✅ Added tests for new features

antoinemartin · antoinemartin · commit 96b5b3cd7d34 · 2023-02-06T08:31:57.000Z
diff --git a/.sops.yaml b/.sops.yaml
@@ -1,2 +1,3 @@
 creation_rules:
-  - encrypted_regex: '^(data|stringData)$'
+  - encrypted_regex: "^(data|stringData)$"
+    age: age166k86d56ejs2ydvaxv2x3vl3wajny6l52dlkncf2k58vztnlecjs0g5jqq
diff --git a/tests/sops-generator/expected/secrets.yaml b/tests/sops-generator/expected/secrets.yaml
@@ -0,0 +1,30 @@
+apiVersion: config.kaweezle.com/v1alpha1
+kind: PlatformSecrets
+metadata:
+  name: autocloud-secrets
+data:
+  cloudflare:
+    credentials.json: |
+      {"AccountTag":"6b713ba4794bb6898c335a6e5e964bc0","TunnelSecret":"0rGDN8oqEVFWYvtUxPCckKpEMiM9I4bOuUsDXNXJVinSTHWs","TunnelID":"ca955c21-2606-4a5d-b217-341a3d12755e"}
+    apiKey: 597aa3a9f23465a7a2f133fda2b7fd11e82211df
+  ovh:
+    application_secret: 29s5X1U9YjFeRhjwat0gLIunwcsHKPe4
+    consumer_key: pZzUg3Ux3mig3V50xOpUPK1BgCNK6Dal
+  github:
+    password: ghp_yHlZKZnbqd8uyTWL8LIuixxh8KOKViwTcXWJ
+    webhook_secret: 3AbUHdd35WE4HzYpk53jvzybY9QW4GDY
+    oidc_client_secret: 72d2976fcf260480dc3a2c392ef4a1cecba348a8
+    ssh_key: |
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+      QyNTUxOQAAACA4nXPm/isSCn3Jmsj2cqBIRhoZ6ZTegcxgFZhDKJXDTwAAAJgOYygIDmMo
+      CAAAAAtzc2gtZWQyNTUxOQAAACA4nXPm/isSCn3Jmsj2cqBIRhoZ6ZTegcxgFZhDKJXDTw
+      AAAECApDmEpcj6BVxPhdt2ZJB5llYEcGKmapyGXlg/y9Sjejidc+b+KxIKfcmayPZyoEhG
+      GhnplN6BzGAVmEMolcNPAAAAD2FudG9pbmVAbXJ0bi5mcgECAwQFBg==
+      -----END OPENSSH PRIVATE KEY-----
+  sops:
+    age_key.txt: IyBjcmVhdGVkOiAyMDIzLTAxLTE5VDE5OjQxOjQ1WgojIHB1YmxpYyBrZXk6IGFnZTE2Nms4NmQ1NmVqczJ5ZHZheHYyeDN2bDN3YWpueTZsNTJkbGtuY2YyazU4dnp0bmxlY2pzMGc1anFxCkFHRS1TRUNSRVQtS0VZLTE1UktUUFFDQ0xXTTdFSFE4SkVQMFRRTFVXSkFFQ1ZQNzMzMk0zWlAwUkw5UjdKVDdNWjZTWTc5VjhRCg==
+  argocd:
+    admin_password: $2a$10$xdlX460lf/WbJNZU5bBoROj6U7oKgPbEcBrnXaemA6gsCzrAJtQ3y
+  chisel:
+    AUTH: user:password
diff --git a/tests/sops-generator/functions/secrets.yaml b/tests/sops-generator/functions/secrets.yaml
@@ -0,0 +1,47 @@
+apiVersion: krmfnbuiltin.kaweezle.com/v1alpha1
+kind: SopsGenerator
+metadata:
+    name: autocloud-secrets
+    annotations:
+        config.kaweezle.com/path: secrets.yaml
+        config.kubernetes.io/function: |
+            exec:
+              path: ../../krmfnbuiltin
+data:
+    cloudflare:
+        credentials.json: ENC[AES256_GCM,data:BlMhafSS7U5ntdsXAOasRX3O2/f1J3bUfTn9NEjZomWLItDr0K+4/69UGMjSCfQgwx23YcHCD2ZWgOk6TnN0sqjXV9DuRpU9uCInk0gNgjUDGymnPjxK2mYxhybjhSuIh89ml1CZnjnDG5jRgcXLgJFzjR2esIqMufiQyJoj+cB3wY86o1srHZL47QD2XxMUeitI3QfWVEDTpQbdlNn6iVfVOUtWiA==,iv:5b+cilKQykqnO1yluXan2LVFX6a/kmccI+BQ3sZrq2Q=,tag:wLeubY5J0sqlJ9BMRRzHWg==,type:str]
