From 1da7ed5a66edb279ebecb5ba8777441a01d1e50d Mon Sep 17 00:00:00 2001 From: Carlos Vega Date: Tue, 9 Jul 2024 17:32:41 +0200 Subject: [PATCH 1/2] Create unit tests for Core - Migrate `go test` to `helm unittest` - Migrate Trivy existing unit tests to `helm unittest` - Add unit tests for Core Signed-off-by: Carlos Vega --- .github/workflows/unittest.yaml | 18 +- test/unittest/core_configmap_test.yaml | 180 +++++++ test/unittest/core_deployment_test.yaml | 547 ++++++++++++++++++++++ test/unittest/core_job_test.yaml | 198 ++++++++ test/unittest/core_secret_test.yaml | 97 ++++ test/unittest/core_svc_test.yaml | 84 ++++ test/unittest/core_tls_test.yaml | 40 ++ test/unittest/trivy_stateful_set_test.go | 171 ------- test/unittest/trivy_statefulset_test.yaml | 97 ++++ 9 files changed, 1247 insertions(+), 185 deletions(-) create mode 100644 test/unittest/core_configmap_test.yaml create mode 100644 test/unittest/core_deployment_test.yaml create mode 100644 test/unittest/core_job_test.yaml create mode 100644 test/unittest/core_secret_test.yaml create mode 100644 test/unittest/core_svc_test.yaml create mode 100644 test/unittest/core_tls_test.yaml delete mode 100644 test/unittest/trivy_stateful_set_test.go create mode 100644 test/unittest/trivy_statefulset_test.yaml diff --git a/.github/workflows/unittest.yaml b/.github/workflows/unittest.yaml index d9cf91e90..0c3e8100d 100644 --- a/.github/workflows/unittest.yaml +++ b/.github/workflows/unittest.yaml @@ -16,20 +16,10 @@ jobs: with: version: '3.11.1' - - name: Set up Go 1.19 - uses: actions/setup-go@v2 - with: - go-version: 1.19 - - - name: Cache go mod - uses: actions/cache@v2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- + - name: Install Helm Unit Test Plugin + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest --version v0.4.4 - name: Run unit tests - working-directory: ./test run: - go test -v github.com/goharbor/harbor-helm/unittest + helm unittest -f 'test/unittest/*.yaml' . diff --git a/test/unittest/core_configmap_test.yaml b/test/unittest/core_configmap_test.yaml new file mode 100644 index 000000000..5699425db --- /dev/null +++ b/test/unittest/core_configmap_test.yaml @@ -0,0 +1,180 @@ +suite: CoreConfigMap + +tests: + - it: witTrivy + set: + trivy: + enabled: true + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.WITH_TRIVY + value: "true" + + - it: RedisUrlHarborInternal + set: + redis: + internal: + harborDatabaseIndex: test-index + type: internal + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data._REDIS_URL_HARBOR + value: redis://RELEASE-NAME-harbor-redis:6379/test-index?idle_timeout_seconds=30 + + - it: RedisUrlHarborExternal + set: + redis: + external: + harborDatabaseIndex: test-index + type: external + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data._REDIS_URL_HARBOR + value: redis://192.168.0.2:6379/test-index?idle_timeout_seconds=30 + + - it: CacheLayerDatabaseIndex + set: + redis: + internal: + cacheLayerDatabaseIndex: test-index + type: internal + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data._REDIS_URL_CACHE_LAYER + value: redis://RELEASE-NAME-harbor-redis:6379/test-index?idle_timeout_seconds=30 + + - it: RegsitryCredentialUsername + set: + registry: + credentials: + username: test-username + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.REGISTRY_CREDENTIAL_USERNAME + value: test-username + + - it: UaaSecretName + set: + uaaSecretName: true + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.UAA_CA_ROOT + value: /etc/core/auth-ca/auth-ca.crt + + - it: MetricEnabled + set: + metrics: + enabled: true + core: + path: /customMetrics + port: 8080 + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.METRIC_ENABLE + value: "true" + - equal: + path: data.METRIC_PATH + value: /customMetrics + - equal: + path: data.METRIC_PORT + value: "8080" + - equal: + path: data.METRIC_NAMESPACE + value: harbor + - equal: + path: data.METRIC_SUBSYSTEM + value: core + + - it: GcTimeWindowHours + set: + core: + gcTimeWindowHours: 2 + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.GC_TIME_WINDOW_HOURS + value: "2" + + - it: GcTimeWindowHours + set: + core: + artifactPullAsyncFlushDuration: 30 + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.ARTIFACT_PULL_ASYNC_FLUSH_DURATION + value: "30" + + - it: GdprDeleteUser + set: + core: + gdpr: + deleteUser: true + auditLogsCompliant: false + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.GDPR_DELETE_USER + value: "true" + - notExists: + path: data.GDPR_AUDIT_LOGS + + - it: GdprAuditLogsCompliant + set: + core: + gdpr: + deleteUser: false + auditLogsCompliant: true + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.GDPR_AUDIT_LOGS + value: "true" + - notExists: + path: data.GDPR_DELETE_USER + + - it: GdprDeleteUserAuditLogsCompliant + set: + core: + gdpr: + deleteUser: true + auditLogsCompliant: true + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.GDPR_DELETE_USER + value: "true" + - equal: + path: data.GDPR_AUDIT_LOGS + value: "true" + + - it: CacheEnabled + set: + cache: + enabled: true + expireHours: 3 + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.CACHE_ENABLED + value: "true" + - equal: + path: data.CACHE_EXPIRE_HOURS + value: "3" + + - it: CuotaUpdate + set: + core: + quotaUpdateProvider: 3 + template: templates/core/core-cm.yaml + asserts: + - equal: + path: data.QUOTA_UPDATE_PROVIDER + value: "3" \ No newline at end of file diff --git a/test/unittest/core_deployment_test.yaml b/test/unittest/core_deployment_test.yaml new file mode 100644 index 000000000..91c974196 --- /dev/null +++ b/test/unittest/core_deployment_test.yaml @@ -0,0 +1,547 @@ +suite: CoreDeployment + +tests: + - it: PodLabels + set: + core: + podLabels: + test.label: test-label + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.metadata.labels["test.label"] + value: test-label + + - it: PodAnnotations + set: + core: + podAnnotations: + test.annotation: test-annotation + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.metadata.annotations["test.annotation"] + value: test-annotation + + - it: PodAnnotations + set: + core: + podAnnotations: + test.annotation: test-annotation + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.metadata.annotations["test.annotation"] + value: test-annotation + + - it: NoReplicas + set: + core: + replicas: 0 + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.replicas + value: 0 + + - it: MultipleReplicas + set: + core: + replicas: 2 + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.replicas + value: 2 + + - it: ServiceAccounts + set: + core: + serviceAccountName: testServiceAccount + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.serviceAccountName + value: testServiceAccount + + - it: ImagePullSecrets + set: + imagePullSecrets: + - name: test-secret-1 + - name: test-secret-2 + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.imagePullSecrets + count: 2 + - equal: + path: spec.template.spec.imagePullSecrets + value: + - name: test-secret-1 + - name: test-secret-2 + + - it: TopologySpreadConstraints + set: + core: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.topologySpreadConstraints + count: 1 + - contains: + path: spec.template.spec.topologySpreadConstraints + content: + labelSelector: + matchLabels: + app: harbor + component: core + release: RELEASE-NAME + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + + - it: InitContainers + set: + core: + initContainers: + - name: test + image: busybox + command: ["sh", "-c", "sleep 20"] + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.initContainers + count: 1 + - equal: + path: spec.template.spec.initContainers + value: + - name: test + image: busybox + command: + - sh + - "-c" + - sleep 20 + + - it: ContainerImage + set: + core: + image: + repository: test-repository/test-image + tag: 1.0.0 + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: test-repository/test-image:1.0.0 + + - it: StartupProbe + set: + core: + startupProbe: + enabled: true + initialDelaySeconds: 10 + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].startupProbe.httpGet.path + value: /api/v2.0/ping + - equal: + path: spec.template.spec.containers[0].startupProbe.httpGet.scheme + value: HTTP + - equal: + path: spec.template.spec.containers[0].startupProbe.httpGet.port + value: 8080 + - equal: + path: spec.template.spec.containers[0].startupProbe.failureThreshold + value: 360 + - equal: + path: spec.template.spec.containers[0].startupProbe.initialDelaySeconds + value: 10 + - equal: + path: spec.template.spec.containers[0].startupProbe.periodSeconds + value: 10 + + - it: StartupProbeInternalTLS + set: + core: + startupProbe: + enabled: true + initialDelaySeconds: 10 + internalTLS: + enabled: true + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].startupProbe.httpGet.path + value: /api/v2.0/ping + - equal: + path: spec.template.spec.containers[0].startupProbe.httpGet.scheme + value: HTTPS + - equal: + path: spec.template.spec.containers[0].startupProbe.httpGet.port + value: 8443 + - equal: + path: spec.template.spec.containers[0].startupProbe.failureThreshold + value: 360 + - equal: + path: spec.template.spec.containers[0].startupProbe.initialDelaySeconds + value: 10 + - equal: + path: spec.template.spec.containers[0].startupProbe.periodSeconds + value: 10 + + - it: ExistingSecretAdminPassword + set: + existingSecretAdminPassword: HARBOR_ADMIN_PASSWORD + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 3 + - equal: + path: spec.template.spec.containers[0].env[2].name + value: HARBOR_ADMIN_PASSWORD + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name + value: HARBOR_ADMIN_PASSWORD + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key + value: HARBOR_ADMIN_PASSWORD + + - it: InternalTLS + set: + internalTLS: + enabled: true + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 6 + - equal: + path: spec.template.spec.containers[0].env[2].name + value: INTERNAL_TLS_ENABLED + - equal: + path: spec.template.spec.containers[0].env[2].value + value: "true" + - equal: + path: spec.template.spec.containers[0].env[3].name + value: INTERNAL_TLS_KEY_PATH + - equal: + path: spec.template.spec.containers[0].env[3].value + value: /etc/harbor/ssl/core/tls.key + - equal: + path: spec.template.spec.containers[0].env[4].name + value: INTERNAL_TLS_CERT_PATH + - equal: + path: spec.template.spec.containers[0].env[4].value + value: /etc/harbor/ssl/core/tls.crt + - equal: + path: spec.template.spec.containers[0].env[5].name + value: INTERNAL_TLS_TRUST_CA_PATH + - equal: + path: spec.template.spec.containers[0].env[5].value + value: /etc/harbor/ssl/core/ca.crt + - equal: + path: spec.template.spec.containers[0].volumeMounts[4].name + value: core-internal-certs + - equal: + path: spec.template.spec.containers[0].volumeMounts[4].mountPath + value: /etc/harbor/ssl/core + + - it: DBCredentials + set: + database: + external: + existingSecret: db-secret-name + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 3 + - equal: + path: spec.template.spec.containers[0].env[2].name + value: POSTGRESQL_PASSWORD + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name + value: db-secret-name + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key + value: password + + - it: RegistryCredentials + set: + registry: + credentials: + existingSecret: registry-secret-name + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 3 + - equal: + path: spec.template.spec.containers[0].env[2].name + value: REGISTRY_CREDENTIAL_PASSWORD + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name + value: registry-secret-name + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key + value: REGISTRY_PASSWD + + - it: XsrfCredentials + set: + core: + existingXsrfSecret: xsrf-secret-name + existingXsrfSecretKey: xsrf-secret-key + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 3 + - equal: + path: spec.template.spec.containers[0].env[2].name + value: CSRF_KEY + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name + value: xsrf-secret-name + - equal: + path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key + value: xsrf-secret-key + + - it: ExtraEnvVars + set: + core: + extraEnvVars: + - name: ENVVAR_NAME + value: envvar_value + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 3 + - equal: + path: spec.template.spec.containers[0].env[2].name + value: ENVVAR_NAME + - equal: + path: spec.template.spec.containers[0].env[2].value + value: envvar_value + + - it: MultipleExtraEnvVars + set: + core: + extraEnvVars: + - name: ENVVAR_NAME_1 + value: envvar_value_1 + - name: ENVVAR_NAME_2 + value: envvar_value_2 + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 4 + - equal: + path: spec.template.spec.containers[0].env[2].name + value: ENVVAR_NAME_1 + - equal: + path: spec.template.spec.containers[0].env[2].value + value: envvar_value_1 + - equal: + path: spec.template.spec.containers[0].env[3].name + value: ENVVAR_NAME_2 + - equal: + path: spec.template.spec.containers[0].env[3].value + value: envvar_value_2 + + - it: ContainerSecurityContext + set: + containerSecurityContext: + privileged: true + allowPrivilegeEscalation: true + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + capabilities: + drop: + - All + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].securityContext.privileged + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.seccompProfile.type + value: RuntimeDefault + - equal: + path: spec.template.spec.containers[0].securityContext.runAsNonRoot + value: true + - equal: + path: spec.template.spec.containers[0].securityContext.capabilities.drop[0] + value: All + + - it: ExposeTLSEnabled + set: + expose: + tls: + enabled: true + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].volumeMounts + count: 5 + - equal: + path: spec.template.spec.containers[0].volumeMounts[3].name + value: ca-download + - equal: + path: spec.template.spec.containers[0].volumeMounts[3].mountPath + value: /etc/core/ca + + - it: UaaSecretName + set: + uaaSecretName: uaa-secret-name + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].volumeMounts + count: 6 + - lengthEqual: + path: spec.template.spec.volumes + count: 6 + - equal: + path: spec.template.spec.volumes[4].name + value: auth-ca-cert + - equal: + path: spec.template.spec.volumes[4].secret.secretName + value: uaa-secret-name + - equal: + path: spec.template.spec.volumes[4].secret.items[0].key + value: ca.crt + - equal: + path: spec.template.spec.volumes[4].secret.items[0].path + value: auth-ca.crt + - equal: + path: spec.template.spec.containers[0].volumeMounts[4].mountPath + value: /etc/core/auth-ca/auth-ca.crt + - equal: + path: spec.template.spec.containers[0].volumeMounts[4].subPath + value: auth-ca.crt + + - it: Resources + set: + core: + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 500Mi + cpu: 200m + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: 100m + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: 256Mi + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: 200m + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: 500Mi + + - it: CASecretName + set: + caSecretName: ca-secret-name + template: templates/core/core-dpl.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers[0].volumeMounts + count: 5 + - equal: + path: spec.template.spec.containers[0].volumeMounts[3].name + value: ca-download + - equal: + path: spec.template.spec.containers[0].volumeMounts[3].mountPath + value: /etc/core/ca + - equal: + path: spec.template.spec.volumes[3].name + value: ca-download + - equal: + path: spec.template.spec.volumes[3].secret.secretName + value: ca-secret-name + + - it: NodeSelector + set: + core: + nodeSelector: + node.selector/tier: test-node-selector + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector["node.selector/tier"] + value: test-node-selector + + - it: Affinity + set: + core: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: test-affinity + operator: In + values: + - S1 + topologyKey: topology.kubernetes.io/zone + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key + value: test-affinity + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0] + value: S1 + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey + value: topology.kubernetes.io/zone + + - it: Tolerations + set: + core: + tolerations: + - effect: NoSchedule + key: test-label + value: test + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].key + value: test-label + - equal: + path: spec.template.spec.tolerations[0].value + value: test + + - it: PriorityClassName + set: + core: + priorityClassName: test-priority + template: templates/core/core-dpl.yaml + asserts: + - equal: + path: spec.template.spec.priorityClassName + value: test-priority diff --git a/test/unittest/core_job_test.yaml b/test/unittest/core_job_test.yaml new file mode 100644 index 000000000..0f060fea5 --- /dev/null +++ b/test/unittest/core_job_test.yaml @@ -0,0 +1,198 @@ +suite: CoreJob + +tests: + - it: JobDefault + set: + enableMigrateHelmHook: true + template: templates/core/core-pre-upgrade-job.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers + count: 1 + - lengthEqual: + path: spec.template.spec.containers[0].volumeMounts + count: 1 + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + - equal: + path: metadata.name + value: migration-job + - equal: + path: spec.template.spec.containers[0].name + value: core-job + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: config + - equal: + path: spec.template.spec.volumes[0].name + value: config + - equal: + path: spec.template.spec.containers[0].command + value: ["/harbor/harbor_core", "-mode=migrate"] + - it: ServiceAccount + set: + enableMigrateHelmHook: true + core: + serviceAccountName: test-service-account + template: templates/core/core-pre-upgrade-job.yaml + asserts: + - lengthEqual: + path: spec.template.spec.containers + count: 1 + - lengthEqual: + path: spec.template.spec.containers[0].volumeMounts + count: 1 + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + - equal: + path: metadata.name + value: migration-job + - equal: + path: spec.template.spec.containers[0].name + value: core-job + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: config + - equal: + path: spec.template.spec.volumes[0].name + value: config + - equal: + path: spec.template.spec.serviceAccountName + value: test-service-account + - equal: + path: spec.template.spec.containers[0].command + value: ["/harbor/harbor_core", "-mode=migrate"] + - it: NodeSelector + set: + enableMigrateHelmHook: true + core: + nodeSelector: + node.selector/tier: test-node-selector + template: templates/core/core-pre-upgrade-job.yaml + asserts: + - equal: + path: spec.template.spec.nodeSelector["node.selector/tier"] + value: test-node-selector + - lengthEqual: + path: spec.template.spec.containers + count: 1 + - lengthEqual: + path: spec.template.spec.containers[0].volumeMounts + count: 1 + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + - equal: + path: metadata.name + value: migration-job + - equal: + path: spec.template.spec.containers[0].name + value: core-job + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: config + - equal: + path: spec.template.spec.volumes[0].name + value: config + - equal: + path: spec.template.spec.containers[0].command + value: ["/harbor/harbor_core", "-mode=migrate"] + + - it: Affinity + set: + enableMigrateHelmHook: true + core: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: test-affinity + operator: In + values: + - S1 + topologyKey: topology.kubernetes.io/zone + template: templates/core/core-pre-upgrade-job.yaml + asserts: + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key + value: test-affinity + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator + value: In + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0] + value: S1 + - equal: + path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey + value: topology.kubernetes.io/zone + - lengthEqual: + path: spec.template.spec.containers + count: 1 + - lengthEqual: + path: spec.template.spec.containers[0].volumeMounts + count: 1 + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + - equal: + path: metadata.name + value: migration-job + - equal: + path: spec.template.spec.containers[0].name + value: core-job + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: config + - equal: + path: spec.template.spec.volumes[0].name + value: config + - equal: + path: spec.template.spec.containers[0].command + value: ["/harbor/harbor_core", "-mode=migrate"] + + - it: Tolerations + set: + enableMigrateHelmHook: true + core: + tolerations: + - effect: NoSchedule + key: test-label + value: test + template: templates/core/core-pre-upgrade-job.yaml + asserts: + - equal: + path: spec.template.spec.tolerations[0].effect + value: NoSchedule + - equal: + path: spec.template.spec.tolerations[0].key + value: test-label + - equal: + path: spec.template.spec.tolerations[0].value + value: test + - lengthEqual: + path: spec.template.spec.containers + count: 1 + - lengthEqual: + path: spec.template.spec.containers[0].volumeMounts + count: 1 + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + - equal: + path: metadata.name + value: migration-job + - equal: + path: spec.template.spec.containers[0].name + value: core-job + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: config + - equal: + path: spec.template.spec.volumes[0].name + value: config + - equal: + path: spec.template.spec.containers[0].command + value: ["/harbor/harbor_core", "-mode=migrate"] \ No newline at end of file diff --git a/test/unittest/core_secret_test.yaml b/test/unittest/core_secret_test.yaml new file mode 100644 index 000000000..02553c036 --- /dev/null +++ b/test/unittest/core_secret_test.yaml @@ -0,0 +1,97 @@ +suite: CoreSecret + +tests: + - it: Secret + set: + secretKey: test-secret + harborAdminPassword: test-admin-password + registry: + credentials: + password: test-registry-secret + core: + secret: test-secret-defined + xsrfKey: xsrf-key + configureUserSettings: "{\"test\": \"test\"}" + template: templates/core/core-secret.yaml + asserts: + - equal: + path: data.secretKey + value: "dGVzdC1zZWNyZXQ=" + - equal: + path: data.secret + value: "dGVzdC1zZWNyZXQtZGVmaW5lZA==" + - exists: + path: data["tls.key"] + - exists: + path: data["tls.crt"] + - equal: + path: data.HARBOR_ADMIN_PASSWORD + value: "dGVzdC1hZG1pbi1wYXNzd29yZA==" + - equal: + path: data.CONFIG_OVERWRITE_JSON + value: "eyJ0ZXN0IjogInRlc3QifQ==" + + - it: ExistingSecretSecretKey + set: + existingSecretSecretKey: test-secret + template: templates/core/core-secret.yaml + asserts: + - notExists: + path: data.secretKey + + - it: ExistingCoreSecret + set: + core: + existingSecret: test-secret + template: templates/core/core-secret.yaml + asserts: + - notExists: + path: data.secret + + - it: ExistingTLSSecret + set: + core: + secretName: test-secret + template: templates/core/core-secret.yaml + asserts: + - notExists: + path: data["tls.key"] + - notExists: + path: data["tls.crt"] + + - it: ExistingAdminSecret + set: + existingSecretAdminPassword: test-password + template: templates/core/core-secret.yaml + asserts: + - notExists: + path: data.HARBOR_ADMIN_PASSWORD + + - it: ExistingDBSecret + set: + database: + external: + existingSecret: test-db-secret + template: templates/core/core-secret.yaml + asserts: + - notExists: + path: data.POSTGRESQL_PASSWORD + + - it: ExistingRegistrySecret + set: + registry: + credentials: + existingSecret: test-registry-secret + template: templates/core/core-secret.yaml + asserts: + - notExists: + path: data.REGISTRY_CREDENTIAL_PASSWORD + + - it: ExistingRegistrySecret + set: + core: + existingXsrfSecret: test-xsrf-secret + template: templates/core/core-secret.yaml + asserts: + - notExists: + path: data.CSRF_KEY \ No newline at end of file diff --git a/test/unittest/core_svc_test.yaml b/test/unittest/core_svc_test.yaml new file mode 100644 index 000000000..ee641cca7 --- /dev/null +++ b/test/unittest/core_svc_test.yaml @@ -0,0 +1,84 @@ +suite: CoreSvc + +tests: + - it: Annotation + set: + core: + serviceAnnotations: + test.annotation: test-annotation + template: templates/core/core-svc.yaml + asserts: + - equal: + path: metadata.annotations["test.annotation"] + value: test-annotation + + - it: TypeGce + set: + expose: + ingress: + controller: gce + template: templates/core/core-svc.yaml + asserts: + - equal: + path: spec.type + value: NodePort + + - it: TypeAlb + set: + expose: + ingress: + controller: alb + template: templates/core/core-svc.yaml + asserts: + - equal: + path: spec.type + value: NodePort + + - it: TypeF5 + set: + expose: + ingress: + controller: f5-bigip + template: templates/core/core-svc.yaml + asserts: + - equal: + path: spec.type + value: NodePort + + - it: NotType + template: templates/core/core-svc.yaml + asserts: + - notExists: + path: spec.type + + - it: ExposeTLSEnabled + set: + internalTLS: + enabled: true + template: templates/core/core-svc.yaml + asserts: + - equal: + path: spec.ports[0].name + value: https-web + + - it: ExposeTLSDisabled + set: + internalTLS: + enabled: false + template: templates/core/core-svc.yaml + asserts: + - equal: + path: spec.ports[0].name + value: http-web + + - it: ExposeMetricsPort + set: + metrics: + enabled: true + core: + port: 1111 + template: templates/core/core-svc.yaml + asserts: + - equal: + path: spec.ports[1].port + value: 1111 \ No newline at end of file diff --git a/test/unittest/core_tls_test.yaml b/test/unittest/core_tls_test.yaml new file mode 100644 index 000000000..1d9dca1a9 --- /dev/null +++ b/test/unittest/core_tls_test.yaml @@ -0,0 +1,40 @@ +suite: CoreTls + +tests: + - it: TLSExists + set: + trivy: + enabled: false + registry: + enabled: false + internalTLS: + enabled: true + trustCa: testCa + certSource: manual + core: + crt: testCrt + key: testKey + registry: + crt: testCrt + key: testKey + portal: + crt: testCrt + key: testKey + jobservice: + crt: testCrt + key: testKey + template: templates/core/core-tls.yaml + asserts: + - exists: + path: metadata.name + - exists: + path: apiVersion + - equal: + path: data["ca.crt"] + value: "dGVzdENh" + - equal: + path: data["tls.crt"] + value: "dGVzdENydA==" + - equal: + path: data["tls.key"] + value: "dGVzdEtleQ==" diff --git a/test/unittest/trivy_stateful_set_test.go b/test/unittest/trivy_stateful_set_test.go deleted file mode 100644 index c8efa9be8..000000000 --- a/test/unittest/trivy_stateful_set_test.go +++ /dev/null @@ -1,171 +0,0 @@ -package unittest - -import ( - "os" - "testing" - - "github.com/gruntwork-io/terratest/modules/helm" - "github.com/gruntwork-io/terratest/modules/logger" - "github.com/stretchr/testify/suite" - appsV1 "k8s.io/api/apps/v1" -) - -type TrivyStatefulSetTestSuite struct { - suite.Suite -} - -func (suite *TrivyStatefulSetTestSuite) render(values map[string]string) *appsV1.StatefulSet { - helmChartPath := "../../" - - options := &helm.Options{ - SetValues: values, - } - - debug := os.Getenv("debug") - if debug != "true" { - options.Logger = logger.Discard - } - - output := helm.RenderTemplate(suite.T(), options, helmChartPath, "harbor", []string{"templates/trivy/trivy-sts.yaml"}) - - var ss appsV1.StatefulSet - helm.UnmarshalK8SYaml(suite.T(), output, &ss) - - return &ss -} - -func (suite *TrivyStatefulSetTestSuite) TestPersistenceDisabled() { - values := map[string]string{ - "persistence.enabled": "false", - "persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 1) - suite.NotNil(ss.Spec.Template.Spec.Volumes[0].EmptyDir) - suite.Len(ss.Spec.VolumeClaimTemplates, 0) -} - -func (suite *TrivyStatefulSetTestSuite) TestPersistenceEnabled() { - values := map[string]string{ - "persistence.enabled": "true", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 0) - suite.Len(ss.Spec.VolumeClaimTemplates, 1) -} - -func (suite *TrivyStatefulSetTestSuite) TestExistingClaim() { - values := map[string]string{ - "persistence.enabled": "true", - "persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 1) - suite.NotNil(ss.Spec.Template.Spec.Volumes[0].PersistentVolumeClaim) - suite.Equal("trivy-data", ss.Spec.Template.Spec.Volumes[0].PersistentVolumeClaim.ClaimName) - suite.Len(ss.Spec.VolumeClaimTemplates, 0) -} - -func (suite *TrivyStatefulSetTestSuite) TestInternalTLSEnabled() { - { - values := map[string]string{ - "internalTLS.enabled": "true", - "persistence.enabled": "false", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 2) - suite.Len(ss.Spec.VolumeClaimTemplates, 0) - } - - { - values := map[string]string{ - "internalTLS.enabled": "true", - "persistence.enabled": "true", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 1) - suite.Len(ss.Spec.VolumeClaimTemplates, 1) - } - - { - values := map[string]string{ - "internalTLS.enabled": "true", - "persistence.enabled": "true", - "persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 2) - suite.Len(ss.Spec.VolumeClaimTemplates, 0) - } -} - -func (suite *TrivyStatefulSetTestSuite) TestCustomCA() { - { - values := map[string]string{ - "caBundleSecretName": "ca-bundle-secret", - "persistence.enabled": "false", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 2) - suite.Len(ss.Spec.VolumeClaimTemplates, 0) - } - - { - values := map[string]string{ - "caBundleSecretName": "ca-bundle-secret", - "internalTLS.enabled": "true", - "persistence.enabled": "false", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 3) - suite.Len(ss.Spec.VolumeClaimTemplates, 0) - } - - { - values := map[string]string{ - "caBundleSecretName": "ca-bundle-secret", - "internalTLS.enabled": "true", - "persistence.enabled": "true", - "persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 3) - suite.Len(ss.Spec.VolumeClaimTemplates, 0) - } - - { - values := map[string]string{ - "caBundleSecretName": "ca-bundle-secret", - "persistence.enabled": "true", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 1) - suite.Len(ss.Spec.VolumeClaimTemplates, 1) - } - - { - values := map[string]string{ - "caBundleSecretName": "ca-bundle-secret", - "persistence.enabled": "true", - "persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data", - } - - ss := suite.render(values) - suite.Len(ss.Spec.Template.Spec.Volumes, 2) - suite.Len(ss.Spec.VolumeClaimTemplates, 0) - } -} - -func TestTrivyStatefulSetTestSuite(t *testing.T) { - suite.Run(t, &TrivyStatefulSetTestSuite{}) -} diff --git a/test/unittest/trivy_statefulset_test.yaml b/test/unittest/trivy_statefulset_test.yaml new file mode 100644 index 000000000..195c3b4e7 --- /dev/null +++ b/test/unittest/trivy_statefulset_test.yaml @@ -0,0 +1,97 @@ +suite: TrivyStatefulSet + +tests: + - it: PersistenceDisabled + set: + persistence: + enabled: false + persistentVolumeClaim: + trivy: + existingClaim: trivy-data + template: templates/trivy/trivy-sts.yaml + asserts: + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + - notExists: + path: spec.volumeClaimTemplates + - exists: + path: spec.template.spec.volumes[0].emptyDir + + - it: PersistenceEnabled + set: + persistence: + enabled: true + template: templates/trivy/trivy-sts.yaml + asserts: + - notExists: + path: spec.template.spec.volumes + - lengthEqual: + path: spec.volumeClaimTemplates + count: 1 + + - it: ExistingClaim + set: + persistence: + enabled: true + persistentVolumeClaim: + trivy: + existingClaim: trivy-data + template: templates/trivy/trivy-sts.yaml + asserts: + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + - notExists: + path: spec.volumeClaimTemplates + - exists: + path: spec.template.spec.volumes[0].persistentVolumeClaim + - equal: + path: spec.template.spec.volumes[0].persistentVolumeClaim.claimName + value: trivy-data + + - it: InternalTLSEnabledWithoutPersistence + set: + internalTLS: + enabled: true + persistence: + enabled: false + template: templates/trivy/trivy-sts.yaml + asserts: + - lengthEqual: + path: spec.template.spec.volumes + count: 2 + - notExists: + path: spec.volumeClaimTemplates + + - it: InternalTLSEnabledWithPersistence + set: + internalTLS: + enabled: true + persistence: + enabled: true + template: templates/trivy/trivy-sts.yaml + asserts: + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + - lengthEqual: + path: spec.template.spec.volumes + count: 1 + + - it: InternalTLSEnabledWithPersistenceExistigClaim + set: + internalTLS: + enabled: true + persistence: + enabled: true + persistentVolumeClaim: + trivy: + existingClaim: trivy-data + template: templates/trivy/trivy-sts.yaml + asserts: + - lengthEqual: + path: spec.template.spec.volumes + count: 2 + - notExists: + path: spec.volumeClaimTemplates \ No newline at end of file From 74326eded0eb335576e94e6623627756a70421da Mon Sep 17 00:00:00 2001 From: Carlos Vega Date: Wed, 7 Aug 2024 08:37:48 +0200 Subject: [PATCH 2/2] Fixed comments - Remove duplicated test PodAnnotations - Rename test ArtifactPullAsyncFlushDuration Signed-off-by: Carlos Vega --- test/unittest/core_configmap_test.yaml | 4 ++-- test/unittest/core_deployment_test.yaml | 11 ----------- test/unittest/core_secret_test.yaml | 2 +- test/unittest/core_svc_test.yaml | 4 ++-- test/unittest/core_tls_test.yaml | 2 -- 5 files changed, 5 insertions(+), 18 deletions(-) diff --git a/test/unittest/core_configmap_test.yaml b/test/unittest/core_configmap_test.yaml index 5699425db..a68d17e42 100644 --- a/test/unittest/core_configmap_test.yaml +++ b/test/unittest/core_configmap_test.yaml @@ -102,7 +102,7 @@ tests: path: data.GC_TIME_WINDOW_HOURS value: "2" - - it: GcTimeWindowHours + - it: ArtifactPullAsyncFlushDuration set: core: artifactPullAsyncFlushDuration: 30 @@ -169,7 +169,7 @@ tests: path: data.CACHE_EXPIRE_HOURS value: "3" - - it: CuotaUpdate + - it: QuotaUpdate set: core: quotaUpdateProvider: 3 diff --git a/test/unittest/core_deployment_test.yaml b/test/unittest/core_deployment_test.yaml index 91c974196..da67d3cbf 100644 --- a/test/unittest/core_deployment_test.yaml +++ b/test/unittest/core_deployment_test.yaml @@ -23,17 +23,6 @@ tests: path: spec.template.metadata.annotations["test.annotation"] value: test-annotation - - it: PodAnnotations - set: - core: - podAnnotations: - test.annotation: test-annotation - template: templates/core/core-dpl.yaml - asserts: - - equal: - path: spec.template.metadata.annotations["test.annotation"] - value: test-annotation - - it: NoReplicas set: core: diff --git a/test/unittest/core_secret_test.yaml b/test/unittest/core_secret_test.yaml index 02553c036..4f08c1e61 100644 --- a/test/unittest/core_secret_test.yaml +++ b/test/unittest/core_secret_test.yaml @@ -67,7 +67,7 @@ tests: - notExists: path: data.HARBOR_ADMIN_PASSWORD - - it: ExistingDBSecret + - it: ExistingExternalDBSecret set: database: external: diff --git a/test/unittest/core_svc_test.yaml b/test/unittest/core_svc_test.yaml index ee641cca7..21fa842df 100644 --- a/test/unittest/core_svc_test.yaml +++ b/test/unittest/core_svc_test.yaml @@ -51,7 +51,7 @@ tests: - notExists: path: spec.type - - it: ExposeTLSEnabled + - it: InternalTLSEnabled set: internalTLS: enabled: true @@ -61,7 +61,7 @@ tests: path: spec.ports[0].name value: https-web - - it: ExposeTLSDisabled + - it: InternalTLSDisabled set: internalTLS: enabled: false diff --git a/test/unittest/core_tls_test.yaml b/test/unittest/core_tls_test.yaml index 1d9dca1a9..72907e23a 100644 --- a/test/unittest/core_tls_test.yaml +++ b/test/unittest/core_tls_test.yaml @@ -5,8 +5,6 @@ tests: set: trivy: enabled: false - registry: - enabled: false internalTLS: enabled: true trustCa: testCa