mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-04 13:11:22 -03:00
certmanager tests
This commit is contained in:
93
library/common-test/tests/ingress/cert_manager_test.yaml
Normal file
93
library/common-test/tests/ingress/cert_manager_test.yaml
Normal file
@@ -0,0 +1,93 @@
|
||||
suite: ingress - cert manager metadata test
|
||||
templates:
|
||||
- common.yaml
|
||||
chart:
|
||||
appVersion: &appVer v9.9.9
|
||||
release:
|
||||
name: test-release-name
|
||||
namespace: test-release-namespace
|
||||
tests:
|
||||
- it: should pass with ingress created with annotations from cert manager
|
||||
set:
|
||||
operator: &operator
|
||||
verify:
|
||||
enabled: false
|
||||
ingress:
|
||||
my-ingress:
|
||||
enabled: true
|
||||
primary: true
|
||||
integrations:
|
||||
certManager:
|
||||
enabled: true
|
||||
clusterIssuer: some-issuer
|
||||
asserts:
|
||||
- documentIndex: &ingressDoc 0
|
||||
isKind:
|
||||
of: Ingress
|
||||
- documentIndex: *ingressDoc
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: test-release-name-common-test
|
||||
- documentIndex: *ingressDoc
|
||||
equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
cert-manager.io/cluster-issuer: some-issuer
|
||||
cert-manager.io/private-key-rotation-policy: Always
|
||||
- documentIndex: *ingressDoc
|
||||
equal:
|
||||
path: metadata.namespace
|
||||
value: test-release-namespace
|
||||
|
||||
- it: should pass with ingress created without cert manager annotations when cert manager false
|
||||
set:
|
||||
operator: *operator
|
||||
ingress:
|
||||
my-ingress:
|
||||
enabled: true
|
||||
primary: true
|
||||
integrations:
|
||||
certManager:
|
||||
enabled: false
|
||||
asserts:
|
||||
- documentIndex: *ingressDoc
|
||||
isKind:
|
||||
of: Ingress
|
||||
- documentIndex: *ingressDoc
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: test-release-name-common-test
|
||||
- documentIndex: *ingressDoc
|
||||
isNull:
|
||||
path: metadata.annotations
|
||||
|
||||
# Failures
|
||||
- it: should fail with missing clusterIssuer
|
||||
set:
|
||||
operator: *operator
|
||||
ingress:
|
||||
my-ingress1:
|
||||
enabled: true
|
||||
primary: true
|
||||
integrations:
|
||||
certManager:
|
||||
enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: Ingress - Expected a non-empty [integrations.certManager.clusterIssuer]
|
||||
|
||||
- it: should fail with clusterIssuer not a string
|
||||
set:
|
||||
operator: *operator
|
||||
ingress:
|
||||
my-ingress1:
|
||||
enabled: true
|
||||
primary: true
|
||||
integrations:
|
||||
certManager:
|
||||
enabled: true
|
||||
clusterIssuer:
|
||||
- some-issuer
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: Ingress - Expected [integrations.certManager.clusterIssuer] to be a [string], but got [slice]
|
||||
@@ -18,11 +18,6 @@ tests:
|
||||
operator: &operator
|
||||
verify:
|
||||
enabled: false
|
||||
global:
|
||||
traefik:
|
||||
addIngressAnnotations: false
|
||||
certManager:
|
||||
addIngressAnnotations: false
|
||||
ingress:
|
||||
my-ingress1:
|
||||
enabled: true
|
||||
|
||||
@@ -14,10 +14,6 @@ tests:
|
||||
annotation1: annotation1
|
||||
annotation2: global_annotation2
|
||||
global:
|
||||
traefik:
|
||||
addIngressAnnotations: false
|
||||
certManager:
|
||||
addIngressAnnotations: false
|
||||
labels:
|
||||
g_label1: global_label1
|
||||
g_label2: "{{ .Values.label2 }}"
|
||||
|
||||
@@ -7,7 +7,7 @@ release:
|
||||
name: test-release-name
|
||||
namespace: test-release-namespace
|
||||
tests:
|
||||
- it: should pass with ingress created with annotations from traefik by default
|
||||
- it: should pass with ingress created with annotations from traefik
|
||||
set:
|
||||
operator: &operator
