Add more idiomatic approach to provide certificates to installer

cmd/helm/installer/install.go

@@ -355,18 +355,23 @@ func generateSecret(opts *Options) (*v1.Secret, error) {
 		},
 	}
 	var err error
-	if secret.Data["tls.key"], err = read(opts.TLSKeyFile); err != nil {
+	if secret.Data["tls.key"], err = read(opts.TLSKeyFile, opts.TLSKeyData); err != nil {
 		return nil, err
 	}
-	if secret.Data["tls.crt"], err = read(opts.TLSCertFile); err != nil {
+	if secret.Data["tls.crt"], err = read(opts.TLSCertFile, opts.TLSCertData); err != nil {
 		return nil, err
 	}
 	if opts.VerifyTLS {
-		if secret.Data["ca.crt"], err = read(opts.TLSCaCertFile); err != nil {
+		if secret.Data["ca.crt"], err = read(opts.TLSCaCertFile, opts.TLSCaCertFile); err != nil {
 			return nil, err
 		}
 	}
 	return secret, nil
 }
 
-func read(path string) (b []byte, err error) { return ioutil.ReadFile(path) }
+func read(path string, override []byte) (b []byte, err error) {
+	if len(override) > 0 {
+		return override, nil
+	}
+	return ioutil.ReadFile(path)
+}

cmd/helm/installer/install_test.go

@@ -161,35 +161,58 @@ func TestServiceManifest(t *testing.T) {
 }
 
 func TestSecretManifest(t *testing.T) {
-	o, err := SecretManifest(&Options{
+	tests := []struct {
-		VerifyTLS:     true,
+		opts Options
-		EnableTLS:     true,
+		name string
-		Namespace:     v1.NamespaceDefault,
+	}{
-		TLSKeyFile:    tlsTestFile(t, "key.pem"),
+		{
-		TLSCertFile:   tlsTestFile(t, "crt.pem"),
+			Options{
-		TLSCaCertFile: tlsTestFile(t, "ca.pem"),
+				VerifyTLS:     true,
-	})
+				EnableTLS:     true,
-
+				Namespace:     v1.NamespaceDefault,
-	if err != nil {
+				TLSKeyFile:    tlsTestFile(t, "key.pem"),
-		t.Fatalf("error %q", err)
+				TLSCertFile:   tlsTestFile(t, "crt.pem"),
+				TLSCaCertFile: tlsTestFile(t, "ca.pem"),
+			},
+			"tls secret from file",
+		},
+		{
+			Options{
+				VerifyTLS:     true,
+				EnableTLS:     true,
+				Namespace:     v1.NamespaceDefault,
+				TLSKeyData:    "1",
+				TLSCertData:   "2",
+				TLSCaCertData: "3",
+			},
+			"tls secret from data",
+		},
 	}
 
-	var obj v1.Secret
+	for _, tt := range tests {
-	if err := yaml.Unmarshal([]byte(o), &obj); err != nil {
+		o, err := SecretManifest(&tt.opts)
-		t.Fatalf("error %q", err)
-	}
 
-	if got := obj.ObjectMeta.Namespace; got != v1.NamespaceDefault {
+		if err != nil {
-		t.Errorf("expected namespace %s, got %s", v1.NamespaceDefault, got)
+			t.Fatalf("error %q", err)
-	}
+		}
-	if _, ok := obj.Data["tls.key"]; !ok {
+
-		t.Errorf("missing 'tls.key' in generated secret object")
+		var obj v1.Secret
-	}
+		if err := yaml.Unmarshal([]byte(o), &obj); err != nil {
-	if _, ok := obj.Data["tls.crt"]; !ok {
+			t.Fatalf("%s: error %q", tt.name, err)
-		t.Errorf("missing 'tls.crt' in generated secret object")
+		}
-	}
+
-	if _, ok := obj.Data["ca.crt"]; !ok {
+		if got := obj.ObjectMeta.Namespace; got != v1.NamespaceDefault {
-		t.Errorf("missing 'ca.crt' in generated secret object")
+			t.Errorf("%s: expected namespace %s, got %s", tt.name, v1.NamespaceDefault, got)
+		}
+		if _, ok := obj.Data["tls.key"]; !ok {
+			t.Errorf("%s: missing 'tls.key' in generated secret object", tt.name)
+		}
+		if _, ok := obj.Data["tls.crt"]; !ok {
+			t.Errorf("%s: missing 'tls.crt' in generated secret object", tt.name)
+		}
+		if _, ok := obj.Data["ca.crt"]; !ok {
+			t.Errorf("%s: missing 'ca.crt' in generated secret object", tt.name)
+		}
 	}
 }
 

cmd/helm/installer/options.go

@@ -73,6 +73,15 @@ type Options struct {
 	// Required and valid if and only if VerifyTLS is set.
 	TLSCaCertFile string
 
+	// TLSKeyData contains raw PEM encoded data instead of TLSKeyFile path.
+	TLSKeyData []byte
+
+	// TLSCertData contains raw PEM encoded data instead of TLSCertFile path.
+	TLSCertData []byte
+
+	// TLSCaCertData contains raw PEM encoded data instead of TLSKeyFile path.
+	TLSCaCertData []byte
+
 	// EnableHostNetwork installs Tiller with net=host.
 	EnableHostNetwork bool