1sept/drone-helm3
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: 1sept:v0.14.0
Branches Tags
1sept:master 1sept:alias-settings-cli 1sept:eks-support
1sept:v0.15.1 1sept:v0.15.0 1sept:v0.14.5 1sept:v0.14.4 1sept:v0.14.3 1sept:v0.14.2 1sept:v0.14.1 1sept:v0.14.0 1sept:v0.13.0 1sept:v0.12.1 1sept:v0.12.0 1sept:v0.11.0 1sept:v0.10.0 1sept:v0.9.2 1sept:v0.9.1 1sept:v0.9.0 1sept:v0.5.0 1sept:v0.4.0 1sept:v0.3.0 1sept:v0.2.0 1sept:v0.1.1 1sept:v0.1.0
..
compare: 1sept:eks-support
Branches Tags
1sept:master 1sept:alias-settings-cli 1sept:eks-support
1sept:v0.15.1 1sept:v0.15.0 1sept:v0.14.5 1sept:v0.14.4 1sept:v0.14.3 1sept:v0.14.2 1sept:v0.14.1 1sept:v0.14.0 1sept:v0.13.0 1sept:v0.12.1 1sept:v0.12.0 1sept:v0.11.0 1sept:v0.10.0 1sept:v0.9.2 1sept:v0.9.1 1sept:v0.9.0 1sept:v0.5.0 1sept:v0.4.0 1sept:v0.3.0 1sept:v0.2.0 1sept:v0.1.1 1sept:v0.1.0

2 Commits
v0.14.0 ... eks-suppor

Author SHA1 Message Date
Erin Call
9c1ed849ab Implement EKS support [#5] 
I *think* this will work, but without access to an EKS cluster I can't
actually test it.
 2019-12-27 10:39:06 -08:00
Erin Call
d8d2e33b20 Put kubeconfig tests in a separate suite [#5] 
As I started writing tests for EKS config, dealing with the repeated
setup/verification code was cumbersome. This should make it much easier
to add new tests.
 2019-12-27 09:53:32 -08:00
37 changed files with 1106 additions and 1914 deletions
Expand all files Collapse all files

11
.github/ISSUE_TEMPLATE/documentation.md vendored
View File

@@ -1,11 +0,0 @@
---
name: Documentation
about: Docs you'd like to see, or questions about existing docs
title: ''
labels: documentation
assignees: ''
---
**What needs explanation:**
<!-- e.g. "what happens when ____", "how do I ___", etc. -->

6
.github/pull_request_template.md vendored
View File

@@ -3,8 +3,6 @@
Pre-merge checklist:
* [ ] Code changes have tests
* [ ] Any config changes are documented:
* If the change touches _required_ config, there's a corresponding update to `README.md`
* There's a corresponding update to `docs/parameter_reference.md`
* There's a pull request to update [the parameter reference in drone-plugin-index](https://github.com/drone/drone-plugin-index/blob/master/content/pelotech/drone-helm3/index.md)
* [ ] Any changes to the config are documented in `docs/parameter_reference.md`
* [ ] Any new _required_ config is documented in `README.md`
* [ ] Any large changes have been verified by running a Drone job

2
.gitignore vendored
View File

@@ -5,8 +5,6 @@
*.so
*.dylib
.idea
# Test binary, built with `go test -c`
*.test

2
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM alpine/helm:3.0.2
FROM alpine/helm
MAINTAINER Erin Call <erin@liffft.com>
COPY build/drone-helm /bin/drone-helm

202
LICENSE
View File

@@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

46
README.md
View File

@@ -1,16 +1,12 @@
# Drone plugin for Helm 3
[![Build Status](https://cloud.drone.io/api/badges/pelotech/drone-helm3/status.svg)](https://cloud.drone.io/pelotech/drone-helm3)
[![Go Report](https://goreportcard.com/badge/github.com/pelotech/drone-helm3)](https://goreportcard.com/report/github.com/pelotech/drone-helm3)
[![](https://images.microbadger.com/badges/image/pelotech/drone-helm3.svg)](https://microbadger.com/images/pelotech/drone-helm3 "Get your own image badge on microbadger.com")
This plugin provides an interface between [Drone](https://drone.io/) and [Helm 3](https://github.com/kubernetes/helm):
* Lint your charts
* Deploy your service
* Delete your service
The plugin is inpsired by [drone-helm](https://github.com/ipedrazas/drone-helm), which fills the same role for Helm 2. It provides a comparable feature-set and the configuration settings are backward-compatible.
The plugin is inpsired by [drone-helm](https://github.com/ipedrazas/drone-helm), which fills the same role for Helm 2. It provides a comparable feature-set and the configuration settings are backwards-compatible.
## Example configuration
@@ -23,7 +19,7 @@ steps:
- name: lint
image: pelotech/drone-helm3
settings:
mode: lint
helm_command: lint
chart: ./
```
@@ -34,12 +30,12 @@ steps:
- name: deploy
image: pelotech/drone-helm3
settings:
mode: upgrade
helm_command: upgrade
chart: ./
release: my-project
environment:
KUBE_API_SERVER: https://my.kubernetes.installation/clusters/a-1234
KUBE_TOKEN:
API_SERVER: https://my.kubernetes.installation/clusters/a-1234
KUBERNETES_TOKEN:
from_secret: kubernetes_token
```
@@ -50,23 +46,20 @@ steps:
- name: uninstall
image: pelotech/drone-helm3
settings:
mode: uninstall
helm_command: uninstall
release: my-project
environment:
KUBE_API_SERVER: https://my.kubernetes.installation/clusters/a-1234
KUBE_TOKEN:
API_SERVER: https://my.kubernetes.installation/clusters/a-1234
KUBERNETES_TOKEN:
from_secret: kubernetes_token
```
## Upgrading from drone-helm
drone-helm3 is largely backward-compatible with drone-helm. There are some known differences:
drone-helm3 is largely backwards-compatible with drone-helm. There are some known differences:
* You'll need to migrate the deployments in the cluster [helm-v2-to-helm-v3](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/).
* EKS is not supported. See [#5](https://github.com/pelotech/drone-helm3/issues/5) for more information.
* The `prefix` setting is no longer supported. If you were relying on the `prefix` setting with `secrets: [...]`, you'll need to switch to the `from_secret` syntax.
* During uninstallations, the release history is purged by default. Use `keep_history: true` to return to the old behavior.
* Several settings no longer have any effect. The plugin will produce warnings if any of these are present:
* `prefix` must be supplied via the `settings` block, not `environment`.
* Several settings no longer have any effect:
* `purge` -- this is the default behavior in Helm 3
* `recreate_pods`
* `tiller_ns`
@@ -74,22 +67,5 @@ drone-helm3 is largely backward-compatible with drone-helm. There are some known
* `canary_image`
* `client_only`
* `stable_repo_url`
* Several settings have been renamed, to clarify their purpose and provide a more consistent naming scheme. For backward-compatibility, the old names are still available as aliases. If the old and new names are both present, the updated form takes priority. Conflicting settings will make your `.drone.yml` harder to understand, so we recommend updating to the new names:
* `helm_command` is now `mode`
° `helm_repos` is now `add_repos`
* `api_server` is now `kube_api_server`
* `service_account` is now `kube_service_account`
* `kubernetes_token` is now `kube_token`
* `kubernetes_certificate` is now `kube_certificate`
* `wait` is now `wait_for_upgrade`
* `force` is now `force_upgrade`
Since helm 3 does not require Tiller, we also recommend switching to a service account with less-expansive permissions.
### [Contributing](docs/contributing.md)
This repo is setup in a way that if you enable a personal drone server to build your fork it will
build and publish your image (makes it easier to test PRs and use the image till the contributions get merged)
* Build local ```DRONE_REPO_OWNER=josmo DRONE_REPO_NAME=drone-ecs drone exec```
* on your server (or cloud.drone.io) just make sure you have DOCKER_USERNAME, DOCKER_PASSWORD, and PLUGIN_REPO set as secrets

12
assets/kubeconfig.tpl
View File

@@ -24,4 +24,16 @@ users:
user:
{{- if .Token }}
token: {{ .Token }}
{{- else if .EKSCluster }}
exec:
apiVersion: client.authentication.k8s.io/v1alpha1
command: aws-iam-authenticator
args:
- "token"
- "-i"
- "{{ .EKSCluster }}"
{{- if .EKSRoleARN }}
- "-r"
- "{{ .EKSRoleARN }}"
{{- end }}
{{- end }}

6
cmd/drone-helm/main.go
View File

@@ -4,13 +4,11 @@ import (
"fmt"
"os"
_ "github.com/joho/godotenv/autoload"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/pelotech/drone-helm3/internal/helm"
)
func main() {
cfg, err := env.NewConfig(os.Stdout, os.Stderr)
cfg, err := helm.NewConfig(os.Stdout, os.Stderr)
if err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err.Error())
@@ -29,7 +27,7 @@ func main() {
// Expect the plan to go off the rails
if err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err.Error())
fmt.Fprintf(os.Stderr, err.Error())
// Throw away the plan
os.Exit(1)
}

150
docs/parameter_reference.md
View File

@@ -1,19 +1,18 @@
# Parameter reference
## Global
| Param name | Type | Alias | Purpose |
|---------------------|-----------------|--------------|---------|
| mode | string | helm_command | Indicates the operation to perform. Recommended, but not required. Valid options are `upgrade`, `uninstall`, `lint`, and `help`. |
| update_dependencies | boolean | | Calls `helm dependency update` before running the main command.|
| add_repos | list\<string\> | helm_repos | Calls `helm repo add $repo` before running the main command. Each string should be formatted as `repo_name=https://repo.url/`. |
| repo_certificate | string | | Base64 encoded TLS certificate for a chart repository. |
| repo_ca_certificate | string | | Base64 encoded TLS certificate for a chart repository certificate authority. |
| namespace | string | | Kubernetes namespace to use for this operation. |
| debug | boolean | | Generate debug output within drone-helm3 and pass `--debug` to all helm commands. Use with care, since the debug output may include secrets. |
| Param name | Type | Purpose |
|---------------------|-----------------|---------|
| helm_command | string | Indicates the operation to perform. Recommended, but not required. Valid options are `upgrade`, `uninstall`, `lint`, and `help`. |
| update_dependencies | boolean | Calls `helm dependency update` before running the main command. **Not currently implemented**; see [#25](https://github.com/pelotech/drone-helm3/issues/25).|
| helm_repos | list\<string\> | Calls `helm repo add $repo` before running the main command. Each string should be formatted as `repo_name=https://repo.url/`. **Not currently implemented**; see [#26](https://github.com/pelotech/drone-helm3/issues/26). |
| namespace | string | Kubernetes namespace to use for this operation. |
| prefix | string | Expect environment variables to be prefixed with the given string. For more details, see "Using the prefix setting" below. **Not currently implemented**; see [#19](https://github.com/pelotech/drone-helm3/issues/19). |
| debug | boolean | Generate debug output within drone-helm3 and pass `--debug` to all helm commands. Use with care, since the debug output may include secrets. |
## Linting
Linting is only triggered when the `mode` setting is "lint".
Linting is only triggered when the `helm_command` setting is "lint".
| Param name | Type | Required | Purpose |
|---------------|----------------|----------|---------|
@@ -21,61 +20,57 @@ Linting is only triggered when the `mode` setting is "lint".
| values | list\<string\> | | Chart values to use as the `--set` argument to `helm lint`. |
| string_values | list\<string\> | | Chart values to use as the `--set-string` argument to `helm lint`. |
| values_files | list\<string\> | | Values to use as `--values` arguments to `helm lint`. |
| lint_strictly | boolean | | Pass `--strict` to `helm lint`, to turn warnings into errors. |
## Installation
Installations are triggered when the `mode` setting is "upgrade." They can also be triggered when the build was triggered by a `push`, `tag`, `deployment`, `pull_request`, `promote`, or `rollback` Drone event.
Installations are triggered when the `helm_command` setting is "upgrade." They can also be triggered when the build was triggered by a `push`, `tag`, `deployment`, `pull_request`, `promote`, or `rollback` Drone event.
| Param name | Type | Required | Alias | Purpose |
|------------------------|----------------|----------|------------------------|---------|
| chart | string | yes | | The chart to use for this installation. |
| release | string | yes | | The release name for helm to use. |
| kube_api_server | string | yes | api_server | API endpoint for the Kubernetes cluster. |
| kube_token | string | yes | kubernetes_token | Token for authenticating to Kubernetes. |
| kube_service_account | string | | service_account | Service account for authenticating to Kubernetes. Default is `helm`. |
| kube_certificate | string | | kubernetes_certificate | Base64 encoded TLS certificate used by the Kubernetes cluster's certificate authority. |
| chart_version | string | | | Specific chart version to install. |
| dry_run | boolean | | | Pass `--dry-run` to `helm upgrade`. |
| wait_for_upgrade | boolean | | wait | Wait until kubernetes resources are in a ready state before marking the installation successful. |
| timeout | duration | | | Timeout for any *individual* Kubernetes operation. The installation's full runtime may exceed this duration. |
| force_upgrade | boolean | | force | Pass `--force` to `helm upgrade`. |
| atomic_upgrade | boolean | | | Pass `--atomic` to `helm upgrade`. |
| cleanup_failed_upgrade | boolean | | | Pass `--cleanup-on-fail` to `helm upgrade`. |
| values | list\<string\> | | | Chart values to use as the `--set` argument to `helm upgrade`. |
| string_values | list\<string\> | | | Chart values to use as the `--set-string` argument to `helm upgrade`. |
| values_files | list\<string\> | | | Values to use as `--values` arguments to `helm upgrade`. |
| reuse_values | boolean | | | Reuse the values from a previous release. |
| skip_tls_verify | boolean | | | Connect to the Kubernetes cluster without checking for a valid TLS certificate. Not recommended in production. |
| Param name | Type | Required | Purpose |
|------------------------|----------------|----------|---------|
| chart | string | yes | The chart to use for this installation. |
| release | string | yes | The release name for helm to use. |
| api_server | string | yes | API endpoint for the Kubernetes cluster. |
| kubernetes_token | string | yes, unless using EKS | Token for authenticating to Kubernetes. |
| eks_cluster | string | | AWS EKS cluster ID. |
| eks_role_arn | string | | AWS IAM role ARN for EKS authentication. |
| service_account | string | | Service account for authenticating to Kubernetes. Default is `helm`. |
| kubernetes_certificate | string | | Base64 encoded TLS certificate used by the Kubernetes cluster's certificate authority. |
| chart_version | string | | Specific chart version to install. |
| dry_run | boolean | | Pass `--dry-run` to `helm upgrade`. |
| wait | boolean | | Wait until kubernetes resources are in a ready state before marking the installation successful. |
| timeout | duration | | Timeout for any *individual* Kubernetes operation. The installation's full runtime may exceed this duration. |
| force | boolean | | Pass `--force` to `helm upgrade`. |
| values | list\<string\> | | Chart values to use as the `--set` argument to `helm upgrade`. |
| string_values | list\<string\> | | Chart values to use as the `--set-string` argument to `helm upgrade`. |
| values_files | list\<string\> | | Values to use as `--values` arguments to `helm upgrade`. |
| reuse_values | boolean | | Reuse the values from a previous release. |
| skip_tls_verify | boolean | | Connect to the Kubernetes cluster without checking for a valid TLS certificate. Not recommended in production. |
## Uninstallation
Uninstallations are triggered when the `mode` setting is "uninstall" or "delete." They can also be triggered when the build was triggered by a `delete` Drone event.
Uninstallations are triggered when the `helm_command` setting is "uninstall" or "delete." They can also be triggered when the build was triggered by a `delete` Drone event.
| Param name | Type | Required | Alias | Purpose |
|------------------------|----------|----------|------------------------|---------|
| release | string | yes | | The release name for helm to use. |
| kube_api_server | string | yes | api_server | API endpoint for the Kubernetes cluster. |
| kube_token | string | yes | kubernetes_token | Token for authenticating to Kubernetes. |
| kube_service_account | string | | service_account | Service account for authenticating to Kubernetes. Default is `helm`. |
| kube_certificate | string | | kubernetes_certificate | Base64 encoded TLS certificate used by the Kubernetes cluster's certificate authority. |
| keep_history | boolean | | | Pass `--keep-history` to `helm uninstall`, to retain the release history. |
| dry_run | boolean | | | Pass `--dry-run` to `helm uninstall`. |
| timeout | duration | | | Timeout for any *individual* Kubernetes operation. The uninstallation's full runtime may exceed this duration. |
| skip_tls_verify | boolean | | | Connect to the Kubernetes cluster without checking for a valid TLS certificate. Not recommended in production. |
| chart | string | | | Required when the global `update_dependencies` parameter is true. No effect otherwise. |
| Param name | Type | Required | Purpose |
|------------------------|----------|----------|---------|
| release | string | yes | The release name for helm to use. |
| api_server | string | yes | API endpoint for the Kubernetes cluster. |
| kubernetes_token | string | yes, unless using EKS | Token for authenticating to Kubernetes. |
| eks_cluster | string | | AWS EKS cluster ID. |
| eks_role_arn | string | | AWS IAM role ARN for EKS authentication. |
| service_account | string | | Service account for authenticating to Kubernetes. Default is `helm`. |
| kubernetes_certificate | string | | Base64 encoded TLS certificate used by the Kubernetes cluster's certificate authority. |
| dry_run | boolean | | Pass `--dry-run` to `helm uninstall`. |
| timeout | duration | | Timeout for any *individual* Kubernetes operation. The uninstallation's full runtime may exceed this duration. |
| skip_tls_verify | boolean | | Connect to the Kubernetes cluster without checking for a valid TLS certificate. Not recommended in production. |
### Where to put settings
Any setting can go in either the `settings` or `environment` section. If a setting exists in _both_ sections, the version in `environment` will override the version in `settings`.
We recommend putting all drone-helm3 configuration in the `settings` block and limiting the `environment` block to variables that are used when building your charts.
Any setting (with the exception of `prefix`; [see below](#user-content-using-the-prefix-setting)), can go in either the `settings` or `environment` section.
### Formatting non-string values
* Booleans can be yaml's `true` and `false` literals or the strings `"true"` and `"false"`.
* Durations are strings formatted with the syntax accepted by [golang's ParseDuration function](https://golang.org/pkg/time/#ParseDuration) (e.g. 5m30s)
* For backward-compatibility with drone-helm, a duration can also be an integer, in which case it will be interpreted to mean seconds.
* List\<string\>s can be a yaml sequence or a comma-separated string.
All of the following are equivalent:
@@ -95,37 +90,44 @@ values_files: [ "./over_9,000.yml" ]
values_files: [ "./over_9", "000.yml" ]
```
### Interpolating secrets into the `values` and `string_values` settings
### Using the `prefix` setting
If you want to send secrets to your charts, you can use syntax similar to shell variable interpolation--either `$VARNAME` or `$${VARNAME}`. The double dollar-sign is necessary when using curly brackets; using curly brackets with a single dollar-sign will trigger Drone's string substitution (which can't use arbitrary environment variables). If an environment variable is not set, it will be treated as if it were set to the empty string.
Because the prefix setting is meta-configuration, it has some inherent edge-cases. Here is what it does in the cases we've thought of:
Unlike the other settings, it must be declared in the `settings` block, not `environment`:
```yaml
environment:
DB_PASSWORD:
from_secret: db_password
SESSION_KEY:
from_secret: session_key
settings:
values:
- db_password=$DB_PASSWORD # db_password will be set to the contents of the db_password secret
- db_pass=$DB_PASS # db_pass will be set to "" since $DB_PASS is not set
- session_key=$${SESSION_KEY} # session_key will be set to the contents of the session_key secret
- sess_key=${SESSION_KEY} # sess_key will be set to "" by Drone's variable substitution
prefix: helm # drone-helm3 will look for environment variables called HELM_VARNAME
environment:
prefix: armet # no effect
```
Variables intended for interpolation must be set in the `environment` section, not `settings`.
It does not apply to configuration in the `settings` block, only in `environment`:
### Backward-compatibility aliases
```yaml
settings:
prefix: helm
helm_timeout: 5m # no effect
environment:
helm_timeout: 2m # timeout will be 2 minutes
```
Some settings have alternate names, for backward-compatibility with drone-helm. We recommend using the canonical name unless you require the backward-compatible form.
If the environment contains a variable in non-prefixed form, it will still be applied:
| Canonical name | Alias |
|----------------------|-------|
| mode | helm_command |
| add_repos | helm_repos |
| kube_api_server | api_server |
| kube_service_account | service_account |
| kube_token | kubernetes_token |
| kube_certificate | kubernetes_certificate |
| wait_for_upgrade | wait |
| force_upgrade | force |
```yaml
settings:
prefix: helm
environment:
timeout: 2m # timeout will be 2 minutes
```
If the environment contains both the prefixed and non-prefixed forms, drone-helm3 will use the prefixed form:
```yaml
settings:
prefix: helm
environment:
timeout: 5m # overridden
helm_timeout: 2m # timeout will be 2 minutes
```

