truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-06-17 07:27:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

add cert tests

Browse Source
This commit is contained in:
Stavros kois
2022-12-12 20:27:35 +02:00
parent 0a08a94bb1
commit d594f81343
4 changed files with 658 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
helm_template_common.sh
View File

@@ -2,8 +2,10 @@
chart_path=library/common-test
if [ $1 == "-f" ] && [ ! -z $2 ]; then
extra_args=("-f" "$chart_path/ci/$2")
if [ ! $1 == "template" ]; then
if [ $1 == "-f" ] && [ ! -z $2 ]; then
extra_args=("-f" "$chart_path/ci/$2")
fi
fi
if [ -d "$chart_path/charts" ]; then
@@ -15,5 +17,11 @@ fi
echo "Building common..."
helm dependency update "$chart_path"
helm install --dry-run --debug common-test "${extra_args[@]}" "./$chart_path"
if [ $1 == "template" ]; then
echo "Running <helm template ./$chart_path"
helm template "./$chart_path"
else
echo "Running <helm install --dry-run --debug common-test ${extra_args[@]} ./$chart_path"
helm install --dry-run --debug common-test "${extra_args[@]}" "./$chart_path"
fi
helm lint "./$chart_path"

270
library/common-test/tests/cert/cert_dict_test.yaml Normal file
View File

@@ -0,0 +1,270 @@
suite: certificate dict test
templates:
- common.yaml
tests:
- it: should fail with no ixCertificates key
set:
scaleCerts:
cert_name:
id: 1
asserts:
- failedTemplate:
errorMessage: Key <ixCertificates> does not exist
- it: should fail with empty ixCertificates key
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates: {}
asserts:
- failedTemplate:
errorMessage: Key <ixCertificates> is empty
- it: should fail with cert that don't exist
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"2":
certificate: cert_content
asserts:
- failedTemplate:
errorMessage: Certificate (1) was not found.
- it: should fail with expired cert
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
expired: true
asserts:
- failedTemplate:
errorMessage: Certificate (1) is expired
- it: should fail with revoked cert
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
revoked: true
asserts:
- failedTemplate:
errorMessage: Certificate (1) has been revoked
- it: should pass with 1 secret created
documentIndex: &secretDoc 0
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts: &basicAssertion
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-cert_name-ixcert-1-0
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
- it: should pass with 1 secret created and revision increased
documentIndex: *secretDoc
release:
revision: 1
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts:
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-cert_name-ixcert-1-1
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
- it: should pass with 1 secret created and revision increased and name overriden
documentIndex: *secretDoc
release:
revision: 1
set:
scaleCerts:
cert_name:
id: 1
nameOverride: name_override
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts:
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-name_override-ixcert-1-1
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
- it: should pass with 1 EXPIRED secret created and global allow
documentIndex: *secretDoc
set:
global:
defaults:
useExpiredCerts: true
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
expired: true
asserts: *basicAssertion
- it: should pass with 1 REVOKED secret created and global allow
documentIndex: *secretDoc
set:
global:
defaults:
useRevokedCerts: true
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
privatekey: some_key
certificate: cert_content
revoked: true
asserts: *basicAssertion
- it: should pass with 1 EXPIRED secret created and local allow
documentIndex: *secretDoc
set:
global:
defaults:
useExpiredCerts: false
scaleCerts:
cert_name:
id: 1
useExpired: true
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
expired: true
asserts: *basicAssertion
- it: should pass with 1 REVOKED secret created and local allow
documentIndex: *secretDoc
set:
global:
defaults:
useRevokedCerts: false
scaleCerts:
cert_name:
id: 1
useRevoked: true
# Simulating middleware injection
ixCertificates:
"1":
privatekey: some_key
certificate: cert_content
revoked: true
asserts: *basicAssertion
- it: should pass with 2 secret created (doc1)
documentIndex: *secretDoc
set:
scaleCerts:
cert_name:
id: 1
cert_name2:
id: 2
# Simulating middleware injection
ixCertificates:
"1":
privatekey: some_key
certificate: cert_content
"2":
privatekey: some_key2
certificate: cert_content2
asserts: *basicAssertion
- it: should pass with 2 secret created (doc2)
documentIndex: &secretDoc 1
set:
scaleCerts:
cert_name:
id: 1
cert_name2:
id: 2
# Simulating middleware injection
ixCertificates:
"1":
privatekey: some_key
certificate: cert_content
"2":
privatekey: some_key2
certificate: cert_content2
asserts:
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-cert_name2-ixcert-2-0
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key

