From da0b04393d75595abe26b183620dcd00b7064ec9 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Fri, 2 Dec 2022 00:09:01 +0200 Subject: [PATCH] update primary utils to catch edge cases and add tests --- .../container_in_deployment/port_test.yaml | 17 +++++++++++++++ library/common-test/tests/rbac/rbac_test.yaml | 13 ++++++++++++ .../tests/service/service_test.yaml | 21 +++++++++++++++++++ .../serviceAccount/serviceAccount_test.yaml | 13 ++++++++++++ .../templates/lib/util/_primary_port.tpl | 11 ++++++++-- .../templates/lib/util/_primary_rbac.tpl | 10 +++++++-- .../templates/lib/util/_primary_service.tpl | 10 +++++++-- .../lib/util/_primary_serviceAccount.tpl | 10 +++++++-- 8 files changed, 97 insertions(+), 8 deletions(-) diff --git a/library/common-test/tests/container_in_deployment/port_test.yaml b/library/common-test/tests/container_in_deployment/port_test.yaml index d478630fb9..c63379864d 100644 --- a/library/common-test/tests/container_in_deployment/port_test.yaml +++ b/library/common-test/tests/container_in_deployment/port_test.yaml @@ -33,6 +33,23 @@ tests: - failedTemplate: errorMessage: Port is required on enabled services. Service (main) + - it: should fail with multiple port, but none set as primary + set: + service: + main: + ports: + main: + enabled: true + primary: false + port: 65535 + main2: + enabled: true + primary: false + port: 65534 + asserts: + - failedTemplate: + errorMessage: At least one port must be set as primary in service (main) + - it: should fail without ports dict in an enabled service set: service: diff --git a/library/common-test/tests/rbac/rbac_test.yaml b/library/common-test/tests/rbac/rbac_test.yaml index ddac929f93..e460c4b216 100644 --- a/library/common-test/tests/rbac/rbac_test.yaml +++ b/library/common-test/tests/rbac/rbac_test.yaml @@ -15,6 +15,19 @@ tests: - isKind: of: Deployment + - it: should fail with multiple service accounts, without any set as primary + set: + rbac: + main: + enabled: true + primary: false + main2: + enabled: true + primary: false + asserts: + - failedTemplate: + errorMessage: At least one RBAC must be set as primary + - it: should fail with no rules in rbac set: rbac: diff --git a/library/common-test/tests/service/service_test.yaml b/library/common-test/tests/service/service_test.yaml index 12e117e296..b8fd6bced8 100644 --- a/library/common-test/tests/service/service_test.yaml +++ b/library/common-test/tests/service/service_test.yaml @@ -12,6 +12,27 @@ tests: - isKind: of: Deployment + - it: should fail with multiple services, without any set as primary + set: + service: + main: + enabled: true + primary: false + ports: + main: + enabled: true + port: 65535 + main2: + enabled: true + primary: false + ports: + main2: + enabled: true + port: 65534 + asserts: + - failedTemplate: + errorMessage: At least one Service must be set as primary + - it: should fail without externalName on ExternalName service set: service: diff --git a/library/common-test/tests/serviceAccount/serviceAccount_test.yaml b/library/common-test/tests/serviceAccount/serviceAccount_test.yaml index 07357e04db..bedcdc83df 100644 --- a/library/common-test/tests/serviceAccount/serviceAccount_test.yaml +++ b/library/common-test/tests/serviceAccount/serviceAccount_test.yaml @@ -13,6 +13,19 @@ tests: - isKind: of: Deployment + - it: should fail with multiple service accounts, without any set as primary + set: + serviceAccount: + main: + enabled: true + primary: false + main2: + enabled: true + primary: false + asserts: + - failedTemplate: + errorMessage: At least one Service Account must be set as primary + - it: should pass with service account enabled documentIndex: &serviceAccountDoc 0 set: diff --git a/library/common/1.0.0/templates/lib/util/_primary_port.tpl b/library/common/1.0.0/templates/lib/util/_primary_port.tpl