+        apiKey: ENC[AES256_GCM,data:+luyBXKTRGs8k0EYjZzqoHFPP+PmnG4tND6SNCYTNQ5CaNUBOviOQA==,iv:j6niJC5BwYxhrw0wmQsD8fmkPo8cgacSbW8N1/Hi+hQ=,tag:uk75i1k+izzrK2CkjB8new==,type:str]
+    ovh:
+        application_secret: ENC[AES256_GCM,data:vXNXYymgcX6ZQPKN65aBHtWNxdqDJ7/kAvFc9W2qCrw=,iv:It3NPmTaZXwgRIPIolHo0h7w6vzAnvaLTcDQjBFFBZQ=,tag:f/3PD1ZVN7LzfDZ7GTav3A==,type:str]
+        consumer_key: ENC[AES256_GCM,data:q8iyMNPnKf/Or1gnnuHBPfX9X+5fsh5OxA0DxjnWric=,iv:dc5vRzH87jEYpQC6XZ89lPRgDFLig+rsBf3E6FBTHSk=,tag:ZIgPYc3Ro0gOMYxdBBwRsw==,type:str]
+    github:
+        password: ENC[AES256_GCM,data:InIPLpv58jMMpjp8sGVIfpxJ9HzAu3IIpSM6Jb8pUPzuJbWMxabQ6w==,iv:akbY8UCLloyAkkK0sLYk5KZ06+4EORv3rm7vZGwjWks=,tag:SXUtA28tHFKAFh4XL2w/XA==,type:str]
+        webhook_secret: ENC[AES256_GCM,data:ltrWxAW6hKTl7gZcDgMgu1IOwu6X07F+2TQFaMKrb1Q=,iv:lmX/M40uykMTwBY/kaoGXkeSCqAQ5Uq+bNK4slQOQyU=,tag:tyvEywVE1R1Eo8+w1lGlPA==,type:str]
+        oidc_client_secret: ENC[AES256_GCM,data:d/kIhME8Ubuo4buueV6KGvcQwU5ZMR7TRjcRmSog/yicUGsY9IAN7Q==,iv:/JZsC6tAwvj+TFHrGRjwD3an1iD52S6KVzkZBU4/JJk=,tag:4dJ+4bjI2yRcGzRuPKeQRw==,type:str]
+        ssh_key: ENC[AES256_GCM,data:WHuUNL2zbA7Cf5CqoJ01RcVHcNdyKoTjaGXFIR60Q5yG+QSvAzJ4kCQevSVZAW7DokZYglA2bUtlDu61Gd2RFwWQJIQQgV2BTYbi/xAqta/8Inby7cKT3nH44Covws8LxUp/aZfls5SRS7kLgh/y8ispyJdCoanaPa73yvKInSLc1+fEt7FUh/O+rovJEEEZotXlhARoanZ5H+KrCff8uYv5d16ALII9PccLkIxcZYv/qXGSPZgmTVAOjMdDkw3jrr3xrk3xg34jNSjY964kxZ/P5NrnA4W99pU7fODZeRP/xyUt2MiAkktXODKBqgdZJ9RyNUXF2M8wzVqniCHb88lVj5HR5tqu/q4LyITIEPU1rRbFuRsV9gnT7VAUNiLzvvrKQ2/d8RzV3sU4U4PaAF+chtaKvSosd9BnUfjhhmaSr/vgsQsX34mdHdXoFOORKc+wclAF9p+/I36TEcOiqM7cazmADozj1ZNJ9gMySaC91IOaF7+bLE57ypaXfv68zHRNjdIro7QgwbS9yT9o4bE+0vQf40bl+/HY,iv:NMoplOfxWMZ4uKtOD4nAcgbUF9uL1lywILoSfBoY7qA=,tag:2dVYmbm5nYfjHuuOcJ8ncA==,type:str]
+    sops:
+        age_key.txt: ENC[AES256_GCM,data:/+aTppVhVAx2ZeKojI2A9LmMaV5GlFRAs2P6MBklaAF9E8gXb/UD4oBL7SZunw6osl0YQ3v5q8nGPrciRJ0pR6zjZ+BZqtEAAEpVlPv63PXB00KCOJhjlqKfxWiydacSI0GrgG+ua1k71rqTctiNy9CUoi3FNXvOJXVMsXzGl8YlkOX0qlbT1jOibLEmFWNUv10mRp4KidUfejGm5TGn1Q/M8KQi1BpK7EcdfBsAoFhriPBVDscqCLRWsnSPROEocnAJKFsfUs6a0A2Gwzxv/UcK0FHsn0BhnkL97Okxc71TXdatOuS4bdhi6F17zPaibsPy/ywv53c=,iv:MqyVHocL4zBG4dT2MtlSTEgW1r7TEMk6SA0ws2dtcmg=,tag:1sS0hG/PuZVMeTkfvNfjuA==,type:str]
+    argocd:
+        admin_password: ENC[AES256_GCM,data:xAYetqD6bK+a0RQ6HaY+re486hlMcWIuGbYsaj3+KtV+Zk/4Vc1GtjrXgaJLizj083B1Ku7bFvOrl6r/,iv:BxM/33tG2RxQk/IzJKk2XHNigax0wdWk/1UPgKGib8s=,tag:dTczApIQ+WbunrIH8Nje3A==,type:str]
+    chisel:
+        AUTH: ENC[AES256_GCM,data:Z4jqrFNLMu7s+n073g==,iv:2VrKCiJbFRvxgRzy+BFsfeon0kaAjZ88Vp4iaQRACvc=,tag:OE1KL24zg4U8znI22El+UA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age166k86d56ejs2ydvaxv2x3vl3wajny6l52dlkncf2k58vztnlecjs0g5jqq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbENqdGU4WTdqZkpoMWRp
+            QVpzcmJTSWxwRC8rK1dpMm41QkpVNVJ4RXpRCi9XYnRJcEhlWDhOalRMRVZFMzlY
+            TUNqbFkrUUxsVnU3NEh0QlpkczVwV0kKLS0tIGVZeTNVbzYzck1GRG9qVENxNmQ5
+            bldBTnc3UXQvTWNHSnZDTzJpaG5LVW8KT6ISyKOyjkhaqaZcbb7F1BfAXXmmB1st
+            SsDJRd8GB6Me/JOeoXgRZJxYJNY0c/Gj/MZd5/YKjKaAmahfFd5wPA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-02-05T21:26:29Z"
+    mac: ENC[AES256_GCM,data:nn+Zw4HbYbmqqTattvQCNv9wsg8pnA5WwINh/wujH3EpN/79G/A3lMhEiU/ItzEhr4Mr5C5zEnaPCBA7PBW+JPeMpNSYDQhnIvdm+Pyov22f6f5S7bhogeIdEi3Gk0ACIVxgW3k55Oby/fachbBKomc0tca1Wxz2/bQYIF+TVrI=,iv:FyOcWVXKS4XarZ8dJiTau3WcRwO/jsfiDosV9Yfwi4U=,tag:23HlsxeZ4XRm1CLn0eUy0A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3
diff --git a/tests/sops-generator/original/.gitkeep b/tests/sops-generator/original/.gitkeep
diff --git a/tests/sops-generator/source/secrets.dec.yaml b/tests/sops-generator/source/secrets.dec.yaml
@@ -0,0 +1,35 @@
+apiVersion: krmfnbuiltin.kaweezle.com/v1alpha1
+kind: SopsGenerator
+metadata:
+  name: autocloud-secrets
+  annotations:
+    config.kaweezle.com/path: "secrets.yaml"
+    config.kubernetes.io/function: |
+      exec:
+        path: ../../krmfnbuiltin
+data:
+  cloudflare:
+    credentials.json: |
+      {"AccountTag":"6b713ba4794bb6898c335a6e5e964bc0","TunnelSecret":"0rGDN8oqEVFWYvtUxPCckKpEMiM9I4bOuUsDXNXJVinSTHWs","TunnelID":"ca955c21-2606-4a5d-b217-341a3d12755e"}
+    apiKey: 597aa3a9f23465a7a2f133fda2b7fd11e82211df
+  ovh:
+    application_secret: 29s5X1U9YjFeRhjwat0gLIunwcsHKPe4
+    consumer_key: pZzUg3Ux3mig3V50xOpUPK1BgCNK6Dal
+  github:
+    password: ghp_yHlZKZnbqd8uyTWL8LIuixxh8KOKViwTcXWJ
+    webhook_secret: 3AbUHdd35WE4HzYpk53jvzybY9QW4GDY
+    oidc_client_secret: 72d2976fcf260480dc3a2c392ef4a1cecba348a8
+    ssh_key: |
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+      QyNTUxOQAAACA4nXPm/isSCn3Jmsj2cqBIRhoZ6ZTegcxgFZhDKJXDTwAAAJgOYygIDmMo
+      CAAAAAtzc2gtZWQyNTUxOQAAACA4nXPm/isSCn3Jmsj2cqBIRhoZ6ZTegcxgFZhDKJXDTw
+      AAAECApDmEpcj6BVxPhdt2ZJB5llYEcGKmapyGXlg/y9Sjejidc+b+KxIKfcmayPZyoEhG
+      GhnplN6BzGAVmEMolcNPAAAAD2FudG9pbmVAbXJ0bi5mcgECAwQFBg==
+      -----END OPENSSH PRIVATE KEY-----
+  sops:
+    age_key.txt: IyBjcmVhdGVkOiAyMDIzLTAxLTE5VDE5OjQxOjQ1WgojIHB1YmxpYyBrZXk6IGFnZTE2Nms4NmQ1NmVqczJ5ZHZheHYyeDN2bDN3YWpueTZsNTJkbGtuY2YyazU4dnp0bmxlY2pzMGc1anFxCkFHRS1TRUNSRVQtS0VZLTE1UktUUFFDQ0xXTTdFSFE4SkVQMFRRTFVXSkFFQ1ZQNzMzMk0zWlAwUkw5UjdKVDdNWjZTWTc5VjhRCg==
