-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor(sre-secrets): enhance typing (#61)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
- Loading branch information
1 parent
ed27ee9
commit 4724b16
Showing
26 changed files
with
1,726 additions
and
552 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Editor configuration, see http://editorconfig.org | ||
root = true | ||
|
||
[*] | ||
charset = utf-8 | ||
indent_style = space | ||
indent_size = 2 | ||
insert_final_newline = true | ||
trim_trailing_whitespace = true | ||
|
||
[*.md] | ||
max_line_length = off | ||
trim_trailing_whitespace = false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,6 +20,6 @@ | |
"yaml": "^1.10.2" | ||
}, | ||
"devDependencies": { | ||
"jest": "^26.6.3" | ||
"jest": "^27.0.6" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
import { ISealedSecret } from "@kubernetes-models/sealed-secrets/bitnami.com/v1alpha1/SealedSecret"; | ||
|
||
export interface Options { | ||
context: string; | ||
namespace: string; | ||
name: string; | ||
secrets: Record<string, string>; | ||
} | ||
|
||
export function createSealedSecret(options: Options): Promise<ISealSecret>; | ||
export function crypt(options: Omit<Options, secrets>): Promise<string>; | ||
export function cryptFromSecrets(options: Options): Promise<ISealSecret>; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
node_modules | ||
dist |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
root: true | ||
overrides: | ||
- files: "*.js" | ||
extends: | ||
- "@socialgouv/eslint-config-recommended" | ||
- files: "*.ts" | ||
extends: | ||
- "@socialgouv/eslint-config-typescript" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,42 +1,49 @@ | ||
const fs = require("fs") | ||
const util = require("util") | ||
const yaml = require("js-yaml") | ||
const exec = util.promisify(require("child_process").exec) | ||
import { readFileSync } from "fs"; | ||
import { load } from "js-yaml"; | ||
import { directory } from "tempy"; | ||
|
||
import { main } from "../src/index"; | ||
|
||
describe("Test sealed secrets generation", () => { | ||
const filePath = "./__tests__/data/.secrets.yaml" | ||
const folderPath = `${process.env.RUNNER_TEMP || "/tmp"}/sre-secrets` | ||
const filePath = "./__tests__/data/.secrets.yaml"; | ||
const folderPath = directory({ prefix: "sre-secrets" }); | ||
const matchers = { | ||
spec: { | ||
encryptedData: { | ||
toto: expect.any(String), | ||
tata: expect.any(String), | ||
toto: expect.any(String), | ||
}, | ||
}, | ||
} | ||
}; | ||
|
||
test("Generate sealed secrets", async () => { | ||
const cmd = `node ./dist/index.js --from=${filePath} --to=${folderPath}` | ||
const { stdout, stderr } = await exec(cmd) | ||
if (stdout) console.log("stdout:", stdout) | ||
if (stderr) console.log("stderr:", stderr) | ||
}) | ||
beforeAll(async () => { | ||
await main({ | ||
fromPath: filePath, | ||
toPath: folderPath, | ||
}); | ||
// HACK(douglasduteil): ensure EOL after logs | ||
// We might want to remove all spinner logs in the future | ||
process.stdout.write("\n"); | ||
await new Promise((resolve) => { | ||
setTimeout(resolve, 500); | ||
}); | ||
}); | ||
|
||
test("Check dev snapshot", () => { | ||
const path = `${folderPath}/environments/dev/app.sealed-secret.yaml` | ||
const content = yaml.safeLoad(fs.readFileSync(path, "utf8")) | ||
expect(content).toMatchSnapshot(matchers) | ||
}) | ||
const path = `${folderPath}/environments/dev/app.sealed-secret.yaml`; | ||
const content = load(readFileSync(path, "utf8")); | ||
expect(content).toMatchSnapshot(matchers); | ||
}); | ||
|
||
test("Check preprod snapshot", () => { | ||
const path = `${folderPath}/environments/preprod/app.sealed-secret.yaml` | ||
const content = yaml.safeLoad(fs.readFileSync(path, "utf8")) | ||
expect(content).toMatchSnapshot(matchers) | ||
}) | ||
const path = `${folderPath}/environments/preprod/app.sealed-secret.yaml`; | ||
const content = load(readFileSync(path, "utf8")); | ||
expect(content).toMatchSnapshot(matchers); | ||
}); | ||
|
||
test("Check prod snapshot", () => { | ||
const path = `${folderPath}/environments/prod/app-prod.sealed-secret.yaml` | ||
const content = yaml.safeLoad(fs.readFileSync(path, "utf8")) | ||
expect(content).toMatchSnapshot(matchers) | ||
}) | ||
}) | ||
const path = `${folderPath}/environments/prod/app-prod.sealed-secret.yaml`; | ||
const content = load(readFileSync(path, "utf8")); | ||
