From 76da929b691f9af05059eb66f4ec790cd4f45488 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Fri, 16 Dec 2022 17:46:59 +0200 Subject: [PATCH] add unittests for pullsecrets --- .../image_pull_secrets_test.yaml | 414 ++++++++++++++++++ .../templates/class/_imagePullSecrets.tpl | 45 +- library/common/1.0.0/templates/class/_pvc.tpl | 2 +- .../templates/lib/pod/_imagePullSecrets.tpl | 2 +- 4 files changed, 442 insertions(+), 21 deletions(-) create mode 100644 library/common-test/tests/image_pull_secrets/image_pull_secrets_test.yaml diff --git a/library/common-test/tests/image_pull_secrets/image_pull_secrets_test.yaml b/library/common-test/tests/image_pull_secrets/image_pull_secrets_test.yaml new file mode 100644 index 00000000..8b442d0a --- /dev/null +++ b/library/common-test/tests/image_pull_secrets/image_pull_secrets_test.yaml @@ -0,0 +1,414 @@ +suite: image pull secrets test +templates: + - common.yaml +tests: + - it: should pass with default values + documentIndex: &deploymentDoc 0 + asserts: + - hasDocuments: + count: 3 + - isKind: + of: Deployment + + - it: should fail without name in imagePullCredentials + set: + imagePullCredentials: + - enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: is required for Image Pull Secrets Credentials + + - it: should fail without contents in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail without registry in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + username: some_name + password: some_password + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail without email in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + username: some_name + password: some_password + registry: quay.io + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail without username in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + password: some_password + registry: quay.io + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail without password in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + username: some_name + registry: quay.io + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: is not defined in Image Pull Secrets Credential (registry-creds) + + - it: should fail with special characters in name in imagePullCredentials + set: + imagePullCredentials: + - name: registry-creds!!! + enabled: true + contents: + username: some_name + registry: quay.io + email: someone@example.com + asserts: + - failedTemplate: + errorMessage: (registry-creds!!!) can only container this alphanumerical characters (- a-z A-Z 0-9) + + - it: should pass with imagePullCredentials defined and super long name + documentIndex: &secretDoc 0 + set: + imagePullCredentials: + - name: thisNameIsSuperLong-1111111111111111111111111-ItsStillGoing22222222222222-SOMEMORE + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-thisnameissuperlong-111111111111111111 + + - it: should pass with imagePullCredentials defined (Secret) + documentIndex: *secretDoc + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - hasDocuments: + count: 4 + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/dockerconfigjson + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - isNotEmpty: + path: data.\.dockerconfigjson + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: v1.0.0 + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with imagePullCredentials defined (Deployment) + documentIndex: &deploymentDoc 1 + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - isKind: + of: Deployment + - equal: + path: spec.template.spec.imagePullSecrets + value: + - name: RELEASE-NAME-common-test-registry-creds + + - it: should pass with multiple imagePullCredentials defined (Secret 1/2) + documentIndex: *secretDoc + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + - name: registry-creds2 + enabled: true + contents: + registry: quay.io2 + username: some_name2 + password: some_password2 + email: someone@example.com2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/dockerconfigjson + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - isNotEmpty: + path: data.\.dockerconfigjson + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: v1.0.0 + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with multiple imagePullCredentials defined (Secret 2/2) + documentIndex: &secondSecretDoc 1 + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + - name: registry-creds2 + enabled: true + contents: + registry: quay.io2 + username: some_name2 + password: some_password2 + email: someone@example.com2 + asserts: + - hasDocuments: + count: 5 + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/dockerconfigjson + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds2 + - isNotEmpty: + path: data.