From e81401fae9fa6c4307ad963ef4f35edda15aa731 Mon Sep 17 00:00:00 2001
From: Jan Zickermann <jan.zickermann@dataport.de>
Date: Thu, 12 Dec 2024 09:38:40 +0100
Subject: [PATCH] #2 OZG-7121 helm: Configure keystore and truststore in
 deployment

---
 .gitlab-ci.yml                             |  4 +--
 run_helm_test.sh                           |  6 ++++
 src/main/helm/templates/deployment.yaml    | 22 ++++++---------
 src/test/helm/deployment_env_test.yaml     | 33 ++++++++++++++++++++++
 src/test/helm/deployment_volumes_test.yaml | 20 ++++++++++++-
 5 files changed, 67 insertions(+), 18 deletions(-)
 create mode 100755 run_helm_test.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c9705af..8bdd507 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -48,9 +48,7 @@ test-helm:
     - !reference [ .helm, before_script ]
     - helm plugin install https://github.com/helm-unittest/helm-unittest.git
   script:
-    - helm template -f src/test/helm-linter-values.yaml src/main/helm
-    - helm lint -f src/test/helm-linter-values.yaml src/main/helm
-    - helm unittest  -f '../../test/helm/**/*test.yaml' src/main/helm
+    - sh run_helm_test.sh
 
 verify:
   stage: test
diff --git a/run_helm_test.sh b/run_helm_test.sh
new file mode 100755
index 0000000..0cd9af6
--- /dev/null
+++ b/run_helm_test.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+helm template -f src/test/helm-linter-values.yaml src/main/helm
+helm lint -f src/test/helm-linter-values.yaml src/main/helm
+helm unittest  -f '../../test/helm/**/*test.yaml' src/main/helm
\ No newline at end of file
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index f0f5101..a1d4ea7 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -61,7 +61,10 @@ spec:
       - env:
           - name: spring_profiles_active
             value: {{ include "app.envSpringProfiles" . }}
-
+          - name: server_ssl_key-store
+            value: /store/keystore.jks
+          - name: server_ssl_trust-store
+            value: /store/truststore.jks
           {{- with include "app.getCustomList" . }}
 {{ . | indent 10 }}
           {{- end }}
@@ -119,25 +122,16 @@ spec:
         volumeMounts:
           - name: temp-dir
             mountPath: "/tmp"
-          - name: bindings
-            mountPath: "/bindings/ca-certificates/type"
-            subPath: type
-            readOnly: true
-          - name: mongodb-root-ca
-            mountPath: "/bindings/ca-certificates/mongodb-root-ca.pem"
-            subPath: ca.crt
+          - name: xta-test-server-tls-store
+            mountPath: "/store/"
             readOnly: true
 
       volumes:
         - name: temp-dir
           emptyDir: {}
-        - name: bindings
-          configMap:
-            name: xta-test-server-bindings-type
-        - name: mongodb-root-ca
+        - name: xta-test-server-tls-store
           secret:
-            secretName: {{ ((.Values.database).tls).secretName | default "ozg-mongodb-tls-cert" }}
-            optional: true
+            secretName: {{ .Release.Name }}-tls-secret
       dnsConfig: {}
       dnsPolicy: ClusterFirst
       {{- with .Values.hostAliases }}
diff --git a/src/test/helm/deployment_env_test.yaml b/src/test/helm/deployment_env_test.yaml
index b3f06bc..52c9484 100644
--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -29,6 +29,39 @@ release:
   namespace: sh-helm-test
 
 tests:
+  - it: should set spring profiles
+    set:
+      ozgcloud:
+        environment: dev
+      imagePullSecret: image-pull-secret
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+              name: spring_profiles_active
+              value: oc, dev
+  - it: should set keystore
+    set:
+      ozgcloud:
+        environment: dev
+      imagePullSecret: image-pull-secret
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: server_ssl_key-store
+            value: /store/keystore.jks
+  - it: should set truststore
+    set:
+      ozgcloud:
+        environment: dev
+      imagePullSecret: image-pull-secret
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: server_ssl_trust-store
+            value: /store/truststore.jks
   - it: check customList as list
     set:
       env.customList:
diff --git a/src/test/helm/deployment_volumes_test.yaml b/src/test/helm/deployment_volumes_test.yaml
index 9183af6..9f998f3 100644
--- a/src/test/helm/deployment_volumes_test.yaml
+++ b/src/test/helm/deployment_volumes_test.yaml
@@ -23,4 +23,22 @@ tests:
           path: spec.template.spec.volumes
           content:
             name: temp-dir
-            emptyDir: {}
\ No newline at end of file
+            emptyDir: {}
+
+  - it: should have tls store volume
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content:
+            name: xta-test-server-tls-store
+            secret:
+              secretName: helm-test-tls-secret
+
+  - it: should have truststore volume mount
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: xta-test-server-tls-store
+            mountPath: "/store/"
+            readOnly: true
\ No newline at end of file
-- 
GitLab