volker.raschek/athens-proxy-charts
1
0
Fork 0
Code Issues Pull Requests -1 Actions Packages Projects Releases Wiki Activity
Files
bba0df90ffbda744c2366554e837a653a9db19b5
athens-proxy-charts/unittests/certificates/certificate.yaml
Markus Pesch 297f36920a
All checks were successful
Helm / helm-lint (push) Successful in 7s
Details
Helm / helm-unittest (push) Successful in 7s
Details
Release / publish-chart (push) Successful in 18s
Details
fix(certificate): subject in body must be of type object
2025-10-14 23:26:09 +02:00

301 lines
8.2 KiB
YAML
Raw Blame History

chart:
appVersion: 0.1.0
version: 0.1.0
suite: Certificate athens-proxy template
release:
name: athens-proxy-unittest
namespace: testing
templates:
- templates/certificate.yaml
tests:
- it: Skip rendering by default.
asserts:
- hasDocuments:
count: 0
- it: Skip rendering for existing certificate
set:
certificate.enabled: true
certificate.existingSecret.enabled: true
asserts:
- hasDocuments:
count: 0
- it: Throw error when issuerKind and IssuerName is not defined
set:
certificate.enabled: true
asserts:
- failedTemplate:
errorMessage: "No certificate issuer kind defined!"
- it: Throw error when issuerKind and IssuerName is not defined
set:
certificate.enabled: true
asserts:
- failedTemplate: {}
- it: Throw error when issuerKind not defined
set:
certificate.enabled: true
certificate.new.issuerRef.name: "my-issuer"
asserts:
- failedTemplate:
errorMessage: "No certificate issuer kind defined!"
- it: Throw error when issuerName not defined
set:
certificate.enabled: true
certificate.new.issuerRef.kind: "ClusterIssuer"
asserts:
- failedTemplate:
errorMessage: "No certificate issuer name defined!"
- it: Rendering Certificate object when certificate.enabled=true (default)
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: cert-manager.io/v1
kind: Certificate
name: athens-proxy-unittest-tls
namespace: testing
- equal:
path: spec.commonName
value: athens-proxy-unittest
- equal:
path: spec.duration
value: 744h
- equal:
path: spec.dnsNames
value: [ "athens-proxy-unittest", "athens-proxy-unittest.testing", "athens-proxy-unittest.testing.svc", "athens-proxy-unittest.testing.svc.cluster.local" ]
- notExists:
path: spec.ipAddresses
- equal:
path: spec.isCA
value: false
- equal:
path: spec.issuerRef.kind
value: ClusterIssuer
- equal:
path: spec.issuerRef.name
value: my-issuer
- equal:
path: spec.privateKey.algorithm
value: RSA
- equal:
path: spec.privateKey.size
value: 4096
- equal:
path: spec.privateKey.rotationPolicy
value: Never
- equal:
path: spec.secretName
value: athens-proxy-unittest-tls
- exists:
path: spec.secretTemplate.annotations
- exists:
path: spec.secretTemplate.labels
- notExists:
path: spec.subject
- notExists:
path: spec.subject.countries
- notExists:
path: spec.subject.localities
- notExists:
path: spec.subject.organizationalUnits
- notExists:
path: spec.subject.organizations
- notExists:
path: spec.subject.postalCodes
- notExists:
path: spec.subject.provinces
- notExists:
path: spec.subject.serialNumber
- notExists:
path: spec.subject.streetAddresses
- equal:
path: spec.renewBefore
value: 672h
- equal:
path: spec.usages
value: [ "client auth", "server auth" ]
# metadata.annotations
- it: Rendering Certificate object with additional annotations and labels
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.annotations:
foo: bar
certificate.new.labels:
bar: foo
asserts:
- isSubset:
path: metadata.annotations
content:
foo: bar
- isSubset:
path: metadata.labels
content:
bar: foo
# spec.duration
- it: Rendering Certificate object with custom `.Values.certificate.new.duration`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.duration: 3000h
asserts:
- equal:
path: spec.duration
value: 3000h
# spec.dnsNames
- it: Rendering Certificate object with custom `.Values.certificate.new.dnsNames`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.dnsNames: [ "app", "app.example.local" ]
asserts:
- equal:
path: spec.dnsNames
value: [ "app", "app.example.local" ]
# spec.dnsNames
- it: Rendering Certificate object with custom `.Values.clusterDomain` as domain.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
clusterDomain: k8s.example.local
asserts:
- contains:
path: spec.dnsNames
content:
athens-proxy-unittest.testing.svc.k8s.example.local
count: 1
# spec.ipAddresses
- it: RRendering Certificate object with custom `.Values.certificate.new.ipAddresses`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.ipAddresses: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
asserts:
- equal:
path: spec.ipAddresses
value: [ "10.11.12.13", "fe00:xxyy:xxyy" ]
# spec.privateKey
- it: Rendering Certificate object with custom `.Values.certificate.new.privateKey` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.privateKey.algorithm: ED25519
certificate.new.privateKey.rotationPolicy: Never
certificate.new.privateKey.size: 512
asserts:
- equal:
path: spec.privateKey.algorithm
value: ED25519
- equal:
path: spec.privateKey.rotationPolicy
value: Never
- equal:
path: spec.privateKey.size
value: 512
# spec.renewBefore
- it: Rendering Certificate object with custom `.Values.certificate.new.renewBefore`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.renewBefore: 2000h
asserts:
- equal:
path: spec.renewBefore
value: 2000h
# spec.secretTemplate
- it: Rendering Certificate object with custom `.Values.certificate.new.secretTemplate` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.secretTemplate:
annotations:
foo: bar
labels:
bar: foo
asserts:
- equal:
path: spec.secretTemplate.annotations
value:
foo: bar
- equal:
path: spec.secretTemplate.labels
value:
bar: foo
# spec.secretTemplate
- it: Rendering Certificate object with custom `.Values.certificate.new.subject` values.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.subject.countries: [ "Country" ]
certificate.new.subject.localities: [ "City" ]
certificate.new.subject.organizationalUnits: [ "IT department" ]
certificate.new.subject.organizations: [ "My organization" ]
certificate.new.subject.postalCodes: [ "AB12345", "12345AB" ]
certificate.new.subject.provinces: [ "Provinces" ]
certificate.new.subject.serialNumber: "MyNumber"
certificate.new.subject.streetAddresses: [ "ExampleStreet 1", "StreetExample 2" ]
asserts:
- equal:
path: spec.subject.countries
value: [ "Country" ]
- equal:
path: spec.subject.localities
value: [ "City" ]
- equal:
path: spec.subject.organizationalUnits
value: [ "IT department" ]
- equal:
path: spec.subject.organizations
value: [ "My organization" ]
- equal:
path: spec.subject.postalCodes
value: [ "AB12345", "12345AB" ]
- equal:
path: spec.subject.provinces
value: [ "Provinces" ]
- equal:
path: spec.subject.serialNumber
value: "MyNumber"
- equal:
path: spec.subject.streetAddresses
value: [ "ExampleStreet 1", "StreetExample 2" ]
# spec.usages
- it: Rendering Certificate object with custom `.Values.certificate.new.usages`.
set:
certificate.enabled: true
certificate.new.issuerRef.kind: ClusterIssuer
certificate.new.issuerRef.name: my-issuer
certificate.new.usages: [ "client auth" ]
asserts:
- equal:
path: spec.usages
value: [ "client auth" ]
Reference in New Issue View Git Blame Copy Permalink