From e629dc9d65355a1329ae4535be423d03489317c4 Mon Sep 17 00:00:00 2001 From: "Ethan J. Brown" Date: Wed, 19 Jan 2022 18:55:56 -0800 Subject: [PATCH] Add volumes and env vars to helm hook test pod (#673) * Fix test typo * Add basic server-test Pod tests - This covers all existing functionality that matches what's present in server-statefulset.bats * Fix server-test helm hook Pod rendering - Properly adhere to the global.enabled flag and the presence of the injector.externalVaultAddr setting, the same way that the servers StatefulSet behaves * Add volumes and env vars to helm hook test pod - Uses the same extraEnvironmentVars, volumes and volumeMounts set on the server statefulset to configure the Vault server test pod used by the helm test hook - This is necessary in situations where TLS is configured, but the certificates are not affiliated with the k8s CA / part of k8s PKI - Fixes GH-665 --- CHANGELOG.md | 1 + templates/tests/server-test.yaml | 15 +- test/unit/server-statefulset.bats | 2 +- test/unit/server-test.bats | 241 ++++++++++++++++++++++++++++++ 4 files changed, 256 insertions(+), 3 deletions(-) create mode 100644 test/unit/server-test.bats diff --git a/CHANGELOG.md b/CHANGELOG.md index 47e5c28c3..90d4c3312 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Features: Improvements: * Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679) +* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673) ## 0.18.0 (November 17th, 2021) diff --git a/templates/tests/server-test.yaml b/templates/tests/server-test.yaml index 66aa178f5..d983b9df6 100644 --- a/templates/tests/server-test.yaml +++ b/templates/tests/server-test.yaml @@ -1,4 +1,6 @@ -{{- if .Values.server.enabled }} +{{ template "vault.mode" . }} +{{- if ne .mode "external" }} +{{- if and (ne .mode "") (eq (.Values.global.enabled | toString) "true") }} apiVersion: v1 kind: Pod metadata: @@ -15,6 +17,7 @@ spec: env: - name: VAULT_ADDR value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }} + {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }} command: - /bin/sh - -c @@ -35,6 +38,14 @@ spec: fi exit 0 - + volumeMounts: + {{- if .Values.server.volumeMounts }} + {{- toYaml .Values.server.volumeMounts | nindent 8}} + {{- end }} + volumes: + {{- if .Values.server.volumes }} + {{- toYaml .Values.server.volumes | nindent 4}} + {{- end }} restartPolicy: Never {{- end }} +{{- end }} diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index 65d6d9688..0a83ec6a1 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -537,7 +537,7 @@ load _helpers cd `chart_dir` local object=$(helm template \ --show-only templates/server-statefulset.yaml \ - --set 'server.stanadlone.enabled=true' \ + --set 'server.standalone.enabled=true' \ --set 'server.extraEnvironmentVars.FOO=bar' \ --set 'server.extraEnvironmentVars.FOOBAR=foobar' \ . | tee /dev/stderr | diff --git a/test/unit/server-test.bats b/test/unit/server-test.bats new file mode 100644 index 000000000..5fd65d561 --- /dev/null +++ b/test/unit/server-test.bats @@ -0,0 +1,241 @@ +#!/usr/bin/env bats + +load _helpers + +#-------------------------------------------------------------------- +# disable / enable server deployment + +@test "server/server-test-Pod: disabled server.enabled" { + cd `chart_dir` + local actual=$( (helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.enabled=false' \ + . || echo "---") | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "server/server-test-Pod: disabled server.enabled random string" { + cd `chart_dir` + local actual=$( (helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.enabled=blabla' \ + . || echo "---") | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "server/server-test-Pod: enabled server.enabled explicit true" { + cd `chart_dir` + local actual=$( (helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.enabled=true' \ + . || echo "---") | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +#-------------------------------------------------------------------- + +@test "server/standalone-server-test-Pod: default server.standalone.enabled" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "server/standalone-server-test-Pod: enable with server.standalone.enabled true" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.standalone.