OZG-3328 cleanup and add helm unittests;OZG-5115 update helm unittest command

run_helm_test.sh

@@ -5,4 +5,4 @@ set -x
 
 helm template  ./src/main/helm/ -f src/test/linter-values.yaml
 helm lint -f src/test/linter-values.yaml ./src/main/helm/
-cd src/main/helm && helm unittest -f '../../test/helm/*.yaml' .
\ No newline at end of file
+cd src/main/helm && helm unittest -f '../../test/helm/**/*.yaml' .
\ No newline at end of file

src/test/helm/api-password-secret_test.yaml → src/test/helm/api_password_secret_test.yaml

@@ -3,7 +3,7 @@ release:
   name: user-manager
   namespace: sh-test-test
 templates:
-  - templates/api-password-secret.yaml
+  - templates/api_password_secret.yaml
 set:
   ozgcloud:
     keycloak:
@@ -14,16 +14,51 @@ tests:
     asserts:
       - isKind:
           of: Secret
+      - isAPIVersion:
+          of: v1
   - it: test api password 
     asserts:
       - equal:
           path: stringData.password
           value: testPassword
-  - it: should use Keycloak User Operator
+  - it: not create api_password_secret if kc api.password not set and api_user set
     set:
       sso:
         api_user:
           name: userManagerApiUser
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: should not create api_password_secret if kc api.password not set and api_user not set
+    set:
+      sso:
+        api_user:
+          name: ""
+      ozgcloud:
+        keycloak:
+          api: 
+            password: ""
+    asserts:
+      - hasDocuments:
+          count: 0
+  - it: should create api_password_secret if kc api.password set and api_user not set
+    set:
+      ozgcloud:
+        keycloak:
+          api: 
+            password: "passwrd"
+    asserts:
+      - hasDocuments:
+          count: 1
+  - it: should not create api_password_secret if kc api.password set and api_user set
+    set:
+      sso:
+        api_user:
+          name: userManagerApiUser
+      ozgcloud:
+        keycloak:
+          api: 
+            password: "passwrd"
     asserts:
       - hasDocuments:
           count: 0
\ No newline at end of file

src/test/helm/cert_issuer_test.yaml

@@ -35,6 +35,8 @@ tests:
           of: cert-manager.io/v1
       - isKind:
           of: Issuer
+      - isAPIVersion:
+          of: cert-manager.io/v1
   - it: should have metadata
     asserts:
       - equal:

src/test/helm/deployment_container_security_context_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment container security
 release:
   name: user-manager
   namespace: sh-helm-test
@@ -38,8 +38,6 @@ set:
 tests:
   - it: check default values
     asserts:
-      - isKind:
-          of: Deployment
       - equal:
           path: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation
           value: false

src/test/helm/deployment_default_spec_test.yaml

+#
+# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Ministerpräsidenten des Landes Schleswig-Holstein
+# Staatskanzlei
+# Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+#
+# Lizenziert unter der EUPL, Version 1.2 oder - sobald
+# diese von der Europäischen Kommission genehmigt wurden -
+# Folgeversionen der EUPL ("Lizenz");
+# Sie dürfen dieses Werk ausschließlich gemäß
+# dieser Lizenz nutzen.
+# Eine Kopie der Lizenz finden Sie hier:
+#
+# https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+#
+# Sofern nicht durch anwendbare Rechtsvorschriften
+# gefordert oder in schriftlicher Form vereinbart, wird
+# die unter der Lizenz verbreitete Software "so wie sie
+# ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+# ausdrücklich oder stillschweigend - verbreitet.
+# Die sprachspezifischen Genehmigungen und Beschränkungen
+# unter der Lizenz sind dem Lizenztext zu entnehmen.
+#
+
+suite: test deployment actuator
+release:
+  name: user-manager
+  namespace: sh-helm-test
+templates:
+  - templates/deployment.yaml
+set:
+  ozgcloud:
+    bezeichner: helm
+    bundesland: by
+    environment: dev
+  baseUrl: test.sh.ozg-cloud.de
+  sso:
+    serverUrl: sso.test.sh.ozg-cloud.de
+tests:
+  - it: check for some standard values
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: docker.ozg-sh.de/user-manager:latest
+      - equal:
+          path: spec.template.spec.containers[0].imagePullPolicy
+          value: Always
+      - equal:
+          path: spec.template.spec.containers[0].name
+          value: user-manager
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].containerPort
+          value: 9000
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].name
+          value: grpc-9000
+      - equal:
+          path: spec.template.spec.containers[0].ports[0].protocol
+          value: TCP
+      - equal:
+          path: spec.template.spec.containers[0].stdin
+          value: true
+      - equal:
+          path: spec.template.spec.containers[0].terminationMessagePath
+          value: /dev/termination-log
+      - equal:
+          path: spec.template.spec.containers[0].terminationMessagePolicy
+          value: File
+      - equal:
+          path: spec.template.spec.containers[0].tty
+          value: true
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].containerPort
+          value: 8080
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].name
+          value: http
+      - equal:
+          path: spec.template.spec.containers[0].ports[1].protocol
+          value: TCP
+  - it: should have correct pod template values
+    asserts:
+      - isEmpty:
+          path: spec.template.spec.dnsConfig
+      - equal:
+          path: spec.template.spec.dnsPolicy
+          value: "ClusterFirst"
+      - equal:
+          path: spec.template.spec.restartPolicy
+          value: "Always"
+      - equal:
+          path: spec.template.spec.schedulerName
+          value: "default-scheduler"
+      - equal:
+          path: spec.template.spec.terminationGracePeriodSeconds
+          value: 30
\ No newline at end of file

src/test/helm/deployment_defaults_labels_test.yaml

@@ -22,14 +22,12 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment default lables
 release:
   name: user-manager
   namespace: sh-helm-test
 templates:
   - templates/deployment.yaml
-  - templates/service.yaml
-  - templates/service_monitor.yaml
 set:
   ozgcloud:
     bundesland: by
@@ -54,26 +52,10 @@ tests:
           path: metadata.labels["app.kubernetes.io/namespace"]
           value: sh-helm-test
   - it: check component label for deployment
-    templates:
-      - templates/deployment.yaml
     asserts:
       - equal:
           path: spec.template.metadata.labels["component"]
           value: user-manager
-  - it: check component label for service
-    templates:
-      - templates/service.yaml
-    asserts:
-      - equal:
-          path: metadata.labels["component"]
-          value: user-manager-service
-  - it: check component label for service monitor
-    templates:
-      - templates/service_monitor.yaml
-    asserts:
-      - equal:
-          path: metadata.labels["component"]
-          value: user-manager-service-monitor
 
   - it: should have label for mongodb client
     asserts:

src/test/helm/deployment_scrapeMetrics_test.yaml → src/test/helm/deployment_defaults_topologySpreadConstraints_test.yaml

@@ -22,29 +22,32 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment topology
 release:
   name: user-manager
   namespace: sh-helm-test
 templates:
   - templates/deployment.yaml
-  - templates/secret_database_quarkus.yaml
 set:
   ozgcloud:
-    bundesland: by
     bezeichner: helm
+    bundesland: by
     environment: dev
+  baseUrl: test.sh.ozg-cloud.de
   sso:
     serverUrl: sso.test.sh.ozg-cloud.de
-  baseUrl: test.sh.ozg-cloud.de
-
 tests:
-  - it: should set the metrics port by default
-    template: deployment.yaml
+  - it: check default values
     asserts:
-      - contains:
-          path: spec.template.spec.containers[0].ports
-          content:
-            name: http
-            containerPort: 8080
-            protocol: TCP
\ No newline at end of file
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].maxSkew
+          value: 1
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].topologyKey
+          value: kubernetes.io/hostname
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].whenUnsatisfiable
+          value: ScheduleAnyway
+      - equal:
+          path: spec.template.spec.topologySpreadConstraints[0].labelSelector.matchLabels["app.kubernetes.io/name"]
+          value: user-manager
\ No newline at end of file

src/test/helm/deployment_env_test.yaml

@@ -35,7 +35,6 @@ set:
   baseUrl: test.sh.ozg-cloud.de
 tests:
   - it: check customList
-    template: deployment.yaml
     set:
       env.customList:
         - name: my_test_environment_name
@@ -47,7 +46,6 @@ tests:
             name: my_test_environment_name
             value: "A test value"
   - it: check customList test value is not set by default
-    template: deployment.yaml
     asserts:
       - notContains:
           path: spec.template.spec.containers[0].env
@@ -80,9 +78,6 @@ tests:
   - it: check user sync period set
     set:
       ozgcloud:
-        bundesland: by
-        bezeichner: helm
-        environment: dev  
         usersync:
           period: "6h"
     asserts:
@@ -91,6 +86,12 @@ tests:
           content:
             name: OZGCLOUD_USERSYNC_PERIOD
             value: "6h"
+  - it: not contain sync period by default
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: OZGCLOUD_USERSYNC_PERIOD
   - it: check user sync period NOT set
     asserts:
       - notContains:

src/test/helm/deployment_imagepull_secret_test.yaml

@@ -39,8 +39,6 @@ set:
 tests:
   - it: should use default imagePull secret
     asserts:
-      - isKind:
-          of: Deployment
       - equal:
           path: spec.template.spec.imagePullSecrets[0].name
           value: user-manager-image-pull-secret
@@ -48,8 +46,6 @@ tests:
     set:
       imagePullSecret: image-pull-secret
     asserts:
-      - isKind:
-          of: Deployment
       - equal:
           path: spec.template.spec.imagePullSecrets[0].name
           value: image-pull-secret
\ No newline at end of file

src/test/helm/deployment-keycloak-values-test.yaml → src/test/helm/deployment_keycloak_values_test.yaml

