Merge pull request #23 from ipsavitsky/fix-agent-uri

Add the `.injector.agentImage.registry` to the image path

charts/openbao/Chart.yaml

@@ -3,8 +3,8 @@
 
 apiVersion: v2
 name: openbao
-version: 0.5.1
-appVersion: v2.0.1
+version: 0.6.0
+appVersion: v2.0.2
 kubeVersion: ">= 1.27.0-0"
 description: Official OpenBao Chart
 home: https://github.com/openbao/openbao-helm

charts/openbao/README.md

@@ -1,6 +1,6 @@
 # openbao
 
-![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: v2.0.1](https://img.shields.io/badge/AppVersion-v2.0.1-informational?style=flat-square)
+![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v2.0.2](https://img.shields.io/badge/AppVersion-v2.0.2-informational?style=flat-square)
 
 Official OpenBao Chart
 
@@ -29,7 +29,7 @@ Kubernetes: `>= 1.27.0-0`
 | csi.agent.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for agent image. if tag is "latest", set to "Always" |
 | csi.agent.image.registry | string | `"quay.io"` | image registry to use for agent image |
 | csi.agent.image.repository | string | `"openbao/openbao"` | image repo to use for agent image |
-| csi.agent.image.tag | string | `"2.0.0-alpha20240329"` | image tag to use for agent image |
+| csi.agent.image.tag | string | `"2.0.2"` | image tag to use for agent image |
 | csi.agent.logFormat | string | `"standard"` |  |
 | csi.agent.logLevel | string | `"info"` |  |
 | csi.agent.resources | object | `{}` |  |
@@ -48,7 +48,7 @@ Kubernetes: `>= 1.27.0-0`
 | csi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for csi image. if tag is "latest", set to "Always" |
 | csi.image.registry | string | `"docker.io"` | image registry to use for csi image |
 | csi.image.repository | string | `"hashicorp/vault-csi-provider"` | image repo to use for csi image |
-| csi.image.tag | string | `"1.4.1"` | image tag to use for csi image |
+| csi.image.tag | string | `"1.4.0"` | image tag to use for csi image |
 | csi.livenessProbe.failureThreshold | int | `2` |  |
 | csi.livenessProbe.initialDelaySeconds | int | `5` |  |
 | csi.livenessProbe.periodSeconds | int | `5` |  |
@@ -87,11 +87,11 @@ Kubernetes: `>= 1.27.0-0`
 | injector.agentDefaults.template | string | `"map"` |  |
 | injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` |  |
 | injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` |  |
-| injector.agentImage | object | `{"pullPolicy":"IfNotPresent","registry":"quay.io","repository":"openbao/openbao","tag":"2.0.0-alpha20240329"}` | agentImage sets the repo and tag of the OpenBao image to use for the OpenBao Agent containers.  This should be set to the official OpenBao image.  OpenBao 1.3.1+ is required. |
+| injector.agentImage | object | `{"pullPolicy":"IfNotPresent","registry":"quay.io","repository":"openbao/openbao","tag":"2.0.2"}` | agentImage sets the repo and tag of the OpenBao image to use for the OpenBao Agent containers.  This should be set to the official OpenBao image.  OpenBao 1.3.1+ is required. |
 | injector.agentImage.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for agent image. if tag is "latest", set to "Always" |
 | injector.agentImage.registry | string | `"quay.io"` | image registry to use for agent image |
 | injector.agentImage.repository | string | `"openbao/openbao"` | image repo to use for agent image |
-| injector.agentImage.tag | string | `"2.0.0-alpha20240329"` | image tag to use for agent image |
+| injector.agentImage.tag | string | `"2.0.2"` | image tag to use for agent image |
 | injector.annotations | object | `{}` |  |
 | injector.authPath | string | `"auth/kubernetes"` |  |
 | injector.certs.caBundle | string | `""` |  |
@@ -107,7 +107,7 @@ Kubernetes: `>= 1.27.0-0`
 | injector.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for k8s image. if tag is "latest", set to "Always" |
 | injector.image.registry | string | `"docker.io"` | image registry to use for k8s image |
 | injector.image.repository | string | `"hashicorp/vault-k8s"` | image repo to use for k8s image |
-| injector.image.tag | string | `"1.3.1"` | image tag to use for k8s image |
+| injector.image.tag | string | `"1.4.2"` | image tag to use for k8s image |
 | injector.leaderElector | object | `{"enabled":true}` | If multiple replicas are specified, by default a leader will be determined so that only one injector attempts to create TLS certificates. |
 | injector.livenessProbe.failureThreshold | int | `2` | When a probe fails, Kubernetes will try failureThreshold times before giving up |
 | injector.livenessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before probe initiates |
@@ -194,7 +194,7 @@ Kubernetes: `>= 1.27.0-0`
 | server.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for server image. if tag is "latest", set to "Always" |
 | server.image.registry | string | `"quay.io"` | image registry to use for server image |
 | server.image.repository | string | `"openbao/openbao"` | image repo to use for server image |
-| server.image.tag | string | `"2.0.0-alpha20240329"` | image tag to use for server image |
+| server.image.tag | string | `"2.0.2"` | image tag to use for server image |
 | server.ingress.activeService | bool | `true` |  |
 | server.ingress.annotations | object | `{}` |  |
 | server.ingress.enabled | bool | `false` |  |
@@ -292,5 +292,3 @@ Kubernetes: `>= 1.27.0-0`
 | ui.serviceType | string | `"ClusterIP"` |  |
 | ui.targetPort | int | `8200` |  |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)

