diff --git a/templates/_pod.tpl b/templates/_pod.tpl index 7dc589e..c27df38 100644 --- a/templates/_pod.tpl +++ b/templates/_pod.tpl @@ -4,6 +4,18 @@ {{- define "athens-proxy.pod.annotations" -}} {{ include "athens-proxy.annotations" . }} +{{- if and .Values.config.downloadMode.enabled (not .Values.config.downloadMode.existingConfigMap.enabled) -}} +{{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.downloadMode.name" $) (include (print $.Template.BasePath "/configMapDownloadMode.yaml") . | sha256sum) }} +{{- end -}} +{{- if and .Values.config.gitConfig.enabled (not .Values.config.gitConfig.existingConfigMap.enabled) -}} +{{- printf "checksum/config-map-%s: %s" (include "athens-proxy.configMap.gitConfig.name" $) (include (print $.Template.BasePath "/configMapGitConfig.yaml") . | sha256sum) }} +{{- end -}} +{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) -}} +{{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.netrc.name" $) (include (print $.Template.BasePath "/secretNetRC.yaml") . | sha256sum) }} +{{- end -}} +{{- if and .Values.config.ssh.enabled (not .Values.config.ssh.existingSecret.enabled) -}} +{{- printf "checksum/secret-%s: %s" (include "athens-proxy.secrets.ssh.name" $) (include (print $.Template.BasePath "/secretSSH.yaml") . | sha256sum) }} +{{- end -}} {{- end }} {{/* labels */}} diff --git a/unittests/deployment/downloadMode.yaml b/unittests/deployment/downloadMode.yaml index 5c010b5..ca9e490 100644 --- a/unittests/deployment/downloadMode.yaml +++ b/unittests/deployment/downloadMode.yaml @@ -6,42 +6,57 @@ release: name: athens-proxy-unittest namespace: testing templates: +- templates/configMapDownloadMode.yaml +- templates/configMapGitConfig.yaml - templates/deployment.yaml +- templates/secretNetRC.yaml +- templates/secretSSH.yaml tests: - it: Rendering default without mounted download mode config map asserts: + - notExists: + path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].env content: name: ATHENS_DOWNLOAD_MODE value: file:/etc/athens/config/download-mode.d/download-mode + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].volumeMounts content: name: download-mode mountPath: /etc/athens/config/download-mode.d + template: templates/deployment.yaml - notContains: path: spec.template.spec.volumes content: name: download-mode configMap: name: athens-proxy-unittest-download-mode-file + template: templates/deployment.yaml - it: Rendering default with mounted gitconfig configMap set: config.downloadMode.enabled: true persistence.enabled: true asserts: + - exists: + path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].env content: name: ATHENS_DOWNLOAD_MODE value: file:/etc/athens/config/download-mode.d/download-mode + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: download-mode mountPath: /etc/athens/config/download-mode.d + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -52,6 +67,7 @@ tests: mode: 0644 path: download-mode name: athens-proxy-unittest-download-mode-file + template: templates/deployment.yaml - it: Rendering with custom download mode configMap set: @@ -61,16 +77,21 @@ tests: config.downloadMode.existingConfigMap.downloadModeKey: "my-custom-download-mode-filename-key" persistence.enabled: true asserts: + - notExists: + path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-download-mode-file + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].env content: name: ATHENS_DOWNLOAD_MODE value: file:/etc/athens/config/download-mode.d/download-mode + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: download-mode mountPath: /etc/athens/config/download-mode.d + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -80,4 +101,5 @@ tests: - key: "my-custom-download-mode-filename-key" path: "download-mode" mode: 0644 - name: my-custom-configmap \ No newline at end of file + name: my-custom-configmap + template: templates/deployment.yaml \ No newline at end of file diff --git a/unittests/deployment/gitConfig.yaml b/unittests/deployment/gitConfig.yaml index eb4580f..11890b5 100644 --- a/unittests/deployment/gitConfig.yaml +++ b/unittests/deployment/gitConfig.yaml @@ -6,16 +6,24 @@ release: name: athens-proxy-unittest namespace: testing templates: +- templates/configMapDownloadMode.yaml +- templates/configMapGitConfig.yaml - templates/deployment.yaml +- templates/secretNetRC.yaml +- templates/secretSSH.yaml tests: - it: Rendering default without mounted git config map asserts: + - notExists: + path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.gitconfig subPath: .gitconfig + template: templates/deployment.yaml - notContains: path: spec.template.spec.volumes content: @@ -28,18 +36,23 @@ tests: path: .gitconfig mode: 0600 name: athens-proxy-unittest-gitconfig + template: templates/deployment.yaml - it: Rendering default with mounted gitconfig configMap set: config.gitConfig.enabled: true persistence.enabled: true asserts: + - exists: + path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.gitconfig subPath: .gitconfig + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -52,6 +65,7 @@ tests: path: .gitconfig mode: 0644 name: athens-proxy-unittest-gitconfig + template: templates/deployment.yaml - it: Rendering with custom gitconfig configMap set: @@ -61,12 +75,16 @@ tests: config.gitConfig.existingConfigMap.gitConfigKey: "my-gitconfig-key" persistence.enabled: true asserts: + - notExists: + path: spec.template.metadata.annotations.checksum/config-map-athens-proxy-unittest-gitconfig + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.gitconfig subPath: .gitconfig + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -78,4 +96,5 @@ tests: - key: my-gitconfig-key path: .gitconfig mode: 0644 - name: my-custom-configmap \ No newline at end of file + name: my-custom-configmap + template: templates/deployment.yaml \ No newline at end of file diff --git a/unittests/deployment/netrc.yaml b/unittests/deployment/netrc.yaml index 48ef67d..2a1663d 100644 --- a/unittests/deployment/netrc.yaml +++ b/unittests/deployment/netrc.yaml @@ -6,15 +6,23 @@ release: name: athens-proxy-unittest namespace: testing templates: +- templates/configMapDownloadMode.yaml +- templates/configMapGitConfig.yaml - templates/deployment.yaml +- templates/secretNetRC.yaml +- templates/secretSSH.yaml tests: - it: Rendering default without mounted netrc secret asserts: + - notExists: + path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].volumeMounts content: name: netrc mountPath: /root + template: templates/deployment.yaml - notContains: path: spec.template.spec.volumes content: @@ -27,18 +35,23 @@ tests: path: .netrc mode: 0600 name: athens-proxy-unittest-netrc + template: templates/deployment.yaml - it: Rendering default with mounted netrc secret set: config.netrc.enabled: true persistence.enabled: true asserts: + - exists: + path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netrc + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.netrc subPath: .netrc + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -51,6 +64,7 @@ tests: path: .netrc mode: 0600 name: athens-proxy-unittest-netrc + template: templates/deployment.yaml - it: Rendering with custom netrc secret set: @@ -60,12 +74,16 @@ tests: config.netrc.existingSecret.netrcKey: "my-netrc-key" persistence.enabled: true asserts: + - notExists: + path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-netc + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.netrc subPath: .netrc + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -77,4 +95,5 @@ tests: - key: my-netrc-key path: .netrc mode: 0600 - name: my-custom-secret \ No newline at end of file + name: my-custom-secret + template: templates/deployment.yaml \ No newline at end of file diff --git a/unittests/deployment/persistentVolumeClaim.yaml b/unittests/deployment/persistentVolumeClaim.yaml index 20ec7f3..d46cf19 100644 --- a/unittests/deployment/persistentVolumeClaim.yaml +++ b/unittests/deployment/persistentVolumeClaim.yaml @@ -6,7 +6,11 @@ release: name: athens-proxy-unittest namespace: testing templates: +- templates/configMapDownloadMode.yaml +- templates/configMapGitConfig.yaml - templates/deployment.yaml +- templates/secretNetRC.yaml +- templates/secretSSH.yaml tests: - it: Test persistent volume claim set: diff --git a/unittests/deployment/ssh.yaml b/unittests/deployment/ssh.yaml index a128cc9..34a4954 100644 --- a/unittests/deployment/ssh.yaml +++ b/unittests/deployment/ssh.yaml @@ -6,40 +6,52 @@ release: name: athens-proxy-unittest namespace: testing templates: +- templates/configMapDownloadMode.yaml +- templates/configMapGitConfig.yaml - templates/deployment.yaml +- templates/secretNetRC.yaml +- templates/secretSSH.yaml tests: - it: Rendering default without mounted ssh secret asserts: + - notExists: + path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/config subPath: config + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_ed25519 subPath: id_ed25519 + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_ed25519.pub subPath: id_ed25519.pub + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_rsa subPath: id_rsa + template: templates/deployment.yaml - notContains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_rsa.pub subPath: id_rsa.pub + template: templates/deployment.yaml - notContains: path: spec.template.spec.volumes content: @@ -64,6 +76,7 @@ tests: path: id_rsa.pub mode: 0644 name: athens-proxy-unittest-ssh + template: templates/deployment.yaml - it: Rendering default with mounted ssh config set: @@ -76,6 +89,7 @@ tests: name: secrets mountPath: /root/.ssh/config subPath: config + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -88,6 +102,7 @@ tests: path: config mode: 0600 name: athens-proxy-unittest-ssh + template: templates/deployment.yaml - it: Rendering default with mounted ssh keys set: @@ -98,36 +113,44 @@ tests: config.ssh.secret.id_rsa_pub: bar persistence.enabled: true asserts: + - exists: + path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/config subPath: config + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_ed25519 subPath: id_ed25519 + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_ed25519.pub subPath: id_ed25519.pub + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_rsa subPath: id_rsa + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_rsa.pub subPath: id_rsa.pub + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -152,6 +175,7 @@ tests: path: id_rsa.pub mode: 0644 name: athens-proxy-unittest-ssh + template: templates/deployment.yaml - it: Rendering with custom ssh secret set: @@ -165,36 +189,44 @@ tests: config.ssh.existingSecret.id_rsaPubKey : "my-public-rsa-key" persistence.enabled: true asserts: + - notExists: + path: spec.template.metadata.annotations.checksum/secret-athens-proxy-unittest-ssh + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/config subPath: config + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_ed25519 subPath: id_ed25519 + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_ed25519.pub subPath: id_ed25519.pub + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_rsa subPath: id_rsa + template: templates/deployment.yaml - contains: path: spec.template.spec.containers[0].volumeMounts content: name: secrets mountPath: /root/.ssh/id_rsa.pub subPath: id_rsa.pub + template: templates/deployment.yaml - contains: path: spec.template.spec.volumes content: @@ -218,4 +250,5 @@ tests: - key: my-public-rsa-key path: id_rsa.pub mode: 0644 - name: my-custom-secret \ No newline at end of file + name: my-custom-secret + template: templates/deployment.yaml \ No newline at end of file