Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add logLevel and logFormat values for Vault (#488)

Browse source 
* Add logLevel and logFormat values for Vault

* Add configurable tests

* Update order of log levels

* Update values.yaml

* Update per review

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* Update test/unit/server-statefulset.bats

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
This commit is contained in:
Jason O'Donnell 2021-04-08 11:18:16 -04:00 committed by GitHub
parent ccebde9dae
commit ec67b5dd45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 144 additions and 136 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
templates/server-statefulset.yaml
View file

@ -117,6 +117,14 @@ spec:
{{- end }} {{- end }}
- name: HOME - name: HOME
value: "/home/vault" value: "/home/vault"
{{- if .Values.server.logLevel }}
- name: VAULT_LOG_LEVEL
value: "{{ .Values.server.logLevel }}"
{{- end }}
{{- if .Values.server.logFormat }}
- name: VAULT_LOG_FORMAT
value: "{{ .Values.server.logFormat }}"
{{- end }}
{{ template "vault.envs" . }} {{ template "vault.envs" . }}
{{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
{{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }} {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}

50
test/unit/server-dev-statefulset.bats
View file

@ -246,13 +246,9 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local name=$(echo $object |
yq -r '.[11].name' | tee /dev/stderr) yq -r 'map(select(.name=="VAULT_DEV_ROOT_TOKEN_ID")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "VAULT_DEV_ROOT_TOKEN_ID" ] [ "${name}" = "root" ]
local actual=$(echo $object |
yq -r '.[11].value' | tee /dev/stderr)
[ "${actual}" = "root" ]
} }
@test "server/dev-StatefulSet: set custom devRootToken" { @test "server/dev-StatefulSet: set custom devRootToken" {
@ -264,13 +260,9 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local name=$(echo $object |
yq -r '.[11].name' | tee /dev/stderr) yq -r 'map(select(.name=="VAULT_DEV_ROOT_TOKEN_ID")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "VAULT_DEV_ROOT_TOKEN_ID" ] [ "${name}" = "customtoken" ]
local actual=$(echo $object |
yq -r '.[11].value' | tee /dev/stderr)
[ "${actual}" = "customtoken" ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------
@ -340,27 +332,21 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[11].name' | tee /dev/stderr) yq -r 'map(select(.name=="ENV_FOO_0")) | .[] .valueFrom.secretKeyRef.name' | tee /dev/stderr)
[ "${actual}" = "ENV_FOO_0" ] [ "${value}" = "secret_name_0" ]
local actual=$(echo $object |
yq -r '.[11].valueFrom.secretKeyRef.name' | tee /dev/stderr)
[ "${actual}" = "secret_name_0" ]
local actual=$(echo $object |
yq -r '.[11].valueFrom.secretKeyRef.key' | tee /dev/stderr)
[ "${actual}" = "secret_key_0" ]
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[12].name' | tee /dev/stderr) yq -r 'map(select(.name=="ENV_FOO_0")) | .[] .valueFrom.secretKeyRef.key' | tee /dev/stderr)
[ "${actual}" = "ENV_FOO_1" ] [ "${value}" = "secret_key_0" ]
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[12].valueFrom.secretKeyRef.name' | tee /dev/stderr) yq -r 'map(select(.name=="ENV_FOO_1")) | .[] .valueFrom.secretKeyRef.name' | tee /dev/stderr)
[ "${actual}" = "secret_name_1" ] [ "${value}" = "secret_name_1" ]
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[12].valueFrom.secretKeyRef.key' | tee /dev/stderr) yq -r 'map(select(.name=="ENV_FOO_1")) | .[] .valueFrom.secretKeyRef.key' | tee /dev/stderr)
[ "${actual}" = "secret_key_1" ] [ "${value}" = "secret_key_1" ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------