+  argocd:
+    admin_password: $2a$10$xdlX460lf/WbJNZU5bBoROj6U7oKgPbEcBrnXaemA6gsCzrAJtQ3y
+  chisel:
+    AUTH: user:password
diff --git a/tests/sourced-replacement/expected/argocd-cm.yaml b/tests/sourced-replacement/expected/argocd-cm.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+data:
+  configManagementPlugins: |
+    - name: helmfile
+      generate:
+        command: ["/bin/sh", "-c"]
+        args: ["helmfile --namespace $ARGOCD_APP_NAMESPACE template | sed -e '1,/---/d' | sed -e 's|apiregistration.k8s.io/v1beta1|apiregistration.k8s.io/v1|g'"]
+  timeout.reconciliation: "15s"
+  kustomize.buildOptions: "--enable-alpha-plugins --enable-exec"
+  helm.valuesFileSchemes: "secrets+gpg-import, secrets+gpg-import-kubernetes, secrets+age-import, secrets+age-import-kubernetes, secrets, https,http"
+  # resource.exclusions: |
+  #   - apiGroups:
+  #       - "cert-manager.io"
+  #       - "acme.cert-manager.io"
+  #     kinds:
+  #       - "CertificateRequest"
+  #       - "Order"
+  #     clusters:
+  #       - https://kubernetes.default.svc
+  url: https://citest.holepunch.in
+  dex.config: |
+    connectors:
+      # GitHub example
+      - type: github
+        id: github
+        name: GitHub
+        config:
+          clientID: thisisfakeclientid
+          clientSecret: $dex.github.clientSecret
+          loadAllGroups: true
+          teamNameField: slug
+          orgs:
+            - name: thisisfakeorganization
diff --git a/tests/sourced-replacement/functions/argocd-values-replacements.yaml b/tests/sourced-replacement/functions/argocd-values-replacements.yaml
@@ -0,0 +1,28 @@
+apiVersion: krmfnbuiltin.kaweezle.com/v1alpha1
+kind: ReplacementTransformer
+metadata:
+  name: argocd-values-replacements
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        path: ../../krmfnbuiltin
+source: values/properties.yaml
+replacements:
+  - source:
+      name: autocloud-values
+      fieldPath: data.github.clientID
+    targets:
+      - select:
+          kind: ConfigMap
+          name: argocd-cm
+        fieldPaths:
+          - data.dex\.config.!!yaml.connectors.[id=github].config.clientID
+  - source:
+      name: autocloud-values
+      fieldPath: data.github.organization
+    targets:
+      - select:
+          kind: ConfigMap
+          name: argocd-cm
+        fieldPaths:
+          - data.dex\.config.!!yaml.connectors.[id=github].config.orgs.0.name
diff --git a/tests/sourced-replacement/original/argocd-cm.yaml b/tests/sourced-replacement/original/argocd-cm.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+data:
+  configManagementPlugins: |
+    - name: helmfile
+      generate:
