DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added helm unit tests for automountServiceAccountToken for all serviceAccounts/Workloads

Browse source 
Signed-off-by: Aran Shavit <Aranshavit@gmail.com>
This commit is contained in:
Aran Shavit 2024-10-29 11:55:57 +02:00
parent a822382b95
commit 8216d88c7c
7 changed files with 148 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
charts/ingress-nginx/tests/admission-webhooks/job-patch/job-createSecret_test.yaml Normal file
View file

@ -0,0 +1,12 @@
suite: Admission Webhooks > Create Secret Job
templates:
- admission-webhooks/job-patch/job-createSecret.yaml
tests:
- it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
set:
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

12
charts/ingress-nginx/tests/admission-webhooks/job-patch/job-patchWebhook_test.yaml Normal file
View file

@ -0,0 +1,12 @@
suite: Admission Webhooks > Patch Webhook Job
templates:
- admission-webhooks/job-patch/job-patchWebhook.yaml
tests:
- it: should create a Job with token auto-mounting disabled if `controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken` is false
set:
controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

9
charts/ingress-nginx/tests/controller-daemonset_test.yaml
View file

@ -190,3 +190,12 @@ tests:
- equal:
path: spec.template.spec.containers[0].image
value: registry.k8s.io/ingress-nginx/controller:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
- it: should create a DaemonSet with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false
set:
controller.kind: DaemonSet
serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

8
charts/ingress-nginx/tests/controller-deployment_test.yaml
View file

@ -215,3 +215,11 @@ tests:
- equal:
path: spec.progressDeadlineSeconds
value: 111
- it: should create a Deployment with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false
set:
serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

47
charts/ingress-nginx/tests/controller-serviceaccount_test.yaml Normal file
View file

@ -0,0 +1,47 @@
suite: Controller > ServiceAccount
templates:
- controller-serviceaccount.yaml
tests:
- it: should not create a ServiceAccount if `serviceAccount.create` is false
set:
serviceAccount.create: false
asserts:
- hasDocuments:
count: 0
- it: should create a ServiceAccount if `serviceAccount.create` is true
set:
serviceAccount.create: true
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: metadata.name
value: RELEASE-NAME-ingress-nginx
- it: should create a ServiceAccount with specified name if `serviceAccount.name` is set
set:
serviceAccount.name: ingress-nginx-admission-test-sa
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: metadata.name
value: ingress-nginx-admission-test-sa
- it: should create a ServiceAccount with token auto-mounting disabled if `serviceAccount.automountServiceAccountToken` is false
set:
serviceAccount.automountServiceAccountToken: false
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: automountServiceAccountToken
value: false

9
charts/ingress-nginx/tests/default-backend-deployment_test.yaml
View file

@ -187,3 +187,12 @@ tests:
- equal:
path: spec.template.spec.containers[0].image
value: registry.k8s.io/defaultbackend-amd64:custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
- it: should create a Deployment with token auto-mounting disabled if `defaultBackend.serviceAccount.automountServiceAccountToken` is false
set:
defaultBackend.enabled: true
defaultBackend.serviceAccount.automountServiceAccountToken: false
asserts:
- equal:
path: spec.template.spec.automountServiceAccountToken
value: false

51
charts/ingress-nginx/tests/default-backend-serviceaccount_test.yaml Normal file
View file

@ -0,0 +1,51 @@
suite: Default Backend > ServiceAccount
templates:
- default-backend-serviceaccount.yaml
tests:
- it: should not create a ServiceAccount if `defaultBackend.serviceAccount.create` is false
set:
defaultBackend.enabled: true
defaultBackend.serviceAccount.create: false
asserts:
- hasDocuments:
count: 0
- it: should create a ServiceAccount if `defaultBackend.serviceAccount.create` is true
set:
defaultBackend.enabled: true
defaultBackend.serviceAccount.create: true
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: metadata.name
value: RELEASE-NAME-ingress-nginx-backend
- it: should create a ServiceAccount with specified name if `defaultBackend.serviceAccount.name` is set
set:
defaultBackend.enabled: true
defaultBackend.serviceAccount.name: ingress-nginx-admission-test-sa
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: metadata.name
value: ingress-nginx-admission-test-sa
- it: should create a ServiceAccount with token auto-mounting disabled if `defaultBackend.serviceAccount.automountServiceAccountToken` is false
set:
defaultBackend.enabled: true
defaultBackend.serviceAccount.automountServiceAccountToken: false
asserts:
- hasDocuments:
count: 1
- isKind:
of: ServiceAccount
- equal:
path: automountServiceAccountToken
value: false