OZG-3328 make imagepullsecret required

ada01fcd · OZGCloud · f927d83e · ada01fcd · ada01fcd · f927d83e
Commit ada01fcd authored 1 year ago by OZGCloud
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -41,12 +41,6 @@ app.kubernetes.io/name: {{ .Release.Name }}
 app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- end -}}

-{{- define "app.imagePullSecret" }}
-{{- with .Values.imageCredentials }}
-{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
-{{- end }}
-{{- end }}
-
 {{- define "app.cronjobScheduler" }}
 {{- printf "%d %d * * *" (div (randNumeric 2) 2) (div (randNumeric 1) 2) -}}
 {{- end -}}

--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -226,11 +226,7 @@ spec:
      dnsConfig: {}
      dnsPolicy: ClusterFirst
      imagePullSecrets:
-      {{- if .Values.imagePullSecret }}
-      - name: {{ .Values.imagePullSecret }}
-      {{ else }}
-      - name: user-manager-image-pull-secret
-      {{- end }}
+      - name: {{ required "imagePullSecret must be set" .Values.imagePullSecret }}
      restartPolicy: Always
      {{- with .Values.hostAliases }}
      hostAliases:

--- a/src/main/helm/templates/image_pull_secret.yaml
+++ b/src/main/helm/templates/image_pull_secret.yaml
-#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
-# Ministerpräsidenten des Landes Schleswig-Holstein
-# Staatskanzlei
-# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
-#
-# Lizenziert unter der EUPL, Version 1.2 oder - sobald
-# diese von der Europäischen Kommission genehmigt wurden -
-# Folgeversionen der EUPL ("Lizenz");
-# Sie dürfen dieses Werk ausschließlich gemäß
-# dieser Lizenz nutzen.
-# Eine Kopie der Lizenz finden Sie hier:
-#
-# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
-#
-# Sofern nicht durch anwendbare Rechtsvorschriften
-# gefordert oder in schriftlicher Form vereinbart, wird
-# die unter der Lizenz verbreitete Software "so wie sie
-# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
-# ausdrücklich oder stillschweigend - verbreitet.
-# Die sprachspezifischen Genehmigungen und Beschränkungen
-# unter der Lizenz sind dem Lizenztext zu entnehmen.
-#
-
-{{- if not (.Values.imagePullSecret) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: user-manager-image-pull-secret
-  namespace: {{ include "app.namespace" . }}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ include "app.imagePullSecret" . }}
-{{- end }}
\ No newline at end of file
--- a/src/test/helm/deployment_63_char_test.yaml
+++ b/src/test/helm/deployment_63_char_test.yaml
@@ -36,7 +36,7 @@ set:
    environment: dev
  sso.serverUrl: https://sso.company.local
  baseUrl: test.company.local
-
+  imagePullSecret: image-pull-secret
 tests:
  - it: should fail on .Release.Namespace length longer than 63 characters
    release:

--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -35,6 +35,7 @@ set:
    environment: dev
  sso.serverUrl: https://sso.company.local
  baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
 tests:
  - it: check default values
    asserts:

--- a/src/test/helm/deployment_default_spec_test.yaml
+++ b/src/test/helm/deployment_default_spec_test.yaml
@@ -36,6 +36,7 @@ set:
  baseUrl: test.sh.ozg-cloud.de
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: check for some standard values
    asserts:

--- a/src/test/helm/deployment_defaults_labels_test.yaml
+++ b/src/test/helm/deployment_defaults_labels_test.yaml
@@ -36,6 +36,7 @@ set:
  sso:
    serverUrl: https://sso.company.local
  baseUrl: test.sh.ozg-cloud.local
+  imagePullSecret: image-pull-secret
 tests:
  - it: check default labels
    asserts:

--- a/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
+++ b/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
@@ -36,6 +36,7 @@ set:
  baseUrl: test.sh.ozg-cloud.de
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: check default values
    asserts:

--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -33,6 +33,7 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: check customList
    set:

--- a/src/test/helm/deployment_host_aliases_test.yaml
+++ b/src/test/helm/deployment_host_aliases_test.yaml
@@ -36,6 +36,7 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: should not set hostAliases
    asserts:

--- a/src/test/helm/deployment_imagepull_secret_test.yaml
+++ b/src/test/helm/deployment_imagepull_secret_test.yaml
@@ -36,16 +36,16 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  
 tests:
-  - it: should use default imagePull secret
-    asserts:
-      - equal:
-          path: spec.template.spec.imagePullSecrets[0].name
-          value: user-manager-image-pull-secret
  - it: should set the imagePull secret
-    set:
+    set: 
      imagePullSecret: image-pull-secret
    asserts:
      - equal:
          path: spec.template.spec.imagePullSecrets[0].name
-          value: image-pull-secret
\ No newline at end of file
+          value: image-pull-secret
+  - it: should fail if the imagePull secret not set
+    asserts:
+      - failedTemplate:
+            errorMessage: imagePullSecret must be set
\ No newline at end of file
--- a/src/test/helm/deployment_keycloak_values_test.yaml
+++ b/src/test/helm/deployment_keycloak_values_test.yaml
@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #

-suite: test deployment
+suite: test deployment kc values
 release:
  name: user-manager
 templates:
@@ -35,6 +35,7 @@ set:
  sso:
    serverUrl: https://sso.test.by.ozg-cloud.local
  baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
 tests:
  - it: validate keycloak configuration values
    asserts:

--- a/src/test/helm/deployment_mongodb_passwort_secretref_test.yaml
+++ b/src/test/helm/deployment_mongodb_passwort_secretref_test.yaml
@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #

-suite: test deployment
+suite: test deployment mongodb psw secretref
 release:
  name: user-manager
 templates:
@@ -34,11 +34,11 @@ set:
    environment: dev
  sso.serverUrl: https://sso.company.local
  baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
 tests:
  - it: should reference mongodb connection service for user-manager
    set:
      database.secretName: pluto-database-admin-user-manager-database-user
-    template: deployment.yaml
    release:
      namespace: sh-helm-test
    asserts:
@@ -52,7 +52,6 @@ tests:
                name: pluto-database-admin-user-manager-database-user
                optional: false
  - it: check default mongodb connection service for user-manager
-    template: deployment.yaml
    release:
      namespace: sh-helm-test
    asserts:

--- a/src/test/helm/deployment_optional_trust_store_test.yaml
+++ b/src/test/helm/deployment_optional_trust_store_test.yaml
@@ -33,6 +33,7 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: check without truststore
    asserts:

--- a/src/test/helm/deployment_probes_test.yaml
+++ b/src/test/helm/deployment_probes_test.yaml
@@ -36,6 +36,7 @@ set:
  sso:
    serverUrl: https://sso.company.local
  baseUrl: test.by.company.local
+  imagePullSecret: image-pull-secret
 tests:
  - it: livenessProbe should be disabled by default
    asserts:

--- a/src/test/helm/deployment_resources_test.yaml
+++ b/src/test/helm/deployment_resources_test.yaml
@@ -35,6 +35,7 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: test resources
    set:

--- a/src/test/helm/deployment_service_account_test.yaml
+++ b/src/test/helm/deployment_service_account_test.yaml
@@ -36,6 +36,7 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret

 tests:
  - it: should use service account with default name

--- a/src/test/helm/deployment_url_value_test.yaml
+++ b/src/test/helm/deployment_url_value_test.yaml
@@ -34,9 +34,9 @@ set:
    environment: dev
  sso.serverUrl: https://sso.company.local
  baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
 tests:
  - it: validate keycloak configuration values
-    template: deployment.yaml
    release:
      namespace: sh-name-dev
    asserts:
@@ -47,7 +47,6 @@ tests:
            value: https://helm-user-manager.test.company.local

  - it: set baseDomain for ozgcloud_user_manager_url
-    template: deployment.yaml
    set:
      baseDomain: helm-usm.test.company.local
    asserts:

--- a/src/test/helm/deplyoment_cert_bindings_test.yaml
+++ b/src/test/helm/deplyoment_cert_bindings_test.yaml
@@ -36,6 +36,7 @@ set:
  baseUrl: test.sh.ozg-cloud.de
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: should mount volumes for user-manager root ca
    asserts:

--- a/src/test/helm/deyploment_general_value_and_default_spec_test.yaml
+++ b/src/test/helm/deyploment_general_value_and_default_spec_test.yaml
@@ -36,6 +36,7 @@ set:
  baseUrl: test.sh.ozg-cloud.de
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret

 tests:
  - it: should have correct apiVersion