From dc0aad77675e2e7baff7c2e657a4a7307acd25a7 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 19 Mar 2023 02:32:32 +0100
Subject: [PATCH] fix: Fix broken redis authentication value
This patch introduces a bunch of tests for subcharts, doing cross-chart
testing e.g. testing that service names and host configurations are
correct as well as the existence of expected password fields in secrets
and so on.
While writing these tests a bug with the redis passwor variable was
discovered and fixed.
---
charts/mastodon/Chart.yaml | 2 +-
charts/mastodon/README.md | 4 +-
.../tests/80_subchart_elasticsearch_test.yaml | 39 +++++
.../tests/80_subchart_postgresql_test.yaml | 142 ++++++++++++++++++
.../tests/80_subchart_redis_test.yaml | 77 ++++++++++
charts/mastodon/values.yaml | 12 +-
6 files changed, 267 insertions(+), 9 deletions(-)
create mode 100644 charts/mastodon/tests/80_subchart_elasticsearch_test.yaml
create mode 100644 charts/mastodon/tests/80_subchart_postgresql_test.yaml
create mode 100644 charts/mastodon/tests/80_subchart_redis_test.yaml
diff --git a/charts/mastodon/Chart.yaml b/charts/mastodon/Chart.yaml
index 78803fc64..dafd33919 100644
--- a/charts/mastodon/Chart.yaml
+++ b/charts/mastodon/Chart.yaml
@@ -11,7 +11,7 @@ sources:
- https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/mastodon
type: application
-version: 5.1.2
+version: 6.0.0
# renovate: image=ghcr.io/mastodon/mastodon
appVersion: v4.1.1
diff --git a/charts/mastodon/README.md b/charts/mastodon/README.md
index cf18bd53d..d8b55b063 100644
--- a/charts/mastodon/README.md
+++ b/charts/mastodon/README.md
@@ -1,6 +1,6 @@
# mastodon
-  
+  
Mastodon is a free, open-source social network server based on ActivityPub.
@@ -115,7 +115,7 @@ Mastodon is a free, open-source social network server based on ActivityPub.
| postgresql.auth.password | string | `""` | |
| postgresql.auth.username | string | `"mastodon"` | |
| postgresql.enabled | bool | `true` | disable if you want to use an existing db; in which case the values below must match those of that external postgres instance |
-| redis.password | string | `""` | you must set a password; the password generated by the redis chart will be rotated on each upgrade: |
+| redis.auth.password | string | `""` | you must set a password; the password generated by the redis chart will be rotated on each upgrade: |
| resources | object | `{}` | Default resources for all Deployments and jobs unless overwritten |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
diff --git a/charts/mastodon/tests/80_subchart_elasticsearch_test.yaml b/charts/mastodon/tests/80_subchart_elasticsearch_test.yaml
new file mode 100644
index 000000000..6368b8005
--- /dev/null
+++ b/charts/mastodon/tests/80_subchart_elasticsearch_test.yaml
@@ -0,0 +1,39 @@
+suite: elasticsearch
+templates:
+ - charts/elasticsearch/templates/master/statefulset.yaml
+ - configmap-env.yaml
+ - deployment-sidekiq.yaml
+ - deployment-streaming.yaml
+ - deployment-web.yaml
+ - secrets.yaml
+values:
+ - mocks/dev.yaml
+chart:
+ version: 1.2.3
+ appVersion: 4.5.6
+capabilities:
+ apiVersions:
+ - networking.k8s.io/v1/Ingress
+tests:
+ - it: should have correct hostname
+ asserts:
+ - equal:
+ path: data.ES_HOST
+ value: RELEASE-NAME-elasticsearch-master-hl
+ template: configmap-env.yaml
+ - equal:
+ path: spec.serviceName
+ value: RELEASE-NAME-elasticsearch-master-hl
+ template: charts/elasticsearch/templates/master/statefulset.yaml
+ - it: should use port 9200
+ asserts:
+ - equal:
+ path: data.ES_PORT
+ value: "9200"
+ template: configmap-env.yaml
+ - contains:
+ path: spec.template.spec.containers[0].ports
+ content:
+ name: rest-api
+ containerPort: 9200
+ template: charts/elasticsearch/templates/master/statefulset.yaml
\ No newline at end of file
diff --git a/charts/mastodon/tests/80_subchart_postgresql_test.yaml b/charts/mastodon/tests/80_subchart_postgresql_test.yaml
new file mode 100644
index 000000000..8fd543bfb
--- /dev/null
+++ b/charts/mastodon/tests/80_subchart_postgresql_test.yaml
@@ -0,0 +1,142 @@
+suite: postgresql
+templates:
+ - charts/postgresql/templates/primary/svc.yaml
+ - charts/postgresql/templates/secrets.yaml
+ - charts/postgresql/templates/primary/statefulset.yaml
+ - configmap-env.yaml
+ - deployment-sidekiq.yaml
+ - deployment-streaming.yaml
+ - deployment-web.yaml
+ - secrets.yaml
+values:
+ - mocks/dev.yaml
+chart:
+ version: 1.2.3
+ appVersion: 4.5.6
+capabilities:
+ apiVersions:
+ - networking.k8s.io/v1/Ingress
+tests:
+ - it: should match service name and configured host
+ asserts:
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-postgresql
+ template: charts/postgresql/templates/primary/svc.yaml
+ - equal:
+ path: data.DB_HOST
+ value: RELEASE-NAME-postgresql
+ template: configmap-env.yaml
+ - it: should match password secret names and structure
+ asserts:
+ - isNotEmpty:
+ path: data.password
+ template: charts/postgresql/templates/secrets.yaml
+ documentIndex: 0
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-postgresql
+ template: charts/postgresql/templates/secrets.yaml
