Merge remote-tracking branch 'origin/master' into OZG-5218-quarkus-java-update

e2698747 · OZGCloud · b2b26433 · 75654226 · e2698747 · e2698747
Commit e2698747 authored Apr 17, 2024 by OZGCloud
--- a/run_helm_test.sh
+++ b/run_helm_test.sh
@@ -5,4 +5,4 @@ set -x

 helm template  ./src/main/helm/ -f src/test/linter-values.yaml
 helm lint -f src/test/linter-values.yaml ./src/main/helm/
-cd src/main/helm && helm unittest -f '../../test/helm/*.yaml' .
\ No newline at end of file
+cd src/main/helm && helm unittest -f '../../test/helm/**/*.yaml' .
\ No newline at end of file
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
 {{/* vim: set filetype=mustache: */}}

-{{/* Truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) */}}
-{{/* Name */}}
-{{- define "app.name" -}}
-{{- default .Release.Name | toString | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
 {{/* Namespace */}}
 {{- define "app.namespace" -}}
-{{- default .Release.Namespace | toString | trunc 63 | trimSuffix "-" -}}
+{{- if gt (len (.Release.Namespace)) 63 -}}
+{{- fail (printf ".Release.Namespace %s ist zu lang (max. 63 Zeichen)" .Release.Namespace) -}}
 {{- end -}}
-
-{{/* Version */}}
-{{- define "app.version" -}}
-{{- default .Chart.Version | toString | trunc 63 | trimSuffix "-" -}}
+{{ printf "%s" .Release.Namespace }}
 {{- end -}}

 {{/* Chart: Name + Version */}}
 {{- define "app.chart" -}}
-{{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- if gt (len (printf "%s-%s" .Chart.Name .Chart.Version)) 63 -}}
+{{- fail (printf ".Chart.Name-.Chart.Version %s-%s ist zu lang (max. 63 Zeichen)" .Chart.Name .Chart.Version) -}}
+{{- end -}}
+{{ printf "%s-%s" .Chart.Name .Chart.Version }}
 {{- end -}}

 {{/* Managed-by -> On Helm, this value is always Helm */}}
 {{- define "app.managedBy" -}}
-{{- default .Release.Service | toString | trunc 63 | trimSuffix "-" -}}
+{{- if gt (len (.Release.Service)) 63 -}}
+{{- fail (printf ".Release.Service %s ist zu lang (max. 63 Zeichen)" .Release.Service) -}}
+{{- end -}}
+{{ printf "%s" .Release.Service }}
 {{- end -}}

 {{/* Default Labels: Helm recommended best-practice labels https://helm.sh/docs/chart_best_practices/labels/ */}}
 {{- define "app.defaultLabels" }}
 app.kubernetes.io/instance: user-manager
 app.kubernetes.io/managed-by: {{ include "app.managedBy" . }}
-app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/name: {{ .Release.Name }}
 app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 app.kubernetes.io/part-of: ozgcloud
-app.kubernetes.io/version: {{ include "app.version" . }}
+app.kubernetes.io/version: {{ .Chart.Version }}
 helm.sh/chart: {{ include "app.chart" . }}
+ozgcloud-mongodb-client: "true"
 {{- end -}}

 {{- define "app.matchLabels" }}
-app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/name: {{ .Release.Name }}
 app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- end -}}

-{{- define "app.imagePullSecret" }}
-{{- with .Values.imageCredentials }}
-{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
-{{- end }}
-{{- end }}
-
 {{- define "app.cronjobScheduler" }}
 {{- printf "%d %d * * *" (div (randNumeric 2) 2) (div (randNumeric 1) 2) -}}
 {{- end -}}
@@ -102,7 +95,7 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
 {{- if (.Values.baseDomain) -}}
 {{ .Values.baseDomain }}
 {{- else -}}
-{{ printf "%s-%s.%s" (include "app.ozgcloudBezeichner" .) (include "app.name" .) (include "app.baseUrl" .) }}
+{{ printf "%s-%s.%s" (include "app.ozgcloudBezeichner" .) (.Release.Name) (include "app.baseUrl" .) }}
 {{- end -}}
 {{- end -}}


