Simplify test-app-secret to only need one secret

pantherman594 · pantherman594 · commit 85990241c459 · 2026-05-06T14:18:54.000-04:00
diff --git a/src/test-app-secrets/secrets.yml b/src/test-app-secrets/secrets.yml
@@ -1,10 +1,5 @@
 secrets:
   - name: "example-secret"
-    valueVar: "EXAMPLE_SECRET"
-  - name: "pipe-secret"
-    pipeVar: "PIPE_SECRET"
-  - name: "path-secret"
-    pathVar: "PATH_SECRET"
-  - name: "multi-dest-secret"
-    valueVar: "MULTI_VALUE"
-    pathVar: "MULTI_PATH"
+    valueVar: "SECRET_VALUE"
+    pathVar: "SECRET_PATH"
+    pipeVar: "SECRET_PIPE"
diff --git a/tests/test-app-secrets.bats b/tests/test-app-secrets.bats
@@ -15,25 +15,25 @@ get_pid1_env() {
     ! exec_in_container root test -e /tmp/secrets
 }
 
-@test "secret: EXAMPLE_SECRET has correct value" {
-    result="$(get_pid1_env EXAMPLE_SECRET)"
-    [ "$result" = "test-value-secret" ]
+@test "secret: SECRET_VALUE has correct value" {
+    result="$(get_pid1_env SECRET_VALUE)"
+    [ "$result" = "secret-value" ]
 }
 
-@test "secret: PIPE_SECRET fd can only be read once" {
-    fd_path="$(get_pid1_env PIPE_SECRET)"
+@test "secret: SECRET_PIPE fd can only be read once" {
+    fd_path="$(get_pid1_env SECRET_PIPE)"
     fd="${fd_path#/dev/fd/}"
     result="$(exec_in_container root cat "/proc/1/fd/${fd}")"
-    [ "$result" = "test-pipe-secret" ]
+    [ "$result" = "secret-value" ]
     result="$(exec_in_container root cat "/proc/1/fd/${fd}")"
     [ "$result" = "" ]
 }
 
-@test "secret: PATH_SECRET fd is readable multiple times" {
-    fd_path="$(get_pid1_env PATH_SECRET)"
+@test "secret: SECRET_PATH fd is readable multiple times" {
+    fd_path="$(get_pid1_env SECRET_PATH)"
     fd="${fd_path#/dev/fd/}"
     result="$(exec_in_container root cat "/proc/1/fd/${fd}")"
-    [ "$result" = "test-path-secret" ]
+    [ "$result" = "secret-value" ]
     result="$(exec_in_container root cat "/proc/1/fd/${fd}")"
-    [ "$result" = "test-path-secret" ]
+    [ "$result" = "secret-value" ]
 }
diff --git a/tests/test-app-secrets.sh b/tests/test-app-secrets.sh
@@ -16,11 +16,9 @@ fi
 # Inject mock secrets to unblock the secret receiver
 echo "Injecting mock secrets..."
 echo '[
-    {"type":"valueVar","value":"test-value-secret","target":"EXAMPLE_SECRET"},
-    {"type":"pipeVar","value":"test-pipe-secret","target":"PIPE_SECRET"},
-    {"type":"pathVar","value":"test-path-secret","target":"PATH_SECRET"},
-    {"type":"valueVar","value":"test-multi-secret","target":"MULTI_VALUE"},
-    {"type":"pathVar","value":"test-multi-secret","target":"MULTI_PATH"}
+    {"type":"valueVar","value":"secret-value","target":"SECRET_VALUE"},
+    {"type":"pathVar","value":"secret-value","target":"SECRET_PATH"}
+    {"type":"pipeVar","value":"secret-value","target":"SECRET_PIPE"}
 ]' | timeout 30 docker exec --user root -i "$CONTAINER_NAME" sh -c 'cat > /tmp/secrets'
 
 bats tests/test-app-secrets.bats
