fix all tests and use existing secrets for token and vars if passed in

charts/argocd-appset-secret-plugin/README.md

@@ -30,14 +30,15 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets
 | podSecurityContext | object | `{}` | securityContext for the pod: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
 | replicaCount | int | `1` | number of replica pods to create |
 | resources | object | `{}` |  |
-| secretVars.secretName | string | `"argocd-secret-vars"` | the name of the secret to use for your applicationSet parameters |
+| secretVars.existingSecret | string | `""` | the name of an existing secret to use for the secret keys to provide to applicationSets via the plugin generator |
 | securityContext | object | `{}` | securityContext for the container: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
 | service.port | int | `80` | service port to expose on the cluster |
 | service.targetPort | int | `4355` | service target port on the container |
 | service.type | string | `"ClusterIP"` | type for the service, only ClusterIP is tested |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| token.existingSecret | string | `""` | the name of an existing secret to use for the token that argoCD and the plugin will use for communication |
 | tolerations | list | `[]` |  |
 
 ----------------------------------------------

charts/argocd-appset-secret-plugin/templates/_helpers.tpl

@@ -56,7 +56,39 @@ Create the name of the service account to use
 {{- define "argocd-appset-secret-plugin.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "argocd-appset-secret-plugin.fullname" .) .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+
+curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $PLUGIN_TOKEN" -d \
+'{
+  "applicationSetName": "fake-appset",
+  "input": {
+    "parameters": {
+      "secret_vars": ["param1"]}
+  }
+}'
+
+http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H  \"Content-type:application/json\" -H \"Authorization: Bearer $TOKEN\" --data-urlencode \"{\"applicationSetName\": \"fake-appset\", \"input\": {\"parameters\": {\"secret_vars\": [\"app_name\"]}}}\"
+*/}}
+{{- define "argocd-appset-secret-plugin.testCommand" -}}
+http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H \"Authorization: Bearer $TOKEN\" -d \"{\"applicationSetName\": \"fake-appset\"}\"
+{{- end }}
+
+{{- define "argocd-appset-secret-plugin.tokenSecret" -}}
+{{- if not .Values.token.existingSecret }}
+{{- printf "%s-token" (include "argocd-appset-secret-plugin.fullname" .) }}
+{{- else }}
+{{ .Values.token.existingSecret }}
+{{- end }}
+{{- end }}
+
+{{- define "argocd-appset-secret-plugin.varSecret" -}}
+{{- if not .Values.secretVars.existingSecret }}
+{{- printf "%s-secret-vars" (include "argocd-appset-secret-plugin.fullname" .) }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{ .Values.secretVars.existingSecret }}
 {{- end }}
 {{- end }}

charts/argocd-appset-secret-plugin/templates/deployment.yaml

@@ -39,20 +39,22 @@ spec:
               protocol: TCP
           volumeMounts:
             - name: token
-              mountPath: "/var/run/argocd"
+              mountPath: "/var/run/argocd/token"
+              subPath: "token"
               readOnly: true
             - name: secret-vars
-              mountPath: "/var/run/secret-plugin"
+              mountPath: "/var/run/secret-plugin/secret_vars.yaml"
+              subPath: "secret_vars.yaml"
               readOnly: true
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       volumes:
         - name: token
           secret:
-            secretName: {{ include "argocd-appset-secret-plugin.fullname" . }}-token
+            secretName: "{{ include "argocd-appset-secret-plugin.tokenSecret" . }}"
         - name: secret-vars
           secret:
-            secretName: {{ .Values.secretVars.secretName }}
+            secretName: "{{ include "argocd-appset-secret-plugin.varSecret" . }}"
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/argocd-appset-secret-plugin/templates/secret-token.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.token.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,3 +8,5 @@ metadata:
 type: Opaque
 data:
   token: {{ randAlphaNum 32 | b64enc | quote }}
+
+{{- end }}

charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml

@@ -1,9 +1,9 @@
-{{- if eq .Values.secretVars.secretName "argocd-secret-vars-ci-test" }}
+{{- if not .Values.secretVars.existingSecret }}
 ---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: argocd-secret-vars-ci-test
+  name: {{ include "argocd-appset-secret-plugin.fullname" . }}-secret-vars
   labels:
     app.kubernetes.io/part-of: argocd
 stringData:

charts/argocd-appset-secret-plugin/templates/tests/test-configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test-connection
+data:
+  curl_script.sh: |
+    curl http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H  "Content-type:application/json" -H "Authorization: Bearer $TOKEN" -d '{"applicationSetName": "fake-appset", "input": {"parameters": {"secret_vars": ["app_name"]}}}'

charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml

@@ -8,8 +8,26 @@ metadata:
     "helm.sh/hook": test
 spec:
   containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "argocd-appset-secret-plugin.fullname" . }}:{{ .Values.service.port }}']
+    - name: curl
+      image: curlimages/curl
+      command: ['/bin/sh']
+      args:
+        - "-c"
+        - "/testing/curl_script.sh"
+      env:
+        - name: "TOKEN"
+          valueFrom:
+            secretKeyRef:
+              name: '{{ include "argocd-appset-secret-plugin.tokenSecret" . }}'
+              key: token
+      volumeMounts:
+        - name: curl-script
+          mountPath: "/testing"
+          readOnly: false
+  volumes:
+    - name: curl-script
+      configMap:
+        name: test-connection
+        defaultMode: 0777
+
   restartPolicy: Never

charts/argocd-appset-secret-plugin/values.yaml

@@ -19,8 +19,12 @@ nameOverride: ""
 fullnameOverride: ""
 
 secretVars:
-  # --  the name of the secret to use for your applicationSet parameters
-  secretName: argocd-secret-vars
+  # -- the name of an existing secret to use for the secret keys to provide to applicationSets via the plugin generator
+  existingSecret: ""
+
+token:
+  # -- the name of an existing secret to use for the token that argoCD and the plugin will use for communication
+  existingSecret: ""
 
 serviceAccount:
   # -- Specifies whether a service account should be created

docker/README.md

@@ -12,7 +12,7 @@ docker build . -t jessebot/argocd-appset-secret-plugin:dev
 
 Generate a fake token
 ```bash
-openssl rand -base64 12 > token && export PLUGIN_TOKEN=`/bin/cat token`
+openssl rand -base64 12 > token && export TOKEN=`/bin/cat token`
 ```
 
 Create some test values you'd like to get in your fake ApplicationSet:
@@ -25,7 +25,7 @@ Run the docker container:
 
 ```bash
 docker run \
-  -v ./secret_vars.yaml:/var/run/argocd/secret_vars.yaml \
+  -v ./secret_vars.yaml:/var/run/secret-plugin/secret_vars.yaml \
   -v ./token:/var/run/argocd/token \
   -p 4355:4355 \
   jessebot/argocd-appset-secret-plugin:dev
@@ -34,7 +34,7 @@ docker run \
 Send a request for a vairable in your secret_vars.yaml:
 
 ```bash
-curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $PLUGIN_TOKEN" -d \
+curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $TOKEN" -d \
 '{
   "applicationSetName": "fake-appset",
   "input": {