Modifying tests to not incidentally send an encoded file

hashicorp · Mar 29, 2022 · 634164a · ishustava · Mar 29, 2022 · jmurret
1 parent ab5c549
commit 634164a
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 18 deletions.
diff --git a/acceptance/framework/vault/helpers.go b/acceptance/framework/vault/helpers.go
@@ -122,8 +122,9 @@ func ConfigureEnterpriseLicenseVaultSecret(t *testing.T, vaultClient *vapi.Clien
 }
 
 // ConfigureSnapshotAgentSecret stores it in Vault as a secret and configures a policy to access it.
-func ConfigureSnapshotAgentSecret(t *testing.T, vaultClient *vapi.Client, cfg *config.TestConfig, config []byte) {
-	logger.Log(t, "Creating the Snapshot Agent Config secret")
+func ConfigureSnapshotAgentSecret(t *testing.T, vaultClient *vapi.Client, cfg *config.TestConfig, config string) {
+	logger.Log(t, "Creating the Snapshot Agent Config secret in Vault")
+	logger.Logf(t, "Snapshot Agent config: %s", config)
 	params := map[string]interface{}{
 		"data": map[string]interface{}{
 			"config": config,

diff --git a/acceptance/tests/snapshot-agent/snapshot_agent_k8s_secret_test.go b/acceptance/tests/snapshot-agent/snapshot_agent_k8s_secret_test.go
@@ -63,8 +63,7 @@ func TestSnapshotAgent_K8sSecret(t *testing.T) {
 
 	// Add snapshot agent config secret
 	logger.Log(t, "Storing snapshot agent config as a k8s secret")
-	configBytes := generateSnapshotAgentConfig(t, bootstrapToken)
-	config := string(configBytes)
+	config := generateSnapshotAgentConfig(t, bootstrapToken)
 	logger.Logf(t, "Snapshot agent config: %s", config)
 	consul.CreateK8sSecret(t, client, cfg, ns, saSecretName, saSecretKey, config)
 
@@ -98,7 +97,7 @@ func TestSnapshotAgent_K8sSecret(t *testing.T) {
 	require.True(t, hasSnapshots, ".snap")
 }
 
-func generateSnapshotAgentConfig(t *testing.T, token string) []byte {
+func generateSnapshotAgentConfig(t *testing.T, token string) string {
 	config := map[string]interface{}{
 		"snapshot_agent": map[string]interface{}{
 			"token": token,
@@ -127,5 +126,5 @@ func generateSnapshotAgentConfig(t *testing.T, token string) []byte {
 	require.NoError(t, err)
 	jsonConfig, err := json.Marshal(&config)
 	require.NoError(t, err)
-	return jsonConfig
+	return string(jsonConfig)
 }
diff --git a/acceptance/tests/snapshot-agent/snapshot_agent_vault_test.go b/acceptance/tests/snapshot-agent/snapshot_agent_vault_test.go
@@ -39,15 +39,15 @@ func TestSnapshotAgent_Vault(t *testing.T) {
 	// Now fetch the Vault client so we can create the policies and secrets.
 	vaultClient := vaultCluster.VaultClient(t)
 
-
 	vault.CreateConnectCAPolicy(t, vaultClient, "dc1")
 	if cfg.EnableEnterprise {
 		vault.ConfigureEnterpriseLicenseVaultSecret(t, vaultClient, cfg)
 	}
 
 	bootstrapToken := vault.ConfigureACLTokenVaultSecret(t, vaultClient, "bootstrap")
 
-	vault.ConfigureSnapshotAgentSecret(t, vaultClient, cfg, generateSnapshotAgentConfig(t, bootstrapToken))
+	config := generateSnapshotAgentConfig(t, bootstrapToken)
+	vault.ConfigureSnapshotAgentSecret(t, vaultClient, cfg, config)
 
 	serverPolicies := "gossip,connect-ca-dc1,server-cert-dc1,bootstrap-token"
 	if cfg.EnableEnterprise {
@@ -133,5 +133,5 @@ func TestSnapshotAgent_Vault(t *testing.T) {
 			logger.Logf(t, "Agent pod does not contain snapshot files")
 		}
 	}
-	require.True(t, hasSnapshots, ".snap")
+	require.True(t, hasSnapshots)
 }
diff --git a/charts/consul/templates/_helpers.tpl b/charts/consul/templates/_helpers.tpl
@@ -22,13 +22,6 @@ as well as the global.name setting.
             {{ "{{" }}- end -{{ "}}" }}
 {{- end -}}
 
-{{- define "consul.vaultDecodedSecretTemplate" -}}
- |
-            {{ "{{" }}- with secret "{{ .secretName }}" -{{ "}}" }}
-            {{ "{{" }}- {{ printf "base64Decode .Data.data.%s" .secretKey }} -{{ "}}" }}
-            {{ "{{" }}- end -{{ "}}" }}
-{{- end -}}
-
 {{- define "consul.serverTLSCATemplate" -}}
  |
             {{ "{{" }}- with secret "{{ .Values.global.tls.caCert.secretName }}" -{{ "}}" }}

diff --git a/charts/consul/templates/client-snapshot-agent-deployment.yaml b/charts/consul/templates/client-snapshot-agent-deployment.yaml
@@ -53,7 +53,7 @@ spec:
         {{- if .Values.client.snapshotAgent.configSecret.secretName }}
         {{- with .Values.client.snapshotAgent.configSecret }}
         "vault.hashicorp.com/agent-inject-secret-snapshot-agent-config.json": "{{ .secretName }}"
-        "vault.hashicorp.com/agent-inject-template-snapshot-agent-config.json": {{ template "consul.vaultDecodedSecretTemplate" . }}
+        "vault.hashicorp.com/agent-inject-template-snapshot-agent-config.json": {{ template "consul.vaultSecretTemplate" . }}
         {{- end }} 
         {{- end }}
         {{- if .Values.client.snapshotAgent.configSecret.secretName }}

diff --git a/charts/consul/test/unit/client-snapshot-agent-deployment.bats b/charts/consul/test/unit/client-snapshot-agent-deployment.bats
@@ -843,7 +843,7 @@ MIICFjCCAZsCCQCdwLtdjbzlYzAKBggqhkjOPQQDAjB0MQswCQYDVQQGEwJDQTEL' \
 
   actual=$(echo $object |
       yq -r '.annotations["vault.hashicorp.com/agent-inject-template-snapshot-agent-config.json"]' | tee /dev/stderr)
-  local expected=$'{{- with secret \"path/to/secret\" -}}\n{{- base64Decode .Data.data.config -}}\n{{- end -}}'
+  local expected=$'{{- with secret \"path/to/secret\" -}}\n{{- .Data.data.config -}}\n{{- end -}}'
   [ "${actual}" = "${expected}" ]
 
   actual=$(echo $object | jq -r '.annotations["vault.hashicorp.com/role"]' | tee /dev/stderr)