From 70f54c88ebdbff6139d07873c638a93f56eb4130 Mon Sep 17 00:00:00 2001 From: ozdanborne Date: Wed, 26 Apr 2023 11:58:51 -0400 Subject: [PATCH 1/2] allow reference to existing secret as imagePullSecret allows reference to existing secrets for imagePullSecrets without passing the secret itself. this enables management of secrets by an external system like sealedsecrets and prevents the secret data from being stored in helm. it works by allowing use of the installation's imagePullSecret field directly instead of the toplevel imagePullSecrets field --- charts/test/helm_suite_test.go | 29 +++++ charts/test/tigera_operator_chart_test.go | 112 ++++++++++++++++++ charts/tigera-operator/templates/_helpers.tpl | 13 ++ .../templates/crs/custom-resources.yaml | 7 +- .../02-serviceaccount-tigera-operator.yaml | 8 +- charts/tigera-operator/values.yaml | 12 ++ go.mod | 20 +++- go.sum | 47 ++++++-- 8 files changed, 220 insertions(+), 28 deletions(-) create mode 100644 charts/test/helm_suite_test.go create mode 100644 charts/test/tigera_operator_chart_test.go diff --git a/charts/test/helm_suite_test.go b/charts/test/helm_suite_test.go new file mode 100644 index 00000000000..a5f536c28d5 --- /dev/null +++ b/charts/test/helm_suite_test.go @@ -0,0 +1,29 @@ +package charttest + +import ( + "os/exec" + "testing" + + "github.com/onsi/ginkgo/reporters" + "github.com/projectcalico/calico/libcalico-go/lib/testutils" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +func init() { + testutils.HookLogrusForGinkgo() +} + +func TestHelm(t *testing.T) { + // testutils.HookLogrusForGinkgo() + RegisterFailHandler(Fail) + junitReporter := reporters.NewJUnitReporter("../../report/helm_suite.xml") + + _, err := exec.LookPath("helm") + if err != nil { + t.Skip("skipping exec tests since 'helm' is not installed") + } + + RunSpecsWithDefaultAndCustomReporters(t, "Helm Suite", []Reporter{junitReporter}) +} diff --git a/charts/test/tigera_operator_chart_test.go b/charts/test/tigera_operator_chart_test.go new file mode 100644 index 00000000000..37731f967a5 --- /dev/null +++ b/charts/test/tigera_operator_chart_test.go @@ -0,0 +1,112 @@ +// Package charttest uses 'helm template' to render the helm package with various input values, +// unmarshals the resulting yaml into kubernetes resource types, and then tests that the correct fields +// are set accordingly. +package charttest + +import ( + "path/filepath" + + corev1 "k8s.io/api/core/v1" + + "github.com/gruntwork-io/terratest/modules/helm" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Tigera Operator Helm Chart", func() { + Describe("image pull secrets", func() { + Context("using toplevel config field", func() { + opts := &helm.Options{ + SetValues: map[string]string{ + "imagePullSecrets.my-secret": "secret1", + }, + } + + It("sets imagePullSecrets on serviceaccount", func() { + var serviceAccount corev1.ServiceAccount + err := renderChartResource(opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) + Expect(err).ToNot(HaveOccurred()) + Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( + corev1.LocalObjectReference{Name: "my-secret"}, + )) + }) + + It("creates a secret", func() { + var secret corev1.Secret + err := renderChartResource(opts, "templates/tigera-operator/01-imagepullsecret.yaml", &secret) + Expect(err).ToNot(HaveOccurred()) + Expect(secret.Name).To(Equal("my-secret")) + Expect(secret.Data).To(Equal(map[string][]byte{ + ".dockerconfigjson": []byte("secret1"), + })) + }) + }) + + Context("using installation's config field", func() { + opts := &helm.Options{ + SetValues: map[string]string{ + "installation.imagePullSecrets[0].name": "my-secret", + }, + } + + It("sets imagePullSecrets on serviceaccount", func() { + var serviceAccount corev1.ServiceAccount + err := renderChartResource(opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) + Expect(err).ToNot(HaveOccurred()) + Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( + corev1.LocalObjectReference{Name: "my-secret"}, + )) + }) + + It("does not create a secret", func() { + // assert an error occured. no other way to assert "file was not rendered" + err := renderChartResource(opts, "templates/tigera-operator/01-imagepullsecret.yaml", &corev1.Secret{}) + Expect(err).To(HaveOccurred()) + }) + }) + + Describe("using both toplevel and installation fields", func() { + opts := &helm.Options{ + SetValues: map[string]string{ + "imagePullSecrets.secret-1": "secret1", + "installation.imagePullSecrets[0].name": "secret-2", + }, + } + + It("sets both imagePullSecrets on serviceaccount", func() { + var serviceAccount corev1.ServiceAccount + err := renderChartResource(opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) + Expect(err).ToNot(HaveOccurred()) + Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( + corev1.LocalObjectReference{Name: "secret-1"}, + corev1.LocalObjectReference{Name: "secret-2"}, + )) + }) + + It("only creates a secret for the toplevel secret", func() { + var secret corev1.Secret + err := renderChartResource(opts, "templates/tigera-operator/01-imagepullsecret.yaml", &secret) + Expect(err).ToNot(HaveOccurred()) + Expect(secret.Name).To(Equal("secret-1")) + Expect(secret.Data).To(Equal(map[string][]byte{ + ".dockerconfigjson": []byte("secret1"), + })) + }) + }) + }) +}) + +func renderChartResource(options *helm.Options, templatePath string, into any) error { + helmChartPath, err := filepath.Abs("../tigera-operator") + if err != nil { + return err + } + + output, err := helm.RenderTemplateE(GinkgoT(), options, helmChartPath, "tigera-operator", []string{templatePath}) + if err != nil { + return err + } + helm.UnmarshalK8SYaml(GinkgoT(), output, &into) + return nil +} diff --git a/charts/tigera-operator/templates/_helpers.tpl b/charts/tigera-operator/templates/_helpers.tpl index 7a9111e4b70..43d2eb14e09 100644 --- a/charts/tigera-operator/templates/_helpers.tpl +++ b/charts/tigera-operator/templates/_helpers.tpl @@ -5,3 +5,16 @@ {{- end -}} {{- .image -}}:{{- .version -}} {{- end -}} + +{{/* +generate imagePullSecrets for installation and deployments +by combining installation.imagePullSecrets with toplevel imagePullSecrets. +*/}} + +{{- define "tigera-operator.imagePullSecrets" -}} +{{- $secrets := default list .Values.installation.imagePullSecrets -}} +{{- range $key, $val := .Values.imagePullSecrets -}} + {{- $secrets = append $secrets (dict "name" $key) -}} +{{- end -}} +{{ $secrets | toYaml }} +{{- end -}} diff --git a/charts/tigera-operator/templates/crs/custom-resources.yaml b/charts/tigera-operator/templates/crs/custom-resources.yaml index f7b439a7baa..e0c2bf8b824 100644 --- a/charts/tigera-operator/templates/crs/custom-resources.yaml +++ b/charts/tigera-operator/templates/crs/custom-resources.yaml @@ -1,11 +1,6 @@ {{ if .Values.installation.enabled }} {{ $installSpec := omit .Values.installation "enabled" }} -{{ $secrets := list }} -{{ range $name := keys .Values.imagePullSecrets -}} -{{ $item := dict "name" $name }} -{{ $secrets = append $secrets $item }} -{{ end }} -{{ $_ := set $installSpec "imagePullSecrets" $secrets }} +{{ $_ := set $installSpec "imagePullSecrets" (include "tigera-operator.imagePullSecrets" . | fromYamlArray) }} {{ $_ := set $installSpec "kubeletVolumePluginPath" .Values.kubeletVolumePluginPath }} apiVersion: operator.tigera.io/v1 diff --git a/charts/tigera-operator/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml b/charts/tigera-operator/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml index f80dc543c19..4d33198b2ab 100644 --- a/charts/tigera-operator/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml +++ b/charts/tigera-operator/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml @@ -1,12 +1,6 @@ -{{ $secrets := list }} -{{ range $name := keys .Values.imagePullSecrets -}} -{{ $item := dict "name" $name }} -{{ $secrets = append $secrets $item }} -{{ end }} - apiVersion: v1 kind: ServiceAccount metadata: name: tigera-operator namespace: {{.Release.Namespace}} -imagePullSecrets: {{- $secrets | toYaml | nindent 2 }} +imagePullSecrets: {{- include "tigera-operator.imagePullSecrets" . | nindent 2 }} diff --git a/charts/tigera-operator/values.yaml b/charts/tigera-operator/values.yaml index ec43ebab35c..43db79b5d53 100644 --- a/charts/tigera-operator/values.yaml +++ b/charts/tigera-operator/values.yaml @@ -1,8 +1,20 @@ +# imagePullSecrets are a special helm field which, when specified, creates a secret +# containing the pull secret and configures operator's serviceaccount to use it to pull the operator image +# as well as configuring the installation resource so that images launched by the operator will use it as well. +# this field is a map where the key is the desired secret name and the value is the contents of the imagePullSecret. +# +# Example: --set-file imagePullSecrets.gcr=./pull-secret.json imagePullSecrets: {} installation: enabled: true kubernetesProvider: "" + # imagePullSecrets are configured on all images deployed by the tigera-operator. + # secrets specified here must exist in the tigera-operator namespace; they won't be created by the operator or helm. + # imagePullSecrets are a slice of LocalObjectReferences, which is the same format they appear as on deployments. + # + # Example: --set installation.imagePullSecrets[0].name=my-existing-secret + imagePullSecrets: [] apiServer: enabled: true diff --git a/go.mod b/go.mod index 68b18580dfa..f0dde18414b 100644 --- a/go.mod +++ b/go.mod @@ -32,6 +32,7 @@ require ( github.com/google/netstack v0.0.0-20191123085552-55fcc16cd0eb github.com/google/safetext v0.0.0-20230106111101-7156a760e523 github.com/google/uuid v1.3.0 + github.com/gruntwork-io/terratest v0.41.24 github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 github.com/joho/godotenv v1.4.0 github.com/json-iterator/go v1.1.12 @@ -110,7 +111,7 @@ require ( github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/autorest/mocks v0.4.2 // indirect github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect - github.com/Azure/go-autorest/autorest/validation v0.1.0 // indirect + github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b // indirect @@ -122,7 +123,7 @@ require ( github.com/alexflint/go-filemutex v1.1.0 // indirect github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect - github.com/aws/aws-sdk-go v1.44.116 // indirect + github.com/aws/aws-sdk-go v1.44.122 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.6.0 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.0 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.0.0 // indirect @@ -132,6 +133,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/sts v1.9.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect + github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/cenkalti/backoff/v4 v4.1.3 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect @@ -142,6 +144,7 @@ require ( github.com/containerd/ttrpc v1.1.0 // indirect github.com/coreos/go-iptables v0.6.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/go-units v0.5.0 // indirect @@ -151,6 +154,7 @@ require ( github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.2.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect + github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.4 // indirect @@ -159,6 +163,7 @@ require ( github.com/go-openapi/swag v0.22.3 // indirect github.com/go-playground/locales v0.12.1 // indirect github.com/go-playground/universal-translator v0.0.0-20170327191703-71201497bace // indirect + github.com/go-sql-driver/mysql v1.4.1 // indirect github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/gofrs/uuid v4.0.0+incompatible // indirect github.com/golang-jwt/jwt/v4 v4.2.0 // indirect @@ -173,8 +178,11 @@ require ( github.com/googleapis/gax-go/v2 v2.7.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect + github.com/gruntwork-io/go-commons v0.8.0 // indirect + github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/go-multierror v1.1.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect - github.com/imdario/mergo v0.3.8 // indirect + github.com/imdario/mergo v0.3.11 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -187,6 +195,7 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-isatty v0.0.14 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect github.com/mdlayher/genetlink v1.0.0 // indirect github.com/mdlayher/netlink v1.1.0 // indirect @@ -210,8 +219,10 @@ require ( github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.0.6 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pquerna/otp v1.2.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1 // indirect github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 // indirect github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect @@ -223,6 +234,7 @@ require ( github.com/stretchr/testify v1.8.1 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect + github.com/urfave/cli v1.22.2 // indirect github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect github.com/vmware/govmomi v0.20.3 // indirect go.opencensus.io v0.24.0 // indirect @@ -242,7 +254,7 @@ require ( go.uber.org/zap v1.21.0 // indirect golang.org/x/crypto v0.1.0 // indirect golang.org/x/mod v0.8.0 // indirect - golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 // indirect + golang.org/x/oauth2 v0.1.0 // indirect golang.org/x/term v0.6.0 // indirect golang.org/x/time v0.1.0 // indirect golang.org/x/tools v0.6.0 // indirect diff --git a/go.sum b/go.sum index ff2f2ff822d..edb894e64d2 100644 --- a/go.sum +++ b/go.sum @@ -71,8 +71,8 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9A github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.1.0 h1:ISSNzGUh+ZSzizJWOWzs8bwpXIePbGLW4z/AmUFGH5A= -github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= +github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= +github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= @@ -123,8 +123,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= -github.com/aws/aws-sdk-go v1.44.116 h1:NpLIhcvLWXJZAEwvPj3TDHeqp7DleK6ZUVYyW01WNHY= -github.com/aws/aws-sdk-go v1.44.116/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= +github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= +github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go-v2 v1.11.0 h1:HxyD62DyNhCfiFGUHqJ/xITD6rAjJ7Dm/2nLxLmO4Ag= github.com/aws/aws-sdk-go-v2 v1.11.0/go.mod h1:SQfA+m2ltnu1cA0soUkj4dRSsmITiVQUJvBIZjzfPyQ= github.com/aws/aws-sdk-go-v2/config v1.10.0 h1:4i+/7DmCQCAls5Z61giur0LOPZ3PXFwnSIw7hRamzws= @@ -161,6 +161,8 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4= @@ -225,6 +227,7 @@ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -253,8 +256,8 @@ github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDD github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 h1:bWDMxwH3px2JBh6AyO7hdCn/PkvCZXii8TGj7sbtEbQ= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 h1:yY9rWGoXv1U5pl4gxqlULARMQD7x0QG85lqEXTWysik= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -279,6 +282,7 @@ github.com/evanphx/json-patch/v5 v5.2.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= @@ -289,7 +293,9 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= +github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= +github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -328,6 +334,8 @@ github.com/go-playground/locales v0.12.1 h1:2FITxuFt/xuCNP1Acdhv62OzaCiviiE4kotf github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/universal-translator v0.0.0-20170327191703-71201497bace h1:vfBaUX49VsqTxXGADDIWvTPvaU4AbQyX/yENHE0f7AY= github.com/go-playground/universal-translator v0.0.0-20170327191703-71201497bace/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= +github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= @@ -472,13 +480,20 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= +github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= +github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= +github.com/gruntwork-io/terratest v0.41.24 h1:j6T6qe4deVvynTG2UmnjGwZy83he6xKgTaYWiSdFv/w= +github.com/gruntwork-io/terratest v0.41.24/go.mod h1:O6gajNBjO1wvc7Wl9WtbO+ORcdnhAV2GQiBE71ycwIk= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI= +github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= @@ -496,8 +511,8 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ= -github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -588,13 +603,19 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= +github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= +github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM= github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= @@ -620,7 +641,7 @@ github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -725,6 +746,8 @@ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qR github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= +github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/projectcalico/go-json v0.0.0-20161128004156-6219dc7339ba h1:aaF2byUCZhzszHsfPEr2M3qcU4ibtD/yk/il2R7T1PU= github.com/projectcalico/go-json v0.0.0-20161128004156-6219dc7339ba/go.mod h1:q8EdCgBdMQzgiX/uk4GXLWLk+gIHd1a7mWUAamJKDb4= github.com/projectcalico/go-yaml-wrapper v0.0.0-20191112210931-090425220c54 h1:Jt2Pic9dxgJisekm8q2WV9FaWxUJhhRfwHSP640drww= @@ -852,6 +875,7 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 h1:uruHq4dN7GR16kFc5fp3d1RIYzJW5onx8Ybykw2YQFA= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= @@ -1067,8 +1091,8 @@ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk= -golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y= +golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1092,6 +1116,7 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From cb9329733167a1408c2d03368614aad4dabb8560 Mon Sep 17 00:00:00 2001 