diff --git a/charts/consul/test/unit/gossip-encryption-autogeneration-job.bats b/charts/consul/test/unit/gossip-encryption-autogeneration-job.bats index 25fd9140e4..958bb0600f 100644 --- a/charts/consul/test/unit/gossip-encryption-autogeneration-job.bats +++ b/charts/consul/test/unit/gossip-encryption-autogeneration-job.bats @@ -2,14 +2,14 @@ load _helpers -@test "autogenEncryption/Job: disabled by default" { +@test "gossipEncryptionAutogeneration/Job: disabled by default" { cd `chart_dir` assert_empty helm template \ -s templates/gossip-encryption-autogen-job.yaml \ . } -@test "autogenEncryption/Job: enabled with global.gossipEncryption.autoGenerate=true" { +@test "gossipEncryptionAutogeneration/Job: enabled with global.gossipEncryption.autoGenerate=true" { cd `chart_dir` local actual=$(helm template \ -s templates/gossip-encryption-autogen-job.yaml \ @@ -19,7 +19,7 @@ load _helpers [ "${actual}" = "true" ] } -@test "autogenEncryption/Job: disabled when global.gossipEncryption.autoGenerate=false" { +@test "gossipEncryptionAutogeneration/Job: disabled when global.gossipEncryption.autoGenerate=false" { cd `chart_dir` assert_empty helm template \ -s templates/gossip-encryption-autogen-job.yaml \ @@ -27,7 +27,7 @@ load _helpers . } -@test "autogenEncryption/Job: fails if global.gossipEncryption.autoGenerate=true and global.gossipEncryption.secretName and global.gossipEncryption.secretKey are set" { +@test "gossipEncryptionAutogeneration/Job: fails if global.gossipEncryption.autoGenerate=true and global.gossipEncryption.secretName and global.gossipEncryption.secretKey are set" { cd `chart_dir` run helm template \ -s templates/gossip-encryption-autogen-job.yaml \ @@ -39,7 +39,7 @@ load _helpers [[ "$output" =~ "If global.gossipEncryption.autoGenerate is true, global.gossipEncryption.secretName and global.gossipEncryption.secretKey must not be set." ]] } -@test "autogenEncryption/Job: fails if global.gossipEncryption.autoGenerate=true and global.gossipEncryption.secretName are set" { +@test "gossipEncryptionAutogeneration/Job: fails if global.gossipEncryption.autoGenerate=true and global.gossipEncryption.secretName are set" { cd `chart_dir` run helm template \ -s templates/gossip-encryption-autogen-job.yaml \ @@ -50,7 +50,7 @@ load _helpers [[ "$output" =~ "If global.gossipEncryption.autoGenerate is true, global.gossipEncryption.secretName and global.gossipEncryption.secretKey must not be set." ]] } -@test "autogenEncryption/Job: fails if global.gossipEncryption.autoGenerate=true and global.gossipEncryption.secretKey are set" { +@test "gossipEncryptionAutogeneration/Job: fails if global.gossipEncryption.autoGenerate=true and global.gossipEncryption.secretKey are set" { cd `chart_dir` run helm template \ -s templates/gossip-encryption-autogen-job.yaml \ @@ -62,7 +62,7 @@ load _helpers } -@test "autogenEncryption/Job: secretName and secretKey are generated" { +@test "gossipEncryptionAutogeneration/Job: secretName and secretKey are generated" { cd `chart_dir` local actual=$(helm template \ -s templates/gossip-encryption-autogen-job.yaml \ diff --git a/charts/consul/test/unit/gossip-encryption-autogeneration-podsecurity.bats b/charts/consul/test/unit/gossip-encryption-autogeneration-podsecurity.bats new file mode 100644 index 0000000000..0709751d3c --- /dev/null +++ b/charts/consul/test/unit/gossip-encryption-autogeneration-podsecurity.bats @@ -0,0 +1,28 @@ +#!/usr/bin/env bats + +load _helpers + +@test "gossipEncryptionAutogeneration/PodSecurityPolicy: disabled by default" { + cd `chart_dir` + assert_empty helm template \ + -s templates/gossip-encryption-autogeneration-podsecuritypolicy.yaml \ + . +} + +@test "gossipEncryptionAutogeneration/PodSecurityPolicy: disabled with global.gossipEncryption.autoGenerate=false" { + cd `chart_dir` + assert_empty helm template \ + -s templates/gossip-encryption-autogeneration-podsecuritypolicy.yaml \ + --set 'global.gossipEncryption.autoGenerate=false' \ + . +} + +@test "gossipEncryptionAutogeneration/PodSecurityPolicy: enabled with global.gossipEncryption.autoGenerate=test" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/gossip-encryption-autogeneration-podsecuritypolicy.yaml \ + --set 'global.gossipEncryption.autoGenerate=true' \ + . | tee /dev/stderr | + yq -s 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} \ No newline at end of file diff --git a/charts/consul/test/unit/gossip-encryption-autogeneration-role.bats b/charts/consul/test/unit/gossip-encryption-autogeneration-role.bats new file mode 100644 index 0000000000..7052bb7ba5 --- /dev/null +++ b/charts/consul/test/unit/gossip-encryption-autogeneration-role.bats @@ -0,0 +1,28 @@ +#!