diff --git a/library/common-test/tests/certificate/metadata_test.yaml b/library/common-test/tests/certificate/metadata_test.yaml new file mode 100644 index 0000000000..b7f7edbf4e --- /dev/null +++ b/library/common-test/tests/certificate/metadata_test.yaml @@ -0,0 +1,55 @@ +suite: certificate metadata test +templates: + - common.yaml +chart: + appVersion: &appVer v9.9.9 +tests: + - it: should pass with certificate created with labels and annotations + set: + label1: label1 + label2: global_label2 + annotation1: annotation1 + annotation2: global_annotation2 + global: + labels: + g_label1: global_label1 + g_label2: "{{ .Values.label2 }}" + annotations: + g_annotation1: global_annotation1 + g_annotation2: "{{ .Values.annotation2 }}" + scaleCertificate: + my-cert: + enabled: true + id: 1 + labels: + label1: "{{ .Values.label1 }}" + label2: label2 + annotations: + annotation1: "{{ .Values.annotation1 }}" + annotation2: annotation2 + asserts: + - documentIndex: &secretDoc 0 + isKind: + of: Secret + - documentIndex: *secretDoc + equal: + path: metadata.annotations + value: + annotation1: annotation1 + annotation2: annotation2 + g_annotation1: global_annotation1 + g_annotation2: global_annotation2 + - documentIndex: *secretDoc + equal: + path: metadata.labels + value: + app: common-test-1.0.0 + release: RELEASE-NAME + helm-revision: 0 + helm.sh/chart: common-test-1.0.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: *appVer + g_label1: global_label1 + g_label2: global_label2 + label1: label1 + label2: label2 diff --git a/library/common-test/tests/certificate/name_test.yaml b/library/common-test/tests/certificate/name_test.yaml new file mode 100644 index 0000000000..4023fc8977 --- /dev/null +++ b/library/common-test/tests/certificate/name_test.yaml @@ -0,0 +1,34 @@ +suite: certificate name test +templates: + - common.yaml +tests: + - it: should generate correct name + set: + scaleCertificate: + my-cert1: + enabled: true + id: 1 + my-cert2: + enabled: true + id: 2 + asserts: + - documentIndex: &secretDoc 0 + isKind: + of: Secret + - documentIndex: *secretDoc + isAPIVersion: + of: v1 + - documentIndex: *secretDoc + equal: + path: metadata.name + value: release-name-common-test-my-cert1 + - documentIndex: &otherSecretDoc 1 + isKind: + of: Secret + - documentIndex: *otherSecretDoc + isAPIVersion: + of: v1 + - documentIndex: *otherSecretDoc + equal: + path: metadata.name + value: release-name-common-test-my-cert2 diff --git a/library/common-test/tests/certificate/validation_test.yaml b/library/common-test/tests/certificate/validation_test.yaml new file mode 100644 index 0000000000..eb5fb0926c --- /dev/null +++ b/library/common-test/tests/certificate/validation_test.yaml @@ -0,0 +1,66 @@ +suite: certificate validation test +templates: + - common.yaml +tests: + - it: should fail with name longer than 63 characters + set: + scaleCertificate: + my-certificate-super-long-name-that-is-longer-than-63-characters: + enabled: true + id: 1 + asserts: + - failedTemplate: + errorMessage: Name [release-name-common-test-my-certificate-super-long-name-that-is-longer-than-63-characters] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with name starting with underscore + set: + scaleCertificate: + _my-cert: + enabled: true + id: 1 + asserts: + - failedTemplate: + errorMessage: Name [release-name-common-test-_my-cert] is not valid. Must start and end with an alphanumeric lowercase character. It can contain '-'. And must be at most 63 characters. + + - it: should fail with labels not a dict + set: + scaleCertificate: + my-cert: + enabled: true + labels: "not a dict" + id: 1 + asserts: + - failedTemplate: + errorMessage: Certificate - Expected to be a dictionary, but got [string] + + - it: should fail with annotations not a dict + set: + scaleCertificate: + my-cert: + enabled: true + annotations: "not a dict" + id: 1 + asserts: + - failedTemplate: + errorMessage: Certificate - Expected to be a dictionary, but got [string] + + - it: should fail without id + set: + scaleCertificate: + my-cert: + enabled: true + id: "" + asserts: + - failedTemplate: + errorMessage: Certificate - Expected non-empty + + - it: should fail with targetSelector not a dict + set: + scaleCertificate: + my-cert: + enabled: true + id: 1 + targetSelector: "not a dict" + asserts: + - failedTemplate: + errorMessage: Certificate - Expected to be a [map], but got [string] diff --git a/library/common/1.0.0/templates/lib/certificate/_validation.tpl b/library/common/1.0.0/templates/lib/certificate/_validation.tpl new file mode 100644 index 0000000000..f9a3e7f6f3 --- /dev/null +++ b/library/common/1.0.0/templates/lib/certificate/_validation.tpl @@ -0,0 +1,18 @@ +{{/* Certificate Validation */}} +{{/* Call this template: +{{ include "ix.v1.common.lib.certificate.validation" (dict "objectData" $objectData) -}} +objectData: The object data of the certificate. +*/}} + +{{- define "ix.v1.common.lib.certificate.validation" -}} + {{- $objectData := .objectData -}} + + {{- if not $objectData.id -}} + {{- fail "Certificate - Expected non-empty " -}} + {{- end -}} + + {{- if and $objectData.targetSelector (not (kindIs "map" $objectData.targetSelector)) -}} + {{- fail (printf "Certificate - Expected to be a [map], but got [%s]" (kindOf $objectData.targetSelector)) -}} + {{- end -}} + +{{- end -}} diff --git a/library/common/1.0.0/templates/spawner/_certificate.tpl b/library/common/1.0.0/templates/spawner/_certificate.tpl new file mode 100644 index 0000000000..36bd00305c --- /dev/null +++ b/library/common/1.0.0/templates/spawner/_certificate.tpl @@ -0,0 +1,39 @@ +{{/* Certificate Spawwner */}} +{{/* Call this template: +{{ include "ix.v1.common.spawner.certificate" $ -}} +*/}} + +{{- define "ix.v1.common.spawner.certificate" -}} + + {{- range $name, $certificate := .Values.scaleCertificate -}} + + {{- if $certificate.enabled -}} + + {{/* Create a copy of the certificate */}} + {{- $objectData := (mustDeepCopy $certificate) -}} + + {{- $objectName := (printf "%s-%s" (include "ix.v1.common.lib.chart.names.fullname" $) $name) -}} + {{/* Perform validations */}} + {{- include "ix.v1.common.lib.chart.names.validation" (dict "name" $objectName) -}} + {{- include "ix.v1.common.lib.certificate.validation" (dict "objectData" $objectData) -}} + {{- include "ix.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Certificate") -}} + + {{/* TODO: Prepare data */}} + + {{/* TODO: Create persistence if defined */}} + + {{/* Set the type to certificate */}} + {{- $_ := set $objectData "type" "certificate" -}} + + {{/* Set the name of the certificate */}} + {{- $_ := set $objectData "name" $objectName -}} + {{- $_ := set $objectData "shortName" $name -}} + + {{/* Call class to create the object */}} + {{- include "ix.v1.common.class.secret" (dict "rootCtx" $ "objectData" $objectData) -}} + + {{- end -}} + + {{- end -}} + +{{- end -}} diff --git a/library/common/1.0.0/values.yaml b/library/common/1.0.0/values.yaml index 930752debd..3642f79fb1 100644 --- a/library/common/1.0.0/values.yaml +++ b/library/common/1.0.0/values.yaml @@ -316,6 +316,7 @@ scaleCertificate: # -- Defining a selector is only needed # if you want to mount the certificate file(s) # It will be mounted as readOnly + targetSelectAll: false targetSelector: pod-name: container-name: