add transformation of secrets to lowercase and remove creation of vol…

…umeMounts and volumes for imagepullsecret (#633)
fkie-cad · Jul 16, 2024 · e1d054b · e1d054b
1 parent 8c1a340
commit e1d054b
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 5 deletions.
diff --git a/charts/logprep/Chart.yaml b/charts/logprep/Chart.yaml
@@ -6,7 +6,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "13.1.0"
+version: "13.1.1"
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/logprep/templates/deployment.yaml b/charts/logprep/templates/deployment.yaml
@@ -101,9 +101,11 @@ spec:
               mountPath: /home/logprep/output-config.yaml
               subPath: output-config.yaml
             {{- range $key, $value := .Values.secrets }}
-            - name: {{ $key }}
-              mountPath: /home/logprep/{{ $key }}/{{ $value.name }}
+            {{ if ne $key "imagePullSecret" }}
+            - name: {{ lower $key }}
+              mountPath: /home/logprep/{{ lower $key }}/{{ lower $value.name }}
               subPath: {{ $value.name }}
+            {{ end }}
             {{- end }}
           {{- if or .Values.exporter.enabled (eq .Values.input.type "http_input") }}
           {{- if eq .Values.input.type "http_input" }}
@@ -169,10 +171,12 @@ spec:
             name: {{ include "logprep.fullname" . }}-artifacts
         {{- end }}
         {{- range $key, $value := .Values.secrets }}
-        - name: {{ $key }}
+        {{- if ne $key "imagePullSecret" }}
+        - name: {{ lower $key }}
           secret:
             secretName: {{ $value.name }}
         {{- end }}
+        {{- end }}
       {{- if .Values.affinity }}
       affinity:
         podAntiAffinity:

diff --git a/tests/unit/charts/test_deployment.py b/tests/unit/charts/test_deployment.py
@@ -120,6 +120,33 @@ def test_certificates_volume_mount(self):
         else:
             assert False, "certificates mount not found"
 
+    @pytest.mark.parametrize(
+        "logprep_values, expected",
+        [
+            ({}, False),
+            ({"secrets": {"logprep-secret": {"name": "my-secret"}}}, True),
+            ({"secrets": {"LoGpReP-Secret": {"name": "my-not-lowercase-secret"}}}, True),
+        ],
+    )
+    def test_secret_deployment(self, logprep_values, expected):
+        self.manifests = self.render_chart("logprep", logprep_values)
+        volumes = self.deployment["spec.template.spec.volumes"]
+        mounts = self.deployment["spec.template.spec.containers.0.volumeMounts"]
+
+        for volume in volumes:
+            if volume["name"] == "logprep-secret":
+                assert expected
+                break
+        else:
+            assert not expected, "secret volume not found"
+
+        for mount in mounts:
+            if mount["name"] == "logprep-secret":
+                assert expected
+                break
+        else:
+            assert not expected, "secret mount not found"
+
     @pytest.mark.parametrize(
         "logprep_values, expected",
         [
@@ -168,7 +195,7 @@ def test_credentials_env(self):
 
     def test_credentials_volume(self):
         self.manifests = self.render_chart(
-            "logprep", {"secrets": {"credentials": {"name": "my-creds"}}}
+            "logprep", {"secrets": {"Credentials": {"name": "my-creds"}}}
         )
         volumes = self.deployment["spec.template.spec.volumes"]
         for volume in volumes:
@@ -226,6 +253,28 @@ def test_image_pull_secret(self, logprep_values, expected):
         if expected:
             assert image_pull_secret.get("name") == expected
 
+    def test_image_pull_secret_has_no_volume(self):
+        self.manifests = self.render_chart(
+            "logprep", {"secrets": {"imagePullSecret": {"name": "my-secret"}}}
+        )
+        image_pull_secret = self.deployment["spec.template.spec.imagePullSecrets.0"]
+        assert image_pull_secret.get("name") == "my-secret"
+        volumes = self.deployment["spec.template.spec.volumes"]
+        for volume in volumes:
+            if volume["name"] == "imagepullsecret":
+                assert False, "imagePullSecret in volumes"
+
+    def test_image_pull_secret_has_no_mount(self):
+        self.manifests = self.render_chart(
+            "logprep", {"secrets": {"imagePullSecret": {"name": "my-secret"}}}
+        )
+        image_pull_secret = self.deployment["spec.template.spec.imagePullSecrets.0"]
+        assert image_pull_secret.get("name") == "my-secret"
+        mounts = self.deployment["spec.template.spec.containers.0.volumeMounts"]
+        for mount in mounts:
+            if mount["name"] == "imagepullsecret":
+                assert False, "imagePullSecret in volumeMonts"
+
     def test_configuration_with_http_endpoints_command_is_appended(self):
         logprep_values = {
             "configurations": [