charts/openbao/templates/injector-deployment.yaml

@@ -69,7 +69,7 @@ spec:
             - name: AGENT_INJECT_VAULT_AUTH_PATH
               value: {{ .Values.injector.authPath }}
             - name: AGENT_INJECT_VAULT_IMAGE
-              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+              value: "{{ .Values.injector.image.registry | default "quay.io" }}/{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
             {{- if .Values.injector.certs.secretName }}
             - name: AGENT_INJECT_TLS_CERT_FILE
               value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"

charts/openbao/values.openshift.yaml

@@ -14,13 +14,13 @@ injector:
   agentImage:
     registry: "quay.io"
     repository: "openbao/openbao"
-    tag: "v2.0.1-ubi"
+    tag: "v2.0.2-ubi"
 
 server:
   image:
     registry: "quay.io"
     repository: "openbao/openbao"
-    tag: "v2.0.1-ubi"
+    tag: "v2.0.2-ubi"
 
   readinessProbe:
     path: "/v1/sys/health?uninitcode=204"

charts/openbao/values.yaml

@@ -71,7 +71,7 @@ injector:
     # -- image repo to use for k8s image
     repository: "hashicorp/vault-k8s"
     # -- image tag to use for k8s image
-    tag: "1.3.1"
+    tag: "1.4.2"
     # -- image pull policy to use for k8s image. if tag is "latest", set to "Always"
     pullPolicy: IfNotPresent
 
@@ -84,7 +84,7 @@ injector:
     # -- image repo to use for agent image
     repository: "openbao/openbao"
     # -- image tag to use for agent image
-    tag: "2.0.1"
+    tag: "2.0.2"
     # -- image pull policy to use for agent image. if tag is "latest", set to "Always"
     pullPolicy: IfNotPresent
 
@@ -288,7 +288,8 @@ injector:
 
   # extraEnvironmentVars is a list of extra environment variables to set in the
   # injector deployment.
-  extraEnvironmentVars: {}
+  extraEnvironmentVars:
+    {}
     # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
 
   # Affinity Settings for injector pods
@@ -379,7 +380,7 @@ server:
     # -- image repo to use for server image
     repository: "openbao/openbao"
     # -- image tag to use for server image
-    tag: "2.0.1"
+    tag: "2.0.2"
     # -- image pull policy to use for server image. if tag is "latest", set to "Always"
     pullPolicy: IfNotPresent
 
@@ -410,9 +411,11 @@ server:
   # In order to expose the service, use the route section below
   ingress:
     enabled: false
-    labels: {}
+    labels:
+      {}
       # traffic: external
-    annotations: {}
+    annotations:
+      {}
       # |
       # kubernetes.io/ingress.class: nginx
       # kubernetes.io/tls-acme: "true"
@@ -480,7 +483,8 @@ server:
   # -- extraInitContainers is a list of init containers. Specified as a YAML list.
   # This is useful if you need to run a script to provision TLS certificates or
   # write out configuration files in a dynamic way.
-  extraInitContainers: []
+  extraInitContainers:
+    []
     # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
     # # which is defined in the volumes value.
     # - name: oauthapp
@@ -508,7 +512,8 @@ server:
 
   # -- extraPorts is a list of extra ports. Specified as a YAML list.
   # This is useful if you need to add additional ports to the statefulset in dynamic way.
-  extraPorts: []
+  extraPorts:
+    []
     # - containerPort: 8300
     #   name: http-monitoring
 
@@ -570,14 +575,16 @@ server:
 
   # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
   # used to include variables required for auto-unseal.
-  extraEnvironmentVars: {}
+  extraEnvironmentVars:
+    {}
     # GOOGLE_REGION: global
     # GOOGLE_PROJECT: myproject
     # GOOGLE_APPLICATION_CREDENTIALS: /openbao/userconfig/myproject/myproject-creds.json
 
   # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
   # These variables take value from existing Secret objects.
-  extraSecretEnvironmentVars: []
+  extraSecretEnvironmentVars:
+    []
     # - envName: AWS_SECRET_ACCESS_KEY
     #   secretName: openbao
     #   secretKey: AWS_SECRET_ACCESS_KEY
@@ -586,7 +593,8 @@ server:
   # extraVolumes is a list of extra volumes to mount. These will be exposed
   # to OpenBao in the path `/openbao/userconfig/<name>/`. The value below is
   # an array of objects, examples are shown below.
-  extraVolumes: []
+  extraVolumes:
+    []
     # - type: secret (or "configMap")
     #   name: my-secret
     #   path: null # default is `/openbao/userconfig`
@@ -651,12 +659,12 @@ server:
     #     port: 443
     ingress:
       - from:
-        - namespaceSelector: {}
+          - namespaceSelector: {}
         ports:
-        - port: 8200
-          protocol: TCP
-        - port: 8201
-          protocol: TCP
+          - port: 8200
+            protocol: TCP
+          - port: 8201
+            protocol: TCP
 
   # Priority class for server pods
   priorityClassName: ""
@@ -893,7 +901,6 @@ server:
     # persistent volumes for OpenBao to store data according to the configuration under server.dataStorage.
     # The OpenBao cluster will coordinate leader elections and failovers internally.
     raft:
-
       # Enables Raft integrated storage
       enabled: false
       # Set the Node Raft ID to the name of the pod
@@ -968,8 +975,8 @@ server:
     disruptionBudget:
       enabled: true
 
-    # maxUnavailable will default to (n/2)-1 where n is the number of
-    # replicas. If you'd like a custom value, you can specify an override here.
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
       maxUnavailable: null
 
   # Definition of the serviceAccount used to run Vault.
@@ -1093,7 +1100,7 @@ csi:
     # -- image repo to use for csi image
     repository: "hashicorp/vault-csi-provider"
     # -- image tag to use for csi image
-    tag: "1.4.1"
+    tag: "1.4.0"
     # -- image pull policy to use for csi image. if tag is "latest", set to "Always"
     pullPolicy: IfNotPresent
 
@@ -1183,7 +1190,7 @@ csi:
       # -- image repo to use for agent image
       repository: "openbao/openbao"
       # -- image tag to use for agent image
-      tag: "2.0.1"
+      tag: "2.0.2"
       # -- image pull policy to use for agent image. if tag is "latest", set to "Always"
       pullPolicy: IfNotPresent
 

test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml

@@ -5,9 +5,9 @@
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
-  name: openbao-kv
+  name: vault-kv
 spec:
-  provider: openbao
+  provider: vault
   parameters:
     roleName: "kv-role"
     objects: |

test/acceptance/csi.bats

@@ -2,73 +2,73 @@
 
 load _helpers
 
-# @test "csi: testing deployment" {
-#   cd `chart_dir`
+@test "csi: testing deployment" {
+  cd `chart_dir`
 
-#   kubectl delete namespace acceptance --ignore-not-found=true
-#   kubectl create namespace acceptance
+  kubectl delete namespace acceptance --ignore-not-found=true
+  kubectl create namespace acceptance
 
