From ad358d4370e0aaf7feae11366b3fb91de4e6997d Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 13:57:59 -0400 Subject: [PATCH 01/16] Add e2e test cases --- .github/workflows/e2e-tests.yml | 68 +++++++++++++++++++++++++++++++++ tests/assert-env-set.sh | 14 ++++++- tests/assert-env-unset.sh | 14 +++++++ tests/assert-ssh-keys-set.sh | 23 +++++++++++ 4 files changed, 118 insertions(+), 1 deletion(-) create mode 100755 tests/assert-ssh-keys-set.sh diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 3105fb6..fa53052 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -59,6 +59,11 @@ jobs: echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl + echo "FILE_WEBSITE=op://${{ secrets.VAULT }}/test-secret/website" >> tests/.env.tpl + echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl + echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl + echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl + echo "FILE_TEST_FILE_CONTENT=op://${{ secrets.VAULT }}/file-secret/test.txt" >> tests/.env.tpl - name: Configure Service account uses: ./configure @@ -75,6 +80,11 @@ jobs: SECRET: op://${{ secrets.VAULT }}/test-secret/password SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain + WEBSITE: op://${{ secrets.VAULT }}/test-secret/website + TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key + TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" + SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date + TEST_FILE_CONTENT: op://${{ secrets.VAULT }}/file-secret/test.txt OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -87,13 +97,38 @@ jobs: FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }} FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }} FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }} + WEBSITE: ${{ steps.load_secrets.outputs.WEBSITE }} + FILE_WEBSITE: ${{ steps.load_secrets.outputs.FILE_WEBSITE }} + TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} + FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} + TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} + FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} + SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} + FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} + TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.TEST_FILE_CONTENT }} + FILE_TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.FILE_TEST_FILE_CONTENT }} run: ./tests/assert-env-set.sh + - name: Assert SSH key env vars [step output] + if: ${{ !matrix.export-env }} + shell: bash + env: + TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} + FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} + TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} + FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} + run: ./tests/assert-ssh-keys-set.sh + - name: Assert test secret values [exported env] if: ${{ matrix.export-env }} shell: bash run: ./tests/assert-env-set.sh + - name: Assert SSH key env vars [exported env] + if: ${{ matrix.export-env }} + shell: bash + run: ./tests/assert-ssh-keys-set.sh + - name: Remove secrets [exported env] if: ${{ matrix.export-env }} uses: ./ @@ -139,6 +174,11 @@ jobs: echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl + echo "FILE_WEBSITE=op://${{ secrets.VAULT }}/test-secret/website" >> tests/.env.tpl + echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl + echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl + echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl + echo "FILE_TEST_FILE_CONTENT=op://${{ secrets.VAULT }}/file-secret/test.txt" >> tests/.env.tpl - name: Launch 1Password Connect instance env: @@ -163,6 +203,11 @@ jobs: SECRET: op://${{ secrets.VAULT }}/test-secret/password SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain + WEBSITE: op://${{ secrets.VAULT }}/test-secret/website + TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key + TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" + SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date + TEST_FILE_CONTENT: op://${{ secrets.VAULT }}/file-secret/test.txt OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -174,12 +219,35 @@ jobs: FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }} FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }} FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }} + WEBSITE: ${{ steps.load_secrets.outputs.WEBSITE }} + FILE_WEBSITE: ${{ steps.load_secrets.outputs.FILE_WEBSITE }} + TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} + FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} + TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} + FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} + SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} + FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} + TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.TEST_FILE_CONTENT }} + FILE_TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.FILE_TEST_FILE_CONTENT }} run: ./tests/assert-env-set.sh + - name: Assert SSH key env vars [step output] + if: ${{ !matrix.export-env }} + env: + TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} + FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} + TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} + FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} + run: ./tests/assert-ssh-keys-set.sh + - name: Assert test secret values [exported env] if: ${{ matrix.export-env }} run: ./tests/assert-env-set.sh + - name: Assert SSH key env vars [exported env] + if: ${{ matrix.export-env }} + run: ./tests/assert-ssh-keys-set.sh + - name: Remove secrets [exported env] if: ${{ matrix.export-env }} uses: ./ diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index 7f98855..effd9b6 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -26,6 +26,9 @@ IApTbyBwbGVhc2UgZG9uJ3QgcmVwb3J0IGl0IQo= EOF )" readonly MULTILINE_SECRET +readonly WEBSITE="www.test.com" +readonly SSH_KEY_DATE="1773057660" +readonly TEST_FILE_CONTENT_EXPECTED="This is a test" assert_env_equals "SECRET" "${SECRET}" assert_env_equals "FILE_SECRET" "${SECRET}" @@ -34,4 +37,13 @@ assert_env_equals "SECRET_IN_SECTION" "${SECRET}" assert_env_equals "FILE_SECRET_IN_SECTION" "${SECRET}" assert_env_equals "MULTILINE_SECRET" "${MULTILINE_SECRET}" -assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}" \ No newline at end of file +assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}" + +assert_env_equals "WEBSITE" "${WEBSITE}" +assert_env_equals "FILE_WEBSITE" "${WEBSITE}" + +assert_env_equals_or_masked "SSH_KEY_DATE" "${SSH_KEY_DATE}" +assert_env_equals_or_masked "FILE_SSH_KEY_DATE" "${SSH_KEY_DATE}" + +assert_env_equals_or_masked "TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" +assert_env_equals_or_masked "FILE_TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" diff --git a/tests/assert-env-unset.sh b/tests/assert-env-unset.sh index 0565d14..92010f0 100755 --- a/tests/assert-env-unset.sh +++ b/tests/assert-env-unset.sh @@ -17,3 +17,17 @@ assert_env_unset "FILE_SECRET_IN_SECTION" assert_env_unset "MULTILINE_SECRET" assert_env_unset "FILE_MULTILINE_SECRET" + +assert_env_unset "WEBSITE" +assert_env_unset "FILE_WEBSITE" + +assert_env_unset "TEST_SSH_KEY" +assert_env_unset "FILE_TEST_SSH_KEY" +assert_env_unset "TEST_SSH_KEY_OPENSSH" +assert_env_unset "FILE_TEST_SSH_KEY_OPENSSH" + +assert_env_unset "SSH_KEY_DATE" +assert_env_unset "FILE_SSH_KEY_DATE" + +assert_env_unset "TEST_FILE_CONTENT" +assert_env_unset "FILE_TEST_FILE_CONTENT" diff --git a/tests/assert-ssh-keys-set.sh b/tests/assert-ssh-keys-set.sh new file mode 100755 index 0000000..3115f0d --- /dev/null +++ b/tests/assert-ssh-keys-set.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# shellcheck disable=SC2086 +set -e + +assert_ssh_key_set() { + local var="$1" + local val + val="$(printenv "$var" || true)" + if [ -z "$val" ]; then + echo "Expected $var to be set" + exit 1 + fi + if ! echo "$val" | head -1 | grep -q "BEGIN.*PRIVATE KEY"; then + echo "Expected $var to be a private key (missing BEGIN PRIVATE KEY header)" + exit 1 + fi + echo "$var is set and looks like a private key" +} + +assert_ssh_key_set "TEST_SSH_KEY" +assert_ssh_key_set "TEST_SSH_KEY_OPENSSH" +assert_ssh_key_set "FILE_TEST_SSH_KEY" +assert_ssh_key_set "FILE_TEST_SSH_KEY_OPENSSH" From affe8f472031f640ef111ca1011fb1767e466ad4 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 14:02:47 -0400 Subject: [PATCH 02/16] Use correct method --- tests/assert-env-set.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index effd9b6..95de03d 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -42,8 +42,8 @@ assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}" assert_env_equals "WEBSITE" "${WEBSITE}" assert_env_equals "FILE_WEBSITE" "${WEBSITE}" -assert_env_equals_or_masked "SSH_KEY_DATE" "${SSH_KEY_DATE}" -assert_env_equals_or_masked "FILE_SSH_KEY_DATE" "${SSH_KEY_DATE}" +assert_env_equals "SSH_KEY_DATE" "${SSH_KEY_DATE}" +assert_env_equals "FILE_SSH_KEY_DATE" "${SSH_KEY_DATE}" -assert_env_equals_or_masked "TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" -assert_env_equals_or_masked "FILE_TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" +assert_env_equals "TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" +assert_env_equals "FILE_TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" From 934acd2a2a66f574a09011883fc1e589e13d110f Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 14:08:08 -0400 Subject: [PATCH 03/16] Remove website check --- .github/workflows/e2e-tests.yml | 4 ---- tests/assert-env-set.sh | 9 +++++++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index fa53052..f2240ac 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -174,7 +174,6 @@ jobs: echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl - echo "FILE_WEBSITE=op://${{ secrets.VAULT }}/test-secret/website" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl @@ -203,7 +202,6 @@ jobs: SECRET: op://${{ secrets.VAULT }}/test-secret/password SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain - WEBSITE: op://${{ secrets.VAULT }}/test-secret/website TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date @@ -219,8 +217,6 @@ jobs: FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }} FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }} FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }} - WEBSITE: ${{ steps.load_secrets.outputs.WEBSITE }} - FILE_WEBSITE: ${{ steps.load_secrets.outputs.FILE_WEBSITE }} TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index 95de03d..3292d43 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -39,8 +39,13 @@ assert_env_equals "FILE_SECRET_IN_SECTION" "${SECRET}" assert_env_equals "MULTILINE_SECRET" "${MULTILINE_SECRET}" assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}" -assert_env_equals "WEBSITE" "${WEBSITE}" -assert_env_equals "FILE_WEBSITE" "${WEBSITE}" +# WEBSITE/FILE_WEBSITE only loaded by Service Account as Connect does not support website field +if [ -n "$(printenv WEBSITE 2>/dev/null)" ]; then + assert_env_equals "WEBSITE" "${WEBSITE}" +fi +if [ -n "$(printenv FILE_WEBSITE 2>/dev/null)" ]; then + assert_env_equals "FILE_WEBSITE" "${WEBSITE}" +fi assert_env_equals "SSH_KEY_DATE" "${SSH_KEY_DATE}" assert_env_equals "FILE_SSH_KEY_DATE" "${SSH_KEY_DATE}" From 2763f7b0b386331d1b31def0ca4c49b6589d58f8 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 14:15:20 -0400 Subject: [PATCH 04/16] Update assert script --- tests/assert-ssh-keys-set.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/assert-ssh-keys-set.sh b/tests/assert-ssh-keys-set.sh index 3115f0d..596b5f5 100755 --- a/tests/assert-ssh-keys-set.sh +++ b/tests/assert-ssh-keys-set.sh @@ -1,5 +1,4 @@ #!/bin/bash -# shellcheck disable=SC2086 set -e assert_ssh_key_set() { @@ -10,11 +9,15 @@ assert_ssh_key_set() { echo "Expected $var to be set" exit 1 fi - if ! echo "$val" | head -1 | grep -q "BEGIN.*PRIVATE KEY"; then - echo "Expected $var to be a private key (missing BEGIN PRIVATE KEY header)" - exit 1 + [ "$val" = "***" ] && return 0 + local line + line="$(echo "$val" | head -1)" + if echo "$var" | grep -q "OPENSSH"; then + echo "$line" | grep -q "OPENSSH" || { echo "Expected $var to start with -----BEGIN OPENSSH PRIVATE KEY-----"; exit 1; } + else + echo "$line" | grep -q "BEGIN.*PRIVATE KEY" || { echo "Expected $var to be a private key"; exit 1; } fi - echo "$var is set and looks like a private key" + echo "$var OK" } assert_ssh_key_set "TEST_SSH_KEY" From 6ecbf76d394ba416e533d65dda549cf20eaa4333 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 14:24:14 -0400 Subject: [PATCH 05/16] Improve website check --- .github/workflows/e2e-tests.yml | 8 +++++++- tests/assert-env-set.sh | 14 ++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index f2240ac..bcae107 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -91,6 +91,7 @@ jobs: if: ${{ !matrix.export-env }} shell: bash env: + ASSERT_WEBSITE: "true" SECRET: ${{ steps.load_secrets.outputs.SECRET }} SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} @@ -122,6 +123,8 @@ jobs: - name: Assert test secret values [exported env] if: ${{ matrix.export-env }} shell: bash + env: + ASSERT_WEBSITE: "true" run: ./tests/assert-env-set.sh - name: Assert SSH key env vars [exported env] @@ -184,7 +187,7 @@ jobs: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} run: | echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json - docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10 + docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 25 - name: Configure 1Password Connect uses: ./configure @@ -211,6 +214,7 @@ jobs: - name: Assert test secret values [step output] if: ${{ !matrix.export-env }} env: + ASSERT_WEBSITE: "false" SECRET: ${{ steps.load_secrets.outputs.SECRET }} SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }} MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }} @@ -238,6 +242,8 @@ jobs: - name: Assert test secret values [exported env] if: ${{ matrix.export-env }} + env: + ASSERT_WEBSITE: "false" run: ./tests/assert-env-set.sh - name: Assert SSH key env vars [exported env] diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index 3292d43..e8d68fc 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -39,11 +39,17 @@ assert_env_equals "FILE_SECRET_IN_SECTION" "${SECRET}" assert_env_equals "MULTILINE_SECRET" "${MULTILINE_SECRET}" assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}" -# WEBSITE/FILE_WEBSITE only loaded by Service Account as Connect does not support website field -if [ -n "$(printenv WEBSITE 2>/dev/null)" ]; then +# WEBSITE/FILE_WEBSITE: required when ASSERT_WEBSITE=true (Service Account), skipped when false (Connect) +if [ "${ASSERT_WEBSITE:-false}" = "true" ]; then + if [ -z "$(printenv WEBSITE 2>/dev/null)" ]; then + echo "Expected WEBSITE to be set (Service Account)" + exit 1 + fi + if [ -z "$(printenv FILE_WEBSITE 2>/dev/null)" ]; then + echo "Expected FILE_WEBSITE to be set (Service Account)" + exit 1 + fi assert_env_equals "WEBSITE" "${WEBSITE}" -fi -if [ -n "$(printenv FILE_WEBSITE 2>/dev/null)" ]; then assert_env_equals "FILE_WEBSITE" "${WEBSITE}" fi From bc8523c04bd68a32ee5a65c589af5e0e8655e4ff Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 14:48:37 -0400 Subject: [PATCH 06/16] Add sync wait --- .github/workflows/e2e-tests.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index bcae107..7f02631 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -187,7 +187,7 @@ jobs: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} run: | echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json - docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 25 + docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 15 - name: Configure 1Password Connect uses: ./configure @@ -195,6 +195,23 @@ jobs: connect-host: http://localhost:8080 connect-token: ${{ secrets.OP_CONNECT_TOKEN }} + - name: Wait for Connect sync to be ready + env: + OP_CONNECT_HOST: http://localhost:8080 + run: | + url="${OP_CONNECT_HOST}/health" + for i in $(seq 1 12); do + sync_status=$(curl -sf "$url" | jq -r '.dependencies[] | select(.service=="sync") | .status // empty') + if [ "$sync_status" = "ACTIVE" ]; then + echo "Connect sync is ready" + exit 0 + fi + echo "Waiting for sync ($i/12)... status=${sync_status:-unknown}" + sleep 5 + done + echo "Timeout waiting for Connect sync" + exit 1 + - name: Load secrets id: load_secrets uses: ./ From f4a6c38f2af481c1fda9465d60d054466bac64a4 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 14:56:21 -0400 Subject: [PATCH 07/16] Add token to request --- .github/workflows/e2e-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 7f02631..2ec73b3 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -201,7 +201,7 @@ jobs: run: | url="${OP_CONNECT_HOST}/health" for i in $(seq 1 12); do - sync_status=$(curl -sf "$url" | jq -r '.dependencies[] | select(.service=="sync") | .status // empty') + sync_status=$(curl -sf -H "Authorization: Bearer $OP_CONNECT_TOKEN" "$url" | jq -r '.dependencies[] | select(.service=="sync") | .status // empty') if [ "$sync_status" = "ACTIVE" ]; then echo "Connect sync is ready" exit 0 From 2b062ec18c4749d7552625bbcc9b6d499da6a290 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 15:03:24 -0400 Subject: [PATCH 08/16] Reduce runs in parallel --- .github/workflows/e2e-tests.yml | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 2ec73b3..fdf572c 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -30,6 +30,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: fail-fast: true + max-parallel: 3 matrix: os: [ubuntu-latest, macos-latest, windows-latest] version: [latest, 2.30.0] @@ -195,23 +196,6 @@ jobs: connect-host: http://localhost:8080 connect-token: ${{ secrets.OP_CONNECT_TOKEN }} - - name: Wait for Connect sync to be ready - env: - OP_CONNECT_HOST: http://localhost:8080 - run: | - url="${OP_CONNECT_HOST}/health" - for i in $(seq 1 12); do - sync_status=$(curl -sf -H "Authorization: Bearer $OP_CONNECT_TOKEN" "$url" | jq -r '.dependencies[] | select(.service=="sync") | .status // empty') - if [ "$sync_status" = "ACTIVE" ]; then - echo "Connect sync is ready" - exit 0 - fi - echo "Waiting for sync ($i/12)... status=${sync_status:-unknown}" - sleep 5 - done - echo "Timeout waiting for Connect sync" - exit 1 - - name: Load secrets id: load_secrets uses: ./ From be02de5ede54bfe98e50d2405c74a5726fd4077d Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 15:05:23 -0400 Subject: [PATCH 09/16] Update connect tests --- .github/workflows/e2e-tests.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index fdf572c..7b7d534 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -30,7 +30,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: fail-fast: true - max-parallel: 3 + max-parallel: 2 matrix: os: [ubuntu-latest, macos-latest, windows-latest] version: [latest, 2.30.0] @@ -149,6 +149,7 @@ jobs: runs-on: ubuntu-latest strategy: fail-fast: true + max-parallel: 2 matrix: os: [ubuntu-latest, macos-latest, windows-latest] version: [latest, 2.30.0] From 6352983a5d0c5b85f4b7fc5ef9d1b92f8924d50f Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 15:10:36 -0400 Subject: [PATCH 10/16] Remove file content test --- .github/workflows/e2e-tests.yml | 10 ---------- tests/assert-env-set.sh | 4 ---- tests/assert-env-unset.sh | 3 --- 3 files changed, 17 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 7b7d534..0b86e68 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -30,7 +30,6 @@ jobs: runs-on: ${{ matrix.os }} strategy: fail-fast: true - max-parallel: 2 matrix: os: [ubuntu-latest, macos-latest, windows-latest] version: [latest, 2.30.0] @@ -64,7 +63,6 @@ jobs: echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl - echo "FILE_TEST_FILE_CONTENT=op://${{ secrets.VAULT }}/file-secret/test.txt" >> tests/.env.tpl - name: Configure Service account uses: ./configure @@ -85,7 +83,6 @@ jobs: TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date - TEST_FILE_CONTENT: op://${{ secrets.VAULT }}/file-secret/test.txt OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -107,8 +104,6 @@ jobs: FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} - TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.TEST_FILE_CONTENT }} - FILE_TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.FILE_TEST_FILE_CONTENT }} run: ./tests/assert-env-set.sh - name: Assert SSH key env vars [step output] @@ -149,7 +144,6 @@ jobs: runs-on: ubuntu-latest strategy: fail-fast: true - max-parallel: 2 matrix: os: [ubuntu-latest, macos-latest, windows-latest] version: [latest, 2.30.0] @@ -182,7 +176,6 @@ jobs: echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl - echo "FILE_TEST_FILE_CONTENT=op://${{ secrets.VAULT }}/file-secret/test.txt" >> tests/.env.tpl - name: Launch 1Password Connect instance env: @@ -210,7 +203,6 @@ jobs: TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date - TEST_FILE_CONTENT: op://${{ secrets.VAULT }}/file-secret/test.txt OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -229,8 +221,6 @@ jobs: FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} - TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.TEST_FILE_CONTENT }} - FILE_TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.FILE_TEST_FILE_CONTENT }} run: ./tests/assert-env-set.sh - name: Assert SSH key env vars [step output] diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index e8d68fc..2aab1ff 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -28,7 +28,6 @@ EOF readonly MULTILINE_SECRET readonly WEBSITE="www.test.com" readonly SSH_KEY_DATE="1773057660" -readonly TEST_FILE_CONTENT_EXPECTED="This is a test" assert_env_equals "SECRET" "${SECRET}" assert_env_equals "FILE_SECRET" "${SECRET}" @@ -55,6 +54,3 @@ fi assert_env_equals "SSH_KEY_DATE" "${SSH_KEY_DATE}" assert_env_equals "FILE_SSH_KEY_DATE" "${SSH_KEY_DATE}" - -assert_env_equals "TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" -assert_env_equals "FILE_TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" diff --git a/tests/assert-env-unset.sh b/tests/assert-env-unset.sh index 92010f0..17c0b6a 100755 --- a/tests/assert-env-unset.sh +++ b/tests/assert-env-unset.sh @@ -28,6 +28,3 @@ assert_env_unset "FILE_TEST_SSH_KEY_OPENSSH" assert_env_unset "SSH_KEY_DATE" assert_env_unset "FILE_SSH_KEY_DATE" - -assert_env_unset "TEST_FILE_CONTENT" -assert_env_unset "FILE_TEST_FILE_CONTENT" From bd0f47e27ea786cd1773e4e48b5c36147d15c6e5 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 15:16:34 -0400 Subject: [PATCH 11/16] Wait for connect sync --- .github/workflows/e2e-tests.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 0b86e68..07e597a 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -30,6 +30,7 @@ jobs: runs-on: ${{ matrix.os }} strategy: fail-fast: true + max-parallel: 4 matrix: os: [ubuntu-latest, macos-latest, windows-latest] version: [latest, 2.30.0] @@ -144,6 +145,7 @@ jobs: runs-on: ubuntu-latest strategy: fail-fast: true + max-parallel: 4 matrix: os: [ubuntu-latest, macos-latest, windows-latest] version: [latest, 2.30.0] @@ -190,6 +192,24 @@ jobs: connect-host: http://localhost:8080 connect-token: ${{ secrets.OP_CONNECT_TOKEN }} + - name: Wait for Connect sync to be ready + env: + OP_CONNECT_HOST: http://localhost:8080 + OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} + run: | + url="${OP_CONNECT_HOST}/health" + for i in $(seq 1 12); do + sync_status=$(curl -sf -H "Authorization: Bearer $OP_CONNECT_TOKEN" "$url" | jq -r '.dependencies[] | select(.service=="sync") | .status // empty') + if [ "$sync_status" = "ACTIVE" ]; then + echo "Connect sync is ready" + exit 0 + fi + echo "Waiting for sync ($i/12)... status=${sync_status:-unknown}" + sleep 5 + done + echo "Timeout waiting for Connect sync" + exit 