don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode (#415)

* don't set VAULT_DEV_ROOT_TOKEN_ID by default in dev mode * don't template environment variables that no longer exist * fix tests after removing VAULT_DEV_ROOT_TOKEN_ID env variable * removed a typo * allow overriding VAULT_DEV_ROOT_TOKEN_ID in dev mode * correct ambiguous description * don't set default values in templates for visibility, update tests and set uncomment devRootToken in values.yaml * Update devRootToken description
hashicorp · Dec 7, 2020 · e2b6098 · e2b6098
1 parent a8c1b4b
commit e2b6098
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 2 deletions.
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -131,7 +131,7 @@ Set's additional environment variables based on the mode.
 {{- define "vault.envs" -}}
   {{ if eq .mode "dev" }}
             - name: VAULT_DEV_ROOT_TOKEN_ID
-              value: "root"
+              value: {{ .Values.server.dev.devRootToken }}
   {{ end }}
 {{- end -}}
 

diff --git a/test/unit/server-dev-statefulset.bats b/test/unit/server-dev-statefulset.bats
@@ -235,6 +235,44 @@ load _helpers
   [ "${actual}" = "null" ]
 }
 
+#--------------------------------------------------------------------
+# devRootToken
+
+@test "server/dev-StatefulSet: set default devRootToken" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.dev.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.[11].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_DEV_ROOT_TOKEN_ID" ]
+
+  local actual=$(echo $object |
+      yq -r '.[11].value' | tee /dev/stderr)
+  [ "${actual}" = "root" ]
+}
+
+@test "server/dev-StatefulSet: set custom devRootToken" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.dev.enabled=true' \
+      --set 'server.dev.devRootToken=customtoken' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.[11].name' | tee /dev/stderr)
+  [ "${actual}" = "VAULT_DEV_ROOT_TOKEN_ID" ]
+
+  local actual=$(echo $object |
+      yq -r '.[11].value' | tee /dev/stderr)
+  [ "${actual}" = "customtoken" ]
+}
+
 #--------------------------------------------------------------------
 # extraEnvironmentVars
 
@@ -249,7 +287,7 @@ load _helpers
       yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
 
   local actual=$(echo $object |
-    yq -r '.[12].name' | tee /dev/stderr)
+      yq -r '.[12].name' | tee /dev/stderr)
   [ "${actual}" = "FOO" ]
 
   local actual=$(echo $object |

diff --git a/values.yaml b/values.yaml
@@ -417,6 +417,9 @@ server:
   dev:
     enabled: false
 
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+
   # Run Vault in "standalone" mode. This is the default mode that will deploy if
   # no arguments are given to helm. This requires a PVC for data storage to use
   # the "file" backend.  This mode is not highly available and should not be scaled