diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 3105fb6..fa53052 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -59,6 +59,11 @@ jobs: echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl + echo "FILE_WEBSITE=op://${{ secrets.VAULT }}/test-secret/website" >> tests/.env.tpl + echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl + echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl + echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl + echo "FILE_TEST_FILE_CONTENT=op://${{ secrets.VAULT }}/file-secret/test.txt" >> tests/.env.tpl - name: Configure Service account uses: ./configure @@ -75,6 +80,11 @@ jobs: SECRET: op://${{ secrets.VAULT }}/test-secret/password SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain + WEBSITE: op://${{ secrets.VAULT }}/test-secret/website + TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key + TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" + SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date + TEST_FILE_CONTENT: op://${{ secrets.VAULT }}/file-secret/test.txt OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -87,13 +97,38 @@ jobs: FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }} FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }} FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }} + WEBSITE: ${{ steps.load_secrets.outputs.WEBSITE }} + FILE_WEBSITE: ${{ steps.load_secrets.outputs.FILE_WEBSITE }} + TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} + FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} + TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} + FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} + SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} + FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} + TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.TEST_FILE_CONTENT }} + FILE_TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.FILE_TEST_FILE_CONTENT }} run: ./tests/assert-env-set.sh + - name: Assert SSH key env vars [step output] + if: ${{ !matrix.export-env }} + shell: bash + env: + TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} + FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} + TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} + FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} + run: ./tests/assert-ssh-keys-set.sh + - name: Assert test secret values [exported env] if: ${{ matrix.export-env }} shell: bash run: ./tests/assert-env-set.sh + - name: Assert SSH key env vars [exported env] + if: ${{ matrix.export-env }} + shell: bash + run: ./tests/assert-ssh-keys-set.sh + - name: Remove secrets [exported env] if: ${{ matrix.export-env }} uses: ./ @@ -139,6 +174,11 @@ jobs: echo "FILE_SECRET=op://${{ secrets.VAULT }}/test-secret/password" > tests/.env.tpl echo "FILE_SECRET_IN_SECTION=op://${{ secrets.VAULT }}/test-secret/test-section/password" >> tests/.env.tpl echo "FILE_MULTILINE_SECRET=op://${{ secrets.VAULT }}/multiline-secret/notesPlain" >> tests/.env.tpl + echo "FILE_WEBSITE=op://${{ secrets.VAULT }}/test-secret/website" >> tests/.env.tpl + echo "FILE_TEST_SSH_KEY=op://${{ secrets.VAULT }}/test-ssh-key/private key" >> tests/.env.tpl + echo "FILE_TEST_SSH_KEY_OPENSSH=op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" >> tests/.env.tpl + echo "FILE_SSH_KEY_DATE=op://${{ secrets.VAULT }}/test-ssh-key/test-section/date" >> tests/.env.tpl + echo "FILE_TEST_FILE_CONTENT=op://${{ secrets.VAULT }}/file-secret/test.txt" >> tests/.env.tpl - name: Launch 1Password Connect instance env: @@ -163,6 +203,11 @@ jobs: SECRET: op://${{ secrets.VAULT }}/test-secret/password SECRET_IN_SECTION: op://${{ secrets.VAULT }}/test-secret/test-section/password MULTILINE_SECRET: op://${{ secrets.VAULT }}/multiline-secret/notesPlain + WEBSITE: op://${{ secrets.VAULT }}/test-secret/website + TEST_SSH_KEY: op://${{ secrets.VAULT }}/test-ssh-key/private key + TEST_SSH_KEY_OPENSSH: "op://${{ secrets.VAULT }}/test-ssh-key/private key?ssh-format=openssh" + SSH_KEY_DATE: op://${{ secrets.VAULT }}/test-ssh-key/test-section/date + TEST_FILE_CONTENT: op://${{ secrets.VAULT }}/file-secret/test.txt OP_ENV_FILE: ./tests/.env.tpl - name: Assert test secret values [step output] @@ -174,12 +219,35 @@ jobs: FILE_SECRET: ${{ steps.load_secrets.outputs.FILE_SECRET }} FILE_SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.FILE_SECRET_IN_SECTION }} FILE_MULTILINE_SECRET: ${{ steps.load_secrets.outputs.FILE_MULTILINE_SECRET }} + WEBSITE: ${{ steps.load_secrets.outputs.WEBSITE }} + FILE_WEBSITE: ${{ steps.load_secrets.outputs.FILE_WEBSITE }} + TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} + FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} + TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} + FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} + SSH_KEY_DATE: ${{ steps.load_secrets.outputs.SSH_KEY_DATE }} + FILE_SSH_KEY_DATE: ${{ steps.load_secrets.outputs.FILE_SSH_KEY_DATE }} + TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.TEST_FILE_CONTENT }} + FILE_TEST_FILE_CONTENT: ${{ steps.load_secrets.outputs.FILE_TEST_FILE_CONTENT }} run: ./tests/assert-env-set.sh + - name: Assert SSH key env vars [step output] + if: ${{ !matrix.export-env }} + env: + TEST_SSH_KEY: ${{ steps.load_secrets.outputs.TEST_SSH_KEY }} + FILE_TEST_SSH_KEY: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY }} + TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.TEST_SSH_KEY_OPENSSH }} + FILE_TEST_SSH_KEY_OPENSSH: ${{ steps.load_secrets.outputs.FILE_TEST_SSH_KEY_OPENSSH }} + run: ./tests/assert-ssh-keys-set.sh + - name: Assert test secret values [exported env] if: ${{ matrix.export-env }} run: ./tests/assert-env-set.sh + - name: Assert SSH key env vars [exported env] + if: ${{ matrix.export-env }} + run: ./tests/assert-ssh-keys-set.sh + - name: Remove secrets [exported env] if: ${{ matrix.export-env }} uses: ./ diff --git a/tests/assert-env-set.sh b/tests/assert-env-set.sh index 7f98855..effd9b6 100755 --- a/tests/assert-env-set.sh +++ b/tests/assert-env-set.sh @@ -26,6 +26,9 @@ IApTbyBwbGVhc2UgZG9uJ3QgcmVwb3J0IGl0IQo= EOF )" readonly MULTILINE_SECRET +readonly WEBSITE="www.test.com" +readonly SSH_KEY_DATE="1773057660" +readonly TEST_FILE_CONTENT_EXPECTED="This is a test" assert_env_equals "SECRET" "${SECRET}" assert_env_equals "FILE_SECRET" "${SECRET}" @@ -34,4 +37,13 @@ assert_env_equals "SECRET_IN_SECTION" "${SECRET}" assert_env_equals "FILE_SECRET_IN_SECTION" "${SECRET}" assert_env_equals "MULTILINE_SECRET" "${MULTILINE_SECRET}" -assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}" \ No newline at end of file +assert_env_equals "FILE_MULTILINE_SECRET" "${MULTILINE_SECRET}" + +assert_env_equals "WEBSITE" "${WEBSITE}" +assert_env_equals "FILE_WEBSITE" "${WEBSITE}" + +assert_env_equals_or_masked "SSH_KEY_DATE" "${SSH_KEY_DATE}" +assert_env_equals_or_masked "FILE_SSH_KEY_DATE" "${SSH_KEY_DATE}" + +assert_env_equals_or_masked "TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" +assert_env_equals_or_masked "FILE_TEST_FILE_CONTENT" "${TEST_FILE_CONTENT_EXPECTED}" diff --git a/tests/assert-env-unset.sh b/tests/assert-env-unset.sh index 0565d14..92010f0 100755 --- a/tests/assert-env-unset.sh +++ b/tests/assert-env-unset.sh @@ -17,3 +17,17 @@ assert_env_unset "FILE_SECRET_IN_SECTION" assert_env_unset "MULTILINE_SECRET" assert_env_unset "FILE_MULTILINE_SECRET" + +assert_env_unset "WEBSITE" +assert_env_unset "FILE_WEBSITE" + +assert_env_unset "TEST_SSH_KEY" +assert_env_unset "FILE_TEST_SSH_KEY" +assert_env_unset "TEST_SSH_KEY_OPENSSH" +assert_env_unset "FILE_TEST_SSH_KEY_OPENSSH" + +assert_env_unset "SSH_KEY_DATE" +assert_env_unset "FILE_SSH_KEY_DATE" + +assert_env_unset "TEST_FILE_CONTENT" +assert_env_unset "FILE_TEST_FILE_CONTENT" diff --git a/tests/assert-ssh-keys-set.sh b/tests/assert-ssh-keys-set.sh new file mode 100755 index 0000000..3115f0d --- /dev/null +++ b/tests/assert-ssh-keys-set.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# shellcheck disable=SC2086 +set -e + +assert_ssh_key_set() { + local var="$1" + local val + val="$(printenv "$var" || true)" + if [ -z "$val" ]; then + echo "Expected $var to be set" + exit 1 + fi + if ! echo "$val" | head -1 | grep -q "BEGIN.*PRIVATE KEY"; then + echo "Expected $var to be a private key (missing BEGIN PRIVATE KEY header)" + exit 1 + fi + echo "$var is set and looks like a private key" +} + +assert_ssh_key_set "TEST_SSH_KEY" +assert_ssh_key_set "TEST_SSH_KEY_OPENSSH" +assert_ssh_key_set "FILE_TEST_SSH_KEY" +assert_ssh_key_set "FILE_TEST_SSH_KEY_OPENSSH"