115
test/unit/server-ha-statefulset.bats
View file

@ -70,14 +70,11 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[4].name' | tee /dev/stderr) yq -r 'map(select(.name=="VAULT_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "VAULT_ADDR" ] [ "${value}" = "http://127.0.0.1:8200" ]
local actual=$(echo $object |
yq -r '.[4].value' | tee /dev/stderr)
[ "${actual}" = "http://127.0.0.1:8200" ]
} }
@test "server/ha-StatefulSet: tls enabled" { @test "server/ha-StatefulSet: tls enabled" {
cd `chart_dir` cd `chart_dir`
local object=$(helm template \ local object=$(helm template \
@ -86,13 +83,9 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[4].name' | tee /dev/stderr) yq -r 'map(select(.name=="VAULT_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "VAULT_ADDR" ] [ "${value}" = "https://127.0.0.1:8200" ]
local actual=$(echo $object |
yq -r '.[4].value' | tee /dev/stderr)
[ "${actual}" = "https://127.0.0.1:8200" ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------
@ -348,21 +341,13 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[11].name' | tee /dev/stderr) yq -r 'map(select(.name=="FOO")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "FOO" ] [ "${value}" = "bar" ]
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[11].value' | tee /dev/stderr) yq -r 'map(select(.name=="FOOBAR")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "bar" ] [ "${value}" = "foobar" ]
local actual=$(echo $object |
yq -r '.[12].name' | tee /dev/stderr)
[ "${actual}" = "FOOBAR" ]
local actual=$(echo $object |
yq -r '.[12].value' | tee /dev/stderr)
[ "${actual}" = "foobar" ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------
@ -382,25 +367,21 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[11].name' | tee /dev/stderr) yq -r 'map(select(.name=="ENV_FOO_0")) | .[] .valueFrom.secretKeyRef.name' | tee /dev/stderr)
[ "${actual}" = "ENV_FOO_0" ] [ "${value}" = "secret_name_0" ]
local actual=$(echo $object |
yq -r '.[11].valueFrom.secretKeyRef.name' | tee /dev/stderr)
[ "${actual}" = "secret_name_0" ]
local actual=$(echo $object |
yq -r '.[11].valueFrom.secretKeyRef.key' | tee /dev/stderr)
[ "${actual}" = "secret_key_0" ]
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[12].name' | tee /dev/stderr) yq -r 'map(select(.name=="ENV_FOO_0")) | .[] .valueFrom.secretKeyRef.key' | tee /dev/stderr)
[ "${actual}" = "ENV_FOO_1" ] [ "${value}" = "secret_key_0" ]
local actual=$(echo $object |
yq -r '.[12].valueFrom.secretKeyRef.name' | tee /dev/stderr) local value=$(echo $object |
[ "${actual}" = "secret_name_1" ] yq -r 'map(select(.name=="ENV_FOO_1")) | .[] .valueFrom.secretKeyRef.name' | tee /dev/stderr)
local actual=$(echo $object | [ "${value}" = "secret_name_1" ]
yq -r '.[12].valueFrom.secretKeyRef.key' | tee /dev/stderr)
[ "${actual}" = "secret_key_1" ] local value=$(echo $object |
yq -r 'map(select(.name=="ENV_FOO_1")) | .[] .valueFrom.secretKeyRef.key' | tee /dev/stderr)
[ "${value}" = "secret_key_1" ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------
@ -414,16 +395,12 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[5].name' | tee /dev/stderr) yq -r 'map(select(.name=="VAULT_API_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "VAULT_API_ADDR" ] [ "${value}" = 'http://$(POD_IP):8200' ]
local actual=$(echo $object |
yq -r '.[5].value' | tee /dev/stderr)
[ "${actual}" = 'http://$(POD_IP):8200' ]
} }
@test "server/ha-StatefulSet: api addr can be overriden" { @test "server/ha-StatefulSet: api addr is configurable" {
cd `chart_dir` cd `chart_dir`
local object=$(helm template \ local object=$(helm template \
--show-only templates/server-statefulset.yaml \ --show-only templates/server-statefulset.yaml \
@ -432,13 +409,9 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[5].name' | tee /dev/stderr) yq -r 'map(select(.name=="VAULT_API_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "VAULT_API_ADDR" ] [ "${value}" = "https://example.com:8200" ]
local actual=$(echo $object |
yq -r '.[5].value' | tee /dev/stderr)
[ "${actual}" = 'https://example.com:8200' ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------
@ -453,13 +426,9 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[9].name' | tee /dev/stderr) yq -r 'map(select(.name=="VAULT_CLUSTER_ADDR")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "VAULT_CLUSTER_ADDR" ] [ "${value}" = 'https://$(HOSTNAME).RELEASE-NAME-vault-internal:8201' ]
local actual=$(echo $object |
yq -r '.[9].value' | tee /dev/stderr)
[ "${actual}" = 'https://$(HOSTNAME).RELEASE-NAME-vault-internal:8201' ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------
@ -475,13 +444,9 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local value=$(echo $object |
yq -r '.[10].name' | tee /dev/stderr) yq -r 'map(select(.name=="VAULT_RAFT_NODE_ID")) | .[] .valueFrom.fieldRef.fieldPath' | tee /dev/stderr)
[ "${actual}" = "VAULT_RAFT_NODE_ID" ] [ "${value}" = "metadata.name" ]
local actual=$(echo $object |
yq -r '.[10].valueFrom.fieldRef.fieldPath' | tee /dev/stderr)
[ "${actual}" = 'metadata.name' ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------

96
test/unit/server-statefulset.bats
View file

@ -448,6 +448,62 @@ load _helpers
[ "${actual}" = "true" ] [ "${actual}" = "true" ]
} }
#--------------------------------------------------------------------
# log level
@test "server/standalone-StatefulSet: default log level to empty" {
cd `chart_dir`
local objects=$(helm template \
--show-only templates/server-statefulset.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $objects |
yq -r 'map(select(.name=="VAULT_LOG_LEVEL")) | .[] .name' | tee /dev/stderr)
[ "${value}" = "" ]
}
@test "server/standalone-StatefulSet: log level can be changed" {
cd `chart_dir`
local objects=$(helm template \
--show-only templates/server-statefulset.yaml \
--set='server.logLevel=debug' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $objects |
yq -r 'map(select(.name=="VAULT_LOG_LEVEL")) | .[] .value' | tee /dev/stderr)
[ "${value}" = "debug" ]
}
#--------------------------------------------------------------------
# log format
@test "server/standalone-StatefulSet: default log format to empty" {
cd `chart_dir`
local objects=$(helm template \
--show-only templates/server-statefulset.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $objects |
yq -r 'map(select(.name=="VAULT_LOG_FORMAT")) | .[] .name' | tee /dev/stderr)
[ "${value}" = "" ]
}
@test "server/standalone-StatefulSet: can set log format" {
cd `chart_dir`
local objects=$(helm template \
--show-only templates/server-statefulset.yaml \
--set='server.logFormat=json' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $objects |
yq -r 'map(select(.name=="VAULT_LOG_FORMAT")) | .[] .value' | tee /dev/stderr)
[ "${value}" = "json" ]
}
#-------------------------------------------------------------------- #--------------------------------------------------------------------
# extraEnvironmentVars # extraEnvironmentVars
@ -461,21 +517,13 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local name=$(echo $object |
yq -r '.[11].name' | tee /dev/stderr) yq -r 'map(select(.name=="FOO")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "FOO" ] [ "${name}" = "bar" ]
local actual=$(echo $object | local name=$(echo $object |
yq -r '.[11].value' | tee /dev/stderr) yq -r 'map(select(.name=="FOOBAR")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "bar" ] [ "${name}" = "foobar" ]
local actual=$(echo $object |
yq -r '.[12].name' | tee /dev/stderr)
[ "${actual}" = "FOOBAR" ]
local actual=$(echo $object |
yq -r '.[12].value' | tee /dev/stderr)
[ "${actual}" = "foobar" ]
local object=$(helm template \ local object=$(helm template \
--show-only templates/server-statefulset.yaml \ --show-only templates/server-statefulset.yaml \
@ -484,21 +532,13 @@ load _helpers
. | tee /dev/stderr | . | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr) yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local actual=$(echo $object | local name=$(echo $object |
yq -r '.[11].name' | tee /dev/stderr) yq -r 'map(select(.name=="FOO")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "FOO" ] [ "${name}" = "bar" ]
local actual=$(echo $object | local name=$(echo $object |
yq -r '.[11].value' | tee /dev/stderr) yq -r 'map(select(.name=="FOOBAR")) | .[] .value' | tee /dev/stderr)
[ "${actual}" = "bar" ] [ "${name}" = "foobar" ]
local actual=$(echo $object |
yq -r '.[12].name' | tee /dev/stderr)
[ "${actual}" = "FOOBAR" ]
local actual=$(echo $object |
yq -r '.[12].value' | tee /dev/stderr)
[ "${actual}" = "foobar" ]
} }
#-------------------------------------------------------------------- #--------------------------------------------------------------------

11
values.yaml
View file

@ -62,7 +62,8 @@ injector:
# Mount Path of the Vault Kubernetes Auth Method. # Mount Path of the Vault Kubernetes Auth Method.
authPath: "auth/kubernetes" authPath: "auth/kubernetes"
# Configures the log verbosity of the injector. Supported log levels: Trace, Debug, Error, Warn, Info # Configures the log verbosity of the injector.
# Supported log levels include: trace, debug, info, warn, error
logLevel: "info" logLevel: "info"
# Configures the log format of the injector. Supported log formats: "standard", "json". # Configures the log format of the injector. Supported log formats: "standard", "json".
@ -195,6 +196,14 @@ server:
# See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
updateStrategyType: "OnDelete" updateStrategyType: "OnDelete"
# Configure the logging verbosity for the Vault server.
# Supported log levels include: trace, debug, info, warn, error
logLevel: ""
# Configure the logging format for the Vault server.
# Supported log formats include: standard, json
logFormat: ""
resources: {} resources: {}
# resources: # resources:
# requests: # requests: