bbichero/abra
0
0
Fork 0
forked from toolshed/abra
Code Pull Requests Activity

test: secret generation & --offline/chaos handling tests

Browse Source
This commit is contained in:
decentral1se 2023-09-25 10:33:15 +02:00
parent ce4b775428
commit c065ceb1f0
Signed by untrusted user: decentral1se
GPG Key ID: 03789458B3D0C410
4 changed files with 273 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tests/integration/app_deploy.bats
View File

@ -86,7 +86,10 @@ teardown(){
run $ABRA app deploy "$TEST_APP_DOMAIN" --no-input --no-converge-checks run $ABRA app deploy "$TEST_APP_DOMAIN" --no-input --no-converge-checks
assert_success assert_success
_reset_recipe "$TEST_RECIPE" run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" status
refute_output --partial 'behind 3'
_reset_recipe
_undeploy_app _undeploy_app
} }
@ -107,7 +110,7 @@ teardown(){
assert_output --partial 'behind 3' assert_output --partial 'behind 3'
_undeploy_app _undeploy_app
_reset_recipe "$TEST_RECIPE" _reset_recipe
} }
# bats test_tags=slow # bats test_tags=slow

98
tests/integration/app_new.bats
View File

@ -7,20 +7,17 @@ setup_file(){
} }
teardown_file(){ teardown_file(){
_rm_app
_rm_server _rm_server
} }
setup(){ setup(){
load "$PWD/tests/integration/helpers/common" load "$PWD/tests/integration/helpers/common"
_common_setup _common_setup
_fetch_recipe
} }
teardown(){ teardown(){
# https://github.com/bats-core/bats-core/issues/383#issuecomment-738628888 _rm_app
if [[ -z "${BATS_TEST_COMPLETED}" ]]; then
_undeploy_app
fi
} }
@test "create new app" { @test "create new app" {
@ -30,8 +27,6 @@ teardown(){
--domain "$TEST_APP_DOMAIN" --domain "$TEST_APP_DOMAIN"
assert_success assert_success
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env" assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
_rm_app
} }
@test "does not overwrite existing env files" { @test "does not overwrite existing env files" {
@ -43,8 +38,93 @@ teardown(){
--domain "$TEST_APP_DOMAIN" --domain "$TEST_APP_DOMAIN"
assert_failure assert_failure
assert_output --partial 'already exists' assert_output --partial 'already exists'
}
_rm_app @test "bail if unstaged changes and no --chaos" {
run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_success
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" status
assert_success
assert_output --partial 'foo'
run $ABRA app new "$TEST_RECIPE" \
--no-input \
--server "$TEST_SERVER" \
--domain "$TEST_APP_DOMAIN"
assert_failure
assert_output --partial 'locally unstaged changes'
run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
}
@test "do not bail if unstaged changes and --chaos" {
run bash -c 'echo "unstaged changes" >> "$ABRA_DIR/recipes/$TEST_RECIPE/foo"'
assert_success
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" status
assert_success
assert_output --partial 'foo'
run $ABRA app new "$TEST_RECIPE" \
--no-input \
--chaos \
--server "$TEST_SERVER" \
--domain "$TEST_APP_DOMAIN" \
--secrets
assert_success
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
}
@test "ensure recipe up to date if no --offline" {
run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" reset --hard HEAD~3
assert_success
run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" status
assert_output --partial 'behind 3'
run $ABRA app new "$TEST_RECIPE" \
--no-input \
--server "$TEST_SERVER" \
--domain "$TEST_APP_DOMAIN" \
--secrets
assert_success
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" status
refute_output --partial 'behind 3'
_reset_recipe
}
@test "ensure recipe not up to date if --offline" {
run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" reset --hard HEAD~3
assert_success
run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" status
assert_output --partial 'behind 3'
# NOTE(d1): need to use --chaos to force same commit
run $ABRA app new "$TEST_RECIPE" \
--no-input \
--offline \
--chaos \
--server "$TEST_SERVER" \
--domain "$TEST_APP_DOMAIN" \
--secrets
assert_success
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
run git -C "$ABRA_DIR/recipes/$TEST_RECIPE" status
assert_output --partial 'behind 3'
_reset_recipe
} }
@test "generate secrets" { @test "generate secrets" {
@ -54,6 +134,8 @@ teardown(){
--domain "$TEST_APP_DOMAIN" \ --domain "$TEST_APP_DOMAIN" \
--secrets --secrets
assert_success assert_success
assert_output --partial 'generated secrets'
assert_output --partial 'test_password'
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env" assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
run $ABRA app secret ls "$TEST_APP_DOMAIN" run $ABRA app secret ls "$TEST_APP_DOMAIN"