--- a/src/main/helm/templates/api-password-secret.yaml
+++ b/src/main/helm/templates/api-password-secret.yaml
--- a/src/main/helm/templates/certificate.yaml
+++ b/src/main/helm/templates/certificate.yaml
@@ -35,12 +35,12 @@ spec:
    kind: Issuer
  duration: 8760h0m0s
  renewBefore: 720h0m0s
-  commonName: {{ include "app.name" . }}
+  commonName: {{ .Release.Name }}
  dnsNames:
-    - "*.{{ include "app.name" . }}.{{ include "app.namespace" . }}.svc.cluster.local"
-    - "{{ include "app.name" . }}.{{ include "app.namespace" . }}.svc.cluster.local"
-    - "{{ include "app.name" . }}.{{ include "app.namespace" . }}.svc.cluster"
-    - "{{ include "app.name" . }}.{{ include "app.namespace" . }}.svc"
-    - "{{ include "app.name" . }}.{{ include "app.namespace" . }}"
-    - "{{ include "app.name" . }}"
+    - "*.{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local"
+    - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster.local"
+    - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc.cluster"
+    - "{{ .Release.Name }}.{{ include "app.namespace" . }}.svc"
+    - "{{ .Release.Name }}.{{ include "app.namespace" . }}"
+    - "{{ .Release.Name }}"
 {{- end }}
\ No newline at end of file
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -25,7 +25,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "app.name" . }}
+  name: {{ .Release.Name }}
  namespace: {{ include "app.namespace" . }}
  labels:
    {{- include "app.defaultLabels" . | indent 4 }}
@@ -57,7 +57,7 @@ spec:
        whenUnsatisfiable: ScheduleAnyway
        labelSelector:
          matchLabels:
-            app.kubernetes.io/name: {{ include "app.name" . }}
+            app.kubernetes.io/name: {{ .Release.Name }}
      containers:
      - env:
        - name: QUARKUS_MONGODB_CONNECTION_STRING
@@ -66,7 +66,7 @@ spec:
              name: {{ include "app.databaseSecretName" . }}
              key: connectionString.standardSrv
              optional: false
-        {{- if not (.Values.sso).api_user }}
+        {{- if not (.Values.sso).api_user }} # used by dataport
        - name: OZGCLOUD_KEYCLOAK_API_PASSWORD
          valueFrom:
            secretKeyRef:
@@ -226,11 +226,7 @@ spec:
      dnsConfig: {}
      dnsPolicy: ClusterFirst
      imagePullSecrets:
-      {{- if .Values.imagePullSecret }}
-      - name: {{ .Values.imagePullSecret }}
-      {{ else }}
-      - name: user-manager-image-pull-secret
-      {{- end }}
+      - name: {{ required "imagePullSecret must be set" .Values.imagePullSecret }}
      restartPolicy: Always
      {{- with .Values.hostAliases }}
      hostAliases:

