diff --git a/charts/cryostat/tests/alpha_config_test.yaml b/charts/cryostat/tests/alpha_config_test.yaml index 7b5e6f1..f41d73d 100644 --- a/charts/cryostat/tests/alpha_config_test.yaml +++ b/charts/cryostat/tests/alpha_config_test.yaml @@ -18,6 +18,23 @@ tests: path: data['alpha_config.yaml'] pattern: "providers:\\s*- id: dummy\\s*name: Unused - Sign In Below\\s*clientId: CLIENT_ID\\s*clientSecret: CLIENT_SECRET\\s*provider: google" + - it: should create configmap with correct alpha configurations when self-signed TLS is enabled + set: + oauth2Proxy.service.tls.selfSigned.enabled: true + asserts: + - matchRegex: + path: data['alpha_config.yaml'] + pattern: "server:\\s*BindAddress: http://0.0.0.0:4180\\s*SecureBindAddress: https://0.0.0.0:8443" + - matchRegex: + path: data['alpha_config.yaml'] + pattern: "upstreamConfig:\\s*proxyRawPath: true\\s*upstreams:\\s*- id: cryostat\\s*path: /\\s*uri: http://localhost:8181" + - matchRegex: + path: data['alpha_config.yaml'] + pattern: "- id: grafana\\s*path: /grafana/\\s*uri: http://localhost:3000" + - matchRegex: + path: data['alpha_config.yaml'] + pattern: "providers:\\s*- id: dummy\\s*name: Unused - Sign In Below\\s*clientId: CLIENT_ID\\s*clientSecret: CLIENT_SECRET\\s*provider: google" + - it: should not create alpha_config when openshift authentication is enabled set: authentication: diff --git a/charts/cryostat/tests/cryostat_deployment_test.yaml b/charts/cryostat/tests/cryostat_deployment_test.yaml index 6439606..461881b 100644 --- a/charts/cryostat/tests/cryostat_deployment_test.yaml +++ b/charts/cryostat/tests/cryostat_deployment_test.yaml @@ -401,11 +401,30 @@ tests: - it: should validate volumes and volume mounts asserts: + - lengthEqual: + count: 1 + path: spec.template.spec.volumes - exists: path: spec.template.spec.volumes[?(@.name=='alpha-config')] - exists: path: spec.template.spec.containers[?(@.name=='cryostat-authproxy')].volumeMounts[?(@.mountPath=='/etc/oauth2_proxy/alpha_config')] + - it: should validate volumes and volume mounts with oauth2-proxy self-signed TLS enabled + set: + oauth2Proxy.service.tls.selfSigned.enabled: true + asserts: + - lengthEqual: + count: 2 + path: spec.template.spec.volumes + - exists: + path: spec.template.spec.volumes[?(@.name=='alpha-config')] + - exists: + path: spec.template.spec.containers[?(@.name=='cryostat-authproxy')].volumeMounts[?(@.mountPath=='/etc/oauth2_proxy/alpha_config')] + - exists: + path: spec.template.spec.volumes[?(@.name=='RELEASE-NAME-oauth2proxy-tls')] + - exists: + path: spec.template.spec.containers[?(@.name=='cryostat-authproxy')].volumeMounts[?(@.mountPath=='/etc/tls/private')] + - it: should set image pull secrets if specified set: imagePullSecrets: diff --git a/charts/cryostat/tests/cryostat_service_test.yaml b/charts/cryostat/tests/cryostat_service_test.yaml index 1cc5312..57fd4f0 100644 --- a/charts/cryostat/tests/cryostat_service_test.yaml +++ b/charts/cryostat/tests/cryostat_service_test.yaml @@ -20,6 +20,9 @@ tests: - equal: path: spec.type value: ClusterIP + - lengthEqual: + path: spec.ports + count: 1 - equal: path: spec.ports[0].port value: 8080 @@ -57,6 +60,9 @@ tests: - equal: path: spec.type value: ClusterIP + - lengthEqual: + path: spec.ports + count: 2 - equal: path: spec.ports[0].port value: 8181 @@ -100,7 +106,6 @@ tests: path: metadata.annotations value: service.alpha.openshift.io/serving-cert-secret-name: RELEASE-NAME-proxy-tls - - it: should include OpenShift specific annotations when OpenShift auth is enabled set: @@ -119,3 +124,61 @@ tests: asserts: - notExists: path: metadata.annotations.`service.alpha.openshift.io/serving-cert-secret-name` + + - it: should create a Service with the correct settings when oauth2-proxy self-signed TLS is enabled + set: + oauth2Proxy.service.tls.selfSigned.enabled: true + asserts: + - hasDocuments: + count: 1 + - equal: + path: kind + value: Service + - equal: + path: metadata.name + value: RELEASE-NAME-cryostat + - equal: + path: spec.type + value: ClusterIP + - lengthEqual: + path: spec.ports + count: 2 + - equal: + path: spec.ports[0].port + value: 8181 + - equal: + path: spec.ports[0].targetPort + value: 4180 + - equal: + path: spec.ports[0].protocol + value: TCP + - equal: + path: spec.ports[0].name + value: cryostat-http + - equal: + path: spec.ports[1].port + value: 443 + - equal: + path: spec.ports[1].targetPort + value: 8443 + - equal: + path: spec.ports[1].protocol + value: TCP + - equal: + path: spec.ports[1].name + value: cryostat-https + - equal: + path: spec.selector + value: + app.kubernetes.io/name: cryostat + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/component: cryostat + - equal: + path: metadata.labels + value: + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cryostat + app.kubernetes.io/version: "4.0.0-dev" + helm.sh/chart: cryostat-2.0.0-dev + app.kubernetes.io/component: cryostat