1
go.mod
View File

@@ -4,7 +4,6 @@ go 1.13
require (
github.com/golang/mock v1.3.1
github.com/joho/godotenv v1.3.0
github.com/kelseyhightower/envconfig v1.4.0
github.com/stretchr/testify v1.4.0
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f // indirect

2
go.sum
View File

@@ -2,8 +2,6 @@ github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/golang/mock v1.3.1 h1:qGJ6qTW+x6xX/my+8YUVl4WNpX9B7+/l2tRsHGZ7f2s=
github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

150
internal/env/config.go vendored
View File

@@ -1,150 +0,0 @@
package env
import (
"fmt"
"github.com/kelseyhightower/envconfig"
"io"
"os"
"regexp"
"strings"
)
var (
justNumbers = regexp.MustCompile(`^\d+$`)
deprecatedVars = []string{"PURGE", "RECREATE_PODS", "TILLER_NS", "UPGRADE", "CANARY_IMAGE", "CLIENT_ONLY", "STABLE_REPO_URL"}
)
// The Config struct captures the `settings` and `environment` blocks in the application's drone
// config. Configuration in drone's `settings` block arrives as uppercase env vars matching the
// config key, prefixed with `PLUGIN_`. Config from the `environment` block is uppercased, but does
// not have the `PLUGIN_` prefix.
type Config struct {
// Configuration for drone-helm itself
Command string `envconfig:"mode"` // Helm command to run
DroneEvent string `envconfig:"drone_build_event"` // Drone event that invoked this plugin.
UpdateDependencies bool `split_words:"true"` // Call `helm dependency update` before the main command
AddRepos []string `split_words:"true"` // Call `helm repo add` before the main command
RepoCertificate string `envconfig:"repo_certificate"` // The Helm chart repository's self-signed certificate (must be base64-encoded)
RepoCACertificate string `envconfig:"repo_ca_certificate"` // The Helm chart repository CA's self-signed certificate (must be base64-encoded)
Debug bool `` // Generate debug output and pass --debug to all helm commands
Values string `` // Argument to pass to --set in applicable helm commands
StringValues string `split_words:"true"` // Argument to pass to --set-string in applicable helm commands
ValuesFiles []string `split_words:"true"` // Arguments to pass to --values in applicable helm commands
Namespace string `` // Kubernetes namespace for all helm commands
KubeToken string `split_words:"true"` // Kubernetes authentication token to put in .kube/config
SkipTLSVerify bool `envconfig:"skip_tls_verify"` // Put insecure-skip-tls-verify in .kube/config
Certificate string `envconfig:"kube_certificate"` // The Kubernetes cluster CA's self-signed certificate (must be base64-encoded)
APIServer string `envconfig:"kube_api_server"` // The Kubernetes cluster's API endpoint
ServiceAccount string `envconfig:"kube_service_account"` // Account to use for connecting to the Kubernetes cluster
ChartVersion string `split_words:"true"` // Specific chart version to use in `helm upgrade`
DryRun bool `split_words:"true"` // Pass --dry-run to applicable helm commands
Wait bool `envconfig:"wait_for_upgrade"` // Pass --wait to applicable helm commands
ReuseValues bool `split_words:"true"` // Pass --reuse-values to `helm upgrade`
KeepHistory bool `split_words:"true"` // Pass --keep-history to `helm uninstall`
Timeout string `` // Argument to pass to --timeout in applicable helm commands
Chart string `` // Chart argument to use in applicable helm commands
Release string `` // Release argument to use in applicable helm commands
Force bool `envconfig:"force_upgrade"` // Pass --force to applicable helm commands
AtomicUpgrade bool `split_words:"true"` // Pass --atomic to `helm upgrade`
CleanupOnFail bool `envconfig:"cleanup_failed_upgrade"` // Pass --cleanup-on-fail to `helm upgrade`
LintStrictly bool `split_words:"true"` // Pass --strict to `helm lint`
Stdout io.Writer `ignored:"true"`
Stderr io.Writer `ignored:"true"`
}
// NewConfig creates a Config and reads environment variables into it, accounting for several possible formats.
func NewConfig(stdout, stderr io.Writer) (*Config, error) {
var aliases settingAliases
if err := envconfig.Process("plugin", &aliases); err != nil {
return nil, err
}
if err := envconfig.Process("", &aliases); err != nil {
return nil, err
}
cfg := Config{
Command: aliases.Command,
AddRepos: aliases.AddRepos,
APIServer: aliases.APIServer,
ServiceAccount: aliases.ServiceAccount,
Wait: aliases.Wait,
Force: aliases.Force,
KubeToken: aliases.KubeToken,
Certificate: aliases.Certificate,
Stdout: stdout,
Stderr: stderr,
}
if err := envconfig.Process("plugin", &cfg); err != nil {
return nil, err
}
if err := envconfig.Process("", &cfg); err != nil {
return nil, err
}
if justNumbers.MatchString(cfg.Timeout) {
cfg.Timeout = fmt.Sprintf("%ss", cfg.Timeout)
}
cfg.loadValuesSecrets()
if cfg.Debug && cfg.Stderr != nil {
cfg.logDebug()
}
cfg.deprecationWarn()
return &cfg, nil
}
func (cfg *Config) loadValuesSecrets() {
findVar := regexp.MustCompile(`\$\{?(\w+)\}?`)
replacer := func(varName string) string {
sigils := regexp.MustCompile(`[${}]`)
varName = sigils.ReplaceAllString(varName, "")
if value, ok := os.LookupEnv(varName); ok {
return value
}
if cfg.Debug {
fmt.Fprintf(cfg.Stderr, "$%s not present in environment, replaced with \"\"\n", varName)
}
return ""
}
cfg.Values = findVar.ReplaceAllStringFunc(cfg.Values, replacer)
cfg.StringValues = findVar.ReplaceAllStringFunc(cfg.StringValues, replacer)
}
func (cfg Config) logDebug() {
if cfg.KubeToken != "" {
cfg.KubeToken = "(redacted)"
}
fmt.Fprintf(cfg.Stderr, "Generated config: %+v\n", cfg)
}
func (cfg *Config) deprecationWarn() {
for _, varname := range deprecatedVars {
_, barePresent := os.LookupEnv(varname)
_, prefixedPresent := os.LookupEnv("PLUGIN_" + varname)
if barePresent || prefixedPresent {
fmt.Fprintf(cfg.Stderr, "Warning: ignoring deprecated '%s' setting\n", strings.ToLower(varname))
}
}
}
type settingAliases struct {
Command string `envconfig:"helm_command"`
AddRepos []string `envconfig:"helm_repos"`
APIServer string `envconfig:"api_server"`
ServiceAccount string `split_words:"true"`
Wait bool ``
Force bool ``
KubeToken string `envconfig:"kubernetes_token"`
Certificate string `envconfig:"kubernetes_certificate"`
}