index a5dc71d101..9bbb4161b7 100644 --- a/library/common/1.0.0/templates/lib/util/_primary_port.tpl +++ b/library/common/1.0.0/templates/lib/util/_primary_port.tpl @@ -1,10 +1,11 @@ {{/* A dict containing .values and .serviceName is passed when this function is called */}} {{/* Return the primary port for a given Service object. */}} {{- define "ix.v1.common.lib.util.service.ports.primary" -}} + {{- $svcName := .svcName -}} {{- $enabledPorts := dict -}} {{- range $name, $port := .values.ports -}} {{- if $port.enabled -}} - {{- $_ := set $enabledPorts $name . -}} + {{- $_ := set $enabledPorts $name $port -}} {{- end -}} {{- end -}} @@ -25,7 +26,13 @@ {{- end -}} {{- if not $result -}} - {{- $result = keys $enabledPorts | first -}} + {{- if eq (len $enabledPorts) 1 -}} + {{- $result = keys $enabledPorts | first -}} + {{- else -}} + {{- if $enabledPorts -}} + {{- fail (printf "At least one port must be set as primary in service (%s)" $svcName) -}} + {{- end -}} + {{- end -}} {{- end -}} {{- $result -}} diff --git a/library/common/1.0.0/templates/lib/util/_primary_rbac.tpl b/library/common/1.0.0/templates/lib/util/_primary_rbac.tpl index a59684900d..9d5257d3e7 100644 --- a/library/common/1.0.0/templates/lib/util/_primary_rbac.tpl +++ b/library/common/1.0.0/templates/lib/util/_primary_rbac.tpl @@ -3,7 +3,7 @@ {{- $enabledrbacs := dict -}} {{- range $name, $rbac := .Values.rbac -}} {{- if $rbac.enabled -}} - {{- $_ := set $enabledrbacs $name . -}} + {{- $_ := set $enabledrbacs $name $rbac -}} {{- end -}} {{- end -}} @@ -20,7 +20,13 @@ {{- end -}} {{- if not $result -}} - {{- $result = keys $enabledrbacs | first -}} + {{- if eq (len $enabledrbacs) 1 -}} + {{- $result = keys $enabledrbacs | first -}} + {{- else -}} + {{- if $enabledrbacs -}} + {{- fail "At least one RBAC must be set as primary" -}} + {{- end -}} + {{- end -}} {{- end -}} {{- $result -}} diff --git a/library/common/1.0.0/templates/lib/util/_primary_service.tpl b/library/common/1.0.0/templates/lib/util/_primary_service.tpl index 26890cc792..9ead4d4acb 100644 --- a/library/common/1.0.0/templates/lib/util/_primary_service.tpl +++ b/library/common/1.0.0/templates/lib/util/_primary_service.tpl @@ -3,7 +3,7 @@ {{- $enabledServices := dict -}} {{- range $name, $service := .Values.service -}} {{- if $service.enabled -}} - {{- $_ := set $enabledServices $name . -}} + {{- $_ := set $enabledServices $name $service -}} {{- end -}} {{- end -}} @@ -20,7 +20,13 @@ {{- end -}} {{- if not $result -}} - {{- $result = keys $enabledServices | first -}} + {{- if eq (len $enabledServices) 1 -}} + {{- $result = keys $enabledServices | first -}} + {{- else -}} + {{- if $enabledServices -}} + {{- fail "At least one Service must be set as primary" -}} + {{- end -}} + {{- end -}} {{- end -}} {{- $result -}} diff --git a/library/common/1.0.0/templates/lib/util/_primary_serviceAccount.tpl b/library/common/1.0.0/templates/lib/util/_primary_serviceAccount.tpl index ccff5493ae..770cfc77f3 100644 --- a/library/common/1.0.0/templates/lib/util/_primary_serviceAccount.tpl +++ b/library/common/1.0.0/templates/lib/util/_primary_serviceAccount.tpl @@ -3,7 +3,7 @@ {{- $enabledServiceAccounts := dict -}} {{- range $name, $serviceAccount := .Values.serviceAccount -}} {{- if $serviceAccount.enabled -}} - {{- $_ := set $enabledServiceAccounts $name . -}} + {{- $_ := set $enabledServiceAccounts $name $serviceAccount -}} {{- end -}} {{- end -}} @@ -20,7 +20,13 @@ {{- end -}} {{- if not $result -}} - {{- $result = keys $enabledServiceAccounts | first -}} + {{- if eq (len $enabledServiceAccounts) 1 -}} + {{- $result = keys $enabledServiceAccounts | first -}} + {{- else -}} + {{- if $enabledServiceAccounts -}} + {{- fail "At least one Service Account must be set as primary" -}} + {{- end -}} + {{- end -}} {{- end -}} {{- $result -}}