fix: Fix broken redis authentication value

This patch introduces a bunch of tests for subcharts, doing cross-chart
testing e.g. testing that service names and host configurations are
correct as well as the existence of expected password fields in secrets
and so on.

While writing these tests a bug with the redis passwor variable was
discovered and fixed.

charts/mastodon/Chart.yaml

@@ -11,7 +11,7 @@ sources:
     - https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/mastodon
 
 type: application
-version: 5.1.2
+version: 6.0.0
 # renovate: image=ghcr.io/mastodon/mastodon
 appVersion: v4.1.1
 

charts/mastodon/README.md

 # mastodon
 
-![Version: 5.1.2](https://img.shields.io/badge/Version-5.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.1.1](https://img.shields.io/badge/AppVersion-v4.1.1-informational?style=flat-square)
+![Version: 6.0.0](https://img.shields.io/badge/Version-6.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.1.1](https://img.shields.io/badge/AppVersion-v4.1.1-informational?style=flat-square)
 
 Mastodon is a free, open-source social network server based on ActivityPub.
 
@@ -115,7 +115,7 @@ Mastodon is a free, open-source social network server based on ActivityPub.
 | postgresql.auth.password | string | `""` |  |
 | postgresql.auth.username | string | `"mastodon"` |  |
 | postgresql.enabled | bool | `true` | disable if you want to use an existing db; in which case the values below must match those of that external postgres instance |
-| redis.password | string | `""` | you must set a password; the password generated by the redis chart will be rotated on each upgrade: |
+| redis.auth.password | string | `""` | you must set a password; the password generated by the redis chart will be rotated on each upgrade: |
 | resources | object | `{}` | Default resources for all Deployments and jobs unless overwritten |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |

charts/mastodon/tests/80_subchart_elasticsearch_test.yaml

+suite: elasticsearch
+templates:
+  - charts/elasticsearch/templates/master/statefulset.yaml
+  - configmap-env.yaml
+  - deployment-sidekiq.yaml
+  - deployment-streaming.yaml
+  - deployment-web.yaml
+  - secrets.yaml
+values:
+  - mocks/dev.yaml
+chart:
+  version: 1.2.3
+  appVersion: 4.5.6
+capabilities:
+  apiVersions:
+    - networking.k8s.io/v1/Ingress
+tests:
+  - it: should have correct hostname
+    asserts:
+      - equal:
+          path: data.ES_HOST
+          value: RELEASE-NAME-elasticsearch-master-hl
+        template: configmap-env.yaml
+      - equal:
+          path: spec.serviceName
+          value: RELEASE-NAME-elasticsearch-master-hl
+        template: charts/elasticsearch/templates/master/statefulset.yaml
+  - it: should use port 9200
+    asserts:
+      - equal:
+          path: data.ES_PORT
+          value: "9200"
+        template: configmap-env.yaml
+      - contains:
+          path: spec.template.spec.containers[0].ports
+          content:
+            name: rest-api
+            containerPort: 9200
+        template: charts/elasticsearch/templates/master/statefulset.yaml
\ No newline at end of file

