truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-06-16 15:08:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

finish secret creation of certificate

Browse Source
This commit is contained in:
Stavros kois
2023-02-11 18:08:23 +02:00
parent 35fc4ab35a
commit ea81ed1dc1
7 changed files with 150 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
library/common-test/tests/certificate/data_test.yaml Normal file
View File

@@ -0,0 +1,30 @@
suite: certificate data test
templates:
- common.yaml
chart:
appVersion: &appVer v9.9.9
tests:
- it: should pass with secret created for certificate
set:
ixCertificates:
"1":
certificate: some_cert
privatekey: some_key
scaleCertificate:
my-cert:
enabled: true
id: 1
asserts:
- documentIndex: &secretDoc 0
isKind:
of: Secret
- documentIndex: *secretDoc
equal:
path: data
value:
crt: c29tZV9jZXJ0
key: c29tZV9rZXk=
- documentIndex: *secretDoc
equal:
path: type
value: kubernetes.io/tls

4
library/common-test/tests/certificate/metadata_test.yaml
View File

@@ -17,6 +17,10 @@ tests:
annotations:
g_annotation1: global_annotation1
g_annotation2: "{{ .Values.annotation2 }}"
ixCertificates:
"1":
certificate: some_cert
privatekey: some_key
scaleCertificate:
my-cert:
enabled: true

7
library/common-test/tests/certificate/name_test.yaml
View File

@@ -4,6 +4,13 @@ templates:
tests:
- it: should generate correct name
set:
ixCertificates:
"1":
certificate: some_cert
privatekey: some_key
"2":
certificate: some_cert
privatekey: some_key
scaleCertificate:
my-cert1:
enabled: true

77
library/common-test/tests/certificate/validation_test.yaml
View File

@@ -64,3 +64,80 @@ tests:
asserts:
- failedTemplate:
errorMessage: Certificate - Expected <targetSelector> to be a [map], but got [string]
- it: should fail with empty ixCertificates when cert is defined
set:
ixCertificates: []
scaleCertificate:
my-cert:
enabled: true
id: 1
asserts:
- failedTemplate:
errorMessage: Certificate - Expected non-empty <ixCertificates>
- it: should fail with not defined id in ixCertificates when cert is defined
set:
ixCertificates:
"2":
key: value
scaleCertificate:
my-cert:
enabled: true
id: 1
asserts:
- failedTemplate:
errorMessage: Certificate - Expected certificate with <id> ["1"] to exist in <ixCertificates>
- it: should fail with with revoked cert
set:
ixCertificates:
"1":
revoked: true
scaleCertificate:
my-cert:
enabled: true
id: 1
asserts:
- failedTemplate:
errorMessage: Certificate - Expected non-revoked certificate with <id> ["1"]
- it: should fail with with expired cert
set:
ixCertificates:
"1":
expired: true
scaleCertificate:
my-cert:
enabled: true
id: 1
asserts:
- failedTemplate:
errorMessage: Certificate - Expected non-expired certificate with <id> ["1"]
- it: should fail with with empty certificate
set:
ixCertificates:
"1":
certificate: ""
scaleCertificate:
my-cert:
enabled: true
id: 1
asserts:
- failedTemplate:
errorMessage: Certificate - Expected non-empty [certificate] in certificate with <id> ["1"] in <ixCertificates>
- it: should fail with with empty privatekey
set:
ixCertificates:
"1":
certificate: some_value
privatekey: ""
scaleCertificate:
my-cert:
enabled: true
id: 1
asserts:
- failedTemplate:
errorMessage: Certificate - Expected non-empty [privatekey] in certificate with <id> ["1"] in <ixCertificates>

3
library/common/1.0.0/templates/class/_secret.tpl
View File

@@ -43,7 +43,8 @@ metadata:
{{- if (mustHas $objectData.type (list "certificate" "imagePullSecret")) }}
data:
{{- if eq $objectData.type "certificate" }}
{{/* TODO: print certificate values and test */}}
crt: {{ $objectData.data.certificate | trim | b64enc }}
key: {{ $objectData.data.privatekey | trim | b64enc }}
{{- else if eq $objectData.type "imagePullSecret" }}
.dockerconfigjson: {{ $objectData.data | trim | b64enc }}
{{- end -}}

27
library/common/1.0.0/templates/lib/certificate/_getData.tpl
View File

@@ -8,6 +8,33 @@ objectData: The object data of the certificate
{{- $objectData := .objectData -}}
{{- $rootCtx := .rootCtx -}}
{{- $certID := (toString $objectData.id) -}}
{{/* Make sure certificate exists */}}
{{- if hasKey $rootCtx.Values "ixCertificates" -}}
{{- if not $rootCtx.Values.ixCertificates -}}
{{- fail "Certificate - Expected non-empty <ixCertificates>" -}}
{{- end -}}
{{- if not (hasKey $rootCtx.Values.ixCertificates $certID) -}}
{{- fail (printf "Certificate - Expected certificate with <id> [%q] to exist in <ixCertificates>" $certID) -}}
{{- end -}}
{{- end -}}
{{- $data := get $rootCtx.Values.ixCertificates $certID -}}
{{- range $flag := (list "revoked" "expired") -}}
{{- if (get $data $flag) -}}
{{- fail (printf "Certificate - Expected non-%s certificate with <id> [%q]" $flag $certID) -}}
{{- end -}}
{{- end -}}
{{- range $key := (list "certificate" "privatekey") -}}
{{- if not (get $data $key) -}}
{{- fail (printf "Certificate - Expected non-empty [%s] in certificate with <id> [%q] in <ixCertificates>" $key $certID) -}}
{{- end -}}
{{- end -}}
{{- $data | toJson -}}
{{- end -}}

4
library/common/1.0.0/templates/spawner/_certificate.tpl
View File

@@ -18,7 +18,9 @@
{{- include "ix.v1.common.lib.certificate.validation" (dict "objectData" $objectData) -}}
{{- include "ix.v1.common.lib.metadata.validation" (dict "objectData" $objectData "caller" "Certificate") -}}
{{/* TODO: Prepare data */}}
{{/* Prepare data */}}
{{- $data := fromJson (include "ix.v1.common.lib.certificate.getData" (dict "rootCtx" $ "objectData" $objectData)) -}}
{{- $_ := set $objectData "data" $data -}}
{{/* TODO: Create persistence if defined */}}