+        command: ["/bin/sh", "-c"]
+        args: ["helmfile --namespace $ARGOCD_APP_NAMESPACE template | sed -e '1,/---/d' | sed -e 's|apiregistration.k8s.io/v1beta1|apiregistration.k8s.io/v1|g'"]
+  timeout.reconciliation: "15s"
+  kustomize.buildOptions: "--enable-alpha-plugins --enable-exec"
+  helm.valuesFileSchemes: "secrets+gpg-import, secrets+gpg-import-kubernetes, secrets+age-import, secrets+age-import-kubernetes, secrets, https,http"
+  # resource.exclusions: |
+  #   - apiGroups:
+  #       - "cert-manager.io"
+  #       - "acme.cert-manager.io"
+  #     kinds:
+  #       - "CertificateRequest"
+  #       - "Order"
+  #     clusters:
+  #       - https://kubernetes.default.svc
+  url: https://citest.holepunch.in
+  dex.config: |
+    connectors:
+      # GitHub example
+      - type: github
+        id: github
+        name: GitHub
+        config:
+          clientID: a98a3e6e82b3732c1bf2
+          clientSecret: $dex.github.clientSecret
+          loadAllGroups: true
+          teamNameField: slug
+          orgs:
+            - name: johndoe
diff --git a/tests/sourced-replacement/values/properties.yaml b/tests/sourced-replacement/values/properties.yaml
@@ -0,0 +1,11 @@
+apiVersion: autocloud.config.kaweezle.com/v1alpha1
+kind: PlatformValues
+metadata:
+  name: autocloud-values
+data:
+  github:
+    organization: thisisfakeorganization
+    repository: autocloud
+    repo: antoinemartin/autocloud
+    email: john@doe.me
+    clientID: thisisfakeclientid
diff --git a/tests/test_krmfnbuiltin.sh b/tests/test_krmfnbuiltin.sh
@@ -9,6 +9,15 @@ set -e pipefail
 
 trap "find . -type d -name 'applications' -exec rm -rf {} +" EXIT
 
+export SOPS_AGE_KEY=$(cat - <<EOF
+# created: 2023-01-19T19:41:45Z
+# public key: age166k86d56ejs2ydvaxv2x3vl3wajny6l52dlkncf2k58vztnlecjs0g5jqq
+AGE-SECRET-KEY-15RKTPQCCLWM7EHQ8JEP0TQLUWJAECVP7332M3ZP0RL9R7JT7MZ6SY79V8Q
+EOF
+)
+export SOPS_RECICPIENT="age166k86d56ejs2ydvaxv2x3vl3wajny6l52dlkncf2k58vztnlecjs0g5jqq"
+
+
 for d in $(ls -d */); do
     echo "Running Test in $d..."
     cd $d
diff --git a/tests/test_krmfnbuiltin_kpt.sh b/tests/test_krmfnbuiltin_kpt.sh
@@ -12,6 +12,15 @@ temp_file_2=$(mktemp)
 
 trap "find . -type d -name 'applications' -exec rm -rf {} +; rm -f $temp_file $temp_file_2" EXIT
 
+export SOPS_AGE_KEY=$(cat - <<EOF
+# created: 2023-01-19T19:41:45Z
+# public key: age166k86d56ejs2ydvaxv2x3vl3wajny6l52dlkncf2k58vztnlecjs0g5jqq
+AGE-SECRET-KEY-15RKTPQCCLWM7EHQ8JEP0TQLUWJAECVP7332M3ZP0RL9R7JT7MZ6SY79V8Q
+EOF
+)
+export SOPS_RECICPIENT="age166k86d56ejs2ydvaxv2x3vl3wajny6l52dlkncf2k58vztnlecjs0g5jqq"
+
+
 for d in $(ls -d */); do
     echo "Running Test in $d..."
     cd $d
