diff --git a/.gitignore b/.gitignore index 6992d23..2e23aca 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ vaul-helm-dev-creds.json ./test/unit/vaul-helm-dev-creds.json ./test/acceptance/values.yaml ./test/acceptance/values.yml +.idea diff --git a/Makefile b/Makefile index 1b3020c..d72b0e8 100644 --- a/Makefile +++ b/Makefile @@ -4,6 +4,9 @@ CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514 # set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats ACCEPTANCE_TESTS?=acceptance +# filter bats unit tests to run. +UNIT_TESTS_FILTER?='.*' + # Generate json schema for chart values. See test/README.md for more details. values-schema: helm schema-gen values.yaml > values.schema.json @@ -12,7 +15,7 @@ test-image: @docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR) test-unit: - @docker run -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats /helm-test/test/unit + @docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit test-bats: test-unit test-acceptance diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 63011d3..72b0e68 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -224,7 +224,12 @@ Set's the affinity for pod placement when running in standalone and HA modes. {{- define "vault.affinity" -}} {{- if and (ne .mode "dev") .Values.server.affinity }} affinity: - {{ tpl .Values.server.affinity . | nindent 8 | trim }} + {{ $tp := typeOf .Values.server.affinity }} + {{- if eq $tp "string" }} + {{- tpl .Values.server.affinity . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.server.affinity | nindent 8 }} + {{- end }} {{ end }} {{- end -}} @@ -234,17 +239,27 @@ Sets the injector affinity for pod placement {{- define "injector.affinity" -}} {{- if .Values.injector.affinity }} affinity: - {{ tpl .Values.injector.affinity . | nindent 8 | trim }} + {{ $tp := typeOf .Values.injector.affinity }} + {{- if eq $tp "string" }} + {{- tpl .Values.injector.affinity . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.injector.affinity | nindent 8 }} + {{- end }} {{ end }} {{- end -}} {{/* -Set's the toleration for pod placement when running in standalone and HA modes. +Sets the toleration for pod placement when running in standalone and HA modes. */}} {{- define "vault.tolerations" -}} {{- if and (ne .mode "dev") .Values.server.tolerations }} tolerations: + {{- $tp := typeOf .Values.server.tolerations }} + {{- if eq $tp "string" }} {{ tpl .Values.server.tolerations . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.server.tolerations | nindent 8 }} + {{- end }} {{- end }} {{- end -}} @@ -254,7 +269,12 @@ Sets the injector toleration for pod placement {{- define "injector.tolerations" -}} {{- if .Values.injector.tolerations }} tolerations: + {{- $tp := typeOf .Values.injector.tolerations }} + {{- if eq $tp "string" }} {{ tpl .Values.injector.tolerations . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.injector.tolerations | nindent 8 }} + {{- end }} {{- end }} {{- end -}} @@ -264,7 +284,12 @@ Set's the node selector for pod placement when running in standalone and HA mode {{- define "vault.nodeselector" -}} {{- if and (ne .mode "dev") .Values.server.nodeSelector }} nodeSelector: - {{ tpl .Values.server.nodeSelector . | indent 8 | trim }} + {{- $tp := typeOf .Values.server.nodeSelector }} + {{- if eq $tp "string" }} + {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.server.nodeSelector | nindent 8 }} + {{- end }} {{- end }} {{- end -}} @@ -274,7 +299,12 @@ Sets the injector node selector for pod placement {{- define "injector.nodeselector" -}} {{- if .Values.injector.nodeSelector }} nodeSelector: - {{ tpl .Values.injector.nodeSelector . | indent 8 | trim }} + {{- $tp := typeOf .Values.injector.nodeSelector }} + {{- if eq $tp "string" }} + {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.injector.nodeSelector | nindent 8 }} + {{- end }} {{- end }} {{- end -}} @@ -519,7 +549,12 @@ Sets the injector toleration for pod placement {{- define "csi.pod.tolerations" -}} {{- if .Values.csi.pod.tolerations }} tolerations: + {{- $tp := typeOf .Values.csi.pod.tolerations }} + {{- if eq $tp "string" }} {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }} + {{- else }} + {{- toYaml .Values.csi.pod.tolerations | nindent 8 }} + {{- end }} {{- end }} {{- end -}} diff --git a/test/unit/csi-daemonset.bats b/test/unit/csi-daemonset.bats index f0a62c2..d7152c6 100644 --- a/test/unit/csi-daemonset.bats +++ b/test/unit/csi-daemonset.bats @@ -246,7 +246,7 @@ load _helpers [ "${actual}" = "true" ] } -@test "csi/daemonset: tolerations can be set" { +@test "csi/daemonset: tolerations can be set as string" { cd `chart_dir` local actual=$(helm template \ --show-only templates/csi-daemonset.yaml \ @@ -257,6 +257,17 @@ load _helpers [ "${actual}" = "true" ] } +@test "csi/daemonset: tolerations can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/csi-daemonset.yaml \ + --set 'csi.enabled=true' \ + --set "csi.pod.tolerations[0].foo=bar,csi.pod.tolerations[1].baz=qux" \ + . | tee /dev/stderr | + yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # volumes diff --git a/test/unit/injector-deployment.bats b/test/unit/injector-deployment.bats index edd5a00..0f475df 100755 --- a/test/unit/injector-deployment.bats +++ b/test/unit/injector-deployment.bats @@ -432,7 +432,7 @@ load _helpers [ "${actual}" = "false" ] } -@test "injector/deployment: affinity can be set" { +@test "injector/deployment: affinity can be set as string" { cd `chart_dir` local actual=$(helm template \ --show-only templates/injector-deployment.yaml \ @@ -442,6 +442,16 @@ load _helpers [ "${actual}" = "true" ] } +@test "injector/deployment: affinity can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-deployment.yaml \ + --set 'injector.affinity.podAntiAffinity=foobar' \ + . | tee /dev/stderr | + yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # tolerations @@ -454,7 +464,7 @@ load _helpers [ "${actual}" = "true" ] } -@test "injector/deployment: tolerations can be set" { +@test "injector/deployment: tolerations can be set as string" { cd `chart_dir` local actual=$(helm template \ --show-only templates/injector-deployment.yaml \ @@ -464,6 +474,16 @@ load _helpers [ "${actual}" = "true" ] } +@test "injector/deployment: tolerations can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-deployment.yaml \ + --set "injector.tolerations[0].foo=bar,injector.tolerations[1].baz=qux" \ + . | tee /dev/stderr | + yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # nodeSelector @@ -476,7 +496,7 @@ load _helpers [ "${actual}" = "null" ] } -@test "injector/deployment: nodeSelector can be set" { +@test "injector/deployment: nodeSelector can be set as string" { cd `chart_dir` local actual=$(helm template \ --show-only templates/injector-deployment.yaml \ @@ -486,6 +506,17 @@ load _helpers [ "${actual}" = "testing" ] } +@test "injector/deployment: nodeSelector can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/injector-deployment.yaml \ + --set "injector.nodeSelector.beta\.kubernetes\.io/arch=amd64" \ + . | tee /dev/stderr | + yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + + #-------------------------------------------------------------------- # priorityClassName diff --git a/test/unit/server-ha-statefulset.bats b/test/unit/server-ha-statefulset.bats index 43e1ace..cc77e7e 100755 --- a/test/unit/server-ha-statefulset.bats +++ b/test/unit/server-ha-statefulset.bats @@ -571,7 +571,7 @@ load _helpers [ "${actual}" = "null" ] } -@test "server/ha-StatefulSet: specified nodeSelector" { +@test "server/ha-StatefulSet: specified nodeSelector as string" { cd `chart_dir` local actual=$(helm template \ --show-only templates/server-statefulset.yaml \ @@ -582,6 +582,17 @@ load _helpers [ "${actual}" = "testing" ] } +@test "server/ha-StatefulSet: nodeSelector can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.ha.enabled=true' \ + --set "server.nodeSelector.beta\.kubernetes\.io/arch=amd64" \ + . | tee /dev/stderr | + yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # Security Contexts @test "server/ha-StatefulSet: uid default" { diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats index d7edb96..62f2529 100755 --- a/test/unit/server-statefulset.bats +++ b/test/unit/server-statefulset.bats @@ -738,7 +738,7 @@ load _helpers [ "${actual}" = "true" ] } -@test "server/standalone-StatefulSet: affinity can be set" { +@test "server/standalone-StatefulSet: affinity can be set as string" { cd `chart_dir` local actual=$(helm template \ --show-only templates/server-statefulset.yaml \ @@ -748,6 +748,17 @@ load _helpers [ "${actual}" = "true" ] } +@test "server/standalone-StatefulSet: affinity can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set 'server.affinity.podAntiAffinity=foobar' \ + . | tee /dev/stderr | + yq '.spec.template.spec.affinity.podAntiAffinity == "foobar"' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + + @test "server/standalone-StatefulSet: tolerations not set by default" { cd `chart_dir` local actual=$(helm template \ @@ -757,7 +768,7 @@ load _helpers [ "${actual}" = "true" ] } -@test "server/standalone-StatefulSet: tolerations can be set" { +@test "server/standalone-StatefulSet: tolerations can be set as string" { cd `chart_dir` local actual=$(helm template \ --show-only templates/server-statefulset.yaml \ @@ -767,6 +778,16 @@ load _helpers [ "${actual}" = "true" ] } +@test "server/standalone-StatefulSet: tolerations can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set "server.tolerations[0].foo=bar,server.tolerations[1].baz=qux" \ + . | tee /dev/stderr | + yq '.spec.template.spec.tolerations == [{"foo": "bar"}, {"baz": "qux"}]' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + @test "server/standalone-StatefulSet: nodeSelector is not set by default" { cd `chart_dir` local actual=$(helm template \ @@ -776,7 +797,7 @@ load _helpers [ "${actual}" = "null" ] } -@test "server/standalone-StatefulSet: specified nodeSelector" { +@test "server/standalone-StatefulSet: specified nodeSelector as string" { cd `chart_dir` local actual=$(helm template \ --show-only templates/server-statefulset.yaml \ @@ -786,6 +807,16 @@ load _helpers [ "${actual}" = "testing" ] } +@test "server/standalone-StatefulSet: nodeSelector can be set as YAML" { + cd `chart_dir` + local actual=$(helm template \ + --show-only templates/server-statefulset.yaml \ + --set "server.nodeSelector.beta\.kubernetes\.io/arch=amd64" \ + . | tee /dev/stderr | + yq '.spec.template.spec.nodeSelector == {"beta.kubernetes.io/arch": "amd64"}' | tee /dev/stderr) + [ "${actual}" = "true" ] +} + #-------------------------------------------------------------------- # extraInitContainers diff --git a/values.schema.json b/values.schema.json index e8b3d2c..d9cbf92 100644 --- a/values.schema.json +++ b/values.schema.json @@ -80,7 +80,11 @@ ] }, "tolerations": { - "type": ["null", "string"] + "type": [ + "null", + "array", + "string" + ] } } }, @@ -167,7 +171,10 @@ "type": "object", "properties": { "affinity": { - "type": "string" + "type": [ + "object", + "string" + ] }, "agentDefaults": { "type": "object", @@ -309,7 +316,11 @@ "type": "object" }, "nodeSelector": { - "type": ["null", "string"] + "type": [ + "null", + "object", + "string" + ] }, "objectSelector": { "type": "object" @@ -343,6 +354,7 @@ "tolerations": { "type": [ "null", + "array", "string" ] } @@ -352,7 +364,10 @@ "type": "object", "properties": { "affinity": { - "type": "string" + "type": [ + "object", + "string" + ] }, "annotations": { "type": [ @@ -629,6 +644,7 @@ "nodeSelector": { "type": [ "null", + "object", "string" ] }, @@ -755,6 +771,7 @@ "tolerations": { "type": [ "null", + "array", "string" ] }, diff --git a/values.yaml b/values.yaml index 2271f30..4598c8d 100644 --- a/values.yaml +++ b/values.yaml @@ -151,8 +151,7 @@ injector: # KUBERNETES_SERVICE_HOST: kubernetes.default.svc # Affinity Settings for injector pods - # This should be a multi-line string matching the affinity section of a - # PodSpec. + # This can either be multi-line string or YAML matching the PodSpec's affinity field. # Commenting out or setting as empty the affinity variable, will allow # deployment of multiple replicas to single node services such as Minikube. affinity: | @@ -166,16 +165,16 @@ injector: topologyKey: kubernetes.io/hostname # Toleration Settings for injector pods - # This should be a multi-line string matching the Toleration array + # This should be either a multi-line string or YAML matching the Toleration array # in a PodSpec. - tolerations: null + tolerations: [] - # nodeSelector labels for injector pod assignment, formatted as a muli-line string. + # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # Example: - # nodeSelector: | + # nodeSelector: # beta.kubernetes.io/arch: amd64 - nodeSelector: null + nodeSelector: {} # Priority class for injector pods priorityClassName: "" @@ -397,10 +396,10 @@ server: # name: plugins # readOnly: true - # Affinity Settings # Commenting out or setting as empty the affinity variable, will allow # deployment to single node services such as Minikube + # This should be either a multi-line string or YAML matching the PodSpec's affinity field. affinity: | podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -412,16 +411,16 @@ server: topologyKey: kubernetes.io/hostname # Toleration Settings for server pods - # This should be a multi-line string matching the Toleration array + # This should be either a multi-line string or YAML matching the Toleration array # in a PodSpec. - tolerations: null + tolerations: [] - # nodeSelector labels for server pod assignment, formatted as a muli-line string. + # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map. # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # Example: - # nodeSelector: | + # nodeSelector: # beta.kubernetes.io/arch: amd64 - nodeSelector: null + nodeSelector: {} # Enables network policy for server pods networkPolicy: @@ -753,9 +752,9 @@ csi: annotations: {} # Toleration Settings for provider pods - # This should be a multi-line string matching the Toleration array + # This should be either a multi-line string or YAML matching the Toleration array # in a PodSpec. - tolerations: null + tolerations: [] serviceAccount: # Extra annotations for the serviceAccount definition. This can either be