Skip to content

Commit

Permalink
Added custom image pull secrets integ test
Browse files Browse the repository at this point in the history
  • Loading branch information
chan-tim-sumo committed Jul 25, 2024
1 parent 2ea0cff commit d5b362a
Show file tree
Hide file tree
Showing 6 changed files with 117 additions and 2 deletions.
1 change: 1 addition & 0 deletions .changelog/3808.changed.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
test: Added custom image pull secrets tests for global configuration attributes
2 changes: 1 addition & 1 deletion deploy/helm/sumologic/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2347,7 +2347,7 @@ telegraf-operator:
## Configure Falco
## Please note that Falco is embedded in this Helm Chart for user convenience only - Sumo Logic does not provide production support for it
## This is an experimental configuration and shouldn't be used in production environment
## https://github.com/falcosecurity/charts/tree/master/falco
## https://github.com/falcosecurity/charts/blob/master/charts/falco/values.yaml
falco:
enabled: false

Expand Down
2 changes: 1 addition & 1 deletion docs/working-with-container-registries.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ kubectl create secret docker-registry ${SECRET_NAME} \
--docker-password=$(aws ecr-public --region us-east-1 get-login-password)
```

After creating the secret one can use it in the following way:
After creating the secret, one can use it in the following way:

```yaml
sumologic:
Expand Down
83 changes: 83 additions & 0 deletions tests/helm/common_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -475,6 +475,24 @@ func GetTolerations(object unstructured.Unstructured) ([]corev1.Toleration, erro
return nil, nil
}

func ContainsImagePullSecret(imagePullSecrets []corev1.LocalObjectReference, expectedSecret string) bool {
for _, secret := range imagePullSecrets {
if secret.Name == expectedSecret {
return true
}
}
return false
}

func ObjectUsesPullSecrets(objectName string, namesToCheck map[string]struct{}) bool {
for name := range namesToCheck {
if strings.Contains(objectName, name) {
return true
}
}
return false
}

func TestNamespaceOverride(t *testing.T) {
valuesFilePath := path.Join(testDataDirectory, "everything-enabled.yaml")
namespaceOverride := "override"
Expand Down Expand Up @@ -692,3 +710,68 @@ func TestCustomServiceAccountAnnotations(t *testing.T) {
}
}
}

func TestCustomImagePullSecrets(t *testing.T) {
t.Parallel()
valuesFilePath := path.Join(testDataDirectory, "custom-global-config-attributes.yaml")
renderedYamlString := RenderTemplate(
t,
&helm.Options{
ValuesFiles: []string{valuesFilePath},
SetStrValues: map[string]string{
"sumologic.accessId": "accessId",
"sumologic.accessKey": "accessKey",
},
Logger: logger.Discard,
},
chartDirectory,
releaseName,
[]string{},
true,
"--namespace",
defaultNamespace,
)

renderedObjects := UnmarshalMultipleFromYaml[unstructured.Unstructured](t, renderedYamlString)

for _, renderedObject := range renderedObjects {
kind := renderedObject.GetObjectKind().GroupVersionKind().Kind
name := renderedObject.GetName()

/**
1. objects that uses pull secrets
https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/main/docs/working-with-container-registries.md?plain=1#L37-L50
2. have a test for service account pull secrets: TestServiceAccountPullSecrets
*/
if !ObjectUsesPullSecrets(name, namesToCheck) || kind == "ServiceAccount" {
continue
}

// have a test for service account pull secrets: TestServiceAccountPullSecrets
if kind == "ServiceAccount" {
continue
}

podTemplateSpec, err := GetPodTemplateSpec(renderedObject)
if err != nil {
t.Logf("Error getting PodTemplateSpec for object %s: %v", renderedObject.GetName(), err)
continue
}

if podTemplateSpec == nil {
t.Logf("PodTemplateSpec is nil for object %s", renderedObject.GetName())
continue
}

require.NotEmpty(t, podTemplateSpec.Spec.ImagePullSecrets, "%s %s should have imagePullSecrets", kind, renderedObject.GetName())
assert.True(
t,
ContainsImagePullSecret(podTemplateSpec.Spec.ImagePullSecrets, customImagePullSecrets),
"Expected imagePullSecret %v not found in %s %s",
customImagePullSecrets,
kind,
renderedObject.GetName(),
)
}
}
11 changes: 11 additions & 0 deletions tests/helm/const.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ const (
customLabelValue = "customLabelValue"
customAnnotationsKey = "customAnnotationsKey"
customAnnotationsValue = "customAnnotationsValue"
customImagePullSecrets = "customImagePullSecrets"
)

var subChartNames []string = []string{
Expand All @@ -36,6 +37,16 @@ var subChartNames []string = []string{
"opentelemetry-operator",
}

// https://github.com/SumoLogic/sumologic-kubernetes-collection/blob/2ea0cff52579d3e77059eed94731770f8f16e402/docs/working-with-container-registries.md?plain=1#L37-L50
var namesToCheck = map[string]struct{}{
"setup-job": {},
"remote-write-proxy": {},
"kube-prometheus-s-prometheus": {},
"metrics-server": {},
"telegraf-operator": {},
"falco": {},
}

var expectedAnnotations = map[string]string{
"customServiceAccountAnnotationKey": "customServiceAccountAnnotationValue",
}
Expand Down
20 changes: 20 additions & 0 deletions tests/helm/testdata/custom-global-config-attributes.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
sumologic:
pullSecrets:
- name: customImagePullSecrets
metrics:
remoteWriteProxy:
enabled: true
Expand All @@ -10,8 +12,15 @@ sumologic:
serviceAccount:
annotations:
customServiceAccountAnnotationKey: customServiceAccountAnnotationValue
setup:
job:
pullSecrets:
- name: customImagePullSecrets

kube-prometheus-stack:
global:
imagePullSecrets:
- name: customImagePullSecrets
kube-state-metrics:
customLabels:
customLabelKey: customLabelValue
Expand Down Expand Up @@ -40,6 +49,8 @@ opentelemetry-operator:

falco:
enabled: true
imagePullSecrets:
- name: customImagePullSecrets
podLabels:
customLabelKey: customLabelValue
podAnnotations:
Expand All @@ -51,3 +62,12 @@ prometheus-windows-exporter:
customLabelKey: customLabelValue
podAnnotations:
customAnnotationsKey: customAnnotationsValue

metrics-server:
image:
pullSecrets:
- name: customImagePullSecrets

telegraf-operator:
imagePullSecrets:
- name: customImagePullSecrets

0 comments on commit d5b362a

Please sign in to comment.