use port names that map to vault.scheme (#223)

* use port names that map to vault.scheme * prefix internal/replication port names with vault.scheme * port names must be 'no more than 15 characters' * test vault server service port names are prefixed with vault scheme * test vault server statefulset port names are prefixed with vault scheme * test vault ui service port names are prefixed with vault scheme * formatting: replace double quote with single quote * uncomment accidentally-commented lines * always set internal port name to https-internal, since it is always https * prefix headless service internal port name with https
2020-04-13 10:48:23 -05:00 · 2020-04-13 10:48:23 -05:00 · 374ea22c02
commit 374ea22c02
parent 0e115513c2
7 changed files with 97 additions and 7 deletions
--- a/templates/server-headless-service.yaml
+++ b/templates/server-headless-service.yaml
@ -24,7 +24,7 @@ spec:
    - name: "{{ include "vault.scheme" . }}"
      port: {{ .Values.server.service.port }}
      targetPort: {{ .Values.server.service.targetPort }}
-    - name: internal
+    - name: https-internal
      port: 8201
      targetPort: 8201
  selector:
--- a/templates/server-service.yaml
+++ b/templates/server-service.yaml
@ -31,13 +31,13 @@ spec:
  # since this DNS is also used for join operations.
  publishNotReadyAddresses: true
  ports:
-    - name: http
+    - name: {{ include "vault.scheme" . }}
      port: {{ .Values.server.service.port }}
      targetPort: {{ .Values.server.service.targetPort }}
      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
      nodePort: {{ .Values.server.service.nodePort }}
      {{- end }}
-    - name: internal
+    - name: https-internal
      port: 8201
      targetPort: 8201
  selector:
--- a/templates/server-statefulset.yaml
+++ b/templates/server-statefulset.yaml
@ -94,11 +94,11 @@ spec:
          {{ template "vault.mounts" . }}
          ports:
            - containerPort: 8200
-              name: http
+              name: {{ include "vault.scheme" . }}
            - containerPort: 8201
-              name: internal
+              name: https-internal
            - containerPort: 8202
-              name: replication
+              name: {{ include "vault.scheme" . }}-rep
          {{- if .Values.server.readinessProbe.enabled }}
          readinessProbe:
            {{- if .Values.server.readinessProbe.path }}
--- a/templates/ui-service.yaml
+++ b/templates/ui-service.yaml
@ -25,7 +25,7 @@ spec:
    component: server
  publishNotReadyAddresses: true
  ports:
-    - name: http
+    - name: {{ include "vault.scheme" . }}
      port: {{ .Values.ui.externalPort }}
      targetPort: 8200
      {{- if .Values.ui.serviceNodePort }}
--- a/test/unit/server-service.bats
+++ b/test/unit/server-service.bats
@ -388,3 +388,25 @@ load _helpers
      yq -r '.spec.ports[0].nodePort' | tee /dev/stderr)
  [ "${actual}" = "null" ]
 }
+
+@test "server/Service: vault port name is http, when tlsDisable is true" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-service.yaml \
+      --set 'global.tlsDisable=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr)
+  [ "${actual}" = "http" ]
+}
+
+@test "server/Service: vault port name is https, when tlsDisable is false" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-service.yaml \
+      --set 'global.tlsDisable=false' \
+      . | tee /dev/stderr |
+      yq -r '.spec.ports | map(select(.port==8200)) | .[] .name' | tee /dev/stderr)
+  [ "${actual}" = "https" ]
+}
--- a/test/unit/server-statefulset.bats
+++ b/test/unit/server-statefulset.bats
@ -892,3 +892,47 @@ load _helpers
       yq -r '.spec.template.spec.containers[0].lifecycle.preStop.exec.command[2]' | tee /dev/stderr)
  [[ "${actual}" = "sleep 10 &&"* ]]
 }
+
+@test "server/standalone-StatefulSet: vault port name is http, when tlsDisable is true" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'global.tlsDisable=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8200)) | .[] .name' | tee /dev/stderr)
+  [ "${actual}" = "http" ]
+}
+
+@test "server/standalone-StatefulSet: vault replication port name is http-rep, when tlsDisable is true" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'global.tlsDisable=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8202)) | .[] .name' | tee /dev/stderr)
+  [ "${actual}" = "http-rep" ]
+}
+
+@test "server/standalone-StatefulSet: vault port name is https, when tlsDisable is false" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'global.tlsDisable=false' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8200)) | .[] .name' | tee /dev/stderr)
+  [ "${actual}" = "https" ]
+}
+
+@test "server/standalone-StatefulSet: vault replication port name is https-rep, when tlsDisable is false" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-statefulset.yaml \
+      --set 'global.tlsDisable=false' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].ports | map(select(.containerPort==8202)) | .[] .name' | tee /dev/stderr)
+  [ "${actual}" = "https-rep" ]
+}
--- a/test/unit/ui-service.bats
+++ b/test/unit/ui-service.bats
@ -214,3 +214,27 @@ load _helpers
      yq -r '.metadata.annotations["foo"]' | tee /dev/stderr)
  [ "${actual}" = "null" ]
 }
+
+@test "ui/Service: port name is http, when tlsDisable is true" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/ui-service.yaml \
+      --set 'global.tlsDisable=true' \
+      --set 'ui.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.ports[0].name' | tee /dev/stderr)
+  [ "${actual}" = "http" ]
+}
+
+@test "ui/Service: port name is https, when tlsDisable is false" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/ui-service.yaml \
+      --set 'global.tlsDisable=false' \
+      --set 'ui.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.ports[0].name' | tee /dev/stderr)
+  [ "${actual}" = "https" ]
+}