Add more idiomatic approach to provide certificates to installer

7 years ago · 36bd0655fb
parent aa98e7e3dd
commit 36bd0655fb
3 changed files with 67 additions and 30 deletions
--- a/cmd/helm/installer/install.go
+++ b/cmd/helm/installer/install.go
@ -355,18 +355,23 @@ func generateSecret(opts *Options) (*v1.Secret, error) {
 		},
 	}
 	var err error
-	if secret.Data["tls.key"], err = read(opts.TLSKeyFile); err != nil {
+	if secret.Data["tls.key"], err = read(opts.TLSKeyFile, opts.TLSKeyData); err != nil {
 		return nil, err
 	}
-	if secret.Data["tls.crt"], err = read(opts.TLSCertFile); err != nil {
+	if secret.Data["tls.crt"], err = read(opts.TLSCertFile, opts.TLSCertData); err != nil {
 		return nil, err
 	}
 	if opts.VerifyTLS {
-		if secret.Data["ca.crt"], err = read(opts.TLSCaCertFile); err != nil {
+		if secret.Data["ca.crt"], err = read(opts.TLSCaCertFile, opts.TLSCaCertFile); err != nil {
 			return nil, err
 		}
 	}
 	return secret, nil
 }

-func read(path string) (b []byte, err error) { return ioutil.ReadFile(path) }
+func read(path string, override []byte) (b []byte, err error) {
+	if len(override) > 0 {
+		return override, nil
+	}
+	return ioutil.ReadFile(path)
+}
--- a/cmd/helm/installer/install_test.go
+++ b/cmd/helm/installer/install_test.go
@ -161,14 +161,36 @@ func TestServiceManifest(t *testing.T) {
 }

 func TestSecretManifest(t *testing.T) {
-	o, err := SecretManifest(&Options{
+	tests := []struct {
+		opts Options
+		name string
+	}{
+		{
+			Options{
 				VerifyTLS:     true,
 				EnableTLS:     true,
 				Namespace:     v1.NamespaceDefault,
 				TLSKeyFile:    tlsTestFile(t, "key.pem"),
 				TLSCertFile:   tlsTestFile(t, "crt.pem"),
 				TLSCaCertFile: tlsTestFile(t, "ca.pem"),
-	})
+			},
+			"tls secret from file",
+		},
+		{
+			Options{
+				VerifyTLS:     true,
+				EnableTLS:     true,
+				Namespace:     v1.NamespaceDefault,
+				TLSKeyData:    "1",
+				TLSCertData:   "2",
+				TLSCaCertData: "3",
+			},
+			"tls secret from data",
+		},
+	}
+
+	for _, tt := range tests {
+		o, err := SecretManifest(&tt.opts)

 		if err != nil {
 			t.Fatalf("error %q", err)
@ -176,20 +198,21 @@ func TestSecretManifest(t *testing.T) {

 		var obj v1.Secret
 		if err := yaml.Unmarshal([]byte(o), &obj); err != nil {
-		t.Fatalf("error %q", err)
+			t.Fatalf("%s: error %q", tt.name, err)
 		}

 		if got := obj.ObjectMeta.Namespace; got != v1.NamespaceDefault {
-		t.Errorf("expected namespace %s, got %s", v1.NamespaceDefault, got)
+			t.Errorf("%s: expected namespace %s, got %s", tt.name, v1.NamespaceDefault, got)
 		}
 		if _, ok := obj.Data["tls.key"]; !ok {
-		t.Errorf("missing 'tls.key' in generated secret object")
+			t.Errorf("%s: missing 'tls.key' in generated secret object", tt.name)
 		}
 		if _, ok := obj.Data["tls.crt"]; !ok {
-		t.Errorf("missing 'tls.crt' in generated secret object")
+			t.Errorf("%s: missing 'tls.crt' in generated secret object", tt.name)
 		}
 		if _, ok := obj.Data["ca.crt"]; !ok {
-		t.Errorf("missing 'ca.crt' in generated secret object")
+			t.Errorf("%s: missing 'ca.crt' in generated secret object", tt.name)
+		}
 	}
 }

--- a/cmd/helm/installer/options.go
+++ b/cmd/helm/installer/options.go
@ -73,6 +73,15 @@ type Options struct {
 	// Required and valid if and only if VerifyTLS is set.
 	TLSCaCertFile string

+	// TLSKeyData contains raw PEM encoded data instead of TLSKeyFile path.
+	TLSKeyData []byte
+
+	// TLSCertData contains raw PEM encoded data instead of TLSCertFile path.
+	TLSCertData []byte
+
+	// TLSCaCertData contains raw PEM encoded data instead of TLSKeyFile path.
+	TLSCaCertData []byte
+
 	// EnableHostNetwork installs Tiller with net=host.
 	EnableHostNetwork bool