diff --git a/verify/test.sh b/verify/test.sh new file mode 100755 index 0000000..1a75905 --- /dev/null +++ b/verify/test.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +set -ueo pipefail +cd "$(dirname "${BASH_SOURCE[0]}")" + +keys_dir="$(dirname "${BASH_SOURCE[0]}")/.." +# deliberate just "dot" for current dir +sops_cfg_dir=. +secrets_file="mock_secrets.yaml" + +# prerequisite: for verification of sops config, idempotent create file with a mock secret, src: https://bash-org-archive.com/?244321 +test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${secrets_file}" && sops -e -i "${secrets_file}" ) + +set -x +# SAMPLE COMMANDS - manually uncomment to try out +# minimal operation: update .sops.yaml, update keys in encrypted file +../bin/update_sops.sh -c "${PWD}" "${secrets_file}" +# Full Args: specify path to each, also for secrets, mix specified and positional params +# ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" -s "${secrets_file}" "${secrets_file}" +# TEST: induce error: invalid file +# ../bin/update_sops.sh "${secrets_file}" -s non_existing_secrets.yaml + +# Special Case: Add caveat header +cat < .sops.yaml.tmp +# PURPOSE: BLUEPRINT for .sops.yaml config +# CAVEAT: DO NOT USE THIS FILE AS-IS in another project; copy it and remove the unauthorised users +$( cat .sops.yaml ) +EOM +mv .sops.yaml.tmp .sops.yaml + +# TEST +# define "fixture" +repo_root="$(git rev-parse --show-toplevel)" +read -p "start testing?" __var +# --- +# create sops cfg in curdir +rm .sops.yaml +../bin/update_sops.sh -c "${PWD}" -s "${secrets_file}" +test -e "${PWD}/.sops.yaml" +test ! -e "${repo_root}/.sops.yaml" +read -p "next test?" __var +# --- +# create sops cfg in default (repo root) +rm .sops.yaml +# note: fail if for any reason sops config defined at top level; this repo should not have this! +test -e "${repo_root}/.sops.yaml" +../bin/update_sops.sh -s "${secrets_file}" +test ! -e "${PWD}/.sops.yaml" +test -e "${repo_root}/.sops.yaml" +read -p "next test?" __var diff --git a/verify/usr_confirm_keycfg.sh b/verify/usr_confirm_keycfg.sh index 1a75905..e1d0f12 100755 --- a/verify/usr_confirm_keycfg.sh +++ b/verify/usr_confirm_keycfg.sh @@ -1,23 +1,16 @@ #!/usr/bin/env bash set -ueo pipefail +# PURPOSE: Allows End-User to verify their key configuration using a sample SOPS config and encrypted file cd "$(dirname "${BASH_SOURCE[0]}")" -keys_dir="$(dirname "${BASH_SOURCE[0]}")/.." -# deliberate just "dot" for current dir -sops_cfg_dir=. secrets_file="mock_secrets.yaml" # prerequisite: for verification of sops config, idempotent create file with a mock secret, src: https://bash-org-archive.com/?244321 test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${secrets_file}" && sops -e -i "${secrets_file}" ) set -x -# SAMPLE COMMANDS - manually uncomment to try out -# minimal operation: update .sops.yaml, update keys in encrypted file +# within current dir: update .sops.yaml, update keys in encrypted file ../bin/update_sops.sh -c "${PWD}" "${secrets_file}" -# Full Args: specify path to each, also for secrets, mix specified and positional params -# ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" -s "${secrets_file}" "${secrets_file}" -# TEST: induce error: invalid file -# ../bin/update_sops.sh "${secrets_file}" -s non_existing_secrets.yaml # Special Case: Add caveat header cat < .sops.yaml.tmp @@ -26,24 +19,3 @@ cat < .sops.yaml.tmp $( cat .sops.yaml ) EOM mv .sops.yaml.tmp .sops.yaml - -# TEST -# define "fixture" -repo_root="$(git rev-parse --show-toplevel)" -read -p "start testing?" __var -# --- -# create sops cfg in curdir -rm .sops.yaml -../bin/update_sops.sh -c "${PWD}" -s "${secrets_file}" -test -e "${PWD}/.sops.yaml" -test ! -e "${repo_root}/.sops.yaml" -read -p "next test?" __var -# --- -# create sops cfg in default (repo root) -rm .sops.yaml -# note: fail if for any reason sops config defined at top level; this repo should not have this! -test -e "${repo_root}/.sops.yaml" -../bin/update_sops.sh -s "${secrets_file}" -test ! -e "${PWD}/.sops.yaml" -test -e "${repo_root}/.sops.yaml" -read -p "next test?" __var