initial certificate plumbing

2026-06-18 01:26:53 +08:00 · 2023-02-11 17:25:59 +02:00
parent ccbe4446e0
commit a8c3597f51
6 changed files with 213 additions and 0 deletions
--- a/library/common-test/tests/certificate/metadata_test.yaml
+++ b/library/common-test/tests/certificate/metadata_test.yaml
@@ -0,0 +1,55 @@
+suite: certificate metadata test
+templates:
+  - common.yaml
+chart:
+  appVersion: &appVer v9.9.9
+tests:
+  - it: should pass with certificate created with labels and annotations
+    set:
+      label1: label1
+      label2: global_label2
+      annotation1: annotation1
+      annotation2: global_annotation2
+      global:
+        labels:
+          g_label1: global_label1
+          g_label2: "{{ .Values.label2 }}"
+        annotations:
+          g_annotation1: global_annotation1
+          g_annotation2: "{{ .Values.annotation2 }}"
+      scaleCertificate:
+        my-cert:
+          enabled: true
+          id: 1
+          labels:
+            label1: "{{ .Values.label1 }}"
+            label2: label2
+          annotations:
+            annotation1: "{{ .Values.annotation1 }}"
+            annotation2: annotation2
+    asserts:
+      - documentIndex: &secretDoc 0
+        isKind:
+          of: Secret
+      - documentIndex: *secretDoc
+        equal:
+          path: metadata.annotations
+          value:
+            annotation1: annotation1
+            annotation2: annotation2
+            g_annotation1: global_annotation1
+            g_annotation2: global_annotation2
+      - documentIndex: *secretDoc
+        equal:
+          path: metadata.labels
+          value:
+            app: common-test-1.0.0
+            release: RELEASE-NAME
+            helm-revision: 0
+            helm.sh/chart: common-test-1.0.0
+            app.kubernetes.io/managed-by: Helm
+            app.kubernetes.io/version: *appVer
+            g_label1: global_label1
+            g_label2: global_label2
+            label1: label1
+            label2: label2
--- a/library/common-test/tests/certificate/name_test.yaml
+++ b/library/common-test/tests/certificate/name_test.yaml
@@ -0,0 +1,34 @@
+suite: certificate name test
+templates:
+  - common.yaml
+tests:
+  - it: should generate correct name
+    set:
+      scaleCertificate:
+        my-cert1:
+          enabled: true
+          id: 1
+        my-cert2:
+          enabled: true
+          id: 2
+    asserts:
+      - documentIndex: &secretDoc 0
+        isKind:
+          of: Secret
+      - documentIndex: *secretDoc
+        isAPIVersion:
+          of: v1
+      - documentIndex: *secretDoc
+        equal:
+          path: metadata.name
+          value: release-name-common-test-my-cert1
+      - documentIndex: &otherSecretDoc 1
+        isKind:
+          of: Secret
+      - documentIndex: *otherSecretDoc
+        isAPIVersion:
+          of: v1
+      - documentIndex: *otherSecretDoc
+        equal:
+          path: metadata.name
+          value: release-name-common-test-my-cert2
--- a/library/common-test/tests/certificate/validation_test.yaml
+++ b/library/common-test/tests/certificate/validation_test.yaml
@@ -0,0 +1,66 @@
+suite: certificate validation test
+templates:
+  - common.yaml
+tests:
+  - it: should fail with name longer than 63 characters
+    set:
+      scaleCertificate:
+        my-certificate-super-long-name-that-is-longer-than-63-characters:
+          enabled: true
+          id: 1
+    asserts:
+      - failedTemplate:
+          errorMessage: Name [release-name-common-test-my-certificate-super-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters.
+
+  - it: should fail with name starting with underscore
+    set:
+      scaleCertificate:
+        _my-cert:
+          enabled: true
+          id: 1
+    asserts:
+      - failedTemplate:
+          errorMessage: Name [release-name-common-test-_my-cert] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters.
+
+  - it: should fail with labels not a dict
+    set:
+      scaleCertificate:
+        my-cert:
+          enabled: true
+          labels: "not a dict"
+          id: 1
+    asserts:
+      - failedTemplate:
+          errorMessage: Certificate - Expected <labels> to be a dictionary, but got [string]
+
+  - it: should fail with annotations not a dict
+    set:
+      scaleCertificate:
+        my-cert:
+          enabled: true
+          annotations: "not a dict"
+          id: 1
+    asserts:
+      - failedTemplate:
+          errorMessage: Certificate - Expected <annotations> to be a dictionary, but got [string]
+
+  - it: should fail without id
+    set:
+      scaleCertificate:
+        my-cert:
+          enabled: true
+          id: ""
+    asserts:
+      - failedTemplate:
+          errorMessage: Certificate - Expected non-empty <id>
+
+  - it: should fail with targetSelector not a dict
+    set:
+      scaleCertificate:
+        my-cert:
+          enabled: true
+          id: 1
+          targetSelector: "not a dict"
+    asserts:
+      - failedTemplate:
+          errorMessage: Certificate - Expected <targetSelector> to be a [map], but got [string]
--- a/library/common/1.0.0/templates/lib/certificate/_validation.tpl
+++ b/library/common/1.0.0/templates/lib/certificate/_validation.tpl
@@ -0,0 +1,18 @@
+{{/* Certificate Validation */}}
+{{/* Call this template:
+{{ include "ix.v1.common.lib.certificate.validation" (dict "objectData" $objectData) -}}
+objectData: The object data of the certificate.
+*/}}
+
+{{- define "ix.v1.common.lib.certificate.validation" -}}
+  {{- $objectData := .objectData -}}
+
+  {{- if not $objectData.id -}}
+    {{- fail "Certificate - Expected non-empty <id>" -}}
+  {{- end -}}
+
+  {{- if and $objectData.targetSelector (not (kindIs "map" $objectData.targetSelector)) -}}
+    {{- fail (printf "Certificate - Expected <targetSelector> to be a [map], but got [%s]" (kindOf $objectData.targetSelector)) -}}
+  {{- end -}}
+
+{{- end -}}
--- a/library/common/1.0.0/templates/spawner/_certificate.tpl
+++ b/library/common/1.0.0/templates/spawner/_certificate.tpl
@@ -0,0 +1,39 @@
+{{/* Certificate Spawwner */}}
+{{/* Call this template:
+{{ include "ix.v1.common.spawner.certificate" $ -}}
+*/}}
+
+{{- define "ix.v1.common.spawner.certificate" -}}
+
+  {{- range $name, $certificate := .Values.scaleCertificate -}}
+
+    {{- if $certificate.enabled -}}
+
+      {{/* Create a copy of the certificate */}}
+      {{- $objectData := (mustDeepCopy $certificate) -}}
+
+      {{- $objectName := (printf "%s-%s" (include "ix.v1.common.lib.chart.names.fullname" $) $name) -}}
+      {{/* Perform validations */}}
+      {{- include "ix.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}}
+      {{- include "ix.v1.common.lib.certificate.validation" (dict "objectData" $objectData) -}}
+      {{- include "ix.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Certificate") -}}
+
+      {{/* TODO: Prepare data */}}
+
+      {{/* TODO: Create persistence if defined */}}
+
+      {{/* Set the type to certificate */}}
+      {{- $_ := set $objectData "type" "certificate" -}}
+
+      {{/* Set the name of the certificate */}}
+      {{- $_ := set $objectData "name" $objectName -}}
+      {{- $_ := set $objectData "shortName" $name -}}
+
+      {{/* Call class to create the object */}}
+      {{- include "ix.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) -}}
+
+    {{- end -}}
+
+  {{- end -}}
+
+{{- end -}}
--- a/library/common/1.0.0/values.yaml
+++ b/library/common/1.0.0/values.yaml
@@ -316,6 +316,7 @@ scaleCertificate:
    # -- Defining a selector is only needed
    # if you want to mount the certificate file(s)
    # It will be mounted as readOnly
+    targetSelectAll: false
    targetSelector:
      pod-name:
        container-name: