add unittests for pullsecrets

This commit is contained in:
Stavros kois
2022-12-16 17:46:59 +02:00
parent 2a2e5afd70
commit 76da929b69
4 changed files with 442 additions and 21 deletions

View File

@@ -0,0 +1,414 @@
suite: image pull secrets test
templates:
- common.yaml
tests:
- it: should pass with default values
documentIndex: &deploymentDoc 0
asserts:
- hasDocuments:
count: 3
- isKind:
of: Deployment
- it: should fail without name in imagePullCredentials
set:
imagePullCredentials:
- enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
asserts:
- failedTemplate:
errorMessage: <name> is required for Image Pull Secrets Credentials
- it: should fail without contents in imagePullCredentials
set:
imagePullCredentials:
- name: registry-creds
enabled: true
asserts:
- failedTemplate:
errorMessage: <contents> is not defined in Image Pull Secrets Credential (registry-creds)
- it: should fail without registry in imagePullCredentials
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
username: some_name
password: some_password
email: someone@example.com
asserts:
- failedTemplate:
errorMessage: <registry> is not defined in Image Pull Secrets Credential (registry-creds)
- it: should fail without email in imagePullCredentials
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
username: some_name
password: some_password
registry: quay.io
asserts:
- failedTemplate:
errorMessage: <email> is not defined in Image Pull Secrets Credential (registry-creds)
- it: should fail without username in imagePullCredentials
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
password: some_password
registry: quay.io
email: someone@example.com
asserts:
- failedTemplate:
errorMessage: <username> is not defined in Image Pull Secrets Credential (registry-creds)
- it: should fail without password in imagePullCredentials
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
username: some_name
registry: quay.io
email: someone@example.com
asserts:
- failedTemplate:
errorMessage: <password> is not defined in Image Pull Secrets Credential (registry-creds)
- it: should fail with special characters in name in imagePullCredentials
set:
imagePullCredentials:
- name: registry-creds!!!
enabled: true
contents:
username: some_name
registry: quay.io
email: someone@example.com
asserts:
- failedTemplate:
errorMessage: <name> (registry-creds!!!) can only container this alphanumerical characters (- a-z A-Z 0-9)
- it: should pass with imagePullCredentials defined and super long name
documentIndex: &secretDoc 0
set:
imagePullCredentials:
- name: thisNameIsSuperLong-1111111111111111111111111-ItsStillGoing22222222222222-SOMEMORE
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
asserts:
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-thisnameissuperlong-111111111111111111
- it: should pass with imagePullCredentials defined (Secret)
documentIndex: *secretDoc
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
asserts:
- hasDocuments:
count: 4
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/dockerconfigjson
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-registry-creds
- isNotEmpty:
path: data.\.dockerconfigjson
- isNull:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app: common-test
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: common-test
app.kubernetes.io/version: v1.0.0
helm-revision: "0"
helm.sh/chart: common-test-1.0.0
release: RELEASE-NAME
- it: should pass with imagePullCredentials defined (Deployment)
documentIndex: &deploymentDoc 1
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
asserts:
- isKind:
of: Deployment
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: RELEASE-NAME-common-test-registry-creds
- it: should pass with multiple imagePullCredentials defined (Secret 1/2)
documentIndex: *secretDoc
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
- name: registry-creds2
enabled: true
contents:
registry: quay.io2
username: some_name2
password: some_password2
email: someone@example.com2
asserts:
- hasDocuments:
count: 5
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/dockerconfigjson
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-registry-creds
- isNotEmpty:
path: data.\.dockerconfigjson
- isNull:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app: common-test
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: common-test
app.kubernetes.io/version: v1.0.0
helm-revision: "0"
helm.sh/chart: common-test-1.0.0
release: RELEASE-NAME
- it: should pass with multiple imagePullCredentials defined (Secret 2/2)
documentIndex: &secondSecretDoc 1
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
- name: registry-creds2
enabled: true
contents:
registry: quay.io2
username: some_name2
password: some_password2
email: someone@example.com2
asserts:
- hasDocuments:
count: 5
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/dockerconfigjson
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-registry-creds2
- isNotEmpty:
path: data.\.dockerconfigjson
- isNull:
path: metadata.annotations
- equal:
path: metadata.labels
value:
app: common-test
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: common-test
app.kubernetes.io/version: v1.0.0
helm-revision: "0"
helm.sh/chart: common-test-1.0.0
release: RELEASE-NAME
- it: should pass with imagePullCredentials defined (Deployment)
documentIndex: &deploymentDoc 2
set:
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
- name: registry-creds2
enabled: true
contents:
registry: quay.io2
username: some_name2
password: some_password2
email: someone@example.com2
asserts:
- isKind:
of: Deployment
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: RELEASE-NAME-common-test-registry-creds
- name: RELEASE-NAME-common-test-registry-creds2
- it: should pass with imagePullCredentials defined and global annotations
documentIndex: *secretDoc
set:
global:
annotations:
key1: value1
key2: value2
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
asserts:
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-registry-creds
- equal:
path: metadata.annotations
value:
key1: value1
key2: value2
- it: should pass with imagePullCredentials defined and global annotations from tpl
documentIndex: *secretDoc
set:
k1: value1
k2: value2
global:
annotations:
key1: "{{ .Values.k1 }}"
key2: "{{ .Values.k2 }}"
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
asserts:
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-registry-creds
- equal:
path: metadata.annotations
value:
key1: value1
key2: value2
- it: should pass with imagePullCredentials defined and global labels
documentIndex: *secretDoc
set:
global:
labels:
key1: value1
key2: value2
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
asserts:
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-registry-creds
- equal:
path: metadata.labels
value:
app: common-test
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: common-test
app.kubernetes.io/version: v1.0.0
helm-revision: "0"
helm.sh/chart: common-test-1.0.0
release: RELEASE-NAME
key1: value1
key2: value2
- it: should pass with imagePullCredentials defined and global labels from tpl
documentIndex: *secretDoc
set:
k1: value1
k2: value2
global:
labels:
key1: "{{ .Values.k1 }}"
key2: "{{ .Values.k2 }}"
imagePullCredentials:
- name: registry-creds
enabled: true
contents:
registry: quay.io
username: some_name
password: some_password
email: someone@example.com
asserts:
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-registry-creds
- equal:
path: metadata.labels
value:
app: common-test
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: common-test
app.kubernetes.io/version: v1.0.0
helm-revision: "0"
helm.sh/chart: common-test-1.0.0
release: RELEASE-NAME
key1: value1
key2: value2

View File

@@ -6,30 +6,37 @@
{{- fail "<name> is required for Image Pull Secrets Credentials" -}}
{{- end -}}
{{- $secretName := include "ix.v1.common.imagePullSecrets.name" (dict "root" $ "name" $imgPullCreds.name) -}}
{{- if not (mustRegexMatch "^[a-zA-Z0-9-]*$" $imgPullCreds.name) -}}
{{- fail (printf "<name> (%s) can only container this alphanumerical characters (- a-z A-Z 0-9)" $imgPullCreds.name) -}}
{{- end -}}
{{- $secretName := include "ix.v1.common.imagePullSecrets.name" (dict "root" $root "name" $imgPullCreds.name) -}}
{{- $registrySecret := dict -}}
{{- with $imgPullCreds.contents -}}
{{- if not .username -}}
{{- fail (printf "<username> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{- if not .password -}}
{{- fail (printf "<password> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{- if not .registry -}}
{{- fail (printf "<registry> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{- if not .email -}}
{{- fail (printf "<email> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{- if not $imgPullCreds.contents -}}
{{- fail (printf "<contents> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{/* Auth is b64encoded and then the whole secret is b64encoded */}}
{{- $auth := printf "%s:%s" .username .password | b64enc -}}
{{- $registry := (dict "username" .username "password" .password "email" .email "auth" $auth) -}}
{{- with $imgPullCreds.contents -}}
{{- if not .username -}}
{{- fail (printf "<username> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{- if not .password -}}
{{- fail (printf "<password> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{- if not .registry -}}
{{- fail (printf "<registry> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{- if not .email -}}
{{- fail (printf "<email> is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}}
{{- end -}}
{{- $_ := set $registrySecret "auths" dict -}}
{{- $_ := set $registrySecret.auths (printf "%s" .registry) $registry }}
{{/* Auth is b64encoded and then the whole secret is b64encoded */}}
{{- $auth := printf "%s:%s" .username .password | b64enc -}}
{{- $registry := (dict "username" .username "password" .password "email" .email "auth" $auth) -}}
{{- $_ := set $registrySecret "auths" dict -}}
{{- $_ := set $registrySecret.auths (printf "%s" .registry) $registry }}
---
apiVersion: {{ include "ix.v1.common.capabilities.secret.apiVersion" $root }}
kind: Secret

View File

@@ -54,7 +54,7 @@ spec:
- {{ $accessMode }}
resources:
requests:
storage: {{ $size }}
storage: {{ $size }} {{/* TODO: Check for previous size with lookup and check if it's lower */}}
{{- with $pvcValues.volumeName }}
volumeName: {{ tpl . $root | quote }}
{{- end -}}

View File

@@ -11,7 +11,7 @@
{{- $name := .name -}}
{{- $root := .root -}}
{{- $credsName := $name | replace " " "-" | lower -}}
{{- $credsName := $name | lower -}}
{{- $secretName := printf "%v-%v" (include "ix.v1.common.names.fullname" $root) $credsName | trunc 63 -}}
{{- $secretName -}}
{{- end -}}