feat(common): Release v4.1.2 (#430)

Signed-off-by: Dan Manners <daniel.a.manners@gmail.com>
Co-authored-by: Daniel Manners <daniel.a.manners@gmail.com>

charts/library/common/test-chart/Chart.yaml

@@ -5,9 +5,9 @@ name: common-test
 version: 1.0.0
 kubeVersion: ">=1.28.0-0"
 maintainers:
-  - name: bjw-s
-    email: me@bjw-s.dev
+- name: bjw-s
+  email: me@bjw-s.dev
 dependencies:
-  - name: common
-    repository: file://../
-    version: ">0.0.0-0"
+- name: common
+  repository: file://../
+  version: ">0.0.0-0"

charts/library/common/test-chart/ci/advanced-values.yaml

@@ -23,8 +23,8 @@ controllers:
 
       a-container:
         dependsOn:
-          - main
-          - third-container
+        - main
+        - third-container
         image:
           repository: ghcr.io/mendhak/http-https-echo
           tag: 31
@@ -60,15 +60,15 @@ service:
 ingress:
   main:
     hosts:
-      - host: "test.local"
-        paths:
-          - path: /
-            service:
-              identifier: main
-              port: http
+    - host: "test.local"
+      paths:
+      - path: /
+        service:
+          identifier: main
+          port: http
     tls:
-      - hosts:
-          - "test.local"
+    - hosts:
+      - "test.local"
 
 configMaps:
   config:
@@ -80,19 +80,24 @@ persistence:
     type: configMap
     identifier: config
     advancedMounts:
-      main: # the controller with the "main" identifier
-        main: # the container with the "main" identifier
-          - path: /data/config.yaml
-            readOnly: false
-            subPath: config.yaml
-        second-container: # the container with the "second-container" identifier
-          - path: /appdata/config
-            readOnly: true
-      second-controller: # the controller with the "second-controller" identifier
-        main: # the container with the "main" identifier
-          - path: /data/config.yaml
-            readOnly: false
-            subPath: config.yaml
+      main:
+        # the controller with the "main" identifier
+        main:
+        # the container with the "main" identifier
+        - path: /data/config.yaml
+          readOnly: false
+          subPath: config.yaml
+        second-container:
+        # the container with the "second-container" identifier
+        - path: /appdata/config
+          readOnly: true
+      second-controller:
+        # the controller with the "second-controller" identifier
+        main:
+        # the container with the "main" identifier
+        - path: /data/config.yaml
+          readOnly: false
+          subPath: config.yaml
 
 rawResources:
   unsupportedPDB:

charts/library/common/test-chart/ci/basic-values.yaml

@@ -20,12 +20,12 @@ controllers:
 ingress:
   main:
     hosts:
-      - host: "test.local"
-        paths:
-          - path: /
+    - host: "test.local"
+      paths:
+      - path: /
     tls:
-      - hosts:
-          - "test.local"
+    - hosts:
+      - "test.local"
 
 service:
   main:

charts/library/common/test-chart/ci/vaultwarden-example.yaml

@@ -36,23 +36,23 @@ ingress:
   # -- Enable and configure ingress settings for the chart under this key.
   main:
     hosts:
-      - host: chart-example.local
-        paths:
-          - path: /
-            pathType: Prefix
-            service:
-              name: main
-              port: http
-          - path: /notifications/hub/negotiate
-            pathType: Prefix
-            service:
-              name: main
-              port: http
-          - path: /notifications/hub
-            pathType: Prefix
-            service:
-              name: main
-              port: websocket
+    - host: chart-example.local
+      paths:
+      - path: /
+        pathType: Prefix
+        service:
+          name: main
+          port: http
+      - path: /notifications/hub/negotiate
+        pathType: Prefix
+        service:
+          name: main
+          port: http
+      - path: /notifications/hub
+        pathType: Prefix
+        service:
+          name: main
+          port: websocket
 
