Skip to content

Commit

Permalink
refactor: refactor downloader
Browse files Browse the repository at this point in the history
Refactor as a subcommand in order to support :
- remote files
- all secrets drivers (sops, vault)
  • Loading branch information
jBouyoud committed Nov 4, 2020
1 parent a9c3760 commit 7ce4051
Show file tree
Hide file tree
Showing 10 changed files with 194 additions and 40 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ Check [README.md](README.md#installation-on-helm-2)
### Added
- Implement alternate syntax (https://github.com/jkroepke/helm-secrets/pull/52)
- Remote values support (supporting http:// and helm downloader plugins) (https://github.com/jkroepke/helm-secrets/pull/54)
- Let downloader plugin supports remote files and all secrets drivers (https://github.com/jkroepke/helm-secrets/pull/55)

## [3.3.5] - 2020-10-16

Expand Down
10 changes: 9 additions & 1 deletion USAGE.md
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,15 @@ kind: Deployment
Helm supports [downloader plugin](https://helm.sh/docs/topics/plugins/#downloader-plugins) for value files, too.

```
helm upgrade . -f sops://<path to file>
helm upgrade . -f secrets://<uri to file>
helm upgrade . -f secret://<uri to file>
helm upgrade . -f sops://<uri to file>
```

Example:
```
helm upgrade . -f secrets://localfile.yaml
helm upgrade . -f secrets://git+https://github.com/jkroepke/helm-secrets@tests/assets/values/sops/secrets.yaml?ref=master
```

# Important Tips
Expand Down
2 changes: 1 addition & 1 deletion plugin.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ platformCommand:
command: "cmd /c $HELM_PLUGIN_DIR/scripts/wrapper/sh.cmd $HELM_PLUGIN_DIR/scripts/run.sh"

downloaders:
- command: "scripts/downloader.sh"
- command: "scripts/run.sh downloader"
protocols:
- "sops"
- "secret"
Expand Down
14 changes: 14 additions & 0 deletions scripts/commands/downloader.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/usr/bin/env sh

set -eu

# shellcheck source=scripts/commands/view.sh
. "${SCRIPT_DIR}/commands/view.sh"

downloader() {
# https://helm.sh/docs/topics/plugins/#downloader-plugins
# It's always the 4th parameter
file=$(printf '%s' "${4}" | sed -E -e 's!(sops|secrets?)://!!')

view_helper "${file}"
}
7 changes: 0 additions & 7 deletions scripts/downloader.sh

This file was deleted.

7 changes: 7 additions & 0 deletions scripts/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,13 @@ while true; do
clean "$2"
break
;;
downloader)
# shellcheck source=scripts/commands/downloader.sh
. "${SCRIPT_DIR}/commands/downloader.sh"

downloader "$2" "$3" "$4" "$5"
break
;;
--help | -h | help)
usage
break
Expand Down
40 changes: 35 additions & 5 deletions tests/it/diff.bats
Original file line number Diff line number Diff line change
Expand Up @@ -223,10 +223,6 @@ load '../bats/extensions/bats-file/load'
}

@test "diff: helm diff upgrade w/ chart + secrets.yaml + sops://" {
if is_windows || ! is_driver_sops; then
skip
fi

helm_plugin_install "diff"
FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
RELEASE="diff-$(date +%s)-${SEED}"
Expand Down Expand Up @@ -254,7 +250,7 @@ load '../bats/extensions/bats-file/load'
}

@test "diff: helm install w/ chart + secrets.yaml + git://" {
if ! is_driver_sops || is_windows; then
if is_windows; then
skip
fi

Expand All @@ -271,3 +267,37 @@ load '../bats/extensions/bats-file/load'
assert_output --partial "[helm-secrets] Removed: "
assert [ ! -f "${FILE}.dec" ]
}

@test "diff: helm diff upgrade w/ chart + secrets.yaml + secrets://http://" {
helm_plugin_install "diff"
FILE="secrets://https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
RELEASE="diff-$(date +%s)-${SEED}"

create_chart "${TEST_TEMP_DIR}"

run helm diff upgrade --no-color --allow-unreleased "${RELEASE}" "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "port: 81"
assert_output --partial "[helm-secrets] Removed: "
assert [ ! -f "${FILE}.dec" ]
}

@test "diff: helm install w/ chart + secrets.yaml + secrets://git://" {
if is_windows; then
skip
fi

helm_plugin_install "git"
FILE="secrets://git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
RELEASE="diff-$(date +%s)-${SEED}"

create_chart "${TEST_TEMP_DIR}"

run helm diff upgrade --no-color --allow-unreleased "${RELEASE}" "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "port: 81"
assert_output --partial "[helm-secrets] Removed: "
assert [ ! -f "${FILE}.dec" ]
}
45 changes: 40 additions & 5 deletions tests/it/install.bats
Original file line number Diff line number Diff line change
Expand Up @@ -241,10 +241,6 @@ load '../bats/extensions/bats-file/load'
}

@test "install: helm install w/ chart + secrets.yaml + sops://" {
if is_windows || ! is_driver_sops; then
skip
fi

FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
RELEASE="install-$(date +%s)-${SEED}"
create_chart "${TEST_TEMP_DIR}"
Expand Down Expand Up @@ -276,7 +272,7 @@ load '../bats/extensions/bats-file/load'
}

@test "install: helm install w/ chart + secrets.yaml + git://" {
if ! is_driver_sops || is_windows; then
if is_windows; then
skip
fi

Expand All @@ -296,3 +292,42 @@ load '../bats/extensions/bats-file/load'
assert_success
assert_output --partial "port: 81"
}

@test "install: helm install w/ chart + secrets.yaml + secrets://http://" {
FILE="secrets://https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
RELEASE="install-$(date +%s)-${SEED}"
create_chart "${TEST_TEMP_DIR}"

run helm install "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "STATUS: deployed"
assert_output --partial "[helm-secrets] Removed: "
assert [ ! -f "${FILE}.dec" ]

run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
assert_success
assert_output --partial "port: 81"
}

@test "install: helm install w/ chart + secrets.yaml + secrets:/git://" {
if is_windows; then
skip
fi

helm_plugin_install "git"
FILE="secrets://git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
RELEASE="install-$(date +%s)-${SEED}"
create_chart "${TEST_TEMP_DIR}"

run helm install "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "STATUS: deployed"
assert_output --partial "[helm-secrets] Removed: "
assert [ ! -f "${FILE}.dec" ]

run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
assert_success
assert_output --partial "port: 81"
}
45 changes: 40 additions & 5 deletions tests/it/upgrade.bats
Original file line number Diff line number Diff line change
Expand Up @@ -240,10 +240,6 @@ load '../bats/extensions/bats-file/load'
}

@test "upgrade: helm upgrade w/ chart + secrets.yaml + sops://" {
if is_windows || ! is_driver_sops; then
skip
fi

FILE="${TEST_TEMP_DIR}/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
RELEASE="upgrade-$(date +%s)-${SEED}"
create_chart "${TEST_TEMP_DIR}"
Expand Down Expand Up @@ -275,7 +271,7 @@ load '../bats/extensions/bats-file/load'
}

@test "upgrade: helm install w/ chart + secrets.yaml + git://" {
if ! is_driver_sops || is_windows; then
if is_windows; then
skip
fi

Expand All @@ -295,3 +291,42 @@ load '../bats/extensions/bats-file/load'
assert_success
assert_output --partial "port: 81"
}

@test "upgrade: helm upgrade w/ chart + secrets.yaml + secrets://http://" {
FILE="secrets://https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
RELEASE="upgrade-$(date +%s)-${SEED}"
create_chart "${TEST_TEMP_DIR}"

run helm upgrade -i "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "STATUS: deployed"
assert_output --partial "[helm-secrets] Removed: "
assert [ ! -f "${FILE}.dec" ]

run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
assert_success
assert_output --partial "port: 81"
}

@test "upgrade: helm install w/ chart + secrets.yaml + secrets://git://" {
if is_windows; then
skip
fi

helm_plugin_install "git"
FILE="secrets://git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
RELEASE="upgrade-$(date +%s)-${SEED}"
create_chart "${TEST_TEMP_DIR}"

run helm upgrade -i "${RELEASE}" "${TEST_TEMP_DIR}/chart" --no-hooks -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "STATUS: deployed"
assert_output --partial "[helm-secrets] Removed: "
assert [ ! -f "${FILE}.dec" ]

run kubectl get svc -o yaml -l "app.kubernetes.io/name=chart,app.kubernetes.io/instance=${RELEASE}"
assert_success
assert_output --partial "port: 81"
}
63 changes: 47 additions & 16 deletions tests/unit/template.bats
Original file line number Diff line number Diff line change
Expand Up @@ -196,8 +196,42 @@ load '../bats/extensions/bats-file/load'
assert_file_not_exist "${FILE}.dec"
}

@test "template: helm template w/ chart + secrets.yaml + sops://" {
@test "template: helm template w/ chart + secrets.yaml + http://" {
if ! is_driver_sops; then
# For vault its pretty hard to have a committed files with temporary seed of this test run
skip
fi
FILE="https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"

create_chart "${TEST_TEMP_DIR}"

run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "port: 81"
assert_output --partial "[helm-secrets] Removed: "
}

@test "template: helm template w/ chart + secrets.yaml + git://" {
if is_windows || ! is_driver_sops; then
# For vault its pretty hard to have a committed files with temporary seed of this test run
skip
fi
helm_plugin_install "git"
FILE="git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"

create_chart "${TEST_TEMP_DIR}"

run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "port: 81"
assert_output --partial "[helm-secrets] Removed: "
}


@test "template: helm template w/ chart + secrets.yaml + sops://" {
if is_windows ; then
skip
fi

Expand All @@ -211,7 +245,7 @@ load '../bats/extensions/bats-file/load'
}

@test "template: helm template w/ chart + secrets.yaml + secret://" {
if is_windows || ! is_driver_sops; then
if is_windows ; then
skip
fi

Expand All @@ -225,7 +259,7 @@ load '../bats/extensions/bats-file/load'
}

@test "template: helm template w/ chart + secrets.yaml + secrets://" {
if is_windows || ! is_driver_sops; then
if is_windows ; then
skip
fi

Expand All @@ -238,35 +272,32 @@ load '../bats/extensions/bats-file/load'
assert_output --partial "port: 81"
}

@test "template: helm template w/ chart + secrets.yaml + http://" {
if ! is_driver_sops; then
@test "template: helm template w/ chart + secrets.yaml + secrets://http://" {
if is_windows || ! is_driver_sops; then
# For vault its pretty hard to have a committed files with temporary seed of this test run
skip
fi

FILE="https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"
FILE="secrets://https://raw.githubusercontent.com/jkroepke/helm-secrets/master/tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml"

create_chart "${TEST_TEMP_DIR}"

run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
run helm template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "port: 81"
assert_output --partial "[helm-secrets] Removed: "
}

@test "template: helm template w/ chart + secrets.yaml + git://" {
if ! is_driver_sops || is_windows; then
@test "template: helm template w/ chart + secrets.yaml + secrets://git://" {
if is_windows || ! is_driver_sops; then
# For vault its pretty hard to have a committed files with temporary seed of this test run
skip
fi

helm_plugin_install "git"
FILE="git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"
FILE="secrets://git+https://github.com/jkroepke/helm-secrets@tests/assets/values/${HELM_SECRETS_DRIVER}/secrets.yaml?ref=master"

create_chart "${TEST_TEMP_DIR}"

run helm secrets template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
run helm template "${TEST_TEMP_DIR}/chart" -f "${FILE}" 2>&1
assert_success
assert_output --partial "[helm-secrets] Decrypt: ${FILE}"
assert_output --partial "port: 81"
assert_output --partial "[helm-secrets] Removed: "
}

0 comments on commit 7ce4051

Please sign in to comment.