@@ -113,7 +113,17 @@ tests:
           content: 
             name: KEYCLOAK_URL
             value: https://sso.test.by.ozg-cloud.de
-
+  - it: should use set OZGCLOUD_KEYCLOAK_API_PASSWORD when api_user set
+    set:
+      sso:
+        api_user:
+          name: -userManager-ApiUser
+        serverUrl: https://sso.company.local
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content: 
+            name: OZGCLOUD_KEYCLOAK_API_PASSWORD
   - it: should use Keycloak User Operator
     set:
       sso:

src/test/helm/deployment_optional_trust_store_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test environments
+suite: test environments trust store
 templates:
   - templates/deployment.yaml
 set:

src/test/helm/deployment_probes_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: deployment
+suite: deployment health test
 release:
   name: user-manager
   namespace: by-helm-test
@@ -38,13 +38,11 @@ set:
   baseUrl: test.by.company.local
 tests:
   - it: livenessProbe should be disabled by default
-    template: deployment.yaml
     asserts:
       - notExists:
           path: spec.template.spec.containers[0].livenessProbe
 
   - it: enable livenessProbe
-    template: deployment.yaml
     set:
       enableLivenessProbe: true
     asserts:
@@ -60,9 +58,12 @@ tests:
             periodSeconds: 5
             successThreshold: 1
             timeoutSeconds: 5
+  - it: not enable livenessProbe by default
+    asserts:
+      - isNull:
+          path: spec.template.spec.containers[0].livenessProbe
 
   - it: should have readiness probe
-    template: deployment.yaml
     asserts:
       - isSubset:
           path: spec.template.spec.containers[0].readinessProbe
@@ -77,7 +78,6 @@ tests:
             timeoutSeconds: 3
 
   - it: should have startup probe
-    template: deployment.yaml
     asserts:
       - isSubset:
           path: spec.template.spec.containers[0].startupProbe

src/test/helm/deployment_realm_name_length_test.yaml

@@ -31,7 +31,6 @@ templates:
 
 tests:
   - it: should fail on bezeichner length longer than 46 characters
-    template: deployment.yaml
     set:
       ozgcloud:
         bezeichner: test1234567890123123456789012345678901234567890123456789012345678901234567890123456789012345678904567890

src/test/helm/deployment_resources_test.yaml

@@ -22,7 +22,7 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: test deployment
+suite: test deployment recources
 release:
   name: user-manager
 templates:
@@ -37,7 +37,6 @@ set:
   baseUrl: test.sh.ozg-cloud.de
 tests:
   - it: test resources
-    template: deployment.yaml
     set:
       resources:
         limits:

src/test/helm/deployment-test.yaml → src/test/helm/deyploment_general_value_and_default_spec_test.yaml

 #
-# Copyright (C) 2022 Das Land Schleswig-Holstein vertreten durch den
+# Copyright (C) 2024 Das Land Schleswig-Holstein vertreten durch den
 # Ministerpräsidenten des Landes Schleswig-Holstein
 # Staatskanzlei
 # Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
@@ -22,29 +22,58 @@
 # unter der Lizenz sind dem Lizenztext zu entnehmen.
 #
 
-suite: deployment
+suite: test deployment general values
 release:
   name: user-manager
+  namespace: sh-helm-test
 templates:
   - templates/deployment.yaml
 set:
   ozgcloud:
-    bundesland: by
     bezeichner: helm
+    bundesland: by
     environment: dev
-  sso.serverUrl: https://sso.company.local
-  baseUrl: test.company.local
+  baseUrl: test.sh.ozg-cloud.de
+  sso:
+    serverUrl: sso.test.sh.ozg-cloud.de
+
 tests:
-  - it: test resources for prod environment
-    release:
-      namespace: sh-helm-test
-    template: deployment.yaml
+  - it: should have correct apiVersion
     asserts:
       - isKind:
           of: Deployment
+      - isAPIVersion:
+           of: "apps/v1"
+      
+  - it: should have correct deployment metadata 
+    asserts: 
+      - equal:
+          path: metadata.name
+          value: user-manager
+      - equal: 
+          path: metadata.namespace
+          value: sh-helm-test
+
+
+  - it: should have correct deyployment general spec values
+    asserts:
       - equal:
-          path: spec.template.spec.containers[0].image
-          value: docker.ozg-sh.de/user-manager:latest
+          path: spec.progressDeadlineSeconds
+          value: 600
       - equal:
           path: spec.replicas
           value: 2
+      - equal:
+          path: spec.revisionHistoryLimit
+          value: 10
+  - it: should have correct deployment spec strategy values
+    asserts:
+      - equal: 
+          path: spec.strategy
+          value: 
+            rollingUpdate:
+              maxSurge: 1
+              maxUnavailable: 0
+            type: RollingUpdate
+          
+