 # -- Configure persistence settings for the chart under this key.
 persistence:
@@ -61,4 +61,4 @@ persistence:
     accessMode: ReadWriteOnce
     size: 1Gi
     globalMounts:
-      - path: /config
+    - path: /config

charts/library/common/test-chart/unittests/_values/rbac_values.yaml

@@ -6,9 +6,9 @@ rbac:
     defaultRole:
       type: Role
       rules:
-        - apiGroups: [""]
-          resources: ["pods"]
-          verbs: ["get", "list"]
+      - apiGroups: [ "" ]
+        resources: [ "pods" ]
+        verbs: [ "get", "list" ]
 
   bindings:
     defaultBinding:
@@ -16,4 +16,4 @@ rbac:
       roleRef:
         identifier: defaultRole
       subjects:
-        - identifier: default
+      - identifier: default

charts/library/common/test-chart/unittests/rbac/presence_test.yaml

@@ -1,9 +1,10 @@
 ---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 suite: rbac - presence
 templates:
   - common.yaml
 tests:
-  - it: role and rolebinding can be configured are not created by default
+  - it: role and rolebinding are not created by default
     asserts:
       - not: true
         containsDocument:
@@ -25,7 +26,9 @@ tests:
           value: release-name
         equal:
           path: rules[0].verbs
-          value: ["get", "list"]
+          value:
+            - "get"
+            - "list"
       - documentSelector:
           path: $[?(@.kind == "RoleBinding")].metadata.name
           value: release-name
@@ -60,13 +63,22 @@ tests:
       rbac.roles.customRole:
         type: ClusterRole
         rules:
-          - apiGroups: ["*"]
-            resources: ["*"]
-            verbs: ["get", "list", "watch"]
+          - apiGroups:
+              - "*"
+            resources:
+              - "*"
+            verbs:
+              - "get"
+              - "list"
+              - "watch"
     asserts:
-      - documentSelector:
-          path: $[?(@.kind == "ClusterRole")].metadata.name
-          value: release-name-customrole
-        equal:
-          path: rules[0].verbs
-          value: ["get", "list", "watch"]
+      - containsDocument:
+          kind: Role
+          apiVersion: rbac.authorization.k8s.io/v1
+          any: true
+          name: release-name-defaultrole
+      - containsDocument:
+          kind: ClusterRole
+          apiVersion: rbac.authorization.k8s.io/v1
+          any: true
+          name: release-name-customrole

charts/library/common/test-chart/unittests/rbac/role_test.yaml

@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: rbac - role tests
+templates:
+  - common.yaml
+values:
+  - ../_values/rbac_values.yaml
+tests:
+  - it: Role should be namespaced
+    documentSelector:
+      path: $[?(@.kind == "Role")].metadata.name
+      value: release-name
+    asserts:
+      - exists:
+          path: metadata.namespace
+
+  - it: ClusterRole should not be namespaced
+    set:
+      rbac.roles.defaultRole:
+        type: ClusterRole
+    documentSelector:
+      path: $[?(@.kind == "ClusterRole")].metadata.name
+      value: release-name
+    asserts:
+      - notExists:
+          path: metadata.namespace

