openbao-helm/test/acceptance/server-ha.bats

#!/usr/bin/env bats

load _helpers

@test "server/ha: testing deployment" {
  cd `chart_dir`

  helm install --name="$(name_prefix)" \
    --set='server.ha.enabled=true' .
  wait_for_running $(name_prefix)-0

  # Sealed, not initialized
  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "true" ]

  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "false" ]

  # Security
  local ipc=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.template.spec.containers[0].securityContext.capabilities.add[0]')
  [ "${ipc}" == "IPC_LOCK" ]

  # Replicas
  local replicas=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.replicas')
  [ "${replicas}" == "3" ]

  # Volume Mounts
  local volumeCount=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.template.spec.containers[0].volumeMounts | length')
  [ "${volumeCount}" == "1" ]

  # Volumes
  local volumeCount=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.template.spec.volumes | length')
  [ "${volumeCount}" == "1" ]

  local volume=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.template.spec.volumes[0].configMap.name')
  [ "${volume}" == "$(name_prefix)-config" ]

  # Service
  local service=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.clusterIP')
  [ "${service}" != "None" ]

  local service=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.type')
  [ "${service}" == "ClusterIP" ]

  local ports=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.ports | length')
  [ "${ports}" == "2" ]

  local ports=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.ports[0].port')
  [ "${ports}" == "8200" ]

  local ports=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.ports[1].port')
  [ "${ports}" == "8201" ]

  # Vault Init
  local token=$(kubectl exec -ti "$(name_prefix)-0" -- \
    vault operator init -format=json -n 1 -t 1 | \
    jq -r '.unseal_keys_b64[0]')
  [ "${token}" != "" ]

  # Vault Unseal
  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=vault' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      kubectl exec -ti ${pod} -- vault operator unseal ${token}
  done

  wait_for_ready "$(name_prefix)-0"

  # Sealed, not initialized
  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]

  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
}

# TODO: Auto unseal test

# setup a consul env
setup() {
  helm install https://github.com/hashicorp/consul-helm/archive/v0.8.1.tar.gz \
    --name consul \
    --set 'ui.enabled=false' \

  wait_for_running_consul
}

#cleanup
teardown() {
  helm delete --purge vault
  helm delete --purge consul
  kubectl delete --all pvc
}
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00			`#!/usr/bin/env bats`

			`load _helpers`

Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`@test "server/ha: testing deployment" {`
			cd `chart_dir`
Address K8s Deprecation of Kubelet security controls. Remove Whitespaces. (#24) 2019-08-22 15:05:31 +00:00
Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`helm install --name="$(name_prefix)" \`
			`--set='server.ha.enabled=true' .`
			`wait_for_running $(name_prefix)-0`
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00
Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`# Sealed, not initialized`
			`local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json \|`
			`jq -r '.sealed' )`
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00			`[ "${sealed_status}" == "true" ]`

Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json \|`
			`jq -r '.initialized')`
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00			`[ "${init_status}" == "false" ]`
Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00
Remove privileged, add mlock configurable (#50) 2019-09-23 05:11:04 +00:00			`# Security`
			`local ipc=$(kubectl get statefulset "$(name_prefix)" --output json \|`
			`jq -r '.spec.template.spec.containers[0].securityContext.capabilities.add[0]')`
			`[ "${ipc}" == "IPC_LOCK" ]`

Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`# Replicas`
			`local replicas=$(kubectl get statefulset "$(name_prefix)" --output json \|`
			`jq -r '.spec.replicas')`
			`[ "${replicas}" == "3" ]`

			`# Volume Mounts`
			`local volumeCount=$(kubectl get statefulset "$(name_prefix)" --output json \|`
			`jq -r '.spec.template.spec.containers[0].volumeMounts \| length')`
			`[ "${volumeCount}" == "1" ]`

			`# Volumes`
			`local volumeCount=$(kubectl get statefulset "$(name_prefix)" --output json \|`
			`jq -r '.spec.template.spec.volumes \| length')`
			`[ "${volumeCount}" == "1" ]`

			`local volume=$(kubectl get statefulset "$(name_prefix)" --output json \|`
			`jq -r '.spec.template.spec.volumes[0].configMap.name')`
			`[ "${volume}" == "$(name_prefix)-config" ]`

			`# Service`
			`local service=$(kubectl get service "$(name_prefix)" --output json \|`
			`jq -r '.spec.clusterIP')`
Add clusterrolebinding, fix service, update Vault (#10) * Add clusterrolebinding, fix service, update Vault * Change authDelegator to false by default * Clarify clusterIP comment 2019-08-08 18:14:58 +00:00			`[ "${service}" != "None" ]`
Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00
			`local service=$(kubectl get service "$(name_prefix)" --output json \|`
			`jq -r '.spec.type')`
			`[ "${service}" == "ClusterIP" ]`

			`local ports=$(kubectl get service "$(name_prefix)" --output json \|`
			`jq -r '.spec.ports \| length')`
			`[ "${ports}" == "2" ]`

			`local ports=$(kubectl get service "$(name_prefix)" --output json \|`
			`jq -r '.spec.ports[0].port')`
			`[ "${ports}" == "8200" ]`

			`local ports=$(kubectl get service "$(name_prefix)" --output json \|`
			`jq -r '.spec.ports[1].port')`
			`[ "${ports}" == "8201" ]`

			`# Vault Init`
			`local token=$(kubectl exec -ti "$(name_prefix)-0" -- \`
			`vault operator init -format=json -n 1 -t 1 \| \`
			`jq -r '.unseal_keys_b64[0]')`
			`[ "${token}" != "" ]`

			`# Vault Unseal`
Update helm labels (#8) 2019-08-07 18:55:32 +00:00			`local pods=($(kubectl get pods --selector='app.kubernetes.io/name=vault' -o json \| jq -r '.items[].metadata.name'))`
Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`for pod in "${pods[@]}"`
Address K8s Deprecation of Kubelet security controls. Remove Whitespaces. (#24) 2019-08-22 15:05:31 +00:00			`do`
Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`kubectl exec -ti ${pod} -- vault operator unseal ${token}`
			`done`

			`wait_for_ready "$(name_prefix)-0"`

			`# Sealed, not initialized`
			`local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json \|`
			`jq -r '.sealed' )`
			`[ "${sealed_status}" == "false" ]`

			`local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json \|`
			`jq -r '.initialized')`
			`[ "${init_status}" == "true" ]`
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00			`}`

Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`# TODO: Auto unseal test`

update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00			`# setup a consul env`
			`setup() {`
Refactor chart for 1.0, add tests, update TF (#2) * Refactor chart for 1.0, add tests, update TF * Fix typo in helper comment * Add NOTES for post install instructions * Fix typo in NOTES * Fix replication port for enterprise * Change updateStrategy to OnDelete * Add icon * Remove cluster address from config * Update README, add contributing doc * Update README * Change HA replicas to 3 2019-07-31 18:26:12 +00:00			`helm install https://github.com/hashicorp/consul-helm/archive/v0.8.1.tar.gz \`
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00			`--name consul \`
			`--set 'ui.enabled=false' \`
update ha vs non-ha test names 2018-11-28 22:54:03 +00:00
Address K8s Deprecation of Kubelet security controls. Remove Whitespaces. (#24) 2019-08-22 15:05:31 +00:00			`wait_for_running_consul`
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00			`}`

			`#cleanup`
			`teardown() {`
Address K8s Deprecation of Kubelet security controls. Remove Whitespaces. (#24) 2019-08-22 15:05:31 +00:00			`helm delete --purge vault`
update tests 2018-11-30 22:01:25 +00:00			`helm delete --purge consul`
Address K8s Deprecation of Kubelet security controls. Remove Whitespaces. (#24) 2019-08-22 15:05:31 +00:00			`kubectl delete --all pvc`
update single server acc test, add HA test that installs Consul and runs HA mode 2018-11-28 22:40:37 +00:00			`}`