|
||||
verify:
|
||||
@@ -16,6 +16,9 @@ tests:
|
||||
my-ingress:
|
||||
enabled: true
|
||||
primary: true
|
||||
integrations:
|
||||
traefik:
|
||||
enabled: true
|
||||
asserts:
|
||||
- documentIndex: &ingressDoc 0
|
||||
isKind:
|
||||
@@ -340,81 +343,6 @@ tests:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: chain-basic-tc-system@kubernetescrd,some-middleware-tc-system@kubernetescrd,some-other-middleware-tc-system@kubernetescrd
|
||||
|
||||
- it: should disable traefik annotations in ingress
|
||||
set:
|
||||
operator: *operator
|
||||
global:
|
||||
traefik:
|
||||
addIngressAnnotations: false
|
||||
ingress:
|
||||
my-ingress:
|
||||
enabled: true
|
||||
primary: true
|
||||
asserts:
|
||||
- documentIndex: *ingressDoc
|
||||
isKind:
|
||||
of: Ingress
|
||||
- documentIndex: *ingressDoc
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: test-release-name-common-test
|
||||
- documentIndex: *ingressDoc
|
||||
isNull:
|
||||
path: metadata.annotations
|
||||
|
||||
- it: should override global disable for traefik annotations in ingress
|
||||
set:
|
||||
operator: *operator
|
||||
global:
|
||||
traefik:
|
||||
addIngressAnnotations: false
|
||||
ingress:
|
||||
my-ingress:
|
||||
enabled: true
|
||||
primary: true
|
||||
integrations:
|
||||
traefik:
|
||||
enabled: true
|
||||
asserts:
|
||||
- documentIndex: *ingressDoc
|
||||
isKind:
|
||||
of: Ingress
|
||||
- documentIndex: *ingressDoc
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: test-release-name-common-test
|
||||
- documentIndex: *ingressDoc
|
||||
equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: chain-basic-tc-system@kubernetescrd
|
||||
|
||||
- it: should override global disable for traefik annotations in ingress
|
||||
set:
|
||||
operator: *operator
|
||||
global:
|
||||
traefik:
|
||||
addIngressAnnotations: true
|
||||
ingress:
|
||||
my-ingress:
|
||||
enabled: true
|
||||
primary: true
|
||||
integrations:
|
||||
traefik:
|
||||
enabled: false
|
||||
asserts:
|
||||
- documentIndex: *ingressDoc
|
||||
isKind:
|
||||
of: Ingress
|
||||
- documentIndex: *ingressDoc
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: test-release-name-common-test
|
||||
- documentIndex: *ingressDoc
|
||||
isNull:
|
||||
path: metadata.annotations
|
||||
|
||||
# Failures
|
||||
- it: should fail with entrypoint not a slice
|
||||
set:
|
||||
|
||||
@@ -4,19 +4,10 @@
|
||||
|
||||
{{- $certManager := $objectData.integrations.certManager -}}
|
||||
|
||||
{{- $enabled := false -}}
|
||||
{{- if (hasKey $rootCtx.Values.global "certManager") -}}
|
||||
{{- $enabled = $rootCtx.Values.global.certManager.addIngressAnnotations -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and $certManager (kindIs "bool" $certManager.enabled) -}}
|
||||
{{- $enabled = $certManager.enabled -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $enabled -}}
|
||||
{{- if $certManager.enabled -}}
|
||||
{{- include "tc.v1.common.lib.ingress.integration.certManager.validate" (dict "objectData" $objectData) -}}
|
||||
|
||||
{{- $_ := set $objectData.annotations "cert-manager.io/cluster-issuer" "TODO:" -}}
|
||||
{{- $_ := set $objectData.annotations "cert-manager.io/cluster-issuer" $certManager.clusterIssuer -}}
|
||||
{{- $_ := set $objectData.annotations "cert-manager.io/private-key-rotation-policy" "Always" -}}
|
||||
|
||||
{{- end -}}
|
||||
@@ -27,7 +18,12 @@
|
||||
|
||||
{{- $certManager := $objectData.integrations.certManager -}}
|
||||
|
||||
{{- if $certManager -}}
|
||||
|
||||
{{- if not $certManager.clusterIssuer -}}
|
||||
{{- fail "Ingress - Expected a non-empty [integrations.certManager.clusterIssuer]" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not (kindIs "string" $certManager.clusterIssuer) -}}
|
||||
{{- fail (printf "Ingress - Expected [integrations.certManager.clusterIssuer] to be a [string], but got [%s]" (kindOf $certManager.clusterIssuer)) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
@@ -4,16 +4,7 @@
|
||||
|
||||
{{- $traefik := $objectData.integrations.traefik -}}
|
||||
|
||||
{{- $enabled := false -}}
|
||||
{{- if (hasKey $rootCtx.Values.global "traefik") -}}
|
||||
{{- $enabled = $rootCtx.Values.global.traefik.addIngressAnnotations -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and $traefik (kindIs "bool" $traefik.enabled) -}}
|
||||
{{- $enabled = $traefik.enabled -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $enabled -}}
|
||||
{{- if $traefik.enabled -}}
|
||||
{{- include "tc.v1.common.lib.ingress.integration.traefik.validate" (dict "objectData" $objectData) -}}
|
||||
|
||||
{{- $fixedMiddlewares := list -}}
|
||||
@@ -98,24 +89,22 @@
|
||||
|
||||
{{- $traefik := $objectData.integrations.traefik -}}
|
||||
|
||||
{{- if $traefik -}}
|
||||
{{- if $traefik.entrypoints -}}
|
||||
{{- if not (kindIs "slice" $traefik.entrypoints) -}}
|
||||
{{- fail (printf "Ingress - Expected [integrations.traefik.entrypoints] to be a [slice], but got [%s]" (kindOf $traefik.entrypoints)) -}}
|
||||
{{- end -}}
|
||||
{{- if $traefik.entrypoints -}}
|
||||
{{- if not (kindIs "slice" $traefik.entrypoints) -}}
|
||||
{{- fail (printf "Ingress - Expected [integrations.traefik.entrypoints] to be a [slice], but got [%s]" (kindOf $traefik.entrypoints)) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $traefik.middlewares -}}
|
||||
{{- if not (kindIs "slice" $traefik.middlewares) -}}
|
||||
{{- fail (printf "Ingress - Expected [integrations.traefik.middlewares] to be a [slice], but got [%s]" (kindOf $traefik.middlewares)) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $traefik.fixedMiddlewares -}}
|
||||
{{- if not (kindIs "slice" $traefik.fixedMiddlewares) -}}
|
||||
{{- fail (printf "Ingress - Expected [integrations.traefik.fixedMiddlewares] to be a [slice], but got [%s]" (kindOf $traefik.fixedMiddlewares)) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
{{- if $traefik.middlewares -}}
|
||||
{{- if not (kindIs "slice" $traefik.middlewares) -}}
|
||||
{{- fail (printf "Ingress - Expected [integrations.traefik.middlewares] to be a [slice], but got [%s]" (kindOf $traefik.middlewares)) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if $traefik.fixedMiddlewares -}}
|
||||
{{- if not (kindIs "slice" $traefik.fixedMiddlewares) -}}
|
||||
{{- fail (printf "Ingress - Expected [integrations.traefik.fixedMiddlewares] to be a [slice], but got [%s]" (kindOf $traefik.fixedMiddlewares)) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
|
||||
@@ -10,19 +10,14 @@ global:
|
||||
metallb:
|
||||
# -- Adds metalLB annotations to services
|
||||
addServiceAnnotations: true
|
||||
certManager:
|
||||
# -- Adds cert-manager annotations to ingresses
|
||||
addIngressAnnotations: true
|
||||
traefik:
|
||||
# -- Adds traefik annotations to services (when needed)
|
||||
addServiceAnnotations: true
|
||||
# -- Enable or disable traefik ingress integration, can be overruled per ingress
|
||||
addIngressAnnotations: true
|
||||
# Enables or disables the fixed middlewares on all ingresses
|
||||
# Can be overrided per ingress
|
||||
# Can be overruled per ingress
|
||||
enableFixedMiddlewares: true
|
||||
# Applies middleware to all ingresses
|
||||
# Can be overrided per ingress
|
||||
# Can be overruled per ingress
|
||||
fixedMiddlewares:
|
||||
- chain-basic
|
||||
# -- Minimum nodePort value
|
||||
|
||||
Reference in New Issue
Block a user