diff --git a/kapitan/inputs/helm/__init__.py b/kapitan/inputs/helm/__init__.py index 05649b77f..d233396df 100644 --- a/kapitan/inputs/helm/__init__.py +++ b/kapitan/inputs/helm/__init__.py @@ -79,7 +79,8 @@ def compile_file(self, file_path, compile_path, ext_vars, **kwargs): item_path = os.path.join(compile_path, rel_file_name) os.makedirs(os.path.dirname(item_path), exist_ok=True) with CompiledFile(item_path, self.ref_controller, mode="w", reveal=reveal, target_name=target_name) as fp: - fp.write(f.read()) + yml_obj = yaml.safe_load_all(f) + fp.write_yaml(yml_obj) logger.debug("Wrote file %s to %s", full_file_name, item_path) self.helm_values_file = None # reset this diff --git a/kapitan/inputs/helm/go.mod b/kapitan/inputs/helm/go.mod index 872944d29..3cba62c1e 100644 --- a/kapitan/inputs/helm/go.mod +++ b/kapitan/inputs/helm/go.mod @@ -13,6 +13,7 @@ require ( github.com/huandu/xstrings v1.2.0 // indirect github.com/imdario/mergo v0.3.7 // indirect github.com/pkg/errors v0.8.1 // indirect - k8s.io/apimachinery v0.0.0-20190727130956-f97a4e5b4abc // indirect + golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc // indirect + k8s.io/apimachinery v0.0.0-20190913080033-27d36303b655 // indirect k8s.io/helm v2.14.2+incompatible // indirect ) diff --git a/tests/test_binary.py b/tests/test_binary.py index 08da01567..97a9a1d2a 100644 --- a/tests/test_binary.py +++ b/tests/test_binary.py @@ -29,19 +29,19 @@ from kapitan.cli import main from kapitan.utils import directory_hash -SECRETS_PATH = tempfile.mkdtemp() -BINARY_PATH = 'dist/kapitan' +REFS_PATH = tempfile.mkdtemp() +BINARY_PATH = 'bindist/kapitan-linux-amd64' @unittest.skipIf(not os.path.exists(BINARY_PATH), 'kapitan binary not found') class BinaryTest(unittest.TestCase): def test_cli_secret_validate_targets(self): """ - run $ kapitan secrets --validate-targets + run $ kapitan refs --validate-targets expect 0 (success) exit status code """ - argv = ["kapitan", "secrets", "--validate-targets", - "--secrets-path", "examples/kubernetes/secrets/targets/", + argv = ["kapitan", "refs", "--validate-targets", + "--refs-path", "examples/kubernetes/refs/targets/", "--inventory-path", "examples/kubernetes/inventory/"] with self.assertRaises(SystemExit) as cm: sys.argv = argv @@ -52,8 +52,8 @@ def test_cli_secret_validate_targets(self): def test_cli_secret_write_reveal_gkms(self): """ - run $ kapitan secrets --write gkms:test_secret - and $ kapitan secrets --reveal + run $ kapitan refs --write gkms:test_secret + and $ kapitan refs --reveal using mock KMS key """ test_secret_content = "mock" @@ -61,9 +61,9 @@ def test_cli_secret_write_reveal_gkms(self): with open(test_secret_file, "w") as fp: fp.write(test_secret_content) - argv = [BINARY_PATH, "secrets", "--write", "gkms:test_secret", + argv = [BINARY_PATH, "refs", "--write", "gkms:test_secret", "-f", test_secret_file, - "--secrets-path", SECRETS_PATH, + "--refs-path", REFS_PATH, "--key", "mock"] subprocess.run(argv) @@ -71,9 +71,9 @@ def test_cli_secret_write_reveal_gkms(self): test_tag_file = tempfile.mktemp() with open(test_tag_file, "w") as fp: fp.write(test_tag_content) - argv = [BINARY_PATH, "secrets", "--reveal", + argv = [BINARY_PATH, "refs", "--reveal", "-f", test_tag_file, - "--secrets-path", SECRETS_PATH] + "--refs-path", REFS_PATH] result = subprocess.run(argv, stdout=subprocess.PIPE) self.assertEqual("revealing: {}".format(test_secret_content), @@ -83,8 +83,8 @@ def test_cli_secret_write_reveal_gkms(self): def test_cli_secret_write_reveal_awskms(self): """ - run $ kapitan secrets --write awskms:test_secret - and $ kapitan secrets --reveal + run $ kapitan refs --write awskms:test_secret + and $ kapitan refs --reveal using mock KMS key """ test_secret_content = "mock" @@ -92,9 +92,9 @@ def test_cli_secret_write_reveal_awskms(self): with open(test_secret_file, "w") as fp: fp.write(test_secret_content) - argv = [BINARY_PATH, "secrets", "--write", "awskms:test_secret", + argv = [BINARY_PATH, "refs", "--write", "awskms:test_secret", "-f", test_secret_file, - "--secrets-path", SECRETS_PATH, + "--refs-path", REFS_PATH, "--key", "mock"] subprocess.run(argv) @@ -102,9 +102,9 @@ def test_cli_secret_write_reveal_awskms(self): test_tag_file = tempfile.mktemp() with open(test_tag_file, "w") as fp: fp.write(test_tag_content) - argv = [BINARY_PATH, "secrets", "--reveal", + argv = [BINARY_PATH, "refs", "--reveal", "-f", test_tag_file, - "--secrets-path", SECRETS_PATH] + "--refs-path", REFS_PATH] result = subprocess.run(argv, stdout=subprocess.PIPE) self.assertEqual("revealing: {}".format(test_secret_content), result.stdout.decode('utf-8')) @@ -113,25 +113,25 @@ def test_cli_secret_write_reveal_awskms(self): def test_cli_secret_write_ref(self): """ - run $ kapitan secrets --write ref:test_secret - and $ kapitan secrets --reveal -f sometest_file + run $ kapitan refs --write base64:test_secret + and $ kapitan refs --reveal -f sometest_file """ test_secret_content = "secret_value!" test_secret_file = tempfile.mktemp() with open(test_secret_file, "w") as fp: fp.write(test_secret_content) - argv = [BINARY_PATH, "secrets", "--write", "ref:test_secret", + argv = [BINARY_PATH, "refs", "--write", "base64:test_secret", "-f", test_secret_file, - "--secrets-path", SECRETS_PATH] + "--refs-path", REFS_PATH] subprocess.run(argv) - test_tag_content = "revealing: ?{ref:test_secret}" + test_tag_content = "revealing: ?{base64:test_secret}" test_tag_file = tempfile.mktemp() with open(test_tag_file, "w") as fp: fp.write(test_tag_content) - argv = [BINARY_PATH, "secrets", "--reveal", + argv = [BINARY_PATH, "refs", "--reveal", "-f", test_tag_file, - "--secrets-path", SECRETS_PATH] + "--refs-path", REFS_PATH] result = subprocess.run(argv, stdout=subprocess.PIPE) self.assertEqual("revealing: {}".format(test_secret_content), result.stdout.decode('utf-8')) @@ -140,8 +140,8 @@ def test_cli_secret_write_ref(self): def test_cli_secret_write_base64_ref(self): """ - run $ kapitan secrets --write ref:test_secret --base64 - and $ kapitan secrets --reveal -f sometest_file + run $ kapitan refs --write base64:test_secret --base64 + and $ kapitan refs --reveal -f sometest_file """ test_secret_content = "secret_value!" test_secret_content_b64 = base64.b64encode(test_secret_content.encode()) @@ -149,18 +149,18 @@ def test_cli_secret_write_base64_ref(self): with open(test_secret_file, "w") as fp: fp.write(test_secret_content) - argv = [BINARY_PATH, "secrets", "--write", "ref:test_secret", + argv = [BINARY_PATH, "refs", "--write", "base64:test_secret", "--base64", "-f", test_secret_file, - "--secrets-path", SECRETS_PATH] + "--refs-path", REFS_PATH] subprocess.run(argv) - test_tag_content = "revealing: ?{ref:test_secret}" + test_tag_content = "revealing: ?{base64:test_secret}" test_tag_file = tempfile.mktemp() with open(test_tag_file, "w") as fp: fp.write(test_tag_content) - argv = [BINARY_PATH, "secrets", "--reveal", + argv = [BINARY_PATH, "refs", "--reveal", "-f", test_tag_file, - "--secrets-path", SECRETS_PATH] + "--refs-path", REFS_PATH] result = subprocess.run(argv, stdout=subprocess.PIPE) self.assertEqual("revealing: {}".format(test_secret_content_b64.decode()), @@ -170,8 +170,8 @@ def test_cli_secret_write_base64_ref(self): def test_cli_secret_subvar_ref(self): """ - run $ kapitan secrets --write ref:test_secret - and $ kapitan secrets --reveal -f sometest_file + run $ kapitan refs --write base64:test_secret + and $ kapitan refs --reveal -f sometest_file """ test_secret_content = """ var1: @@ -183,20 +183,20 @@ def test_cli_secret_subvar_ref(self): with open(test_secret_file, "w") as fp: fp.write(test_secret_content) - argv = [BINARY_PATH, "secrets", "--write", "ref:test_secret_subvar", + argv = [BINARY_PATH, "refs", "--write", "base64:test_secret_subvar", "-f", test_secret_file, - "--secrets-path", SECRETS_PATH] + "--refs-path", REFS_PATH] subprocess.run(argv) test_tag_content = """ - revealing1: ?{ref:test_secret_subvar@var1.var2} - revealing2: ?{ref:test_secret_subvar@var3.var4} + revealing1: ?{base64:test_secret_subvar@var1.var2} + revealing2: ?{base64:test_secret_subvar@var3.var4} """ test_tag_file = tempfile.mktemp() with open(test_tag_file, "w") as fp: fp.write(test_tag_content) - argv = [BINARY_PATH, "secrets", "--reveal", + argv = [BINARY_PATH, "refs", "--reveal", "-f", test_tag_file, - "--secrets-path", SECRETS_PATH] + "--refs-path", REFS_PATH] result = subprocess.run(argv, stdout=subprocess.PIPE) expected = """ @@ -242,7 +242,7 @@ def test_cli_inventory(self): stdout.getvalue()) def tearDown(self): - shutil.rmtree(SECRETS_PATH, ignore_errors=True) + shutil.rmtree(REFS_PATH, ignore_errors=True) @unittest.skipIf(not os.path.exists(BINARY_PATH), 'kapitan binary not found')