270
library/common-test/tests/cert/cert_list_test.yaml Normal file
View File

@@ -0,0 +1,270 @@
suite: certificate list test
templates:
- common.yaml
tests:
- it: should fail with no ixCertificates key
set:
scaleCertsList:
- name: cert_name
id: 1
asserts:
- failedTemplate:
errorMessage: Key <ixCertificates> does not exist
- it: should fail with empty ixCertificates key
set:
scaleCertsList:
- name: cert_name
id: 1
# Simulating middleware injection
ixCertificates: {}
asserts:
- failedTemplate:
errorMessage: Key <ixCertificates> is empty
- it: should fail with cert that don't exist
set:
scaleCertsList:
- name: cert_name
id: 1
# Simulating middleware injection
ixCertificates:
"2":
certificate: cert_content
asserts:
- failedTemplate:
errorMessage: Certificate (1) was not found.
- it: should fail with expired cert
set:
scaleCertsList:
- name: cert_name
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
expired: true
asserts:
- failedTemplate:
errorMessage: Certificate (1) is expired
- it: should fail with revoked cert
set:
scaleCertsList:
- name: cert_name
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
revoked: true
asserts:
- failedTemplate:
errorMessage: Certificate (1) has been revoked
- it: should pass with 1 secret created
documentIndex: &secretDoc 0
set:
scaleCertsList:
- name: cert_name
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts: &basicAssertion
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-cert_name-ixcert-1-0
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
- it: should pass with 1 secret created and revision increased
documentIndex: *secretDoc
release:
revision: 1
set:
scaleCertsList:
- name: cert_name
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts:
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-cert_name-ixcert-1-1
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
- it: should pass with 1 secret created and revision increased and name overriden
documentIndex: *secretDoc
release:
revision: 1
set:
scaleCertsList:
- name: cert_name
id: 1
nameOverride: name_override
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts:
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-name_override-ixcert-1-1
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
- it: should pass with 1 EXPIRED secret created and global allow
documentIndex: *secretDoc
set:
global:
defaults:
useExpiredCerts: true
scaleCertsList:
- name: cert_name
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
expired: true
asserts: *basicAssertion
- it: should pass with 1 REVOKED secret created and global allow
documentIndex: *secretDoc
set:
global:
defaults:
useRevokedCerts: true
scaleCertsList:
- name: cert_name
id: 1
# Simulating middleware injection
ixCertificates:
"1":
privatekey: some_key
certificate: cert_content
revoked: true
asserts: *basicAssertion
- it: should pass with 1 EXPIRED secret created and local allow
documentIndex: *secretDoc
set:
global:
defaults:
useExpiredCerts: false
scaleCertsList:
- name: cert_name
id: 1
useExpired: true
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
expired: true
asserts: *basicAssertion
- it: should pass with 1 REVOKED secret created and local allow
documentIndex: *secretDoc
set:
global:
defaults:
useRevokedCerts: false
scaleCertsList:
- name: cert_name
id: 1
useRevoked: true
# Simulating middleware injection
ixCertificates:
"1":
privatekey: some_key
certificate: cert_content
revoked: true
asserts: *basicAssertion
- it: should pass with 2 secret created (doc1)
documentIndex: *secretDoc
set:
scaleCertsList:
- name: cert_name
id: 1
- name: cert_name2
id: 2
# Simulating middleware injection
ixCertificates:
"1":
privatekey: some_key
certificate: cert_content
"2":
privatekey: some_key2
certificate: cert_content2
asserts: *basicAssertion
- it: should pass with 2 secret created (doc2)
documentIndex: &secretDoc 1
set:
scaleCertsList:
- name: cert_name
id: 1
- name: cert_name2
id: 2
# Simulating middleware injection
ixCertificates:
"1":
privatekey: some_key
certificate: cert_content
"2":
privatekey: some_key2
certificate: cert_content2
asserts:
- isKind:
of: Secret
- isAPIVersion:
of: v1
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-cert_name2-ixcert-2-0
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key