/usr/bin/env bats + +load _helpers + +@test "gossipEncryptionAutogeneration/Role: disabled by default" { + cd `chart_dir` + assert_empty helm template \ + -s templates/gossip-encryption-autogeneration-role.yaml \ + . +} + +@test "gossipEncryptionAutogeneration/Role: disabled with global.gossipEncryption.autoGenerate=false" { + cd `chart_dir` + assert_empty helm template \ + -s templates/gossip-encryption-autogeneration-role.yaml \ + --set 'global.gossipEncryption.autoGenerate=false' \ + . +} + +@test "gossipEncryptionAutogeneration/Role: enabled when global.gossipEncryption.autoGenerate=true" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/gossip-encryption-autogeneration-role.yaml \ + --set 'global.gossipEncryption.autoGenerate=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} diff --git a/charts/consul/test/unit/gossip-encryption-autogeneration-rolebinding.bats b/charts/consul/test/unit/gossip-encryption-autogeneration-rolebinding.bats new file mode 100644 index 0000000000..a3b79a3174 --- /dev/null +++ b/charts/consul/test/unit/gossip-encryption-autogeneration-rolebinding.bats @@ -0,0 +1,29 @@ + +#!/usr/bin/env bats + +load _helpers + +@test "gossipEncryptionAutogeneration/RoleBinding: disabled by default" { + cd `chart_dir` + assert_empty helm template \ + -s templates/gossip-encryption-autogeneration-rolebinding.yaml \ + . +} + +@test "gossipEncryptionAutogeneration/RoleBinding: disabled with global.gossipEncryption.autoGenerate=false" { + cd `chart_dir` + assert_empty helm template \ + -s templates/gossip-encryption-autogeneration-rolebinding.yaml \ + --set 'global.gossipEncryption.autoGenerate=false' \ + . +} + +@test "gossipEncryptionAutogeneration/RoleBinding: enabled with global.gossipEncryption.autoGenerate=true" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/gossip-encryption-autogeneration-rolebinding.yaml \ + --set 'global.gossipEncryption.autoGenerate=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} \ No newline at end of file diff --git a/charts/consul/test/unit/gossip-encryption-autogeneration-serviceaccount.bats b/charts/consul/test/unit/gossip-encryption-autogeneration-serviceaccount.bats new file mode 100644 index 0000000000..aa86571c33 --- /dev/null +++ b/charts/consul/test/unit/gossip-encryption-autogeneration-serviceaccount.bats @@ -0,0 +1,50 @@ +#!/usr/bin/env bats + +load _helpers + +@test "gossipEncryptionAutogeneration/ServiceAccount: disabled by default" { + cd `chart_dir` + assert_empty helm template \ + -s templates/gossip-encryption-autogeneration-serviceaccount.yaml \ + . +} + +@test "gossipEncryptionAutogeneration/ServiceAccount: disabled with global.gossipEncryption.autoGenerate=false" { + cd `chart_dir` + assert_empty helm template \ + -s templates/gossip-encryption-autogeneration-serviceaccount.yaml \ + --set 'global.gossipEncryption.autoGenerate=false' \ + . +} + +@test "gossipEncryptionAutogeneration/ServiceAccount: enabled with global.gossipEncryption.autoGenerate=true" { + cd `chart_dir` + local actual=$(helm template \ + -s templates/gossip-encryption-autogeneration-serviceaccount.yaml \ + --set 'global.gossipEncryption.autoGenerate=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +#-------------------------------------------------------------------- +# global.imagePullSecrets + +@test "gossipEncryptionAutogeneration/ServiceAccount: can set image pull secrets" { + cd `chart_dir` + local object=$(helm template \ + -s templates/gossip-encryption-autogeneration-serviceaccount.yaml \ + --set 'global.gossipEncryption.autoGenerate=true' \ + --set 'global.imagePullSecrets[0].name=my-secret' \ + --set 'global.imagePullSecrets[1].name=my-secret2' \ + . | tee /dev/stderr) + + local actual=$(echo "$object" | + yq -r '.imagePullSecrets[0].name' | tee /dev/stderr) + [ "${actual}" = "my-secret" ] + + local actual=$(echo "$object" | + yq -r '.imagePullSecrets[1].name' | tee /dev/stderr) + [ "${actual}" = "my-secret2" ] +} +