forked from zendesk/helm-secrets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.sh
executable file
·160 lines (140 loc) · 4.51 KB
/
test.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
#!/usr/bin/env bash
RED='\033[0;31m'
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NOC='\033[0m'
ALREADY_ENC="Already encrypted"
SECRETS_REPO="https://github.com/futuresimple/helm-secrets"
HELM_CMD="helm"
trap_error() {
local status=$?
if [ "$status" -ne 0 ]; then
echo -e "${RED}General error${NOC}"
exit 1
else
exit 0
fi
echo -e "${RED}General error${NOC}"
}
trap "trap_error" EXIT
test_encryption() {
result=$(cat < "${secret}" | grep -Ec "(40B6FAEC80FD467E3FE9421019F6A67BB1B8DDBE|4434EA5D05F10F59D0DF7399AF1D073646ED4927)")
if [ "${result}" -eq 2 ] && [ "${secret}" == "./example/helm_vars/secrets.yaml" ];
then
echo -e "${GREEN}[OK]${NOC} File properly encrypted"
elif [ "${result}" -eq 1 ] && [ "${secret}" != "./example/helm_vars/secrets.yaml" ];
then
echo -e "${GREEN}[OK]${NOC} File properly encrypted"
else
echo -e "${RED}[FAIL]${NOC} ${secret} Not encrypted properly"
exit 1
fi
}
test_view() {
result_view=$(${HELM_CMD} secrets view "${secret}" | grep -Ec "(40B6FAEC80FD467E3FE9421019F6A67BB1B8DDBE|4434EA5D05F10F59D0DF7399AF1D073646ED4927)")
if [ "${result_view}" -gt 0 ];
then
echo -e "${RED}[FAIL]${NOC} Decryption failed"
else
echo -e "${GREEN}[OK]${NOC} File decrypted and viewable"
fi
}
test_decrypt() {
if [ -f "${secret}.dec" ];
then
result_dec=$(cat < "${secret}.dec" | grep -Ec "(40B6FAEC80FD467E3FE9421019F6A67BB1B8DDBE|4434EA5D05F10F59D0DF7399AF1D073646ED4927)")
if [ "${result_dec}" -gt 0 ];
then
echo -e "${RED}[FAIL]${NOC} Decryption failed"
else
echo -e "${GREEN}[OK]${NOC} File decrypted"
fi
else
echo -e "${RED}[FAIL]${NOC} ${secret}.dec not exist"
exit 1
fi
}
test_clean() {
if [ -f "${secret}.dec" ];
then
echo -e "${RED}[FAIL]${NOC} ${secret}.dec exist after cleanup"
exit 1
else
echo -e "${GREEN}[OK]${NOC} Cleanup ${mode}"
fi
}
test_already_encrypted() {
if [[ "${enc_res}" == *"${ALREADY_ENC}"* ]];
then
echo -e "${GREEN}[OK]${NOC} Already Encrypted"
else
echo -e "${RED}[FAIL]${NOC} Not Encrypted or re-encrypted. Should be already encrypted with no re-encryption."
exit 1
fi
}
test_helm_secrets() {
echo -e "${YELLOW}+++${NOC} ${BLUE}Testing ${secret}${NOC}"
echo -e "${YELLOW}+++${NOC} Encrypt and Test"
"${HELM_CMD}" secrets enc "${secret}" > /dev/null || exit 1 && \
test_encryption "${secret}"
echo -e "${YELLOW}+++${NOC} Test if 'Already Encrypted' feature works"
enc_res=$("${HELM_CMD}" secrets enc "${secret}" | grep "${ALREADY_ENC}")
test_already_encrypted "${enc_res}"
echo -e "${YELLOW}+++${NOC} View encrypted Test"
test_view "${secret}"
echo -e "${YELLOW}+++${NOC} Decrypt"
"${HELM_CMD}" secrets dec "${secret}" > /dev/null || exit 1 && \
test_decrypt "${secret}" && \
cp "${secret}.dec" "${secret}"
echo -e "${YELLOW}+++${NOC} Cleanup Test"
"${HELM_CMD}" secrets clean "$(dirname ${secret})" > /dev/null || exit 1
mode="specified directory"
test_clean "${secret}" "${mode}" && \
cp "${secret}" "${secret}.dec" && \
"${HELM_CMD}" secrets clean "${secret}.dec" > /dev/null || exit 1
mode="specified .dec file"
test_clean "${secret}" "${mode}" # && \
# cp "${secret}" "${secret}.dec" && \
# "${HELM_CMD}" secrets clean "${secret}.dec" > /dev/null || exit 1
# mode="specified encrypted secret file"
# test_clean "${secret}" "${mode}"
# The functionality above doesn't work, it only works with .dec in filename
echo -e "${YELLOW}+++${NOC} Once again Encrypt and Test"
"${HELM_CMD}" secrets enc "${secret}" > /dev/null || exit 1 && \
test_encryption "${secret}"
}
echo -e "${YELLOW}+++${NOC} Installing helm-secrets plugin"
if [ "$(helm plugin list | tail -n +2 | cut -d ' ' -f 1 | grep -c "secrets")" -eq 1 ];
then
echo -e "${GREEN}[OK]${NOC} helm-secrets plugin installed"
else
"${HELM_CMD}" plugin install "${SECRETS_REPO}" 2>/dev/null
echo -e "${RED}[FAIL]${NOC} No helm-secrets plugin aborting"
exit 1
fi
echo ""
if [ -x "$(command -v gpg --version)" ];
then
echo -e "${YELLOW}+++${NOC} Importing private pgp key for projectx"
gpg --import example/pgp/projectx.asc
echo ""
echo -e "${YELLOW}+++${NOC} Importing private pgp key for projectx"
gpg --import example/pgp/projecty.asc
echo ""
else
echo -e "${RED}[FAIL]${NOC} Install gpg"
exit 1
fi
echo -e "${YELLOW}+++${NOC} Show helm_vars tree from example"
if [ -x "$(command -v tree --version)" ];
then
tree -Ca example/helm_vars/
else
echo -e "${RED}[FAIL]${NOC} Install tree command"
exit 1
fi
echo ""
for secret in $(find . -type f -name secrets.yaml);
do test_helm_secrets "${secret}";
done