mirror of
https://github.com/bvanroll/cicdTest.git
synced 2025-08-29 20:12:43 +00:00
664 lines
23 KiB
Bash
Executable File
664 lines
23 KiB
Bash
Executable File
#!/usr/bin/env bats
|
|
|
|
load _helpers
|
|
|
|
@test "server/StatefulSet: enabled by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: enable with global.enabled false" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.enabled=false' \
|
|
--set 'server.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: disable with server.enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.enabled=false' \
|
|
. | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "false" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: disable with global.enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.enabled=false' \
|
|
. | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "false" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# retry-join
|
|
|
|
@test "server/StatefulSet: retry join gets populated" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.replicas=3' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].command | any(contains("-retry-join"))' | tee /dev/stderr)
|
|
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# image
|
|
|
|
@test "server/StatefulSet: image defaults to global.image" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.image=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].image' | tee /dev/stderr)
|
|
[ "${actual}" = "foo" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: image can be overridden with server.image" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.image=foo' \
|
|
--set 'server.image=bar' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].image' | tee /dev/stderr)
|
|
[ "${actual}" = "bar" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# resources
|
|
|
|
@test "server/StatefulSet: no resources defined by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].resources' | tee /dev/stderr)
|
|
[ "${actual}" = "null" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: resources can be set" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.resources=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].resources' | tee /dev/stderr)
|
|
[ "${actual}" = "foo" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# updateStrategy (derived from updatePartition)
|
|
|
|
@test "server/StatefulSet: no updateStrategy when not updating" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.updateStrategy' | tee /dev/stderr)
|
|
[ "${actual}" = "null" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: updateStrategy during update" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.updatePartition=2' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.updateStrategy.type' | tee /dev/stderr)
|
|
[ "${actual}" = "RollingUpdate" ]
|
|
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.updatePartition=2' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.updateStrategy.rollingUpdate.partition' | tee /dev/stderr)
|
|
[ "${actual}" = "2" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# storageClass
|
|
|
|
@test "server/StatefulSet: no storageClass on claim by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.volumeClaimTemplates[0].spec.storageClassName' | tee /dev/stderr)
|
|
[ "${actual}" = "null" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: can set storageClass" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.storageClass=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.volumeClaimTemplates[0].spec.storageClassName' | tee /dev/stderr)
|
|
[ "${actual}" = "foo" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# extraVolumes
|
|
|
|
@test "server/StatefulSet: adds extra volume" {
|
|
cd `chart_dir`
|
|
|
|
# Test that it defines it
|
|
local object=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.extraVolumes[0].type=configMap' \
|
|
--set 'server.extraVolumes[0].name=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.volumes[] | select(.name == "userconfig-foo")' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.configMap.name' | tee /dev/stderr)
|
|
[ "${actual}" = "foo" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.configMap.secretName' | tee /dev/stderr)
|
|
[ "${actual}" = "null" ]
|
|
|
|
# Test that it mounts it
|
|
local object=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.extraVolumes[0].type=configMap' \
|
|
--set 'server.extraVolumes[0].name=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "userconfig-foo")' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.readOnly' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.mountPath' | tee /dev/stderr)
|
|
[ "${actual}" = "/consul/userconfig/foo" ]
|
|
|
|
# Doesn't load it
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.extraVolumes[0].type=configMap' \
|
|
--set 'server.extraVolumes[0].name=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].command | map(select(test("userconfig"))) | length' | tee /dev/stderr)
|
|
[ "${actual}" = "0" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: adds extra secret volume" {
|
|
cd `chart_dir`
|
|
|
|
# Test that it defines it
|
|
local object=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.extraVolumes[0].type=secret' \
|
|
--set 'server.extraVolumes[0].name=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.volumes[] | select(.name == "userconfig-foo")' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.secret.name' | tee /dev/stderr)
|
|
[ "${actual}" = "null" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.secret.secretName' | tee /dev/stderr)
|
|
[ "${actual}" = "foo" ]
|
|
|
|
# Test that it mounts it
|
|
local object=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.extraVolumes[0].type=configMap' \
|
|
--set 'server.extraVolumes[0].name=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "userconfig-foo")' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.readOnly' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.mountPath' | tee /dev/stderr)
|
|
[ "${actual}" = "/consul/userconfig/foo" ]
|
|
|
|
