Initialize kubernetes config on upgrade

This change revealed more about how the system needs to work, so there
are some supporting changes:

* helm.upgrade and helm.help are now vars rather than raw functions.
    This allows unit tests to target the "which step should we run"
    logic directly by comparing function pointers, rather than having to
    configure/prepare a fully-valid Plan and then infer the logic’s
    correctness based on the Plan’s state.
* configuration that's specific to kubeconfig initialization is now part
    of the InitKube struct rather than run.Config, since other steps
    shouldn’t need access to those settings (particularly the secrets).
* Step.Execute now receives a run.Config so it can log debug output.

internal/run/config.go

@@ -6,17 +6,12 @@ import (
 
 // Config contains configuration applicable to all helm commands
 type Config struct {
-	Debug          bool
-	KubeConfig     string
-	Values         string
-	StringValues   string
-	ValuesFiles    []string
-	Namespace      string
-	Token          string
-	SkipTLSVerify  bool
-	Certificate    string
-	APIServer      string
-	ServiceAccount string
-	Stdout         io.Writer
-	Stderr         io.Writer
+	Debug        bool
+	KubeConfig   string
+	Values       string
+	StringValues string
+	ValuesFiles  []string
+	Namespace    string
+	Stdout       io.Writer
+	Stderr       io.Writer
 }

internal/run/help.go

@@ -10,7 +10,7 @@ type Help struct {
 }
 
 // Execute executes the `helm help` command.
-func (h *Help) Execute() error {
+func (h *Help) Execute(_ Config) error {
 	return h.cmd.Run()
 }
 

internal/run/help_test.go

@@ -50,7 +50,7 @@ func (suite *HelpTestSuite) TestPrepare() {
 	h := Help{}
 	err := h.Prepare(cfg)
 	suite.Require().Nil(err)
-	h.Execute()
+	h.Execute(cfg)
 }
 
 func (suite *HelpTestSuite) TestPrepareDebugFlag() {

internal/run/initkube.go

@@ -0,0 +1,93 @@
+package run
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"text/template"
+)
+
+// InitKube is a step in a helm Plan that initializes the kubernetes config file.
+type InitKube struct {
+	SkipTLSVerify  bool
+	Certificate    string
+	APIServer      string
+	ServiceAccount string
+	Token          string
+	TemplateFile   string
+
+	template   *template.Template
+	configFile io.WriteCloser
+	values     kubeValues
+}
+
+type kubeValues struct {
+	SkipTLSVerify  bool
+	Certificate    string
+	APIServer      string
+	Namespace      string
+	ServiceAccount string
+	Token          string
+}
+
+// Execute generates a kubernetes config file from drone-helm3's template.
+func (i *InitKube) Execute(cfg Config) error {
+	if cfg.Debug {
+		fmt.Fprintf(cfg.Stderr, "writing kubeconfig file to %s\n", cfg.KubeConfig)
+	}
+	defer i.configFile.Close()
+	return i.template.Execute(i.configFile, i.values)
+}
+
+// Prepare ensures all required configuration is present and that the config file is writable.
+func (i *InitKube) Prepare(cfg Config) error {
+	var err error
+
+	if i.APIServer == "" {
+		return errors.New("an API Server is needed to deploy")
+	}
+	if i.Token == "" {
+		return errors.New("token is needed to deploy")
+	}
+	if i.Certificate == "" && !i.SkipTLSVerify {
+		return errors.New("certificate is needed to deploy")
+	}
+
+	if i.ServiceAccount == "" {
+		i.ServiceAccount = "helm"
+	}
+
+	if cfg.Debug {
+		fmt.Fprintf(cfg.Stderr, "loading kubeconfig template from %s\n", i.TemplateFile)
+	}
+	i.template, err = template.ParseFiles(i.TemplateFile)
+	if err != nil {
+		return fmt.Errorf("could not load kubeconfig template: %w", err)
+	}
+
+	i.values = kubeValues{
+		SkipTLSVerify:  i.SkipTLSVerify,
+		Certificate:    i.Certificate,
+		APIServer:      i.APIServer,
+		ServiceAccount: i.ServiceAccount,
+		Token:          i.Token,
+		Namespace:      cfg.Namespace,
+	}
+
+	if cfg.Debug {
+		if _, err := os.Stat(cfg.KubeConfig); err != nil {
+			// non-nil err here isn't an actual error state; the kubeconfig just doesn't exist
+			fmt.Fprint(cfg.Stderr, "creating ")
+		} else {
+			fmt.Fprint(cfg.Stderr, "truncating ")
+		}
+		fmt.Fprintf(cfg.Stderr, "kubeconfig file at %s\n", cfg.KubeConfig)
+	}
+
+	i.configFile, err = os.Create(cfg.KubeConfig)
+	if err != nil {
+		return fmt.Errorf("could not open kubeconfig file for writing: %w", err)
+	}
+	return nil
+}

