From 8c741f6276c7320ae26885a31bfd2ce07f63e6a9 Mon Sep 17 00:00:00 2001
From: georgekaz <egeorgekaz@gmail.com>
Date: Tue, 14 Jul 2020 15:23:08 +0100
Subject: [PATCH] add support for more flexible volume mounts. Include example
 values for init container (#314)

add unit tests

add missing braces
---
 templates/_helpers.tpl            |  6 ++++
 test/unit/server-statefulset.bats | 47 +++++++++++++++++++++++++++++--
 values.yaml                       | 30 ++++++++++++++++++++
 3 files changed, 81 insertions(+), 2 deletions(-)

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 028d3bf..c3373b8 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -98,6 +98,9 @@ extra volumes the user may have specified (such as a secret with TLS).
           {{- end }}
             defaultMode: {{ .defaultMode | default 420 }}
   {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
 {{- end -}}
 
 {{/*
@@ -160,6 +163,9 @@ based on the mode configured.
               readOnly: true
               mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
   {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
 {{- end -}}
 
 {{/*
diff --git a/test/unit/server-statefulset.bats b/test/unit/server-statefulset.bats
index 65f4ce2..d67722a 100755
--- a/test/unit/server-statefulset.bats
+++ b/test/unit/server-statefulset.bats
@@ -225,7 +225,7 @@ load _helpers
 #--------------------------------------------------------------------
 # extraVolumes
 
-@test "server/standalone-StatefulSet: adds extra volume" {
+@test "server/standalone-StatefulSet: server.extraVolumes adds extra volume" {
   cd `chart_dir`
 
   # Test that it defines it
@@ -293,7 +293,7 @@ load _helpers
   [ "${actual}" = "/vault/userconfig/foo" ]
 }
 
-@test "server/standalone-StatefulSet: adds extra secret volume" {
+@test "server/standalone-StatefulSet: server.extraVolumes adds extra secret volume" {
   cd `chart_dir`
 
   # Test that it defines it
@@ -370,6 +370,49 @@ load _helpers
       yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "audit")' | tee /dev/stderr)
 }
 
+#--------------------------------------------------------------------
+# volumes
+
+@test "server/standalone-StatefulSet: server.volumes adds volume" {
+  cd `chart_dir`
+
+  # Test that it defines it
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.volumes[0].name=plugins' \
+      --set 'server.volumes[0].emptyDir=\{\}' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.volumes[] | select(.name == "plugins")' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.emptyDir' | tee /dev/stderr)
+  [ "${actual}" = "{}" ]
+}
+
+#--------------------------------------------------------------------
+# volumeMounts
+
+@test "server/standalone-StatefulSet: server.volumeMounts adds volumeMount" {
+  cd `chart_dir`
+
+  # Test that it defines it
+  local object=$(helm template \
+      --show-only templates/server-statefulset.yaml  \
+      --set 'server.volumeMounts[0].name=plugins' \
+      --set 'server.volumeMounts[0].mountPath=/usr/local/libexec/vault' \
+      --set 'server.volumeMounts[0].readOnly=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].volumeMounts[] | select(.name == "plugins")' | tee /dev/stderr)
+
+  local actual=$(echo $object |
+      yq -r '.mountPath' | tee /dev/stderr)
+  [ "${actual}" = "/usr/local/libexec/vault" ]
+
+  local actual=$(echo $object |
+      yq -r '.readOnly' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # extraEnvironmentVars
 
diff --git a/values.yaml b/values.yaml
index f985e59..23f1280 100644
--- a/values.yaml
+++ b/values.yaml
@@ -184,6 +184,20 @@ server:
   # This is useful if you need to run a script to provision TLS certificates or
   # write out configuration files in a dynamic way.
   extraInitContainers: null
+    # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+    # # which is defined in the volumes value.
+    # - name: oauthapp
+    #   image: "alpine"
+    #   command: [sh, -c]
+    #   args:
+    #     - cd /tmp &&
+    #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+    #       tar -xf oauthapp.xz &&
+    #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+    #       chmod +x /usr/local/libexec/vault/oauthapp
+    #   volumeMounts:
+    #     - name: plugins
+    #       mountPath: /usr/local/libexec/vault
 
   # extraContainers is a list of sidecar containers. Specified as a YAML list.
   extraContainers: null
@@ -239,6 +253,22 @@ server:
     #   name: my-secret
     #   path: null # default is `/vault/userconfig`
 
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+
   # Affinity Settings
   # Commenting out or setting as empty the affinity variable, will allow
   # deployment to single node services such as Minikube