diff --git a/library/common-test/tests/volsync/replication_dest_metadata_test.yaml b/library/common-test/tests/volsync/replication_dest_metadata_test.yaml index 30037870..0e9e49aa 100644 --- a/library/common-test/tests/volsync/replication_dest_metadata_test.yaml +++ b/library/common-test/tests/volsync/replication_dest_metadata_test.yaml @@ -42,12 +42,11 @@ tests: credentials: mys3: type: s3 - url: "" - region: "" - bucket: "" - accessKey: "" - secretKey: "" - encrKey: "" + url: some-url + bucket: some-bucket + encrKey: some-key + accessKey: some-access-key + secretKey: some-secret-key asserts: - documentIndex: &secretDoc 0 isKind: diff --git a/library/common-test/tests/volsync/replication_dest_name_test.yaml b/library/common-test/tests/volsync/replication_dest_name_test.yaml index 8372bc2e..f52ba3ad 100644 --- a/library/common-test/tests/volsync/replication_dest_name_test.yaml +++ b/library/common-test/tests/volsync/replication_dest_name_test.yaml @@ -32,12 +32,11 @@ tests: credentials: mys3: type: s3 - url: "" - region: "" - bucket: "" - accessKey: "" - secretKey: "" - encrKey: "" + url: some-url + bucket: some-bucket + encrKey: some-key + accessKey: some-access-key + secretKey: some-secret-key asserts: - documentIndex: &secretDoc 0 isKind: diff --git a/library/common-test/tests/volsync/replication_source_metadata_test.yaml b/library/common-test/tests/volsync/replication_source_metadata_test.yaml index bfd8cef9..5798364e 100644 --- a/library/common-test/tests/volsync/replication_source_metadata_test.yaml +++ b/library/common-test/tests/volsync/replication_source_metadata_test.yaml @@ -42,12 +42,11 @@ tests: credentials: mys3: type: s3 - url: "" - region: "" - bucket: "" - accessKey: "" - secretKey: "" - encrKey: "" + url: some-url + bucket: some-bucket + encrKey: some-key + accessKey: some-access-key + secretKey: some-secret-key asserts: - documentIndex: &secretDoc 0 isKind: diff --git a/library/common-test/tests/volsync/replication_source_name_test.yaml b/library/common-test/tests/volsync/replication_source_name_test.yaml index 2f0885b3..156e8b72 100644 --- a/library/common-test/tests/volsync/replication_source_name_test.yaml +++ b/library/common-test/tests/volsync/replication_source_name_test.yaml @@ -32,12 +32,11 @@ tests: credentials: mys3: type: s3 - url: "" - region: "" - bucket: "" - accessKey: "" - secretKey: "" - encrKey: "" + url: some-url + bucket: some-bucket + encrKey: some-key + accessKey: some-access-key + secretKey: some-secret-key asserts: - documentIndex: &secretDoc 0 isKind: diff --git a/library/common-test/tests/volsync/validation_test.yaml b/library/common-test/tests/volsync/validation_test.yaml new file mode 100644 index 00000000..05b4d922 --- /dev/null +++ b/library/common-test/tests/volsync/validation_test.yaml @@ -0,0 +1,197 @@ +suite: volsync validation test +templates: + - common.yaml +release: + name: test-release-name + namespace: test-release-namespace +tests: + - it: should fail with empty name + set: + persistence: + src-backup: + enabled: true + type: pvc + mountPath: /backed-up + volsync: + - name: "" + type: restic + credentials: my-secret + src: + enabled: true + dest: + enabled: false + credentials: {} + asserts: + - failedTemplate: + errorMessage: VolSync - Expected non-empty [name] + + - it: should fail with empty credentials + set: + persistence: + src-backup: + enabled: true + type: pvc + mountPath: /backedup + volsync: + - name: my-backup + type: restic + credentials: "" + src: + enabled: true + dest: + enabled: false + asserts: + - failedTemplate: + errorMessage: VolSync - Expected non-empty [credentials] + + - it: should fail if referenced credentials does not exist + set: + persistence: &persistence + src-backup: + enabled: true + type: pvc + mountPath: /backedup + volsync: + - name: my-backup + type: restic + credentials: my-secret + src: + enabled: true + dest: + enabled: false + credentials: {} + asserts: + - failedTemplate: + errorMessage: VolSync - Expected credentials [my-secret] to be defined in [credentials.my-secret] + + - it: should fail if credentials.url is empty + set: + persistence: *persistence + credentials: + my-secret: + type: s3 + url: "" + asserts: + - failedTemplate: + errorMessage: VolSync - Expected non-empty [url] in [credentials.my-secret] + + - it: should fail if credentials.bucket is empty + set: + persistence: *persistence + credentials: + my-secret: + type: s3 + url: some-url + bucket: "" + asserts: + - failedTemplate: + errorMessage: VolSync - Expected non-empty [bucket] in [credentials.my-secret] + + - it: should fail if credentials.encrKey is empty + set: + persistence: *persistence + credentials: + my-secret: + type: s3 + url: some-url + bucket: some-bucket + encrKey: "" + asserts: + - failedTemplate: + errorMessage: VolSync - Expected non-empty [encrKey] in [credentials.my-secret] + + - it: should fail if credentials.accessKey is empty + set: + persistence: *persistence + credentials: + my-secret: + type: s3 + url: some-url + bucket: some-bucket + encrKey: some-key + accessKey: "" + asserts: + - failedTemplate: + errorMessage: VolSync - Expected non-empty [accessKey] in [credentials.my-secret] + + - it: should fail if credentials.secretKey is empty + set: + persistence: *persistence + credentials: + my-secret: + type: s3 + url: some-url + bucket: some-bucket + encrKey: some-key + accessKey: some-access-key + secretKey: "" + asserts: + - failedTemplate: + errorMessage: VolSync - Expected non-empty [secretKey] in [credentials.my-secret] + + - it: should fail with invalid copy method + set: + persistence: + src-backup: + enabled: true + type: pvc + mountPath: /backedup + volsync: + - name: my-backup + type: restic + credentials: my-secret + copyMethod: invalid + src: + enabled: true + dest: + enabled: false + credentials: &credentials + my-secret: + type: s3 + url: some-url + bucket: some-bucket + encrKey: some-key + accessKey: some-access-key + secretKey: some-secret-key + asserts: + - failedTemplate: + errorMessage: VolSync - Expected [copyMethod] to be one of [Clone, Direct, Snapshot], but got [invalid] + + - it: should fail with empty type + set: + persistence: + src-backup: + enabled: true + type: pvc + mountPath: /backedup + volsync: + - name: my-backup + type: "" + credentials: my-secret + src: + enabled: true + dest: + enabled: false + asserts: + - failedTemplate: + errorMessage: VolSync - Expected non-empty [type] + + - it: should fail with invalid type + set: + persistence: + src-backup: + enabled: true + type: pvc + mountPath: /backedup + volsync: + - name: my-backup + type: invalid + credentials: my-secret + src: + enabled: true + dest: + enabled: false + credentials: *credentials + asserts: + - failedTemplate: + errorMessage: VolSync - Expected [type] to be one of [restic], but got [invalid] diff --git a/library/common/templates/lib/volsync/_validation.tpl b/library/common/templates/lib/volsync/_validation.tpl new file mode 100644 index 00000000..dd096e7f --- /dev/null +++ b/library/common/templates/lib/volsync/_validation.tpl @@ -0,0 +1,46 @@ +{{- define "tc.v1.common.lib.volsync.validation" -}} + {{- $objectData := .objectData -}} + {{- $rootCtx := .rootCtx -}} + + {{- if not $objectData.name -}} + {{- fail "VolSync - Expected non-empty [name]" -}} + {{- end -}} + + {{- if not $objectData.type -}} + {{- fail "VolSync - Expected non-empty [type]" -}} + {{- end -}} + + {{- $validTypes := list "restic" -}} + {{- if not (mustHas $objectData.type $validTypes) -}} + {{- fail (printf "VolSync - Expected [type] to be one of [%s], but got [%s]" (join ", " $validTypes) $objectData.type) -}} + {{- end -}} + + + {{- if not $objectData.credentials -}} + {{- fail "VolSync - Expected non-empty [credentials]" -}} + {{- end -}} + + {{- if not (kindIs "string" $objectData.credentials) -}} + {{- fail (printf "VolSync - Expected [credentials] to be a string, but got [%s]" (kindOf $objectData.credentials)) -}} + {{- end -}} + + {{- if not (get $rootCtx.Values.credentials $objectData.credentials) -}} + {{- fail (printf "VolSync - Expected credentials [%s] to be defined in [credentials.%s]" $objectData.credentials $objectData.credentials) -}} + {{- end -}} + + {{- $credentials := get $rootCtx.Values.credentials $objectData.credentials -}} + {{- $reqFields := list "url" "bucket" "encrKey" "accessKey" "secretKey" -}} + {{- range $key := $reqFields -}} + {{- if not (get $credentials $key) -}} + {{- fail (printf "VolSync - Expected non-empty [%s] in [credentials.%s]" $key $objectData.credentials) -}} + {{- end -}} + {{- end -}} + + {{- $copyMethods := list "Clone" "Direct" "Snapshot" -}} + {{- if $objectData.copyMethod -}} + {{- if not (mustHas $objectData.copyMethod $copyMethods) -}} + {{- fail (printf "VolSync - Expected [copyMethod] to be one of [%s], but got [%s]" (join ", " $copyMethods) $objectData.copyMethod) -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/library/common/templates/spawner/_pvc.tpl b/library/common/templates/spawner/_pvc.tpl index 888387be..8823f8d2 100644 --- a/library/common/templates/spawner/_pvc.tpl +++ b/library/common/templates/spawner/_pvc.tpl @@ -93,7 +93,10 @@ {{- if or $srcEnabled $destEnabled -}} {{- $volsyncData := (mustDeepCopy $volsync) -}} - {{/* Create Secret for VolSync */}} + {{- include "tc.v1.common.lib.volsync.validation" (dict "objectData" $volsyncData "rootCtx" $) -}} + {{- include "tc.v1.common.lib.metadata.validation" (dict "objectData" $volsyncData "caller" "PVC - VolSync") -}} + + {{/* Create Secret for VolSync */}} {{- $volsyncSecretName := printf "%s-volsync-%s" $objectData.name $volsync.name -}} {{- $_ := set $volsyncData "repository" $volsyncSecretName -}}