.first_mirror.join(" ") assert_equal "docker info --format '{{index .RegistryConfig.Mirrors 0}}'", command.first_mirror.join(" ")

View File

@@ -152,4 +152,13 @@ class ConfigurationAccessoryTest < ActiveSupport::TestCase
test "options" do test "options" do
assert_equal [ "--cpus", "\"4\"", "--memory", "\"2GB\"" ], @config.accessory(:redis).option_args assert_equal [ "--cpus", "\"4\"", "--memory", "\"2GB\"" ], @config.accessory(:redis).option_args
end end
test "network_args default" do
assert_equal [ "--network", "kamal" ], @config.accessory(:mysql).network_args
end
test "network_args with configured options" do
@deploy[:accessories]["mysql"]["network"] = "database"
assert_equal [ "--network", "database" ], @config.accessory(:mysql).network_args
end
end end

View File

@@ -81,7 +81,7 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
@deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } } @deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } }
assert_equal "type=registry,ref=dhh/app-build-cache", config.builder.cache_from assert_equal "type=registry,ref=dhh/app-build-cache", config.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=dhh/app-build-cache", config.builder.cache_to assert_equal "type=registry,ref=dhh/app-build-cache,mode=max,image-manifest=true,oci-mediatypes=true", config.builder.cache_to
end end
test "setting registry cache when using a custom registry" do test "setting registry cache when using a custom registry" do
@@ -89,14 +89,14 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
@deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } } @deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } }
assert_equal "type=registry,ref=registry.example.com/dhh/app-build-cache", config.builder.cache_from assert_equal "type=registry,ref=registry.example.com/dhh/app-build-cache", config.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=registry.example.com/dhh/app-build-cache", config.builder.cache_to assert_equal "type=registry,ref=registry.example.com/dhh/app-build-cache,mode=max,image-manifest=true,oci-mediatypes=true", config.builder.cache_to
end end
test "setting registry cache with image" do test "setting registry cache with image" do
@deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "image" => "kamal", "options" => "mode=max" } } @deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "image" => "kamal", "options" => "mode=max" } }
assert_equal "type=registry,ref=kamal", config.builder.cache_from assert_equal "type=registry,ref=kamal", config.builder.cache_from
assert_equal "type=registry,mode=max,ref=kamal", config.builder.cache_to assert_equal "type=registry,ref=kamal,mode=max", config.builder.cache_to
end end
test "args" do test "args" do
@@ -151,6 +151,16 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
assert_equal "default=$SSH_AUTH_SOCK", config.builder.ssh assert_equal "default=$SSH_AUTH_SOCK", config.builder.ssh
end end
test "provenance" do
assert_nil config.builder.provenance
end
test "setting provenance" do
@deploy[:builder]["provenance"] = "mode=max"
assert_equal "mode=max", config.builder.provenance
end
test "local disabled but no remote set" do test "local disabled but no remote set" do
@deploy[:builder]["local"] = false @deploy[:builder]["local"] = false

View File

@@ -11,6 +11,16 @@ class EnvFileTest < ActiveSupport::TestCase
Kamal::EnvFile.new(env).to_s Kamal::EnvFile.new(env).to_s
end end
test "to_s won't escape '#'" do
env = {
"foo" => '#$foo',
"bar" => '#{bar}'
}
assert_equal "foo=\#$foo\nbar=\#{bar}\n", \
Kamal::EnvFile.new(env).to_s
end
test "to_str won't escape chinese characters" do test "to_str won't escape chinese characters" do
env = { env = {
"foo" => '你好 means hello, "欢迎" means welcome, that\'s simple! 😃 {smile}' "foo" => '你好 means hello, "欢迎" means welcome, that\'s simple! 😃 {smile}'

