mirror of
https://github.com/bjw-s-labs/helm-charts.git
synced 2025-07-04 08:57:04 +02:00
feat(common): Release 3.5.0 (#357)
Co-authored-by: Lawrence Gil <lawrence.gil@assemblyglobal.com>
This commit is contained in:
Bernd Schorgers
GitHub
parent
5a722abfa9
commit
90e6b9e7cf
42 changed files with 1092 additions and 164 deletions
Binary file not shown.
|
After Width: | Height: | Size: 26 KiB |
19
charts/library/common-test/tests/_values/rbac_values.yaml
Normal file
19
charts/library/common-test/tests/_values/rbac_values.yaml
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
serviceAccount:
|
||||
create: true
|
||||
|
||||
rbac:
|
||||
roles:
|
||||
defaultRole:
|
||||
type: Role
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["get", "list"]
|
||||
|
||||
bindings:
|
||||
defaultBinding:
|
||||
type: RoleBinding
|
||||
roleRef:
|
||||
identifier: defaultRole
|
||||
subjects:
|
||||
- identifier: default
|
||||
|
|
@ -69,4 +69,75 @@ tests:
|
|||
- documentIndex: *deploymentDocument
|
||||
equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: mySA
|
||||
value: default
|
||||
|
||||
- it: with extraServiceAccounts default should pass
|
||||
set:
|
||||
serviceAccount:
|
||||
create: false
|
||||
name: mySA
|
||||
extraServiceAccounts:
|
||||
mySA2:
|
||||
create: false
|
||||
mySA3:
|
||||
create: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 3
|
||||
- documentIndex: &deploymentDocument 1
|
||||
isKind:
|
||||
of: Deployment
|
||||
- documentIndex: *deploymentDocument
|
||||
equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: default
|
||||
|
||||
- it: with extraServiceAccounts identifier should pass
|
||||
set:
|
||||
controllers:
|
||||
main:
|
||||
serviceAccount:
|
||||
identifier: mySA3
|
||||
serviceAccount:
|
||||
create: false
|
||||
name: mySA
|
||||
extraServiceAccounts:
|
||||
mySA2:
|
||||
create: false
|
||||
mySA3:
|
||||
create: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 3
|
||||
- documentIndex: &deploymentDocument 1
|
||||
isKind:
|
||||
of: Deployment
|
||||
- documentIndex: *deploymentDocument
|
||||
equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: RELEASE-NAME-mySA3
|
||||
|
||||
- it: with extraServiceAccounts name should pass
|
||||
set:
|
||||
controllers:
|
||||
main:
|
||||
serviceAccount:
|
||||
name: arbitrary-SA
|
||||
serviceAccount:
|
||||
create: false
|
||||
name: mySA
|
||||
extraServiceAccounts:
|
||||
mySA2:
|
||||
create: false
|
||||
mySA3:
|
||||
create: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 3
|
||||
- documentIndex: &deploymentDocument 1
|
||||
isKind:
|
||||
of: Deployment
|
||||
- documentIndex: *deploymentDocument
|
||||
equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: arbitrary-SA
|
||||
|
|
|
|||
60
charts/library/common-test/tests/rbac/metadata_test.yaml
Normal file
60
charts/library/common-test/tests/rbac/metadata_test.yaml
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
suite: rbac metadata
|
||||
|
||||
set:
|
||||
serviceAccount:
|
||||
name: test-sa
|
||||
|
||||
templates:
|
||||
- common.yaml
|
||||
values:
|
||||
- ../_values/rbac_values.yaml
|
||||
tests:
|
||||
- it: default metadata should pass
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 4
|
||||
- documentIndex: &RoleDocument 2
|
||||
isKind:
|
||||
of: Role
|
||||
- documentIndex: *RoleDocument
|
||||
notExists:
|
||||
path: metadata.annotations
|
||||
- documentIndex: *RoleDocument
|
||||
equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: RELEASE-NAME
|
||||
helm.sh/chart: common-test-1.0.0
|
||||
|
||||
- it: custom metadata should pass
|
||||
set:
|
||||
rbac:
|
||||
roles:
|
||||
defaultRole:
|
||||
annotations:
|
||||
test_annotation: test
|
||||
labels:
|
||||
test_label: test
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 4
|
||||
- documentIndex: &RoleDocument 2
|
||||
isKind:
|
||||
of: Role
|
||||
- documentIndex: *RoleDocument
|
||||
equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
test_annotation: test
|
||||
- documentIndex: *RoleDocument
|
||||
equal:
|
||||
path: metadata.labels
|
||||
value:
|
||||
app.kubernetes.io/instance: RELEASE-NAME
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/name: RELEASE-NAME
|
||||
helm.sh/chart: common-test-1.0.0
|
||||
test_label: test
|
||||
58
charts/library/common-test/tests/rbac/names_test.yaml
Normal file
58
