Skip to content

Commit

Permalink
Added custom image pull secrets integ test
Browse files Browse the repository at this point in the history
  • Loading branch information
chan-tim-sumo committed Aug 1, 2024
1 parent 2ea0cff commit b10a879
Show file tree
Hide file tree
Showing 7 changed files with 129 additions and 3 deletions.
1 change: 1 addition & 0 deletions .changelog/3808.changed.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
test: Added custom image pull secrets tests for global configuration attributes
4 changes: 4 additions & 0 deletions deploy/helm/sumologic/templates/cleanup/serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,8 @@ metadata:
labels:
app: {{ template "sumologic.labels.app.cleanup.roles.serviceaccount" . }}
{{- include "sumologic.labels.common" . | nindent 4 }}
{{- if .Values.sumologic.pullSecrets }}
imagePullSecrets:
{{ toYaml .Values.sumologic.pullSecrets | indent 2 }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion deploy/helm/sumologic/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2347,7 +2347,7 @@ telegraf-operator:
## Configure Falco
## Please note that Falco is embedded in this Helm Chart for user convenience only - Sumo Logic does not provide production support for it
## This is an experimental configuration and shouldn't be used in production environment
## https://github.com/falcosecurity/charts/tree/master/falco
## https://github.com/falcosecurity/charts/blob/master/charts/falco/values.yaml
falco:
enabled: false

Expand Down
2 changes: 1 addition & 1 deletion docs/working-with-container-registries.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ kubectl create secret docker-registry ${SECRET_NAME} \
--docker-password=$(aws ecr-public --region us-east-1 get-login-password)
```

After creating the secret one can use it in the following way:
After creating the secret, one can use it in the following way:

```yaml
sumologic:
Expand Down
87 changes: 87 additions & 0 deletions tests/helm/common_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -475,6 +475,24 @@ func GetTolerations(object unstructured.Unstructured) ([]corev1.Toleration, erro
return nil, nil
}

func GetPullSecrets(serviceAccountName string, podTemplateSpec *corev1.PodTemplateSpec, serviceAccounts map[string]*corev1.ServiceAccount) []corev1.LocalObjectReference {
if serviceAccount, exists := serviceAccounts[serviceAccountName]; exists {
if len(serviceAccount.ImagePullSecrets) > 0 {
return serviceAccount.ImagePullSecrets
}
}
return podTemplateSpec.Spec.ImagePullSecrets
}

func ContainsImagePullSecret(imagePullSecrets []corev1.LocalObjectReference, expectedSecret string) bool {
for _, secret := range imagePullSecrets {
if secret.Name == expectedSecret {
return true
}
}
return false
}

func TestNamespaceOverride(t *testing.T) {
valuesFilePath := path.Join(testDataDirectory, "everything-enabled.yaml")
namespaceOverride := "override"
Expand Down Expand Up @@ -692,3 +710,72 @@ func TestCustomServiceAccountAnnotations(t *testing.T) {
}
}
}

func TestCustomImagePullSecrets(t *testing.T) {
t.Parallel()
valuesFilePath := path.Join(testDataDirectory, "custom-global-config-attributes.yaml")
renderedYamlString := RenderTemplate(
t,
&helm.Options{
ValuesFiles: []string{valuesFilePath},
SetStrValues: map[string]string{
"sumologic.accessId": "accessId",
"sumologic.accessKey": "accessKey",
},
Logger: logger.Discard,
},
chartDirectory,
releaseName,
[]string{},
true,
"--namespace",
defaultNamespace,
)

renderedObjects := UnmarshalMultipleFromYaml[unstructured.Unstructured](t, renderedYamlString)
serviceAccounts := make(map[string]*corev1.ServiceAccount)

for _, renderedObject := range renderedObjects {
if renderedObject.GetKind() == "ServiceAccount" {
serviceAccount := &corev1.ServiceAccount{}

err := runtime.DefaultUnstructuredConverter.FromUnstructured(renderedObject.Object, serviceAccount)
require.NoError(t, err)
serviceAccounts[serviceAccount.GetName()] = serviceAccount
}
}

for _, renderedObject := range renderedObjects {
kind := renderedObject.GetObjectKind().GroupVersionKind().Kind