View File

@@ -2,6 +2,8 @@ require "test_helper"
class BitwardenAdapterTest < SecretAdapterTestCase class BitwardenAdapterTest < SecretAdapterTestCase
test "fetch" do test "fetch" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked stub_unlocked
stub_ticks.with("bw sync").returns("") stub_ticks.with("bw sync").returns("")
stub_mypassword stub_mypassword
@@ -14,6 +16,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end end
test "fetch with no login" do test "fetch with no login" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked stub_unlocked
stub_ticks.with("bw sync").returns("") stub_ticks.with("bw sync").returns("")
stub_noteitem stub_noteitem
@@ -25,6 +29,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end end
test "fetch with from" do test "fetch with from" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked stub_unlocked
stub_ticks.with("bw sync").returns("") stub_ticks.with("bw sync").returns("")
stub_myitem stub_myitem
@@ -38,7 +44,26 @@ class BitwardenAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json assert_equal expected_json, json
end end
test "fetch all with from" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_noteitem_with_fields
json = JSON.parse(shellunescape(run_command("fetch", "mynotefields")))
expected_json = {
"mynotefields/field1"=>"secret1", "mynotefields/field2"=>"blam", "mynotefields/field3"=>"fewgrwjgk",
"mynotefields/field4"=>"auto"
}
assert_equal expected_json, json
end
test "fetch with multiple items" do test "fetch with multiple items" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked stub_unlocked
stub_ticks.with("bw sync").returns("") stub_ticks.with("bw sync").returns("")
@@ -80,6 +105,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end end
test "fetch unauthenticated" do test "fetch unauthenticated" do
stub_ticks.with("bw --version 2> /dev/null")
stub_ticks stub_ticks
.with("bw status") .with("bw status")
.returns( .returns(
@@ -101,6 +128,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end end
test "fetch locked" do test "fetch locked" do
stub_ticks.with("bw --version 2> /dev/null")
stub_ticks stub_ticks
.with("bw status") .with("bw status")
.returns( .returns(
@@ -126,6 +155,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end end
test "fetch locked with session" do test "fetch locked with session" do
stub_ticks.with("bw --version 2> /dev/null")
stub_ticks stub_ticks
.with("bw status") .with("bw status")
.returns( .returns(
@@ -150,6 +181,15 @@ class BitwardenAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json assert_equal expected_json, json
end end
test "fetch without CLI installed" do
stub_ticks_with("bw --version 2> /dev/null", succeed: false)
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "mynote")))
end
assert_equal "Bitwarden CLI is not installed", error.message
end
private private
def run_command(*command) def run_command(*command)
stdouted do stdouted do
@@ -214,7 +254,37 @@ class BitwardenAdapterTest < SecretAdapterTestCase
"collectionIds":[] "collectionIds":[]
} }
JSON JSON
end end
def stub_noteitem_with_fields(session: nil)
stub_ticks
.with("#{"BW_SESSION=#{session} " if session}bw get item mynotefields")
.returns(<<~JSON)
{
"passwordHistory":null,
"revisionDate":"2024-09-28T09:07:27.461Z",
"creationDate":"2024-09-28T09:07:00.740Z",
"deletedDate":null,
"object":"item",
"id":"aaaaaaaa-cccc-eeee-0000-222222222222",
"organizationId":null,
"folderId":null,
"type":2,
"reprompt":0,
"name":"noteitem",
"notes":"NOTES",
"favorite":false,
"fields":[
{"name":"field1","value":"secret1","type":1,"linkedId":null},
{"name":"field2","value":"blam","type":1,"linkedId":null},
{"name":"field3","value":"fewgrwjgk","type":1,"linkedId":null},
{"name":"field4","value":"auto","type":1,"linkedId":null}
],
"secureNote":{"type":0},
"collectionIds":[]
}
JSON
end
def stub_myitem def stub_myitem
stub_ticks stub_ticks
@@ -237,7 +307,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
"fields":[ "fields":[
{"name":"field1","value":"secret1","type":1,"linkedId":null}, {"name":"field1","value":"secret1","type":1,"linkedId":null},
{"name":"field2","value":"blam","type":1,"linkedId":null}, {"name":"field2","value":"blam","type":1,"linkedId":null},
{"name":"field3","value":"fewgrwjgk","type":1,"linkedId":null} {"name":"field3","value":"fewgrwjgk","type":1,"linkedId":null},
{"name":"field4","value":"auto","type":1,"linkedId":null}
], ],
"login":{"fido2Credentials":[],"uris":[],"username":null,"password":null,"totp":null,"passwordRevisionDate":null},"collectionIds":[] "login":{"fido2Credentials":[],"uris":[],"username":null,"password":null,"totp":null,"passwordRevisionDate":null},"collectionIds":[]
} }

View File

@@ -6,6 +6,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
end end
test "fetch" do test "fetch" do
stub_ticks.with("lpass --version 2> /dev/null")
stub_ticks.with("lpass status --color never").returns("Logged in as email@example.com.") stub_ticks.with("lpass status --color never").returns("Logged in as email@example.com.")
stub_ticks stub_ticks
@@ -63,6 +64,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
end end
test "fetch with from" do test "fetch with from" do
stub_ticks.with("lpass --version 2> /dev/null")
stub_ticks.with("lpass status --color never").returns("Logged in as email@example.com.") stub_ticks.with("lpass status --color never").returns("Logged in as email@example.com.")
stub_ticks stub_ticks
@@ -107,6 +109,8 @@ class LastPassAdapterTest < SecretAdapterTestCase
end end
test "fetch with signin" do test "fetch with signin" do
stub_ticks.with("lpass --version 2> /dev/null")
stub_ticks_with("lpass status --color never", succeed: false).returns("Not logged in.") stub_ticks_with("lpass status --color never", succeed: false).returns("Not logged in.")
stub_ticks_with("lpass login email@example.com", succeed: true).returns("") stub_ticks_with("lpass login email@example.com", succeed: true).returns("")
stub_ticks.with("lpass show SECRET1 --json").returns(single_item_json) stub_ticks.with("lpass show SECRET1 --json").returns(single_item_json)
@@ -120,6 +124,15 @@ class LastPassAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json assert_equal expected_json, json
end end
test "fetch without CLI installed" do
stub_ticks_with("lpass --version 2> /dev/null", succeed: false)
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "SECRET1", "FOLDER1/FSECRET1", "FOLDER1/FSECRET2")))
end
assert_equal "LastPass CLI is not installed", error.message
end
private private
def run_command(*command) def run_command(*command)
stdouted do stdouted do

