710915952e
VAULT-571 Matching documented behavior and consul Consul's helm template defaults most of the enabled to the special value `"-"`, which means to inherit from global. This is what is implied should happen in Vault as well according to the documentation for the helm chart: > [global.enabled] The master enabled/disabled configuration. If this is > true, most components will be installed by default. If this is false, > no components will be installed by default and manually opting-in is > required, such as by setting server.enabled to true. (https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled) We also simplified the chart logic using a few template helpers. Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
70 lines
2.3 KiB
Bash
70 lines
2.3 KiB
Bash
#!/usr/bin/env bats
|
|
|
|
load _helpers
|
|
|
|
@test "injector/PodSecurityPolicy: PodSecurityPolicy not enabled by default" {
|
|
cd `chart_dir`
|
|
local actual=$( (helm template \
|
|
--show-only templates/injector-psp.yaml \
|
|
. || echo "---") | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "false" ]
|
|
}
|
|
|
|
@test "injector/PodSecurityPolicy: enable with injector.enabled and global.psp.enable" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-psp.yaml \
|
|
--set 'injector.enabled=true' \
|
|
--set 'global.psp.enable=true' \
|
|
. | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "injector/PodSecurityPolicy: ignore global.enabled" {
|
|
cd `chart_dir`
|
|
local actual=$( (helm template \
|
|
--show-only templates/injector-psp.yaml \
|
|
--set 'global.enabled=false' \
|
|
--set 'injector.enabled=true' \
|
|
--set 'global.psp.enable=true' \
|
|
. || echo "---") | tee /dev/stderr |
|
|
yq 'length > 0' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "injector/PodSecurityPolicy: annotations are templated correctly by default" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-psp.yaml \
|
|
--set 'injector.enabled=true' \
|
|
--set 'global.psp.enable=true' \
|
|
. | tee /dev/stderr |
|
|
yq '.metadata.annotations | length == 4' | tee /dev/stderr)
|
|
[ "${actual}" = "true" ]
|
|
}
|
|
|
|
@test "injector/PodSecurityPolicy: annotations are added - string" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-psp.yaml \
|
|
--set 'injector.enabled=true' \
|
|
--set 'global.psp.enable=true' \
|
|
--set 'global.psp.annotations=vault-is: amazing' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.metadata.annotations["vault-is"]' | tee /dev/stderr)
|
|
[ "${actual}" = "amazing" ]
|
|
}
|
|
|
|
@test "injector/PodSecurityPolicy: annotations are added - object" {
|
|
cd `chart_dir`
|
|
local actual=$(helm template \
|
|
--show-only templates/injector-psp.yaml \
|
|
--set 'injector.enabled=true' \
|
|
--set 'global.psp.enable=true' \
|
|
--set 'global.psp.annotations.vault-is=amazing' \
|
|
. | tee /dev/stderr |
|
|
yq -r '.metadata.annotations["vault-is"]' | tee /dev/stderr)
|
|
[ "${actual}" = "amazing" ]
|
|
}
|