# Doesn't load it
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.extraVolumes[0].type=configMap' \
|
|
--set 'server.extraVolumes[0].name=foo' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].command | map(select(test("userconfig"))) | length' | tee /dev/stderr)
|
|
[ "${actual}" = "0" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: adds loadable volume" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.extraVolumes[0].type=configMap' \
|
|
--set 'server.extraVolumes[0].name=foo' \
|
|
--set 'server.extraVolumes[0].load=true' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].command | map(select(test("/consul/userconfig/foo"))) | length' | tee /dev/stderr)
|
|
[ "${actual}" = "1" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# affinity
|
|
|
|
@test "server/StatefulSet: affinity not set with server.affinity=null" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.affinity=null' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec | .affinity? == null' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: affinity set by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.affinity | .podAntiAffinity? != null' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# nodeSelector
|
|
|
|
@test "server/StatefulSet: nodeSelector is not set by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.nodeSelector' | tee /dev/stderr)
|
|
[ "${actual}" = "null" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: specified nodeSelector" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.nodeSelector=testing' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.nodeSelector' | tee /dev/stderr)
|
|
[ "${actual}" = "testing" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# priorityClassName
|
|
|
|
@test "server/StatefulSet: priorityClassName is not set by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.priorityClassName' | tee /dev/stderr)
|
|
[ "${actual}" = "null" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: specified priorityClassName" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.priorityClassName=testing' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.priorityClassName' | tee /dev/stderr)
|
|
[ "${actual}" = "testing" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# annotations
|
|
|
|
@test "server/StatefulSet: no annotations defined by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.metadata.annotations | del(."consul.hashicorp.com/connect-inject")' | tee /dev/stderr)
|
|
[ "${actual}" = "{}" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: annotations can be set" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.annotations=foo: bar' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.metadata.annotations.foo' | tee /dev/stderr)
|
|
[ "${actual}" = "bar" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# tolerations
|
|
|
|
@test "server/StatefulSet: tolerations not set by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec | .tolerations? == null' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: tolerations can be set" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.tolerations=foobar' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.tolerations == "foobar"' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# gossip encryption
|
|
|
|
@test "server/StatefulSet: gossip encryption disabled in server StatefulSet by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[] | select(.name=="consul") | .env[] | select(.name == "GOSSIP_KEY") | length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: gossip encryption disabled in server StatefulSet when secretName is missing" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.gossipEncryption.secretKey=bar' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[] | select(.name=="consul") | .env[] | select(.name == "GOSSIP_KEY") | length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: gossip encryption disabled in server StatefulSet when secretKey is missing" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.gossipEncryption.secretName=foo' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[] | select(.name=="consul") | .env[] | select(.name == "GOSSIP_KEY") | length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: gossip environment variable present in server StatefulSet when all config is provided" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.gossipEncryption.secretKey=foo' \
|
|
--set 'global.gossipEncryption.secretName=bar' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[] | select(.name=="consul") | .env[] | select(.name == "GOSSIP_KEY") | length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: encrypt CLI option not present in server StatefulSet when encryption disabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[] | select(.name=="consul") | .command | join(" ") | contains("encrypt")' | tee /dev/stderr)
|
|
[ "${actual}" = "false" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: encrypt CLI option present in server StatefulSet when all config is provided" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.gossipEncryption.secretKey=foo' \
|
|
--set 'global.gossipEncryption.secretName=bar' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[] | select(.name=="consul") | .command | join(" ") | contains("encrypt")' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# extraEnvironmentVariables
|
|
|
|
@test "server/StatefulSet: custom environment variables" {
|
|
cd `chart_dir`
|
|
local object=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'server.extraEnvironmentVars.custom_proxy=fakeproxy' \
|
|
--set 'server.extraEnvironmentVars.no_proxy=custom_no_proxy' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[2].name' | tee /dev/stderr)
|
|
[ "${actual}" = "custom_proxy" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[2].value' | tee /dev/stderr)
|
|
[ "${actual}" = "fakeproxy" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[3].name' | tee /dev/stderr)
|
|
[ "${actual}" = "no_proxy" ]
|
|
|
|
local actual=$(echo $object |
|
|
yq -r '.[3].value' | tee /dev/stderr)
|
|
[ "${actual}" = "custom_no_proxy" ]
|
|
}
|
|
|
|