--- a/src/main/helm/templates/image-pull-secret.yaml
+++ b/src/main/helm/templates/image-pull-secret.yaml
-#
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
-# Ministerpräsidenten des Landes Schleswig-Holstein
-# Staatskanzlei
-# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
-#
-# Lizenziert unter der EUPL, Version 1.2 oder - sobald
-# diese von der Europäischen Kommission genehmigt wurden -
-# Folgeversionen der EUPL ("Lizenz");
-# Sie dürfen dieses Werk ausschließlich gemäß
-# dieser Lizenz nutzen.
-# Eine Kopie der Lizenz finden Sie hier:
-#
-# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
-#
-# Sofern nicht durch anwendbare Rechtsvorschriften
-# gefordert oder in schriftlicher Form vereinbart, wird
-# die unter der Lizenz verbreitete Software "so wie sie
-# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
-# ausdrücklich oder stillschweigend - verbreitet.
-# Die sprachspezifischen Genehmigungen und Beschränkungen
-# unter der Lizenz sind dem Lizenztext zu entnehmen.
-#
-
-{{- if not (.Values.imagePullSecret) }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: user-manager-image-pull-secret
-  namespace: {{ include "app.namespace" . }}
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: {{ include "app.imagePullSecret" . }}
-{{- end }}
\ No newline at end of file
--- a/src/main/helm/templates/ingress.yaml
+++ b/src/main/helm/templates/ingress.yaml
@@ -36,7 +36,7 @@ metadata:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    {{- end }}
    {{- end }}
-  name: {{ include "app.name" . }}
+  name: {{ .Release.Name }}
  namespace: {{ include "app.namespace" . }}
 spec:
  {{- if (.Values.ingress).className }}
@@ -49,7 +49,7 @@ spec:
              service:
                port:
                  number: 8080
-                name: {{ include "app.name" . }}
+                name: {{ .Release.Name }}
            path: ''
            pathType: ImplementationSpecific
      host: {{ ( include "app.baseDomain" . ) }}
@@ -60,6 +60,6 @@ spec:
      {{- if (.Values.ingress).tlsSecretName }}
      secretName: {{ (.Values.ingress).tlsSecretName }}
      {{- else }}
-      secretName: {{ .Values.ozgcloud.bezeichner }}-{{ include "app.name" . }}-tls
+      secretName: {{ .Values.ozgcloud.bezeichner }}-{{ .Release.Name }}-tls
      {{- end }}
      {{- end }}
\ No newline at end of file
--- a/src/main/helm/templates/keycloak-user-crd.yaml
+++ b/src/main/helm/templates/keycloak-user-crd.yaml
--- a/src/main/helm/templates/service.yaml
+++ b/src/main/helm/templates/service.yaml
@@ -25,7 +25,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "app.name" . }}
+  name: {{ .Release.Name }}
  namespace: {{ include "app.namespace" . }}
  labels:
    {{- include "app.defaultLabels" . | indent 4 }}

--- a/src/main/helm/templates/service_monitor.yaml
+++ b/src/main/helm/templates/service_monitor.yaml
@@ -26,7 +26,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ include "app.name" . }}
+  name: {{ .Release.Name }}
  namespace: {{ include "app.namespace" . }}
  labels:
    {{- include "app.defaultLabels" . | indent 4 }}

--- a/src/test/helm/api-password-secret_test.yaml
+++ b/src/test/helm/api-password-secret_test.yaml
@@ -3,7 +3,7 @@ release:
  name: user-manager
  namespace: sh-test-test
 templates:
-  - templates/api-password-secret.yaml
+  - templates/api_password_secret.yaml
 set:
  ozgcloud:
    keycloak:
@@ -14,12 +14,14 @@ tests:
    asserts:
      - isKind:
          of: Secret
+      - isAPIVersion:
+          of: v1
  - it: test api password 
    asserts:
      - equal:
          path: stringData.password
          value: testPassword
-  - it: should use Keycloak User Operator
+  - it: not create api_password_secret if kc api.password not set and api_user set
    set:
      sso:
        api_user:
@@ -27,3 +29,36 @@ tests:
    asserts:
      - hasDocuments:
          count: 0
+  - it: should not create api_password_secret if kc api.password not set and api_user not set
+    set:
+      sso:
+        api_user:
+          name: ""
+      ozgcloud:
+        keycloak:
+          api: 
+            password: ""
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: should create api_password_secret if kc api.password set and api_user not set
+    set:
+      ozgcloud:
+        keycloak:
+          api: 
+            password: "passwrd"
+    asserts:
+      - hasDocuments:
+          count: 1
+  - it: should not create api_password_secret if kc api.password set and api_user set
+    set:
+      sso:
+        api_user:
+          name: userManagerApiUser
+      ozgcloud:
+        keycloak:
+          api: 
+            password: "passwrd"
+    asserts:
+      - hasDocuments:
+          count: 0
\ No newline at end of file
--- a/src/test/helm/cert_issuer_test.yaml
+++ b/src/test/helm/cert_issuer_test.yaml
@@ -35,6 +35,8 @@ tests:
          of: cert-manager.io/v1
      - isKind:
          of: Issuer
+      - isAPIVersion:
+          of: cert-manager.io/v1
  - it: should have metadata
    asserts:
      - equal:

--- a/src/test/helm/deployment_63_char_test.yaml
+++ b/src/test/helm/deployment_63_char_test.yaml
+#
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deyploment less than 63 chars
+release:
+  name: user-manager
+  namespace: sh-helm-test
+
+templates:
+  - templates/deployment.yaml
+set:
+  ozgcloud:
+    bundesland: by
+    bezeichner: helm
+    environment: dev
+  sso.serverUrl: https://sso.company.local
+  baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
+tests:
+  - it: should fail on .Release.Namespace length longer than 63 characters
+    release:
+      namespace: test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890
+    asserts:
+      - failedTemplate:
+          errorMessage: .Release.Namespace test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890 ist zu lang (max. 63 Zeichen)
+  - it: should not fail on .Release.Namespace length less than 63 characters
+    asserts:
+      - notFailedTemplate: {}
+  - it: should fail on .Chart.Name-.Chart.Version length longer than 63 characters
+    chart:
+      version: 1.0-test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890
+    asserts:
+      - failedTemplate:
+          errorMessage: .Chart.Name-.Chart.Version user-manager-1.0-test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890 ist zu lang (max. 63 Zeichen)
+  - it: should not fail on .Chart.Name-.Chart.Version length less than 63 characters
+    asserts:
+      - notFailedTemplate: {}
\ No newline at end of file
--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #

-suite: test deployment
+suite: test deployment container security
 release:
  name: user-manager
  namespace: sh-helm-test
@@ -35,11 +35,10 @@ set:
    environment: dev
  sso.serverUrl: https://sso.company.local
  baseUrl: test.company.local
+  imagePullSecret: image-pull-secret
 tests:
  - it: check default values
    asserts:
-      - isKind:
-          of: Deployment
      - equal:
          path: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation
          value: false

--- a/src/test/helm/deployment_default_spec_test.yaml
+++ b/src/test/helm/deployment_default_spec_test.yaml
+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment actuator
+release:
+  name: user-manager
+  namespace: sh-helm-test
+templates:
+  - templates/deployment.yaml
+set:
+  ozgcloud:
+    bezeichner: helm
+    bundesland: by
+    environment: dev
+  baseUrl: test.sh.ozg-cloud.de
+  sso:
+    serverUrl: sso.test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
+tests:
+  - it: check for some standard values
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: docker.ozg-sh.de/user-manager:latest
+      - equal:
+          path: spec.template.spec.containers[0].imagePullPolicy
+          value: Always
+      - equal:
+          path: spec.template.spec.containers[0].name
+          value: user-manager
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 9000
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].name
+          value: grpc-9000
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].protocol
+          value: TCP
+      - equal:
+          path: spec.template.spec.containers[0].stdin
+          value: true
+      - equal:
+          path: spec.template.spec.containers[0].terminationMessagePath
+          value: /dev/termination-log
+      - equal:
+          path: spec.template.spec.containers[0].terminationMessagePolicy
+          value: File
+      - equal:
+          path: spec.template.spec.containers[0].tty
+          value: true
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].containerPort
+          value: 8080
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].name
+          value: http
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].protocol
+          value: TCP
+  - it: should have correct pod template values
+    asserts:
+      - isEmpty:
+          path: spec.template.spec.dnsConfig
+      - equal:
+          path: spec.template.spec.dnsPolicy
+          value: "ClusterFirst"
+      - equal:
+          path: spec.template.spec.restartPolicy
+          value: "Always"
+      - equal:
+          path: spec.template.spec.schedulerName
+          value: "default-scheduler"
+      - equal:
+          path: spec.template.spec.terminationGracePeriodSeconds
+          value: 30
\ No newline at end of file
--- a/src/test/helm/deployment_defaults_labels_test.yaml
+++ b/src/test/helm/deployment_defaults_labels_test.yaml
@@ -22,14 +22,12 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #

-suite: test deployment
+suite: test deployment default lables
 release:
  name: user-manager
  namespace: sh-helm-test
 templates:
  - templates/deployment.yaml
-  - templates/service.yaml
-  - templates/service_monitor.yaml
 set:
  ozgcloud:
    bundesland: by
@@ -38,6 +36,7 @@ set:
  sso:
    serverUrl: https://sso.company.local
  baseUrl: test.sh.ozg-cloud.local
+  imagePullSecret: image-pull-secret
 tests:
  - it: check default labels
    asserts:
@@ -54,23 +53,13 @@ tests:
          path: metadata.labels["app.kubernetes.io/namespace"]
          value: sh-helm-test
  - it: check component label for deployment
-    templates:
-      - templates/deployment.yaml
    asserts:
      - equal:
          path: spec.template.metadata.labels["component"]
          value: user-manager
-  - it: check component label for service
-    templates:
-      - templates/service.yaml
-    asserts:
-      - equal:
-          path: metadata.labels["component"]
-          value: user-manager-service
-  - it: check component label for service monitor
-    templates:
-      - templates/service_monitor.yaml
+
+  - it: should have label for mongodb client
    asserts:
      - equal:
-          path: metadata.labels["component"]
-          value: user-manager-service-monitor
+          path: metadata.labels["ozgcloud-mongodb-client"]
+          value: "true"
\ No newline at end of file
--- a/src/test/helm/deployment_scrapeMetrics_test.yaml
+++ b/src/test/helm/deployment_scrapeMetrics_test.yaml
@@ -22,29 +22,33 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #

-suite: test deployment
+suite: test deployment topology
 release:
  name: user-manager
  namespace: sh-helm-test
 templates:
  - templates/deployment.yaml
-  - templates/secret_database_quarkus.yaml
 set:
  ozgcloud:
-    bundesland: by
    bezeichner: helm
+    bundesland: by
    environment: dev
+  baseUrl: test.sh.ozg-cloud.de
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
-  baseUrl: test.sh.ozg-cloud.de
-
+  imagePullSecret: image-pull-secret
 tests:
-  - it: should set the metrics port by default
-    template: deployment.yaml
+  - it: check default values
    asserts:
-      - contains:
-          path: spec.template.spec.containers[0].ports
-          content:
-            name: http
-            containerPort: 8080
-            protocol: TCP
\ No newline at end of file
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].maxSkew
+          value: 1
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].topologyKey
+          value: kubernetes.io/hostname
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].whenUnsatisfiable
+          value: ScheduleAnyway
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].labelSelector.matchLabels["app.kubernetes.io/name"]
+          value: user-manager
\ No newline at end of file
--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -33,9 +33,9 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: check customList
-    template: deployment.yaml
    set:
      env.customList:
        - name: my_test_environment_name
@@ -47,7 +47,6 @@ tests:
            name: my_test_environment_name
            value: "A test value"
  - it: check customList test value is not set by default
-    template: deployment.yaml
    asserts:
      - notContains:
          path: spec.template.spec.containers[0].env
@@ -80,9 +79,6 @@ tests:
  - it: check user sync period set
    set:
      ozgcloud:
-        bundesland: by
-        bezeichner: helm
-        environment: dev  
        usersync:
          period: "6h"
    asserts:
@@ -91,6 +87,12 @@ tests:
          content:
            name: OZGCLOUD_USERSYNC_PERIOD
            value: "6h"
+  - it: not contain sync period by default
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: OZGCLOUD_USERSYNC_PERIOD
  - it: check user sync period NOT set
    asserts:
      - notContains:

--- a/src/test/helm/deployment_host_aliases_test.yaml
+++ b/src/test/helm/deployment_host_aliases_test.yaml
@@ -36,6 +36,7 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  imagePullSecret: image-pull-secret
 tests:
  - it: should not set hostAliases
    asserts:

--- a/src/test/helm/deployment_imagepull_secret_test.yaml
+++ b/src/test/helm/deployment_imagepull_secret_test.yaml
@@ -36,20 +36,16 @@ set:
  sso:
    serverUrl: sso.test.sh.ozg-cloud.de
  baseUrl: test.sh.ozg-cloud.de
+  
 tests:
-  - it: should use default imagePull secret
-    asserts:
-      - isKind:
-          of: Deployment
-      - equal:
-          path: spec.template.spec.imagePullSecrets[0].name
-          value: user-manager-image-pull-secret
  - it: should set the imagePull secret
    set: 
      imagePullSecret: image-pull-secret
    asserts:
-      - isKind:
-          of: Deployment
      - equal:
          path: spec.template.spec.imagePullSecrets[0].name
          value: image-pull-secret
+  - it: should fail if the imagePull secret not set
+    asserts:
+      - failedTemplate:
+            errorMessage: imagePullSecret must be set
\ No newline at end of file