205
library/common-test/tests/cert/cert_test.yaml
View File

@@ -1,68 +1,9 @@
suite: certificate dict test
templates:
- common.yaml
chart:
appVersion: &appVer v1.2.3
tests:
- it: should fail with no ixCertificates key
set:
scaleCerts:
cert_name:
id: 1
asserts:
- failedTemplate:
errorMessage: Key <ixCertificates> does not exist
- it: should fail with empty ixCertificates key
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates: {}
asserts:
- failedTemplate:
errorMessage: Key <ixCertificates> is empty
- it: should fail with cert that don't exist
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"2":
certificate: cert_content
asserts:
- failedTemplate:
errorMessage: Certificate (1) was not found.
- it: should fail with expired cert
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
expired: true
asserts:
- failedTemplate:
errorMessage: Certificate (1) is expired
- it: should fail with revoked cert
set:
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
revoked: true
asserts:
- failedTemplate:
errorMessage: Certificate (1) has been revoked
- it: should pass with 1 secret created
documentIndex: &secretDoc 0
set:
@@ -74,7 +15,7 @@ tests:
"1":
certificate: cert_content
privatekey: some_key
asserts:
asserts: &basicAssertion
- isKind:
of: Secret
- isAPIVersion:
@@ -89,12 +30,27 @@ tests:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
- equal:
path: metadata.labels
value:
app: common-test
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: common-test
app.kubernetes.io/version: *appVer
helm-revision: "0"
helm.sh/chart: common-test-1.0.0
release: RELEASE-NAME
- isNull:
path: metadata.annotations
- it: should pass with 1 secret created and revision increased
documentIndex: *secretDoc
release:
revision: 1
- it: should pass with 1 secret created with global labels added
documentIndex: &secretDoc 0
set:
global:
labels:
some_key: some_value
some_key1: some_value1
scaleCerts:
cert_name:
id: 1
@@ -103,48 +59,101 @@ tests:
"1":
certificate: cert_content
privatekey: some_key
asserts:
- isKind:
of: Secret
- isAPIVersion:
of: v1
asserts: &basicAssertion
- equal:
path: type
value: kubernetes.io/tls
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-cert_name-ixcert-1-1
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
path: metadata.labels
value:
app: common-test
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: common-test
app.kubernetes.io/version: *appVer
helm-revision: "0"
helm.sh/chart: common-test-1.0.0
release: RELEASE-NAME
some_key: some_value
some_key1: some_value1
- isNull:
path: metadata.annotations
- it: should pass with 1 secret created and revision increased and name overriden
documentIndex: *secretDoc
release:
revision: 1
- it: should pass with 1 secret created with global labels added from tpl
documentIndex: &secretDoc 0
set:
k1: some_value
k2: some_value1
global:
labels:
some_key: "{{ .Values.k1 }}"
some_key1: "{{ .Values.k2 }}"
scaleCerts:
cert_name:
id: 1
nameOverride: name_override
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts:
- isKind:
of: Secret
- isAPIVersion:
of: v1
asserts: &basicAssertion
- equal:
path: type
value: kubernetes.io/tls
path: metadata.labels
value:
app: common-test
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: common-test
app.kubernetes.io/version: *appVer
helm-revision: "0"
helm.sh/chart: common-test-1.0.0
release: RELEASE-NAME
some_key: some_value
some_key1: some_value1
- isNull:
path: metadata.annotations
- it: should pass with 1 secret created with global annotations added
documentIndex: &secretDoc 0
set:
global:
annotations:
some_key: some_value
some_key1: some_value1
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts: &basicAssertion
- equal:
path: metadata.name
value: RELEASE-NAME-common-test-name_override-ixcert-1-1
- isNotEmpty:
path: data.tls\.crt
- isNotEmpty:
path: data.tls\.key
path: metadata.annotations
value:
some_key: some_value
some_key1: some_value1
- it: should pass with 1 secret created with global annotations added from tpl
documentIndex: &secretDoc 0
set:
k1: some_value
k2: some_value1
global:
annotations:
some_key: "{{ .Values.k1 }}"
some_key1: "{{ .Values.k2 }}"
scaleCerts:
cert_name:
id: 1
# Simulating middleware injection
ixCertificates:
"1":
certificate: cert_content
privatekey: some_key
asserts: &basicAssertion
- equal:
path: metadata.annotations
value:
some_key: some_value
some_key1: some_value1
#TODO: add tests for certPath and keyPath