fix secret injector integration

Signed-off-by: Jan Martens <jan@martens.eu.org>
2024-10-06 22:48:48 +02:00 · 2024-10-06 22:48:48 +02:00 · c5b02f372f
commit c5b02f372f
parent 3dd2dec9e3
3 changed files with 37 additions and 37 deletions
--- a/charts/openbao/values.yaml
+++ b/charts/openbao/values.yaml
@ -71,7 +71,7 @@ injector:
    # -- image repo to use for k8s image
    repository: "hashicorp/vault-k8s"
    # -- image tag to use for k8s image
-    tag: "1.3.1"
+    tag: "1.4.2"
    # -- image pull policy to use for k8s image. if tag is "latest", set to "Always"
    pullPolicy: IfNotPresent
--- a/test/acceptance/injector-test/job.yaml
+++ b/test/acceptance/injector-test/job.yaml
@ -32,11 +32,11 @@ spec:
    spec:
      serviceAccountName: pgdump
      containers:
-      - name: pgdump
+        - name: pgdump
-        image: postgres:11.5
+          image: postgres:11.5
-        command:
+          command:
-          - "/bin/sh"
+            - "/bin/sh"
-          - "-ec"
+            - "-ec"
-        args:
+          args:
-          - "/usr/bin/pg_dump $(cat /openbao/secrets/db-creds) --no-owner > /dev/stdout"
+            - "/usr/bin/pg_dump $(cat /vault/secrets/db-creds) --no-owner > /dev/stdout"
      restartPolicy: Never
--- a/test/acceptance/injector.bats
+++ b/test/acceptance/injector.bats
@ -2,46 +2,46 @@
 load _helpers
-# @test "injector: testing deployment" {
+@test "injector: testing deployment" {
-#   cd `chart_dir`
+  cd `chart_dir`
-#   kubectl delete namespace acceptance --ignore-not-found=true
+  kubectl delete namespace acceptance --ignore-not-found=true
-#   kubectl create namespace acceptance
+  kubectl create namespace acceptance
-#   kubectl config set-context --current --namespace=acceptance
+  kubectl config set-context --current --namespace=acceptance
-#   kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
+  kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
-#   sleep 5
+  sleep 5
-#   wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
+  wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
-#   kubectl create secret generic test \
+  kubectl create secret generic test \
-#     --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
+    --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
-#     --from-file ../../test/acceptance/injector-test/bootstrap.sh
+    --from-file ../../test/acceptance/injector-test/bootstrap.sh
-#   kubectl label secret test app=openbao-agent-demo
+  kubectl label secret test app=openbao-agent-demo
-#   helm install "$(name_prefix)" \
+  helm install "$(name_prefix)" \
-#     --set="server.extraVolumes[0].type=secret" \
+    --set="server.extraVolumes[0].type=secret" \
-#     --set="server.extraVolumes[0].name=test" .
+    --set="server.extraVolumes[0].name=test" .
-#   wait_for_running $(name_prefix)-0
+  wait_for_running $(name_prefix)-0
-#   wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
+  wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
-#   kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
+  kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
-#   sleep 5
+  sleep 5
-#     # Sealed, not initialized
+    # Sealed, not initialized
-#   local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
-#     jq -r '.sealed' )
+    jq -r '.sealed' )
-#   [ "${sealed_status}" == "false" ]
+  [ "${sealed_status}" == "false" ]
-#   local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
-#     jq -r '.initialized')
+    jq -r '.initialized')
-#   [ "${init_status}" == "true" ]
+  [ "${init_status}" == "true" ]
-#   kubectl create -f ../../test/acceptance/injector-test/job.yaml
+  kubectl create -f ../../test/acceptance/injector-test/job.yaml
-#   wait_for_complete_job "pgdump"
+  wait_for_complete_job "pgdump"
-# }
+}
 # Clean up
 teardown() {