Merge pull request 'OZG-3328 cleanup and add helm unittests;OZG-5115 update...

Merge pull request 'OZG-3328 cleanup and add helm unittests;OZG-5115 update helm unittest command' (#109) from OZG__3328 into master

run_helm_test.sh

@@ -5,4 +5,4 @@ set -x
 
 helm template  ./src/main/helm/ -f src/test/linter-values.yaml
 helm lint -f src/test/linter-values.yaml ./src/main/helm/
-cd src/main/helm && helm unittest -f '../../test/helm/*.yaml' .
+cd src/main/helm && helm unittest -f '../../test/helm/**/*.yaml' .
\ No newline at end of file

src/main/helm/templates/_helpers.tpl

@@ -41,12 +41,6 @@ app.kubernetes.io/name: {{ .Release.Name }}
 app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- end -}}
 
-{{- define "app.imagePullSecret" }}
-{{- with .Values.imageCredentials }}
-{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
-{{- end }}
-{{- end }}
-
 {{- define "app.cronjobScheduler" }}
 {{- printf "%d %d * * *" (div (randNumeric 2) 2) (div (randNumeric 1) 2) -}}
 {{- end -}}

src/main/helm/templates/deployment.yaml

@@ -66,7 +66,7 @@ spec:
               name: {{ include "app.databaseSecretName" . }}
               key: connectionString.standardSrv
               optional: false
-        {{- if not (.Values.sso).api_user }}
+        {{- if not (.Values.sso).api_user }} # used by dataport
         - name: OZGCLOUD_KEYCLOAK_API_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -226,11 +226,7 @@ spec:
       dnsConfig: {}
       dnsPolicy: ClusterFirst
       imagePullSecrets:
-      {{- if .Values.imagePullSecret }}
-      - name: {{ .Values.imagePullSecret }}
-      {{ else }}
-      - name: user-manager-image-pull-secret
-      {{- end }}
+      - name: {{ required "imagePullSecret must be set" .Values.imagePullSecret }}
       restartPolicy: Always
       {{- with .Values.hostAliases }}
       hostAliases:

src/main/helm/templates/image-pull-secret.yaml

-#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
-# Ministerpräsidenten des Landes Schleswig-Holstein
-# Staatskanzlei
-# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
-#
-# Lizenziert unter der EUPL, Version 1.2 oder - sobald
-# diese von der Europäischen Kommission genehmigt wurden -
-# Folgeversionen der EUPL ("Lizenz");
-# Sie dürfen dieses Werk ausschließlich gemäß
-# dieser Lizenz nutzen.
-# Eine Kopie der Lizenz finden Sie hier:
-#
-# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
-#
-# Sofern nicht durch anwendbare Rechtsvorschriften
-# gefordert oder in schriftlicher Form vereinbart, wird
-# die unter der Lizenz verbreitete Software "so wie sie
-# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
-# ausdrücklich oder stillschweigend - verbreitet.
-# Die sprachspezifischen Genehmigungen und Beschränkungen
-# unter der Lizenz sind dem Lizenztext zu entnehmen.
-#
-
-{{- if not (.Values.imagePullSecret) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: user-manager-image-pull-secret
-  namespace: {{ include "app.namespace" . }}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ include "app.imagePullSecret" . }}
-{{- end }}
\ No newline at end of file

src/test/helm/api-password-secret_test.yaml → src/test/helm/api_password_secret_test.yaml

@@ -3,7 +3,7 @@ release:
   name: user-manager
   namespace: sh-test-test
 templates:
-  - templates/api-password-secret.yaml
+  - templates/api_password_secret.yaml
 set:
   ozgcloud:
     keycloak:
@@ -14,12 +14,14 @@ tests:
     asserts:
       - isKind:
           of: Secret
+      - isAPIVersion:
+          of: v1
   - it: test api password 
     asserts:
       - equal:
           path: stringData.password
           value: testPassword
-  - it: should use Keycloak User Operator
+  - it: not create api_password_secret if kc api.password not set and api_user set
     set:
       sso:
         api_user:
@@ -27,3 +29,36 @@ tests:
     asserts:
       - hasDocuments:
           count: 0
+  - it: should not create api_password_secret if kc api.password not set and api_user not set
+    set:
+      sso:
+        api_user:
+          name: ""
+      ozgcloud:
+        keycloak:
+          api: 
+            password: ""
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: should create api_password_secret if kc api.password set and api_user not set
+    set:
+      ozgcloud:
+        keycloak:
+          api: 
+            password: "passwrd"
+    asserts:
+      - hasDocuments:
+          count: 1
+  - it: should not create api_password_secret if kc api.password set and api_user set
+    set:
+      sso:
+        api_user:
+          name: userManagerApiUser
+      ozgcloud:
+        keycloak:
+          api: 
+            password: "passwrd"
+    asserts:
+      - hasDocuments:
+          count: 0
\ No newline at end of file

src/test/helm/cert_issuer_test.yaml

@@ -35,6 +35,8 @@ tests:
           of: cert-manager.io/v1
       - isKind:
           of: Issuer
+      - isAPIVersion:
+          of: cert-manager.io/v1
   - it: should have metadata
     asserts:
       - equal:

src/test/helm/deployment_63_char_test.yaml

@@ -36,7 +36,7 @@ set:
     environment: dev
   sso.serverUrl: https://sso.company.local
   baseUrl: test.company.local
-
+  imagePullSecret: image-pull-secret
 tests:
   - it: should fail on .Release.Namespace length longer than 63 characters
     release:

src/test/helm/deployment_container_security_context_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment container security
 release:
   name: user-manager
   namespace: sh-helm-test
@@ -35,11 +35,10 @@ set:
     environment: dev
   sso.serverUrl: https://sso.company.local
   baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
 tests:
   - it: check default values
     asserts:
-      - isKind:
-          of: Deployment
       - equal:
           path: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation
           value: false

src/test/helm/deployment_default_spec_test.yaml

+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment actuator
+release:
+  name: user-manager
+  namespace: sh-helm-test
+templates:
+  - templates/deployment.yaml
+set:
+  ozgcloud:
+    bezeichner: helm
+    bundesland: by
+    environment: dev
+  baseUrl: test.sh.ozg-cloud.de
+  sso:
+    serverUrl: sso.test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
+tests:
+  - it: check for some standard values
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: docker.ozg-sh.de/user-manager:latest
+      - equal:
+          path: spec.template.spec.containers[0].imagePullPolicy
+          value: Always
+      - equal:
+          path: spec.template.spec.containers[0].name
+          value: user-manager
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 9000
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].name
+          value: grpc-9000
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].protocol
+          value: TCP
+      - equal:
+          path: spec.template.spec.containers[0].stdin
+          value: true
+      - equal:
+          path: spec.template.spec.containers[0].terminationMessagePath
+          value: /dev/termination-log
+      - equal:
+          path: spec.template.spec.containers[0].terminationMessagePolicy
+          value: File
+      - equal:
+          path: spec.template.spec.containers[0].tty
+          value: true
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].containerPort
+          value: 8080
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].name
+          value: http
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].protocol
+          value: TCP
+  - it: should have correct pod template values
+    asserts:
+      - isEmpty:
+          path: spec.template.spec.dnsConfig
+      - equal:
+          path: spec.template.spec.dnsPolicy
+          value: "ClusterFirst"
+      - equal:
+          path: spec.template.spec.restartPolicy
+          value: "Always"
+      - equal:
+          path: spec.template.spec.schedulerName
+          value: "default-scheduler"
+      - equal:
+          path: spec.template.spec.terminationGracePeriodSeconds
+          value: 30
\ No newline at end of file

