certmanager tests

This commit is contained in:
Stavros kois
2023-12-06 23:16:36 +02:00
parent dc0d5e328f
commit 4d1508b569
7 changed files with 125 additions and 133 deletions

View File

@@ -0,0 +1,93 @@
suite: ingress - cert manager metadata test
templates:
- common.yaml
chart:
appVersion: &appVer v9.9.9
release:
name: test-release-name
namespace: test-release-namespace
tests:
- it: should pass with ingress created with annotations from cert manager
set:
operator: &operator
verify:
enabled: false
ingress:
my-ingress:
enabled: true
primary: true
integrations:
certManager:
enabled: true
clusterIssuer: some-issuer
asserts:
- documentIndex: &ingressDoc 0
isKind:
of: Ingress
- documentIndex: *ingressDoc
equal:
path: metadata.name
value: test-release-name-common-test
- documentIndex: *ingressDoc
equal:
path: metadata.annotations
value:
cert-manager.io/cluster-issuer: some-issuer
cert-manager.io/private-key-rotation-policy: Always
- documentIndex: *ingressDoc
equal:
path: metadata.namespace
value: test-release-namespace
- it: should pass with ingress created without cert manager annotations when cert manager false
set:
operator: *operator
ingress:
my-ingress:
enabled: true
primary: true
integrations:
certManager:
enabled: false
asserts:
- documentIndex: *ingressDoc
isKind:
of: Ingress
- documentIndex: *ingressDoc
equal:
path: metadata.name
value: test-release-name-common-test
- documentIndex: *ingressDoc
isNull:
path: metadata.annotations
# Failures
- it: should fail with missing clusterIssuer
set:
operator: *operator
ingress:
my-ingress1:
enabled: true
primary: true
integrations:
certManager:
enabled: true
asserts:
- failedTemplate:
errorMessage: Ingress - Expected a non-empty [integrations.certManager.clusterIssuer]
- it: should fail with clusterIssuer not a string
set:
operator: *operator
ingress:
my-ingress1:
enabled: true
primary: true
integrations:
certManager:
enabled: true
clusterIssuer:
- some-issuer
asserts:
- failedTemplate:
errorMessage: Ingress - Expected [integrations.certManager.clusterIssuer] to be a [string], but got [slice]

View File

@@ -18,11 +18,6 @@ tests:
operator: &operator
verify:
enabled: false
global:
traefik:
addIngressAnnotations: false
certManager:
addIngressAnnotations: false
ingress:
my-ingress1:
enabled: true

View File

@@ -14,10 +14,6 @@ tests:
annotation1: annotation1
annotation2: global_annotation2
global:
traefik:
addIngressAnnotations: false
certManager:
addIngressAnnotations: false
labels:
g_label1: global_label1
g_label2: "{{ .Values.label2 }}"

View File

@@ -7,7 +7,7 @@ release:
name: test-release-name
namespace: test-release-namespace
tests:
- it: should pass with ingress created with annotations from traefik by default
- it: should pass with ingress created with annotations from traefik
set:
operator: &operator
verify:
@@ -16,6 +16,9 @@ tests:
my-ingress:
enabled: true
primary: true
integrations:
traefik:
enabled: true
asserts:
- documentIndex: &ingressDoc 0
isKind:
@@ -340,81 +343,6 @@ tests:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: chain-basic-tc-system@kubernetescrd,some-middleware-tc-system@kubernetescrd,some-other-middleware-tc-system@kubernetescrd
- it: should disable traefik annotations in ingress
set:
operator: *operator
global:
traefik:
addIngressAnnotations: false
ingress:
my-ingress:
enabled: true
primary: true
asserts:
- documentIndex: *ingressDoc
isKind:
of: Ingress
- documentIndex: *ingressDoc
equal:
path: metadata.name
value: test-release-name-common-test
- documentIndex: *ingressDoc
isNull:
path: metadata.annotations
- it: should override global disable for traefik annotations in ingress
set:
operator: *operator
global:
traefik:
addIngressAnnotations: false
ingress:
my-ingress:
enabled: true
primary: true
integrations:
traefik:
enabled: true
asserts:
- documentIndex: *ingressDoc
isKind:
of: Ingress
- documentIndex: *ingressDoc
equal:
path: metadata.name
value: test-release-name-common-test
- documentIndex: *ingressDoc
equal:
path: metadata.annotations
value:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: chain-basic-tc-system@kubernetescrd
- it: should override global disable for traefik annotations in ingress
set:
operator: *operator
global:
traefik:
addIngressAnnotations: true
ingress:
my-ingress:
enabled: true
primary: true
integrations:
traefik:
enabled: false
asserts:
- documentIndex: *ingressDoc
isKind:
of: Ingress
- documentIndex: *ingressDoc
equal:
path: metadata.name
value: test-release-name-common-test
- documentIndex: *ingressDoc
isNull:
path: metadata.annotations
# Failures
- it: should fail with entrypoint not a slice
set:

