TMP: adds in-line test within the verify command, iter

verify/test.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -ueo pipefail
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+keys_dir="$(dirname "${BASH_SOURCE[0]}")/.."
+# deliberate just "dot" for current dir
+sops_cfg_dir=.
+secrets_file="mock_secrets.yaml"
+
+# prerequisite: for verification of sops config, idempotent create file with a mock secret, src: https://bash-org-archive.com/?244321
+test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${secrets_file}" && sops -e -i "${secrets_file}" )
+
+set -x
+# SAMPLE COMMANDS - manually uncomment to try out
+# minimal operation: update .sops.yaml, update keys in encrypted file
+../bin/update_sops.sh -c "${PWD}" "${secrets_file}"
+# Full Args: specify path to each, also for secrets, mix specified and positional params
+# ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" -s "${secrets_file}" "${secrets_file}"
+# TEST: induce error: invalid file
+# ../bin/update_sops.sh "${secrets_file}" -s non_existing_secrets.yaml
+
+# Special Case: Add caveat header
+cat <<EOM > .sops.yaml.tmp
+# PURPOSE: BLUEPRINT for .sops.yaml config
+# CAVEAT: DO NOT USE THIS FILE AS-IS in another project; copy it and remove the unauthorised users
+$( cat .sops.yaml )
+EOM
+mv .sops.yaml.tmp .sops.yaml
+
+# TEST
+# define "fixture"
+repo_root="$(git rev-parse --show-toplevel)"
+read -p "start testing?" __var
+# ---
+# create sops cfg in curdir
+rm .sops.yaml
+../bin/update_sops.sh -c "${PWD}" -s "${secrets_file}"
+test -e "${PWD}/.sops.yaml"
+test ! -e "${repo_root}/.sops.yaml"
+read -p "next test?" __var
+# ---
+# create sops cfg in default (repo root)
+rm .sops.yaml
+# note: fail if for any reason sops config defined at top level; this repo should not have this!
+test -e "${repo_root}/.sops.yaml"
+../bin/update_sops.sh -s "${secrets_file}"
+test ! -e "${PWD}/.sops.yaml"
+test -e "${repo_root}/.sops.yaml"
+read -p "next test?" __var

verify/usr_confirm_keycfg.sh

@@ -1,23 +1,16 @@
 #!/usr/bin/env bash
 set -ueo pipefail
+# PURPOSE: Allows End-User to verify their key configuration using a sample SOPS config and encrypted file
 cd "$(dirname "${BASH_SOURCE[0]}")"
 
-keys_dir="$(dirname "${BASH_SOURCE[0]}")/.."
-# deliberate just "dot" for current dir
-sops_cfg_dir=.
 secrets_file="mock_secrets.yaml"
 
 # prerequisite: for verification of sops config, idempotent create file with a mock secret, src: https://bash-org-archive.com/?244321
 test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${secrets_file}" && sops -e -i "${secrets_file}" )
 
 set -x
-# SAMPLE COMMANDS - manually uncomment to try out
-# minimal operation: update .sops.yaml, update keys in encrypted file
+# within current dir: update .sops.yaml, update keys in encrypted file
 ../bin/update_sops.sh -c "${PWD}" "${secrets_file}"
-# Full Args: specify path to each, also for secrets, mix specified and positional params
-# ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" -s "${secrets_file}" "${secrets_file}"
-# TEST: induce error: invalid file
-# ../bin/update_sops.sh "${secrets_file}" -s non_existing_secrets.yaml
 
 # Special Case: Add caveat header
 cat <<EOM > .sops.yaml.tmp
@@ -26,24 +19,3 @@ cat <<EOM > .sops.yaml.tmp
 $( cat .sops.yaml )
 EOM
 mv .sops.yaml.tmp .sops.yaml
-
-# TEST
-# define "fixture"
-repo_root="$(git rev-parse --show-toplevel)"
-read -p "start testing?" __var
-# ---
-# create sops cfg in curdir
-rm .sops.yaml
-../bin/update_sops.sh -c "${PWD}" -s "${secrets_file}"
-test -e "${PWD}/.sops.yaml"
-test ! -e "${repo_root}/.sops.yaml"
-read -p "next test?" __var
-# ---
-# create sops cfg in default (repo root)
-rm .sops.yaml
-# note: fail if for any reason sops config defined at top level; this repo should not have this!
-test -e "${repo_root}/.sops.yaml"
-../bin/update_sops.sh -s "${secrets_file}"
-test ! -e "${PWD}/.sops.yaml"
-test -e "${repo_root}/.sops.yaml"
-read -p "next test?" __var