forked from toolshed/abra
339 lines
9.3 KiB
Bash
339 lines
9.3 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
setup_file(){
|
|
load "$PWD/tests/integration/helpers/common"
|
|
_common_setup
|
|
_add_server
|
|
|
|
# NOTE(d1): create new app without secrets
|
|
run $ABRA app new "$TEST_RECIPE" \
|
|
--no-input \
|
|
--server "$TEST_SERVER" \
|
|
--domain "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
|
|
}
|
|
|
|
teardown_file(){
|
|
_rm_app
|
|
_rm_server
|
|
_reset_recipe
|
|
}
|
|
|
|
setup(){
|
|
load "$PWD/tests/integration/helpers/common"
|
|
_common_setup
|
|
}
|
|
|
|
teardown(){
|
|
_reset_recipe
|
|
_reset_app
|
|
|
|
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all --no-input
|
|
}
|
|
|
|
@test "generate: validate arguments" {
|
|
run $ABRA app secret generate
|
|
assert_failure
|
|
|
|
run $ABRA app secret generate DOESNTEXIST
|
|
assert_failure
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN"
|
|
assert_failure
|
|
assert_output --partial 'missing arguments'
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" test_pass_one
|
|
assert_failure
|
|
assert_output --partial 'missing arguments'
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" testSecret testVersion --all
|
|
assert_failure
|
|
assert_output --partial 'cannot use'
|
|
assert_output --partial "'--all' together"
|
|
}
|
|
|
|
@test "generate: single secret no match" {
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" DOESNTEXIST v1
|
|
assert_failure
|
|
assert_output --partial "doesn't exist in the env config"
|
|
}
|
|
|
|
@test "generate: create secrets" {
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'test_pass_one'
|
|
assert_output --partial 'test_pass_two'
|
|
assert_output --partial 'false'
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
|
|
assert_success
|
|
assert_output --partial 'test_pass_one'
|
|
assert_output --partial 'test_pass_two'
|
|
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'test_pass_one'
|
|
assert_output --partial 'test_pass_two'
|
|
assert_output --partial 'true'
|
|
|
|
run docker -c "$TEST_SERVER" secret ls
|
|
assert_success
|
|
assert_output --partial 'test_pass_one'
|
|
assert_output --partial 'test_pass_two'
|
|
}
|
|
|
|
@test "generate: broken if missing version" {
|
|
run sed -i '/SECRET_TEST_PASS_ONE_VERSION=.*/d' \
|
|
"$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
|
|
assert_success
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
|
|
assert_failure
|
|
assert_output --partial 'missing version'
|
|
}
|
|
|
|
@test "generate: use version from app env" {
|
|
run sed -i 's/SECRET_TEST_PASS_ONE_VERSION=v1/SECRET_TEST_PASS_ONE_VERSION=v2/g' \
|
|
"$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
|
|
assert_success
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
|
|
assert_success
|
|
assert_output --partial 'test_pass_one'
|
|
|
|
run bash -c '$ABRA app secret ls $TEST_APP_DOMAIN --machine | \
|
|
jq -r ".[] | select(.name==\"test_pass_one\") | .version"'
|
|
assert_success
|
|
assert_output --partial 'v2'
|
|
refute_output --partial 'v1'
|
|
}
|
|
|
|
@test "generate: generate extra secret based on COMPOSE_FILE" {
|
|
run sed -i 's/COMPOSE_FILE="compose.yml"/COMPOSE_FILE="compose.yml:compose.extra_secret.yml"/g' \
|
|
"$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
|
|
assert_success
|
|
|
|
run sed -i 's/#SECRET_EXTRA_PASS_VERSION=v1/SECRET_EXTRA_PASS_VERSION=v1/g' \
|
|
"$ABRA_DIR/servers/$TEST_SERVER/$TEST_APP_DOMAIN.env"
|
|
assert_success
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
|
|
assert_success
|
|
assert_output --partial 'extra_pass'
|
|
|
|
run docker -c "$TEST_SERVER" secret ls
|
|
assert_success
|
|
assert_output --partial "$TEST_APP_DOMAIN_extra_pass_v1"
|
|
}
|
|
|
|
@test "generate: bail if unstaged changes and no --chaos" {
|
|
run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_success
|
|
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
|
|
assert_failure
|
|
assert_output --partial 'locally unstaged changes'
|
|
|
|
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_equal "$(_git_status)" "?? foo"
|
|
|
|
run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
}
|
|
|
|
@test "generate: do not generate if not enabled" {
|
|
run sed -i '/- test_pass_one/d' "$ABRA_DIR/recipes/$TEST_RECIPE/compose.yml"
|
|
assert_success
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all --chaos
|
|
assert_success
|
|
assert_output --partial 'test_pass_one not enabled'
|
|
}
|
|
|
|
@test "generate: ensure secret name uses trimmed stack name" {
|
|
# NOTE(d1): 45 chars, to ensure that the app name must be trimmed
|
|
testAppDomain="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
|
|
|
run $ABRA app new "$TEST_RECIPE" \
|
|
--no-input \
|
|
--server "$TEST_SERVER" \
|
|
--domain "$testAppDomain.$TEST_SERVER" \
|
|
--secrets \
|
|
--debug
|
|
assert_success
|
|
assert_exists "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
|
|
assert_output --partial "avoid runtime limits"
|
|
|
|
run $ABRA app secret rm "$testAppDomain.$TEST_SERVER" --all
|
|
assert_success
|
|
|
|
run rm -rf "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
|
|
assert_success
|
|
assert_not_exists "$ABRA_DIR/servers/$TEST_SERVER/$testAppDomain.$TEST_SERVER.env"
|
|
}
|
|
|
|
@test "generate: secret length honoured" {
|
|
run bash -c '$ABRA app secret generate "$TEST_APP_DOMAIN" --all --machine \
|
|
| jq -r ".[] | select(.name==\"test_pass_two\") | .value" | awk "{print length}"'
|
|
assert_success
|
|
assert_output --partial '10' # NOTE(d1): hardcoded # length=10 in recipe config
|
|
}
|
|
|
|
@test "insert: validate arguments" {
|
|
run $ABRA app secret insert
|
|
assert_failure
|
|
|
|
run $ABRA app secret insert "$TEST_APP_DOMAIN"
|
|
assert_failure
|
|
|
|
run $ABRA app secret insert "$TEST_APP_DOMAIN" bar
|
|
assert_failure
|
|
|
|
run $ABRA app secret insert "$TEST_APP_DOMAIN" bar baz
|
|
assert_failure
|
|
}
|
|
|
|
@test "insert: create secret" {
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'false'
|
|
|
|
run $ABRA app secret insert "$TEST_APP_DOMAIN" test_pass_one v1 foo
|
|
assert_success
|
|
assert_output --partial 'successfully stored on server'
|
|
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'true'
|
|
}
|
|
|
|
@test "insert: create secret from file" {
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'false'
|
|
|
|
run bash -c "echo bar >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
|
|
run $ABRA app secret insert \
|
|
--chaos \
|
|
--file "$TEST_APP_DOMAIN" test_pass_one v1 "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_success
|
|
assert_output --partial 'successfully stored on server'
|
|
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN" --chaos
|
|
assert_success
|
|
assert_output --partial 'true'
|
|
}
|
|
|
|
@test "rm: validate arguments" {
|
|
run $ABRA app secret rm
|
|
assert_failure
|
|
|
|
run $ABRA app secret rm DOESNTEXIST
|
|
assert_failure
|
|
|
|
run $ABRA app secret rm "$TEST_APP_DOMAIN"
|
|
assert_failure
|
|
|
|
run $ABRA app secret rm "$TEST_APP_DOMAIN" test_pass_one --all
|
|
assert_failure
|
|
assert_output --regexp 'cannot use .* together'
|
|
}
|
|
|
|
@test "rm: single secret no match" {
|
|
run $ABRA app secret rm "$TEST_APP_DOMAIN" foo_password
|
|
assert_failure
|
|
assert_output --partial "doesn't exist on server"
|
|
}
|
|
|
|
@test "rm: no secret match" {
|
|
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
|
|
assert_failure
|
|
assert_output --partial 'no secrets to remove'
|
|
}
|
|
|
|
@test "rm: remove secret" {
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
|
|
assert_success
|
|
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'true'
|
|
|
|
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
|
|
assert_success
|
|
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'false'
|
|
}
|
|
|
|
@test "rm: bail if unstaged changes and no --chaos" {
|
|
run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_success
|
|
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
|
|
run $ABRA app secret rm "$TEST_APP_DOMAIN" --all
|
|
assert_failure
|
|
assert_output --partial 'locally unstaged changes'
|
|
|
|
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_equal "$(_git_status)" "?? foo"
|
|
|
|
run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
}
|
|
|
|
@test "ls: validate arguments" {
|
|
run $ABRA app secret ls
|
|
assert_failure
|
|
|
|
run $ABRA app secret ls DOESNTEXIST
|
|
assert_failure
|
|
}
|
|
|
|
@test "ls: show secrets" {
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'false'
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
|
|
assert_success
|
|
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'true'
|
|
}
|
|
|
|
@test "ls: show secrets as machine readable" {
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_success
|
|
assert_output --partial 'false'
|
|
|
|
run $ABRA app secret generate "$TEST_APP_DOMAIN" --all
|
|
assert_success
|
|
|
|
run bash -c '$ABRA app secret ls "$TEST_APP_DOMAIN" --machine \
|
|
| jq -r ".[] | select(.name==\"test_pass_two\") | .version"'
|
|
assert_success
|
|
assert_output --partial 'v1'
|
|
}
|
|
|
|
@test "ls: bail if unstaged changes and no --chaos" {
|
|
run bash -c "echo foo >> $ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_success
|
|
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
|
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
|
assert_failure
|
|
assert_output --partial 'locally unstaged changes'
|
|
|
|
assert_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_equal "$(_git_status)" "?? foo"
|
|
|
|
run rm -rf "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
assert_not_exists "$ABRA_DIR/recipes/$TEST_RECIPE/foo"
|
|
}
|