charts/library/common-test/tests/rbac/names_test.yaml
Normal file
|
|
@ -0,0 +1,58 @@
|
|||
---
|
||||
suite: rbac names
|
||||
|
||||
set:
|
||||
serviceAccount:
|
||||
name: test-sa
|
||||
|
||||
templates:
|
||||
- common.yaml
|
||||
values:
|
||||
- ../_values/rbac_values.yaml
|
||||
tests:
|
||||
- it: default role and rolebinding names should pass
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 4
|
||||
- documentIndex: &RoleDocument 2
|
||||
isKind:
|
||||
of: Role
|
||||
- documentIndex: *RoleDocument
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-defaultRole
|
||||
|
||||
- documentIndex: &BindingDocument 3
|
||||
isKind:
|
||||
of: RoleBinding
|
||||
- documentIndex: *BindingDocument
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-defaultBinding
|
||||
|
||||
- it: custom role name should pass
|
||||
set:
|
||||
rbac:
|
||||
roles:
|
||||
defaultRole:
|
||||
forceRename: customRole
|
||||
bindings:
|
||||
defaultBinding:
|
||||
forceRename: customBinding
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 4
|
||||
- documentIndex: &RoleDocument 2
|
||||
isKind:
|
||||
of: Role
|
||||
- documentIndex: &BindingDocument 3
|
||||
isKind:
|
||||
of: RoleBinding
|
||||
- documentIndex: *RoleDocument
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: customRole
|
||||
- documentIndex: *BindingDocument
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: customBinding
|
||||
44
charts/library/common-test/tests/rbac/validations_test.yaml
Normal file
44
charts/library/common-test/tests/rbac/validations_test.yaml
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
suite: rbac validations
|
||||
|
||||
set:
|
||||
serviceAccount:
|
||||
name: test-sa
|
||||
|
||||
templates:
|
||||
- common.yaml
|
||||
values:
|
||||
- ../_values/rbac_values.yaml
|
||||
tests:
|
||||
- it: role type must be valid
|
||||
set:
|
||||
rbac:
|
||||
roles:
|
||||
invalidRole:
|
||||
type: InvalidRole
|
||||
rules: {}
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "You selected: `InvalidRole`. Type must be one of:"
|
||||
|
||||
- it: role rules can't be empty
|
||||
set:
|
||||
rbac:
|
||||
roles:
|
||||
invalidRole:
|
||||
type: Role
|
||||
rules: []
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "Rules can't be empty"
|
||||
|
||||
- it: roleBinding requires roleRef
|
||||
set:
|
||||
rbac:
|
||||
bindings:
|
||||
invalidBinding:
|
||||
type: RoleBinding
|
||||
roleRef: {}
|
||||
asserts:
|
||||
- failedTemplate:
|
||||
errorMessage: "If not using identifier roleRef must have a `name` key"
|
||||
52
charts/library/common-test/tests/rbac/values_test.yaml
Normal file
52
charts/library/common-test/tests/rbac/values_test.yaml
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
suite: rbac values
|
||||
|
||||
set:
|
||||
serviceAccount:
|
||||
name: test-sa
|
||||
|
||||
templates:
|
||||
- common.yaml
|
||||
values:
|
||||
- ../_values/rbac_values.yaml
|
||||
tests:
|
||||
- it: default role and rolebinding should pass
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 4
|
||||
- documentIndex: &RoleDocument 2
|
||||
isKind:
|
||||
of: Role
|
||||
- documentIndex: *RoleDocument
|
||||
equal:
|
||||
path: rules[0].verbs
|
||||
value: ["get", "list"]
|
||||
|
||||
- documentIndex: &BindingDocument 3
|
||||
isKind:
|
||||
of: RoleBinding
|
||||
- documentIndex: *BindingDocument
|
||||
equal:
|
||||
path: subjects[0].name
|
||||
value: "test-sa"
|
||||
|
||||
- it: custom role values should pass
|
||||
set:
|
||||
rbac:
|
||||
roles:
|
||||
customRole:
|
||||
type: ClusterRole
|
||||
rules:
|
||||
- apiGroups: ["*"]
|
||||
resources: ["*"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- documentIndex: &RoleDocument 2
|
||||
isKind:
|
||||
of: ClusterRole
|
||||
- documentIndex: *RoleDocument
|
||||
equal:
|
||||
path: rules[0].verbs
|
||||
value: ["get", "list", "watch"]
|
||||
|
|
@ -56,6 +56,22 @@ tests:
|
|||
path: spec.externalTrafficPolicy
|
||||
value: Local
|
||||
|
||||
- it: internalTrafficPolicy should pass
|
||||
values:
|
||||
- ../_values/service_main_default.yaml
|
||||
set:
|
||||
service:
|
||||
main:
|
||||
internalTrafficPolicy: Local
|
||||
asserts:
|
||||
- documentIndex: &ServiceDocument 1
|
||||
isKind:
|
||||
of: Service
|
||||
- documentIndex: *ServiceDocument
|
||||
equal:
|
||||
path: spec.internalTrafficPolicy
|
||||
value: Local
|
||||
|
||||
