more validation

This commit is contained in:
Stavros kois
2023-12-07 19:08:07 +02:00
parent 158ee0dcb4
commit 6a8c06e727
3 changed files with 49 additions and 7 deletions

View File

@@ -570,3 +570,21 @@ tests:
asserts:
- failedTemplate:
errorMessage: Ingress - Expected entry in [tls.hosts] to not contain [:], but got [test-host:123]
- it: should fail if more than 1 cert option is set under tls
set:
operator: *operator
service: *service
ingress:
my-ingress:
enabled: true
primary: true
hosts: *hosts
tls:
- hosts:
- test-host
secretName: test-secret
scaleCert: "1"
asserts:
- failedTemplate:
errorMessage: Ingress - Expected only one of [secretName, scaleCert] to be set, but got [secretName, scaleCert]

View File

@@ -63,18 +63,28 @@ spec:
{{- end -}}
{{- end -}}
{{/* If a clusterIssuer is defined in the whole ingress, use that */}}
{{- if and $objectData.integrations.certManager $objectData.integrations.certManager.enabled -}}
{{- $clusterIssuer := $objectData.integrations.certManager.clusterIssuer }}
{{- if and $objectData.integrations.certManager $objectData.integrations.certManager.enabled }}
tls:
{{- range $h := $objectData.hosts }}
- secretName: TODO:!!!
{{- range $idx, $h := $objectData.hosts }}
- secretName: {{ printf "%s-tls-%d" $objectData.name ($idx | int) }}
hosts:
- {{ tpl $h.host $rootCtx }}
{{- end -}}
{{- else if $objectData.tls }} {{/* If a tls is defined in the tls section, use that */}}
{{/* else if a tls section is defined use the configuration from there */}}
{{- else if $objectData.tls }}
tls:
{{- range $t := $objectData.tls -}}
- secretName: TODO:!!!
{{- range $idx, $t := $objectData.tls -}}
{{- $secretName := "" -}}
{{- if $t.secretName -}}
{{- $secretName = tpl $t.secretName $rootCtx -}}
{{- else if $t.scaleCert -}}
{{- if not $rootCtx.global.ixChartContext -}}
{{- fail "Ingress - [tls.scalecert] can only be used in TrueNAS SCALE" -}}
{{- end -}}{{/* TODO: Check the naming */}}
{{- $secretName = printf "%s-tls-%d" $objectData.name ($idx | int) -}}
{{/* TODO: old ing had both certificateIssuer and clusterCertificate here ?! */}}
{{- end }}
- secretName: {{ $secretName }}
hosts:
{{- range $h := $t.hosts }}
- {{ tpl $h $rootCtx }}

View File

@@ -120,6 +120,20 @@ objectData:
{{- fail (printf "Ingress - Expected entry in [tls.hosts] to not contain [:], but got [%s]" $host) -}}
{{- end -}}
{{- end -}}
{{/* TODO: Add the rest of the options?! */}}
{{- $certOptions := (list "scaleCert" "secretName") -}}
{{- $optsSet := list -}}
{{- range $opt := $certOptions -}}
{{- if (get $t $opt) -}}
{{- $optsSet = mustAppend $optsSet $opt -}}
{{- end -}}
{{- end -}}
{{- if gt ($optsSet | len) 1 -}}
{{- fail (printf "Ingress - Expected only one of [%s] to be set, but got [%s]" (join ", " $certOptions) (join ", " $optsSet)) -}}
{{- end -}}
{{- end -}}
{{- end -}}