+ documentIndex: 0
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: "DB_PASS"
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-postgresql
+ key: password
+ template: deployment-web.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: "DB_PASS"
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-postgresql
+ key: password
+ template: deployment-streaming.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: "DB_PASS"
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-postgresql
+ key: password
+ template: deployment-sidekiq.yaml
+ - it: should have correct default the database username
+ asserts:
+ - equal:
+ path: data.DB_USER
+ value: mastodon
+ template: configmap-env.yaml
+ - equal:
+ path: data.DB_USER
+ value: mastodon
+ template: configmap-env.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: POSTGRES_USER
+ value: "mastodon"
+ template: charts/postgresql/templates/primary/statefulset.yaml
+ - it: should allow to change the database username
+ set:
+ postgresql:
+ auth:
+ username: test
+ asserts:
+ - equal:
+ path: data.DB_USER
+ value: test
+ template: configmap-env.yaml
+ - equal:
+ path: data.DB_USER
+ value: test
+ template: configmap-env.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: POSTGRES_USER
+ value: "test"
+ template: charts/postgresql/templates/primary/statefulset.yaml
+ - it: should allow to control password changes
+ set:
+ postgresql:
+ auth:
+ password: test
+ asserts:
+ - equal:
+ path: data.password
+ value: dGVzdA==
+ template: charts/postgresql/templates/secrets.yaml
+ documentIndex: 0
+ - it: should use the expected database name
+ asserts:
+ - equal:
+ path: data.DB_NAME
+ value: mastodon_production
+ template: configmap-env.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: POSTGRES_DB
+ value: "mastodon_production"
+ template: charts/postgresql/templates/primary/statefulset.yaml
+ - it: should allow to change the database name
+ set:
+ postgresql:
+ auth:
+ database: test
+ asserts:
+ - equal:
+ path: data.DB_NAME
+ value: test
+ template: configmap-env.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: POSTGRES_DB
+ value: "test"
+ template: charts/postgresql/templates/primary/statefulset.yaml
\ No newline at end of file
diff --git a/charts/mastodon/tests/80_subchart_redis_test.yaml b/charts/mastodon/tests/80_subchart_redis_test.yaml
new file mode 100644
index 000000000..91ff108e0
--- /dev/null
+++ b/charts/mastodon/tests/80_subchart_redis_test.yaml
@@ -0,0 +1,77 @@
+suite: redis
+templates:
+ - charts/redis/templates/master/service.yaml
+ - charts/redis/templates/secret.yaml
+ - configmap-env.yaml
+ - deployment-sidekiq.yaml
+ - deployment-streaming.yaml
+ - deployment-web.yaml
+ - secrets.yaml
+values:
+ - mocks/dev.yaml
+chart:
+ version: 1.2.3
+ appVersion: 4.5.6
+capabilities:
+ apiVersions:
+ - networking.k8s.io/v1/Ingress
+tests:
+ - it: should match service name and configured host
+ asserts:
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-redis-master
+ template: charts/redis/templates/master/service.yaml
+ - equal:
+ path: data.REDIS_HOST
+ value: RELEASE-NAME-redis-master
+ template: configmap-env.yaml
+ - it: should match password secret names and structure
+ asserts:
+ - isNotEmpty:
+ path: data.redis-password
+ template: charts/redis/templates/secret.yaml
+ documentIndex: 0
+ - equal:
+ path: metadata.name
+ value: RELEASE-NAME-redis
+ template: charts/redis/templates/secret.yaml
+ documentIndex: 0
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: "REDIS_PASSWORD"
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-redis
+ key: redis-password
+ template: deployment-web.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: "REDIS_PASSWORD"
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-redis
+ key: redis-password
+ template: deployment-streaming.yaml
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: "REDIS_PASSWORD"
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-redis
+ key: redis-password
+ template: deployment-sidekiq.yaml
+ - it: should allow to control password changes
+ set:
+ redis:
+ auth:
+ password: test
+ asserts:
+ - equal:
+ path: data.redis-password
+ value: dGVzdA==
+ template: charts/redis/templates/secret.yaml
+ documentIndex: 0
\ No newline at end of file
diff --git a/charts/mastodon/values.yaml b/charts/mastodon/values.yaml
index 067f5848a..25ed14865 100644
--- a/charts/mastodon/values.yaml
+++ b/charts/mastodon/values.yaml
@@ -262,12 +262,12 @@ postgresql:
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
redis:
- # -- you must set a password; the password generated by the redis chart will be
- # rotated on each upgrade:
- password: ""
- # you can also specify the name of an existing Secret
- # with a key of redis-password set to the password you want
- # auth:
+ auth:
+ # -- you must set a password; the password generated by the redis chart will be
+ # rotated on each upgrade:
+ password: ""
+ # you can also specify the name of an existing Secret
+ # with a key of redis-password set to the password you want
# existingSecret: ""
# @ignored
--
GitLab