From ada01fcd7e91f8acf0e0bb4be0d11e0ecd9eeb58 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Wed, 10 Apr 2024 12:58:44 +0200
Subject: [PATCH] OZG-3328 make imagepullsecret required
---
src/main/helm/templates/_helpers.tpl | 6 --
src/main/helm/templates/deployment.yaml | 6 +-
.../helm/templates/image_pull_secret.yaml | 34 -----------
src/test/helm/deployment_63_char_test.yaml | 2 +-
...yment_container_security_context_test.yaml | 1 +
.../helm/deployment_default_spec_test.yaml | 1 +
.../helm/deployment_defaults_labels_test.yaml | 1 +
...faults_topologySpreadConstraints_test.yaml | 1 +
src/test/helm/deployment_env_test.yaml | 1 +
.../helm/deployment_host_aliases_test.yaml | 1 +
.../deployment_imagepull_secret_test.yaml | 14 ++---
... deployment_keycloak_values_env_test.yaml} | 3 +-
...yment_mongodb_passwort_secretref_test.yaml | 5 +-
.../deployment_optional_trust_store_test.yaml | 1 +
src/test/helm/deployment_probes_test.yaml | 1 +
src/test/helm/deployment_resources_test.yaml | 1 +
.../helm/deployment_service_account_test.yaml | 1 +
src/test/helm/deployment_url_value_test.yaml | 3 +-
.../helm/deplyoment_cert_bindings_test.yaml | 1 +
...t_general_value_and_default_spec_test.yaml | 1 +
src/test/helm/imagepull_secret_test.yaml | 59 -------------------
src/test/linter-values.yaml | 2 +-
22 files changed, 27 insertions(+), 119 deletions(-)
delete mode 100644 src/main/helm/templates/image_pull_secret.yaml
rename src/test/helm/{deployment_keycloak_values_test.yaml => deployment_keycloak_values_env_test.yaml} (98%)
delete mode 100644 src/test/helm/imagepull_secret_test.yaml
diff --git a/src/main/helm/templates/_helpers.tpl b/src/main/helm/templates/_helpers.tpl
index 9d24fd8e..bbb79882 100644
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -41,12 +41,6 @@ app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/namespace: {{ include "app.namespace" . }}
{{- end -}}
-{{- define "app.imagePullSecret" }}
-{{- with .Values.imageCredentials }}
-{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
-{{- end }}
-{{- end }}
-
{{- define "app.cronjobScheduler" }}
{{- printf "%d %d * * *" (div (randNumeric 2) 2) (div (randNumeric 1) 2) -}}
{{- end -}}
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index a602dfe7..66262635 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -226,11 +226,7 @@ spec:
dnsConfig: {}
dnsPolicy: ClusterFirst
imagePullSecrets:
- {{- if .Values.imagePullSecret }}
- - name: {{ .Values.imagePullSecret }}
- {{ else }}
- - name: user-manager-image-pull-secret
- {{- end }}
+ - name: {{ required "imagePullSecret must be set" .Values.imagePullSecret }}
restartPolicy: Always
{{- with .Values.hostAliases }}
hostAliases:
diff --git a/src/main/helm/templates/image_pull_secret.yaml b/src/main/helm/templates/image_pull_secret.yaml
deleted file mode 100644
index 02be1463..00000000
--- a/src/main/helm/templates/image_pull_secret.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
-# Ministerpräsidenten des Landes Schleswig-Holstein
-# Staatskanzlei
-# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
-#
-# Lizenziert unter der EUPL, Version 1.2 oder - sobald
-# diese von der Europäischen Kommission genehmigt wurden -
-# Folgeversionen der EUPL ("Lizenz");
-# Sie dürfen dieses Werk ausschließlich gemäß
-# dieser Lizenz nutzen.
-# Eine Kopie der Lizenz finden Sie hier:
-#
-# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
-#
-# Sofern nicht durch anwendbare Rechtsvorschriften
-# gefordert oder in schriftlicher Form vereinbart, wird
-# die unter der Lizenz verbreitete Software "so wie sie
-# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
-# ausdrücklich oder stillschweigend - verbreitet.
-# Die sprachspezifischen Genehmigungen und Beschränkungen
-# unter der Lizenz sind dem Lizenztext zu entnehmen.
-#
-
-{{- if not (.Values.imagePullSecret) }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: user-manager-image-pull-secret
- namespace: {{ include "app.namespace" . }}
-type: kubernetes.io/dockerconfigjson
-data:
- .dockerconfigjson: {{ include "app.imagePullSecret" . }}
-{{- end }}
\ No newline at end of file
diff --git a/src/test/helm/deployment_63_char_test.yaml b/src/test/helm/deployment_63_char_test.yaml
index e6a14d3a..5c5d86b1 100644
--- a/src/test/helm/deployment_63_char_test.yaml
+++ b/src/test/helm/deployment_63_char_test.yaml
@@ -36,7 +36,7 @@ set:
environment: dev
sso.serverUrl: https://sso.company.local
baseUrl: test.company.local
-
+ imagePullSecret: image-pull-secret
tests:
- it: should fail on .Release.Namespace length longer than 63 characters
release:
diff --git a/src/test/helm/deployment_container_security_context_test.yaml b/src/test/helm/deployment_container_security_context_test.yaml
index 205e5aac..5d501b02 100644
--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -35,6 +35,7 @@ set:
environment: dev
sso.serverUrl: https://sso.company.local
baseUrl: test.company.local
+ imagePullSecret: image-pull-secret
tests:
- it: check default values
asserts:
diff --git a/src/test/helm/deployment_default_spec_test.yaml b/src/test/helm/deployment_default_spec_test.yaml
index 5e2d1726..b06b3382 100644
--- a/src/test/helm/deployment_default_spec_test.yaml
+++ b/src/test/helm/deployment_default_spec_test.yaml
@@ -36,6 +36,7 @@ set:
baseUrl: test.sh.ozg-cloud.de
sso:
serverUrl: sso.test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: check for some standard values
asserts:
diff --git a/src/test/helm/deployment_defaults_labels_test.yaml b/src/test/helm/deployment_defaults_labels_test.yaml
index ea21aa38..5cfcd5a5 100644
--- a/src/test/helm/deployment_defaults_labels_test.yaml
+++ b/src/test/helm/deployment_defaults_labels_test.yaml
@@ -36,6 +36,7 @@ set:
sso:
serverUrl: https://sso.company.local
baseUrl: test.sh.ozg-cloud.local
+ imagePullSecret: image-pull-secret
tests:
- it: check default labels
asserts:
diff --git a/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml b/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
index 1071ef23..a71b7e67 100644
--- a/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
+++ b/src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml
@@ -36,6 +36,7 @@ set:
baseUrl: test.sh.ozg-cloud.de
sso:
serverUrl: sso.test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: check default values
asserts:
diff --git a/src/test/helm/deployment_env_test.yaml b/src/test/helm/deployment_env_test.yaml
index 50bd0bbe..c0acc80b 100644
--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -33,6 +33,7 @@ set:
sso:
serverUrl: sso.test.sh.ozg-cloud.de
baseUrl: test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: check customList
set:
diff --git a/src/test/helm/deployment_host_aliases_test.yaml b/src/test/helm/deployment_host_aliases_test.yaml
index 35a67366..0d704cc7 100644
--- a/src/test/helm/deployment_host_aliases_test.yaml
+++ b/src/test/helm/deployment_host_aliases_test.yaml
@@ -36,6 +36,7 @@ set:
sso:
serverUrl: sso.test.sh.ozg-cloud.de
baseUrl: test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: should not set hostAliases
asserts:
diff --git a/src/test/helm/deployment_imagepull_secret_test.yaml b/src/test/helm/deployment_imagepull_secret_test.yaml
index 557926de..196a5f4d 100644
--- a/src/test/helm/deployment_imagepull_secret_test.yaml
+++ b/src/test/helm/deployment_imagepull_secret_test.yaml
@@ -36,16 +36,16 @@ set:
sso:
serverUrl: sso.test.sh.ozg-cloud.de
baseUrl: test.sh.ozg-cloud.de
+
tests:
- - it: should use default imagePull secret
- asserts:
- - equal:
- path: spec.template.spec.imagePullSecrets[0].name
- value: user-manager-image-pull-secret
- it: should set the imagePull secret
- set:
+ set:
imagePullSecret: image-pull-secret
asserts:
- equal:
path: spec.template.spec.imagePullSecrets[0].name
- value: image-pull-secret
\ No newline at end of file
+ value: image-pull-secret
+ - it: should fail if the imagePull secret not set
+ asserts:
+ - failedTemplate:
+ errorMessage: imagePullSecret must be set
\ No newline at end of file
diff --git a/src/test/helm/deployment_keycloak_values_test.yaml b/src/test/helm/deployment_keycloak_values_env_test.yaml
similarity index 98%
rename from src/test/helm/deployment_keycloak_values_test.yaml
rename to src/test/helm/deployment_keycloak_values_env_test.yaml
index b458a4a1..f9579ff7 100644
--- a/src/test/helm/deployment_keycloak_values_test.yaml
+++ b/src/test/helm/deployment_keycloak_values_env_test.yaml
@@ -22,7 +22,7 @@
# unter der Lizenz sind dem Lizenztext zu entnehmen.
#
-suite: test deployment
+suite: test deployment kc values
release:
name: user-manager
templates:
@@ -35,6 +35,7 @@ set:
sso:
serverUrl: https://sso.test.by.ozg-cloud.local
baseUrl: test.company.local
+ imagePullSecret: image-pull-secret
tests:
- it: validate keycloak configuration values
asserts:
diff --git a/src/test/helm/deployment_mongodb_passwort_secretref_test.yaml b/src/test/helm/deployment_mongodb_passwort_secretref_test.yaml
index 5398f844..b717977c 100644
--- a/src/test/helm/deployment_mongodb_passwort_secretref_test.yaml
+++ b/src/test/helm/deployment_mongodb_passwort_secretref_test.yaml
@@ -22,7 +22,7 @@
# unter der Lizenz sind dem Lizenztext zu entnehmen.
#
-suite: test deployment
+suite: test deployment mongodb psw secretref
release:
name: user-manager
templates:
@@ -34,11 +34,11 @@ set:
environment: dev
sso.serverUrl: https://sso.company.local
baseUrl: test.company.local
+ imagePullSecret: image-pull-secret
tests:
- it: should reference mongodb connection service for user-manager
set:
database.secretName: pluto-database-admin-user-manager-database-user
- template: deployment.yaml
release:
namespace: sh-helm-test
asserts:
@@ -52,7 +52,6 @@ tests:
name: pluto-database-admin-user-manager-database-user
optional: false
- it: check default mongodb connection service for user-manager
- template: deployment.yaml
release:
namespace: sh-helm-test
asserts:
diff --git a/src/test/helm/deployment_optional_trust_store_test.yaml b/src/test/helm/deployment_optional_trust_store_test.yaml
index 6944e3d1..056003a5 100644
--- a/src/test/helm/deployment_optional_trust_store_test.yaml
+++ b/src/test/helm/deployment_optional_trust_store_test.yaml
@@ -33,6 +33,7 @@ set:
sso:
serverUrl: sso.test.sh.ozg-cloud.de
baseUrl: test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: check without truststore
asserts:
diff --git a/src/test/helm/deployment_probes_test.yaml b/src/test/helm/deployment_probes_test.yaml
index 16ea2042..b0b21391 100644
--- a/src/test/helm/deployment_probes_test.yaml
+++ b/src/test/helm/deployment_probes_test.yaml
@@ -36,6 +36,7 @@ set:
sso:
serverUrl: https://sso.company.local
baseUrl: test.by.company.local
+ imagePullSecret: image-pull-secret
tests:
- it: livenessProbe should be disabled by default
asserts:
diff --git a/src/test/helm/deployment_resources_test.yaml b/src/test/helm/deployment_resources_test.yaml
index ca06a606..0cbca6c0 100644
--- a/src/test/helm/deployment_resources_test.yaml
+++ b/src/test/helm/deployment_resources_test.yaml
@@ -35,6 +35,7 @@ set:
sso:
serverUrl: sso.test.sh.ozg-cloud.de
baseUrl: test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: test resources
set:
diff --git a/src/test/helm/deployment_service_account_test.yaml b/src/test/helm/deployment_service_account_test.yaml
index 92b60bc0..75a15ba0 100644
--- a/src/test/helm/deployment_service_account_test.yaml
+++ b/src/test/helm/deployment_service_account_test.yaml
@@ -36,6 +36,7 @@ set:
sso:
serverUrl: sso.test.sh.ozg-cloud.de
baseUrl: test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: should use service account with default name
diff --git a/src/test/helm/deployment_url_value_test.yaml b/src/test/helm/deployment_url_value_test.yaml
index 49a89498..981fe2a4 100644
--- a/src/test/helm/deployment_url_value_test.yaml
+++ b/src/test/helm/deployment_url_value_test.yaml
@@ -34,9 +34,9 @@ set:
environment: dev
sso.serverUrl: https://sso.company.local
baseUrl: test.company.local
+ imagePullSecret: image-pull-secret
tests:
- it: validate keycloak configuration values
- template: deployment.yaml
release:
namespace: sh-name-dev
asserts:
@@ -47,7 +47,6 @@ tests:
value: https://helm-user-manager.test.company.local
- it: set baseDomain for ozgcloud_user_manager_url
- template: deployment.yaml
set:
baseDomain: helm-usm.test.company.local
asserts:
diff --git a/src/test/helm/deplyoment_cert_bindings_test.yaml b/src/test/helm/deplyoment_cert_bindings_test.yaml
index 3fec0d1b..4ac96535 100644
--- a/src/test/helm/deplyoment_cert_bindings_test.yaml
+++ b/src/test/helm/deplyoment_cert_bindings_test.yaml
@@ -36,6 +36,7 @@ set:
baseUrl: test.sh.ozg-cloud.de
sso:
serverUrl: sso.test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: should mount volumes for user-manager root ca
asserts:
diff --git a/src/test/helm/deyploment_general_value_and_default_spec_test.yaml b/src/test/helm/deyploment_general_value_and_default_spec_test.yaml
index 173b04d8..c412536f 100644
--- a/src/test/helm/deyploment_general_value_and_default_spec_test.yaml
+++ b/src/test/helm/deyploment_general_value_and_default_spec_test.yaml
@@ -36,6 +36,7 @@ set:
baseUrl: test.sh.ozg-cloud.de
sso:
serverUrl: sso.test.sh.ozg-cloud.de
+ imagePullSecret: image-pull-secret
tests:
- it: should have correct apiVersion
diff --git a/src/test/helm/imagepull_secret_test.yaml b/src/test/helm/imagepull_secret_test.yaml
deleted file mode 100644
index 80631de8..00000000
--- a/src/test/helm/imagepull_secret_test.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
-# Ministerpräsidenten des Landes Schleswig-Holstein
-# Staatskanzlei
-# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
-#
-# Lizenziert unter der EUPL, Version 1.2 oder - sobald
-# diese von der Europäischen Kommission genehmigt wurden -
-# Folgeversionen der EUPL ("Lizenz");
-# Sie dürfen dieses Werk ausschließlich gemäß
-# dieser Lizenz nutzen.
-# Eine Kopie der Lizenz finden Sie hier:
-#
-# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
-#
-# Sofern nicht durch anwendbare Rechtsvorschriften
-# gefordert oder in schriftlicher Form vereinbart, wird
-# die unter der Lizenz verbreitete Software "so wie sie
-# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
-# ausdrücklich oder stillschweigend - verbreitet.
-# Die sprachspezifischen Genehmigungen und Beschränkungen
-# unter der Lizenz sind dem Lizenztext zu entnehmen.
-#
-
-suite: test image pull secret
-templates:
- - templates/image_pull_secret.yaml
-release:
- name: user-manager
- namespace: helm-test
-tests:
- - it: should match basic data
- set:
- imageCredentials:
- registry: docker.ozg-sh.de
- username: test
- password: test1234
- email: webmaster@ozg-sh.de
- asserts:
- - hasDocuments:
- count: 1
- - containsDocument:
- kind: Secret
- apiVersion: v1
- - equal:
- path: metadata.name
- value: user-manager-image-pull-secret
- - equal:
- path: metadata.namespace
- value: helm-test
- - isNotNullOrEmpty:
- path: data[".dockerconfigjson"]
-
- - it: should not create image pull secret
- set:
- imagePullSecret: "image-pull-secret"
- asserts:
- - hasDocuments:
- count: 0
\ No newline at end of file
diff --git a/src/test/linter-values.yaml b/src/test/linter-values.yaml
index 90be3712..1aa9fbc0 100644
--- a/src/test/linter-values.yaml
+++ b/src/test/linter-values.yaml
@@ -38,4 +38,4 @@ sso:
networkPolicy:
ssoPublicIp: 51.89.117.53/32
dnsServerNamespace: test-dns-namespace
-
\ No newline at end of file
+imagePullSecret: image-pull-secret
--
GitLab