249
internal/env/config_test.go vendored
View File

@@ -1,249 +0,0 @@
package env
import (
"fmt"
"github.com/stretchr/testify/suite"
"os"
"strings"
"testing"
)
type ConfigTestSuite struct {
suite.Suite
// These tests need to mutate the environment, so the suite.setenv and .unsetenv functions store the original contents of the
// relevant variable in this map. Its use of *string is so they can distinguish between "not set" and "set to empty string"
envBackup map[string]*string
}
func TestConfigTestSuite(t *testing.T) {
suite.Run(t, new(ConfigTestSuite))
}
func (suite *ConfigTestSuite) TestNewConfigWithPluginPrefix() {
suite.unsetenv("MODE")
suite.unsetenv("UPDATE_DEPENDENCIES")
suite.unsetenv("DEBUG")
suite.setenv("PLUGIN_MODE", "iambic")
suite.setenv("PLUGIN_UPDATE_DEPENDENCIES", "true")
suite.setenv("PLUGIN_DEBUG", "true")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("iambic", cfg.Command)
suite.True(cfg.UpdateDependencies)
suite.True(cfg.Debug)
}
func (suite *ConfigTestSuite) TestNewConfigWithNoPrefix() {
suite.unsetenv("PLUGIN_MODE")
suite.unsetenv("PLUGIN_UPDATE_DEPENDENCIES")
suite.unsetenv("PLUGIN_DEBUG")
suite.setenv("MODE", "iambic")
suite.setenv("UPDATE_DEPENDENCIES", "true")
suite.setenv("DEBUG", "true")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("iambic", cfg.Command)
suite.True(cfg.UpdateDependencies)
suite.True(cfg.Debug)
}
func (suite *ConfigTestSuite) TestNewConfigWithConflictingVariables() {
suite.setenv("PLUGIN_MODE", "iambic")
suite.setenv("MODE", "haiku") // values from the `environment` block override those from `settings`
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("haiku", cfg.Command)
}
func (suite *ConfigTestSuite) TestNewConfigInfersNumbersAreSeconds() {
suite.setenv("PLUGIN_TIMEOUT", "42")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("42s", cfg.Timeout)
}
func (suite *ConfigTestSuite) TestNewConfigWithAliases() {
for _, varname := range []string{
"MODE",
"ADD_REPOS",
"KUBE_API_SERVER",
"KUBE_SERVICE_ACCOUNT",
"WAIT_FOR_UPGRADE",
"FORCE_UPGRADE",
"KUBE_TOKEN",
"KUBE_CERTIFICATE",
} {
suite.unsetenv(varname)
suite.unsetenv("PLUGIN_" + varname)
}
suite.setenv("PLUGIN_HELM_COMMAND", "beware the jabberwock")
suite.setenv("PLUGIN_HELM_REPOS", "chortle=http://calloo.callay/frabjous/day")
suite.setenv("PLUGIN_API_SERVER", "http://tumtum.tree")
suite.setenv("PLUGIN_SERVICE_ACCOUNT", "tulgey")
suite.setenv("PLUGIN_WAIT", "true")
suite.setenv("PLUGIN_FORCE", "true")
suite.setenv("PLUGIN_KUBERNETES_TOKEN", "Y29tZSB0byBteSBhcm1z")
suite.setenv("PLUGIN_KUBERNETES_CERTIFICATE", "d2l0aCBpdHMgaGVhZA==")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("beware the jabberwock", cfg.Command)
suite.Equal([]string{"chortle=http://calloo.callay/frabjous/day"}, cfg.AddRepos)
suite.Equal("http://tumtum.tree", cfg.APIServer)
suite.Equal("tulgey", cfg.ServiceAccount)
suite.True(cfg.Wait, "Wait should be aliased")
suite.True(cfg.Force, "Force should be aliased")
suite.Equal("Y29tZSB0byBteSBhcm1z", cfg.KubeToken, "KubeToken should be aliased")
suite.Equal("d2l0aCBpdHMgaGVhZA==", cfg.Certificate, "Certificate should be aliased")
}
func (suite *ConfigTestSuite) TestAliasedSettingWithoutPluginPrefix() {
suite.unsetenv("FORCE_UPGRADE")
suite.unsetenv("PLUGIN_FORCE_UPGRADE")
suite.unsetenv("PLUGIN_FORCE")
suite.setenv("FORCE", "true")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.True(cfg.Force)
}
func (suite *ConfigTestSuite) TestNewConfigWithAliasConflicts() {
suite.unsetenv("FORCE_UPGRADE")
suite.setenv("PLUGIN_FORCE", "true")
suite.setenv("PLUGIN_FORCE_UPGRADE", "false") // should override even when set to the zero value
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.NoError(err)
suite.False(cfg.Force, "official names should override alias names")
}
func (suite *ConfigTestSuite) TestNewConfigSetsWriters() {
stdout := &strings.Builder{}
stderr := &strings.Builder{}
cfg, err := NewConfig(stdout, stderr)
suite.Require().NoError(err)
suite.Equal(stdout, cfg.Stdout)
suite.Equal(stderr, cfg.Stderr)
}
func (suite *ConfigTestSuite) TestDeprecatedSettingWarnings() {
for _, varname := range deprecatedVars {
suite.setenv(varname, "deprecoat") // environment-block entries should cause warnings
}
suite.unsetenv("PURGE")
suite.setenv("PLUGIN_PURGE", "true") // settings-block entries should cause warnings
suite.setenv("UPGRADE", "") // entries should cause warnings even when set to empty string
stderr := &strings.Builder{}
_, err := NewConfig(&strings.Builder{}, stderr)
suite.NoError(err)
for _, varname := range deprecatedVars {
suite.Contains(stderr.String(), fmt.Sprintf("Warning: ignoring deprecated '%s' setting\n", strings.ToLower(varname)))
}
}
func (suite *ConfigTestSuite) TestLogDebug() {
suite.setenv("DEBUG", "true")
suite.setenv("MODE", "upgrade")
stderr := strings.Builder{}
stdout := strings.Builder{}
_, err := NewConfig(&stdout, &stderr)
suite.Require().NoError(err)
suite.Equal("", stdout.String())
suite.Regexp(`^Generated config: \{Command:upgrade.*\}`, stderr.String())
}
func (suite *ConfigTestSuite) TestLogDebugCensorsKubeToken() {
stderr := &strings.Builder{}
kubeToken := "I'm shy! Don't put me in your build logs!"
cfg := Config{
Debug: true,
KubeToken: kubeToken,
Stderr: stderr,
}
cfg.logDebug()
suite.Contains(stderr.String(), "KubeToken:(redacted)")
suite.Equal(kubeToken, cfg.KubeToken) // The actual config value should be left unchanged
}
func (suite *ConfigTestSuite) TestNewConfigWithValuesSecrets() {
suite.unsetenv("VALUES")
suite.unsetenv("STRING_VALUES")
suite.unsetenv("SECRET_WATER")
suite.setenv("SECRET_FIRE", "Eru_Ilúvatar")
suite.setenv("SECRET_RINGS", "1")
suite.setenv("PLUGIN_VALUES", "fire=$SECRET_FIRE,water=${SECRET_WATER}")
suite.setenv("PLUGIN_STRING_VALUES", "rings=${SECRET_RINGS}")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("fire=Eru_Ilúvatar,water=", cfg.Values)
suite.Equal("rings=1", cfg.StringValues)
}
func (suite *ConfigTestSuite) TestValuesSecretsWithDebugLogging() {
suite.unsetenv("VALUES")
suite.unsetenv("SECRET_WATER")
suite.setenv("SECRET_FIRE", "Eru_Ilúvatar")
suite.setenv("PLUGIN_DEBUG", "true")
suite.setenv("PLUGIN_STRING_VALUES", "fire=$SECRET_FIRE")
suite.setenv("PLUGIN_VALUES", "fire=$SECRET_FIRE,water=$SECRET_WATER")
stderr := strings.Builder{}
_, err := NewConfig(&strings.Builder{}, &stderr)
suite.Require().NoError(err)
suite.Contains(stderr.String(), "Values:fire=Eru_Ilúvatar,water=")
suite.Contains(stderr.String(), `$SECRET_WATER not present in environment, replaced with ""`)
}
func (suite *ConfigTestSuite) setenv(key, val string) {
orig, ok := os.LookupEnv(key)
if ok {
suite.envBackup[key] = &orig
} else {
suite.envBackup[key] = nil
}
os.Setenv(key, val)
}
func (suite *ConfigTestSuite) unsetenv(key string) {
orig, ok := os.LookupEnv(key)
if ok {
suite.envBackup[key] = &orig
} else {
suite.envBackup[key] = nil
}
os.Unsetenv(key)
}
func (suite *ConfigTestSuite) BeforeTest(_, _ string) {
suite.envBackup = make(map[string]*string)
}
func (suite *ConfigTestSuite) AfterTest(_, _ string) {
for key, val := range suite.envBackup {
if val == nil {
os.Unsetenv(key)
} else {
os.Setenv(key, *val)
}
}
}

79
internal/helm/config.go Normal file
View File

@@ -0,0 +1,79 @@
package helm
import (
"fmt"
"github.com/kelseyhightower/envconfig"
"io"
)
// The Config struct captures the `settings` and `environment` blocks in the application's drone
// config. Configuration in drone's `settings` block arrives as uppercase env vars matching the
// config key, prefixed with `PLUGIN_`. Config from the `environment` block is uppercased, but does
// not have the `PLUGIN_` prefix. It may, however, be prefixed with the value in `$PLUGIN_PREFIX`.
type Config struct {
// Configuration for drone-helm itself
Command string `envconfig:"HELM_COMMAND"` // Helm command to run
DroneEvent string `envconfig:"DRONE_BUILD_EVENT"` // Drone event that invoked this plugin.
UpdateDependencies bool `split_words:"true"` // Call `helm dependency update` before the main command
Repos []string `envconfig:"HELM_REPOS"` // Call `helm repo add` before the main command
Prefix string `` // Prefix to use when looking up secret env vars
Debug bool `` // Generate debug output and pass --debug to all helm commands
Values string `` // Argument to pass to --set in applicable helm commands
StringValues string `split_words:"true"` // Argument to pass to --set-string in applicable helm commands
ValuesFiles []string `split_words:"true"` // Arguments to pass to --values in applicable helm commands
Namespace string `` // Kubernetes namespace for all helm commands
KubeToken string `envconfig:"KUBERNETES_TOKEN"` // Kubernetes authentication token to put in .kube/config
EKSCluster string `envconfig:"EKS_CLUSTER"` // AWS EKS Cluster ID to put in .kube/config
EKSRoleARN string `envconfig:"EKS_ROLE_ARN"` // AWS IAM role resource name to put in .kube/config
SkipTLSVerify bool `envconfig:"SKIP_TLS_VERIFY"` // Put insecure-skip-tls-verify in .kube/config
Certificate string `envconfig:"KUBERNETES_CERTIFICATE"` // The Kubernetes cluster CA's self-signed certificate (must be base64-encoded)
APIServer string `envconfig:"API_SERVER"` // The Kubernetes cluster's API endpoint
ServiceAccount string `split_words:"true"` // Account to use for connecting to the Kubernetes cluster
ChartVersion string `split_words:"true"` // Specific chart version to use in `helm upgrade`
DryRun bool `split_words:"true"` // Pass --dry-run to applicable helm commands
Wait bool `` // Pass --wait to applicable helm commands
ReuseValues bool `split_words:"true"` // Pass --reuse-values to `helm upgrade`
Timeout string `` // Argument to pass to --timeout in applicable helm commands
Chart string `` // Chart argument to use in applicable helm commands
Release string `` // Release argument to use in applicable helm commands
Force bool `` // Pass --force to applicable helm commands
Stdout io.Writer `ignored:"true"`
Stderr io.Writer `ignored:"true"`
}
// NewConfig creates a Config and reads environment variables into it, accounting for several possible formats.
func NewConfig(stdout, stderr io.Writer) (*Config, error) {
cfg := Config{
Stdout: stdout,
Stderr: stderr,
}
if err := envconfig.Process("plugin", &cfg); err != nil {
return nil, err
}
prefix := cfg.Prefix
if err := envconfig.Process("", &cfg); err != nil {
return nil, err
}
if prefix != "" {
if err := envconfig.Process(cfg.Prefix, &cfg); err != nil {
return nil, err
}
}
if cfg.Debug && cfg.Stderr != nil {
cfg.logDebug()
}
return &cfg, nil
}
func (cfg Config) logDebug() {
if cfg.KubeToken != "" {
cfg.KubeToken = "(redacted)"
}
fmt.Fprintf(cfg.Stderr, "Generated config: %+v\n", cfg)
}

180
internal/helm/config_test.go Normal file
View File

@@ -0,0 +1,180 @@
package helm
import (
"github.com/stretchr/testify/suite"
"os"
"strings"
"testing"
)
type ConfigTestSuite struct {
suite.Suite
// These tests need to mutate the environment, so the suite.setenv and .unsetenv functions store the original contents of the
// relevant variable in this map. Its use of *string is so they can distinguish between "not set" and "set to empty string"
envBackup map[string]*string
}
func TestConfigTestSuite(t *testing.T) {
suite.Run(t, new(ConfigTestSuite))
}
func (suite *ConfigTestSuite) TestNewConfigWithPluginPrefix() {
suite.unsetenv("PLUGIN_PREFIX")
suite.unsetenv("HELM_COMMAND")
suite.unsetenv("UPDATE_DEPENDENCIES")
suite.unsetenv("DEBUG")
suite.setenv("PLUGIN_HELM_COMMAND", "execute order 66")
suite.setenv("PLUGIN_UPDATE_DEPENDENCIES", "true")
suite.setenv("PLUGIN_DEBUG", "true")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("execute order 66", cfg.Command)
suite.True(cfg.UpdateDependencies)
suite.True(cfg.Debug)
}
func (suite *ConfigTestSuite) TestNewConfigWithNoPrefix() {
suite.unsetenv("PLUGIN_PREFIX")
suite.unsetenv("PLUGIN_HELM_COMMAND")
suite.unsetenv("PLUGIN_UPDATE_DEPENDENCIES")
suite.unsetenv("PLUGIN_DEBUG")
suite.setenv("HELM_COMMAND", "execute order 66")
suite.setenv("UPDATE_DEPENDENCIES", "true")
suite.setenv("DEBUG", "true")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("execute order 66", cfg.Command)
suite.True(cfg.UpdateDependencies)
suite.True(cfg.Debug)
}
func (suite *ConfigTestSuite) TestNewConfigWithConfigurablePrefix() {
suite.unsetenv("API_SERVER")
suite.unsetenv("PLUGIN_API_SERVER")
suite.setenv("PLUGIN_PREFIX", "prix_fixe")
suite.setenv("PRIX_FIXE_API_SERVER", "your waiter this evening")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("prix_fixe", cfg.Prefix)
suite.Equal("your waiter this evening", cfg.APIServer)
}
func (suite *ConfigTestSuite) TestPrefixSettingDoesNotAffectPluginPrefix() {
suite.setenv("PLUGIN_PREFIX", "IXFREP")
suite.setenv("PLUGIN_HELM_COMMAND", "wake me up")
suite.setenv("IXFREP_PLUGIN_HELM_COMMAND", "send me to sleep inside")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("wake me up", cfg.Command)
}
func (suite *ConfigTestSuite) TestPrefixSettingMustHavePluginPrefix() {
suite.unsetenv("PLUGIN_PREFIX")
suite.setenv("PREFIX", "refpix")
suite.setenv("HELM_COMMAND", "gimme more")
suite.setenv("REFPIX_HELM_COMMAND", "gimme less")
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("gimme more", cfg.Command)
}
func (suite *ConfigTestSuite) TestNewConfigWithConflictingVariables() {
suite.setenv("PLUGIN_HELM_COMMAND", "execute order 66")
suite.setenv("HELM_COMMAND", "defend the jedi") // values from the `environment` block override those from `settings`
suite.setenv("PLUGIN_PREFIX", "prod")
suite.setenv("TIMEOUT", "5m0s")
suite.setenv("PROD_TIMEOUT", "2m30s") // values from prefixed env vars override those from non-prefixed ones
cfg, err := NewConfig(&strings.Builder{}, &strings.Builder{})
suite.Require().NoError(err)
suite.Equal("defend the jedi", cfg.Command)
suite.Equal("2m30s", cfg.Timeout)
}
func (suite *ConfigTestSuite) TestNewConfigSetsWriters() {
stdout := &strings.Builder{}
stderr := &strings.Builder{}
cfg, err := NewConfig(stdout, stderr)
suite.Require().NoError(err)
suite.Equal(stdout, cfg.Stdout)
suite.Equal(stderr, cfg.Stderr)
}
func (suite *ConfigTestSuite) TestLogDebug() {
suite.setenv("DEBUG", "true")
suite.setenv("HELM_COMMAND", "upgrade")
stderr := strings.Builder{}
stdout := strings.Builder{}
_, err := NewConfig(&stdout, &stderr)
suite.Require().NoError(err)
suite.Equal("", stdout.String())
suite.Regexp(`^Generated config: \{Command:upgrade.*\}`, stderr.String())
}
func (suite *ConfigTestSuite) TestLogDebugCensorsKubeToken() {
stderr := &strings.Builder{}
kubeToken := "I'm shy! Don't put me in your build logs!"
cfg := Config{
Debug: true,
KubeToken: kubeToken,
Stderr: stderr,
}
cfg.logDebug()
suite.Contains(stderr.String(), "KubeToken:(redacted)")
suite.Equal(kubeToken, cfg.KubeToken) // The actual config value should be left unchanged
}
func (suite *ConfigTestSuite) setenv(key, val string) {
orig, ok := os.LookupEnv(key)
if ok {
suite.envBackup[key] = &orig
} else {
suite.envBackup[key] = nil
}
os.Setenv(key, val)
}
func (suite *ConfigTestSuite) unsetenv(key string) {
orig, ok := os.LookupEnv(key)
if ok {
suite.envBackup[key] = &orig
} else {
suite.envBackup[key] = nil
}
os.Unsetenv(key)
}
func (suite *ConfigTestSuite) BeforeTest(_, _ string) {
suite.envBackup = make(map[string]*string)
}
func (suite *ConfigTestSuite) AfterTest(_, _ string) {
for key, val := range suite.envBackup {
if val == nil {
os.Unsetenv(key)
} else {
os.Setenv(key, *val)
}
}
}

17
internal/helm/mock_step_test.go
View File

@@ -6,6 +6,7 @@ package helm
import (
gomock "github.com/golang/mock/gomock"
run "github.com/pelotech/drone-helm3/internal/run"
reflect "reflect"
)
@@ -33,29 +34,29 @@ func (m *MockStep) EXPECT() *MockStepMockRecorder {
}
// Prepare mocks base method
func (m *MockStep) Prepare() error {
func (m *MockStep) Prepare(arg0 run.Config) error {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "Prepare")
ret := m.ctrl.Call(m, "Prepare", arg0)
ret0, _ := ret[0].(error)
return ret0
}
// Prepare indicates an expected call of Prepare
func (mr *MockStepMockRecorder) Prepare() *gomock.Call {
func (mr *MockStepMockRecorder) Prepare(arg0 interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Prepare", reflect.TypeOf((*MockStep)(nil).Prepare))
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Prepare", reflect.TypeOf((*MockStep)(nil).Prepare), arg0)
}
// Execute mocks base method
func (m *MockStep) Execute() error {
func (m *MockStep) Execute(arg0 run.Config) error {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "Execute")
ret := m.ctrl.Call(m, "Execute", arg0)
ret0, _ := ret[0].(error)
return ret0
}
// Execute indicates an expected call of Execute
func (mr *MockStepMockRecorder) Execute() *gomock.Call {
func (mr *MockStepMockRecorder) Execute(arg0 interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Execute", reflect.TypeOf((*MockStep)(nil).Execute))
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Execute", reflect.TypeOf((*MockStep)(nil).Execute), arg0)
}

100
internal/helm/plan.go
View File

@@ -2,7 +2,6 @@ package helm
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/pelotech/drone-helm3/internal/run"
"os"
)
@@ -14,20 +13,30 @@ const (
// A Step is one step in the plan.
type Step interface {
Prepare() error
Execute() error
Prepare(run.Config) error
Execute(run.Config) error
}
// A Plan is a series of steps to perform.
type Plan struct {
steps []Step
cfg env.Config
steps []Step
cfg Config
runCfg run.Config
}
// NewPlan makes a plan for running a helm operation.
func NewPlan(cfg env.Config) (*Plan, error) {
func NewPlan(cfg Config) (*Plan, error) {
p := Plan{
cfg: cfg,
runCfg: run.Config{
Debug: cfg.Debug,
Values: cfg.Values,
StringValues: cfg.StringValues,
ValuesFiles: cfg.ValuesFiles,
Namespace: cfg.Namespace,
Stdout: cfg.Stdout,
Stderr: cfg.Stderr,
},
}
p.steps = (*determineSteps(cfg))(cfg)
@@ -37,7 +46,7 @@ func NewPlan(cfg env.Config) (*Plan, error) {
fmt.Fprintf(os.Stderr, "calling %T.Prepare (step %d)\n", step, i)
}
if err := step.Prepare(); err != nil {
if err := step.Prepare(p.runCfg); err != nil {
err = fmt.Errorf("while preparing %T step: %w", step, err)
return nil, err
}
@@ -48,7 +57,7 @@ func NewPlan(cfg env.Config) (*Plan, error) {
// determineSteps is primarily for the tests' convenience: it allows testing the "which stuff should
// we do" logic without building a config that meets all the steps' requirements.
func determineSteps(cfg env.Config) *func(env.Config) []Step {
func determineSteps(cfg Config) *func(Config) []Step {
switch cfg.Command {
case "upgrade":
return &upgrade
@@ -65,7 +74,7 @@ func determineSteps(cfg env.Config) *func(env.Config) []Step {
case "delete":
return &uninstall
default:
return &help
panic("not implemented")
}
}
}
@@ -77,7 +86,7 @@ func (p *Plan) Execute() error {
fmt.Fprintf(p.cfg.Stderr, "calling %T.Execute (step %d)\n", step, i)
}
if err := step.Execute(); err != nil {
if err := step.Execute(p.runCfg); err != nil {
return fmt.Errorf("while executing %T step: %w", step, err)
}
}
@@ -85,43 +94,58 @@ func (p *Plan) Execute() error {
return nil
}
var upgrade = func(cfg env.Config) []Step {
var steps []Step
steps = append(steps, run.NewInitKube(cfg, kubeConfigTemplate, kubeConfigFile))
for _, repo := range cfg.AddRepos {
steps = append(steps, run.NewAddRepo(cfg, repo))
}
if cfg.UpdateDependencies {
steps = append(steps, run.NewDepUpdate(cfg))
}
steps = append(steps, run.NewUpgrade(cfg))
var upgrade = func(cfg Config) []Step {
steps := initKube(cfg)
steps = append(steps, &run.Upgrade{
Chart: cfg.Chart,
Release: cfg.Release,
ChartVersion: cfg.ChartVersion,
DryRun: cfg.DryRun,
Wait: cfg.Wait,
ReuseValues: cfg.ReuseValues,
Timeout: cfg.Timeout,
Force: cfg.Force,
})
return steps
}
var uninstall = func(cfg env.Config) []Step {
var steps []Step
steps = append(steps, run.NewInitKube(cfg, kubeConfigTemplate, kubeConfigFile))
if cfg.UpdateDependencies {
steps = append(steps, run.NewDepUpdate(cfg))
}
steps = append(steps, run.NewUninstall(cfg))
var uninstall = func(cfg Config) []Step {
steps := initKube(cfg)
steps = append(steps, &run.Uninstall{
Release: cfg.Release,
DryRun: cfg.DryRun,
})
return steps
}
var lint = func(cfg env.Config) []Step {
var steps []Step
for _, repo := range cfg.AddRepos {
steps = append(steps, run.NewAddRepo(cfg, repo))
var lint = func(cfg Config) []Step {
lint := &run.Lint{
Chart: cfg.Chart,
}
if cfg.UpdateDependencies {
steps = append(steps, run.NewDepUpdate(cfg))
}
steps = append(steps, run.NewLint(cfg))
return steps
return []Step{lint}
}
var help = func(cfg env.Config) []Step {
return []Step{run.NewHelp(cfg)}
var help = func(cfg Config) []Step {
help := &run.Help{}
return []Step{help}
}
func initKube(cfg Config) []Step {
return []Step{
&run.InitKube{
SkipTLSVerify: cfg.SkipTLSVerify,
Certificate: cfg.Certificate,
APIServer: cfg.APIServer,
ServiceAccount: cfg.ServiceAccount,
Token: cfg.KubeToken,
EKSCluster: cfg.EKSCluster,
EKSRoleARN: cfg.EKSRoleARN,
TemplateFile: kubeConfigTemplate,
ConfigFile: kubeConfigFile,
},
}
}

214
internal/helm/plan_test.go
View File

@@ -7,7 +7,6 @@ import (
"strings"
"testing"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/pelotech/drone-helm3/internal/run"
)
@@ -26,29 +25,43 @@ func (suite *PlanTestSuite) TestNewPlan() {
stepTwo := NewMockStep(ctrl)
origHelp := help
help = func(cfg env.Config) []Step {
help = func(cfg Config) []Step {
return []Step{stepOne, stepTwo}
}
defer func() { help = origHelp }()
stdout := strings.Builder{}
stderr := strings.Builder{}
cfg := env.Config{
Command: "help",
Debug: false,
Namespace: "outer",
Stdout: &stdout,
Stderr: &stderr,
cfg := Config{
Command: "help",
Debug: false,
Values: "steadfastness,forthrightness",
StringValues: "tensile_strength,flexibility",
ValuesFiles: []string{"/root/price_inventory.yml"},
Namespace: "outer",
Stdout: &stdout,
Stderr: &stderr,
}
runCfg := run.Config{
Debug: false,
Values: "steadfastness,forthrightness",
StringValues: "tensile_strength,flexibility",
ValuesFiles: []string{"/root/price_inventory.yml"},
Namespace: "outer",
Stdout: &stdout,
Stderr: &stderr,
}
stepOne.EXPECT().
Prepare()
Prepare(runCfg)
stepTwo.EXPECT().
Prepare()
Prepare(runCfg)
plan, err := NewPlan(cfg)
suite.Require().Nil(err)
suite.Equal(cfg, plan.cfg)
suite.Equal(runCfg, plan.runCfg)
}
func (suite *PlanTestSuite) TestNewPlanAbortsOnError() {
@@ -58,17 +71,17 @@ func (suite *PlanTestSuite) TestNewPlanAbortsOnError() {
stepTwo := NewMockStep(ctrl)
origHelp := help
help = func(cfg env.Config) []Step {
help = func(cfg Config) []Step {
return []Step{stepOne, stepTwo}
}
defer func() { help = origHelp }()
cfg := env.Config{
cfg := Config{
Command: "help",
}
stepOne.EXPECT().
Prepare().
Prepare(gomock.Any()).
Return(fmt.Errorf("I'm starry Dave, aye, cat blew that"))
_, err := NewPlan(cfg)
@@ -82,15 +95,18 @@ func (suite *PlanTestSuite) TestExecute() {
stepOne := NewMockStep(ctrl)
stepTwo := NewMockStep(ctrl)
runCfg := run.Config{}
plan := Plan{
steps: []Step{stepOne, stepTwo},
steps: []Step{stepOne, stepTwo},
runCfg: runCfg,
}
stepOne.EXPECT().
Execute().
Execute(runCfg).
Times(1)
stepTwo.EXPECT().
Execute().
Execute(runCfg).
Times(1)
suite.NoError(plan.Execute())
@@ -102,12 +118,15 @@ func (suite *PlanTestSuite) TestExecuteAbortsOnError() {
stepOne := NewMockStep(ctrl)
stepTwo := NewMockStep(ctrl)
runCfg := run.Config{}
plan := Plan{
steps: []Step{stepOne, stepTwo},
steps: []Step{stepOne, stepTwo},
runCfg: runCfg,
}
stepOne.EXPECT().
Execute().
Execute(runCfg).
Times(1).
Return(fmt.Errorf("oh, he'll gnaw"))
@@ -116,77 +135,122 @@ func (suite *PlanTestSuite) TestExecuteAbortsOnError() {
}
func (suite *PlanTestSuite) TestUpgrade() {
steps := upgrade(env.Config{})
cfg := Config{
ChartVersion: "seventeen",
DryRun: true,
Wait: true,
ReuseValues: true,
Timeout: "go sit in the corner",
Chart: "billboard_top_100",
Release: "post_malone_circles",
Force: true,
}
steps := upgrade(cfg)
suite.Require().Equal(2, len(steps), "upgrade should return 2 steps")
suite.IsType(&run.InitKube{}, steps[0])
suite.IsType(&run.Upgrade{}, steps[1])
}
suite.Require().IsType(&run.InitKube{}, steps[0])
func (suite *PlanTestSuite) TestUpgradeWithUpdateDependencies() {
cfg := env.Config{
UpdateDependencies: true,
suite.Require().IsType(&run.Upgrade{}, steps[1])
upgrade, _ := steps[1].(*run.Upgrade)
expected := &run.Upgrade{
Chart: cfg.Chart,
Release: cfg.Release,
ChartVersion: cfg.ChartVersion,
DryRun: true,
Wait: cfg.Wait,
ReuseValues: cfg.ReuseValues,
Timeout: cfg.Timeout,
Force: cfg.Force,
}
steps := upgrade(cfg)
suite.Require().Equal(3, len(steps), "upgrade should have a third step when DepUpdate is true")
suite.IsType(&run.InitKube{}, steps[0])
suite.IsType(&run.DepUpdate{}, steps[1])
suite.Equal(expected, upgrade)
}
func (suite *PlanTestSuite) TestUpgradeWithAddRepos() {
cfg := env.Config{
AddRepos: []string{
"machine=https://github.com/harold_finch/themachine",
},
func (suite *PlanTestSuite) TestDel() {
cfg := Config{
KubeToken: "b2YgbXkgYWZmZWN0aW9u",
SkipTLSVerify: true,
Certificate: "cHJvY2xhaW1zIHdvbmRlcmZ1bCBmcmllbmRzaGlw",
APIServer: "98.765.43.21",
ServiceAccount: "greathelm",
DryRun: true,
Timeout: "think about what you did",
Release: "jetta_id_love_to_change_the_world",
}
steps := upgrade(cfg)
suite.Require().True(len(steps) > 1, "upgrade should generate at least two steps")
suite.IsType(&run.AddRepo{}, steps[1])
}
func (suite *PlanTestSuite) TestUninstall() {
steps := uninstall(env.Config{})
steps := uninstall(cfg)
suite.Require().Equal(2, len(steps), "uninstall should return 2 steps")
suite.IsType(&run.InitKube{}, steps[0])
suite.IsType(&run.Uninstall{}, steps[1])
suite.Require().IsType(&run.InitKube{}, steps[0])
init, _ := steps[0].(*run.InitKube)
var expected Step = &run.InitKube{
SkipTLSVerify: true,
Certificate: "cHJvY2xhaW1zIHdvbmRlcmZ1bCBmcmllbmRzaGlw",
APIServer: "98.765.43.21",
ServiceAccount: "greathelm",
Token: "b2YgbXkgYWZmZWN0aW9u",
TemplateFile: kubeConfigTemplate,
ConfigFile: kubeConfigFile,
}
suite.Equal(expected, init)
suite.Require().IsType(&run.Uninstall{}, steps[1])
actual, _ := steps[1].(*run.Uninstall)
expected = &run.Uninstall{
Release: "jetta_id_love_to_change_the_world",
DryRun: true,
}
suite.Equal(expected, actual)
}
func (suite *PlanTestSuite) TestUninstallWithUpdateDependencies() {
cfg := env.Config{
UpdateDependencies: true,
func (suite *PlanTestSuite) TestInitKube() {
cfg := Config{
KubeToken: "cXVlZXIgY2hhcmFjdGVyCg==",
SkipTLSVerify: true,
Certificate: "b2Ygd29rZW5lc3MK",
APIServer: "123.456.78.9",
ServiceAccount: "helmet",
EKSCluster: "eks_reader",
EKSRoleARN: "arn:aws:iam::9631085:role/eksSpangleRole",
}
steps := uninstall(cfg)
suite.Require().Equal(3, len(steps), "uninstall should have a third step when DepUpdate is true")
suite.IsType(&run.InitKube{}, steps[0])
suite.IsType(&run.DepUpdate{}, steps[1])
steps := initKube(cfg)
suite.Require().Equal(1, len(steps), "initKube should return one step")
suite.Require().IsType(&run.InitKube{}, steps[0])
init, _ := steps[0].(*run.InitKube)
expected := &run.InitKube{
SkipTLSVerify: true,
Certificate: "b2Ygd29rZW5lc3MK",
APIServer: "123.456.78.9",
ServiceAccount: "helmet",
Token: "cXVlZXIgY2hhcmFjdGVyCg==",
EKSCluster: "eks_reader",
EKSRoleARN: "arn:aws:iam::9631085:role/eksSpangleRole",
TemplateFile: kubeConfigTemplate,
ConfigFile: kubeConfigFile,
}
suite.Equal(expected, init)
}
func (suite *PlanTestSuite) TestLint() {
steps := lint(env.Config{})
suite.Require().Equal(1, len(steps))
suite.IsType(&run.Lint{}, steps[0])
}
func (suite *PlanTestSuite) TestLintWithUpdateDependencies() {
cfg := env.Config{
UpdateDependencies: true,
cfg := Config{
Chart: "./flow",
}
steps := lint(cfg)
suite.Require().Equal(2, len(steps), "lint should have a second step when DepUpdate is true")
suite.IsType(&run.DepUpdate{}, steps[0])
}
func (suite *PlanTestSuite) TestLintWithAddRepos() {
cfg := env.Config{
AddRepos: []string{"friendczar=https://github.com/logan_pierce/friendczar"},
}
steps := lint(cfg)
suite.Require().True(len(steps) > 0, "lint should return at least one step")
suite.IsType(&run.AddRepo{}, steps[0])
suite.Equal(1, len(steps))
want := &run.Lint{
Chart: "./flow",
}
suite.Equal(want, steps[0])
}
func (suite *PlanTestSuite) TestDeterminePlanUpgradeCommand() {
cfg := env.Config{
cfg := Config{
Command: "upgrade",
}
stepsMaker := determineSteps(cfg)
@@ -194,7 +258,7 @@ func (suite *PlanTestSuite) TestDeterminePlanUpgradeCommand() {
}
func (suite *PlanTestSuite) TestDeterminePlanUpgradeFromDroneEvent() {
cfg := env.Config{}
cfg := Config{}
upgradeEvents := []string{"push", "tag", "deployment", "pull_request", "promote", "rollback"}
for _, event := range upgradeEvents {
@@ -205,16 +269,16 @@ func (suite *PlanTestSuite) TestDeterminePlanUpgradeFromDroneEvent() {
}
func (suite *PlanTestSuite) TestDeterminePlanUninstallCommand() {
cfg := env.Config{
cfg := Config{
Command: "uninstall",
}
stepsMaker := determineSteps(cfg)
suite.Same(&uninstall, stepsMaker)
}
// helm_command = delete is provided as an alias for backward-compatibility with drone-helm
// helm_command = delete is provided as an alias for backwards-compatibility with drone-helm
func (suite *PlanTestSuite) TestDeterminePlanDeleteCommand() {
cfg := env.Config{
cfg := Config{
Command: "delete",
}
stepsMaker := determineSteps(cfg)
@@ -222,7 +286,7 @@ func (suite *PlanTestSuite) TestDeterminePlanDeleteCommand() {
}
func (suite *PlanTestSuite) TestDeterminePlanDeleteFromDroneEvent() {
cfg := env.Config{
cfg := Config{
DroneEvent: "delete",
}
stepsMaker := determineSteps(cfg)
@@ -230,7 +294,7 @@ func (suite *PlanTestSuite) TestDeterminePlanDeleteFromDroneEvent() {
}
func (suite *PlanTestSuite) TestDeterminePlanLintCommand() {
cfg := env.Config{
cfg := Config{
Command: "lint",
}
@@ -239,7 +303,7 @@ func (suite *PlanTestSuite) TestDeterminePlanLintCommand() {
}
func (suite *PlanTestSuite) TestDeterminePlanHelpCommand() {
cfg := env.Config{
cfg := Config{
Command: "help",
}