173
tests/integration/app_secret.bats
View File

@ -5,15 +5,9 @@ setup_file(){
_common_setup _common_setup
_add_server _add_server
_new_app _new_app
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
assert_success
} }
teardown_file(){ teardown_file(){
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
assert_success
_rm_app _rm_app
_rm_server _rm_server
} }
@ -23,6 +17,9 @@ teardown(){
if [[ -z "${BATS_TEST_COMPLETED}" ]]; then if [[ -z "${BATS_TEST_COMPLETED}" ]]; then
_undeploy_app _undeploy_app
fi fi
# NOTE(d1): teardown secrets from "--secrets" in _new_app
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
} }
setup(){ setup(){
@ -58,15 +55,147 @@ setup(){
@test "generate: create secrets" { @test "generate: create secrets" {
run $ABRA app secret ls "$TEST_APP_DOMAIN" run $ABRA app secret ls "$TEST_APP_DOMAIN"
assert_success assert_success
assert_output --partial 'test_pass_one'
assert_output --partial 'test_pass_two'
refute_output --partial 'extra_pass'
assert_output --partial 'false' assert_output --partial 'false'
refute_output --partial 'true'
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
assert_success assert_success
assert_output --partial 'test_pass_one'
assert_output --partial 'test_pass_two'
refute_output --partial 'extra_pass'
run $ABRA app secret ls "$TEST_APP_DOMAIN" run $ABRA app secret ls "$TEST_APP_DOMAIN"
assert_success assert_success
assert_output --partial 'test_pass_one'
assert_output --partial 'test_pass_two'
refute_output --partial 'extra_pass'
refute_output --partial 'false'
assert_output --partial 'true' assert_output --partial 'true'
run docker -c "$TEST_SERVER" secret ls
assert_success
assert_output --partial 'test_pass_one'
assert_output --partial 'test_pass_two'
refute_output --partial 'extra_pass'
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
assert_success
}
@test "generate: broken if missing version" {
run sed -i '/SECRET_TEST_PASS_ONE_VERSION=.*/d' \
"$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
assert_success
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
assert_failure
assert_output --partial 'missing version'
_reset_app
}
@test "generate: use version from app env" {
run sed -i 's/SECRET_TEST_PASS_ONE_VERSION=v1/SECRET_TEST_PASS_ONE_VERSION=v2/g' \
"$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
assert_success
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
assert_success
assert_output --partial 'test_pass_one'
run docker -c "$TEST_SERVER" secret ls
assert_success
assert_output --partial "test_pass_one_v2"
refute_output --partial "test_pass_one_v1"
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
assert_success
_reset_app
}
@test "generate: generate extra secret based on COMPOSE_FILE" {
run sed -i 's/COMPOSE_FILE="compose.yml"/COMPOSE_FILE="compose.yml:compose.extra_secret.yml"/g' \
"$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
assert_success
run sed -i 's/#SECRET_EXTRA_PASS_VERSION=v1/SECRET_EXTRA_PASS_VERSION=v1/g' \
"$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
assert_success
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
assert_success
assert_output --partial 'extra_pass'
run docker -c "$TEST_SERVER" secret ls
assert_success
assert_output --partial "$TEST_APP_DOMAIN_extra_pass_v1"
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
assert_success
_reset_app
}
@test "generate: bail if unstaged changes and no --chaos" {
run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_success
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
assert_failure
assert_output --partial 'locally unstaged changes'
run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
}
@test "generate: do not generate if not enabled" {
run sed -i '/- test_pass_one/d' "$ABRA_DIR/recipes/$TEST_RECIPE/compose.yml"
assert_success
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all --chaos
assert_success
