From c5b02f372f399d67fcda2eca58da9c52a62734bc Mon Sep 17 00:00:00 2001
From: Jan Martens <jan@martens.eu.org>
Date: Sun, 6 Oct 2024 22:48:48 +0200
Subject: [PATCH] fix secret injector integration

Signed-off-by: Jan Martens <jan@martens.eu.org>
---
 charts/openbao/values.yaml             |  2 +-
 test/acceptance/injector-test/job.yaml | 14 +++----
 test/acceptance/injector.bats          | 58 +++++++++++++-------------
 3 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/charts/openbao/values.yaml b/charts/openbao/values.yaml
index 3e24110..cde4c49 100644
--- a/charts/openbao/values.yaml
+++ b/charts/openbao/values.yaml
@@ -71,7 +71,7 @@ injector:
     # -- image repo to use for k8s image
     repository: "hashicorp/vault-k8s"
     # -- image tag to use for k8s image
-    tag: "1.3.1"
+    tag: "1.4.2"
     # -- image pull policy to use for k8s image. if tag is "latest", set to "Always"
     pullPolicy: IfNotPresent
 
diff --git a/test/acceptance/injector-test/job.yaml b/test/acceptance/injector-test/job.yaml
index b40b57b..30e6ee2 100644
--- a/test/acceptance/injector-test/job.yaml
+++ b/test/acceptance/injector-test/job.yaml
@@ -32,11 +32,11 @@ spec:
     spec:
       serviceAccountName: pgdump
       containers:
-      - name: pgdump
-        image: postgres:11.5
-        command:
-          - "/bin/sh"
-          - "-ec"
-        args:
-          - "/usr/bin/pg_dump $(cat /openbao/secrets/db-creds) --no-owner > /dev/stdout"
+        - name: pgdump
+          image: postgres:11.5
+          command:
+            - "/bin/sh"
+            - "-ec"
+          args:
+            - "/usr/bin/pg_dump $(cat /vault/secrets/db-creds) --no-owner > /dev/stdout"
       restartPolicy: Never
diff --git a/test/acceptance/injector.bats b/test/acceptance/injector.bats
index e093157..2156597 100644
--- a/test/acceptance/injector.bats
+++ b/test/acceptance/injector.bats
@@ -2,46 +2,46 @@
 
 load _helpers
 
-# @test "injector: testing deployment" {
-#   cd `chart_dir`
+@test "injector: testing deployment" {
+  cd `chart_dir`
 
-#   kubectl delete namespace acceptance --ignore-not-found=true
-#   kubectl create namespace acceptance
-#   kubectl config set-context --current --namespace=acceptance
+  kubectl delete namespace acceptance --ignore-not-found=true
+  kubectl create namespace acceptance
+  kubectl config set-context --current --namespace=acceptance
 
-#   kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
-#   sleep 5
-#   wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
+  kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
+  sleep 5
+  wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
 
-#   kubectl create secret generic test \
-#     --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
-#     --from-file ../../test/acceptance/injector-test/bootstrap.sh
+  kubectl create secret generic test \
+    --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
+    --from-file ../../test/acceptance/injector-test/bootstrap.sh
 
-#   kubectl label secret test app=openbao-agent-demo
+  kubectl label secret test app=openbao-agent-demo
 
-#   helm install "$(name_prefix)" \
-#     --set="server.extraVolumes[0].type=secret" \
-#     --set="server.extraVolumes[0].name=test" .
-#   wait_for_running $(name_prefix)-0
+  helm install "$(name_prefix)" \
+    --set="server.extraVolumes[0].type=secret" \
+    --set="server.extraVolumes[0].name=test" .
+  wait_for_running $(name_prefix)-0
 
-#   wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
+  wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
 
-#   kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
-#   sleep 5
+  kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
+  sleep 5
 
-#     # Sealed, not initialized
-#   local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
-#     jq -r '.sealed' )
-#   [ "${sealed_status}" == "false" ]
+    # Sealed, not initialized
+  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+    jq -r '.sealed' )
+  [ "${sealed_status}" == "false" ]
 
-#   local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
-#     jq -r '.initialized')
-#   [ "${init_status}" == "true" ]
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+    jq -r '.initialized')
+  [ "${init_status}" == "true" ]
 
 
-#   kubectl create -f ../../test/acceptance/injector-test/job.yaml
-#   wait_for_complete_job "pgdump"
-# }
+  kubectl create -f ../../test/acceptance/injector-test/job.yaml
+  wait_for_complete_job "pgdump"
+}
 
 # Clean up
 teardown() {