#--------------------------------------------------------------------
|
|
# global.tls.enabled
|
|
|
|
@test "server/StatefulSet: CA volume present when TLS is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.volumes[] | select(.name == "consul-ca-cert")' | tee /dev/stderr)
|
|
[ "${actual}" != "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: server volume present when TLS is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.volumes[] | select(.name == "tls-server-cert")' | tee /dev/stderr)
|
|
[ "${actual}" != "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: CA volume mounted when TLS is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "consul-ca-cert")' | tee /dev/stderr)
|
|
[ "${actual}" != "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: server certificate volume mounted when TLS is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "tls-server-cert")' | tee /dev/stderr)
|
|
[ "${actual}" != "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: port 8501 is not exposed when TLS is disabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=false' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].ports[] | select (.containerPort == 8501)' | tee /dev/stderr)
|
|
[ "${actual}" == "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: port 8501 is exposed when TLS is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].ports[] | select (.containerPort == 8501)' | tee /dev/stderr)
|
|
[ "${actual}" != "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: port 8500 is still exposed when httpsOnly is not enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
--set 'global.tls.httpsOnly=false' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].ports[] | select (.containerPort == 8500)' | tee /dev/stderr)
|
|
[ "${actual}" != "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: port 8500 is not exposed when httpsOnly is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
--set 'global.tls.httpsOnly=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].ports[] | select (.containerPort == 8500)' | tee /dev/stderr)
|
|
[ "${actual}" == "" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: readiness checks are over HTTP when TLS is disabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=false' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].readinessProbe.exec.command | join(" ") | contains("http://127.0.0.1:8500")' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: readiness checks are over HTTPS when TLS is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].readinessProbe.exec.command | join(" ") | contains("https://127.0.0.1:8501")' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: CA certificate is specified when TLS is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].readinessProbe.exec.command | join(" ") | contains("--cacert /consul/tls/ca/tls.crt")' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: HTTP is disabled in agent when httpsOnly is enabled" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
--set 'global.tls.httpsOnly=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].command | join(" ") | contains("ports { http = -1 }")' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: sets Consul environment variables when global.tls.enabled" {
|
|
cd `chart_dir`
|
|
local env=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.spec.template.spec.containers[0].env[]' | tee /dev/stderr)
|
|
|
|
local actual
|
|
actual=$(echo $env | jq -r '. | select(.name == "CONSUL_HTTP_ADDR") | .value' | tee /dev/stderr)
|
|
[ "${actual}" = "https://localhost:8501" ]
|
|
|
|
actual=$(echo $env | jq -r '. | select(.name == "CONSUL_CACERT") | .value' | tee /dev/stderr)
|
|
[ "${actual}" = "/consul/tls/ca/tls.crt" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: sets verify_* flags to true by default when global.tls.enabled" {
|
|
cd `chart_dir`
|
|
local command=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].command | join(" ")' | tee /dev/stderr)
|
|
|
|
local actual
|
|
actual=$(echo $command | jq -r '. | contains("verify_incoming_rpc = true")' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
|
|
actual=$(echo $command | jq -r '. | contains("verify_outgoing = true")' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
|
|
actual=$(echo $command | jq -r '. | contains("verify_server_hostname = true")' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: doesn't set the verify_* flags by default when global.tls.enabled and global.tls.verify is false" {
|
|
cd `chart_dir`
|
|
local command=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
--set 'global.tls.verify=false' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.containers[0].command | join(" ")' | tee /dev/stderr)
|
|
|
|
local actual
|
|
actual=$(echo $command | jq -r '. | contains("verify_incoming_rpc = true")' | tee /dev/stderr)
|
|
[ "${actual}" = "false" ]
|
|
|
|
actual=$(echo $command | jq -r '. | contains("verify_outgoing = true")' | tee /dev/stderr)
|
|
[ "${actual}" = "false" ]
|
|
|
|
actual=$(echo $command | jq -r '. | contains("verify_server_hostname = true")' | tee /dev/stderr)
|
|
[ "${actual}" = "false" ]
|
|
}
|
|
|
|
@test "server/StatefulSet: can overwrite CA secret with the provided one" {
|
|
cd `chart_dir`
|
|
local ca_cert_volume=$(helm template \
|
|
-x templates/server-statefulset.yaml \
|
|
--set 'global.tls.enabled=true' \
|
|
--set 'global.tls.caCert.secretName=foo-ca-cert' \
|
|
--set 'global.tls.caCert.secretKey=key' \
|
|
--set 'global.tls.caKey.secretName=foo-ca-key' \
|
|
--set 'global.tls.caKey.secretKey=key' \
|
|
. | tee /dev/stderr |
|
|
yq '.spec.template.spec.volumes[] | select(.name=="consul-ca-cert")' | tee /dev/stderr)
|
|
|
|
# check that the provided ca cert secret is attached as a volume
|
|
local actual
|
|
actual=$(echo $ca_cert_volume | jq -r '.secret.secretName' | tee /dev/stderr)
|
|
[ "${actual}" = "foo-ca-cert" ]
|
|
|
|
# check that the volume uses the provided secret key
|
|
actual=$(echo $ca_cert_volume | jq -r '.secret.items[0].key' | tee /dev/stderr)
|
|
[ "${actual}" = "key" ]
|
|
} |