// have a test for service account pull secrets: TestServiceAccountPullSecrets
if kind == "ServiceAccount" {
continue
}

podTemplateSpec, err := GetPodTemplateSpec(renderedObject)
if err != nil {
t.Logf("Error getting PodTemplateSpec for object %s: %v", renderedObject.GetName(), err)
continue
}

if podTemplateSpec == nil {
t.Logf("PodTemplateSpec is nil for object %s", renderedObject.GetName())
continue
}

serviceAccountName := podTemplateSpec.Spec.ServiceAccountName
actualPullSecrets := GetPullSecrets(serviceAccountName, podTemplateSpec, serviceAccounts)

require.NotEmpty(t, actualPullSecrets, "%s %s should have imagePullSecrets", kind, renderedObject.GetName())
assert.True(
t,
ContainsImagePullSecret(actualPullSecrets, customImagePullSecrets),
"Expected imagePullSecret %v not found in %s. object name: %s; service account: %s",
customImagePullSecrets,
kind,
renderedObject.GetName(),
serviceAccountName,
)
}
}
2 changes: 2 additions & 0 deletions tests/helm/const.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ const (
customLabelValue = "customLabelValue"
customAnnotationsKey = "customAnnotationsKey"
customAnnotationsValue = "customAnnotationsValue"
customImagePullSecrets = "customImagePullSecrets"
customImagePullSecrets2 = "customImagePullSecrets2"
)

var subChartNames []string = []string{
Expand Down
34 changes: 33 additions & 1 deletion tests/helm/testdata/custom-global-config-attributes.yaml
Original file line number Diff line number Diff line change
@@ -1,22 +1,38 @@
sumologic:
pullSecrets:
- name: customImagePullSecrets
- name: customImagePullSecrets2
metrics:
remoteWriteProxy:
enabled: true

podLabels:
customLabelKey: customLabelValue
podAnnotations:
customAnnotationsKey: customAnnotationsValue
serviceAccount:
annotations:
customServiceAccountAnnotationKey: customServiceAccountAnnotationValue
setup:
job:
pullSecrets:
- name: customImagePullSecrets
- name: customImagePullSecrets2

kube-prometheus-stack:
global:
imagePullSecrets:
- name: customImagePullSecrets
- name: customImagePullSecrets2
kube-state-metrics:
customLabels:
customLabelKey: customLabelValue
podAnnotations:
customAnnotationsKey: customAnnotationsValue
serviceAccount:
create: true
imagePullSecrets:
- name: customImagePullSecrets
- name: customImagePullSecrets2
prometheus:
enabled: true
prometheusSpec:
Expand All @@ -26,6 +42,11 @@ kube-prometheus-stack:
annotations:
customAnnotationsKey: customAnnotationsValue
prometheus-node-exporter:
serviceAccount:
create: true
imagePullSecrets:
- name: customImagePullSecrets
- name: customImagePullSecrets2
podLabels:
customLabelKey: customLabelValue
podAnnotations:
Expand All @@ -37,9 +58,15 @@ opentelemetry-operator:
customLabelKey: customLabelValue
podAnnotations:
customAnnotationsKey: customAnnotationsValue
imagePullSecrets:
- name: customImagePullSecrets
- name: customImagePullSecrets2

falco:
enabled: true
imagePullSecrets:
- name: customImagePullSecrets
- name: customImagePullSecrets2
podLabels:
customLabelKey: customLabelValue
podAnnotations:
Expand All @@ -51,3 +78,8 @@ prometheus-windows-exporter:
customLabelKey: customLabelValue
podAnnotations:
customAnnotationsKey: customAnnotationsValue
serviceAccount:
create: true
imagePullSecrets:
- name: customImagePullSecrets
- name: customImagePullSecrets2

0 comments on commit b10a879

Please sign in to comment.