suite: test PostgreSQL password envs for deployments release: name: oncall templates: - engine/deployment.yaml - engine/job-migrate.yaml - celery/deployment.yaml - telegram-polling/deployment.yaml - secrets.yaml tests: - it: secrets -> should fail if externalPostgresql.password not set set: database.type: postgresql postgresql.enabled: false externalPostgresql.host: some-postgres-host asserts: - failedTemplate: errorMessage: >- externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret template: secrets.yaml - it: externalPostgresql.password -> should create a Secret -postgresql-external templates: - engine/deployment.yaml - engine/job-migrate.yaml - celery/deployment.yaml - telegram-polling/deployment.yaml set: telegramPolling.enabled: true database.type: postgresql postgresql.enabled: false externalPostgresql: password: abcd123 host: some-postgres-host asserts: - contains: path: spec.template.spec.containers[0].env content: name: DATABASE_PASSWORD valueFrom: secretKeyRef: name: oncall-postgresql-external key: postgres-password - containsDocument: kind: Secret apiVersion: v1 metadata.name: oncall-postgresql-external template: secrets.yaml - equal: path: data.postgres-password value: abcd123 decodeBase64: true documentIndex: 1 template: secrets.yaml - it: externalPostgresql.existingSecret -> should use existing secret templates: - engine/deployment.yaml - engine/job-migrate.yaml - celery/deployment.yaml - telegram-polling/deployment.yaml set: telegramPolling.enabled: true database.type: postgresql postgresql.enabled: false externalPostgresql: existingSecret: some-postgres-secret host: some-postgres-host passwordKey: postgres-password-key asserts: - contains: path: spec.template.spec.containers[0].env content: name: DATABASE_PASSWORD valueFrom: secretKeyRef: name: some-postgres-secret key: postgres-password-key - it: externalPostgresql.passwordKey -> should be used for existing secret templates: - engine/deployment.yaml - engine/job-migrate.yaml - celery/deployment.yaml - telegram-polling/deployment.yaml set: telegramPolling.enabled: true database.type: postgresql postgresql.enabled: false externalPostgresql: host: some-postgres-host existingSecret: some-postgres-secret passwordKey: postgres.key asserts: - contains: path: spec.template.spec.containers[0].env content: name: DATABASE_PASSWORD valueFrom: secretKeyRef: name: some-postgres-secret key: postgres.key - it: postgresql.auth -> should use internal Postgresql custom settings templates: - engine/deployment.yaml - engine/job-migrate.yaml - celery/deployment.yaml - telegram-polling/deployment.yaml set: telegramPolling.enabled: true database.type: postgresql postgresql: enabled: true auth: database: grafana_oncall username: grafana_oncall asserts: - contains: path: spec.template.spec.containers[0].env content: name: DATABASE_PASSWORD valueFrom: secretKeyRef: name: oncall-postgresql key: password - it: | postgresql.enabled=false and migrate.useHook=>true -> should add "helm.sh/hook" annotations to secret with PostgreSQL credentials templates: - secrets.yaml set: migrate.useHook: true database.type: postgresql postgresql.enabled: false externalPostgresql: host: test-host port: 5555 db_name: grafana_oncall user: test_user password: ultrasecretword asserts: - containsDocument: kind: Secret apiVersion: v1 name: oncall-postgresql-external documentIndex: 1 - isSubset: path: metadata.annotations content: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "-5" documentIndex: 1