From b16437995a802a93dfad7f972efb8237f98a2d70 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 10 Apr 2024 13:12:21 +0200
Subject: [PATCH] OZG-3328 set imagePullSecret as required and cleanup

---
 src/main/helm/templates/_helpers.tpl          |  5 --
 src/main/helm/templates/deployment.yaml       |  6 +-
 .../helm/templates/image_pull_secret.yaml     | 34 -----------
 src/test/helm-linter-values.yaml              |  4 +-
 src/test/helm/deployment_63_chars_test.yaml   |  1 +
 src/test/helm/deployment_bindings_test.yaml   |  1 +
 ...yment_container_security_context_test.yaml |  1 +
 ...yment_defaults_containers_health_test.yaml |  3 +-
 .../helm/deployment_defaults_labels_test.yaml |  1 +
 ...loyment_defaults_spec_containers_test.yaml |  1 +
 ...faults_topologySpreadConstraints_test.yaml |  1 +
 .../helm/deployment_env_customList_test.yaml  |  1 +
 .../helm/deployment_host_aliases_test.yaml    |  1 +
 .../deployment_imagepull_secret_test.yaml     | 11 ++--
 .../helm/deployment_liveness_probe_test.yaml  |  1 +
 ...ployment_pod_default_spec_values_test.yaml |  1 +
 src/test/helm/deployment_resources_test.yaml  |  1 +
 .../helm/deployment_routing_strategy_env.yaml |  1 +
 .../helm/deployment_service_account_test.yaml |  1 +
 .../deployment_springProfile_env_test.yaml    |  3 +-
 ...t_general_value_and_default_spec_test.yaml |  2 +-
 src/test/helm/image_pull_secret_test.yaml     | 57 -------------------
 ..._test.yaml => realm_name_length_test.yaml} |  0
 23 files changed, 27 insertions(+), 111 deletions(-)
 delete mode 100644 src/main/helm/templates/image_pull_secret.yaml
 delete mode 100644 src/test/helm/image_pull_secret_test.yaml
 rename src/test/helm/{deployment_realm_name_length_test.yaml => realm_name_length_test.yaml} (100%)

diff --git a/src/main/helm/templates/_helpers.tpl b/src/main/helm/templates/_helpers.tpl
index 0915f0f23..e0ff7ea44 100644
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -42,11 +42,6 @@ app.kubernetes.io/name: {{ .Release.Name }}
 app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- end -}}
 
-{{- define "app.imagePullSecret" }}
-{{- with .Values.imageCredentials }}
-{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
-{{- end }}
-{{- end }}
 
 {{- define "app.envSpringProfiles" }}
 {{- if (.Values.env).overrideSpringProfiles -}}
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index 700bdd9fb..89c0a9277 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -156,11 +156,7 @@ spec:
       dnsConfig: {}
       dnsPolicy: ClusterFirst
       imagePullSecrets:
-      {{- if .Values.imagePullSecret }}
-      - name: {{ .Values.imagePullSecret }}
-      {{ else }}
-      - name: {{ .Release.Name }}-image-pull-secret
-      {{- end }}
+      - name: {{ required "imagePullSecret must be set" .Values.imagePullSecret }}
       restartPolicy: Always
       {{- with .Values.hostAliases }}
       hostAliases:
diff --git a/src/main/helm/templates/image_pull_secret.yaml b/src/main/helm/templates/image_pull_secret.yaml
deleted file mode 100644
index 327b37f8b..000000000
--- a/src/main/helm/templates/image_pull_secret.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
-# Ministerpräsidenten des Landes Schleswig-Holstein
-# Staatskanzlei
-# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
-#
-# Lizenziert unter der EUPL, Version 1.2 oder - sobald
-# diese von der Europäischen Kommission genehmigt wurden -
-# Folgeversionen der EUPL ("Lizenz");
-# Sie dürfen dieses Werk ausschließlich gemäß
-# dieser Lizenz nutzen.
-# Eine Kopie der Lizenz finden Sie hier:
-#
-# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
-#
-# Sofern nicht durch anwendbare Rechtsvorschriften
-# gefordert oder in schriftlicher Form vereinbart, wird
-# die unter der Lizenz verbreitete Software "so wie sie
-# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
-# ausdrücklich oder stillschweigend - verbreitet.
-# Die sprachspezifischen Genehmigungen und Beschränkungen
-# unter der Lizenz sind dem Lizenztext zu entnehmen.
-#
-
-{{- if not (.Values.imagePullSecret) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-image-pull-secret
-  namespace: {{ include "app.namespace" . }}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ include "app.imagePullSecret" . }}
-{{- end }}
\ No newline at end of file
diff --git a/src/test/helm-linter-values.yaml b/src/test/helm-linter-values.yaml
index dc7bf7d67..42eb04837 100644
--- a/src/test/helm-linter-values.yaml
+++ b/src/test/helm-linter-values.yaml
@@ -28,4 +28,6 @@ ozgcloud:
   bundesland: sh
 
 networkPolicy:
-  dnsServerNamespace: test-dns-server-namespace
\ No newline at end of file
+  dnsServerNamespace: test-dns-server-namespace
+
+imagePullSecret: image-pull-secret
\ No newline at end of file
diff --git a/src/test/helm/deployment_63_chars_test.yaml b/src/test/helm/deployment_63_chars_test.yaml
index 1e63b47ee..62c2f8e3c 100644
--- a/src/test/helm/deployment_63_chars_test.yaml
+++ b/src/test/helm/deployment_63_chars_test.yaml
@@ -31,6 +31,7 @@ chart:
   name: eingang-manager
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 templates:
   - templates/deployment.yaml
 
diff --git a/src/test/helm/deployment_bindings_test.yaml b/src/test/helm/deployment_bindings_test.yaml
index 9b3f68067..6e48055b0 100644
--- a/src/test/helm/deployment_bindings_test.yaml
+++ b/src/test/helm/deployment_bindings_test.yaml
@@ -27,6 +27,7 @@ templates:
   - templates/deployment.yaml
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: should have temp-dir volume
     asserts:
diff --git a/src/test/helm/deployment_container_security_context_test.yaml b/src/test/helm/deployment_container_security_context_test.yaml
index 3250ce7f1..061331204 100644
--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -30,6 +30,7 @@ templates:
   - templates/deployment.yaml
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: check default values
     asserts:
diff --git a/src/test/helm/deployment_defaults_containers_health_test.yaml b/src/test/helm/deployment_defaults_containers_health_test.yaml
index e57dbb709..c6e30a3a9 100644
--- a/src/test/helm/deployment_defaults_containers_health_test.yaml
+++ b/src/test/helm/deployment_defaults_containers_health_test.yaml
@@ -30,8 +30,9 @@ templates:
   - templates/deployment.yaml
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
-  - it: should work
+  - it: should have correct health check values
     asserts:
       - equal:
           path: spec.template.spec.containers[0].readinessProbe.failureThreshold
diff --git a/src/test/helm/deployment_defaults_labels_test.yaml b/src/test/helm/deployment_defaults_labels_test.yaml
index 40b95f730..4e2d5f7fd 100644
--- a/src/test/helm/deployment_defaults_labels_test.yaml
+++ b/src/test/helm/deployment_defaults_labels_test.yaml
@@ -31,6 +31,7 @@ templates:
 
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: check default labels
     asserts:
diff --git a/src/test/helm/deployment_defaults_spec_containers_test.yaml b/src/test/helm/deployment_defaults_spec_containers_test.yaml
index b1c50d97b..947c086f3 100644
--- a/src/test/helm/deployment_defaults_spec_containers_test.yaml
+++ b/src/test/helm/deployment_defaults_spec_containers_test.yaml
@@ -30,6 +30,7 @@ templates:
   - templates/deployment.yaml
 set:  
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: check for some standard values
     asserts:
diff --git a/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml b/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
index e3dc00914..9364e4502 100644
--- a/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
+++ b/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
@@ -30,6 +30,7 @@ templates:
   - templates/deployment.yaml
 set:  
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: check default values
     asserts:
diff --git a/src/test/helm/deployment_env_customList_test.yaml b/src/test/helm/deployment_env_customList_test.yaml
index 9cd1d4c7a..16022898f 100644
--- a/src/test/helm/deployment_env_customList_test.yaml
+++ b/src/test/helm/deployment_env_customList_test.yaml
@@ -27,6 +27,7 @@ templates:
   - templates/deployment.yaml
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: check customList
     set:
diff --git a/src/test/helm/deployment_host_aliases_test.yaml b/src/test/helm/deployment_host_aliases_test.yaml
index 5bd226ad1..4ba73fa7d 100644
--- a/src/test/helm/deployment_host_aliases_test.yaml
+++ b/src/test/helm/deployment_host_aliases_test.yaml
@@ -31,6 +31,7 @@ templates:
 
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: should not set hostAliases
     asserts:
diff --git a/src/test/helm/deployment_imagepull_secret_test.yaml b/src/test/helm/deployment_imagepull_secret_test.yaml
index a3d33d7b8..eb15225e4 100644
--- a/src/test/helm/deployment_imagepull_secret_test.yaml
+++ b/src/test/helm/deployment_imagepull_secret_test.yaml
@@ -31,15 +31,14 @@ templates:
 set:
   ozgcloud.environment: test
 tests:
-  - it: should use default imagePull secret
-    asserts:
-      - equal:
-          path: spec.template.spec.imagePullSecrets[0].name
-          value: afm-adapter-image-pull-secret
   - it: should set the imagePull secret
     set:
       imagePullSecret: image-pull-secret
     asserts:
       - equal:
           path: spec.template.spec.imagePullSecrets[0].name
-          value: image-pull-secret
\ No newline at end of file
+          value: image-pull-secret
+  - it: should fail tempalte when not set
+    asserts:
+      - failedTemplate:
+          errorMessage: imagePullSecret must be set
\ No newline at end of file
diff --git a/src/test/helm/deployment_liveness_probe_test.yaml b/src/test/helm/deployment_liveness_probe_test.yaml
index 7771c84c7..944984fb5 100644
--- a/src/test/helm/deployment_liveness_probe_test.yaml
+++ b/src/test/helm/deployment_liveness_probe_test.yaml
@@ -27,6 +27,7 @@ templates:
   - templates/deployment.yaml
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: livenessProbe should be disabled by default
     asserts:
diff --git a/src/test/helm/deployment_pod_default_spec_values_test.yaml b/src/test/helm/deployment_pod_default_spec_values_test.yaml
index 4a7c853c2..ed1df2ad6 100644
--- a/src/test/helm/deployment_pod_default_spec_values_test.yaml
+++ b/src/test/helm/deployment_pod_default_spec_values_test.yaml
@@ -30,6 +30,7 @@ templates:
   - templates/deployment.yaml
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
  - it: should have correct pod template values
    asserts:
diff --git a/src/test/helm/deployment_resources_test.yaml b/src/test/helm/deployment_resources_test.yaml
index e31b3ebd6..6404c0c9b 100644
--- a/src/test/helm/deployment_resources_test.yaml
+++ b/src/test/helm/deployment_resources_test.yaml
@@ -29,6 +29,7 @@ templates:
   - templates/deployment.yaml
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: test resources
     set:
diff --git a/src/test/helm/deployment_routing_strategy_env.yaml b/src/test/helm/deployment_routing_strategy_env.yaml
index 39e5dac3a..dc9ae515b 100644
--- a/src/test/helm/deployment_routing_strategy_env.yaml
+++ b/src/test/helm/deployment_routing_strategy_env.yaml
@@ -31,6 +31,7 @@ templates:
 set:
   image.tag: latest
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: validate default routing values without questions.yaml
     asserts:
diff --git a/src/test/helm/deployment_service_account_test.yaml b/src/test/helm/deployment_service_account_test.yaml
index 1c3b8a401..0a5df07ed 100644
--- a/src/test/helm/deployment_service_account_test.yaml
+++ b/src/test/helm/deployment_service_account_test.yaml
@@ -31,6 +31,7 @@ templates:
 
 set:
   ozgcloud.environment: test
+  imagePullSecret: image-pull-secret
 tests:
   - it: should use afm-adapter service account name
     set:
diff --git a/src/test/helm/deployment_springProfile_env_test.yaml b/src/test/helm/deployment_springProfile_env_test.yaml
index 0b89d1a71..001fbf3d2 100644
--- a/src/test/helm/deployment_springProfile_env_test.yaml
+++ b/src/test/helm/deployment_springProfile_env_test.yaml
@@ -27,7 +27,8 @@ release:
   name: if-adapter
 templates:
   - templates/deployment.yaml
-
+set:
+  imagePullSecret: image-pull-secret
 tests:
   - it: should override spring profiles
     set:
diff --git a/src/test/helm/deyploment_general_value_and_default_spec_test.yaml b/src/test/helm/deyploment_general_value_and_default_spec_test.yaml
index 4f226cdec..0ab50fa23 100644
--- a/src/test/helm/deyploment_general_value_and_default_spec_test.yaml
+++ b/src/test/helm/deyploment_general_value_and_default_spec_test.yaml
@@ -30,7 +30,7 @@ templates:
   - templates/deployment.yaml
 set:
   ozgcloud.environment: test
-
+  imagePullSecret: image-pull-secret
 tests:
   - it: should have correct apiVersion
     asserts:
diff --git a/src/test/helm/image_pull_secret_test.yaml b/src/test/helm/image_pull_secret_test.yaml
deleted file mode 100644
index 25b628479..000000000
--- a/src/test/helm/image_pull_secret_test.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
-# Ministerpräsidenten des Landes Schleswig-Holstein
-# Staatskanzlei
-# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
-#
-# Lizenziert unter der EUPL, Version 1.2 oder - sobald
-# diese von der Europäischen Kommission genehmigt wurden -
-# Folgeversionen der EUPL ("Lizenz");
-# Sie dürfen dieses Werk ausschließlich gemäß
-# dieser Lizenz nutzen.
-# Eine Kopie der Lizenz finden Sie hier:
-#
-# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
-#
-# Sofern nicht durch anwendbare Rechtsvorschriften
-# gefordert oder in schriftlicher Form vereinbart, wird
-# die unter der Lizenz verbreitete Software "so wie sie
-# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
-# ausdrücklich oder stillschweigend - verbreitet.
-# Die sprachspezifischen Genehmigungen und Beschränkungen
-# unter der Lizenz sind dem Lizenztext zu entnehmen.
-#
-
-suite: test image pull secret
-templates:
-  - templates/image_pull_secret.yaml
-release:
-  name: intelliform-adaptero
-  namespace: helm-test
-tests:
-  - it: should match basic data
-    set:
-      imageCredentials:
-        registry: docker.ozg-sh.de
-        username: test
-        password: test1234
-        email: webmaster@ozg-sh.de
-    asserts:
-      - containsDocument:
-          kind: Secret
-          apiVersion: v1
-      - equal:
-          path: metadata.name
-          value: intelliform-adaptero-image-pull-secret
-      - equal:
-          path: metadata.namespace
-          value: helm-test
-      - isNotEmpty:
-          path: data[".dockerconfigjson"]
-
-  - it: should not create image pull secret
-    set:
-      imagePullSecret: "image-pull-secret"
-    asserts:
-      - hasDocuments:
-          count: 0
\ No newline at end of file
diff --git a/src/test/helm/deployment_realm_name_length_test.yaml b/src/test/helm/realm_name_length_test.yaml
similarity index 100%
rename from src/test/helm/deployment_realm_name_length_test.yaml
rename to src/test/helm/realm_name_length_test.yaml
-- 
GitLab