Merge branch 'master' of git.ozg-sh.de:ozgcloud-app/eingang-manager

d921fd5f · OZG-Cloud Team · b5a5046b · b51b1f62 · d921fd5f · d921fd5f
Commit d921fd5f authored 1 year ago by OZG-Cloud Team
--- a/common/src/main/java/de/ozgcloud/eingang/common/vorgang/VorgangNummerSupplier.java
+++ b/common/src/main/java/de/ozgcloud/eingang/common/vorgang/VorgangNummerSupplier.java
@@ -5,6 +5,7 @@ import java.time.LocalDate;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.springframework.stereotype.Component;

+import de.ozgcloud.common.errorhandling.TechnicalException;
 import lombok.RequiredArgsConstructor;

 @Component
@@ -17,10 +18,17 @@ public class VorgangNummerSupplier {
 	static final int SUFFIX_LENGTH = 6;

 	public String get() {
+		return get(SUFFIX_LENGTH);
+	}
+
+	public String get(int suffixLength) {
+		if (suffixLength <1){
+			throw new TechnicalException("Suffix length must be at least 1");
+		}
 		var today = LocalDate.now();
 		var lastYearNumber = today.getYear() % 10;
 		return VORGANGNUMMER_TEMPLATE.formatted(lastYearNumber, today.getMonthValue(), today.getDayOfMonth(),
-				RandomStringUtils.random(SUFFIX_LENGTH, BASE30_ALPHABET));
+				RandomStringUtils.random(suffixLength, BASE30_ALPHABET));
 	}

 }
--- a/common/src/test/java/de/ozgcloud/eingang/common/vorgang/VorgangNummerSupplierTest.java
+++ b/common/src/test/java/de/ozgcloud/eingang/common/vorgang/VorgangNummerSupplierTest.java
 package de.ozgcloud.eingang.common.vorgang;

 import static org.assertj.core.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.Mockito.*;

 import java.time.LocalDate;
-import java.util.Random;

 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
 import org.mockito.InjectMocks;
-import org.mockito.Mock;
 import org.mockito.Spy;
-import org.springframework.test.util.ReflectionTestUtils;
+
+import de.ozgcloud.common.errorhandling.TechnicalException;

 class VorgangNummerSupplierTest {

@@ -26,7 +28,25 @@ class VorgangNummerSupplierTest {
 	void shouldAddSuffix() {
 		var result = vorgangNummerSupplier.get();

-		assertThat(result).hasSize(11);
+		assertThat(getSuffix(result)).hasSize(VorgangNummerSupplier.SUFFIX_LENGTH);
+	}
+
+	@Test
+	void shouldHaveSuffixSize() {
+		var result = vorgangNummerSupplier.get(3);
+
+		assertThat(getSuffix(result)).hasSize(3);
+	}
+
+	@DisplayName("should throw exception when")
+	@ParameterizedTest(name = "suffix length {0}")
+	@ValueSource(ints = { -1, 0 })
+	void shouldThrowException(int suffixLength) {
+		assertThrows(TechnicalException.class, () -> vorgangNummerSupplier.get(suffixLength));
+	}
+
+	private String getSuffix(String string) {
+		return string.substring(string.indexOf('-') + 1);
 	}

 	@Test

--- a/run_helm_test.sh
+++ b/run_helm_test.sh
@@ -4,4 +4,4 @@ set -e

 helm template  ./src/main/helm/ -f src/test/helm-linter-values.yaml
 helm lint -f src/test/helm-linter-values.yaml ./src/main/helm/
-cd src/main/helm && helm unittest -f '../../test/helm/*.yaml' -v '../../test/unit-values.yaml' .
\ No newline at end of file
+cd src/main/helm && helm unittest -f '../../test/helm/*.yaml' .
\ No newline at end of file
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
 {{/* vim: set filetype=mustache: */}}

-{{/* Truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) */}}
-{{/* Name */}}
-{{- define "app.name" -}}
-{{- default .Release.Name | toString | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
+{{/* error check 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) */}}
 {{/* Namespace */}}
 {{- define "app.namespace" -}}
-{{- default .Release.Namespace | toString | trunc 63 | trimSuffix "-" -}}
+{{- if gt (len (.Release.Namespace)) 63 -}}
+{{- fail (printf ".Release.Namespace %s ist zu lang (max. 63 Zeichen)" .Release.Namespace) -}}
 {{- end -}}
-
-{{/* Version */}}
-{{- define "app.version" -}}
-{{- default .Chart.Version | toString | trunc 63 | trimSuffix "-" -}}
+{{ printf "%s" .Release.Namespace }}
 {{- end -}}

