From 36bd0655fb874ea0ebebdfac3d1d0965bd0c9c54 Mon Sep 17 00:00:00 2001
From: Simas Cepaitis <noriuspamo@gmail.com>
Date: Wed, 4 Jul 2018 13:39:10 +0100
Subject: [PATCH] Add more idiomatic approach to provide certificates to
 installer

---
 cmd/helm/installer/install.go      | 13 ++++--
 cmd/helm/installer/install_test.go | 75 +++++++++++++++++++-----------
 cmd/helm/installer/options.go      |  9 ++++
 3 files changed, 67 insertions(+), 30 deletions(-)

diff --git a/cmd/helm/installer/install.go b/cmd/helm/installer/install.go
index becf412a1..1e02f4ac8 100644
--- a/cmd/helm/installer/install.go
+++ b/cmd/helm/installer/install.go
@@ -355,18 +355,23 @@ func generateSecret(opts *Options) (*v1.Secret, error) {
 		},
 	}
 	var err error
-	if secret.Data["tls.key"], err = read(opts.TLSKeyFile); err != nil {
+	if secret.Data["tls.key"], err = read(opts.TLSKeyFile, opts.TLSKeyData); err != nil {
 		return nil, err
 	}
-	if secret.Data["tls.crt"], err = read(opts.TLSCertFile); err != nil {
+	if secret.Data["tls.crt"], err = read(opts.TLSCertFile, opts.TLSCertData); err != nil {
 		return nil, err
 	}
 	if opts.VerifyTLS {
-		if secret.Data["ca.crt"], err = read(opts.TLSCaCertFile); err != nil {
+		if secret.Data["ca.crt"], err = read(opts.TLSCaCertFile, opts.TLSCaCertFile); err != nil {
 			return nil, err
 		}
 	}
 	return secret, nil
 }
 
-func read(path string) (b []byte, err error) { return ioutil.ReadFile(path) }
+func read(path string, override []byte) (b []byte, err error) {
+	if len(override) > 0 {
+		return override, nil
+	}
+	return ioutil.ReadFile(path)
+}
diff --git a/cmd/helm/installer/install_test.go b/cmd/helm/installer/install_test.go
index dbb7143e3..283d3838e 100644
--- a/cmd/helm/installer/install_test.go
+++ b/cmd/helm/installer/install_test.go
@@ -161,35 +161,58 @@ func TestServiceManifest(t *testing.T) {
 }
 
 func TestSecretManifest(t *testing.T) {
-	o, err := SecretManifest(&Options{
-		VerifyTLS:     true,
-		EnableTLS:     true,
-		Namespace:     v1.NamespaceDefault,
-		TLSKeyFile:    tlsTestFile(t, "key.pem"),
-		TLSCertFile:   tlsTestFile(t, "crt.pem"),
-		TLSCaCertFile: tlsTestFile(t, "ca.pem"),
-	})
-
-	if err != nil {
-		t.Fatalf("error %q", err)
+	tests := []struct {
+		opts Options
+		name string
+	}{
+		{
+			Options{
+				VerifyTLS:     true,
+				EnableTLS:     true,
+				Namespace:     v1.NamespaceDefault,
+				TLSKeyFile:    tlsTestFile(t, "key.pem"),
+				TLSCertFile:   tlsTestFile(t, "crt.pem"),
+				TLSCaCertFile: tlsTestFile(t, "ca.pem"),
+			},
+			"tls secret from file",
+		},
+		{
+			Options{
+				VerifyTLS:     true,
+				EnableTLS:     true,
+				Namespace:     v1.NamespaceDefault,
+				TLSKeyData:    "1",
+				TLSCertData:   "2",
+				TLSCaCertData: "3",
+			},
+			"tls secret from data",
+		},
 	}
 
-	var obj v1.Secret
-	if err := yaml.Unmarshal([]byte(o), &obj); err != nil {
-		t.Fatalf("error %q", err)
-	}
+	for _, tt := range tests {
+		o, err := SecretManifest(&tt.opts)
 
-	if got := obj.ObjectMeta.Namespace; got != v1.NamespaceDefault {
-		t.Errorf("expected namespace %s, got %s", v1.NamespaceDefault, got)
-	}
-	if _, ok := obj.Data["tls.key"]; !ok {
-		t.Errorf("missing 'tls.key' in generated secret object")
-	}
-	if _, ok := obj.Data["tls.crt"]; !ok {
-		t.Errorf("missing 'tls.crt' in generated secret object")
-	}
-	if _, ok := obj.Data["ca.crt"]; !ok {
-		t.Errorf("missing 'ca.crt' in generated secret object")
+		if err != nil {
+			t.Fatalf("error %q", err)
+		}
+
+		var obj v1.Secret
+		if err := yaml.Unmarshal([]byte(o), &obj); err != nil {
+			t.Fatalf("%s: error %q", tt.name, err)
+		}
+
+		if got := obj.ObjectMeta.Namespace; got != v1.NamespaceDefault {
+			t.Errorf("%s: expected namespace %s, got %s", tt.name, v1.NamespaceDefault, got)
+		}
+		if _, ok := obj.Data["tls.key"]; !ok {
+			t.Errorf("%s: missing 'tls.key' in generated secret object", tt.name)
+		}
+		if _, ok := obj.Data["tls.crt"]; !ok {
+			t.Errorf("%s: missing 'tls.crt' in generated secret object", tt.name)
+		}
+		if _, ok := obj.Data["ca.crt"]; !ok {
+			t.Errorf("%s: missing 'ca.crt' in generated secret object", tt.name)
+		}
 	}
 }
 
diff --git a/cmd/helm/installer/options.go b/cmd/helm/installer/options.go
index 3769d12e1..a8a14233d 100644
--- a/cmd/helm/installer/options.go
+++ b/cmd/helm/installer/options.go
@@ -73,6 +73,15 @@ type Options struct {
 	// Required and valid if and only if VerifyTLS is set.
 	TLSCaCertFile string
 
+	// TLSKeyData contains raw PEM encoded data instead of TLSKeyFile path.
+	TLSKeyData []byte
+
+	// TLSCertData contains raw PEM encoded data instead of TLSCertFile path.
+	TLSCertData []byte
+
+	// TLSCaCertData contains raw PEM encoded data instead of TLSKeyFile path.
+	TLSCaCertData []byte
+
 	// EnableHostNetwork installs Tiller with net=host.
 	EnableHostNetwork bool