internal/run/initkube_test.go

@@ -0,0 +1,184 @@
+package run
+
+import (
+	"io/ioutil"
+	"os"
+	"text/template"
+	// "github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+	"testing"
+)
+
+type InitKubeTestSuite struct {
+	suite.Suite
+}
+
+func TestInitKubeTestSuite(t *testing.T) {
+	suite.Run(t, new(InitKubeTestSuite))
+}
+
+func (suite *InitKubeTestSuite) TestPrepareExecute() {
+	templateFile, err := tempfile("kubeconfig********.yml.tpl", `
+certificate: {{ .Certificate }}
+namespace: {{ .Namespace }}
+`)
+	defer os.Remove(templateFile.Name())
+	suite.Require().Nil(err)
+
+	configFile, err := tempfile("kubeconfig********.yml", "")
+	defer os.Remove(configFile.Name())
+	suite.Require().Nil(err)
+
+	init := InitKube{
+		APIServer:    "Sysadmin",
+		Certificate:  "CCNA",
+		Token:        "Aspire virtual currency",
+		TemplateFile: templateFile.Name(),
+	}
+	cfg := Config{
+		Namespace:  "Cisco",
+		KubeConfig: configFile.Name(),
+	}
+	err = init.Prepare(cfg)
+	suite.Require().Nil(err)
+
+	suite.IsType(&template.Template{}, init.template)
+	suite.NotNil(init.configFile)
+
+	err = init.Execute(cfg)
+	suite.Require().Nil(err)
+
+	conf, err := ioutil.ReadFile(configFile.Name())
+	suite.Require().Nil(err)
+
+	want := `
+certificate: CCNA
+namespace: Cisco
+`
+	suite.Equal(want, string(conf))
+}
+
+func (suite *InitKubeTestSuite) TestPrepareParseError() {
+	templateFile, err := tempfile("kubeconfig********.yml.tpl", `{{ NonexistentFunction }}`)
+	defer os.Remove(templateFile.Name())
+	suite.Require().Nil(err)
+
+	init := InitKube{
+		APIServer:    "Sysadmin",
+		Certificate:  "CCNA",
+		Token:        "Aspire virtual currency",
+		TemplateFile: templateFile.Name(),
+	}
+	err = init.Prepare(Config{})
+	suite.Error(err)
+	suite.Regexp("could not load kubeconfig .* function .* not defined", err)
+}
+
+func (suite *InitKubeTestSuite) TestPrepareNonexistentTemplateFile() {
+	init := InitKube{
+		APIServer:    "Sysadmin",
+		Certificate:  "CCNA",
+		Token:        "Aspire virtual currency",
+		TemplateFile: "/usr/foreign/exclude/kubeprofig.tpl",
+	}
+	err := init.Prepare(Config{})
+	suite.Error(err)
+	suite.Regexp("could not load kubeconfig .* no such file or directory", err)
+}
+
+func (suite *InitKubeTestSuite) TestPrepareCannotOpenDestinationFile() {
+	templateFile, err := tempfile("kubeconfig********.yml.tpl", "hurgity burgity")
+	defer os.Remove(templateFile.Name())
+	suite.Require().Nil(err)
+	init := InitKube{
+		APIServer:    "Sysadmin",
+		Certificate:  "CCNA",
+		Token:        "Aspire virtual currency",
+		TemplateFile: templateFile.Name(),
+	}
+
+	cfg := Config{
+		KubeConfig: "/usr/foreign/exclude/kubeprofig",
+	}
+	err = init.Prepare(cfg)
+	suite.Error(err)
+	suite.Regexp("could not open .* for writing: .* no such file or directory", err)
+}
+
+func (suite *InitKubeTestSuite) TestPrepareRequiredConfig() {
+	templateFile, err := tempfile("kubeconfig********.yml.tpl", "hurgity burgity")
+	defer os.Remove(templateFile.Name())
+	suite.Require().Nil(err)
+
+	configFile, err := tempfile("kubeconfig********.yml", "")
+	defer os.Remove(configFile.Name())
+	suite.Require().Nil(err)
+
+	// initial config with all required fields present
+	init := InitKube{
+		APIServer:    "Sysadmin",
+		Certificate:  "CCNA",
+		Token:        "Aspire virtual currency",
+		TemplateFile: templateFile.Name(),
+	}
+
+	cfg := Config{
+		KubeConfig: configFile.Name(),
+	}
+
+	suite.NoError(init.Prepare(cfg)) // consistency check; we should be starting in a happy state
+
+	init.APIServer = ""
+	suite.Error(init.Prepare(cfg), "APIServer should be required.")
+
+	init.APIServer = "Sysadmin"
+	init.Token = ""
+	suite.Error(init.Prepare(cfg), "Token should be required.")
+
+	init.Token = "Aspire virtual currency"
+	init.Certificate = ""
+	suite.Error(init.Prepare(cfg), "Certificate should be required.")
+
+	init.SkipTLSVerify = true
+	suite.NoError(init.Prepare(cfg), "Certificate should not be required if SkipTLSVerify is true")
+}
+
+func (suite *InitKubeTestSuite) TestPrepareDefaultsServiceAccount() {
+	templateFile, err := tempfile("kubeconfig********.yml.tpl", "hurgity burgity")
+	defer os.Remove(templateFile.Name())
+	suite.Require().Nil(err)
+
+	configFile, err := tempfile("kubeconfig********.yml", "")
+	defer os.Remove(configFile.Name())
+	suite.Require().Nil(err)
+
+	init := InitKube{
+		APIServer:    "Sysadmin",
+		Certificate:  "CCNA",
+		Token:        "Aspire virtual currency",
+		TemplateFile: templateFile.Name(),
+	}
+
+	cfg := Config{
+		KubeConfig: configFile.Name(),
+	}
+
+	init.Prepare(cfg)
+	suite.Equal("helm", init.ServiceAccount)
+}
+
+func tempfile(name, contents string) (*os.File, error) {
+	file, err := ioutil.TempFile("", name)
+	if err != nil {
+		return nil, err
+	}
+	_, err = file.Write([]byte(contents))
+	if err != nil {
+		return nil, err
+	}
+	err = file.Close()
+	if err != nil {
+		return nil, err
+	}
+	return file, nil
+}

internal/run/upgrade.go

@@ -19,13 +19,19 @@ type Upgrade struct {
 }
 
 // Execute executes the `helm upgrade` command.
-func (u *Upgrade) Execute() error {
+func (u *Upgrade) Execute(_ Config) error {
 	return u.cmd.Run()
 }
 
 // Prepare gets the Upgrade ready to execute.
 func (u *Upgrade) Prepare(cfg Config) error {
-	args := []string{"upgrade", "--install", u.Release, u.Chart}
+	args := []string{"--kubeconfig", cfg.KubeConfig}
+
+	if cfg.Namespace != "" {
+		args = append(args, "--namespace", cfg.Namespace)
+	}
+
+	args = append(args, "upgrade", "--install", u.Release, u.Chart)
 
 	if cfg.Debug {
 		args = append([]string{"--debug"}, args...)

internal/run/upgrade_test.go

@@ -41,7 +41,8 @@ func (suite *UpgradeTestSuite) TestPrepare() {
 
 	command = func(path string, args ...string) cmd {
 		suite.Equal(helmBin, path)
-		suite.Equal([]string{"upgrade", "--install", "jonas_brothers_only_human", "at40"}, args)
+		suite.Equal([]string{"--kubeconfig", "/root/.kube/config", "upgrade", "--install",
+			"jonas_brothers_only_human", "at40"}, args)
 
 		return suite.mockCmd
 	}
@@ -54,9 +55,44 @@ func (suite *UpgradeTestSuite) TestPrepare() {
 		Run().
 		Times(1)
 
-	err := u.Prepare(Config{})
+	cfg := Config{
+		KubeConfig: "/root/.kube/config",
+	}
+	err := u.Prepare(cfg)
 	suite.Require().Nil(err)
-	u.Execute()
+	u.Execute(cfg)
+}
+
+func (suite *UpgradeTestSuite) TestPrepareNamespaceFlag() {
+	defer suite.ctrl.Finish()
+
+	u := Upgrade{
+		Chart:   "at40",
+		Release: "shaed_trampoline",
+	}
+
+	command = func(path string, args ...string) cmd {
+		suite.Equal(helmBin, path)
+		suite.Equal([]string{"--kubeconfig", "/root/.kube/config", "--namespace", "melt", "upgrade",
+			"--install", "shaed_trampoline", "at40"}, args)
+
+		return suite.mockCmd
+	}
+
+	suite.mockCmd.EXPECT().
+		Stdout(gomock.Any())
+	suite.mockCmd.EXPECT().
+		Stderr(gomock.Any())
+	suite.mockCmd.EXPECT().
+		Run()
+
+	cfg := Config{
+		Namespace:  "melt",
+		KubeConfig: "/root/.kube/config",
+	}
+	err := u.Prepare(cfg)
+	suite.Require().Nil(err)
+	u.Execute(cfg)
 }
 
 func (suite *UpgradeTestSuite) TestPrepareDebugFlag() {
@@ -68,9 +104,10 @@ func (suite *UpgradeTestSuite) TestPrepareDebugFlag() {
 	stdout := strings.Builder{}
 	stderr := strings.Builder{}
 	cfg := Config{
-		Debug:  true,
-		Stdout: &stdout,
-		Stderr: &stderr,
+		Debug:      true,
+		KubeConfig: "/root/.kube/config",
+		Stdout:     &stdout,
+		Stderr:     &stderr,
 	}
 
 	command = func(path string, args ...string) cmd {
@@ -88,7 +125,8 @@ func (suite *UpgradeTestSuite) TestPrepareDebugFlag() {
 
 	u.Prepare(cfg)
 
-	want := fmt.Sprintf("Generated command: '%s --debug upgrade --install lewis_capaldi_someone_you_loved at40'\n", helmBin)
+	want := fmt.Sprintf("Generated command: '%s --debug --kubeconfig /root/.kube/config upgrade "+
+		"--install lewis_capaldi_someone_you_loved at40'\n", helmBin)
 	suite.Equal(want, stderr.String())
 	suite.Equal("", stdout.String())
 }