View File

@@ -2,6 +2,7 @@ require "test_helper"
class SecretsOnePasswordAdapterTest < SecretAdapterTestCase class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
test "fetch" do test "fetch" do
stub_ticks.with("op --version 2> /dev/null")
stub_ticks.with("op account get --account myaccount 2> /dev/null") stub_ticks.with("op account get --account myaccount 2> /dev/null")
stub_ticks stub_ticks
@@ -56,6 +57,7 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
end end
test "fetch with multiple items" do test "fetch with multiple items" do
stub_ticks.with("op --version 2> /dev/null")
stub_ticks.with("op account get --account myaccount 2> /dev/null") stub_ticks.with("op account get --account myaccount 2> /dev/null")
stub_ticks stub_ticks
@@ -115,6 +117,8 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
end end
test "fetch with signin, no session" do test "fetch with signin, no session" do
stub_ticks.with("op --version 2> /dev/null")
stub_ticks_with("op account get --account myaccount 2> /dev/null", succeed: false) stub_ticks_with("op account get --account myaccount 2> /dev/null", succeed: false)
stub_ticks_with("op signin --account \"myaccount\" --force --raw", succeed: true).returns("") stub_ticks_with("op signin --account \"myaccount\" --force --raw", succeed: true).returns("")
@@ -132,6 +136,8 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
end end
test "fetch with signin and session" do test "fetch with signin and session" do
stub_ticks.with("op --version 2> /dev/null")
stub_ticks_with("op account get --account myaccount 2> /dev/null", succeed: false) stub_ticks_with("op account get --account myaccount 2> /dev/null", succeed: false)
stub_ticks_with("op signin --account \"myaccount\" --force --raw", succeed: true).returns("1234567890") stub_ticks_with("op signin --account \"myaccount\" --force --raw", succeed: true).returns("1234567890")
@@ -148,6 +154,15 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json assert_equal expected_json, json
end end
test "fetch without CLI installed" do
stub_ticks_with("op --version 2> /dev/null", succeed: false)
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1", "section/SECRET2", "section2/SECRET3")))
end
assert_equal "1Password CLI is not installed", error.message
end
private private
def run_command(*command) def run_command(*command)
stdouted do stdouted do

View File

@@ -31,4 +31,18 @@ class SecretsTest < ActiveSupport::TestCase
assert_equal "JKL", Kamal::Secrets.new(destination: "nodest")["SECRET2"] assert_equal "JKL", Kamal::Secrets.new(destination: "nodest")["SECRET2"]
end end
end end
test "no secrets files" do
with_test_secrets do
error = assert_raises(Kamal::ConfigurationError) do
Kamal::Secrets.new["SECRET"]
end
assert_equal "Secret 'SECRET' not found, no secret files (.kamal/secrets-common, .kamal/secrets) provided", error.message
error = assert_raises(Kamal::ConfigurationError) do
Kamal::Secrets.new(destination: "dest")["SECRET"]
end
assert_equal "Secret 'SECRET' not found, no secret files (.kamal/secrets-common, .kamal/secrets.dest) provided", error.message
end
end
end end

View File

@@ -2,8 +2,8 @@ require "test_helper"
class UtilsTest < ActiveSupport::TestCase class UtilsTest < ActiveSupport::TestCase
test "argumentize" do test "argumentize" do
assert_equal [ "--label", "foo=\"\\`bar\\`\"", "--label", "baz=\"qux\"", "--label", :quux ], \ assert_equal [ "--label", "foo=\"\\`bar\\`\"", "--label", "baz=\"qux\"", "--label", :quux, "--label", "quuz=false" ], \
Kamal::Utils.argumentize("--label", { foo: "`bar`", baz: "qux", quux: nil }) Kamal::Utils.argumentize("--label", { foo: "`bar`", baz: "qux", quux: nil, quuz: false })
end end
test "argumentize with redacted" do test "argumentize with redacted" do