- it: externalTrafficPolicy should pass for LoadBalancer service
|
||||
values:
|
||||
- ../_values/service_main_default.yaml
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ tests:
|
|||
equal:
|
||||
path: secrets
|
||||
value:
|
||||
- name: RELEASE-NAME-sa-token
|
||||
- name: RELEASE-NAME-default-sa-token
|
||||
- documentIndex: *DeploymentDocument
|
||||
equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
|
|
@ -87,7 +87,7 @@ tests:
|
|||
equal:
|
||||
path: secrets
|
||||
value:
|
||||
- name: RELEASE-NAME-sa-token
|
||||
- name: RELEASE-NAME-default-sa-token
|
||||
- documentIndex: *DeploymentDocument
|
||||
equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
|
|
@ -97,3 +97,125 @@ tests:
|
|||
path: metadata.annotations
|
||||
value:
|
||||
kubernetes.io/service-account.name: *ServiceAccountName
|
||||
|
||||
- it: multiple serviceAccounts and Secrets are created when enabled
|
||||
set:
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: &ServiceAccountName myAccount
|
||||
extraServiceAccounts:
|
||||
mySA:
|
||||
create: true
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- documentIndex: &ServiceAccountDocument 0
|
||||
isKind:
|
||||
of: ServiceAccount
|
||||
- documentIndex: &ServiceAccountDocument2 1
|
||||
isKind:
|
||||
of: ServiceAccount
|
||||
- documentIndex: &DeploymentDocument 2
|
||||
isKind:
|
||||
of: Deployment
|
||||
- documentIndex: &SecretDocument 3
|
||||
isKind:
|
||||
of: Secret
|
||||
- documentIndex: &SecretDocument2 4
|
||||
isKind:
|
||||
of: Secret
|
||||
- documentIndex: *ServiceAccountDocument
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: *ServiceAccountName
|
||||
- documentIndex: *ServiceAccountDocument2
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-mySA
|
||||
- documentIndex: *ServiceAccountDocument
|
||||
equal:
|
||||
path: secrets
|
||||
value:
|
||||
- name: RELEASE-NAME-default-sa-token
|
||||
- documentIndex: *ServiceAccountDocument2
|
||||
equal:
|
||||
path: secrets
|
||||
value:
|
||||
- name: RELEASE-NAME-mySA-sa-token
|
||||
- documentIndex: *DeploymentDocument
|
||||
equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: *ServiceAccountName
|
||||
- documentIndex: *SecretDocument
|
||||
equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
kubernetes.io/service-account.name: *ServiceAccountName
|
||||
- documentIndex: *SecretDocument2
|
||||
equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
kubernetes.io/service-account.name: RELEASE-NAME-mySA
|
||||
|
||||
- it: multiple serviceAccounts and Secrets are created with custom names
|
||||
set:
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: &ServiceAccountName myAccount
|
||||
extraServiceAccounts:
|
||||
mySA:
|
||||
create: true
|
||||
name: &ServiceAccountName2 mySAcustom
|
||||
mySA2:
|
||||
create: false
|
||||
name: &ServiceAccountName3 mySAcustom2
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 5
|
||||
- documentIndex: &ServiceAccountDocument 0
|
||||
isKind:
|
||||
of: ServiceAccount
|
||||
- documentIndex: &ServiceAccountDocument2 1
|
||||
isKind:
|
||||
of: ServiceAccount
|
||||
- documentIndex: &DeploymentDocument 2
|
||||
isKind:
|
||||
of: Deployment
|
||||
- documentIndex: &SecretDocument 3
|
||||
isKind:
|
||||
of: Secret
|
||||
- documentIndex: &SecretDocument2 4
|
||||
isKind:
|
||||
of: Secret
|
||||
- documentIndex: *ServiceAccountDocument
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: *ServiceAccountName
|
||||
- documentIndex: *ServiceAccountDocument2
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: *ServiceAccountName2
|
||||
- documentIndex: *ServiceAccountDocument
|
||||
equal:
|
||||
path: secrets
|
||||
value:
|
||||
- name: RELEASE-NAME-default-sa-token
|
||||
- documentIndex: *ServiceAccountDocument2
|
||||
equal:
|
||||
path: secrets
|
||||
value:
|
||||
- name: RELEASE-NAME-mySA-sa-token
|
||||
- documentIndex: *DeploymentDocument
|
||||
equal:
|
||||
path: spec.template.spec.serviceAccountName
|
||||
value: *ServiceAccountName
|
||||
- documentIndex: *SecretDocument
|
||||
equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
kubernetes.io/service-account.name: *ServiceAccountName
|
||||
- documentIndex: *SecretDocument2
|
||||
equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
kubernetes.io/service-account.name: *ServiceAccountName2
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue