diff --git a/.github/workflows/linting-and-tests.yml b/.github/workflows/linting-and-tests.yml index 456b8d34..f7cb062b 100644 --- a/.github/workflows/linting-and-tests.yml +++ b/.github/workflows/linting-and-tests.yml @@ -120,6 +120,16 @@ jobs: pip install -r requirements.txt python manage.py lintmigrations + unit-test-helm-chart: + name: "Helm Chart Unit Tests" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: d3adb5/helm-unittest-action@v2 + with: + helm-version: v3.8.0 + charts: ./helm/oncall + unit-test-backend-mysql-rabbitmq: name: "Backend Tests: MySQL + RabbitMQ (RBAC enabled: ${{ matrix.rbac_enabled }})" runs-on: ubuntu-latest diff --git a/helm/oncall/.helmignore b/helm/oncall/.helmignore index 0e8a0eb3..fd6e5fd3 100644 --- a/helm/oncall/.helmignore +++ b/helm/oncall/.helmignore @@ -21,3 +21,6 @@ .idea/ *.tmproj .vscode/ + +# exclude helm unit tests +tests/ diff --git a/helm/oncall/templates/_env.tpl b/helm/oncall/templates/_env.tpl index fd808dfc..05bff9a0 100644 --- a/helm/oncall/templates/_env.tpl +++ b/helm/oncall/templates/_env.tpl @@ -247,7 +247,7 @@ http://{{ include "oncall.grafana.fullname" . }} {{- define "snippet.mysql.db" -}} {{- if and (not .Values.mariadb.enabled) .Values.externalMysql.db_name -}} -{{- required "externalMysql.db is required if not mariadb.enabled" .Values.externalMysql.db_name | quote}} +{{- required "externalMysql.db_name is required if not mariadb.enabled" .Values.externalMysql.db_name | quote}} {{- else -}} "oncall" {{- end -}} @@ -292,6 +292,8 @@ http://{{ include "oncall.grafana.fullname" . }} {{- define "snippet.postgresql.password.secret.key" -}} {{- if and (not .Values.postgresql.enabled) .Values.externalPostgresql.passwordKey -}} {{ .Values.externalPostgresql.passwordKey }} +{{- else if .Values.postgresql.enabled -}} +{{ include "postgresql.userPasswordKey" .Subcharts.postgresql }} {{- else -}} "postgres-password" {{- end -}} @@ -306,7 +308,7 @@ http://{{ include "oncall.grafana.fullname" . }} {{- end -}} {{- define "snippet.postgresql.port" -}} -{{- if and (not .Values.mariadb.enabled) .Values.externalPostgresql.port -}} +{{- if and (not .Values.postgresql.enabled) .Values.externalPostgresql.port -}} {{- required "externalPostgresql.port is required if not postgresql.enabled" .Values.externalPostgresql.port | quote }} {{- else -}} "5432" @@ -314,10 +316,10 @@ http://{{ include "oncall.grafana.fullname" . }} {{- end -}} {{- define "snippet.postgresql.db" -}} -{{- if and (not .Values.postgresql.enabled) .Values.externalPostgresql.db -}} -{{- required "externalPostgresql.db is required if not postgresql.enabled" .Values.externalPostgresql.db | quote}} +{{- if and (not .Values.postgresql.enabled) .Values.externalPostgresql.db_name -}} +{{- required "externalPostgresql.db_name is required if not postgresql.enabled" .Values.externalPostgresql.db_name | quote}} {{- else -}} -"oncall" +{{- .Values.postgresql.auth.database | default "oncall" | quote -}} {{- end -}} {{- end -}} @@ -325,7 +327,7 @@ http://{{ include "oncall.grafana.fullname" . }} {{- if and (not .Values.postgresql.enabled) .Values.externalPostgresql.user -}} {{- .Values.externalPostgresql.user | quote}} {{- else -}} -"postgres" +{{- .Values.postgresql.auth.username | default "postgres" | quote -}} {{- end -}} {{- end -}} diff --git a/helm/oncall/tests/postgres_env_test.yaml b/helm/oncall/tests/postgres_env_test.yaml new file mode 100644 index 00000000..e55648f4 --- /dev/null +++ b/helm/oncall/tests/postgres_env_test.yaml @@ -0,0 +1,140 @@ +suite: test postgresql deployment environments +templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml +release: + name: oncall +tests: + - it: external Postgresql default settings + set: + database.type: postgresql + postgresql.enabled: false + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_TYPE + value: postgresql + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_NAME + value: oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PORT + value: "5432" + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_USER + value: postgres + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_HOST + value: oncall-postgresql + + - it: external Postgresql custom settings + set: + database.type: postgresql + postgresql.enabled: false + externalPostgresql: + host: test-host + port: 5555 + db_name: grafana_oncall + user: test_user + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_TYPE + value: postgresql + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_NAME + value: grafana_oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PORT + value: "5555" + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_USER + value: test_user + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_HOST + value: test-host + + - it: internal Postgresql default settings + set: + database.type: postgresql + postgresql.enabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_TYPE + value: postgresql + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_NAME + value: oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PORT + value: "5432" + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_USER + value: postgres + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_HOST + value: oncall-postgresql + + - it: internal Postgresql custom settings + set: + database.type: postgresql + postgresql: + enabled: true + auth: + database: grafana_oncall + username: grafana_oncall + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_TYPE + value: postgresql + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_NAME + value: grafana_oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PORT + value: "5432" + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_USER + value: grafana_oncall + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_HOST + value: oncall-postgresql diff --git a/helm/oncall/tests/postgres_password_env_test.yaml b/helm/oncall/tests/postgres_password_env_test.yaml new file mode 100644 index 00000000..cd0e5b9a --- /dev/null +++ b/helm/oncall/tests/postgres_password_env_test.yaml @@ -0,0 +1,112 @@ +suite: test postgresql password deployment environments +release: + name: oncall +templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml + - secrets.yaml +tests: + - it: should fail if externalPostgresql.password not set + set: + database.type: postgresql + postgresql.enabled: false + asserts: + - failedTemplate: + errorMessage: externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret + template: secrets.yaml + + - it: externalPostgresql.password should create Secret -postgresql-external + templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml + set: + database.type: postgresql + postgresql.enabled: false + externalPostgresql: + password: abcd123 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: oncall-postgresql-external + key: postgres-password + - containsDocument: + kind: Secret + apiVersion: v1 + name: oncall-postgresql-external + template: secrets.yaml + - equal: + path: data.postgres-password + value: abcd123 + decodeBase64: true + documentIndex: 1 + template: secrets.yaml + + - it: externalPostgresql.existingSecret should use existing secret + templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml + set: + database.type: postgresql + postgresql.enabled: false + externalPostgresql: + existingSecret: some-postgres-secret + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: some-postgres-secret + key: postgres-password + + - it: externalPostgresql.passwordKey should be used for existing secret + templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml + set: + database.type: postgresql + postgresql.enabled: false + externalPostgresql: + existingSecret: some-postgres-secret + passwordKey: postgres.key + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: some-postgres-secret + key: postgres.key + + - it: internal Postgresql custom settings + templates: + - engine/deployment.yaml + - engine/job-migrate.yaml + - celery/deployment-celery.yaml + set: + database.type: postgresql + postgresql: + enabled: true + auth: + database: grafana_oncall + username: grafana_oncall + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: oncall-postgresql + key: password + diff --git a/helm/oncall/values.yaml b/helm/oncall/values.yaml index fb467bbb..a3447cdd 100644 --- a/helm/oncall/values.yaml +++ b/helm/oncall/values.yaml @@ -260,7 +260,7 @@ postgresql: database: oncall # Make sure to create the database with the following parameters: -# CREATE DATABASE oncall CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; +# CREATE DATABASE oncall WITH ENCODING UTF8; externalPostgresql: host: port: