feat: add AGENT_INJECT_VAULT_AUTH_PATH option to the injector (#185)

* Add related unit tests
2020-03-03 19:32:50 +01:00 · 2020-03-03 19:32:50 +01:00 · 1ccc64788a
commit 1ccc64788a
parent 8a6419e623
3 changed files with 45 additions and 7 deletions
--- a/templates/injector-deployment.yaml
+++ b/templates/injector-deployment.yaml
@ -45,6 +45,8 @@ spec:
            {{- else }}
              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
            {{- end }}
            - name: AGENT_INJECT_VAULT_AUTH_PATH
              value: {{ .Values.injector.authPath }}
            - name: AGENT_INJECT_VAULT_IMAGE
              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
            {{- if .Values.injector.certs.secretName }}
--- a/test/unit/injector-deployment.bats
+++ b/test/unit/injector-deployment.bats
@ -117,19 +117,19 @@ load _helpers
      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
  local actual=$(echo $object |
-     yq -r '.[4].name' | tee /dev/stderr)
+     yq -r '.[5].name' | tee /dev/stderr)
  [ "${actual}" = "AGENT_INJECT_TLS_CERT_FILE" ]
  local actual=$(echo $object |
-      yq -r '.[4].value' | tee /dev/stderr)
+      yq -r '.[5].value' | tee /dev/stderr)
  [ "${actual}" = "/etc/webhook/certs/test.crt" ]
  local actual=$(echo $object |
-      yq -r '.[5].name' | tee /dev/stderr)
+      yq -r '.[6].name' | tee /dev/stderr)
  [ "${actual}" = "AGENT_INJECT_TLS_KEY_FILE" ]
  local actual=$(echo $object |
-      yq -r '.[5].value' | tee /dev/stderr)
+      yq -r '.[6].value' | tee /dev/stderr)
  [ "${actual}" = "/etc/webhook/certs/test.key" ]
 }
@ -147,11 +147,11 @@ load _helpers
      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
  local actual=$(echo $object |
-     yq -r '.[4].name' | tee /dev/stderr)
+     yq -r '.[5].name' | tee /dev/stderr)
  [ "${actual}" = "AGENT_INJECT_TLS_AUTO" ]
  local actual=$(echo $object |
-      yq -r '.[5].name' | tee /dev/stderr)
+      yq -r '.[6].name' | tee /dev/stderr)
  [ "${actual}" = "AGENT_INJECT_TLS_AUTO_HOSTS" ]
 }
@ -189,3 +189,36 @@ load _helpers
      yq -r '.[2].value' | tee /dev/stderr)
  [ "${actual}" = "http://not-external-test-vault.default.svc:8200" ]
 }
@test "injector/deployment: default authPath" {
  cd `chart_dir`
  local object=$(helm template \
      --show-only templates/injector-deployment.yaml  \
      . | tee /dev/stderr |
      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
  local actual=$(echo $object |
     yq -r '.[3].name' | tee /dev/stderr)
  [ "${actual}" = "AGENT_INJECT_VAULT_AUTH_PATH" ]
  local actual=$(echo $object |
      yq -r '.[3].value' | tee /dev/stderr)
  [ "${actual}" = "auth/kubernetes" ]
 }
@test "injector/deployment: custom authPath" {
  cd `chart_dir`
  local object=$(helm template \
      --show-only templates/injector-deployment.yaml  \
      --set 'injector.authPath=auth/k8s' \
      . | tee /dev/stderr |
      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
  local actual=$(echo $object |
     yq -r '.[3].name' | tee /dev/stderr)
  [ "${actual}" = "AGENT_INJECT_VAULT_AUTH_PATH" ]
  local actual=$(echo $object |
      yq -r '.[3].value' | tee /dev/stderr)
  [ "${actual}" = "auth/k8s" ]
 }
--- a/values.yaml
+++ b/values.yaml
@ -32,6 +32,9 @@ injector:
    repository: "vault"
    tag: "1.3.2"
  # Mount Path of the Vault Kubernetes Auth Method.
  authPath: "auth/kubernetes"
  # namespaceSelector is the selector for restricting the webhook to only
  # specific namespaces. This should be set to a multiline string.
  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector