diff --git a/.changelog/3808.changed.txt b/.changelog/3808.changed.txt new file mode 100644 index 000000000..0ca38c8a2 --- /dev/null +++ b/.changelog/3808.changed.txt @@ -0,0 +1 @@ +test: Added custom image pull secrets tests for global configuration attributes \ No newline at end of file diff --git a/deploy/helm/sumologic/values.yaml b/deploy/helm/sumologic/values.yaml index 516a0d409..cd1a89665 100644 --- a/deploy/helm/sumologic/values.yaml +++ b/deploy/helm/sumologic/values.yaml @@ -2347,7 +2347,7 @@ telegraf-operator: ## Configure Falco ## Please note that Falco is embedded in this Helm Chart for user convenience only - Sumo Logic does not provide production support for it ## This is an experimental configuration and shouldn't be used in production environment -## https://github.com/falcosecurity/charts/tree/master/falco +## https://github.com/falcosecurity/charts/blob/master/charts/falco/values.yaml falco: enabled: false diff --git a/docs/working-with-container-registries.md b/docs/working-with-container-registries.md index 383c5c87d..2829d27f5 100644 --- a/docs/working-with-container-registries.md +++ b/docs/working-with-container-registries.md @@ -18,7 +18,7 @@ kubectl create secret docker-registry ${SECRET_NAME} \ --docker-password=$(aws ecr-public --region us-east-1 get-login-password) ``` -After creating the secret one can use it in the following way: +After creating the secret, one can use it in the following way: ```yaml sumologic: diff --git a/tests/helm/common_test.go b/tests/helm/common_test.go index d8ed4f9a2..4a744eb14 100644 --- a/tests/helm/common_test.go +++ b/tests/helm/common_test.go @@ -475,6 +475,24 @@ func GetTolerations(object unstructured.Unstructured) ([]corev1.Toleration, erro return nil, nil } +func ContainsImagePullSecret(imagePullSecrets []corev1.LocalObjectReference, expectedSecret string) bool { + for _, secret := range imagePullSecrets { + if secret.Name == expectedSecret { + return true + } + } + return false +} + +func ObjectUsesPullSecrets(objectName string, namesToCheck map[string]struct{}) bool { + for name := range namesToCheck { + if strings.Contains(objectName, name) { + return true + } + } + return false +} + func TestNamespaceOverride(t *testing.T) { valuesFilePath := path.Join(testDataDirectory, "everything-enabled.yaml") namespaceOverride := "override" @@ -692,3 +710,68 @@ func TestCustomServiceAccountAnnotations(t *testing.T) { } } } + +func TestCustomImagePullSecrets(t *testing.T) { + t.Parallel() + valuesFilePath := path.Join(testDataDirectory, "custom-global-config-attributes.yaml") + renderedYamlString := RenderTemplate( + t, + &helm.Options{ + ValuesFiles: []string{valuesFilePath}, + SetStrValues: map[string]string{ + "sumologic.accessId": "accessId", + "sumologic.accessKey": "accessKey", + }, + Logger: logger.Discard, + }, + chartDirectory, + releaseName, + []string{}, + true, + "--namespace", + defaultNamespace, + ) + + renderedObjects := UnmarshalMultipleFromYaml[unstructured.Unstructured](t, renderedYamlString) + + for _, renderedObject := range renderedObjects { + kind := renderedObject.GetObjectKind().GroupVersionKind().Kind + name := renderedObject.GetName() + + /** + 1. objects that uses pull secrets + https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/2ea0cff52579d3e77059eed94731770f8f16e402/docs/working-with-container-registries.md?plain=1#L37-L50 + + 2. have a test for service account pull secrets: TestServiceAccountPullSecrets + */ + if !ObjectUsesPullSecrets(name, namesToCheck) || kind == "ServiceAccount" { + continue + } + + // have a test for service account pull secrets: TestServiceAccountPullSecrets + if kind == "ServiceAccount" { + continue + } + + podTemplateSpec, err := GetPodTemplateSpec(renderedObject) + if err != nil { + t.Logf("Error getting PodTemplateSpec for object %s: %v", renderedObject.GetName(), err) + continue + } + + if podTemplateSpec == nil { + t.Logf("PodTemplateSpec is nil for object %s", renderedObject.GetName()) + continue + } + + require.NotEmpty(t, podTemplateSpec.Spec.ImagePullSecrets, "%s %s should have imagePullSecrets", kind, renderedObject.GetName()) + assert.True( + t, + ContainsImagePullSecret(podTemplateSpec.Spec.ImagePullSecrets, customImagePullSecrets), + "Expected imagePullSecret %v not found in %s %s", + customImagePullSecrets, + kind, + renderedObject.GetName(), + ) + } +} diff --git a/tests/helm/const.go b/tests/helm/const.go index c43b3e027..d2fba28ff 100644 --- a/tests/helm/const.go +++ b/tests/helm/const.go @@ -23,6 +23,7 @@ const ( customLabelValue = "customLabelValue" customAnnotationsKey = "customAnnotationsKey" customAnnotationsValue = "customAnnotationsValue" + customImagePullSecrets = "customImagePullSecrets" ) var subChartNames []string = []string{ @@ -36,6 +37,16 @@ var subChartNames []string = []string{ "opentelemetry-operator", } +// https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/2ea0cff52579d3e77059eed94731770f8f16e402/docs/working-with-container-registries.md?plain=1#L37-L50 +var namesToCheck = map[string]struct{}{ + "setup-job": {}, + "remote-write-proxy": {}, + "kube-prometheus-s-prometheus": {}, + "metrics-server": {}, + "telegraf-operator": {}, + "falco": {}, +} + var expectedAnnotations = map[string]string{ "customServiceAccountAnnotationKey": "customServiceAccountAnnotationValue", } diff --git a/tests/helm/testdata/custom-global-config-attributes.yaml b/tests/helm/testdata/custom-global-config-attributes.yaml index 864e18330..855efdf25 100644 --- a/tests/helm/testdata/custom-global-config-attributes.yaml +++ b/tests/helm/testdata/custom-global-config-attributes.yaml @@ -1,4 +1,6 @@ sumologic: + pullSecrets: + - name: customImagePullSecrets metrics: remoteWriteProxy: enabled: true @@ -10,8 +12,15 @@ sumologic: serviceAccount: annotations: customServiceAccountAnnotationKey: customServiceAccountAnnotationValue + setup: + job: + pullSecrets: + - name: customImagePullSecrets kube-prometheus-stack: + global: + imagePullSecrets: + - name: customImagePullSecrets kube-state-metrics: customLabels: customLabelKey: customLabelValue @@ -40,6 +49,8 @@ opentelemetry-operator: falco: enabled: true + imagePullSecrets: + - name: customImagePullSecrets podLabels: customLabelKey: customLabelValue podAnnotations: @@ -51,3 +62,12 @@ prometheus-windows-exporter: customLabelKey: customLabelValue podAnnotations: customAnnotationsKey: customAnnotationsValue + +metrics-server: + image: + pullSecrets: + - name: customImagePullSecrets + +telegraf-operator: + imagePullSecrets: + - name: customImagePullSecrets