oncall-engine/helm/oncall/tests/postgres_password_env_test.yaml

suite: test PostgreSQL password envs for deployments
release:
  name: oncall
templates:
  - engine/deployment.yaml
  - engine/job-migrate.yaml
  - celery/deployment-celery.yaml
  - secrets.yaml
tests:
  - it: secrets -> should fail if externalPostgresql.password not set
    set:
      database.type: postgresql
      postgresql.enabled: false
      externalPostgresql.host: some-postgres-host
    asserts:
      - failedTemplate:
          errorMessage: externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret
        template: secrets.yaml

  - it: externalPostgresql.password -> should create a Secret -postgresql-external
    templates:
      - engine/deployment.yaml
      - engine/job-migrate.yaml
      - celery/deployment-celery.yaml
    set:
      database.type: postgresql
      postgresql.enabled: false
      externalPostgresql:
        password: abcd123
        host: some-postgres-host
    asserts:
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: oncall-postgresql-external
                key: postgres-password
      - containsDocument:
          kind: Secret
          apiVersion: v1
          name: oncall-postgresql-external
        template: secrets.yaml
      - equal:
          path: data.postgres-password
          value: abcd123
          decodeBase64: true
        documentIndex: 1
        template: secrets.yaml

  - it: externalPostgresql.existingSecret -> should use existing secret
    templates:
      - engine/deployment.yaml
      - engine/job-migrate.yaml
      - celery/deployment-celery.yaml
    set:
      database.type: postgresql
      postgresql.enabled: false
      externalPostgresql:
        existingSecret: some-postgres-secret
        host: some-postgres-host
        passwordKey: postgres-password-key
    asserts:
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: some-postgres-secret
                key: postgres-password-key

  - it: externalPostgresql.passwordKey -> should be used for existing secret
    templates:
      - engine/deployment.yaml
      - engine/job-migrate.yaml
      - celery/deployment-celery.yaml
    set:
      database.type: postgresql
      postgresql.enabled: false
      externalPostgresql:
        host: some-postgres-host
        existingSecret: some-postgres-secret
        passwordKey: postgres.key
    asserts:
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: some-postgres-secret
                key: postgres.key

  - it: postgresql.auth -> should use internal Postgresql custom settings
    templates:
      - engine/deployment.yaml
      - engine/job-migrate.yaml
      - celery/deployment-celery.yaml
    set:
      database.type: postgresql
      postgresql:
        enabled: true
        auth:
          database: grafana_oncall
          username: grafana_oncall
    asserts:
      - contains:
          path: spec.template.spec.containers[0].env
          content:
            name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: oncall-postgresql
                key: password