Cleanup and add tests

hashicorp · Apr 6, 2021 · a48e8e9 · a48e8e9
1 parent 409c6ec
commit a48e8e9
Show file tree

Hide file tree

Showing 10 changed files with 194 additions and 34 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -144,7 +144,7 @@ jobs:
                     -kubecontext="kind-dc1" \
                     -secondary-kubecontext="kind-dc2" \
                     -debug-directory="$TEST_RESULTS/debug" \
-                    -consul-k8s-image=docker.mirror.hashicorp.services/hashicorpdev/consul-k8s:latest
+                    -consul-k8s-image=ishustava/consul-k8s-dev:04-06-2021-37a4384 # TODO: change once feature-tproxy consul-k8s branch is merged
               then
                 echo "Tests in ${pkg} failed, aborting early"
                 exit_code=1

diff --git a/templates/connect-inject-deployment.yaml b/templates/connect-inject-deployment.yaml
@@ -181,26 +181,6 @@ spec:
                 -consul-sidecar-cpu-request={{ $consulSidecarResources.requests.cpu }} \
                 {{- end }}
                 {{- end }}
-{{/*          livenessProbe:*/}}
-{{/*            httpGet:*/}}
-{{/*              path: /health/ready*/}}
-{{/*              port: 8080*/}}
-{{/*              scheme: HTTPS*/}}
-{{/*            failureThreshold: 2*/}}
-{{/*            initialDelaySeconds: 1*/}}
-{{/*            periodSeconds: 2*/}}
-{{/*            successThreshold: 1*/}}
-{{/*            timeoutSeconds: 5*/}}
-{{/*          readinessProbe:*/}}
-{{/*            httpGet:*/}}
-{{/*              path: /health/ready*/}}
-{{/*              port: 8080*/}}
-{{/*              scheme: HTTPS*/}}
-{{/*            failureThreshold: 2*/}}
-{{/*            initialDelaySeconds: 2*/}}
-{{/*            periodSeconds: 2*/}}
-{{/*            successThreshold: 1*/}}
-{{/*            timeoutSeconds: 5*/}}
           volumeMounts:
           - name: certs
             mountPath: /etc/connect-injector/certs

diff --git a/templates/webhook-cert-manager-configmap.yaml b/templates/webhook-cert-manager-configmap.yaml
@@ -24,8 +24,8 @@ data:
         ],
         "secretName": "{{ template "consul.fullname" . }}-connect-inject-webhook-cert",
         "secretNamespace": "{{ .Release.Namespace }}"
-      },
-    {{- end }}
+      }{{- if and .Values.controller.enabled }},{{- end }}{{- end }}
+    {{- if and .Values.controller.enabled }}
       {
         "name": "{{ template "consul.fullname" . }}-controller-mutating-webhook-configuration",
         "tlsAutoHosts": [
@@ -37,6 +37,6 @@ data:
         "secretName": "{{ template "consul.fullname" . }}-controller-webhook-cert",
         "secretNamespace": "{{ .Release.Namespace }}"
       }
+    {{- end }}
     ]
-
-{{- end }}
+  {{- end }}
diff --git a/test/acceptance/tests/fixtures/bases/static-client/kustomization.yaml b/test/acceptance/tests/fixtures/bases/static-client/kustomization.yaml
@@ -1,4 +1,4 @@
-#resources:
-#  - deployment.yaml
-#  - serviceaccount.yaml
-#  - rolebinding.yaml
+resources:
+  - deployment.yaml
+  - serviceaccount.yaml
+  - rolebinding.yaml
diff --git a/test/unit/webhook-cert-manager-clusterrole.bats b/test/unit/webhook-cert-manager-clusterrole.bats
@@ -9,7 +9,7 @@ load _helpers
       .
 }
 
-@test "webhookCertManager/ClusterRole: enabled with controller.enabled=true" {
+@test "webhookCertManager/ClusterRole: enabled with controller.enabled=true and connectInject.enabled=false" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/webhook-cert-manager-clusterrole.yaml  \
@@ -19,6 +19,27 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "webhookCertManager/ClusterRole: enabled with connectInject.enabled=true and controller.enabled=false" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-clusterrole.yaml  \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "webhookCertManager/ClusterRole: enabled with connectInject.enabled=true and controller.enabled=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-clusterrole.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # global.enablePodSecurityPolicies
 

diff --git a/test/unit/webhook-cert-manager-clusterrolebinding.bats b/test/unit/webhook-cert-manager-clusterrolebinding.bats
@@ -9,7 +9,7 @@ load _helpers
       .
 }
 