charts/library/common/test-chart/unittests/rbac/rolebinding_test.yaml

@@ -0,0 +1,84 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: rbac - rolebinding tests
+templates:
+  - common.yaml
+set:
+  rbac:
+    bindings:
+      defaultBinding:
+        enabled: true
+        type: RoleBinding
+        roleRef:
+          name: defaultBinding
+          kind: Role
+        subjects:
+          - kind: Group
+            name: oidc:/default-group
+          - kind: User
+            name: default-username
+          - kind: ServiceAccount
+            name: default
+            namespace: default
+tests:
+  - it: RoleBinding should be namespaced
+    documentSelector:
+      path: $[?(@.kind == "RoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - exists:
+          path: metadata.namespace
+
+  - it: ClusterRoleBinding should not be namespaced
+    set:
+      rbac.bindings.defaultBinding:
+        type: ClusterRoleBinding
+    documentSelector:
+      path: $[?(@.kind == "ClusterRoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - notExists:
+          path: metadata.namespace
+
+  - it: subject must be a valid group
+    documentSelector:
+      path: $[?(@.kind == "RoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - equal:
+          path: subjects[0].kind
+          value: Group
+      - equal:
+          path: subjects[0].name
+          value: oidc:/default-group
+      - notExists:
+          path: subjects[0].namespace
+
+  - it: subject must be a valid user
+    documentSelector:
+      path: $[?(@.kind == "RoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - equal:
+          path: subjects[1].kind
+          value: User
+      - equal:
+          path: subjects[1].name
+          value: default-username
+      - notExists:
+          path: subjects[0].namespace
+
+  - it: subject must be a valid user
+    documentSelector:
+      path: $[?(@.kind == "RoleBinding")].metadata.name
+      value: release-name
+    asserts:
+      - equal:
+          path: subjects[2].kind
+          value: ServiceAccount
+      - equal:
+          path: subjects[2].name
+          value: default
+      - equal:
+          path: subjects[2].namespace
+          value: default

charts/library/common/test-chart/unittests/route/field_hostnames_test.yaml

@@ -5,6 +5,7 @@ templates:
   - common.yaml
 values:
   - ../_values/controllers_main_default_container.yaml
+  - ../_values/service_main_default.yaml
 tests:
   - it: hostnames shouldn't be used for TCPRoutes and UDPRoutes
     set:

charts/library/common/test-chart/unittests/route/field_parentRefs_test.yaml

@@ -5,6 +5,7 @@ templates:
   - common.yaml
 values:
   - ../_values/controllers_main_default_container.yaml
+  - ../_values/service_main_default.yaml
 tests:
   - it: setting gateway should pass
     set:

charts/library/common/test-chart/unittests/route/metadata_annotations_test.yaml

@@ -5,6 +5,7 @@ templates:
   - common.yaml
 values:
   - ../_values/controllers_main_default_container.yaml
+  - ../_values/service_main_default.yaml
 set:
   route.main.parentRefs:
     - name: test

charts/library/common/test-chart/unittests/route/metadata_labels_test.yaml

@@ -5,6 +5,7 @@ templates:
   - common.yaml
 values:
   - ../_values/controllers_main_default_container.yaml
+  - ../_values/service_main_default.yaml
 set:
   route.main.parentRefs:
     - name: test

charts/library/common/test-chart/unittests/route/metadata_name_test.yaml

@@ -5,6 +5,7 @@ templates:
   - common.yaml
 values:
   - ../_values/controllers_main_default_container.yaml
+  - ../_values/service_main_default.yaml
 set:
   route.main:
     parentRefs:

charts/library/common/test-chart/unittests/route/presence_test.yaml

@@ -5,6 +5,7 @@ templates:
   - common.yaml
 values:
   - ../_values/controllers_main_default_container.yaml
+  - ../_values/service_main_default.yaml
 tests:
   - it: an HTTPRoute is not created by default
     asserts:

charts/library/common/test-chart/unittests/route/validations_test.yaml

@@ -78,3 +78,24 @@ tests:
     asserts:
       - failedTemplate:
           errorMessage: "Either name or identifier is required because automatic Service detection is not possible. (route: main)"
+
+  - it: automatic service and port reference should fail with absent rules field and when >1 service is enabled
+    set:
+      service:
+        main:
+          controller: main
+          ports:
+            ui:
+              port: 8082
+        second:
+          controller: main
+          ports:
+            ui:
+              port: 8082
+      route.main:
+        parentRefs:
+          - name: parentName
+            namespace: parentNamespace
+    asserts:
+      - failedTemplate:
+          errorMessage: "An explicit rule is required because automatic Service detection is not possible. (route: main)"