View File

@@ -4,19 +4,10 @@
{{- $certManager := $objectData.integrations.certManager -}}
{{- $enabled := false -}}
{{- if (hasKey $rootCtx.Values.global "certManager") -}}
{{- $enabled = $rootCtx.Values.global.certManager.addIngressAnnotations -}}
{{- end -}}
{{- if and $certManager (kindIs "bool" $certManager.enabled) -}}
{{- $enabled = $certManager.enabled -}}
{{- end -}}
{{- if $enabled -}}
{{- if $certManager.enabled -}}
{{- include "tc.v1.common.lib.ingress.integration.certManager.validate" (dict "objectData" $objectData) -}}
{{- $_ := set $objectData.annotations "cert-manager.io/cluster-issuer" "TODO:" -}}
{{- $_ := set $objectData.annotations "cert-manager.io/cluster-issuer" $certManager.clusterIssuer -}}
{{- $_ := set $objectData.annotations "cert-manager.io/private-key-rotation-policy" "Always" -}}
{{- end -}}
@@ -27,7 +18,12 @@
{{- $certManager := $objectData.integrations.certManager -}}
{{- if $certManager -}}
{{- if not $certManager.clusterIssuer -}}
{{- fail "Ingress - Expected a non-empty [integrations.certManager.clusterIssuer]" -}}
{{- end -}}
{{- if not (kindIs "string" $certManager.clusterIssuer) -}}
{{- fail (printf "Ingress - Expected [integrations.certManager.clusterIssuer] to be a [string], but got [%s]" (kindOf $certManager.clusterIssuer)) -}}
{{- end -}}
{{- end -}}

View File

@@ -4,16 +4,7 @@
{{- $traefik := $objectData.integrations.traefik -}}
{{- $enabled := false -}}
{{- if (hasKey $rootCtx.Values.global "traefik") -}}
{{- $enabled = $rootCtx.Values.global.traefik.addIngressAnnotations -}}
{{- end -}}
{{- if and $traefik (kindIs "bool" $traefik.enabled) -}}
{{- $enabled = $traefik.enabled -}}
{{- end -}}
{{- if $enabled -}}
{{- if $traefik.enabled -}}
{{- include "tc.v1.common.lib.ingress.integration.traefik.validate" (dict "objectData" $objectData) -}}
{{- $fixedMiddlewares := list -}}
@@ -98,24 +89,22 @@
{{- $traefik := $objectData.integrations.traefik -}}
{{- if $traefik -}}
{{- if $traefik.entrypoints -}}
{{- if not (kindIs "slice" $traefik.entrypoints) -}}
{{- fail (printf "Ingress - Expected [integrations.traefik.entrypoints] to be a [slice], but got [%s]" (kindOf $traefik.entrypoints)) -}}
{{- end -}}
{{- if $traefik.entrypoints -}}
{{- if not (kindIs "slice" $traefik.entrypoints) -}}
{{- fail (printf "Ingress - Expected [integrations.traefik.entrypoints] to be a [slice], but got [%s]" (kindOf $traefik.entrypoints)) -}}
{{- end -}}
{{- if $traefik.middlewares -}}
{{- if not (kindIs "slice" $traefik.middlewares) -}}
{{- fail (printf "Ingress - Expected [integrations.traefik.middlewares] to be a [slice], but got [%s]" (kindOf $traefik.middlewares)) -}}
{{- end -}}
{{- end -}}
{{- if $traefik.fixedMiddlewares -}}
{{- if not (kindIs "slice" $traefik.fixedMiddlewares) -}}
{{- fail (printf "Ingress - Expected [integrations.traefik.fixedMiddlewares] to be a [slice], but got [%s]" (kindOf $traefik.fixedMiddlewares)) -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if $traefik.middlewares -}}
{{- if not (kindIs "slice" $traefik.middlewares) -}}
{{- fail (printf "Ingress - Expected [integrations.traefik.middlewares] to be a [slice], but got [%s]" (kindOf $traefik.middlewares)) -}}
{{- end -}}
{{- end -}}
{{- if $traefik.fixedMiddlewares -}}
{{- if not (kindIs "slice" $traefik.fixedMiddlewares) -}}
{{- fail (printf "Ingress - Expected [integrations.traefik.fixedMiddlewares] to be a [slice], but got [%s]" (kindOf $traefik.fixedMiddlewares)) -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@@ -10,19 +10,14 @@ global:
metallb:
# -- Adds metalLB annotations to services
addServiceAnnotations: true
certManager:
# -- Adds cert-manager annotations to ingresses
addIngressAnnotations: true
traefik:
# -- Adds traefik annotations to services (when needed)
addServiceAnnotations: true
# -- Enable or disable traefik ingress integration, can be overruled per ingress
addIngressAnnotations: true
# Enables or disables the fixed middlewares on all ingresses
# Can be overrided per ingress
# Can be overruled per ingress
enableFixedMiddlewares: true
# Applies middleware to all ingresses
# Can be overrided per ingress
# Can be overruled per ingress
fixedMiddlewares:
- chain-basic
# -- Minimum nodePort value