From 4d1508b56950ee04483012b6ccd24d40a97eae59 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Wed, 6 Dec 2023 23:16:36 +0200 Subject: [PATCH] certmanager tests --- .../tests/ingress/cert_manager_test.yaml | 93 +++++++++++++++++++ .../tests/ingress/homepage_test.yaml | 5 - .../tests/ingress/metadata_test.yaml | 4 - .../tests/ingress/traefik_test.yaml | 80 +--------------- .../lib/ingress/integrations/_certManager.tpl | 22 ++--- .../lib/ingress/integrations/_traefik.tpl | 45 ++++----- library/common/values.yaml | 9 +- 7 files changed, 125 insertions(+), 133 deletions(-) create mode 100644 library/common-test/tests/ingress/cert_manager_test.yaml diff --git a/library/common-test/tests/ingress/cert_manager_test.yaml b/library/common-test/tests/ingress/cert_manager_test.yaml new file mode 100644 index 00000000..465f3bc6 --- /dev/null +++ b/library/common-test/tests/ingress/cert_manager_test.yaml @@ -0,0 +1,93 @@ +suite: ingress - cert manager metadata test +templates: + - common.yaml +chart: + appVersion: &appVer v9.9.9 +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should pass with ingress created with annotations from cert manager + set: + operator: &operator + verify: + enabled: false + ingress: + my-ingress: + enabled: true + primary: true + integrations: + certManager: + enabled: true + clusterIssuer: some-issuer + asserts: + - documentIndex: &ingressDoc 0 + isKind: + of: Ingress + - documentIndex: *ingressDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *ingressDoc + equal: + path: metadata.annotations + value: + cert-manager.io/cluster-issuer: some-issuer + cert-manager.io/private-key-rotation-policy: Always + - documentIndex: *ingressDoc + equal: + path: metadata.namespace + value: test-release-namespace + + - it: should pass with ingress created without cert manager annotations when cert manager false + set: + operator: *operator + ingress: + my-ingress: + enabled: true + primary: true + integrations: + certManager: + enabled: false + asserts: + - documentIndex: *ingressDoc + isKind: + of: Ingress + - documentIndex: *ingressDoc + equal: + path: metadata.name + value: test-release-name-common-test + - documentIndex: *ingressDoc + isNull: + path: metadata.annotations + + # Failures + - it: should fail with missing clusterIssuer + set: + operator: *operator + ingress: + my-ingress1: + enabled: true + primary: true + integrations: + certManager: + enabled: true + asserts: + - failedTemplate: + errorMessage: Ingress - Expected a non-empty [integrations.certManager.clusterIssuer] + + - it: should fail with clusterIssuer not a string + set: + operator: *operator + ingress: + my-ingress1: + enabled: true + primary: true + integrations: + certManager: + enabled: true + clusterIssuer: + - some-issuer + asserts: + - failedTemplate: + errorMessage: Ingress - Expected [integrations.certManager.clusterIssuer] to be a [string], but got [slice] diff --git a/library/common-test/tests/ingress/homepage_test.yaml b/library/common-test/tests/ingress/homepage_test.yaml index 6746d4aa..674d4d53 100644 --- a/library/common-test/tests/ingress/homepage_test.yaml +++ b/library/common-test/tests/ingress/homepage_test.yaml @@ -18,11 +18,6 @@ tests: operator: &operator verify: enabled: false - global: - traefik: - addIngressAnnotations: false - certManager: - addIngressAnnotations: false ingress: my-ingress1: enabled: true diff --git a/library/common-test/tests/ingress/metadata_test.yaml b/library/common-test/tests/ingress/metadata_test.yaml index 4e156665..d46113be 100644 --- a/library/common-test/tests/ingress/metadata_test.yaml +++ b/library/common-test/tests/ingress/metadata_test.yaml @@ -14,10 +14,6 @@ tests: annotation1: annotation1 annotation2: global_annotation2 global: - traefik: - addIngressAnnotations: false - certManager: - addIngressAnnotations: false labels: g_label1: global_label1 g_label2: "{{ .Values.label2 }}" diff --git a/library/common-test/tests/ingress/traefik_test.yaml b/library/common-test/tests/ingress/traefik_test.yaml index a85d188b..20613462 100644 --- a/library/common-test/tests/ingress/traefik_test.yaml +++ b/library/common-test/tests/ingress/traefik_test.yaml @@ -7,7 +7,7 @@ release: name: test-release-name namespace: test-release-namespace tests: - - it: should pass with ingress created with annotations from traefik by default + - it: should pass with ingress created with annotations from traefik set: operator: &operator verify: @@ -16,6 +16,9 @@ tests: my-ingress: enabled: true primary: true + integrations: + traefik: + enabled: true asserts: - documentIndex: &ingressDoc 0 isKind: @@ -340,81 +343,6 @@ tests: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: chain-basic-tc-system@kubernetescrd,some-middleware-tc-system@kubernetescrd,some-other-middleware-tc-system@kubernetescrd - - it: should disable traefik annotations in ingress - set: - operator: *operator - global: - traefik: - addIngressAnnotations: false - ingress: - my-ingress: - enabled: true - primary: true - asserts: - - documentIndex: *ingressDoc - isKind: - of: Ingress - - documentIndex: *ingressDoc - equal: - path: metadata.name - value: test-release-name-common-test - - documentIndex: *ingressDoc - isNull: - path: metadata.annotations - - - it: should override global disable for traefik annotations in ingress - set: - operator: *operator - global: - traefik: - addIngressAnnotations: false - ingress: - my-ingress: - enabled: true - primary: true - integrations: - traefik: - enabled: true - asserts: - - documentIndex: *ingressDoc - isKind: - of: Ingress - - documentIndex: *ingressDoc - equal: - path: metadata.name - value: test-release-name-common-test - - documentIndex: *ingressDoc - equal: - path: metadata.annotations - value: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: chain-basic-tc-system@kubernetescrd - - - it: should override global disable for traefik annotations in ingress - set: - operator: *operator - global: - traefik: - addIngressAnnotations: true - ingress: - my-ingress: - enabled: true - primary: true - integrations: - traefik: - enabled: false - asserts: - - documentIndex: *ingressDoc - isKind: - of: Ingress - - documentIndex: *ingressDoc - equal: - path: metadata.name - value: test-release-name-common-test - - documentIndex: *ingressDoc - isNull: - path: metadata.annotations - # Failures - it: should fail with entrypoint not a slice set: diff --git a/library/common/templates/lib/ingress/integrations/_certManager.tpl b/library/common/templates/lib/ingress/integrations/_certManager.tpl index 0196d9be..5f10e56f 100644 --- a/library/common/templates/lib/ingress/integrations/_certManager.tpl +++ b/library/common/templates/lib/ingress/integrations/_certManager.tpl @@ -4,19 +4,10 @@ {{- $certManager := $objectData.integrations.certManager -}} - {{- $enabled := false -}} - {{- if (hasKey $rootCtx.Values.global "certManager") -}} - {{- $enabled = $rootCtx.Values.global.certManager.addIngressAnnotations -}} - {{- end -}} - - {{- if and $certManager (kindIs "bool" $certManager.enabled) -}} - {{- $enabled = $certManager.enabled -}} - {{- end -}} - - {{- if $enabled -}} + {{- if $certManager.enabled -}} {{- include "tc.v1.common.lib.ingress.integration.certManager.validate" (dict "objectData" $objectData) -}} - {{- $_ := set $objectData.annotations "cert-manager.io/cluster-issuer" "TODO:" -}} + {{- $_ := set $objectData.annotations "cert-manager.io/cluster-issuer" $certManager.clusterIssuer -}} {{- $_ := set $objectData.annotations "cert-manager.io/private-key-rotation-policy" "Always" -}} {{- end -}} @@ -27,7 +18,12 @@ {{- $certManager := $objectData.integrations.certManager -}} - {{- if $certManager -}} - + {{- if not $certManager.clusterIssuer -}} + {{- fail "Ingress - Expected a non-empty [integrations.certManager.clusterIssuer]" -}} {{- end -}} + + {{- if not (kindIs "string" $certManager.clusterIssuer) -}} + {{- fail (printf "Ingress - Expected [integrations.certManager.clusterIssuer] to be a [string], but got [%s]" (kindOf $certManager.clusterIssuer)) -}} + {{- end -}} + {{- end -}} diff --git a/library/common/templates/lib/ingress/integrations/_traefik.tpl b/library/common/templates/lib/ingress/integrations/_traefik.tpl index d40d9e0d..4043ee05 100644 --- a/library/common/templates/lib/ingress/integrations/_traefik.tpl +++ b/library/common/templates/lib/ingress/integrations/_traefik.tpl @@ -4,16 +4,7 @@ {{- $traefik := $objectData.integrations.traefik -}} - {{- $enabled := false -}} - {{- if (hasKey $rootCtx.Values.global "traefik") -}} - {{- $enabled = $rootCtx.Values.global.traefik.addIngressAnnotations -}} - {{- end -}} - - {{- if and $traefik (kindIs "bool" $traefik.enabled) -}} - {{- $enabled = $traefik.enabled -}} - {{- end -}} - - {{- if $enabled -}} + {{- if $traefik.enabled -}} {{- include "tc.v1.common.lib.ingress.integration.traefik.validate" (dict "objectData" $objectData) -}} {{- $fixedMiddlewares := list -}} @@ -98,24 +89,22 @@ {{- $traefik := $objectData.integrations.traefik -}} - {{- if $traefik -}} - {{- if $traefik.entrypoints -}} - {{- if not (kindIs "slice" $traefik.entrypoints) -}} - {{- fail (printf "Ingress - Expected [integrations.traefik.entrypoints] to be a [slice], but got [%s]" (kindOf $traefik.entrypoints)) -}} - {{- end -}} + {{- if $traefik.entrypoints -}} + {{- if not (kindIs "slice" $traefik.entrypoints) -}} + {{- fail (printf "Ingress - Expected [integrations.traefik.entrypoints] to be a [slice], but got [%s]" (kindOf $traefik.entrypoints)) -}} {{- end -}} - - {{- if $traefik.middlewares -}} - {{- if not (kindIs "slice" $traefik.middlewares) -}} - {{- fail (printf "Ingress - Expected [integrations.traefik.middlewares] to be a [slice], but got [%s]" (kindOf $traefik.middlewares)) -}} - {{- end -}} - {{- end -}} - - {{- if $traefik.fixedMiddlewares -}} - {{- if not (kindIs "slice" $traefik.fixedMiddlewares) -}} - {{- fail (printf "Ingress - Expected [integrations.traefik.fixedMiddlewares] to be a [slice], but got [%s]" (kindOf $traefik.fixedMiddlewares)) -}} - {{- end -}} - {{- end -}} - {{- end -}} + + {{- if $traefik.middlewares -}} + {{- if not (kindIs "slice" $traefik.middlewares) -}} + {{- fail (printf "Ingress - Expected [integrations.traefik.middlewares] to be a [slice], but got [%s]" (kindOf $traefik.middlewares)) -}} + {{- end -}} + {{- end -}} + + {{- if $traefik.fixedMiddlewares -}} + {{- if not (kindIs "slice" $traefik.fixedMiddlewares) -}} + {{- fail (printf "Ingress - Expected [integrations.traefik.fixedMiddlewares] to be a [slice], but got [%s]" (kindOf $traefik.fixedMiddlewares)) -}} + {{- end -}} + {{- end -}} + {{- end -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index 641de6f8..d613ac71 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -10,19 +10,14 @@ global: metallb: # -- Adds metalLB annotations to services addServiceAnnotations: true - certManager: - # -- Adds cert-manager annotations to ingresses - addIngressAnnotations: true traefik: # -- Adds traefik annotations to services (when needed) addServiceAnnotations: true - # -- Enable or disable traefik ingress integration, can be overruled per ingress - addIngressAnnotations: true # Enables or disables the fixed middlewares on all ingresses - # Can be overrided per ingress + # Can be overruled per ingress enableFixedMiddlewares: true # Applies middleware to all ingresses - # Can be overrided per ingress + # Can be overruled per ingress fixedMiddlewares: - chain-basic # -- Minimum nodePort value