62
internal/run/addrepo.go
View File

@@ -1,62 +0,0 @@
package run
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
"strings"
)
// AddRepo is an execution step that calls `helm repo add` when executed.
type AddRepo struct {
*config
repo string
certs *repoCerts
cmd cmd
}
// NewAddRepo creates an AddRepo for the given repo-spec. No validation is performed at this time.
func NewAddRepo(cfg env.Config, repo string) *AddRepo {
return &AddRepo{
config: newConfig(cfg),
repo: repo,
certs: newRepoCerts(cfg),
}
}
// Execute executes the `helm repo add` command.
func (a *AddRepo) Execute() error {
return a.cmd.Run()
}
// Prepare gets the AddRepo ready to execute.
func (a *AddRepo) Prepare() error {
if a.repo == "" {
return fmt.Errorf("repo is required")
}
split := strings.SplitN(a.repo, "=", 2)
if len(split) != 2 {
return fmt.Errorf("bad repo spec '%s'", a.repo)
}
if err := a.certs.write(); err != nil {
return err
}
name := split[0]
url := split[1]
args := a.globalFlags()
args = append(args, "repo", "add")
args = append(args, a.certs.flags()...)
args = append(args, name, url)
a.cmd = command(helmBin, args...)
a.cmd.Stdout(a.stdout)
a.cmd.Stderr(a.stderr)
if a.debug {
fmt.Fprintf(a.stderr, "Generated command: '%s'\n", a.cmd.String())
}
return nil
}

112
internal/run/addrepo_test.go
View File

@@ -1,112 +0,0 @@
package run
import (
"github.com/golang/mock/gomock"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/suite"
"strings"
"testing"
)
type AddRepoTestSuite struct {
suite.Suite
ctrl *gomock.Controller
mockCmd *Mockcmd
originalCommand func(string, ...string) cmd
commandPath string
commandArgs []string
}
func (suite *AddRepoTestSuite) BeforeTest(_, _ string) {
suite.ctrl = gomock.NewController(suite.T())
suite.mockCmd = NewMockcmd(suite.ctrl)
suite.originalCommand = command
command = func(path string, args ...string) cmd {
suite.commandPath = path
suite.commandArgs = args
return suite.mockCmd
}
}
func (suite *AddRepoTestSuite) AfterTest(_, _ string) {
suite.ctrl.Finish()
command = suite.originalCommand
}
func TestAddRepoTestSuite(t *testing.T) {
suite.Run(t, new(AddRepoTestSuite))
}
func (suite *AddRepoTestSuite) TestNewAddRepo() {
repo := NewAddRepo(env.Config{}, "picompress=https://github.com/caleb_phipps/picompress")
suite.Require().NotNil(repo)
suite.Equal("picompress=https://github.com/caleb_phipps/picompress", repo.repo)
suite.NotNil(repo.config)
suite.NotNil(repo.certs)
}
func (suite *AddRepoTestSuite) TestPrepareAndExecute() {
stdout := strings.Builder{}
stderr := strings.Builder{}
cfg := env.Config{
Stdout: &stdout,
Stderr: &stderr,
}
a := NewAddRepo(cfg, "edeath=https://github.com/n_marks/e-death")
suite.mockCmd.EXPECT().
Stdout(&stdout).
Times(1)
suite.mockCmd.EXPECT().
Stderr(&stderr).
Times(1)
suite.Require().NoError(a.Prepare())
suite.Equal(helmBin, suite.commandPath)
suite.Equal([]string{"repo", "add", "edeath", "https://github.com/n_marks/e-death"}, suite.commandArgs)
suite.mockCmd.EXPECT().
Run().
Times(1)
suite.Require().NoError(a.Execute())
}
func (suite *AddRepoTestSuite) TestPrepareRepoIsRequired() {
// These aren't really expected, but allowing them gives clearer test-failure messages
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
a := NewAddRepo(env.Config{}, "")
err := a.Prepare()
suite.EqualError(err, "repo is required")
}
func (suite *AddRepoTestSuite) TestPrepareMalformedRepo() {
a := NewAddRepo(env.Config{}, "dwim")
err := a.Prepare()
suite.EqualError(err, "bad repo spec 'dwim'")
}
func (suite *AddRepoTestSuite) TestPrepareWithEqualSignInURL() {
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
a := NewAddRepo(env.Config{}, "samaritan=https://github.com/arthur_claypool/samaritan?version=2.1")
suite.NoError(a.Prepare())
suite.Contains(suite.commandArgs, "https://github.com/arthur_claypool/samaritan?version=2.1")
}
func (suite *AddRepoTestSuite) TestRepoAddFlags() {
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
cfg := env.Config{}
a := NewAddRepo(cfg, "machine=https://github.com/harold_finch/themachine")
// inject a ca cert filename so repoCerts won't create any files that we'd have to clean up
a.certs.caCertFilename = "./helm/reporepo.cert"
suite.NoError(a.Prepare())
suite.Equal([]string{"repo", "add", "--ca-file", "./helm/reporepo.cert",
"machine", "https://github.com/harold_finch/themachine"}, suite.commandArgs)
}

35
internal/run/config.go
View File

@@ -1,33 +1,16 @@
package run
import (
"github.com/pelotech/drone-helm3/internal/env"
"io"
)
type config struct {
debug bool
namespace string
stdout io.Writer
stderr io.Writer
}
func newConfig(cfg env.Config) *config {
return &config{
debug: cfg.Debug,
namespace: cfg.Namespace,
stdout: cfg.Stdout,
stderr: cfg.Stderr,
}
}
func (cfg *config) globalFlags() []string {
flags := []string{}
if cfg.debug {
flags = append(flags, "--debug")
}
if cfg.namespace != "" {
flags = append(flags, "--namespace", cfg.namespace)
}
return flags
// Config contains configuration applicable to all helm commands
type Config struct {
Debug bool
Values string
StringValues string
ValuesFiles []string
Namespace string
Stdout io.Writer
Stderr io.Writer
}

48
internal/run/config_test.go
View File

@@ -1,48 +0,0 @@
package run
import (
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/suite"
"strings"
"testing"
)
type ConfigTestSuite struct {
suite.Suite
}
func TestConfigTestSuite(t *testing.T) {
suite.Run(t, new(ConfigTestSuite))
}
func (suite *ConfigTestSuite) TestNewConfig() {
stdout := &strings.Builder{}
stderr := &strings.Builder{}
envCfg := env.Config{
Namespace: "private",
Debug: true,
Stdout: stdout,
Stderr: stderr,
}
cfg := newConfig(envCfg)
suite.Require().NotNil(cfg)
suite.Equal(&config{
namespace: "private",
debug: true,
stdout: stdout,
stderr: stderr,
}, cfg)
}
func (suite *ConfigTestSuite) TestGlobalFlags() {
cfg := config{
debug: true,
namespace: "public",
}
flags := cfg.globalFlags()
suite.Equal([]string{"--debug", "--namespace", "public"}, flags)
cfg = config{}
flags = cfg.globalFlags()
suite.Equal([]string{}, flags)
}

46
internal/run/depupdate.go
View File

@@ -1,46 +0,0 @@
package run
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
)
// DepUpdate is an execution step that calls `helm dependency update` when executed.
type DepUpdate struct {
*config
chart string
cmd cmd
}
// NewDepUpdate creates a DepUpdate using fields from the given Config. No validation is performed at this time.
func NewDepUpdate(cfg env.Config) *DepUpdate {
return &DepUpdate{
config: newConfig(cfg),
chart: cfg.Chart,
}
}
// Execute executes the `helm upgrade` command.
func (d *DepUpdate) Execute() error {
return d.cmd.Run()
}
// Prepare gets the DepUpdate ready to execute.
func (d *DepUpdate) Prepare() error {
if d.chart == "" {
return fmt.Errorf("chart is required")
}
args := d.globalFlags()
args = append(args, "dependency", "update", d.chart)
d.cmd = command(helmBin, args...)
d.cmd.Stdout(d.stdout)
d.cmd.Stderr(d.stderr)
if d.debug {
fmt.Fprintf(d.stderr, "Generated command: '%s'\n", d.cmd.String())
}
return nil
}

81
internal/run/depupdate_test.go
View File

@@ -1,81 +0,0 @@
package run
import (
"github.com/golang/mock/gomock"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/suite"
"strings"
"testing"
)
type DepUpdateTestSuite struct {
suite.Suite
ctrl *gomock.Controller
mockCmd *Mockcmd
originalCommand func(string, ...string) cmd
}
func (suite *DepUpdateTestSuite) BeforeTest(_, _ string) {
suite.ctrl = gomock.NewController(suite.T())
suite.mockCmd = NewMockcmd(suite.ctrl)
suite.originalCommand = command
command = func(path string, args ...string) cmd { return suite.mockCmd }
}
func (suite *DepUpdateTestSuite) AfterTest(_, _ string) {
command = suite.originalCommand
}
func TestDepUpdateTestSuite(t *testing.T) {
suite.Run(t, new(DepUpdateTestSuite))
}
func (suite *DepUpdateTestSuite) TestNewDepUpdate() {
cfg := env.Config{
Chart: "scatterplot",
}
d := NewDepUpdate(cfg)
suite.Equal("scatterplot", d.chart)
}
func (suite *DepUpdateTestSuite) TestPrepareAndExecute() {
defer suite.ctrl.Finish()
stdout := strings.Builder{}
stderr := strings.Builder{}
cfg := env.Config{
Chart: "your_top_songs_2019",
Stdout: &stdout,
Stderr: &stderr,
}
command = func(path string, args ...string) cmd {
suite.Equal(helmBin, path)
suite.Equal([]string{"dependency", "update", "your_top_songs_2019"}, args)
return suite.mockCmd
}
suite.mockCmd.EXPECT().
Stdout(&stdout)
suite.mockCmd.EXPECT().
Stderr(&stderr)
suite.mockCmd.EXPECT().
Run().
Times(1)
d := NewDepUpdate(cfg)
suite.Require().NoError(d.Prepare())
suite.NoError(d.Execute())
}
func (suite *DepUpdateTestSuite) TestPrepareChartRequired() {
d := NewDepUpdate(env.Config{})
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
err := d.Prepare()
suite.EqualError(err, "chart is required")
}

40
internal/run/help.go
View File

@@ -2,47 +2,31 @@ package run
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
)
// Help is a step in a helm Plan that calls `helm help`.
type Help struct {
*config
helmCommand string
cmd cmd
}
// NewHelp creates a Help using fields from the given Config. No validation is performed at this time.
func NewHelp(cfg env.Config) *Help {
return &Help{
config: newConfig(cfg),
helmCommand: cfg.Command,
}
cmd cmd
}
// Execute executes the `helm help` command.
func (h *Help) Execute() error {
if err := h.cmd.Run(); err != nil {
return fmt.Errorf("while running '%s': %w", h.cmd.String(), err)
}
if h.helmCommand == "help" {
return nil
}
return fmt.Errorf("unknown command '%s'", h.helmCommand)
func (h *Help) Execute(_ Config) error {
return h.cmd.Run()
}
// Prepare gets the Help ready to execute.
func (h *Help) Prepare() error {
args := h.globalFlags()
args = append(args, "help")
func (h *Help) Prepare(cfg Config) error {
args := []string{"help"}
if cfg.Debug {
args = append([]string{"--debug"}, args...)
}
h.cmd = command(helmBin, args...)
h.cmd.Stdout(h.stdout)
h.cmd.Stderr(h.stderr)
h.cmd.Stdout(cfg.Stdout)
h.cmd.Stderr(cfg.Stderr)
if h.debug {
fmt.Fprintf(h.stderr, "Generated command: '%s'\n", h.cmd.String())
if cfg.Debug {
fmt.Fprintf(cfg.Stderr, "Generated command: '%s'\n", h.cmd.String())
}
return nil

48
internal/run/help_test.go
View File

@@ -1,8 +1,8 @@
package run
import (
"fmt"
"github.com/golang/mock/gomock"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
"strings"
@@ -17,15 +17,6 @@ func TestHelpTestSuite(t *testing.T) {
suite.Run(t, new(HelpTestSuite))
}
func (suite *HelpTestSuite) TestNewHelp() {
cfg := env.Config{
Command: "everybody dance NOW!!",
}
help := NewHelp(cfg)
suite.Require().NotNil(help)
suite.Equal("everybody dance NOW!!", help.helmCommand)
}
func (suite *HelpTestSuite) TestPrepare() {
ctrl := gomock.NewController(suite.T())
defer ctrl.Finish()
@@ -47,30 +38,35 @@ func (suite *HelpTestSuite) TestPrepare() {
Stdout(&stdout)
mCmd.EXPECT().
Stderr(&stderr)
mCmd.EXPECT().
Run().
Times(1)
cfg := env.Config{
cfg := Config{
Stdout: &stdout,
Stderr: &stderr,
}
h := NewHelp(cfg)
err := h.Prepare()
suite.NoError(err)
h := Help{}
err := h.Prepare(cfg)
suite.Require().Nil(err)
h.Execute(cfg)
}
func (suite *HelpTestSuite) TestExecute() {
ctrl := gomock.NewController(suite.T())
defer ctrl.Finish()
mCmd := NewMockcmd(ctrl)
func (suite *HelpTestSuite) TestPrepareDebugFlag() {
help := Help{}
mCmd.EXPECT().
Run().
Times(2)
stdout := strings.Builder{}
stderr := strings.Builder{}
cfg := Config{
Debug: true,
Stdout: &stdout,
Stderr: &stderr,
}
help := NewHelp(env.Config{Command: "help"})
help.cmd = mCmd
suite.NoError(help.Execute())
help.Prepare(cfg)
help.helmCommand = "get down on friday"
suite.EqualError(help.Execute(), "unknown command 'get down on friday'")
want := fmt.Sprintf("Generated command: '%s --debug help'\n", helmBin)
suite.Equal(want, stderr.String())
suite.Equal("", stdout.String())
}