expect(content).toMatchSnapshot(matchers); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"$schema": "https://json.schemastore.org/tsconfig", | ||
"extends": "../tsconfig.json", | ||
"compilerOptions": { | ||
"types": ["jest", "node"] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
#!/usr/bin/env node | ||
|
||
import { main } from "../index"; | ||
import spinner from "../spinner"; | ||
import yargs from "../yargs"; | ||
|
||
Promise.resolve() | ||
.then(async () => { | ||
const { f: fromPath, t: toPath } = await yargs.parse(); | ||
await main({ fromPath, toPath }); | ||
process.exit(0); | ||
}) | ||
.catch((error) => { | ||
spinner.fail(error); | ||
process.exit(1); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,65 +1,73 @@ | ||
import yargs from "./yargs" | ||
import spinner from "./spinner" | ||
import { safeDump } from "js-yaml" | ||
import seal, { Config } from "./seal" | ||
import { yellow, green } from "chalk" | ||
import { mkdirSync, writeFileSync } from "fs" | ||
import { cryptFromSecrets } from "@socialgouv/sre-seal"; | ||
import { green, yellow } from "chalk"; | ||
import { mkdirSync, writeFileSync } from "fs"; | ||
import { dump } from "js-yaml"; | ||
|
||
const { argv } = yargs | ||
const baseName = "sealed-secret" | ||
const folderPath = argv.t || "./.k8s" | ||
import type { ServiceEnvironment } from "./services"; | ||
import spinner from "./spinner"; | ||
|
||
const processEnvironment = async ( | ||
namespace, | ||
serviceName, | ||
environmentName, | ||
{ fileName, secretsName, secrets } | ||
) => { | ||
const config: Config = { | ||
secrets, | ||
namespace: namespace, | ||
name: secretsName || `${serviceName}-${baseName}`, | ||
context: environmentName === "prod" ? "prod2" : "dev2", | ||
} | ||
const baseName = "sealed-secret"; | ||
|
||
const sealed = await seal(config) | ||
const processEnvironment = | ||
({ toPath }: { toPath: string }) => | ||
async ( | ||
namespace: string, | ||
serviceName: string, | ||
environmentName: string, | ||
{ fileName, secretsName, secrets }: ServiceEnvironment | ||
) => { | ||
const context = environmentName === "prod" ? "prod2" : "dev2"; | ||
const name = secretsName ?? `${serviceName}-${baseName}`; | ||
const sealed = await cryptFromSecrets({ | ||
context, | ||
name, | ||
namespace, | ||
secrets, | ||
}); | ||
|
||
mkdirSync(`${folderPath}/environments/${environmentName}`, { | ||
recursive: true, | ||
}) | ||
mkdirSync(`${toPath}/environments/${environmentName}`, { | ||
recursive: true, | ||
}); | ||
|
||
writeFileSync( | ||
`${folderPath}/environments/${environmentName}/${ | ||
fileName || serviceName | ||
}.${baseName}.yaml`, | ||
safeDump(sealed, { noRefs: true }) | ||
) | ||
} | ||
writeFileSync( | ||
`${toPath}/environments/${environmentName}/${ | ||
fileName ?? serviceName | ||
}.${baseName}.yaml`, | ||
dump(sealed, { noRefs: true }) | ||
); | ||
}; | ||
|
||
export const processEnvironments = async ( | ||
namespace, | ||
serviceName, | ||
environments | ||
) => { | ||
const environmentNames = Object.keys(environments) | ||
export const processEnvironments = | ||
({ toPath }: { toPath: string }) => | ||
async ( | ||
namespace: string, | ||
serviceName: string, | ||
environments: Record<string, ServiceEnvironment> | ||
): Promise<void> => { | ||
const environmentNames = Object.keys(environments); | ||
|
||
for (const environmentName of environmentNames) { | ||
spinner.start( | ||
`creating ${yellow(serviceName)} sealed secrets for ${yellow( | ||
environmentName | ||
)}` | ||
) | ||
for (const environmentName of environmentNames) { | ||
spinner.start( | ||
`creating ${yellow(serviceName)} sealed secrets for ${yellow( | ||
environmentName | ||
)}` | ||
); | ||
|
||
const config = environments[environmentName] | ||
const config = environments[environmentName]; | ||
|
||
await processEnvironment(namespace, serviceName, environmentName, config) | ||
await processEnvironment({ toPath })( | ||
namespace, | ||
serviceName, | ||
environmentName, | ||
config | ||
); | ||
|
||
spinner.succeed( | ||
`${green(serviceName)} sealed secrets created for ${green( | ||
environmentName | ||
)} environment (${folderPath}/environments/${environmentName}/${ | ||
config?.fileName || serviceName | ||
}.${baseName}.yaml)` | ||
) | ||
} | ||
} | ||
spinner.succeed( | ||
`${green(serviceName)} sealed secrets created for ${green( | ||
environmentName | ||
)} environment (${toPath}/environments/${environmentName}/${ | ||
config.fileName ?? serviceName | ||
}.${baseName}.yaml)` | ||
); | ||
} | ||
}; |
Oops, something went wrong.