diff --git a/library/common-test/tests/container/volumeMounts_test.yaml b/library/common-test/tests/container/volumeMounts_test.yaml index e2d59b889f..83d0999eaa 100644 --- a/library/common-test/tests/container/volumeMounts_test.yaml +++ b/library/common-test/tests/container/volumeMounts_test.yaml @@ -448,6 +448,107 @@ tests: mountPath: /some/path readOnly: true + - it: should pass with cert mounted as volume with subPath + set: + image: *image + ixCertificates: + "1": + certificate: some_cert + key: some_key + scaleCertificate: + cert-name: + enabled: false + id: 1 + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: + containers: + container-name1: + enabled: true + primary: true + imageSelector: image + persistence: + cert-vol: + enabled: true + type: secret + objectName: cert-name + readOnly: true + targetSelector: + workload-name: + container-name1: + mountPath: /some/path/cert.crt + readOnly: true + subPath: cert.crt + asserts: + - documentIndex: &deploymentDoc 0 + isKind: + of: Deployment + - documentIndex: *deploymentDoc + isAPIVersion: + of: apps/v1 + - documentIndex: *deploymentDoc + contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: cert-vol + mountPath: /some/path/cert.crt + readOnly: true + subPath: cert.crt + + - it: should pass with cert mounted as volume with subPath + set: + image: *image + ixCertificates: + "1": + certificate: some_cert + key: some_key + scaleCertificate: + cert-name: + enabled: false + id: 1 + workload: + workload-name: + enabled: true + primary: true + type: Deployment + podSpec: + containers: + container-name1: + enabled: true + primary: true + imageSelector: image + persistence: + cert-vol: + enabled: true + type: secret + objectName: cert-name + readOnly: true + items: + - key: crt + path: cert.crt + targetSelector: + workload-name: + container-name1: + mountPath: /some/path + readOnly: true + asserts: + - documentIndex: &deploymentDoc 0 + isKind: + of: Deployment + - documentIndex: *deploymentDoc + isAPIVersion: + of: apps/v1 + - documentIndex: *deploymentDoc + contains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: cert-vol + mountPath: /some/path + readOnly: true + # Failures - it: should fail with invalid mountPropagation set: diff --git a/library/common-test/tests/pod/volume_configmap_test.yaml b/library/common-test/tests/pod/volume_configmap_test.yaml index 3db3a4eb58..83fd87e547 100644 --- a/library/common-test/tests/pod/volume_configmap_test.yaml +++ b/library/common-test/tests/pod/volume_configmap_test.yaml @@ -101,6 +101,22 @@ tests: # Failures - it: should fail without objectName in configmap + set: + workload: + some-workload: + enabled: true + primary: true + type: Deployment + podSpec: {} + persistence: + volume1: + enabled: true + type: configmap + asserts: + - failedTemplate: + errorMessage: Persistence - Expected non-empty on type + + - it: should fail with empty objectName in configmap set: workload: some-workload: diff --git a/library/common-test/tests/pod/volume_secret_test.yaml b/library/common-test/tests/pod/volume_secret_test.yaml index 03541ac4f1..e3cd995935 100644 --- a/library/common-test/tests/pod/volume_secret_test.yaml +++ b/library/common-test/tests/pod/volume_secret_test.yaml @@ -117,6 +117,23 @@ tests: - failedTemplate: errorMessage: Persistence - Expected non-empty on type + - it: should fail with empty objectName in secret + set: + workload: + some-workload: + enabled: true + primary: true + type: Deployment + podSpec: {} + persistence: + volume1: + enabled: true + type: secret + objectName: "" + asserts: + - failedTemplate: + errorMessage: Persistence - Expected non-empty on type + - it: should fail with defaultMode not a string in secret set: workload: diff --git a/library/common/1.0.0/docs/scaleCertificates.md b/library/common/1.0.0/docs/scaleCertificates.md index 919c4326a7..59016e6bd5 100644 --- a/library/common/1.0.0/docs/scaleCertificates.md +++ b/library/common/1.0.0/docs/scaleCertificates.md @@ -41,8 +41,6 @@ You can mount certificate as a secret using the following snippet: scaleCertificate: cert-name: enabled: false - labels: {} - annotations: {} id: 1 persistence: diff --git a/library/common/1.0.0/templates/lib/pod/_container.tpl b/library/common/1.0.0/templates/lib/pod/_container.tpl index a4951bd8c3..baffb15f4d 100644 --- a/library/common/1.0.0/templates/lib/pod/_container.tpl +++ b/library/common/1.0.0/templates/lib/pod/_container.tpl @@ -44,7 +44,6 @@ objectData: The object data to be used to render the Pod. {{- end -}} {{/* TODO: -volumeMounts probes env diff --git a/library/common/1.0.0/templates/lib/pod/volumes/_configmap.tpl b/library/common/1.0.0/templates/lib/pod/volumes/_configmap.tpl index 569bee9d9f..7ca0b61b1d 100644 --- a/library/common/1.0.0/templates/lib/pod/volumes/_configmap.tpl +++ b/library/common/1.0.0/templates/lib/pod/volumes/_configmap.tpl @@ -8,6 +8,10 @@ objectData: The object data to be used to render the volume. {{- $rootCtx := .rootCtx -}} {{- $objectData := .objectData -}} + {{- if not $objectData.objectName -}} + {{- fail "Persistence - Expected non-empty on type" -}} + {{- end -}} + {{- $objectName := tpl $objectData.objectName $rootCtx -}} {{- $expandName := true -}} {{- if kindIs "bool" $objectData.expandObjectName -}} @@ -20,10 +24,6 @@ objectData: The object data to be used to render the volume. {{- $defMode := "" -}} - {{- if not $objectData.objectName -}} - {{- fail "Persistence - Expected non-empty on type" -}} - {{- end -}} - {{- if (and $objectData.defaultMode (not (kindIs "string" $objectData.defaultMode))) -}} {{- fail (printf "Persistence - Expected to be [string], but got [%s]" (kindOf $objectData.defaultMode)) -}} {{- end -}} diff --git a/library/common/1.0.0/templates/lib/pod/volumes/_secret.tpl b/library/common/1.0.0/templates/lib/pod/volumes/_secret.tpl index 97be4a916f..c104235307 100644 --- a/library/common/1.0.0/templates/lib/pod/volumes/_secret.tpl +++ b/library/common/1.0.0/templates/lib/pod/volumes/_secret.tpl @@ -8,6 +8,10 @@ objectData: The object data to be used to render the volume. {{- $rootCtx := .rootCtx -}} {{- $objectData := .objectData -}} + {{- if not $objectData.objectName -}} + {{- fail "Persistence - Expected non-empty on type" -}} + {{- end -}} + {{- $objectName := tpl $objectData.objectName $rootCtx -}} {{- $expandName := true -}} {{- if kindIs "bool" $objectData.expandObjectName -}} @@ -20,10 +24,6 @@ objectData: The object data to be used to render the volume. {{- $defMode := "" -}} - {{- if not $objectData.objectName -}} - {{- fail "Persistence - Expected non-empty on type" -}} - {{- end -}} - {{- if (and $objectData.defaultMode (not (kindIs "string" $objectData.defaultMode))) -}} {{- fail (printf "Persistence - Expected to be [string], but got [%s]" (kindOf $objectData.defaultMode)) -}} {{- end -}}