-#   # Install Secrets Store CSI driver
-#   # Configure it to pass in a JWT for the provider to use, and rotate secrets rapidly
-#   # so we can see Agent's cache working.
-#   CSI_DRIVER_VERSION=1.3.2
-#   helm install secrets-store-csi-driver secrets-store-csi-driver \
-#     --repo https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts \
-#     --version=$CSI_DRIVER_VERSION \
-#     --wait --timeout=5m \
-#     --namespace=acceptance \
-#     --set linux.image.pullPolicy="IfNotPresent" \
-#     --set tokenRequests[0].audience="openbao" \
-#     --set enableSecretRotation=true \
-#     --set rotationPollInterval=5s
-#   # Install OpenBao and OpenBao provider
-#   helm install openbao \
-#     --wait --timeout=5m \
-#     --namespace=acceptance \
-#     --set="server.dev.enabled=true" \
-#     --set="csi.enabled=true" \
-#     --set="csi.debug=true" \
-#     --set="csi.agent.logLevel=debug" \
-#     --set="injector.enabled=false" \
-#     .
-#   kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao
-#   kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao-csi-provider
+  # Install Secrets Store CSI driver
+  # Configure it to pass in a JWT for the provider to use, and rotate secrets rapidly
+  # so we can see Agent's cache working.
+  CSI_DRIVER_VERSION=1.3.2
+  helm install secrets-store-csi-driver secrets-store-csi-driver \
+    --repo https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts \
+    --version=$CSI_DRIVER_VERSION \
+    --wait --timeout=5m \
+    --namespace=acceptance \
+    --set linux.image.pullPolicy="IfNotPresent" \
+    --set tokenRequests[0].audience="openbao" \
+    --set enableSecretRotation=true \
+    --set rotationPollInterval=5s
+  # Install OpenBao and OpenBao provider
+  helm install openbao \
+    --wait --timeout=5m \
+    --namespace=acceptance \
+    --set="server.dev.enabled=true" \
+    --set="csi.enabled=true" \
+    --set="csi.debug=true" \
+    --set="csi.agent.logLevel=debug" \
+    --set="injector.enabled=false" \
+    .
+  kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao
+  kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao-csi-provider
 
-#   # Set up k8s auth and a kv secret.
-#   cat ../../test/acceptance/csi-test/openbao-policy.hcl | kubectl --namespace=acceptance exec -i openbao-0 -- bao policy write kv-policy -
-#   kubectl --namespace=acceptance exec openbao-0 -- bao auth enable kubernetes
-#   kubectl --namespace=acceptance exec openbao-0 -- sh -c 'bao write auth/kubernetes/config \
-#     kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443"'
-#   kubectl --namespace=acceptance exec openbao-0 -- bao write auth/kubernetes/role/kv-role \
-#     bound_service_account_names=nginx \
-#     bound_service_account_namespaces=acceptance \
-#     policies=kv-policy \
-#     ttl=20m
-#   kubectl --namespace=acceptance exec openbao-0 -- bao kv put secret/kv1 bar1=hello1
+  # Set up k8s auth and a kv secret.
+  cat ../../test/acceptance/csi-test/openbao-policy.hcl | kubectl --namespace=acceptance exec -i openbao-0 -- bao policy write kv-policy -
+  kubectl --namespace=acceptance exec openbao-0 -- bao auth enable kubernetes
+  kubectl --namespace=acceptance exec openbao-0 -- sh -c 'bao write auth/kubernetes/config \
+    kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443"'
+  kubectl --namespace=acceptance exec openbao-0 -- bao write auth/kubernetes/role/kv-role \
+    bound_service_account_names=nginx \
+    bound_service_account_namespaces=acceptance \
+    policies=kv-policy \
+    ttl=20m
+  kubectl --namespace=acceptance exec openbao-0 -- bao kv put secret/kv1 bar1=hello1
 
-#   kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml
-#   kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/nginx.yaml
-#   kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod nginx
+  kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml
+  kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/nginx.yaml
+  kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod nginx
 
-#   result=$(kubectl --namespace=acceptance exec nginx -- cat /mnt/secrets-store/bar)
-#   [[ "$result" == "hello1" ]]
+  result=$(kubectl --namespace=acceptance exec nginx -- cat /mnt/secrets-store/bar)
+  [[ "$result" == "hello1" ]]
 
-#   for i in $(seq 10); do
-#     sleep 2
-#     if [ "$(kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent | grep "secret renewed: path=/v1/auth/kubernetes/login")" ]; then
-#         echo "Agent returned a cached login response"
-#         return
-#     fi
+  for i in $(seq 10); do
+    sleep 2
+    if [ "$(kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent | grep "secret renewed: path=/v1/auth/kubernetes/login")" ]; then
+        echo "Agent returned a cached login response"
+        return
+    fi
 
-#     echo "Waiting to confirm the Agent is renewing CSI's auth token..."
-#   done
+    echo "Waiting to confirm the Agent is renewing CSI's auth token..."
+  done
 
-#   # Print the logs and fail the test
-#   echo "Failed to find a log for the Agent renewing CSI's auth token"
-#   kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent
-#   kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-csi-provider
-#   exit 1
-# }
+  # Print the logs and fail the test
+  echo "Failed to find a log for the Agent renewing CSI's auth token"
+  kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent
+  kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-csi-provider
+  exit 1
+}
 
 # Clean up
 teardown() {

test/acceptance/injector-test/job.yaml

@@ -32,11 +32,11 @@ spec:
     spec:
       serviceAccountName: pgdump
       containers:
-      - name: pgdump
-        image: postgres:11.5
-        command:
-          - "/bin/sh"
-          - "-ec"
-        args:
-          - "/usr/bin/pg_dump $(cat /openbao/secrets/db-creds) --no-owner > /dev/stdout"
+        - name: pgdump
+          image: postgres:11.5
+          command:
+            - "/bin/sh"
+            - "-ec"
+          args:
+            - "/usr/bin/pg_dump $(cat /vault/secrets/db-creds) --no-owner > /dev/stdout"
       restartPolicy: Never

test/acceptance/injector.bats

@@ -2,46 +2,46 @@
 
 load _helpers
 
-# @test "injector: testing deployment" {
-#   cd `chart_dir`
+@test "injector: testing deployment" {
+  cd `chart_dir`
 
-#   kubectl delete namespace acceptance --ignore-not-found=true
-#   kubectl create namespace acceptance
-#   kubectl config set-context --current --namespace=acceptance
+  kubectl delete namespace acceptance --ignore-not-found=true
+  kubectl create namespace acceptance
+  kubectl config set-context --current --namespace=acceptance
 
-#   kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
-#   sleep 5
-#   wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
+  kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
+  sleep 5
+  wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
 
-#   kubectl create secret generic test \
-#     --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
-#     --from-file ../../test/acceptance/injector-test/bootstrap.sh
+  kubectl create secret generic test \
+    --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
+    --from-file ../../test/acceptance/injector-test/bootstrap.sh
 
-#   kubectl label secret test app=openbao-agent-demo
+  kubectl label secret test app=openbao-agent-demo
 
-#   helm install "$(name_prefix)" \
-#     --set="server.extraVolumes[0].type=secret" \
-#     --set="server.extraVolumes[0].name=test" .
-#   wait_for_running $(name_prefix)-0
+  helm install "$(name_prefix)" \
+    --set="server.extraVolumes[0].type=secret" \
+    --set="server.extraVolumes[0].name=test" .
+  wait_for_running $(name_prefix)-0
 
-#   wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
+  wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
 
-#   kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
-#   sleep 5
+  kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
+  sleep 5
 
-#     # Sealed, not initialized
-#   local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
-#     jq -r '.sealed' )
-#   [ "${sealed_status}" == "false" ]
+    # Sealed, not initialized
+  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+    jq -r '.sealed' )
+  [ "${sealed_status}" == "false" ]
 
-#   local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
-#     jq -r '.initialized')
-#   [ "${init_status}" == "true" ]
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+    jq -r '.initialized')
+  [ "${init_status}" == "true" ]
 
 
-#   kubectl create -f ../../test/acceptance/injector-test/job.yaml
-#   wait_for_complete_job "pgdump"
-# }
+  kubectl create -f ../../test/acceptance/injector-test/job.yaml
+  wait_for_complete_job "pgdump"
+}
 
 # Clean up
 teardown() {

test/unit/csi-daemonset.bats

@@ -107,7 +107,7 @@ load _helpers
   [ "${actual}" = "PullPolicy1" ]
   local actual=$(echo $object |
       yq -r '.[1].image' | tee /dev/stderr)
-  [ "${actual}" = "Image2:0.0.2" ]
+  [ "${actual}" = "quay.io/Image2:0.0.2" ]
   local actual=$(echo $object |
       yq -r '.[1].imagePullPolicy' | tee /dev/stderr)
   [ "${actual}" = "PullPolicy2" ]
@@ -796,7 +796,7 @@ load _helpers
       yq -r '.spec.template.spec.containers[1].env' | tee /dev/stderr)
 
   local value=$(echo $object |
-      yq -r 'map(select(.name=="VAULT_LOG_LEVEL")) | .[] .value' | tee /dev/stderr)
+      yq -r 'map(select(.name=="BAO_LOG_LEVEL")) | .[] .value' | tee /dev/stderr)
   [ "${value}" = "error" ]
 }
 
@@ -810,7 +810,7 @@ load _helpers
       yq -r '.spec.template.spec.containers[1].env' | tee /dev/stderr)
 
   local value=$(echo $object |
-      yq -r 'map(select(.name=="VAULT_LOG_FORMAT")) | .[] .value' | tee /dev/stderr)
+      yq -r 'map(select(.name=="BAO_LOG_FORMAT")) | .[] .value' | tee /dev/stderr)
   [ "${value}" = "json" ]
 }