#2 OZG-7121 helm: Configure keystore and truststore in deployment

e81401fa · Jan Zickermann · efc8aa07 · e81401fa · e81401fa · e81401fa
Commit e81401fa authored 5 months ago by Jan Zickermann
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -48,9 +48,7 @@ test-helm:
    - !reference [ .helm, before_script ]
    - helm plugin install https://github.com/helm-unittest/helm-unittest.git
  script:
-    - helm template -f src/test/helm-linter-values.yaml src/main/helm
+    - sh run_helm_test.sh
-    - helm lint -f src/test/helm-linter-values.yaml src/main/helm
-    - helm unittest  -f '../../test/helm/**/*test.yaml' src/main/helm
 verify:
  stage: test

--- a/run_helm_test.sh
+++ b/run_helm_test.sh
+#!/bin/sh
+set -e
+helm template -f src/test/helm-linter-values.yaml src/main/helm
+helm lint -f src/test/helm-linter-values.yaml src/main/helm
+helm unittest  -f '../../test/helm/**/*test.yaml' src/main/helm
\ No newline at end of file
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -61,7 +61,10 @@ spec:
      - env:
          - name: spring_profiles_active
            value: {{ include "app.envSpringProfiles" . }}
+          - name: server_ssl_key-store
+            value: /store/keystore.jks
+          - name: server_ssl_trust-store
+            value: /store/truststore.jks
          {{- with include "app.getCustomList" . }}
 {{ . | indent 10 }}
          {{- end }}
@@ -119,25 +122,16 @@ spec:
        volumeMounts:
          - name: temp-dir
            mountPath: "/tmp"
-          - name: bindings
+          - name: xta-test-server-tls-store
-            mountPath: "/bindings/ca-certificates/type"
+            mountPath: "/store/"
-            subPath: type
-            readOnly: true
-          - name: mongodb-root-ca
-            mountPath: "/bindings/ca-certificates/mongodb-root-ca.pem"
-            subPath: ca.crt
            readOnly: true
      volumes:
        - name: temp-dir
          emptyDir: {}
-        - name: bindings
+        - name: xta-test-server-tls-store
-          configMap:
-            name: xta-test-server-bindings-type
-        - name: mongodb-root-ca
          secret:
-            secretName: {{ ((.Values.database).tls).secretName | default "ozg-mongodb-tls-cert" }}
+            secretName: {{ .Release.Name }}-tls-secret
-            optional: true
      dnsConfig: {}
      dnsPolicy: ClusterFirst
      {{- with .Values.hostAliases }}

--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -29,6 +29,39 @@ release:
  namespace: sh-helm-test
 tests:
+  - it: should set spring profiles
+    set:
+      ozgcloud:
+        environment: dev
+      imagePullSecret: image-pull-secret
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+              name: spring_profiles_active
+              value: oc, dev
+  - it: should set keystore
+    set:
+      ozgcloud:
+        environment: dev
+      imagePullSecret: image-pull-secret
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: server_ssl_key-store
+            value: /store/keystore.jks
+  - it: should set truststore
+    set:
+      ozgcloud:
+        environment: dev
+      imagePullSecret: image-pull-secret
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: server_ssl_trust-store
+            value: /store/truststore.jks
  - it: check customList as list
    set:
      env.customList:

--- a/src/test/helm/deployment_volumes_test.yaml
+++ b/src/test/helm/deployment_volumes_test.yaml
@@ -23,4 +23,22 @@ tests:
          path: spec.template.spec.volumes
          content:
            name: temp-dir
            emptyDir: {}
\ No newline at end of file
+  - it: should have tls store volume
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content:
+            name: xta-test-server-tls-store
+            secret:
+              secretName: helm-test-tls-secret
+  - it: should have truststore volume mount
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: xta-test-server-tls-store
+            mountPath: "/store/"
+            readOnly: true
\ No newline at end of file