As it stands right now, we have no good way to test the sealedSecrets.
There is an issue with what we're passing in, and what sealedSecrets expects as output.
|
{{- include "rstudio-library.config.ini" .Values.config.sessionSecret | nindent 6 }} |
uses
|
{{- define "rstudio-library.config.ini" -}} |
|
{{- range $file, $keys := . -}} |
|
{{- printf "%s: |" $file | nindent 0 }} |
|
{{- if kindIs "string" $keys }} |
|
{{- $keys | nindent 2 }} |
|
{{- else }} |
|
{{- range $parent, $child := $keys -}} |
|
{{/* ini files may have multiple sections with the same name */}} |
|
{{- $sections := ( (kindIs "slice" $child) | ternary $child ( list $child ))}} |
|
{{- range $i, $section := $sections -}} |
|
{{- if kindIs "map" $section }} |
|
{{- if not ( kindIs "slice" $keys ) -}} |
|
{{- printf "[%s]" (toString $parent) | nindent 2 }} |
|
{{- end }} |
|
{{- range $key, $val := $section }} |
|
{{- printf "%s=%s" (toString $key) (toString $val) | nindent 2 }} |
|
{{- end }} |
|
{{- printf "" | nindent 0 }} |
|
{{- else }} |
|
{{- printf "%s=%s" (toString $parent) (toString $section) | nindent 2 }} |
|
{{- end }} |
|
{{- end }} |
|
{{- end }} |
|
{{- end }} |
|
{{- end }} |
|
{{- end }} |
which outputs an object, but sealedSecrets expects an encrypted string.
The problem is that we install a new cluster every time for testing, which creates a new pem file to encrypt secrets and convert them to sealedSecrets which you are then supposed to apply to the cluster. Doing that in an automated, repeatable, and reliable way is going to take some work
