feat(service-monitor): support bearer token authentication on metrics endpoint (#719)

### Benefits Can protect metrics endpoint with `Bearer` token authentication provided by gitea. see PR #637 for previous discussion. ### Possible drawbacks No possible drawbacks ### Applicable issues - fixes #635 ### Additional information ``` gitea: metrics: enabled: true token: "somepassword" serviceMonitor: enabled: true ``` Using above configuration is sufficient to secure /metrics endpoint with bearer token and corresponding ServiceMonitor. ### Checklist - [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm) - [ ] ~~Breaking changes are documented in the `README.md`~~ Not applicable - [x] Templating unittests are added Signed-off-by: Hitesh Nayak <hiteshnayak305@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/719 Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com> Co-authored-by: Hitesh Nayak <hiteshnayak305@gmail.com> Co-committed-by: Hitesh Nayak <hiteshnayak305@gmail.com>
2024-11-30 13:59:29 +00:00
parent 3bacaaad84
commit 389a8460e4
10 changed files with 253 additions and 0 deletions
--- a/unittests/servicemonitor/servicemonitor-enabled.yaml
+++ b/unittests/servicemonitor/servicemonitor-enabled.yaml
@ -0,0 +1,70 @@
+suite: ServiceMonitor template (monitoring enabled)
+release:
+  name: gitea-unittests
+  namespace: testing
+templates:
+  - templates/gitea/servicemonitor.yaml
+tests:
+  - it: renders unsecure ServiceMonitor if gitea.metrics.token nil
+    set:
+      gitea.metrics.enabled: true
+      gitea.metrics.token:
+      gitea.metrics.serviceMonitor.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - documentIndex: 0
+        containsDocument:
+          kind: ServiceMonitor
+          apiVersion: monitoring.coreos.com/v1
+          name: gitea-unittests
+      - isNotNullOrEmpty:
+          path: metadata.labels
+      - equal:
+          path: spec.endpoints
+          value:
+            - port: http
+  - it: renders unsecure ServiceMonitor if gitea.metrics.token empty
+    set:
+      gitea.metrics.enabled: true
+      gitea.metrics.token: ""
+      gitea.metrics.serviceMonitor.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - documentIndex: 0
+        containsDocument:
+          kind: ServiceMonitor
+          apiVersion: monitoring.coreos.com/v1
+          name: gitea-unittests
+      - isNotNullOrEmpty:
+          path: metadata.labels
+      - equal:
+          path: spec.endpoints
+          value:
+            - port: http
+  - it: renders secure ServiceMonitor if gitea.metrics.token not empty
+    set:
+      gitea.metrics.enabled: true
+      gitea.metrics.token: "test-token"
+      gitea.metrics.serviceMonitor.enabled: true
+    asserts:
+      - hasDocuments:
+          count: 1
+      - documentIndex: 0
+        containsDocument:
+          kind: ServiceMonitor
+          apiVersion: monitoring.coreos.com/v1
+          name: gitea-unittests
+      - isNotNullOrEmpty:
+          path: metadata.labels
+      - equal:
+          path: spec.endpoints
+          value:
+            - port: http
+              authorization:
+                type: Bearer
+                credentials:
+                  name: gitea-unittests-metrics-secret
+                  key: token
+                  optional: false