95
internal/run/initkube.go
View File

@@ -3,7 +3,6 @@ package run
import (
"errors"
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
"io"
"os"
"text/template"
@@ -11,12 +10,19 @@ import (
// InitKube is a step in a helm Plan that initializes the kubernetes config file.
type InitKube struct {
*config
templateFilename string
configFilename string
template *template.Template
configFile io.WriteCloser
values kubeValues
SkipTLSVerify bool
Certificate string
APIServer string
ServiceAccount string
Token string
EKSCluster string
EKSRoleARN string
TemplateFile string
ConfigFile string
template *template.Template
configFile io.WriteCloser
values kubeValues
}
type kubeValues struct {
@@ -26,68 +32,67 @@ type kubeValues struct {
Namespace string
ServiceAccount string
Token string
}
// NewInitKube creates a InitKube using the given Config and filepaths. No validation is performed at this time.
func NewInitKube(cfg env.Config, templateFile, configFile string) *InitKube {
return &InitKube{
config: newConfig(cfg),
values: kubeValues{
SkipTLSVerify: cfg.SkipTLSVerify,
Certificate: cfg.Certificate,
APIServer: cfg.APIServer,
Namespace: cfg.Namespace,
ServiceAccount: cfg.ServiceAccount,
Token: cfg.KubeToken,
},
templateFilename: templateFile,
configFilename: configFile,
}
EKSCluster string
EKSRoleARN string
}
// Execute generates a kubernetes config file from drone-helm3's template.
func (i *InitKube) Execute() error {
if i.debug {
fmt.Fprintf(i.stderr, "writing kubeconfig file to %s\n", i.configFilename)
func (i *InitKube) Execute(cfg Config) error {
if cfg.Debug {
fmt.Fprintf(cfg.Stderr, "writing kubeconfig file to %s\n", i.ConfigFile)
}
defer i.configFile.Close()
return i.template.Execute(i.configFile, i.values)
}
// Prepare ensures all required configuration is present and that the config file is writable.
func (i *InitKube) Prepare() error {
func (i *InitKube) Prepare(cfg Config) error {
var err error
if i.values.APIServer == "" {
if i.APIServer == "" {
return errors.New("an API Server is needed to deploy")
}
if i.values.Token == "" {
if i.Token == "" && i.EKSCluster == "" {
return errors.New("token is needed to deploy")
}
if i.values.ServiceAccount == "" {
i.values.ServiceAccount = "helm"
if i.Token != "" && i.EKSCluster != "" {
return errors.New("token cannot be used simultaneously with eksCluster")
}
if i.debug {
fmt.Fprintf(i.stderr, "loading kubeconfig template from %s\n", i.templateFilename)
if i.ServiceAccount == "" {
i.ServiceAccount = "helm"
}
i.template, err = template.ParseFiles(i.templateFilename)
if cfg.Debug {
fmt.Fprintf(cfg.Stderr, "loading kubeconfig template from %s\n", i.TemplateFile)
}
i.template, err = template.ParseFiles(i.TemplateFile)
if err != nil {
return fmt.Errorf("could not load kubeconfig template: %w", err)
}
if i.debug {
if _, err := os.Stat(i.configFilename); err != nil {
// non-nil err here isn't an actual error state; the kubeconfig just doesn't exist
fmt.Fprint(i.stderr, "creating ")
} else {
fmt.Fprint(i.stderr, "truncating ")
}
fmt.Fprintf(i.stderr, "kubeconfig file at %s\n", i.configFilename)
i.values = kubeValues{
SkipTLSVerify: i.SkipTLSVerify,
Certificate: i.Certificate,
APIServer: i.APIServer,
ServiceAccount: i.ServiceAccount,
Token: i.Token,
EKSCluster: i.EKSCluster,
EKSRoleARN: i.EKSRoleARN,
Namespace: cfg.Namespace,
}
i.configFile, err = os.Create(i.configFilename)
if cfg.Debug {
if _, err := os.Stat(i.ConfigFile); err != nil {
// non-nil err here isn't an actual error state; the kubeconfig just doesn't exist
fmt.Fprint(cfg.Stderr, "creating ")
} else {
fmt.Fprint(cfg.Stderr, "truncating ")
}
fmt.Fprintf(cfg.Stderr, "kubeconfig file at %s\n", i.ConfigFile)
}
i.configFile, err = os.Create(i.ConfigFile)
if err != nil {
return fmt.Errorf("could not open kubeconfig file for writing: %w", err)
}

230
internal/run/initkube_test.go
View File

@@ -1,13 +1,9 @@
package run
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/suite"
yaml "gopkg.in/yaml.v2"
"io/ioutil"
"os"
"strings"
"testing"
"text/template"
)
@@ -20,30 +16,6 @@ func TestInitKubeTestSuite(t *testing.T) {
suite.Run(t, new(InitKubeTestSuite))
}
func (suite *InitKubeTestSuite) TestNewInitKube() {
cfg := env.Config{
SkipTLSVerify: true,
Certificate: "cHJvY2xhaW1zIHdvbmRlcmZ1bCBmcmllbmRzaGlw",
APIServer: "98.765.43.21",
ServiceAccount: "greathelm",
KubeToken: "b2YgbXkgYWZmZWN0aW9u",
Stderr: &strings.Builder{},
Debug: true,
}
init := NewInitKube(cfg, "conf.tpl", "conf.yml")
suite.Equal(kubeValues{
SkipTLSVerify: true,
Certificate: "cHJvY2xhaW1zIHdvbmRlcmZ1bCBmcmllbmRzaGlw",
APIServer: "98.765.43.21",
ServiceAccount: "greathelm",
Token: "b2YgbXkgYWZmZWN0aW9u",
}, init.values)
suite.Equal("conf.tpl", init.templateFilename)
suite.Equal("conf.yml", init.configFilename)
suite.NotNil(init.config)
}
func (suite *InitKubeTestSuite) TestPrepareExecute() {
templateFile, err := tempfile("kubeconfig********.yml.tpl", `
certificate: {{ .Certificate }}
@@ -56,20 +28,23 @@ namespace: {{ .Namespace }}
defer os.Remove(configFile.Name())
suite.Require().Nil(err)
cfg := env.Config{
APIServer: "Sysadmin",
Certificate: "CCNA",
KubeToken: "Aspire virtual currency",
Namespace: "Cisco",
init := InitKube{
APIServer: "Sysadmin",
Certificate: "CCNA",
Token: "Aspire virtual currency",
TemplateFile: templateFile.Name(),
ConfigFile: configFile.Name(),
}
init := NewInitKube(cfg, templateFile.Name(), configFile.Name())
err = init.Prepare()
cfg := Config{
Namespace: "Cisco",
}
err = init.Prepare(cfg)
suite.Require().Nil(err)
suite.IsType(&template.Template{}, init.template)
suite.NotNil(init.configFile)
err = init.Execute()
err = init.Execute(cfg)
suite.Require().Nil(err)
conf, err := ioutil.ReadFile(configFile.Name())
@@ -82,80 +57,30 @@ namespace: Cisco
suite.Equal(want, string(conf))
}
func (suite *InitKubeTestSuite) TestExecuteGeneratesConfig() {
configFile, err := tempfile("kubeconfig********.yml", "")
defer os.Remove(configFile.Name())
suite.Require().NoError(err)
cfg := env.Config{
APIServer: "https://kube.cluster/peanut",
ServiceAccount: "chef",
KubeToken: "eWVhaCB3ZSB0b2tpbic=",
Certificate: "d293LCB5b3UgYXJlIHNvIGNvb2wgZm9yIHNtb2tpbmcgd2VlZCDwn5mE",
Namespace: "marshmallow",
}
init := NewInitKube(cfg, "../../assets/kubeconfig.tpl", configFile.Name()) // the actual kubeconfig template
suite.Require().NoError(init.Prepare())
suite.Require().NoError(init.Execute())
contents, err := ioutil.ReadFile(configFile.Name())
suite.Require().NoError(err)
// each setting should be reflected in the generated file
expectations := []string{
"namespace: marshmallow",
"server: https://kube.cluster/peanut",
"user: chef",
"name: chef",
"token: eWVhaCB3ZSB0b2tpbic",
"certificate-authority-data: d293LCB5b3UgYXJlIHNvIGNvb2wgZm9yIHNtb2tpbmcgd2VlZCDwn5mE",
}
for _, expected := range expectations {
suite.Contains(string(contents), expected)
}
// the generated config should be valid yaml, with no repeated keys
conf := map[string]interface{}{}
suite.NoError(yaml.UnmarshalStrict(contents, &conf))
// test the other branch of the certificate/SkipTLSVerify conditional
init.values.SkipTLSVerify = true
init.values.Certificate = ""
suite.Require().NoError(init.Prepare())
suite.Require().NoError(init.Execute())
contents, err = ioutil.ReadFile(configFile.Name())
suite.Require().NoError(err)
suite.Contains(string(contents), "insecure-skip-tls-verify: true")
conf = map[string]interface{}{}
suite.NoError(yaml.UnmarshalStrict(contents, &conf))
}
func (suite *InitKubeTestSuite) TestPrepareParseError() {
templateFile, err := tempfile("kubeconfig********.yml.tpl", `{{ NonexistentFunction }}`)
defer os.Remove(templateFile.Name())
suite.Require().Nil(err)
cfg := env.Config{
APIServer: "Sysadmin",
Certificate: "CCNA",
KubeToken: "Aspire virtual currency",
init := InitKube{
APIServer: "Sysadmin",
Certificate: "CCNA",
Token: "Aspire virtual currency",
TemplateFile: templateFile.Name(),
}
init := NewInitKube(cfg, templateFile.Name(), "")
err = init.Prepare()
err = init.Prepare(Config{})
suite.Error(err)
suite.Regexp("could not load kubeconfig .* function .* not defined", err)
}
func (suite *InitKubeTestSuite) TestPrepareNonexistentTemplateFile() {
cfg := env.Config{
APIServer: "Sysadmin",
Certificate: "CCNA",
KubeToken: "Aspire virtual currency",
init := InitKube{
APIServer: "Sysadmin",
Certificate: "CCNA",
Token: "Aspire virtual currency",
TemplateFile: "/usr/foreign/exclude/kubeprofig.tpl",
}
init := NewInitKube(cfg, "/usr/foreign/exclude/kubeprofig.tpl", "")
err := init.Prepare()
err := init.Prepare(Config{})
suite.Error(err)
suite.Regexp("could not load kubeconfig .* no such file or directory", err)
}
@@ -164,14 +89,16 @@ func (suite *InitKubeTestSuite) TestPrepareCannotOpenDestinationFile() {
templateFile, err := tempfile("kubeconfig********.yml.tpl", "hurgity burgity")
defer os.Remove(templateFile.Name())
suite.Require().Nil(err)
cfg := env.Config{
APIServer: "Sysadmin",
Certificate: "CCNA",
KubeToken: "Aspire virtual currency",
init := InitKube{
APIServer: "Sysadmin",
Certificate: "CCNA",
Token: "Aspire virtual currency",
TemplateFile: templateFile.Name(),
ConfigFile: "/usr/foreign/exclude/kubeprofig",
}
init := NewInitKube(cfg, templateFile.Name(), "/usr/foreign/exclude/kubeprofig")
err = init.Prepare()
cfg := Config{}
err = init.Prepare(cfg)
suite.Error(err)
suite.Regexp("could not open .* for writing: .* no such file or directory", err)
}
@@ -186,21 +113,51 @@ func (suite *InitKubeTestSuite) TestPrepareRequiredConfig() {
suite.Require().Nil(err)
// initial config with all required fields present
cfg := env.Config{
APIServer: "Sysadmin",
Certificate: "CCNA",
KubeToken: "Aspire virtual currency",
init := InitKube{
APIServer: "Sysadmin",
Certificate: "CCNA",
Token: "Aspire virtual currency",
TemplateFile: templateFile.Name(),
ConfigFile: configFile.Name(),
}
init := NewInitKube(cfg, templateFile.Name(), configFile.Name())
suite.NoError(init.Prepare()) // consistency check; we should be starting in a happy state
cfg := Config{}
init.values.APIServer = ""
suite.Error(init.Prepare(), "APIServer should be required.")
suite.NoError(init.Prepare(cfg)) // consistency check; we should be starting in a happy state
init.values.APIServer = "Sysadmin"
init.values.Token = ""
suite.Error(init.Prepare(), "Token should be required.")
init.APIServer = ""
suite.Error(init.Prepare(cfg), "APIServer should be required.")
init.APIServer = "Sysadmin"
init.Token = ""
suite.Error(init.Prepare(cfg), "Token should be required.")
}
func (suite *InitKubeTestSuite) TestPrepareEKSConfig() {
templateFile, err := tempfile("kubeconfig********.yml.tpl", "hurgity burgity")
defer os.Remove(templateFile.Name())
suite.Require().Nil(err)
configFile, err := tempfile("kubeconfig********.yml", "")
defer os.Remove(configFile.Name())
suite.Require().Nil(err)
init := InitKube{
TemplateFile: templateFile.Name(),
ConfigFile: configFile.Name(),
APIServer: "eks.aws.amazonaws.com",
EKSCluster: "it-is-an-eks-parrot",
EKSRoleARN: "arn:aws:iam::19691207:role/mrPraline",
}
cfg := Config{}
suite.NoError(init.Prepare(cfg))
suite.Equal(init.values.EKSCluster, "it-is-an-eks-parrot")
suite.Equal(init.values.EKSRoleARN, "arn:aws:iam::19691207:role/mrPraline")
init.Token = "cGluaW5nIGZvciB0aGUgZmrDtnJkcw=="
suite.EqualError(init.Prepare(cfg), "token cannot be used simultaneously with eksCluster")
}
func (suite *InitKubeTestSuite) TestPrepareDefaultsServiceAccount() {
@@ -212,43 +169,18 @@ func (suite *InitKubeTestSuite) TestPrepareDefaultsServiceAccount() {
defer os.Remove(configFile.Name())
suite.Require().Nil(err)
cfg := env.Config{
APIServer: "Sysadmin",
Certificate: "CCNA",
KubeToken: "Aspire virtual currency",
init := InitKube{
APIServer: "Sysadmin",
Certificate: "CCNA",
Token: "Aspire virtual currency",
TemplateFile: templateFile.Name(),
ConfigFile: configFile.Name(),
}
init := NewInitKube(cfg, templateFile.Name(), configFile.Name())
init.Prepare()
suite.Equal("helm", init.values.ServiceAccount)
}
cfg := Config{}
func (suite *InitKubeTestSuite) TestDebugOutput() {
templateFile, err := tempfile("kubeconfig********.yml.tpl", "hurgity burgity")
defer os.Remove(templateFile.Name())
suite.Require().Nil(err)
configFile, err := tempfile("kubeconfig********.yml", "")
defer os.Remove(configFile.Name())
suite.Require().Nil(err)
stdout := &strings.Builder{}
stderr := &strings.Builder{}
cfg := env.Config{
APIServer: "http://my.kube.server/",
KubeToken: "QSBzaW5nbGUgcm9zZQ==",
Debug: true,
Stdout: stdout,
Stderr: stderr,
}
init := NewInitKube(cfg, templateFile.Name(), configFile.Name())
suite.NoError(init.Prepare())
suite.Contains(stderr.String(), fmt.Sprintf("loading kubeconfig template from %s\n", templateFile.Name()))
suite.Contains(stderr.String(), fmt.Sprintf("truncating kubeconfig file at %s\n", configFile.Name()))
suite.NoError(init.Execute())
suite.Contains(stderr.String(), fmt.Sprintf("writing kubeconfig file to %s\n", configFile.Name()))
init.Prepare(cfg)
suite.Equal("helm", init.ServiceAccount)
}
func tempfile(name, contents string) (*os.File, error) {

109
internal/run/kubeconfig_test.go Normal file
View File

@@ -0,0 +1,109 @@
package run
import (
"github.com/stretchr/testify/suite"
yaml "gopkg.in/yaml.v2"
"io/ioutil"
"os"
"testing"
)
type KubeconfigTestSuite struct {
suite.Suite
configFile *os.File
initKube InitKube
}
func (suite *KubeconfigTestSuite) BeforeTest(_, _ string) {
file, err := ioutil.TempFile("", "kubeconfig********.yml")
suite.Require().NoError(err)
file.Close()
suite.configFile = file
// set up an InitKube with the bare minimum configuration
suite.initKube = InitKube{
ConfigFile: file.Name(),
TemplateFile: "../../assets/kubeconfig.tpl", // the actual kubeconfig template
APIServer: "a",
Token: "b",
}
}
func (suite *KubeconfigTestSuite) AfterTest(_, _ string) {
if suite.configFile != nil {
os.Remove(suite.configFile.Name())
}
}
func TestKubeconfigTestSuite(t *testing.T) {
suite.Run(t, new(KubeconfigTestSuite))
}
func (suite *KubeconfigTestSuite) TestSetsNamespace() {
cfg := Config{
Namespace: "marshmallow",
}
contents := suite.generateKubeconfig(cfg)
suite.Contains(contents, "namespace: marshmallow")
}
func (suite *KubeconfigTestSuite) TestSetsAPIServer() {
suite.initKube.APIServer = "https://kube.cluster/peanut"
contents := suite.generateKubeconfig(Config{})
suite.Contains(contents, "server: https://kube.cluster/peanut")
}
func (suite *KubeconfigTestSuite) TestSetsServiceAccount() {
suite.initKube.ServiceAccount = "chef"
contents := suite.generateKubeconfig(Config{})
suite.Contains(contents, "user: chef")
suite.Contains(contents, "name: chef")
}
func (suite *KubeconfigTestSuite) TestSetsToken() {
suite.initKube.Token = "eWVhaCB3ZSB0b2tpbic"
contents := suite.generateKubeconfig(Config{})
suite.Contains(contents, "token: eWVhaCB3ZSB0b2tpbic")
}
func (suite *KubeconfigTestSuite) TestSetsCertificate() {
suite.initKube.Certificate = "d293LCB5b3UgYXJlIHNvIGNvb2wgZm9yIHNtb2tpbmcgd2VlZCDwn5mE"
contents := suite.generateKubeconfig(Config{})
suite.Contains(contents, "certificate-authority-data: d293LCB5b3UgYXJlIHNvIGNvb2wgZm9yIHNtb2tpbmcgd2VlZCDwn5mE")
}
func (suite *KubeconfigTestSuite) TestSetsSkipTLSVerify() {
suite.initKube.SkipTLSVerify = true
contents := suite.generateKubeconfig(Config{})
suite.Contains(contents, "insecure-skip-tls-verify: true")
}
func (suite *KubeconfigTestSuite) TestSetsEKSCluster() {
suite.initKube.Token = ""
suite.initKube.EKSCluster = "it-is-an-eks-parrot"
contents := suite.generateKubeconfig(Config{})
suite.Contains(contents, "command: aws-iam-authenticator")
suite.Contains(contents, `- "it-is-an-eks-parrot"`)
}
func (suite *KubeconfigTestSuite) TestSetsEKSRoleARN() {
suite.initKube.Token = ""
suite.initKube.EKSCluster = "it-is-an-eks-parrot"
suite.initKube.EKSRoleARN = "arn:aws:iam::19691207:role/mrPraline"
contents := suite.generateKubeconfig(Config{})
suite.Contains(contents, `- "-r"`)
suite.Contains(contents, `- "arn:aws:iam::19691207:role/mrPraline"`)
}
func (suite *KubeconfigTestSuite) generateKubeconfig(cfg Config) string {
suite.Require().NoError(suite.initKube.Prepare(cfg))
suite.Require().NoError(suite.initKube.Execute(cfg))
contents, err := ioutil.ReadFile(suite.configFile.Name())
suite.Require().NoError(err)
conf := map[string]interface{}{}
suite.NoError(yaml.UnmarshalStrict(contents, &conf))
return string(contents)
}

61
internal/run/lint.go
View File

@@ -2,67 +2,54 @@ package run
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
)
// Lint is an execution step that calls `helm lint` when executed.
type Lint struct {
*config
chart string
values string
stringValues string
valuesFiles []string
strict bool
cmd cmd
}
// NewLint creates a Lint using fields from the given Config. No validation is performed at this time.
func NewLint(cfg env.Config) *Lint {
return &Lint{
config: newConfig(cfg),
chart: cfg.Chart,
values: cfg.Values,
stringValues: cfg.StringValues,
valuesFiles: cfg.ValuesFiles,
strict: cfg.LintStrictly,
}
Chart string
cmd cmd
}
// Execute executes the `helm lint` command.
func (l *Lint) Execute() error {
func (l *Lint) Execute(_ Config) error {
return l.cmd.Run()
}
// Prepare gets the Lint ready to execute.
func (l *Lint) Prepare() error {
if l.chart == "" {
func (l *Lint) Prepare(cfg Config) error {
if l.Chart == "" {
return fmt.Errorf("chart is required")
}
args := l.globalFlags()
args := make([]string, 0)
if cfg.Namespace != "" {
args = append(args, "--namespace", cfg.Namespace)
}
if cfg.Debug {
args = append(args, "--debug")
}
args = append(args, "lint")
if l.values != "" {
args = append(args, "--set", l.values)
if cfg.Values != "" {
args = append(args, "--set", cfg.Values)
}
if l.stringValues != "" {
args = append(args, "--set-string", l.stringValues)
if cfg.StringValues != "" {
args = append(args, "--set-string", cfg.StringValues)
}
for _, vFile := range l.valuesFiles {
for _, vFile := range cfg.ValuesFiles {
args = append(args, "--values", vFile)
}
if l.strict {
args = append(args, "--strict")
}
args = append(args, l.chart)
args = append(args, l.Chart)
l.cmd = command(helmBin, args...)
l.cmd.Stdout(l.stdout)
l.cmd.Stderr(l.stderr)
l.cmd.Stdout(cfg.Stdout)
l.cmd.Stderr(cfg.Stderr)
if l.debug {
fmt.Fprintf(l.stderr, "Generated command: '%s'\n", l.cmd.String())
if cfg.Debug {
fmt.Fprintf(cfg.Stderr, "Generated command: '%s'\n", l.cmd.String())
}
return nil

110
internal/run/lint_test.go
View File

@@ -1,8 +1,8 @@
package run
import (
"fmt"
"github.com/golang/mock/gomock"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/suite"
"strings"
"testing"
@@ -31,36 +31,19 @@ func TestLintTestSuite(t *testing.T) {
suite.Run(t, new(LintTestSuite))
}
func (suite *LintTestSuite) TestNewLint() {
cfg := env.Config{
Chart: "./flow",
Values: "steadfastness,forthrightness",
StringValues: "tensile_strength,flexibility",
ValuesFiles: []string{"/root/price_inventory.yml"},
LintStrictly: true,
}
lint := NewLint(cfg)
suite.Require().NotNil(lint)
suite.Equal("./flow", lint.chart)
suite.Equal("steadfastness,forthrightness", lint.values)
suite.Equal("tensile_strength,flexibility", lint.stringValues)
suite.Equal([]string{"/root/price_inventory.yml"}, lint.valuesFiles)
suite.Equal(true, lint.strict)
suite.NotNil(lint.config)
}
func (suite *LintTestSuite) TestPrepareAndExecute() {
defer suite.ctrl.Finish()
stdout := strings.Builder{}
stderr := strings.Builder{}
cfg := env.Config{
Chart: "./epic/mychart",
l := Lint{
Chart: "./epic/mychart",
}
cfg := Config{
Stdout: &stdout,
Stderr: &stderr,
}
l := NewLint(cfg)
command = func(path string, args ...string) cmd {
suite.Equal(helmBin, path)
@@ -69,7 +52,6 @@ func (suite *LintTestSuite) TestPrepareAndExecute() {
return suite.mockCmd
}
suite.mockCmd.EXPECT().String().AnyTimes()
suite.mockCmd.EXPECT().
Stdout(&stdout)
suite.mockCmd.EXPECT().
@@ -78,9 +60,9 @@ func (suite *LintTestSuite) TestPrepareAndExecute() {
Run().
Times(1)
err := l.Prepare()
err := l.Prepare(cfg)
suite.Require().Nil(err)
l.Execute()
l.Execute(cfg)
}
func (suite *LintTestSuite) TestPrepareRequiresChart() {
@@ -88,22 +70,25 @@ func (suite *LintTestSuite) TestPrepareRequiresChart() {
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
l := NewLint(env.Config{})
err := l.Prepare()
cfg := Config{}
l := Lint{}
err := l.Prepare(cfg)
suite.EqualError(err, "chart is required", "Chart should be mandatory")
}
func (suite *LintTestSuite) TestPrepareWithLintFlags() {
defer suite.ctrl.Finish()
cfg := env.Config{
Chart: "./uk/top_40",
cfg := Config{
Values: "width=5",
StringValues: "version=2.0",
ValuesFiles: []string{"/usr/local/underrides", "/usr/local/overrides"},
LintStrictly: true,
}
l := NewLint(cfg)
l := Lint{
Chart: "./uk/top_40",
}
command = func(path string, args ...string) cmd {
suite.Equal(helmBin, path)
@@ -112,7 +97,6 @@ func (suite *LintTestSuite) TestPrepareWithLintFlags() {
"--set-string", "version=2.0",
"--values", "/usr/local/underrides",
"--values", "/usr/local/overrides",
"--strict",
"./uk/top_40"}, args)
return suite.mockCmd
@@ -120,8 +104,66 @@ func (suite *LintTestSuite) TestPrepareWithLintFlags() {
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().String().AnyTimes()
err := l.Prepare()
err := l.Prepare(cfg)
suite.Require().Nil(err)
}
func (suite *LintTestSuite) TestPrepareWithDebugFlag() {
defer suite.ctrl.Finish()
stderr := strings.Builder{}
cfg := Config{
Debug: true,
Stderr: &stderr,
}
l := Lint{
Chart: "./scotland/top_40",
}
command = func(path string, args ...string) cmd {
suite.mockCmd.EXPECT().
String().
Return(fmt.Sprintf("%s %s", path, strings.Join(args, " ")))
return suite.mockCmd
}
suite.mockCmd.EXPECT().Stdout(gomock.Any())
suite.mockCmd.EXPECT().Stderr(&stderr)
err := l.Prepare(cfg)
suite.Require().Nil(err)
want := fmt.Sprintf("Generated command: '%s --debug lint ./scotland/top_40'\n", helmBin)
suite.Equal(want, stderr.String())
}
func (suite *LintTestSuite) TestPrepareWithNamespaceFlag() {
defer suite.ctrl.Finish()
cfg := Config{
Namespace: "table-service",
}
l := Lint{
Chart: "./wales/top_40",
}
actual := []string{}
command = func(path string, args ...string) cmd {
actual = args
return suite.mockCmd
}
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
err := l.Prepare(cfg)
suite.Require().Nil(err)
expected := []string{"--namespace", "table-service", "lint", "./wales/top_40"}
suite.Equal(expected, actual)
}

77
internal/run/repocerts.go
View File

@@ -1,77 +0,0 @@
package run
import (
"encoding/base64"
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
"io/ioutil"
)
type repoCerts struct {
*config
cert string
certFilename string
caCert string
caCertFilename string
}
func newRepoCerts(cfg env.Config) *repoCerts {
return &repoCerts{
config: newConfig(cfg),
cert: cfg.RepoCertificate,
caCert: cfg.RepoCACertificate,
}
}
func (rc *repoCerts) write() error {
if rc.cert != "" {
file, err := ioutil.TempFile("", "repo********.cert")
defer file.Close()
if err != nil {
return fmt.Errorf("failed to create certificate file: %w", err)
}
rc.certFilename = file.Name()
rawCert, err := base64.StdEncoding.DecodeString(rc.cert)
if err != nil {
return fmt.Errorf("failed to base64-decode certificate string: %w", err)
}
if rc.debug {
fmt.Fprintf(rc.stderr, "writing repo certificate to %s\n", rc.certFilename)
}
if _, err := file.Write(rawCert); err != nil {
return fmt.Errorf("failed to write certificate file: %w", err)
}
}
if rc.caCert != "" {
file, err := ioutil.TempFile("", "repo********.ca.cert")
defer file.Close()
if err != nil {
return fmt.Errorf("failed to create CA certificate file: %w", err)
}
rc.caCertFilename = file.Name()
rawCert, err := base64.StdEncoding.DecodeString(rc.caCert)
if err != nil {
return fmt.Errorf("failed to base64-decode CA certificate string: %w", err)
}
if rc.debug {
fmt.Fprintf(rc.stderr, "writing repo ca certificate to %s\n", rc.caCertFilename)
}
if _, err := file.Write(rawCert); err != nil {
return fmt.Errorf("failed to write CA certificate file: %w", err)
}
}
return nil
}
func (rc *repoCerts) flags() []string {
flags := make([]string, 0)
if rc.certFilename != "" {
flags = append(flags, "--cert-file", rc.certFilename)
}
if rc.caCertFilename != "" {
flags = append(flags, "--ca-file", rc.caCertFilename)
}
return flags
}

80
internal/run/repocerts_test.go
View File

@@ -1,80 +0,0 @@
package run
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/suite"
"io/ioutil"
"os"
"strings"
"testing"
)
type RepoCertsTestSuite struct {
suite.Suite
}
func TestRepoCertsTestSuite(t *testing.T) {
suite.Run(t, new(RepoCertsTestSuite))
}
func (suite *RepoCertsTestSuite) TestNewRepoCerts() {
cfg := env.Config{
RepoCertificate: "bGljZW5zZWQgYnkgdGhlIFN0YXRlIG9mIE9yZWdvbiB0byBwZXJmb3JtIHJlcG9zc2Vzc2lvbnM=",
RepoCACertificate: "T3JlZ29uIFN0YXRlIExpY2Vuc3VyZSBib2FyZA==",
}
rc := newRepoCerts(cfg)
suite.Require().NotNil(rc)
suite.Equal("bGljZW5zZWQgYnkgdGhlIFN0YXRlIG9mIE9yZWdvbiB0byBwZXJmb3JtIHJlcG9zc2Vzc2lvbnM=", rc.cert)
suite.Equal("T3JlZ29uIFN0YXRlIExpY2Vuc3VyZSBib2FyZA==", rc.caCert)
}
func (suite *RepoCertsTestSuite) TestWrite() {
cfg := env.Config{
RepoCertificate: "bGljZW5zZWQgYnkgdGhlIFN0YXRlIG9mIE9yZWdvbiB0byBwZXJmb3JtIHJlcG9zc2Vzc2lvbnM=",
RepoCACertificate: "T3JlZ29uIFN0YXRlIExpY2Vuc3VyZSBib2FyZA==",
}
rc := newRepoCerts(cfg)
suite.Require().NotNil(rc)
suite.NoError(rc.write())
defer os.Remove(rc.certFilename)
defer os.Remove(rc.caCertFilename)
suite.NotEqual("", rc.certFilename)
suite.NotEqual("", rc.caCertFilename)
cert, err := ioutil.ReadFile(rc.certFilename)
suite.Require().NoError(err)
caCert, err := ioutil.ReadFile(rc.caCertFilename)
suite.Require().NoError(err)
suite.Equal("licensed by the State of Oregon to perform repossessions", string(cert))
suite.Equal("Oregon State Licensure board", string(caCert))
}
func (suite *RepoCertsTestSuite) TestFlags() {
rc := newRepoCerts(env.Config{})
suite.Equal([]string{}, rc.flags())
rc.certFilename = "hurgityburgity"
suite.Equal([]string{"--cert-file", "hurgityburgity"}, rc.flags())
rc.caCertFilename = "honglydongly"
suite.Equal([]string{"--cert-file", "hurgityburgity", "--ca-file", "honglydongly"}, rc.flags())
}
func (suite *RepoCertsTestSuite) TestDebug() {
stderr := strings.Builder{}
cfg := env.Config{
RepoCertificate: "bGljZW5zZWQgYnkgdGhlIFN0YXRlIG9mIE9yZWdvbiB0byBwZXJmb3JtIHJlcG9zc2Vzc2lvbnM=",
RepoCACertificate: "T3JlZ29uIFN0YXRlIExpY2Vuc3VyZSBib2FyZA==",
Stderr: &stderr,
Debug: true,
}
rc := newRepoCerts(cfg)
suite.Require().NotNil(rc)
suite.NoError(rc.write())
defer os.Remove(rc.certFilename)
defer os.Remove(rc.caCertFilename)
suite.Contains(stderr.String(), fmt.Sprintf("writing repo certificate to %s", rc.certFilename))
suite.Contains(stderr.String(), fmt.Sprintf("writing repo ca certificate to %s", rc.caCertFilename))
}

