don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode (#415)

* don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode * don't template environment variables that no longer exist * fix tests after removing VAULT_DEV_ROOT_TOKEN_ID env variable * removed a typo * allow overriding VAULT_DEV_ROOT_TOKEN_ID in dev mode * correct ambiguous description * don't set default values in templates for visibility, update tests and set uncomment devRootToken in values.yaml * Update devRootToken description
2020-12-07 15:09:38 +00:00 · 2020-12-07 15:09:38 +00:00 · e2b609817f
commit e2b609817f
parent a8c1b4b0c5
3 changed files with 43 additions and 2 deletions
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -131,7 +131,7 @@ Set's additional environment variables based on the mode.
 {{- define "vault.envs" -}}
  {{ if eq .mode "dev" }}
            - name: VAULT_DEV_ROOT_TOKEN_ID
-              value: "root"
+              value: {{ .Values.server.dev.devRootToken }}
  {{ end }}
 {{- end -}}

--- a/test/unit/server-dev-statefulset.bats
+++ b/test/unit/server-dev-statefulset.bats
@ -235,6 +235,44 @@ load _helpers
  [ "${actual}" = "null" ]
 }

+#--------------------------------------------------------------------
+# devRootToken
+
+@test "server/dev-StatefulSet: set default devRootToken" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.dev.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.[11].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_DEV_ROOT_TOKEN_ID" ]
+
+  local actual=$(echo $object |
+      yq -r '.[11].value' | tee /dev/stderr)
+  [ "${actual}" = "root" ]
+}
+
+@test "server/dev-StatefulSet: set custom devRootToken" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.dev.enabled=true' \
+      --set 'server.dev.devRootToken=customtoken' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.[11].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_DEV_ROOT_TOKEN_ID" ]
+
+  local actual=$(echo $object |
+      yq -r '.[11].value' | tee /dev/stderr)
+  [ "${actual}" = "customtoken" ]
+}
+
 #--------------------------------------------------------------------
 # extraEnvironmentVars

@ -249,7 +287,7 @@ load _helpers
      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)

  local actual=$(echo $object |
-    yq -r '.[12].name' | tee /dev/stderr)
+      yq -r '.[12].name' | tee /dev/stderr)
  [ "${actual}" = "FOO" ]

  local actual=$(echo $object |
--- a/values.yaml
+++ b/values.yaml
@ -417,6 +417,9 @@ server:
  dev:
    enabled: false

+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+
  # Run Vault in "standalone" mode. This is the default mode that will deploy if
  # no arguments are given to helm. This requires a PVC for data storage to use
  # the "file" backend.  This mode is not highly available and should not be scaled