refute_output --partial 'test_pass_one'
assert_output --partial 'test_pass_two'
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all --chaos
assert_success
_checkout_recipe
}
@test "generate: ensure secret name uses trimmed stack name" {
# NOTE(d1): 45 chars, to ensure that the app name must be trimmed
testAppDomain="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
run $ABRA app new "$TEST_RECIPE" \
--no-input \
--server "$TEST_SERVER" \
--domain "$testAppDomain.$TEST_SERVER" \
--secrets \
--debug
assert_success
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
assert_output --partial "avoid runtime limits"
run $ABRA app secret rm "$testAppDomain.$TEST_SERVER" --all
assert_success
run rm -rf "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
assert_success
assert_not_exists "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
}
@test "generate: secret length honoured" {
run bash -c '$ABRA app secret generate "$TEST_APP_DOMAIN" --all --machine \
| jq -r ".[] | select(.name==\"test_pass_two\") | .value" | awk "{print length}"'
assert_success
assert_output --partial '10' # NOTE(d1): hardcoded # length=10 in recipe config
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
assert_success assert_success
} }
@ -94,7 +223,7 @@ setup(){
assert_success assert_success
assert_output --partial 'false' assert_output --partial 'false'
run $ABRA app secret insert "$TEST_APP_DOMAIN" test_password v1 foo run $ABRA app secret insert "$TEST_APP_DOMAIN" test_pass_one v1 foo
assert_success assert_success
assert_output --partial 'successfully stored on server' assert_output --partial 'successfully stored on server'
@ -102,7 +231,7 @@ setup(){
assert_success assert_success
assert_output --partial 'true' assert_output --partial 'true'
run $ABRA app secret rm "$TEST_APP_DOMAIN" test_password run $ABRA app secret rm "$TEST_APP_DOMAIN" test_pass_one
assert_success assert_success
} }
@ -119,7 +248,7 @@ setup(){
assert_failure assert_failure
assert_output --partial 'no secret(s) specified' assert_output --partial 'no secret(s) specified'
run $ABRA app secret rm "$TEST_APP_DOMAIN" test_password --all run $ABRA app secret rm "$TEST_APP_DOMAIN" test_pass_one --all
assert_failure assert_failure
assert_output --partial 'cannot use' assert_output --partial 'cannot use'
assert_output --partial "'--all' together" assert_output --partial "'--all' together"
@ -153,6 +282,19 @@ setup(){
assert_output --partial 'false' assert_output --partial 'false'
} }
@test "rm: bail if unstaged changes and no --chaos" {
run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_success
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
assert_failure
assert_output --partial 'locally unstaged changes'
run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
}
@test "ls: validate arguments" { @test "ls: validate arguments" {
run $ABRA app secret ls run $ABRA app secret ls
assert_failure assert_failure
@ -178,3 +320,16 @@ setup(){
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
assert_success assert_success
} }
@test "ls: bail if unstaged changes and no --chaos" {
run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_success
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
run $ABRA app secret ls "$TEST_APP_DOMAIN"
assert_failure
assert_output --partial 'locally unstaged changes'
run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
}

14
tests/integration/helpers/app.bash
View File

@ -40,3 +40,17 @@ _rm_app() {
run $ABRA app remove "$TEST_APP_DOMAIN" --no-input run $ABRA app remove "$TEST_APP_DOMAIN" --no-input
fi fi
} }
_reset_app(){
run rm -rf "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
assert_success
assert_not_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
run $ABRA app new "$TEST_RECIPE" \
--no-input \
--server "$TEST_SERVER" \
--domain "$TEST_APP_DOMAIN" \
--secrets
assert_success
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
}