50
internal/run/uninstall.go
View File

@@ -2,57 +2,49 @@ package run
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
)
// Uninstall is an execution step that calls `helm uninstall` when executed.
type Uninstall struct {
*config
release string
dryRun bool
keepHistory bool
cmd cmd
}
// NewUninstall creates an Uninstall using fields from the given Config. No validation is performed at this time.
func NewUninstall(cfg env.Config) *Uninstall {
return &Uninstall{
config: newConfig(cfg),
release: cfg.Release,
dryRun: cfg.DryRun,
keepHistory: cfg.KeepHistory,
}
Release string
DryRun bool
cmd cmd
}
// Execute executes the `helm uninstall` command.
func (u *Uninstall) Execute() error {
func (u *Uninstall) Execute(_ Config) error {
return u.cmd.Run()
}
// Prepare gets the Uninstall ready to execute.
func (u *Uninstall) Prepare() error {
if u.release == "" {
func (u *Uninstall) Prepare(cfg Config) error {
if u.Release == "" {
return fmt.Errorf("release is required")
}
args := u.globalFlags()
args := make([]string, 0)
if cfg.Namespace != "" {
args = append(args, "--namespace", cfg.Namespace)
}
if cfg.Debug {
args = append(args, "--debug")
}
args = append(args, "uninstall")
if u.dryRun {
if u.DryRun {
args = append(args, "--dry-run")
}
if u.keepHistory {
args = append(args, "--keep-history")
}
args = append(args, u.release)
args = append(args, u.Release)
u.cmd = command(helmBin, args...)
u.cmd.Stdout(u.stdout)
u.cmd.Stderr(u.stderr)
u.cmd.Stdout(cfg.Stdout)
u.cmd.Stderr(cfg.Stderr)
if u.debug {
fmt.Fprintf(u.stderr, "Generated command: '%s'\n", u.cmd.String())
if cfg.Debug {
fmt.Fprintf(cfg.Stderr, "Generated command: '%s'\n", u.cmd.String())
}
return nil

75
internal/run/uninstall_test.go
View File

@@ -1,9 +1,10 @@
package run
import (
"fmt"
"github.com/golang/mock/gomock"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/suite"
"strings"
"testing"
)
@@ -34,26 +35,12 @@ func TestUninstallTestSuite(t *testing.T) {
suite.Run(t, new(UninstallTestSuite))
}
func (suite *UninstallTestSuite) TestNewUninstall() {
cfg := env.Config{
DryRun: true,
Release: "jetta_id_love_to_change_the_world",
KeepHistory: true,
}
u := NewUninstall(cfg)
suite.Equal("jetta_id_love_to_change_the_world", u.release)
suite.Equal(true, u.dryRun)
suite.Equal(true, u.keepHistory)
suite.NotNil(u.config)
}
func (suite *UninstallTestSuite) TestPrepareAndExecute() {
defer suite.ctrl.Finish()
cfg := env.Config{
u := Uninstall{
Release: "zayde_wølf_king",
}
u := NewUninstall(cfg)
actual := []string{}
command = func(path string, args ...string) cmd {
@@ -71,49 +58,77 @@ func (suite *UninstallTestSuite) TestPrepareAndExecute() {
Run().
Times(1)
suite.NoError(u.Prepare())
cfg := Config{}
suite.NoError(u.Prepare(cfg))
expected := []string{"uninstall", "zayde_wølf_king"}
suite.Equal(expected, actual)
u.Execute()
u.Execute(cfg)
}
func (suite *UninstallTestSuite) TestPrepareDryRunFlag() {
cfg := env.Config{
u := Uninstall{
Release: "firefox_ak_wildfire",
DryRun: true,
}
u := NewUninstall(cfg)
cfg := Config{}
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
suite.NoError(u.Prepare())
suite.NoError(u.Prepare(cfg))
expected := []string{"uninstall", "--dry-run", "firefox_ak_wildfire"}
suite.Equal(expected, suite.actualArgs)
}
func (suite *UninstallTestSuite) TestPrepareKeepHistoryFlag() {
cfg := env.Config{
Release: "perturbator_sentient",
KeepHistory: true,
func (suite *UninstallTestSuite) TestPrepareNamespaceFlag() {
u := Uninstall{
Release: "carly_simon_run_away_with_me",
}
cfg := Config{
Namespace: "emotion",
}
u := NewUninstall(cfg)
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
suite.NoError(u.Prepare())
expected := []string{"uninstall", "--keep-history", "perturbator_sentient"}
suite.NoError(u.Prepare(cfg))
expected := []string{"--namespace", "emotion", "uninstall", "carly_simon_run_away_with_me"}
suite.Equal(expected, suite.actualArgs)
}
func (suite *UninstallTestSuite) TestPrepareDebugFlag() {
u := Uninstall{
Release: "just_a_band_huff_and_puff",
}
stderr := strings.Builder{}
cfg := Config{
Debug: true,
Stderr: &stderr,
}
command = func(path string, args ...string) cmd {
suite.mockCmd.EXPECT().
String().
Return(fmt.Sprintf("%s %s", path, strings.Join(args, " ")))
return suite.mockCmd
}
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(&stderr).AnyTimes()
suite.NoError(u.Prepare(cfg))
suite.Equal(fmt.Sprintf("Generated command: '%s --debug "+
"uninstall just_a_band_huff_and_puff'\n", helmBin), stderr.String())
}
func (suite *UninstallTestSuite) TestPrepareRequiresRelease() {
// These aren't really expected, but allowing them gives clearer test-failure messages
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
u := NewUninstall(env.Config{})
err := u.Prepare()
u := Uninstall{}
err := u.Prepare(Config{})
suite.EqualError(err, "release is required", "Uninstall.Release should be mandatory")
}

106
internal/run/upgrade.go
View File

@@ -2,111 +2,83 @@ package run
import (
"fmt"
"github.com/pelotech/drone-helm3/internal/env"
)
// Upgrade is an execution step that calls `helm upgrade` when executed.
type Upgrade struct {
*config
chart string
release string
Chart string
Release string
chartVersion string
dryRun bool
wait bool
values string
stringValues string
valuesFiles []string
reuseValues bool
timeout string
force bool
atomic bool
cleanupOnFail bool
certs *repoCerts
ChartVersion string
DryRun bool
Wait bool
ReuseValues bool
Timeout string
Force bool
cmd cmd
}
// NewUpgrade creates an Upgrade using fields from the given Config. No validation is performed at this time.
func NewUpgrade(cfg env.Config) *Upgrade {
return &Upgrade{
config: newConfig(cfg),
chart: cfg.Chart,
release: cfg.Release,
chartVersion: cfg.ChartVersion,
dryRun: cfg.DryRun,
wait: cfg.Wait,
values: cfg.Values,
stringValues: cfg.StringValues,
valuesFiles: cfg.ValuesFiles,
reuseValues: cfg.ReuseValues,
timeout: cfg.Timeout,
force: cfg.Force,
atomic: cfg.AtomicUpgrade,
cleanupOnFail: cfg.CleanupOnFail,
certs: newRepoCerts(cfg),
}
}
// Execute executes the `helm upgrade` command.
func (u *Upgrade) Execute() error {
func (u *Upgrade) Execute(_ Config) error {
return u.cmd.Run()
}
// Prepare gets the Upgrade ready to execute.
func (u *Upgrade) Prepare() error {
if u.chart == "" {
func (u *Upgrade) Prepare(cfg Config) error {
if u.Chart == "" {
return fmt.Errorf("chart is required")
}
if u.release == "" {
if u.Release == "" {
return fmt.Errorf("release is required")
}
args := u.globalFlags()
args := make([]string, 0)
if cfg.Namespace != "" {
args = append(args, "--namespace", cfg.Namespace)
}
if cfg.Debug {
args = append(args, "--debug")
}
args = append(args, "upgrade", "--install")
if u.chartVersion != "" {
args = append(args, "--version", u.chartVersion)
if u.ChartVersion != "" {
args = append(args, "--version", u.ChartVersion)
}
if u.dryRun {
if u.DryRun {
args = append(args, "--dry-run")
}
if u.wait {
if u.Wait {
args = append(args, "--wait")
}
if u.reuseValues {
if u.ReuseValues {
args = append(args, "--reuse-values")
}
if u.timeout != "" {
args = append(args, "--timeout", u.timeout)
if u.Timeout != "" {
args = append(args, "--timeout", u.Timeout)
}
if u.force {
if u.Force {
args = append(args, "--force")
}
if u.atomic {
args = append(args, "--atomic")
if cfg.Values != "" {
args = append(args, "--set", cfg.Values)
}
if u.cleanupOnFail {
args = append(args, "--cleanup-on-fail")
if cfg.StringValues != "" {
args = append(args, "--set-string", cfg.StringValues)
}
if u.values != "" {
args = append(args, "--set", u.values)
}
if u.stringValues != "" {
args = append(args, "--set-string", u.stringValues)
}
for _, vFile := range u.valuesFiles {
for _, vFile := range cfg.ValuesFiles {
args = append(args, "--values", vFile)
}
args = append(args, u.certs.flags()...)
args = append(args, u.release, u.chart)
args = append(args, u.Release, u.Chart)
u.cmd = command(helmBin, args...)
u.cmd.Stdout(u.stdout)
u.cmd.Stderr(u.stderr)
u.cmd.Stdout(cfg.Stdout)
u.cmd.Stderr(cfg.Stderr)
if u.debug {
fmt.Fprintf(u.stderr, "Generated command: '%s'\n", u.cmd.String())
if cfg.Debug {
fmt.Fprintf(cfg.Stderr, "Generated command: '%s'\n", u.cmd.String())
}
return nil

126
internal/run/upgrade_test.go
View File

@@ -3,7 +3,6 @@ package run
import (
"fmt"
"github.com/golang/mock/gomock"
"github.com/pelotech/drone-helm3/internal/env"
"github.com/stretchr/testify/suite"
"strings"
"testing"
@@ -32,49 +31,13 @@ func TestUpgradeTestSuite(t *testing.T) {
suite.Run(t, new(UpgradeTestSuite))
}
func (suite *UpgradeTestSuite) TestNewUpgrade() {
cfg := env.Config{
ChartVersion: "seventeen",
DryRun: true,
Wait: true,
Values: "steadfastness,forthrightness",
StringValues: "tensile_strength,flexibility",
ValuesFiles: []string{"/root/price_inventory.yml"},
ReuseValues: true,
Timeout: "go sit in the corner",
Chart: "billboard_top_100",
Release: "post_malone_circles",
Force: true,
AtomicUpgrade: true,
CleanupOnFail: true,
}
up := NewUpgrade(cfg)
suite.Equal(cfg.Chart, up.chart)
suite.Equal(cfg.Release, up.release)
suite.Equal(cfg.ChartVersion, up.chartVersion)
suite.Equal(true, up.dryRun)
suite.Equal(cfg.Wait, up.wait)
suite.Equal("steadfastness,forthrightness", up.values)
suite.Equal("tensile_strength,flexibility", up.stringValues)
suite.Equal([]string{"/root/price_inventory.yml"}, up.valuesFiles)
suite.Equal(cfg.ReuseValues, up.reuseValues)
suite.Equal(cfg.Timeout, up.timeout)
suite.Equal(cfg.Force, up.force)
suite.Equal(true, up.atomic)
suite.Equal(true, up.cleanupOnFail)
suite.NotNil(up.config)
suite.NotNil(up.certs)
}
func (suite *UpgradeTestSuite) TestPrepareAndExecute() {
defer suite.ctrl.Finish()
cfg := env.Config{
u := Upgrade{
Chart: "at40",
Release: "jonas_brothers_only_human",
}
u := NewUpgrade(cfg)
command = func(path string, args ...string) cmd {
suite.Equal(helmBin, path)
@@ -91,20 +54,19 @@ func (suite *UpgradeTestSuite) TestPrepareAndExecute() {
Run().
Times(1)
err := u.Prepare()
cfg := Config{}
err := u.Prepare(cfg)
suite.Require().Nil(err)
u.Execute()
u.Execute(cfg)
}
func (suite *UpgradeTestSuite) TestPrepareNamespaceFlag() {
defer suite.ctrl.Finish()
cfg := env.Config{
Namespace: "melt",
Chart: "at40",
Release: "shaed_trampoline",
u := Upgrade{
Chart: "at40",
Release: "shaed_trampoline",
}
u := NewUpgrade(cfg)
command = func(path string, args ...string) cmd {
suite.Equal(helmBin, path)
@@ -116,31 +78,32 @@ func (suite *UpgradeTestSuite) TestPrepareNamespaceFlag() {
suite.mockCmd.EXPECT().Stdout(gomock.Any())
suite.mockCmd.EXPECT().Stderr(gomock.Any())
err := u.Prepare()
cfg := Config{
Namespace: "melt",
}
err := u.Prepare(cfg)
suite.Require().Nil(err)
}
func (suite *UpgradeTestSuite) TestPrepareWithUpgradeFlags() {
defer suite.ctrl.Finish()
cfg := env.Config{
Chart: "hot_ac",
Release: "maroon_5_memories",
ChartVersion: "radio_edit",
DryRun: true,
Wait: true,
Values: "age=35",
StringValues: "height=5ft10in",
ValuesFiles: []string{"/usr/local/stats", "/usr/local/grades"},
ReuseValues: true,
Timeout: "sit_in_the_corner",
Force: true,
AtomicUpgrade: true,
CleanupOnFail: true,
u := Upgrade{
Chart: "hot_ac",
Release: "maroon_5_memories",
ChartVersion: "radio_edit", //-version
DryRun: true, //-run
Wait: true, //-wait
ReuseValues: true, //-values
Timeout: "sit_in_the_corner", //-timeout
Force: true, //-force
}
cfg := Config{
Values: "age=35",
StringValues: "height=5ft10in",
ValuesFiles: []string{"/usr/local/stats", "/usr/local/grades"},
}
u := NewUpgrade(cfg)
// inject a ca cert filename so repoCerts won't create any files that we'd have to clean up
u.certs.caCertFilename = "local_ca.cert"
command = func(path string, args ...string) cmd {
suite.Equal(helmBin, path)
@@ -151,13 +114,10 @@ func (suite *UpgradeTestSuite) TestPrepareWithUpgradeFlags() {
"--reuse-values",
"--timeout", "sit_in_the_corner",
"--force",
"--atomic",
"--cleanup-on-fail",
"--set", "age=35",
"--set-string", "height=5ft10in",
"--values", "/usr/local/stats",
"--values", "/usr/local/grades",
"--ca-file", "local_ca.cert",
"maroon_5_memories", "hot_ac"}, args)
return suite.mockCmd
@@ -166,7 +126,7 @@ func (suite *UpgradeTestSuite) TestPrepareWithUpgradeFlags() {
suite.mockCmd.EXPECT().Stdout(gomock.Any())
suite.mockCmd.EXPECT().Stderr(gomock.Any())
err := u.Prepare()
err := u.Prepare(cfg)
suite.Require().Nil(err)
}
@@ -175,30 +135,34 @@ func (suite *UpgradeTestSuite) TestRequiresChartAndRelease() {
suite.mockCmd.EXPECT().Stdout(gomock.Any()).AnyTimes()
suite.mockCmd.EXPECT().Stderr(gomock.Any()).AnyTimes()
u := NewUpgrade(env.Config{})
u.release = "seth_everman_unskippable_cutscene"
u := Upgrade{
Release: "seth_everman_unskippable_cutscene",
}
err := u.Prepare()
err := u.Prepare(Config{})
suite.EqualError(err, "chart is required", "Chart should be mandatory")
u.release = ""
u.chart = "billboard_top_zero"
u = Upgrade{
Chart: "billboard_top_zero",
}
err = u.Prepare()
err = u.Prepare(Config{})
suite.EqualError(err, "release is required", "Release should be mandatory")
}
func (suite *UpgradeTestSuite) TestPrepareDebugFlag() {
stdout := strings.Builder{}
stderr := strings.Builder{}
cfg := env.Config{
u := Upgrade{
Chart: "at40",
Release: "lewis_capaldi_someone_you_loved",
Debug: true,
Stdout: &stdout,
Stderr: &stderr,
}
u := NewUpgrade(cfg)
stdout := strings.Builder{}
stderr := strings.Builder{}
cfg := Config{
Debug: true,
Stdout: &stdout,
Stderr: &stderr,
}
command = func(path string, args ...string) cmd {
suite.mockCmd.EXPECT().
@@ -213,7 +177,7 @@ func (suite *UpgradeTestSuite) TestPrepareDebugFlag() {
suite.mockCmd.EXPECT().
Stderr(&stderr)
u.Prepare()
u.Prepare(cfg)
want := fmt.Sprintf("Generated command: '%s --debug upgrade "+
"--install lewis_capaldi_someone_you_loved at40'\n", helmBin)