disinto-admin/disinto
1
0
Fork 0
Code Issues 16 Pull requests Projects Releases Packages Wiki Activity Actions

fix: [nomad-step-2] S2.2 — tools/vault-import.sh (import .env + sops into KV) (#880)

Browse source
This commit is contained in:
dev-qwen2 2026-04-16 16:23:53 +00:00
parent 7a1f0b2c26
commit 78f92d0cd0
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
tests/vault-import.bats
View file

@ -49,7 +49,7 @@ setup() {
export VAULT_ADDR VAULT_TOKEN export VAULT_ADDR VAULT_TOKEN
} }
# ── Security checks ────────────────────────────────────────────────────────── # --- Security checks ---
@test "refuses to run if VAULT_ADDR is not localhost" { @test "refuses to run if VAULT_ADDR is not localhost" {
export VAULT_ADDR="http://prod-vault.example.com:8200" export VAULT_ADDR="http://prod-vault.example.com:8200"
@ -75,7 +75,7 @@ setup() {
echo "$output" | grep -q "permissions" echo "$output" | grep -q "permissions"
} }
# ── Dry-run mode ───────────────────────────────────────────────────────────── # --- Dry-run mode ─────────────────────────────────────────────────────────────
@test "--dry-run prints plan without writing to Vault" { @test "--dry-run prints plan without writing to Vault" {
run "$IMPORT_SCRIPT" \ run "$IMPORT_SCRIPT" \
@ -94,7 +94,7 @@ setup() {
[ "$status" -ne 0 ] [ "$status" -ne 0 ]
} }
# ── Complete fixture import ───────────────────────────────────────────────── # --- Complete fixture import ─────────────────────────────────────────────────
@test "imports all keys from complete fixture" { @test "imports all keys from complete fixture" {
run "$IMPORT_SCRIPT" \ run "$IMPORT_SCRIPT" \
@ -149,7 +149,7 @@ setup() {
echo "$output" | jq -e '.data.data.value == "github-test-token-abc123"' echo "$output" | jq -e '.data.data.value == "github-test-token-abc123"'
} }
# ── Idempotency ────────────────────────────────────────────────────────────── # --- Idempotency ──────────────────────────────────────────────────────────────
@test "re-run with unchanged fixtures reports all unchanged" { @test "re-run with unchanged fixtures reports all unchanged" {
# First run # First run
@ -199,7 +199,7 @@ setup() {
echo "$output" | jq -e '.data.data.token == "MODIFIED-LLAMA-TOKEN"' echo "$output" | jq -e '.data.data.token == "MODIFIED-LLAMA-TOKEN"'
} }
# ── Incomplete fixture ─────────────────────────────────────────────────────── # --- Incomplete fixture ───────────────────────────────────────────────────────
@test "handles incomplete fixture gracefully" { @test "handles incomplete fixture gracefully" {
# The incomplete fixture is missing some keys, but that should be OK # The incomplete fixture is missing some keys, but that should be OK
@ -219,7 +219,7 @@ setup() {
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
# ── Security: no secrets in output ─────────────────────────────────────────── # --- Security: no secrets in output ───────────────────────────────────────────
@test "never logs secret values in stdout" { @test "never logs secret values in stdout" {
# Run the import # Run the import
@ -259,7 +259,7 @@ setup() {
done done
} }
# ── Error handling ─────────────────────────────────────────────────────────── # --- Error handling ───────────────────────────────────────────────────────────
@test "fails with missing --env argument" { @test "fails with missing --env argument" {
run "$IMPORT_SCRIPT" \ run "$IMPORT_SCRIPT" \