Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openbao-helm/test/unit/injector-psp.bats

71 lines
2.3 KiB
Text
Raw Permalink Normal View History

Support PodSecurityPolicy (#177) * Add PSP for server * Add PSP for Injector * Allow annotations to be templated Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-26 06:42:52 +00:00
#!/usr/bin/env bats
load _helpers
@test "injector/PodSecurityPolicy: PodSecurityPolicy not enabled by default" {
cd `chart_dir`
local actual=$( (helm template \
--show-only templates/injector-psp.yaml \
. || echo "---") | tee /dev/stderr |
yq 'length > 0' | tee /dev/stderr)
[ "${actual}" = "false" ]
}
@test "injector/PodSecurityPolicy: enable with injector.enabled and global.psp.enable" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-psp.yaml \
--set 'injector.enabled=true' \
--set 'global.psp.enable=true' \
. | tee /dev/stderr |
yq 'length > 0' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
VAULT-571 Matching documented behavior and consul (#703) VAULT-571 Matching documented behavior and consul Consul's helm template defaults most of the enabled to the special value `"-"`, which means to inherit from global. This is what is implied should happen in Vault as well according to the documentation for the helm chart: > [global.enabled] The master enabled/disabled configuration. If this is > true, most components will be installed by default. If this is false, > no components will be installed by default and manually opting-in is > required, such as by setting server.enabled to true. (https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled) We also simplified the chart logic using a few template helpers. Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-03-21 16:50:23 +00:00
@test "injector/PodSecurityPolicy: ignore global.enabled" {
Support PodSecurityPolicy (#177) * Add PSP for server * Add PSP for Injector * Allow annotations to be templated Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-26 06:42:52 +00:00
cd `chart_dir`
local actual=$( (helm template \
--show-only templates/injector-psp.yaml \
--set 'global.enabled=false' \
--set 'injector.enabled=true' \
--set 'global.psp.enable=true' \
. || echo "---") | tee /dev/stderr |
yq 'length > 0' | tee /dev/stderr)
VAULT-571 Matching documented behavior and consul (#703) VAULT-571 Matching documented behavior and consul Consul's helm template defaults most of the enabled to the special value `"-"`, which means to inherit from global. This is what is implied should happen in Vault as well according to the documentation for the helm chart: > [global.enabled] The master enabled/disabled configuration. If this is > true, most components will be installed by default. If this is false, > no components will be installed by default and manually opting-in is > required, such as by setting server.enabled to true. (https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled) We also simplified the chart logic using a few template helpers. Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-03-21 16:50:23 +00:00
[ "${actual}" = "true" ]
Support PodSecurityPolicy (#177) * Add PSP for server * Add PSP for Injector * Allow annotations to be templated Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-26 06:42:52 +00:00
}
@test "injector/PodSecurityPolicy: annotations are templated correctly by default" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-psp.yaml \
--set 'injector.enabled=true' \
--set 'global.psp.enable=true' \
. | tee /dev/stderr |
yq '.metadata.annotations | length == 4' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
@test "injector/PodSecurityPolicy: annotations are added - string" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-psp.yaml \
--set 'injector.enabled=true' \
--set 'global.psp.enable=true' \
update more vault to openbao everywhere Signed-off-by: jessebot <jessebot@linux.com>
2024-05-28 11:52:10 +00:00
--set 'global.psp.annotations=openbao-is: amazing' \
Support PodSecurityPolicy (#177) * Add PSP for server * Add PSP for Injector * Allow annotations to be templated Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-26 06:42:52 +00:00
. | tee /dev/stderr |
update more vault to openbao everywhere Signed-off-by: jessebot <jessebot@linux.com>
2024-05-28 11:52:10 +00:00
yq -r '.metadata.annotations["openbao-is"]' | tee /dev/stderr)
Support PodSecurityPolicy (#177) * Add PSP for server * Add PSP for Injector * Allow annotations to be templated Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-26 06:42:52 +00:00
[ "${actual}" = "amazing" ]
}
@test "injector/PodSecurityPolicy: annotations are added - object" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-psp.yaml \
--set 'injector.enabled=true' \
--set 'global.psp.enable=true' \
update more vault to openbao everywhere Signed-off-by: jessebot <jessebot@linux.com>
2024-05-28 11:52:10 +00:00
--set 'global.psp.annotations.openbao-is=amazing' \
Support PodSecurityPolicy (#177) * Add PSP for server * Add PSP for Injector * Allow annotations to be templated Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-26 06:42:52 +00:00
. | tee /dev/stderr |
update more vault to openbao everywhere Signed-off-by: jessebot <jessebot@linux.com>
2024-05-28 11:52:10 +00:00
yq -r '.metadata.annotations["openbao-is"]' | tee /dev/stderr)
Support PodSecurityPolicy (#177) * Add PSP for server * Add PSP for Injector * Allow annotations to be templated Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-26 06:42:52 +00:00
[ "${actual}" = "amazing" ]
}
Reference in a new issue Copy permalink