From: ozdanborne Date: Fri, 19 May 2023 15:11:27 -0400 Subject: [PATCH 2/2] feedback --- charts/test/tigera_operator_chart_test.go | 80 ++++++++++++----------- charts/tigera-operator/README.md | 15 ++++- charts/tigera-operator/values.yaml | 5 +- 3 files changed, 56 insertions(+), 44 deletions(-) diff --git a/charts/test/tigera_operator_chart_test.go b/charts/test/tigera_operator_chart_test.go index 37731f967a5..64d061e375d 100644 --- a/charts/test/tigera_operator_chart_test.go +++ b/charts/test/tigera_operator_chart_test.go @@ -5,68 +5,72 @@ package charttest import ( "path/filepath" + "testing" corev1 "k8s.io/api/core/v1" "github.com/gruntwork-io/terratest/modules/helm" - . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" ) -var _ = Describe("Tigera Operator Helm Chart", func() { - Describe("image pull secrets", func() { - Context("using toplevel config field", func() { +func TestTigeraOperatorHelmChart(t *testing.T) { + t.Run("image pull secrets", func(t *testing.T) { + t.Run("using toplevel config field", func(t *testing.T) { opts := &helm.Options{ SetValues: map[string]string{ "imagePullSecrets.my-secret": "secret1", }, } - It("sets imagePullSecrets on serviceaccount", func() { + t.Run("sets imagePullSecrets on serviceaccount", func(t *testing.T) { + g := NewWithT(t) var serviceAccount corev1.ServiceAccount - err := renderChartResource(opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) - Expect(err).ToNot(HaveOccurred()) - Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( + err := renderChartResource(t, opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) + g.Expect(err).To(HaveOccurred()) + g.Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( corev1.LocalObjectReference{Name: "my-secret"}, )) }) - It("creates a secret", func() { + t.Run("creates a secret", func(t *testing.T) { + g := NewWithT(t) var secret corev1.Secret - err := renderChartResource(opts, "templates/tigera-operator/01-imagepullsecret.yaml", &secret) - Expect(err).ToNot(HaveOccurred()) - Expect(secret.Name).To(Equal("my-secret")) - Expect(secret.Data).To(Equal(map[string][]byte{ + err := renderChartResource(t, opts, "templates/tigera-operator/01-imagepullsecret.yaml", &secret) + g.Expect(err).To(HaveOccurred()) + g.Expect(secret.Name).To(Equal("my-secret")) + g.Expect(secret.Data).To(Equal(map[string][]byte{ ".dockerconfigjson": []byte("secret1"), })) }) }) - Context("using installation's config field", func() { + t.Run("using installation's config field", func(t *testing.T) { opts := &helm.Options{ SetValues: map[string]string{ "installation.imagePullSecrets[0].name": "my-secret", }, } - It("sets imagePullSecrets on serviceaccount", func() { + t.Run("sets imagePullSecrets on serviceaccount", func(t *testing.T) { + g := NewWithT(t) var serviceAccount corev1.ServiceAccount - err := renderChartResource(opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) - Expect(err).ToNot(HaveOccurred()) - Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( + err := renderChartResource(t, opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) + g.Expect(err).To(HaveOccurred()) + g.Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( corev1.LocalObjectReference{Name: "my-secret"}, )) }) - It("does not create a secret", func() { + t.Run("does not create a secret", func(t *testing.T) { + g := NewWithT(t) // assert an error occured. no other way to assert "file was not rendered" - err := renderChartResource(opts, "templates/tigera-operator/01-imagepullsecret.yaml", &corev1.Secret{}) - Expect(err).To(HaveOccurred()) + err := renderChartResource(t, opts, "templates/tigera-operator/01-imagepullsecret.yaml", &corev1.Secret{}) + g.Expect(err).To(HaveOccurred()) }) }) - Describe("using both toplevel and installation fields", func() { + t.Run("using both toplevel and installation fields", func(t *testing.T) { opts := &helm.Options{ SetValues: map[string]string{ "imagePullSecrets.secret-1": "secret1", @@ -74,39 +78,39 @@ var _ = Describe("Tigera Operator Helm Chart", func() { }, } - It("sets both imagePullSecrets on serviceaccount", func() { + t.Run("sets both imagePullSecrets on serviceaccount", func(t *testing.T) { + g := NewWithT(t) var serviceAccount corev1.ServiceAccount - err := renderChartResource(opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) - Expect(err).ToNot(HaveOccurred()) - Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( + err := renderChartResource(t, opts, "templates/tigera-operator/02-serviceaccount-tigera-operator.yaml", &serviceAccount) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(serviceAccount.ImagePullSecrets).To(ConsistOf( corev1.LocalObjectReference{Name: "secret-1"}, corev1.LocalObjectReference{Name: "secret-2"}, )) }) - It("only creates a secret for the toplevel secret", func() { + t.Run("only creates a secret for the toplevel secret", func(t *testing.T) { + g := NewWithT(t) var secret corev1.Secret - err := renderChartResource(opts, "templates/tigera-operator/01-imagepullsecret.yaml", &secret) - Expect(err).ToNot(HaveOccurred()) - Expect(secret.Name).To(Equal("secret-1")) - Expect(secret.Data).To(Equal(map[string][]byte{ + err := renderChartResource(t, opts, "templates/tigera-operator/01-imagepullsecret.yaml", &secret) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(secret.Name).To(Equal("secret-1")) + g.Expect(secret.Data).To(Equal(map[string][]byte{ ".dockerconfigjson": []byte("secret1"), })) }) }) }) -}) +} -func renderChartResource(options *helm.Options, templatePath string, into any) error { +func renderChartResource(t *testing.T, options *helm.Options, templatePath string, into any) error { helmChartPath, err := filepath.Abs("../tigera-operator") - if err != nil { - return err - } + Expect(err).ToNot(HaveOccurred()) - output, err := helm.RenderTemplateE(GinkgoT(), options, helmChartPath, "tigera-operator", []string{templatePath}) + output, err := helm.RenderTemplateE(t, options, helmChartPath, "tigera-operator", []string{templatePath}) if err != nil { return err } - helm.UnmarshalK8SYaml(GinkgoT(), output, &into) + helm.UnmarshalK8SYaml(t, output, &into) return nil } diff --git a/charts/tigera-operator/README.md b/charts/tigera-operator/README.md index 229f71eaa84..6953eac4a4a 100644 --- a/charts/tigera-operator/README.md +++ b/charts/tigera-operator/README.md @@ -87,9 +87,11 @@ ownership of the helm resources to the new chart location. The default values.yaml should be suitable for most basic deployments. ``` -# Image pull secrets to provision for pulling images from private registries. -# This field is a map of desired Secret name to .dockerconfigjson formatted data to use for the secret. -# Populates the `imagePullSecrets` property for all Pods controlled by the `Installation` resource. +# imagePullSecrets is a special helm field which, when specified, creates a secret +# containing the pull secret which is used to pull all images deployed by this helm chart and the resulting operator. +# this field is a map where the key is the desired secret name and the value is the contents of the imagePullSecret. +# +# Example: --set-file imagePullSecrets.gcr=./pull-secret.json imagePullSecrets: {} # Configures general installation parameters for Calico. Schema is based @@ -99,6 +101,13 @@ installation: enabled: true kubernetesProvider: "" + # imagePullSecrets are configured on all images deployed by the tigera-operator. + # secrets specified here must exist in the tigera-operator namespace; they won't be created by the operator or helm. + # imagePullSecrets are a slice of LocalObjectReferences, which is the same format they appear as on deployments. + # + # Example: --set installation.imagePullSecrets[0].name=my-existing-secret + imagePullSecrets: [] + # Configures general installation parameters for Calico. Schema is based # on the operator.tigera.io/Installation API documented # here: https://projectcalico.docs.tigera.io/reference/installation/api#operator.tigera.io/v1.APIServerSpec diff --git a/charts/tigera-operator/values.yaml b/charts/tigera-operator/values.yaml index 43db79b5d53..566bdb259a3 100644 --- a/charts/tigera-operator/values.yaml +++ b/charts/tigera-operator/values.yaml @@ -1,6 +1,5 @@ -# imagePullSecrets are a special helm field which, when specified, creates a secret -# containing the pull secret and configures operator's serviceaccount to use it to pull the operator image -# as well as configuring the installation resource so that images launched by the operator will use it as well. +# imagePullSecrets is a special helm field which, when specified, creates a secret +# containing the pull secret which is used to pull all images deployed by this helm chart and the resulting operator. # this field is a map where the key is the desired secret name and the value is the contents of the imagePullSecret. # # Example: --set-file imagePullSecrets.gcr=./pull-secret.json