-@test "webhookCertManager/ClusterRoleBinding: enabled with controller.enabled=true" {
+@test "webhookCertManager/ClusterRoleBinding: enabled with controller.enabled=true and connectInject.enabled=false" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/webhook-cert-manager-clusterrolebinding.yaml  \
@@ -18,3 +18,24 @@ load _helpers
       yq 'length > 0' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
+
+@test "webhookCertManager/ClusterRoleBinding: enabled with connectInject.enabled=true and controller.enabled=false" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-clusterrolebinding.yaml  \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "webhookCertManager/ClusterRoleBinding: enabled with connectInject.enabled=true and controller.enabled=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-clusterrolebinding.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
diff --git a/test/unit/webhook-cert-manager-configmap.bats b/test/unit/webhook-cert-manager-configmap.bats
@@ -18,3 +18,76 @@ load _helpers
       yq 'length > 0' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
+
+@test "webhookCertManager/Configmap: enabled with connectInject.enabled=true and controller.enabled=false" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-configmap.yaml  \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "webhookCertManager/Configmap: enabled with connectInject.enabled=true and controller.enabled=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-configmap.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "webhookCertManager/Configmap: configuration has only controller webhook with controller.enabled=true" {
+  cd `chart_dir`
+  local cfg=$(helm template \
+      -s templates/webhook-cert-manager-configmap.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'connectInject.enabled=false' \
+      . | tee /dev/stderr |
+      yq -r '.data["webhook-config.json"]' | tee /dev/stderr)
+
+  local actual=$(echo $cfg | jq '. | length == 1')
+  [ "${actual}" = "true" ]
+
+  local actual=$(echo $cfg | jq '.[0].name | contains("controller-mutating-webhook-configuration")')
+  [ "${actual}" = "true" ]
+}
+
+@test "webhookCertManager/Configmap: configuration has only controller webhook with connectInject.enabled=true" {
+  cd `chart_dir`
+  local cfg=$(helm template \
+      -s templates/webhook-cert-manager-configmap.yaml  \
+      --set 'controller.enabled=false' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.data["webhook-config.json"]' | tee /dev/stderr)
+
+  local actual=$(echo $cfg | jq '. | length == 1')
+  [ "${actual}" = "true" ]
+
+  local actual=$(echo $cfg | jq '.[0].name | contains("controller-mutating-webhook-configuration")')
+  [ "${actual}" = "false" ]
+}
+
+@test "webhookCertManager/Configmap: configuration contains both controller and connectInject webhook with connectInject.enabled=true and controller.enabled=true" {
+  cd `chart_dir`
+  local cfg=$(helm template \
+      -s templates/webhook-cert-manager-configmap.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.data["webhook-config.json"]' | tee /dev/stderr)
+
+
+  local actual=$(echo $cfg | jq '. | length == 2')
+  [ "${actual}" = "true" ]
+
+  local actual=$(echo $cfg | jq '.[0].name | contains("connect-injector-cfg")')
+  [ "${actual}" = "true" ]
+
+  local actual=$(echo $cfg | jq '.[1].name | contains("controller-mutating-webhook-configuration")')
+  [ "${actual}" = "true" ]
+}
diff --git a/test/unit/webhook-cert-manager-deployment.bats b/test/unit/webhook-cert-manager-deployment.bats
@@ -9,7 +9,7 @@ load _helpers
       .
 }
 
-@test "webhookCertManager/Deployment: enabled with controller.enabled=true" {
+@test "webhookCertManager/Deployment: enabled with controller.enabled=true and connectInject.enabled=false" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/webhook-cert-manager-deployment.yaml  \
@@ -18,3 +18,24 @@ load _helpers
       yq 'length > 0' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
+
+@test "webhookCertManager/Deployment: enabled with connectInject.enabled=true and controller.enabled=false" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-deployment.yaml  \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "webhookCertManager/Deployment: enabled with connectInject.enabled=true and controller.enabled=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-deployment.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
diff --git a/test/unit/webhook-cert-manager-podsecuritypolicy.bats b/test/unit/webhook-cert-manager-podsecuritypolicy.bats
@@ -17,7 +17,7 @@ load _helpers
       .
 }
 
-@test "webhookCertManager/PodSecurityPolicy: enabled with controller enabled and global.enablePodSecurityPolicies=true" {
+@test "webhookCertManager/PodSecurityPolicy: enabled with controller.enabled=true, connectInject.enabled=false and global.enablePodSecurityPolicies=true" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/webhook-cert-manager-podsecuritypolicy.yaml  \
@@ -27,3 +27,26 @@ load _helpers
       yq -s 'length > 0' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
+
+@test "webhookCertManager/Configmap: enabled with connectInject.enabled=true, controller.enabled=false and global.enablePodSecurityPolicies=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-podsecuritypolicy.yaml  \
+      --set 'connectInject.enabled=true' \
+      --set 'global.enablePodSecurityPolicies=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "webhookCertManager/Configmap: enabled with connectInject.enabled=true, controller.enabled=true and global.enablePodSecurityPolicies=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-podsecuritypolicy.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.enablePodSecurityPolicies=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
diff --git a/test/unit/webhook-cert-manager-serviceaccount.bats b/test/unit/webhook-cert-manager-serviceaccount.bats
@@ -9,7 +9,7 @@ load _helpers
       .
 }
 
-@test "webhookCertManager/ServiceAccount: enabled with controller.enabled=true" {
+@test "webhookCertManager/ServiceAccount: enabled with controller.enabled=true and connectInject.enabled=false" {
   cd `chart_dir`
   local actual=$(helm template \
       -s templates/webhook-cert-manager-serviceaccount.yaml  \
@@ -19,6 +19,27 @@ load _helpers
   [ "${actual}" = "true" ]
 }
 
+@test "webhookCertManager/ServiceAccount: enabled with connectInject.enabled=true and controller.enabled=false" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-serviceaccount.yaml  \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "webhookCertManager/ServiceAccount: enabled with connectInject.enabled=true and controller.enabled=true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/webhook-cert-manager-serviceaccount.yaml  \
+      --set 'controller.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq 'length > 0' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # global.imagePullSecrets