src/test/helm/deployment_defaults_labels_test.yaml

@@ -22,14 +22,12 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment default lables
 release:
   name: user-manager
   namespace: sh-helm-test
 templates:
   - templates/deployment.yaml
-  - templates/service.yaml
-  - templates/service_monitor.yaml
 set:
   ozgcloud:
     bundesland: by
@@ -38,6 +36,7 @@ set:
   sso:
     serverUrl: https://sso.company.local
   baseUrl: test.sh.ozg-cloud.local
+  imagePullSecret: image-pull-secret
 tests:
   - it: check default labels
     asserts:
@@ -54,26 +53,10 @@ tests:
           path: metadata.labels["app.kubernetes.io/namespace"]
           value: sh-helm-test
   - it: check component label for deployment
-    templates:
-      - templates/deployment.yaml
     asserts:
       - equal:
           path: spec.template.metadata.labels["component"]
           value: user-manager
-  - it: check component label for service
-    templates:
-      - templates/service.yaml
-    asserts:
-      - equal:
-          path: metadata.labels["component"]
-          value: user-manager-service
-  - it: check component label for service monitor
-    templates:
-      - templates/service_monitor.yaml
-    asserts:
-      - equal:
-          path: metadata.labels["component"]
-          value: user-manager-service-monitor
 
   - it: should have label for mongodb client
     asserts:

src/test/helm/deployment_scrapeMetrics_test.yaml → src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml

@@ -22,29 +22,33 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment topology
 release:
   name: user-manager
   namespace: sh-helm-test
 templates:
   - templates/deployment.yaml
-  - templates/secret_database_quarkus.yaml
 set:
   ozgcloud:
-    bundesland: by
     bezeichner: helm
+    bundesland: by
     environment: dev
+  baseUrl: test.sh.ozg-cloud.de
   sso:
     serverUrl: sso.test.sh.ozg-cloud.de
-  baseUrl: test.sh.ozg-cloud.de
-
+  imagePullSecret: image-pull-secret
 tests:
-  - it: should set the metrics port by default
-    template: deployment.yaml
+  - it: check default values
     asserts:
-      - contains:
-          path: spec.template.spec.containers[0].ports
-          content:
-            name: http
-            containerPort: 8080
-            protocol: TCP
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].maxSkew
+          value: 1
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].topologyKey
+          value: kubernetes.io/hostname
\ No newline at end of file
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].whenUnsatisfiable
+          value: ScheduleAnyway
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].labelSelector.matchLabels["app.kubernetes.io/name"]
+          value: user-manager
\ No newline at end of file

src/test/helm/deployment_env_test.yaml

@@ -33,9 +33,9 @@ set:
   sso:
     serverUrl: sso.test.sh.ozg-cloud.de
   baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
   - it: check customList
-    template: deployment.yaml
     set:
       env.customList:
         - name: my_test_environment_name
@@ -47,7 +47,6 @@ tests:
             name: my_test_environment_name
             value: "A test value"
   - it: check customList test value is not set by default
-    template: deployment.yaml
     asserts:
       - notContains:
           path: spec.template.spec.containers[0].env
@@ -80,9 +79,6 @@ tests:
   - it: check user sync period set
     set:
       ozgcloud:
-        bundesland: by
-        bezeichner: helm
-        environment: dev  
         usersync:
           period: "6h"
     asserts:
@@ -91,6 +87,12 @@ tests:
           content:
             name: OZGCLOUD_USERSYNC_PERIOD
             value: "6h"
+  - it: not contain sync period by default
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: OZGCLOUD_USERSYNC_PERIOD
   - it: check user sync period NOT set
     asserts:
       - notContains:

src/test/helm/deployment_host_aliases_test.yaml

@@ -36,6 +36,7 @@ set:
   sso:
     serverUrl: sso.test.sh.ozg-cloud.de
   baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
   - it: should not set hostAliases
     asserts:

src/test/helm/deployment_imagepull_secret_test.yaml

@@ -36,20 +36,16 @@ set:
   sso:
     serverUrl: sso.test.sh.ozg-cloud.de
   baseUrl: test.sh.ozg-cloud.de
+  
 tests:
-  - it: should use default imagePull secret
-    asserts:
-      - isKind:
-          of: Deployment
-      - equal:
-          path: spec.template.spec.imagePullSecrets[0].name
-          value: user-manager-image-pull-secret
   - it: should set the imagePull secret
     set: 
       imagePullSecret: image-pull-secret
     asserts:
-      - isKind:
-          of: Deployment
       - equal:
           path: spec.template.spec.imagePullSecrets[0].name
           value: image-pull-secret
+  - it: should fail if the imagePull secret not set
+    asserts:
+      - failedTemplate:
+            errorMessage: imagePullSecret must be set
\ No newline at end of file

src/test/helm/deployment-keycloak-values-test.yaml → src/test/helm/deployment_keycloak_values_env_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment kc values
 release:
   name: user-manager
 templates:
@@ -35,6 +35,7 @@ set:
   sso:
     serverUrl: https://sso.test.by.ozg-cloud.local
   baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
 tests:
   - it: validate keycloak configuration values
     asserts:
@@ -113,7 +114,17 @@ tests:
           content: 
             name: KEYCLOAK_URL
             value: https://sso.test.by.ozg-cloud.de
-
+  - it: should use set OZGCLOUD_KEYCLOAK_API_PASSWORD when api_user set
+    set:
+      sso:
+        api_user:
+          name: -userManager-ApiUser
+        serverUrl: https://sso.company.local
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content: 
+            name: OZGCLOUD_KEYCLOAK_API_PASSWORD
   - it: should use Keycloak User Operator
     set:
       sso:

src/test/helm/deployment-mongodb-passwort-secretref-test.yaml → src/test/helm/deployment_mongodb_passwort_secretref_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment mongodb psw secretref
 release:
   name: user-manager
 templates:
@@ -34,11 +34,11 @@ set:
     environment: dev
   sso.serverUrl: https://sso.company.local
   baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
 tests:
   - it: should reference mongodb connection service for user-manager
     set:
       database.secretName: pluto-database-admin-user-manager-database-user
-    template: deployment.yaml
     release:
       namespace: sh-helm-test
     asserts:
@@ -52,7 +52,6 @@ tests:
                 name: pluto-database-admin-user-manager-database-user
                 optional: false
   - it: check default mongodb connection service for user-manager
-    template: deployment.yaml
     release:
       namespace: sh-helm-test
     asserts:

src/test/helm/deployment_optional_trust_store_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test environments
+suite: test environments trust store
 templates:
   - templates/deployment.yaml
 set:
@@ -33,6 +33,7 @@ set:
   sso:
     serverUrl: sso.test.sh.ozg-cloud.de
   baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
   - it: check without truststore
     asserts:

src/test/helm/deployment_probes_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: deployment
+suite: deployment health test
 release:
   name: user-manager
   namespace: by-helm-test
@@ -36,15 +36,14 @@ set:
   sso:
     serverUrl: https://sso.company.local
   baseUrl: test.by.company.local
+  imagePullSecret: image-pull-secret
 tests:
   - it: livenessProbe should be disabled by default
-    template: deployment.yaml
     asserts:
       - notExists:
           path: spec.template.spec.containers[0].livenessProbe
 
   - it: enable livenessProbe
-    template: deployment.yaml
     set:
       enableLivenessProbe: true
     asserts:
@@ -60,9 +59,12 @@ tests:
             periodSeconds: 5
             successThreshold: 1
             timeoutSeconds: 5
+  - it: not enable livenessProbe by default
+    asserts:
+      - isNull:
+          path: spec.template.spec.containers[0].livenessProbe
 
   - it: should have readiness probe
-    template: deployment.yaml
     asserts:
       - isSubset:
           path: spec.template.spec.containers[0].readinessProbe
@@ -77,7 +79,6 @@ tests:
             timeoutSeconds: 3
 
   - it: should have startup probe
-    template: deployment.yaml
     asserts:
       - isSubset:
           path: spec.template.spec.containers[0].startupProbe