From e2b609817f3333f82bf589a5d1f6b1a0a5137dba Mon Sep 17 00:00:00 2001
From: Piotr Hryszko <piotr.hryszko@gmail.com>
Date: Mon, 7 Dec 2020 15:09:38 +0000
Subject: [PATCH] don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode
 (#415)

* don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode

* don't template environment variables that no longer exist

* fix tests after removing VAULT_DEV_ROOT_TOKEN_ID env variable

* removed a typo

* allow overriding VAULT_DEV_ROOT_TOKEN_ID in dev mode

* correct ambiguous description

* don't set default values in templates for visibility, update tests and set uncomment devRootToken in values.yaml

* Update devRootToken description
---
 templates/_helpers.tpl                |  2 +-
 test/unit/server-dev-statefulset.bats | 40 ++++++++++++++++++++++++++-
 values.yaml                           |  3 ++
 3 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 0bd2891..16f2aba 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -131,7 +131,7 @@ Set's additional environment variables based on the mode.
 {{- define "vault.envs" -}}
   {{ if eq .mode "dev" }}
             - name: VAULT_DEV_ROOT_TOKEN_ID
-              value: "root"
+              value: {{ .Values.server.dev.devRootToken }}
   {{ end }}
 {{- end -}}
 
diff --git a/test/unit/server-dev-statefulset.bats b/test/unit/server-dev-statefulset.bats
index 7a62644..eb45940 100755
--- a/test/unit/server-dev-statefulset.bats
+++ b/test/unit/server-dev-statefulset.bats
@@ -235,6 +235,44 @@ load _helpers
   [ "${actual}" = "null" ]
 }
 
+#--------------------------------------------------------------------
+# devRootToken
+
+@test "server/dev-StatefulSet: set default devRootToken" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.dev.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.[11].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_DEV_ROOT_TOKEN_ID" ]
+
+  local actual=$(echo $object |
+      yq -r '.[11].value' | tee /dev/stderr)
+  [ "${actual}" = "root" ]
+}
+
+@test "server/dev-StatefulSet: set custom devRootToken" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.dev.enabled=true' \
+      --set 'server.dev.devRootToken=customtoken' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.[11].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_DEV_ROOT_TOKEN_ID" ]
+
+  local actual=$(echo $object |
+      yq -r '.[11].value' | tee /dev/stderr)
+  [ "${actual}" = "customtoken" ]
+}
+
 #--------------------------------------------------------------------
 # extraEnvironmentVars
 
@@ -249,7 +287,7 @@ load _helpers
       yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
 
   local actual=$(echo $object |
-    yq -r '.[12].name' | tee /dev/stderr)
+      yq -r '.[12].name' | tee /dev/stderr)
   [ "${actual}" = "FOO" ]
 
   local actual=$(echo $object |
diff --git a/values.yaml b/values.yaml
index a0b77a5..002c038 100644
--- a/values.yaml
+++ b/values.yaml
@@ -417,6 +417,9 @@ server:
   dev:
     enabled: false
 
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+
   # Run Vault in "standalone" mode. This is the default mode that will deploy if
   # no arguments are given to helm. This requires a PVC for data storage to use
   # the "file" backend.  This mode is not highly available and should not be scaled