1 + - name: Load secrets id: load_secrets uses: ./ From d87677b04d1c373ea5b6f2cba07541dc7b80cece Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 16:25:17 -0400 Subject: [PATCH 12/16] Add credentils test --- .github/workflows/e2e-tests.yml | 16 ++++++++++++++++ tests/assert-env-set.sh | 7 +++++++ tests/assert-env-unset.sh | 5 +++++ 3 files changed, 28 insertions(+) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 07e597a..f0fec24 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -64,6 +64,8 @@ jobs: echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl + echo "FILE_TEST_CREDENTIALS=op://${{ secrets.VAULT }}/test-credentials/credential" >> tests/.env.tpl + echo "FILE_TEST_CREDENTIALS_NOTES=op://${{ secrets.VAULT }}/test-credentials/notes" >> tests/.env.tpl - name: Configure Service account uses: ./configure @@ -84,6 +86,8 @@ jobs: TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date + TEST_CREDENTIALS: op://${{ secrets.VAULT }}/test-credentials/credential + TEST_CREDENTIALS_NOTES: op://${{ secrets.VAULT }}/test-credentials/notes OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -105,6 +109,10 @@ jobs: FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} + TEST_CREDENTIALS: ${{ steps.load_secrets.outputs.TEST_CREDENTIALS }} + FILE_TEST_CREDENTIALS: ${{ steps.load_secrets.outputs.FILE_TEST_CREDENTIALS }} + TEST_CREDENTIALS_NOTES: ${{ steps.load_secrets.outputs.TEST_CREDENTIALS_NOTES }} + FILE_TEST_CREDENTIALS_NOTES: ${{ steps.load_secrets.outputs.FILE_TEST_CREDENTIALS_NOTES }} run: ./tests/assert-env-set.sh - name: Assert SSH key env vars [step output] @@ -178,6 +186,8 @@ jobs: echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl + echo "FILE_TEST_CREDENTIALS=op://${{ secrets.VAULT }}/test-credentials/credential" >> tests/.env.tpl + echo "FILE_TEST_CREDENTIALS_NOTES=op://${{ secrets.VAULT }}/test-credentials/notes" >> tests/.env.tpl - name: Launch 1Password Connect instance env: @@ -223,6 +233,8 @@ jobs: TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date + TEST_CREDENTIALS: op://${{ secrets.VAULT }}/test-credentials/credential + TEST_CREDENTIALS_NOTES: op://${{ secrets.VAULT }}/test-credentials/notes OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -241,6 +253,10 @@ jobs: FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} + TEST_CREDENTIALS: ${{ steps.load_secrets.outputs.TEST_CREDENTIALS }} + FILE_TEST_CREDENTIALS: ${{ steps.load_secrets.outputs.FILE_TEST_CREDENTIALS }} + TEST_CREDENTIALS_NOTES: ${{ steps.load_secrets.outputs.TEST_CREDENTIALS_NOTES }} + FILE_TEST_CREDENTIALS_NOTES: ${{ steps.load_secrets.outputs.FILE_TEST_CREDENTIALS_NOTES }} run: ./tests/assert-env-set.sh - name: Assert SSH key env vars [step output] diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index 2aab1ff..1240223 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -28,6 +28,8 @@ EOF readonly MULTILINE_SECRET readonly WEBSITE="www.test.com" readonly SSH_KEY_DATE="1773057660" +readonly TEST_CREDENTIALS="this-is-a-test" +readonly TEST_CREDENTIALS_NOTES="test note" assert_env_equals "SECRET" "${SECRET}" assert_env_equals "FILE_SECRET" "${SECRET}" @@ -54,3 +56,8 @@ fi assert_env_equals "SSH_KEY_DATE" "${SSH_KEY_DATE}" assert_env_equals "FILE_SSH_KEY_DATE" "${SSH_KEY_DATE}" + +assert_env_equals "TEST_CREDENTIALS" "${TEST_CREDENTIALS}" +assert_env_equals "FILE_TEST_CREDENTIALS" "${TEST_CREDENTIALS}" +assert_env_equals "TEST_CREDENTIALS_NOTES" "${TEST_CREDENTIALS_NOTES}" +assert_env_equals "FILE_TEST_CREDENTIALS_NOTES" "${TEST_CREDENTIALS_NOTES}" diff --git a/tests/assert-env-unset.sh b/tests/assert-env-unset.sh index 17c0b6a..f60ed9b 100755 --- a/tests/assert-env-unset.sh +++ b/tests/assert-env-unset.sh @@ -28,3 +28,8 @@ assert_env_unset "FILE_TEST_SSH_KEY_OPENSSH" assert_env_unset "SSH_KEY_DATE" assert_env_unset "FILE_SSH_KEY_DATE" + +assert_env_unset "TEST_CREDENTIALS" +assert_env_unset "FILE_TEST_CREDENTIALS" +assert_env_unset "TEST_CREDENTIALS_NOTES" +assert_env_unset "FILE_TEST_CREDENTIALS_NOTES" From 960f48270b3745464c7f2ad7fbcb453c4e00c3c7 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Mon, 9 Mar 2026 16:43:38 -0400 Subject: [PATCH 13/16] Use notes plain --- .github/workflows/e2e-tests.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index f0fec24..34a2cd4 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -65,7 +65,7 @@ jobs: echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl echo "FILE_TEST_CREDENTIALS=op://${{ secrets.VAULT }}/test-credentials/credential" >> tests/.env.tpl - echo "FILE_TEST_CREDENTIALS_NOTES=op://${{ secrets.VAULT }}/test-credentials/notes" >> tests/.env.tpl + echo "FILE_TEST_CREDENTIALS_NOTES=op://${{ secrets.VAULT }}/test-credentials/notesPlain" >> tests/.env.tpl - name: Configure Service account uses: ./configure @@ -87,7 +87,7 @@ jobs: TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date TEST_CREDENTIALS: op://${{ secrets.VAULT }}/test-credentials/credential - TEST_CREDENTIALS_NOTES: op://${{ secrets.VAULT }}/test-credentials/notes + TEST_CREDENTIALS_NOTES: op://${{ secrets.VAULT }}/test-credentials/notesPlain OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -187,7 +187,7 @@ jobs: echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl echo "FILE_TEST_CREDENTIALS=op://${{ secrets.VAULT }}/test-credentials/credential" >> tests/.env.tpl - echo "FILE_TEST_CREDENTIALS_NOTES=op://${{ secrets.VAULT }}/test-credentials/notes" >> tests/.env.tpl + echo "FILE_TEST_CREDENTIALS_NOTES=op://${{ secrets.VAULT }}/test-credentials/notesPlain" >> tests/.env.tpl - name: Launch 1Password Connect instance env: @@ -234,7 +234,7 @@ jobs: TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date TEST_CREDENTIALS: op://${{ secrets.VAULT }}/test-credentials/credential - TEST_CREDENTIALS_NOTES: op://${{ secrets.VAULT }}/test-credentials/notes + TEST_CREDENTIALS_NOTES: op://${{ secrets.VAULT }}/test-credentials/notesPlain OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] From 13dac1510bae0b36e997aa358bd60d8f1c1324fb Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Tue, 10 Mar 2026 16:01:04 -0400 Subject: [PATCH 14/16] remove unecessary checks --- .github/workflows/e2e-tests.yml | 42 --------------------------------- tests/assert-env-set.sh | 11 --------- tests/assert-env-unset.sh | 8 ------- 3 files changed, 61 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 34a2cd4..21b3107 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -63,9 +63,6 @@ jobs: echo "FILE_WEBSITE=op://${{ secrets.VAULT }}/test-secret/website" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl - echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl - echo "FILE_TEST_CREDENTIALS=op://${{ secrets.VAULT }}/test-credentials/credential" >> tests/.env.tpl - echo "FILE_TEST_CREDENTIALS_NOTES=op://${{ secrets.VAULT }}/test-credentials/notesPlain" >> tests/.env.tpl - name: Configure Service account uses: ./configure @@ -85,9 +82,6 @@ jobs: WEBSITE: op://${{ secrets.VAULT }}/test-secret/website TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" - SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date - TEST_CREDENTIALS: op://${{ secrets.VAULT }}/test-credentials/credential - TEST_CREDENTIALS_NOTES: op://${{ secrets.VAULT }}/test-credentials/notesPlain OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -107,12 +101,6 @@ jobs: FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} - SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} - FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} - TEST_CREDENTIALS: ${{ steps.load_secrets.outputs.TEST_CREDENTIALS }} - FILE_TEST_CREDENTIALS: ${{ steps.load_secrets.outputs.FILE_TEST_CREDENTIALS }} - TEST_CREDENTIALS_NOTES: ${{ steps.load_secrets.outputs.TEST_CREDENTIALS_NOTES }} - FILE_TEST_CREDENTIALS_NOTES: ${{ steps.load_secrets.outputs.FILE_TEST_CREDENTIALS_NOTES }} run: ./tests/assert-env-set.sh - name: Assert SSH key env vars [step output] @@ -185,9 +173,6 @@ jobs: echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl - echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl - echo "FILE_TEST_CREDENTIALS=op://${{ secrets.VAULT }}/test-credentials/credential" >> tests/.env.tpl - echo "FILE_TEST_CREDENTIALS_NOTES=op://${{ secrets.VAULT }}/test-credentials/notesPlain" >> tests/.env.tpl - name: Launch 1Password Connect instance env: @@ -202,24 +187,6 @@ jobs: connect-host: http://localhost:8080 connect-token: ${{ secrets.OP_CONNECT_TOKEN }} - - name: Wait for Connect sync to be ready - env: - OP_CONNECT_HOST: http://localhost:8080 - OP_CONNECT_TOKEN: ${{ secrets.OP_CONNECT_TOKEN }} - run: | - url="${OP_CONNECT_HOST}/health" - for i in $(seq 1 12); do - sync_status=$(curl -sf -H "Authorization: Bearer $OP_CONNECT_TOKEN" "$url" | jq -r '.dependencies[] | select(.service=="sync") | .status // empty') - if [ "$sync_status" = "ACTIVE" ]; then - echo "Connect sync is ready" - exit 0 - fi - echo "Waiting for sync ($i/12)... status=${sync_status:-unknown}" - sleep 5 - done - echo "Timeout waiting for Connect sync" - exit 1 - - name: Load secrets id: load_secrets uses: ./ @@ -232,9 +199,6 @@ jobs: MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" - SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date - TEST_CREDENTIALS: op://${{ secrets.VAULT }}/test-credentials/credential - TEST_CREDENTIALS_NOTES: op://${{ secrets.VAULT }}/test-credentials/notesPlain OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -251,12 +215,6 @@ jobs: FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} - SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} - FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} - TEST_CREDENTIALS: ${{ steps.load_secrets.outputs.TEST_CREDENTIALS }} - FILE_TEST_CREDENTIALS: ${{ steps.load_secrets.outputs.FILE_TEST_CREDENTIALS }} - TEST_CREDENTIALS_NOTES: ${{ steps.load_secrets.outputs.TEST_CREDENTIALS_NOTES }} - FILE_TEST_CREDENTIALS_NOTES: ${{ steps.load_secrets.outputs.FILE_TEST_CREDENTIALS_NOTES }} run: ./tests/assert-env-set.sh - name: Assert SSH key env vars [step output] diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index 1240223..9795651 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -27,9 +27,6 @@ EOF )" readonly MULTILINE_SECRET readonly WEBSITE="www.test.com" -readonly SSH_KEY_DATE="1773057660" -readonly TEST_CREDENTIALS="this-is-a-test" -readonly TEST_CREDENTIALS_NOTES="test note" assert_env_equals "SECRET" "${SECRET}" assert_env_equals "FILE_SECRET" "${SECRET}" @@ -53,11 +50,3 @@ if [ "${ASSERT_WEBSITE:-false}" = "true" ]; then assert_env_equals "WEBSITE" "${WEBSITE}" assert_env_equals "FILE_WEBSITE" "${WEBSITE}" fi - -assert_env_equals "SSH_KEY_DATE" "${SSH_KEY_DATE}" -assert_env_equals "FILE_SSH_KEY_DATE" "${SSH_KEY_DATE}" - -assert_env_equals "TEST_CREDENTIALS" "${TEST_CREDENTIALS}" -assert_env_equals "FILE_TEST_CREDENTIALS" "${TEST_CREDENTIALS}" -assert_env_equals "TEST_CREDENTIALS_NOTES" "${TEST_CREDENTIALS_NOTES}" -assert_env_equals "FILE_TEST_CREDENTIALS_NOTES" "${TEST_CREDENTIALS_NOTES}" diff --git a/tests/assert-env-unset.sh b/tests/assert-env-unset.sh index f60ed9b..027cead 100755 --- a/tests/assert-env-unset.sh +++ b/tests/assert-env-unset.sh @@ -25,11 +25,3 @@ assert_env_unset "TEST_SSH_KEY" assert_env_unset "FILE_TEST_SSH_KEY" assert_env_unset "TEST_SSH_KEY_OPENSSH" assert_env_unset "FILE_TEST_SSH_KEY_OPENSSH" - -assert_env_unset "SSH_KEY_DATE" -assert_env_unset "FILE_SSH_KEY_DATE" - -assert_env_unset "TEST_CREDENTIALS" -assert_env_unset "FILE_TEST_CREDENTIALS" -assert_env_unset "TEST_CREDENTIALS_NOTES" -assert_env_unset "FILE_TEST_CREDENTIALS_NOTES" From ebcbcb60ac9174b9d4a90e320bc9585b53e02ae0 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Fri, 13 Mar 2026 09:48:35 -0400 Subject: [PATCH 15/16] Update to use health endpoint check --- .github/workflows/e2e-tests.yml | 7 ++++--- tests/assert-env-set.sh | 8 -------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 21b3107..efca7db 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -137,8 +137,8 @@ jobs: run: ./tests/assert-env-unset.sh test-connect: - name: Connect (ubuntu-latest, ${{ matrix.version }}, export-env=${{ matrix.export-env }}) - runs-on: ubuntu-latest + name: Connect (${{ matrix.os }}, ${{ matrix.version }}, export-env=${{ matrix.export-env }}) + runs-on: ${{ matrix.os }} strategy: fail-fast: true max-parallel: 4 @@ -179,7 +179,8 @@ jobs: OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }} run: | echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json - docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 15 + docker compose -f tests/fixtures/docker-compose.yml up -d + timeout 60 bash -c 'until curl -sf http://localhost:8080/health >/dev/null 2>&1; do sleep 2; done' - name: Configure 1Password Connect uses: ./configure diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index 9795651..7e4c877 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -39,14 +39,6 @@ assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}" # WEBSITE/FILE_WEBSITE: required when ASSERT_WEBSITE=true (Service Account), skipped when false (Connect) if [ "${ASSERT_WEBSITE:-false}" = "true" ]; then - if [ -z "$(printenv WEBSITE 2>/dev/null)" ]; then - echo "Expected WEBSITE to be set (Service Account)" - exit 1 - fi - if [ -z "$(printenv FILE_WEBSITE 2>/dev/null)" ]; then - echo "Expected FILE_WEBSITE to be set (Service Account)" - exit 1 - fi assert_env_equals "WEBSITE" "${WEBSITE}" assert_env_equals "FILE_WEBSITE" "${WEBSITE}" fi From 7eb7055d290dec8cf49f20fe505a478d3c4e3284 Mon Sep 17 00:00:00 2001 From: Jill Regan Date: Fri, 13 Mar 2026 09:54:10 -0400 Subject: [PATCH 16/16] Remove matrix os array --- .github/workflows/e2e-tests.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index efca7db..0e7772d 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -137,13 +137,11 @@ jobs: run: ./tests/assert-env-unset.sh test-connect: - name: Connect (${{ matrix.os }}, ${{ matrix.version }}, export-env=${{ matrix.export-env }}) - runs-on: ${{ matrix.os }} + name: Connect (ubuntu-latest, ${{ matrix.version }}, export-env=${{ matrix.export-env }}) + runs-on: ubuntu-latest strategy: fail-fast: true - max-parallel: 4 matrix: - os: [ubuntu-latest, macos-latest, windows-latest] version: [latest, 2.30.0] export-env: [true, false] steps: