mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-05 06:46:23 -03:00
add unittests for pullsecrets
This commit is contained in:
@@ -0,0 +1,414 @@
|
||||
suite: image pull secrets test
|
||||
templates:
|
||||
- common.yaml
|
||||
tests:
|
||||
- it: should pass with default values
|
||||
documentIndex: &deploymentDoc 0
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 3
|
||||
- isKind:
|
||||
of: Deployment
|
||||
|
||||
- it: should fail without name in imagePullCredentials
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: <name> is required for Image Pull Secrets Credentials
|
||||
|
||||
- it: should fail without contents in imagePullCredentials
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: <contents> is not defined in Image Pull Secrets Credential (registry-creds)
|
||||
|
||||
- it: should fail without registry in imagePullCredentials
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: <registry> is not defined in Image Pull Secrets Credential (registry-creds)
|
||||
|
||||
- it: should fail without email in imagePullCredentials
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
username: some_name
|
||||
password: some_password
|
||||
registry: quay.io
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: <email> is not defined in Image Pull Secrets Credential (registry-creds)
|
||||
|
||||
- it: should fail without username in imagePullCredentials
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
password: some_password
|
||||
registry: quay.io
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: <username> is not defined in Image Pull Secrets Credential (registry-creds)
|
||||
|
||||
- it: should fail without password in imagePullCredentials
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
username: some_name
|
||||
registry: quay.io
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: <password> is not defined in Image Pull Secrets Credential (registry-creds)
|
||||
|
||||
- it: should fail with special characters in name in imagePullCredentials
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds!!!
|
||||
enabled: true
|
||||
contents:
|
||||
username: some_name
|
||||
registry: quay.io
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: <name> (registry-creds!!!) can only container this alphanumerical characters (- a-z A-Z 0-9)
|
||||
|
||||
- it: should pass with imagePullCredentials defined and super long name
|
||||
documentIndex: &secretDoc 0
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: thisNameIsSuperLong-1111111111111111111111111-ItsStillGoing22222222222222-SOMEMORE
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-thisnameissuperlong-111111111111111111
|
||||
|
||||
- it: should pass with imagePullCredentials defined (Secret)
|
||||
documentIndex: *secretDoc
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 4
|
||||
- isKind:
|
||||
of: Secret
|
||||
- isAPIVersion:
|
||||
of: v1
|
||||
- equal:
|
||||
path: type
|
||||
value: kubernetes.io/dockerconfigjson
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-registry-creds
|
||||
- isNotEmpty:
|
||||
path: data.\.dockerconfigjson
|
||||
- isNull:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app: common-test
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: common-test
|
||||
app.kubernetes.io/version: v1.0.0
|
||||
helm-revision: "0"
|
||||
helm.sh/chart: common-test-1.0.0
|
||||
release: RELEASE-NAME
|
||||
|
||||
- it: should pass with imagePullCredentials defined (Deployment)
|
||||
documentIndex: &deploymentDoc 1
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- isKind:
|
||||
of: Deployment
|
||||
- equal:
|
||||
path: spec.template.spec.imagePullSecrets
|
||||
value:
|
||||
- name: RELEASE-NAME-common-test-registry-creds
|
||||
|
||||
- it: should pass with multiple imagePullCredentials defined (Secret 1/2)
|
||||
documentIndex: *secretDoc
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
- name: registry-creds2
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io2
|
||||
username: some_name2
|
||||
password: some_password2
|
||||
email: someone@example.com2
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: Secret
|
||||
- isAPIVersion:
|
||||
of: v1
|
||||
- equal:
|
||||
path: type
|
||||
value: kubernetes.io/dockerconfigjson
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-registry-creds
|
||||
- isNotEmpty:
|
||||
path: data.\.dockerconfigjson
|
||||
- isNull:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app: common-test
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: common-test
|
||||
app.kubernetes.io/version: v1.0.0
|
||||
helm-revision: "0"
|
||||
helm.sh/chart: common-test-1.0.0
|
||||
release: RELEASE-NAME
|
||||
|
||||
- it: should pass with multiple imagePullCredentials defined (Secret 2/2)
|
||||
documentIndex: &secondSecretDoc 1
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
- name: registry-creds2
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io2
|
||||
username: some_name2
|
||||
password: some_password2
|
||||
email: someone@example.com2
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- isKind:
|
||||
of: Secret
|
||||
- isAPIVersion:
|
||||
of: v1
|
||||
- equal:
|
||||
path: type
|
||||
value: kubernetes.io/dockerconfigjson
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-registry-creds2
|
||||
- isNotEmpty:
|
||||
path: data.\.dockerconfigjson
|
||||
- isNull:
|
||||
path: metadata.annotations
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app: common-test
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: common-test
|
||||
app.kubernetes.io/version: v1.0.0
|
||||
helm-revision: "0"
|
||||
helm.sh/chart: common-test-1.0.0
|
||||
release: RELEASE-NAME
|
||||
|
||||
- it: should pass with imagePullCredentials defined (Deployment)
|
||||
documentIndex: &deploymentDoc 2
|
||||
set:
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
- name: registry-creds2
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io2
|
||||
username: some_name2
|
||||
password: some_password2
|
||||
email: someone@example.com2
|
||||
asserts:
|
||||
- isKind:
|
||||
of: Deployment
|
||||
- equal:
|
||||
path: spec.template.spec.imagePullSecrets
|
||||
value:
|
||||
- name: RELEASE-NAME-common-test-registry-creds
|
||||
- name: RELEASE-NAME-common-test-registry-creds2
|
||||
|
||||
- it: should pass with imagePullCredentials defined and global annotations
|
||||
documentIndex: *secretDoc
|
||||
set:
|
||||
global:
|
||||
annotations:
|
||||
key1: value1
|
||||
key2: value2
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-registry-creds
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
key1: value1
|
||||
key2: value2
|
||||
|
||||
- it: should pass with imagePullCredentials defined and global annotations from tpl
|
||||
documentIndex: *secretDoc
|
||||
set:
|
||||
k1: value1
|
||||
k2: value2
|
||||
global:
|
||||
annotations:
|
||||
key1: "{{ .Values.k1 }}"
|
||||
key2: "{{ .Values.k2 }}"
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-registry-creds
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
key1: value1
|
||||
key2: value2
|
||||
|
||||
- it: should pass with imagePullCredentials defined and global labels
|
||||
documentIndex: *secretDoc
|
||||
set:
|
||||
global:
|
||||
labels:
|
||||
key1: value1
|
||||
key2: value2
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-registry-creds
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app: common-test
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: common-test
|
||||
app.kubernetes.io/version: v1.0.0
|
||||
helm-revision: "0"
|
||||
helm.sh/chart: common-test-1.0.0
|
||||
release: RELEASE-NAME
|
||||
key1: value1
|
||||
key2: value2
|
||||
|
||||
- it: should pass with imagePullCredentials defined and global labels from tpl
|
||||
documentIndex: *secretDoc
|
||||
set:
|
||||
k1: value1
|
||||
k2: value2
|
||||
global:
|
||||
labels:
|
||||
key1: "{{ .Values.k1 }}"
|
||||
key2: "{{ .Values.k2 }}"
|
||||
imagePullCredentials:
|
||||
- name: registry-creds
|
||||
enabled: true
|
||||
contents:
|
||||
registry: quay.io
|
||||
username: some_name
|
||||
password: some_password
|
||||
email: someone@example.com
|
||||
asserts:
|
||||
- equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-common-test-registry-creds
|
||||
- equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app: common-test
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: common-test
|
||||
app.kubernetes.io/version: v1.0.0
|
||||
helm-revision: "0"
|
||||
helm.sh/chart: common-test-1.0.0
|
||||
release: RELEASE-NAME
|
||||
key1: value1
|
||||
key2: value2
|
||||
@@ -6,30 +6,37 @@
|
||||
{{- fail "<name> is required for Image Pull Secrets Credentials" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $secretName := include "ix.v1.common.imagePullSecrets.name" (dict "root" $ "name" $imgPullCreds.name) -}}
|
||||
{{- if not (mustRegexMatch "^[a-zA-Z0-9-]*$" $imgPullCreds.name) -}}
|
||||
{{- fail (printf "<name> (%s) can only container this alphanumerical characters (- a-z A-Z 0-9)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $secretName := include "ix.v1.common.imagePullSecrets.name" (dict "root" $root "name" $imgPullCreds.name) -}}
|
||||
{{- $registrySecret := dict -}}
|
||||
{{- with $imgPullCreds.contents -}}
|
||||
|
||||
{{- if not .username -}}
|
||||
{{- fail (printf "<username> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
{{- if not .password -}}
|
||||
{{- fail (printf "<password> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
{{- if not .registry -}}
|
||||
{{- fail (printf "<registry> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
{{- if not .email -}}
|
||||
{{- fail (printf "<email> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
{{- if not $imgPullCreds.contents -}}
|
||||
{{- fail (printf "<contents> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Auth is b64encoded and then the whole secret is b64encoded */}}
|
||||
{{- $auth := printf "%s:%s" .username .password | b64enc -}}
|
||||
{{- $registry := (dict "username" .username "password" .password "email" .email "auth" $auth) -}}
|
||||
{{- with $imgPullCreds.contents -}}
|
||||
{{- if not .username -}}
|
||||
{{- fail (printf "<username> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
{{- if not .password -}}
|
||||
{{- fail (printf "<password> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
{{- if not .registry -}}
|
||||
{{- fail (printf "<registry> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
{{- if not .email -}}
|
||||
{{- fail (printf "<email> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $_ := set $registrySecret "auths" dict -}}
|
||||
{{- $_ := set $registrySecret.auths (printf "%s" .registry) $registry }}
|
||||
{{/* Auth is b64encoded and then the whole secret is b64encoded */}}
|
||||
{{- $auth := printf "%s:%s" .username .password | b64enc -}}
|
||||
{{- $registry := (dict "username" .username "password" .password "email" .email "auth" $auth) -}}
|
||||
|
||||
{{- $_ := set $registrySecret "auths" dict -}}
|
||||
{{- $_ := set $registrySecret.auths (printf "%s" .registry) $registry }}
|
||||
---
|
||||
apiVersion: {{ include "ix.v1.common.capabilities.secret.apiVersion" $root }}
|
||||
kind: Secret
|
||||
|
||||
@@ -54,7 +54,7 @@ spec:
|
||||
- {{ $accessMode }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ $size }}
|
||||
storage: {{ $size }} {{/* TODO: Check for previous size with lookup and check if it's lower */}}
|
||||
{{- with $pvcValues.volumeName }}
|
||||
volumeName: {{ tpl . $root | quote }}
|
||||
{{- end -}}
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
{{- $name := .name -}}
|
||||
{{- $root := .root -}}
|
||||
|
||||
{{- $credsName := $name | replace " " "-" | lower -}}
|
||||
{{- $credsName := $name | lower -}}
|
||||
{{- $secretName := printf "%v-%v" (include "ix.v1.common.names.fullname" $root) $credsName | trunc 63 -}}
|
||||
{{- $secretName -}}
|
||||
{{- end -}}
|
||||
|
||||
Reference in New Issue
Block a user