charts/mastodon/tests/80_subchart_postgresql_test.yaml

+suite: postgresql
+templates:
+  - charts/postgresql/templates/primary/svc.yaml
+  - charts/postgresql/templates/secrets.yaml
+  - charts/postgresql/templates/primary/statefulset.yaml
+  - configmap-env.yaml
+  - deployment-sidekiq.yaml
+  - deployment-streaming.yaml
+  - deployment-web.yaml
+  - secrets.yaml
+values:
+  - mocks/dev.yaml
+chart:
+  version: 1.2.3
+  appVersion: 4.5.6
+capabilities:
+  apiVersions:
+    - networking.k8s.io/v1/Ingress
+tests:
+  - it: should match service name and configured host
+    asserts:
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-postgresql
+        template: charts/postgresql/templates/primary/svc.yaml
+      - equal:
+          path: data.DB_HOST
+          value: RELEASE-NAME-postgresql
+        template: configmap-env.yaml
+  - it: should match password secret names and structure
+    asserts:
+      - isNotEmpty:
+          path: data.password
+        template: charts/postgresql/templates/secrets.yaml
+        documentIndex: 0
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-postgresql
+        template: charts/postgresql/templates/secrets.yaml
+        documentIndex: 0
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: "DB_PASS"
+            valueFrom:
+              secretKeyRef:
+                name: RELEASE-NAME-postgresql
+                key: password
+        template: deployment-web.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: "DB_PASS"
+            valueFrom:
+              secretKeyRef:
+                name: RELEASE-NAME-postgresql
+                key: password
+        template: deployment-streaming.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: "DB_PASS"
+            valueFrom:
+              secretKeyRef:
+                name: RELEASE-NAME-postgresql
+                key: password
+        template: deployment-sidekiq.yaml
+  - it: should have correct default the database username
+    asserts:
+      - equal:
+          path: data.DB_USER
+          value: mastodon
+        template: configmap-env.yaml
+      - equal:
+          path: data.DB_USER
+          value: mastodon
+        template: configmap-env.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: POSTGRES_USER
+            value: "mastodon"
+        template: charts/postgresql/templates/primary/statefulset.yaml
+  - it: should allow to change the database username
+    set:
+      postgresql:
+        auth:
+          username: test
+    asserts:
+      - equal:
+          path: data.DB_USER
+          value: test
+        template: configmap-env.yaml
+      - equal:
+          path: data.DB_USER
+          value: test
+        template: configmap-env.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: POSTGRES_USER
+            value: "test"
+        template: charts/postgresql/templates/primary/statefulset.yaml
+  - it: should allow to control password changes
+    set:
+      postgresql:
+        auth:
+          password: test
+    asserts:
+      - equal:
+          path: data.password
+          value: dGVzdA==
+        template: charts/postgresql/templates/secrets.yaml
+        documentIndex: 0
+  - it: should use the expected database name
+    asserts:
+      - equal:
+          path: data.DB_NAME
+          value: mastodon_production
+        template: configmap-env.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: POSTGRES_DB
+            value: "mastodon_production"
+        template: charts/postgresql/templates/primary/statefulset.yaml
+  - it: should allow to change the database name
+    set:
+      postgresql:
+        auth:
+          database: test
+    asserts:
+      - equal:
+          path: data.DB_NAME
+          value: test
+        template: configmap-env.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: POSTGRES_DB
+            value: "test"
+        template: charts/postgresql/templates/primary/statefulset.yaml
\ No newline at end of file

charts/mastodon/tests/80_subchart_redis_test.yaml

+suite: redis
+templates:
+  - charts/redis/templates/master/service.yaml
+  - charts/redis/templates/secret.yaml
+  - configmap-env.yaml
+  - deployment-sidekiq.yaml
+  - deployment-streaming.yaml
+  - deployment-web.yaml
+  - secrets.yaml
+values:
+  - mocks/dev.yaml
+chart:
+  version: 1.2.3
+  appVersion: 4.5.6
+capabilities:
+  apiVersions:
+    - networking.k8s.io/v1/Ingress
+tests:
+  - it: should match service name and configured host
+    asserts:
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-redis-master
+        template: charts/redis/templates/master/service.yaml
+      - equal:
+          path: data.REDIS_HOST
+          value: RELEASE-NAME-redis-master
+        template: configmap-env.yaml
+  - it: should match password secret names and structure
+    asserts:
+      - isNotEmpty:
+          path: data.redis-password
+        template: charts/redis/templates/secret.yaml
+        documentIndex: 0
+      - equal:
+          path: metadata.name
+          value: RELEASE-NAME-redis
+        template: charts/redis/templates/secret.yaml
+        documentIndex: 0
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: "REDIS_PASSWORD"
+            valueFrom:
+              secretKeyRef:
+                name: RELEASE-NAME-redis
+                key: redis-password
+        template: deployment-web.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: "REDIS_PASSWORD"
+            valueFrom:
+              secretKeyRef:
+                name: RELEASE-NAME-redis
+                key: redis-password
+        template: deployment-streaming.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: "REDIS_PASSWORD"
+            valueFrom:
+              secretKeyRef:
+                name: RELEASE-NAME-redis
+                key: redis-password
+        template: deployment-sidekiq.yaml
+  - it: should allow to control password changes
+    set:
+      redis:
+        auth:
+          password: test
+    asserts:
+      - equal:
+          path: data.redis-password
+          value: dGVzdA==
+        template: charts/redis/templates/secret.yaml
+        documentIndex: 0
\ No newline at end of file

charts/mastodon/values.yaml

@@ -262,12 +262,12 @@ postgresql:
 
 # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
 redis:
+  auth:
     # -- you must set a password; the password generated by the redis chart will be
     # rotated on each upgrade:
     password: ""
     # you can also specify the name of an existing Secret
     # with a key of redis-password set to the password you want
-  # auth:
     # existingSecret: ""
 
 # @ignored