\.dockerconfigjson + - isNull: + path: metadata.annotations + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: v1.0.0 + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + + - it: should pass with imagePullCredentials defined (Deployment) + documentIndex: &deploymentDoc 2 + set: + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + - name: registry-creds2 + enabled: true + contents: + registry: quay.io2 + username: some_name2 + password: some_password2 + email: someone@example.com2 + asserts: + - isKind: + of: Deployment + - equal: + path: spec.template.spec.imagePullSecrets + value: + - name: RELEASE-NAME-common-test-registry-creds + - name: RELEASE-NAME-common-test-registry-creds2 + + - it: should pass with imagePullCredentials defined and global annotations + documentIndex: *secretDoc + set: + global: + annotations: + key1: value1 + key2: value2 + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + + - it: should pass with imagePullCredentials defined and global annotations from tpl + documentIndex: *secretDoc + set: + k1: value1 + k2: value2 + global: + annotations: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - equal: + path: metadata.annotations + value: + key1: value1 + key2: value2 + + - it: should pass with imagePullCredentials defined and global labels + documentIndex: *secretDoc + set: + global: + labels: + key1: value1 + key2: value2 + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: v1.0.0 + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key1: value1 + key2: value2 + + - it: should pass with imagePullCredentials defined and global labels from tpl + documentIndex: *secretDoc + set: + k1: value1 + k2: value2 + global: + labels: + key1: "{{ .Values.k1 }}" + key2: "{{ .Values.k2 }}" + imagePullCredentials: + - name: registry-creds + enabled: true + contents: + registry: quay.io + username: some_name + password: some_password + email: someone@example.com + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-registry-creds + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: v1.0.0 + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + key1: value1 + key2: value2 diff --git a/library/common/1.0.0/templates/class/_imagePullSecrets.tpl b/library/common/1.0.0/templates/class/_imagePullSecrets.tpl index c72c4c15..69190df4 100644 --- a/library/common/1.0.0/templates/class/_imagePullSecrets.tpl +++ b/library/common/1.0.0/templates/class/_imagePullSecrets.tpl @@ -6,30 +6,37 @@ {{- fail " is required for Image Pull Secrets Credentials" -}} {{- end -}} - {{- $secretName := include "ix.v1.common.imagePullSecrets.name" (dict "root" $ "name" $imgPullCreds.name) -}} + {{- if not (mustRegexMatch "^[a-zA-Z0-9-]*$" $imgPullCreds.name) -}} + {{- fail (printf " (%s) can only container this alphanumerical characters (- a-z A-Z 0-9)" $imgPullCreds.name) -}} + {{- end -}} + {{- $secretName := include "ix.v1.common.imagePullSecrets.name" (dict "root" $root "name" $imgPullCreds.name) -}} {{- $registrySecret := dict -}} - {{- with $imgPullCreds.contents -}} - {{- if not .username -}} - {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} - {{- end -}} - {{- if not .password -}} - {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} - {{- end -}} - {{- if not .registry -}} - {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} - {{- end -}} - {{- if not .email -}} - {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} - {{- end -}} + {{- if not $imgPullCreds.contents -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} - {{/* Auth is b64encoded and then the whole secret is b64encoded */}} - {{- $auth := printf "%s:%s" .username .password | b64enc -}} - {{- $registry := (dict "username" .username "password" .password "email" .email "auth" $auth) -}} + {{- with $imgPullCreds.contents -}} + {{- if not .username -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} + {{- if not .password -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} + {{- if not .registry -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} + {{- if not .email -}} + {{- fail (printf " is not defined in Image Pull Secrets Credential (%s)" $imgPullCreds.name) -}} + {{- end -}} - {{- $_ := set $registrySecret "auths" dict -}} - {{- $_ := set $registrySecret.auths (printf "%s" .registry) $registry }} + {{/* Auth is b64encoded and then the whole secret is b64encoded */}} + {{- $auth := printf "%s:%s" .username .password | b64enc -}} + {{- $registry := (dict "username" .username "password" .password "email" .email "auth" $auth) -}} + + {{- $_ := set $registrySecret "auths" dict -}} + {{- $_ := set $registrySecret.auths (printf "%s" .registry) $registry }} --- apiVersion: {{ include "ix.v1.common.capabilities.secret.apiVersion" $root }} kind: Secret diff --git a/library/common/1.0.0/templates/class/_pvc.tpl b/library/common/1.0.0/templates/class/_pvc.tpl index c6e14601..af57d855 100644 --- a/library/common/1.0.0/templates/class/_pvc.tpl +++ b/library/common/1.0.0/templates/class/_pvc.tpl @@ -54,7 +54,7 @@ spec: - {{ $accessMode }} resources: requests: - storage: {{ $size }} + storage: {{ $size }} {{/* TODO: Check for previous size with lookup and check if it's lower */}} {{- with $pvcValues.volumeName }} volumeName: {{ tpl . $root | quote }} {{- end -}} diff --git a/library/common/1.0.0/templates/lib/pod/_imagePullSecrets.tpl b/library/common/1.0.0/templates/lib/pod/_imagePullSecrets.tpl index d723652d..e2542931 100644 --- a/library/common/1.0.0/templates/lib/pod/_imagePullSecrets.tpl +++ b/library/common/1.0.0/templates/lib/pod/_imagePullSecrets.tpl @@ -11,7 +11,7 @@ {{- $name := .name -}} {{- $root := .root -}} - {{- $credsName := $name | replace " " "-" | lower -}} + {{- $credsName := $name | lower -}} {{- $secretName := printf "%v-%v" (include "ix.v1.common.names.fullname" $root) $credsName | trunc 63 -}} {{- $secretName -}} {{- end -}}