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "server/ha-server-test-Pod: enable with server.ha.enabled true" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.ha.enabled=true' \ + . | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +@test "server/standalone-server-test-Pod: disable with global.enabled" { + cd `chart_dir` + local actual=$( (helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'global.enabled=false' \ + --set 'server.standalone.enabled=true' \ + . || echo "---") | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "server/standalone-server-test-Pod: disable with injector.externalVaultAddr" { + cd `chart_dir` + local actual=$( (helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'injector.externalVaultAddr=http://vault-outside' \ + --set 'server.standalone.enabled=true' \ + . || echo "---") | tee /dev/stderr | + yq 'length > 0' | tee /dev/stderr) + [ "${actual}" = "false" ] +} + +@test "server/standalone-server-test-Pod: image defaults to server.image.repository:tag" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.image.repository=foo' \ + --set 'server.image.tag=1.2.3' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].image' | tee /dev/stderr) + [ "${actual}" = "foo:1.2.3" ] + + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.image.repository=foo' \ + --set 'server.image.tag=1.2.3' \ + --set 'server.standalone.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].image' | tee /dev/stderr) + [ "${actual}" = "foo:1.2.3" ] +} + +@test "server/standalone-server-test-Pod: image tag defaults to latest" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.image.repository=foo' \ + --set 'server.image.tag=' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].image' | tee /dev/stderr) + [ "${actual}" = "foo:latest" ] + + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.image.repository=foo' \ + --set 'server.image.tag=' \ + --set 'server.standalone.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].image' | tee /dev/stderr) + [ "${actual}" = "foo:latest" ] +} + +@test "server/standalone-server-test-Pod: default imagePullPolicy" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].imagePullPolicy' | tee /dev/stderr) + [ "${actual}" = "IfNotPresent" ] +} + +@test "server/standalone-server-test-Pod: Custom imagePullPolicy" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.image.pullPolicy=Always' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].imagePullPolicy' | tee /dev/stderr) + [ "${actual}" = "Always" ] +} + +#-------------------------------------------------------------------- +# resources + +@test "server/standalone-server-test-Pod: default resources" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.standalone.enabled=true' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].resources' | tee /dev/stderr) + [ "${actual}" = "null" ] +} + +#-------------------------------------------------------------------- +# volumes + +@test "server/standalone-server-test-Pod: server.volumes adds volume" { + cd `chart_dir` + + # Test that it defines it + local object=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.volumes[0].name=plugins' \ + --set 'server.volumes[0].emptyDir=\{\}' \ + . | tee /dev/stderr | + yq -r '.spec.volumes[] | select(.name == "plugins")' | tee /dev/stderr) + + local actual=$(echo $object | + yq -r '.emptyDir' | tee /dev/stderr) + [ "${actual}" = "{}" ] +} + +#-------------------------------------------------------------------- +# volumeMounts + +@test "server/standalone-server-test-Pod: server.volumeMounts adds volumeMount" { + cd `chart_dir` + + # Test that it defines it + local object=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.volumeMounts[0].name=plugins' \ + --set 'server.volumeMounts[0].mountPath=/usr/local/libexec/vault' \ + --set 'server.volumeMounts[0].readOnly=true' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].volumeMounts[] | select(.name == "plugins")' | tee /dev/stderr) + + local actual=$(echo $object | + yq -r '.mountPath' | tee /dev/stderr) + [ "${actual}" = "/usr/local/libexec/vault" ] + + local actual=$(echo $object | + yq -r '.readOnly' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + +#-------------------------------------------------------------------- +# extraEnvironmentVars + +@test "server/standalone-server-test-Pod: set extraEnvironmentVars" { + cd `chart_dir` + local object=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.standalone.enabled=true' \ + --set 'server.extraEnvironmentVars.FOO=bar' \ + --set 'server.extraEnvironmentVars.FOOBAR=foobar' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].env' | tee /dev/stderr) + + local name=$(echo $object | + yq -r 'map(select(.name=="FOO")) | .[] .value' | tee /dev/stderr) + [ "${name}" = "bar" ] + + local name=$(echo $object | + yq -r 'map(select(.name=="FOOBAR")) | .[] .value' | tee /dev/stderr) + [ "${name}" = "foobar" ] + + local object=$(helm template \ + --show-only templates/tests/server-test.yaml \ + --set 'server.extraEnvironmentVars.FOO=bar' \ + --set 'server.extraEnvironmentVars.FOOBAR=foobar' \ + . | tee /dev/stderr | + yq -r '.spec.containers[0].env' | tee /dev/stderr) + + local name=$(echo $object | + yq -r 'map(select(.name=="FOO")) | .[] .value' | tee /dev/stderr) + [ "${name}" = "bar" ] + + local name=$(echo $object | + yq -r 'map(select(.name=="FOOBAR")) | .[] .value' | tee /dev/stderr) + [ "${name}" = "foobar" ] +}