 {{/* Chart: Name + Version */}}
 {{- define "app.chart" -}}
-{{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- if gt (len (printf "%s-%s" .Chart.Name .Chart.Version)) 63 -}}
+{{- fail (printf ".Chart.Name-.Chart.Version %s-%s ist zu lang (max. 63 Zeichen)" .Chart.Name .Chart.Version) -}}
+{{- end -}}
+{{ printf "%s-%s" .Chart.Name .Chart.Version }}
 {{- end -}}

 {{/* Managed-by -> On Helm, this value is always Helm */}}
 {{- define "app.managedBy" -}}
-{{- default .Release.Service | toString | trunc 63 | trimSuffix "-" -}}
+{{- if gt (len (.Release.Service)) 63 -}}
+{{- fail (printf ".Release.Service %s ist zu lang (max. 63 Zeichen)" .Release.Service) -}}
+{{- end -}}
+{{ printf "%s" .Release.Service }}
 {{- end -}}

 {{/* Default Labels: Helm recommended best-practice labels https://helm.sh/docs/chart_best_practices/labels/ */}}
 {{- define "app.defaultLabels" }}
 app.kubernetes.io/instance: afm-adapter
 app.kubernetes.io/managed-by: {{ include "app.managedBy" . }}
-app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/name: {{ .Release.Name }}
 app.kubernetes.io/part-of: ozgcloud
-app.kubernetes.io/version: {{ include "app.version" . }}
+app.kubernetes.io/version: {{ .Chart.Version }}
 app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 helm.sh/chart: {{ include "app.chart" . }}
 ozg-component: eingangsadapter
 {{- end -}}

 {{- define "app.matchLabels" }}
-app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/name: {{ .Release.Name }}
 app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- end -}}


--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -25,7 +25,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "app.name" . }}
+  name: {{ .Release.Name }}
  namespace: {{ include "app.namespace" . }}
  labels:
    {{- include "app.defaultLabels" . | indent 4 }}
@@ -56,7 +56,7 @@ spec:
        whenUnsatisfiable: DoNotSchedule
        labelSelector:
          matchLabels:
-            app.kubernetes.io/name: {{ include "app.name" . }}
+            app.kubernetes.io/name: {{ .Release.Name }}
      containers:
      - env:
        {{- range (.Values.env).grpc }}
@@ -113,6 +113,17 @@ spec:
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 5
+        {{- if .Values.enableLivenessProbe }}
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /actuator/health/liveness
+            port: 8081
+            scheme: HTTP
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 3
+        {{- end }}
        resources:
        {{- with .Values.resources }}
 {{ toYaml . | indent 10 }}
@@ -128,6 +139,10 @@ spec:
          {{- with (.Values.securityContext).runAsGroup }}
          runAsGroup: {{ . }}
          {{- end }}
+          {{- with (.Values.securityContext).capabilities }}
+          capabilities:
+{{ toYaml . | indent 12 }}
+          {{- end }}
        stdin: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
@@ -144,7 +159,7 @@ spec:
      {{- if .Values.imagePullSecret }}
      - name: {{ .Values.imagePullSecret }}
      {{ else }}
-      - name: {{ include "app.name" . }}-image-pull-secret
+      - name: {{ .Release.Name }}-image-pull-secret
      {{- end }}
      restartPolicy: Always
      {{- with .Values.hostAliases }}
@@ -152,5 +167,8 @@ spec:
 {{ toYaml . | indent 8 }}
      {{- end }}
      schedulerName: default-scheduler
-      securityContext: {}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
      terminationGracePeriodSeconds: 30
\ No newline at end of file
--- a/src/main/helm/templates/image-pull-secret.yaml
+++ b/src/main/helm/templates/image-pull-secret.yaml
@@ -26,7 +26,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "app.name" . }}-image-pull-secret
+  name: {{ .Release.Name }}-image-pull-secret
  namespace: {{ include "app.namespace" . }}
 type: kubernetes.io/dockerconfigjson
 data:

--- a/src/main/helm/templates/ingress.yaml
+++ b/src/main/helm/templates/ingress.yaml
@@ -27,20 +27,20 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    {{- if (.Values.ingress).certManagerAnnotations -}}
-    {{- range (.Values.ingress).certManagerAnnotations }}
-{{ . | indent 4 }}
+    {{- with (.Values.ingress).annotations }}
+{{ toYaml . | indent 4 }}
    {{- end }}
-    {{- else if (.Values.ingress).use_staging_cert }}
+    {{- if not (.Values.ingress).disableDefaultCertManager }}
+    {{- if (.Values.ingress).use_staging_cert }}
    cert-manager.io/cluster-issuer: letsencrypt-staging
    {{- else }}
    cert-manager.io/cluster-issuer: letsencrypt-prod
    {{- end }}
-    nginx.ingress.kubernetes.io/proxy-body-size: 42m
-  name: {{ include "app.name" . }}
+    {{- end }}
+  name: {{ .Release.Name }}
  namespace: {{ include "app.namespace" . }}
 spec:
-  {{- if and (.Values.ingress).className (ne (.Values).cluster_env "dataport") }}
+  {{- if and (.Values.ingress).className }}
  ingressClassName: {{ .Values.ingress.className }}
  {{- end }}
  rules:
@@ -50,16 +50,18 @@ spec:
              service:
                port:
                  number: 8080
-                name: {{ include "app.name" . }}
+                name: {{ .Release.Name }}
            path: ''
            pathType: ImplementationSpecific
      host: {{ include "app.ingress.host" . }}
  tls:
    - hosts:
      - {{ include "app.ingress.host" . }}
+      {{- if not (.Values.ingress).skipTlsSecret -}}
      {{- if (.Values.ingress).tlsSecretName }}
      secretName: {{ (.Values.ingress).tlsSecretName }}
-      {{- else if ne (.Values).cluster_env "dataport" }}
-      secretName: {{ .Values.ozgcloud.bezeichner }}-{{ include "app.name" . }}-tls
+      {{- else }}
+      secretName: {{ .Values.ozgcloud.bezeichner }}-{{ .Release.Name }}-tls
+      {{- end }}
      {{- end }}
 {{- end -}}
\ No newline at end of file
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -26,7 +26,7 @@
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: network-policy-{{ include "app.name" .}}
+  name: network-policy-{{ .Release.Name}}
  namespace: {{ .Release.Namespace }} 
 spec:
  podSelector:

--- a/src/main/helm/templates/service.yaml
+++ b/src/main/helm/templates/service.yaml
@@ -25,7 +25,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "app.name" . }}
+  name: {{ .Release.Name }}
  namespace: {{ include "app.namespace" . }}
  labels:
    {{- include "app.defaultLabels" . | indent 4 }}

--- a/src/main/helm/templates/service_monitor.yaml
+++ b/src/main/helm/templates/service_monitor.yaml
@@ -25,7 +25,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ include "app.name" . }}
+  name: {{ .Release.Name }}
  namespace: {{ include "app.namespace" . }}
  labels:
    {{- include "app.defaultLabels" . | indent 4 }}

--- a/src/main/helm/templates/tests/test-ingress-connection.yaml
+++ b/src/main/helm/templates/tests/test-ingress-connection.yaml
@@ -25,7 +25,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{ include "app.name" . }}-test-ingress"
+  name: "{{ .Release.Name }}-test-ingress"
  labels:
    {{- include "app.matchLabels" . | nindent 4 }}
  annotations:

--- a/src/main/helm/templates/tests/test-service-connection.yaml
+++ b/src/main/helm/templates/tests/test-service-connection.yaml
@@ -25,7 +25,7 @@
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{ include "app.name" . }}-test-connection"
+  name: "{{ .Release.Name }}-test-connection"
  labels:
    {{- include "app.matchLabels" . | nindent 4 }}
  annotations:
@@ -35,5 +35,5 @@ spec:
    - name: wget
      image: busybox
      command: ['wget']
-      args: ['{{ include "app.name" . }}:8080/ws/intelliform_formDatas.wsdl']
+      args: ['{{ .Release.Name }}:8080/ws/intelliform_formDatas.wsdl']
  restartPolicy: Never
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -22,8 +22,6 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #

-cluster_env: ""
-
 baseUrl: test.sh.ozg-cloud.de

 image:

--- a/src/test/helm/deployment_63_chars_test.yaml
+++ b/src/test/helm/deployment_63_chars_test.yaml
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deyploment less than 63 chars
+release:
+  name: eingang-manager
+  namespace: sh-helm-test
+  
+chart:
+  name: eingang-manager
+set:
+  ozgcloud.environment: test
+templates:
+  - templates/deployment.yaml
+
+tests:
+  - it: should fail on .Release.Namespace length longer than 63 characters
+    release:
+      namespace: test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890
+    asserts:
+      - failedTemplate:
+          errorMessage: .Release.Namespace test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890 ist zu lang (max. 63 Zeichen)
+  - it: should not fail on .Release.Namespace length less than 63 characters
+    asserts:
+      - notFailedTemplate: {}
+  - it: should fail on .Chart.Name-.Chart.Version length longer than 63 characters
+    chart:
+      version: 1.0-test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890
+    asserts:
+      - failedTemplate:
+          errorMessage: .Chart.Name-.Chart.Version Intelliform-Adapter-1.0-test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890 ist zu lang (max. 63 Zeichen)
+  - it: should not fail on .Chart.Name-.Chart.Version length less than 63 characters
+    asserts:
+      - notFailedTemplate: {}
\ No newline at end of file
--- a/src/test/helm/deployment_bindings_test.yaml
+++ b/src/test/helm/deployment_bindings_test.yaml
@@ -25,6 +25,8 @@
 suite: deployment bindings
 templates:
  - templates/deployment.yaml
+set:
+  ozgcloud.environment: test
 tests:
  - it: should have temp-dir volume
    asserts:

--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -28,6 +28,8 @@ release:
  namespace: sh-helm-test
 templates:
  - templates/deployment.yaml
+set:
+  ozgcloud.environment: test
 tests:
  - it: check default values
    asserts:
@@ -49,6 +51,10 @@ tests:
          path: spec.template.spec.containers[0].securityContext.runAsUser
      - isNull:
          path: spec.template.spec.containers[0].securityContext.runAsGroup
+      - isNull:
+          path: spec.template.spec.securityContext.fsGroup
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext.capabilities
  - it: check runAsUser
    set:
      securityContext.runAsUser: 1000
@@ -63,3 +69,22 @@ tests:
      - equal:
          path: spec.template.spec.containers[0].securityContext.runAsGroup
          value: 1000
+  - it: check fsGroup
+    set:
+      podSecurityContext.fsGroup: 1000
+    asserts:
+      - equal:
+          path: spec.template.spec.securityContext.fsGroup
+          value: 1000
+  - it: check capabilities
+    set:
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.capabilities
+          value:
+            drop:
+              - ALL
\ No newline at end of file
--- a/src/test/helm/deployment_defaults_labels_test.yaml
+++ b/src/test/helm/deployment_defaults_labels_test.yaml
@@ -30,6 +30,8 @@ templates:
  - templates/deployment.yaml
  - templates/service_monitor.yaml
  - templates/service.yaml
+set:
+  ozgcloud.environment: test
 tests:
  - it: check default labels
    asserts:

--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -25,6 +25,8 @@
 suite: test environments
 templates:
  - templates/deployment.yaml
+set:
+  ozgcloud.environment: test
 tests:
  - it: check customList
    template: deployment.yaml
@@ -39,8 +41,6 @@ tests:
            name: my_test_environment_name
            value: "A test value"
  - it: check customList test value is not set by default
-    set:
-      ozgcloud.environment: test
    template: deployment.yaml
    asserts:
      - notContains:

--- a/src/test/helm/deployment_host_aliases_test.yaml
+++ b/src/test/helm/deployment_host_aliases_test.yaml
@@ -28,6 +28,9 @@ release:
  namespace: sh-helm-test
 templates:
  - templates/deployment.yaml
+
+set:
+  ozgcloud.environment: test
 tests:
  - it: should not set hostAliases
    asserts:

--- a/src/test/helm/deployment_imagepull_secret_test.yaml
+++ b/src/test/helm/deployment_imagepull_secret_test.yaml
@@ -28,6 +28,8 @@ release:
  namespace: sh-helm-test
 templates:
  - templates/deployment.yaml
+set:
+  ozgcloud.environment: test
 tests:
  - it: should use default imagePull secret
    asserts: