From a903dc5b4eecb4cd21049a08129ddd6c00051a6e Mon Sep 17 00:00:00 2001
From: Robert Vojcik <robert@vojcik.net>
Date: Tue, 9 Nov 2021 16:54:03 +0100
Subject: [PATCH] Some minority fixes in test environment, new test and wrong
 placement of debug message

---
 dev/docker-compose.yaml                  | 11 ++++++++
 dev/run-tests.sh                         | 12 +++++++++
 scripts/vault-certificate-deploy         |  2 +-
 tests/01-prepare-secrets.sh              |  5 ++++
 tests/{12-fail.sh => 12-deploy3-fail.sh} |  0
 tests/13-deploy4-noexist.sh              | 33 ++++++++++++++++++++++++
 6 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 dev/docker-compose.yaml
 create mode 100755 dev/run-tests.sh
 rename tests/{12-fail.sh => 12-deploy3-fail.sh} (100%)
 create mode 100755 tests/13-deploy4-noexist.sh

diff --git a/dev/docker-compose.yaml b/dev/docker-compose.yaml
new file mode 100644
index 0000000..bce8e14
--- /dev/null
+++ b/dev/docker-compose.yaml
@@ -0,0 +1,11 @@
+version: '3.3'
+  
+services:
+  test:
+    image: 'python:3.9'
+    volumes:
+      - ../:/workdir
+      - ./:/develop
+    command:
+    - /develop/run-tests.sh
+    - /workdir
diff --git a/dev/run-tests.sh b/dev/run-tests.sh
new file mode 100755
index 0000000..214ffc4
--- /dev/null
+++ b/dev/run-tests.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e 
+
+echo "Entering directory $1"
+cd $1/
+
+apt-get update
+apt-get install -y $(cat tests/system-requirements.txt)
+pip install -r requirements.txt
+python setup.py install
+run-parts --exit-on-error --regex '^[0-9]+.*\.sh$' ./tests/
diff --git a/scripts/vault-certificate-deploy b/scripts/vault-certificate-deploy
index f4acd59..863f4b0 100755
--- a/scripts/vault-certificate-deploy
+++ b/scripts/vault-certificate-deploy
@@ -359,7 +359,7 @@ if __name__ == '__main__':
     for cert_name in cert_list:
         base.pdeb("Retrieving secret " + cert_name, args.debug)
         secret = vault.read(vault_mount_point + "/" + cert_name)
-        base.pdeb("Secret: %s with keys %s" % (str(secret), str(secret.keys())), args.debug)
+
         if secret is not None:
             base.pdeb("Secret: %s with keys %s" % (str(secret), str(secret.keys())), args.debug)
             certificates.append((cert_name, secret))
diff --git a/tests/01-prepare-secrets.sh b/tests/01-prepare-secrets.sh
index 7d7a0f8..030a3c6 100755
--- a/tests/01-prepare-secrets.sh
+++ b/tests/01-prepare-secrets.sh
@@ -58,6 +58,11 @@ cat > deploy3.conf <<EOF
 invalid-cert
 EOF
 
+echo "Prepair deploy config4"
+cat > deploy4.conf <<EOF
+_cert.that.not-exists
+EOF
+
 echo "Prepair client deploy"
 cat > client_cert.conf << EOF
 test1.test.intra
diff --git a/tests/12-fail.sh b/tests/12-deploy3-fail.sh
similarity index 100%
rename from tests/12-fail.sh
rename to tests/12-deploy3-fail.sh
diff --git a/tests/13-deploy4-noexist.sh b/tests/13-deploy4-noexist.sh
new file mode 100755
index 0000000..9bd7881
--- /dev/null
+++ b/tests/13-deploy4-noexist.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+cat <<EOF
+=======================================
+Non existent cert DEPLOY (good to fail)
+---------------------------------------
+Check fail states and correct exitcodes
+for certs that non exists
+
+=======================================
+EOF
+
+if [[ -f ./vault.env ]] ; then
+  . ./vault.env
+else
+  echo "Unable to find vault.env file from previous step"
+  exit 1
+fi
+
+# Test fail deploy
+if $script -c ./script.conf --cert-list deploy4.conf ; then
+  echo "ERROR: Deploy success when certificate was bad." >&2
+  exit 1
+else
+  echo "It's OK to fail, looks good :)"
+fi
+
+if [[ $(find $cert_destination -type f -name '*.crt' | wc -l) -gt 0 ]] ; then
+  echo "ERROR: There should be no certificates in this step" >&2
+  exit 1
+else
+  echo "Success, no certificates left in this step"
+fi