From d594f813430fed09e502c74bb0862d3babc5decf Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 12 Dec 2022 20:27:35 +0200 Subject: [PATCH] add cert tests --- helm_template_common.sh | 14 +- .../tests/cert/cert_dict_test.yaml | 270 ++++++++++++++++++ .../tests/cert/cert_list_test.yaml | 270 ++++++++++++++++++ library/common-test/tests/cert/cert_test.yaml | 205 ++++++------- 4 files changed, 658 insertions(+), 101 deletions(-) create mode 100644 library/common-test/tests/cert/cert_dict_test.yaml create mode 100644 library/common-test/tests/cert/cert_list_test.yaml diff --git a/helm_template_common.sh b/helm_template_common.sh index 92335f91a5..824a79201a 100755 --- a/helm_template_common.sh +++ b/helm_template_common.sh @@ -2,8 +2,10 @@ chart_path=library/common-test -if [ $1 == "-f" ] && [ ! -z $2 ]; then - extra_args=("-f" "$chart_path/ci/$2") +if [ ! $1 == "template" ]; then + if [ $1 == "-f" ] && [ ! -z $2 ]; then + extra_args=("-f" "$chart_path/ci/$2") + fi fi if [ -d "$chart_path/charts" ]; then @@ -15,5 +17,11 @@ fi echo "Building common..." helm dependency update "$chart_path" -helm install --dry-run --debug common-test "${extra_args[@]}" "./$chart_path" +if [ $1 == "template" ]; then + echo "Running does not exist + + - it: should fail with empty ixCertificates key + set: + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: {} + asserts: + - failedTemplate: + errorMessage: Key is empty + + - it: should fail with cert that don't exist + set: + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "2": + certificate: cert_content + asserts: + - failedTemplate: + errorMessage: Certificate (1) was not found. + + - it: should fail with expired cert + set: + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + expired: true + asserts: + - failedTemplate: + errorMessage: Certificate (1) is expired + + - it: should fail with revoked cert + set: + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + revoked: true + asserts: + - failedTemplate: + errorMessage: Certificate (1) has been revoked + + - it: should pass with 1 secret created + documentIndex: &secretDoc 0 + set: + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-cert_name-ixcert-1-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created and revision increased + documentIndex: *secretDoc + release: + revision: 1 + set: + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-cert_name-ixcert-1-1 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created and revision increased and name overriden + documentIndex: *secretDoc + release: + revision: 1 + set: + scaleCerts: + cert_name: + id: 1 + nameOverride: name_override + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-name_override-ixcert-1-1 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 EXPIRED secret created and global allow + documentIndex: *secretDoc + set: + global: + defaults: + useExpiredCerts: true + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + expired: true + asserts: *basicAssertion + + - it: should pass with 1 REVOKED secret created and global allow + documentIndex: *secretDoc + set: + global: + defaults: + useRevokedCerts: true + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + revoked: true + asserts: *basicAssertion + + - it: should pass with 1 EXPIRED secret created and local allow + documentIndex: *secretDoc + set: + global: + defaults: + useExpiredCerts: false + scaleCerts: + cert_name: + id: 1 + useExpired: true + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + expired: true + asserts: *basicAssertion + + - it: should pass with 1 REVOKED secret created and local allow + documentIndex: *secretDoc + set: + global: + defaults: + useRevokedCerts: false + scaleCerts: + cert_name: + id: 1 + useRevoked: true + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + revoked: true + asserts: *basicAssertion + + - it: should pass with 2 secret created (doc1) + documentIndex: *secretDoc + set: + scaleCerts: + cert_name: + id: 1 + cert_name2: + id: 2 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + "2": + privatekey: some_key2 + certificate: cert_content2 + asserts: *basicAssertion + + - it: should pass with 2 secret created (doc2) + documentIndex: &secretDoc 1 + set: + scaleCerts: + cert_name: + id: 1 + cert_name2: + id: 2 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + "2": + privatekey: some_key2 + certificate: cert_content2 + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-cert_name2-ixcert-2-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key diff --git a/library/common-test/tests/cert/cert_list_test.yaml b/library/common-test/tests/cert/cert_list_test.yaml new file mode 100644 index 0000000000..b08f612d70 --- /dev/null +++ b/library/common-test/tests/cert/cert_list_test.yaml @@ -0,0 +1,270 @@ +suite: certificate list test +templates: + - common.yaml +tests: + - it: should fail with no ixCertificates key + set: + scaleCertsList: + - name: cert_name + id: 1 + asserts: + - failedTemplate: + errorMessage: Key does not exist + + - it: should fail with empty ixCertificates key + set: + scaleCertsList: + - name: cert_name + id: 1 + # Simulating middleware injection + ixCertificates: {} + asserts: + - failedTemplate: + errorMessage: Key is empty + + - it: should fail with cert that don't exist + set: + scaleCertsList: + - name: cert_name + id: 1 + # Simulating middleware injection + ixCertificates: + "2": + certificate: cert_content + asserts: + - failedTemplate: + errorMessage: Certificate (1) was not found. + + - it: should fail with expired cert + set: + scaleCertsList: + - name: cert_name + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + expired: true + asserts: + - failedTemplate: + errorMessage: Certificate (1) is expired + + - it: should fail with revoked cert + set: + scaleCertsList: + - name: cert_name + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + revoked: true + asserts: + - failedTemplate: + errorMessage: Certificate (1) has been revoked + + - it: should pass with 1 secret created + documentIndex: &secretDoc 0 + set: + scaleCertsList: + - name: cert_name + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-cert_name-ixcert-1-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created and revision increased + documentIndex: *secretDoc + release: + revision: 1 + set: + scaleCertsList: + - name: cert_name + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-cert_name-ixcert-1-1 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 secret created and revision increased and name overriden + documentIndex: *secretDoc + release: + revision: 1 + set: + scaleCertsList: + - name: cert_name + id: 1 + nameOverride: name_override + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-name_override-ixcert-1-1 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key + + - it: should pass with 1 EXPIRED secret created and global allow + documentIndex: *secretDoc + set: + global: + defaults: + useExpiredCerts: true + scaleCertsList: + - name: cert_name + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + expired: true + asserts: *basicAssertion + + - it: should pass with 1 REVOKED secret created and global allow + documentIndex: *secretDoc + set: + global: + defaults: + useRevokedCerts: true + scaleCertsList: + - name: cert_name + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + revoked: true + asserts: *basicAssertion + + - it: should pass with 1 EXPIRED secret created and local allow + documentIndex: *secretDoc + set: + global: + defaults: + useExpiredCerts: false + scaleCertsList: + - name: cert_name + id: 1 + useExpired: true + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + expired: true + asserts: *basicAssertion + + - it: should pass with 1 REVOKED secret created and local allow + documentIndex: *secretDoc + set: + global: + defaults: + useRevokedCerts: false + scaleCertsList: + - name: cert_name + id: 1 + useRevoked: true + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + revoked: true + asserts: *basicAssertion + + - it: should pass with 2 secret created (doc1) + documentIndex: *secretDoc + set: + scaleCertsList: + - name: cert_name + id: 1 + - name: cert_name2 + id: 2 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + "2": + privatekey: some_key2 + certificate: cert_content2 + asserts: *basicAssertion + + - it: should pass with 2 secret created (doc2) + documentIndex: &secretDoc 1 + set: + scaleCertsList: + - name: cert_name + id: 1 + - name: cert_name2 + id: 2 + # Simulating middleware injection + ixCertificates: + "1": + privatekey: some_key + certificate: cert_content + "2": + privatekey: some_key2 + certificate: cert_content2 + asserts: + - isKind: + of: Secret + - isAPIVersion: + of: v1 + - equal: + path: type + value: kubernetes.io/tls + - equal: + path: metadata.name + value: RELEASE-NAME-common-test-cert_name2-ixcert-2-0 + - isNotEmpty: + path: data.tls\.crt + - isNotEmpty: + path: data.tls\.key diff --git a/library/common-test/tests/cert/cert_test.yaml b/library/common-test/tests/cert/cert_test.yaml index 1ca8367238..74f4adb9e6 100644 --- a/library/common-test/tests/cert/cert_test.yaml +++ b/library/common-test/tests/cert/cert_test.yaml @@ -1,68 +1,9 @@ suite: certificate dict test templates: - common.yaml +chart: + appVersion: &appVer v1.2.3 tests: - - it: should fail with no ixCertificates key - set: - scaleCerts: - cert_name: - id: 1 - asserts: - - failedTemplate: - errorMessage: Key does not exist - - - it: should fail with empty ixCertificates key - set: - scaleCerts: - cert_name: - id: 1 - # Simulating middleware injection - ixCertificates: {} - asserts: - - failedTemplate: - errorMessage: Key is empty - - - it: should fail with cert that don't exist - set: - scaleCerts: - cert_name: - id: 1 - # Simulating middleware injection - ixCertificates: - "2": - certificate: cert_content - asserts: - - failedTemplate: - errorMessage: Certificate (1) was not found. - - - it: should fail with expired cert - set: - scaleCerts: - cert_name: - id: 1 - # Simulating middleware injection - ixCertificates: - "1": - certificate: cert_content - expired: true - asserts: - - failedTemplate: - errorMessage: Certificate (1) is expired - - - it: should fail with revoked cert - set: - scaleCerts: - cert_name: - id: 1 - # Simulating middleware injection - ixCertificates: - "1": - certificate: cert_content - revoked: true - asserts: - - failedTemplate: - errorMessage: Certificate (1) has been revoked - - it: should pass with 1 secret created documentIndex: &secretDoc 0 set: @@ -74,7 +15,7 @@ tests: "1": certificate: cert_content privatekey: some_key - asserts: + asserts: &basicAssertion - isKind: of: Secret - isAPIVersion: @@ -89,12 +30,27 @@ tests: path: data.tls\.crt - isNotEmpty: path: data.tls\.key + - equal: + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + - isNull: + path: metadata.annotations - - it: should pass with 1 secret created and revision increased - documentIndex: *secretDoc - release: - revision: 1 + - it: should pass with 1 secret created with global labels added + documentIndex: &secretDoc 0 set: + global: + labels: + some_key: some_value + some_key1: some_value1 scaleCerts: cert_name: id: 1 @@ -103,48 +59,101 @@ tests: "1": certificate: cert_content privatekey: some_key - asserts: - - isKind: - of: Secret - - isAPIVersion: - of: v1 + asserts: &basicAssertion - equal: - path: type - value: kubernetes.io/tls - - equal: - path: metadata.name - value: RELEASE-NAME-common-test-cert_name-ixcert-1-1 - - isNotEmpty: - path: data.tls\.crt - - isNotEmpty: - path: data.tls\.key + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: some_value + some_key1: some_value1 + - isNull: + path: metadata.annotations - - it: should pass with 1 secret created and revision increased and name overriden - documentIndex: *secretDoc - release: - revision: 1 + - it: should pass with 1 secret created with global labels added from tpl + documentIndex: &secretDoc 0 set: + k1: some_value + k2: some_value1 + global: + labels: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" scaleCerts: cert_name: id: 1 - nameOverride: name_override # Simulating middleware injection ixCertificates: "1": certificate: cert_content privatekey: some_key - asserts: - - isKind: - of: Secret - - isAPIVersion: - of: v1 + asserts: &basicAssertion - equal: - path: type - value: kubernetes.io/tls + path: metadata.labels + value: + app: common-test + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: common-test + app.kubernetes.io/version: *appVer + helm-revision: "0" + helm.sh/chart: common-test-1.0.0 + release: RELEASE-NAME + some_key: some_value + some_key1: some_value1 + - isNull: + path: metadata.annotations + + - it: should pass with 1 secret created with global annotations added + documentIndex: &secretDoc 0 + set: + global: + annotations: + some_key: some_value + some_key1: some_value1 + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion - equal: - path: metadata.name - value: RELEASE-NAME-common-test-name_override-ixcert-1-1 - - isNotEmpty: - path: data.tls\.crt - - isNotEmpty: - path: data.tls\.key + path: metadata.annotations + value: + some_key: some_value + some_key1: some_value1 + + - it: should pass with 1 secret created with global annotations added from tpl + documentIndex: &secretDoc 0 + set: + k1: some_value + k2: some_value1 + global: + annotations: + some_key: "{{ .Values.k1 }}" + some_key1: "{{ .Values.k2 }}" + scaleCerts: + cert_name: + id: 1 + # Simulating middleware injection + ixCertificates: + "1": + certificate: cert_content + privatekey: some_key + asserts: &basicAssertion + - equal: + path: metadata.annotations + value: + some_key: some_value + some_key1: some_value1 + +#TODO: add tests for certPath and keyPath